View RSS Feed

All Blog Entries

  1. SEH Overflow exploit POC Part 2

    Exploiting the SEH overflow in A-PDF all to mp3 converter

    1) I wrote a perl script that creates a “wav” file with 5000 A’s as shown below:
        #!/usr/bin/perl -w
        use strict;
        my $file = "exploit_seh.wav";
        my $junk ="\x41" x 5000 ;
        open OUTPUT, ">", "$file";
        print OUTPUT $junk;
    This script creates a file “exploit_seh.wav”.

    2) After I open ...
  2. SEH Overflow exploit POC Part 1

    On 18th Jan 2011, somebody named “h1ch4m” reported a stack based overflow vulnerability in “PDF All to mp3 converter” via exploit-db (Exploits Database by Offensive Security). This vulnerability can be exploited by giving a malformed “.wav” file to the application. When i was checking the software on 29th jan 2011, i also found that it was also vulnerable to SEH overflow vulnerability, so i decided to write an exploit for the SEH overflow and submit to exploit-db (community based database ...

    Updated 09-20-2011 at 02:28 AM by m0nna

  3. Social Engineering with SET


    It is a useful social engineering tool by David (ReL1k). It can be used to perform a number of Social Engineering attacks with minimal effort. SET can be used with Metasploit to additionally perform metasploit's powerful post exploitation. This tool can be accessed through web interface or command line.
    Prominent Uses

    • Gathering credentials
    • Shell spawning by browser exploits
    • Mass mailing of malicious payloads to spawn shells
    • Shell using
    Attached Thumbnails Attached Images
  4. BSNL router hacking and possibility of running custom code over it

    On a lonely weekend on my android, I was actually bored courtesy of BSNL, a connection that seldom connects, translates to AT&T of India, bad service, no customer support at 1957 and flapping issues in links. Nevertheless I decided to mess a bit with BSNL ADSL router.

    BSNL router on closer inspection is manufactured by SEMIndia and distributed by ITI. It follows the ****** of using firmware of different routers (Broadcom to be specific, BCM96338 stands for Broadcom router firmware ...
  5. Database protection Techniques : a different prespective

    Tips for Db Security

    Disclaimer : This post keeps in mind the web frontends and web applications based attacks on DB Servers in mind.

    1. Any Userid used for web application connectivity should be clipped to specific ip addresses that could be localhost in case of same server usage for Db and App server. If two separate servers are used then clip the user id (s) with the application server ip address / hostname. Keep a strick log of who access

    Updated 06-28-2011 at 11:11 PM by Anant Shrivastava

  6. [PY] G4H// Anti-Intruders System Cleaner ver 0.1

    Quote Originally Posted by [s] View Post
    Simple release

    #!/usr/bin/env python
    from pickle import *
    from struct import *
    from _winreg import *
    print "\n"
    print "\n\t##################################################"
    print "\t#                                                #"
    print "\t#                                                #"
    print "\t#G4H// Anti-Intruders  System Cleaner ver 0.1    #"
  7. Penetration Testing Biometric System: Part 1 Local Attacks

    Presented in Nullcon 2011:
    Greetz to: B0Nd,Eberly,Wipu,Neo,Vinnu,prashant(null),sud0,Sag ar,rohith,Nishant, atul, r4scal, SmartKD, beenu, d4rkdawn and all Null Members
    Special Thanks to: the_empty, 41w4rior, d4rkest,Abishek Dutta, w3bdevil,


    Abstract: This paper act as a guide explaining the necessity
  8. Penetration Testing Biometric System: Part II:- Remotel Attacks

    Continued from

    Biometrics: The Technical part:

    Remote Attack: The attack vectors.

    This would be the basic architecture of an IP based remote management protocol of these systems.

    So here the attack points would be as follows,
    1) IP implementation for data transfer
    2) Biometric Management Servers
    3) Biometric Admin/Interface
  9. An ARP Cache Poisoning prevention PoC tool

    I have been working on this application for some time now. The idea is very much similar to what Vivek Ramachandran and Sukumar Nandi mentioned in their patent-pending Detecting ARP Spoofing: An Active Technique paper.

    The application, "arp-secur", uses some basic scanning techniques to conclude the authenticity of a MAC-IP pair. It has been developed on an IA64 based Fedora 14 installation. It requires root privileges so as to be able to sniff and inject datalink frames.

    Updated 03-01-2011 at 09:36 PM by 7h3rAm

  10. Effectiveness of Antivirus in Detecting Web Application Backdoors

    Effectiveness of Antivirus in Detecting Web Application Backdoors
    [FB1H2S aka Rahul Sasi]

    Greetz:B0Nd,Eberly,Wipu,Vinnu,webd3vil,Rohith,w4ri 0r,neo,Sids786,SmartKD,Tia,h@xor,Atul,Beenu,d4rkes t,DZZ,ricks2600,su

    SpThanks: The_Empty and all G4H and Null members.

    PDF:Effectiveness of AVs in Detecting Web Application Backdoors.pdf

    Abstract: This paper gives detailed ...

    Updated 03-03-2011 at 11:28 AM by fb1h2s (images gone)

Page 12 of 14 FirstFirst ... 21011121314 LastLast