View RSS Feed

Most Popular Blogs

  1. SEH Overflow exploit POC Part 2

    Exploiting the SEH overflow in A-PDF all to mp3 converter

    1) I wrote a perl script that creates a “wav” file with 5000 A’s as shown below:
    Code:
        #!/usr/bin/perl -w
        use strict;
        my $file = "exploit_seh.wav";
        my $junk ="\x41" x 5000 ;
        open OUTPUT, ">", "$file";
        print OUTPUT $junk;
    This script creates a file “exploit_seh.wav”.

    2) After I open ...
  2. John The Ripper (JTR) - Tweak That Attack!

    I decided to blog about an overview of few methods and concepts I used for cracking hashes during DEFCON 2011, Crack Me If You Can. It felt good to win the contest and as a takeaway, there is a need to push the envelope of cracking hashes.

    In this post, I will talk about JTR.

    You are all familiar with JTR if you've been cracking hashes for quite sometime. I wanted to draw attention to certain features of JTR which will help you gain a better grasp at how it works and ...
  3. SQL Injection Vulnerability in ebay

    Title: SQL Injection Vulnerability in eBay.com sub domains
    Author: Yogesh D Jaygadkar
    Reported: December 27, 2012
    Fixed: Jan 15, 2013
    Public Released: Jan 25, 2013
    Thanks To: Darshit Ashara
    Greets : Rahul Bro, Aasim, Sandeep, Sagar

    Description:

    Last Month I reported SQL Injection vulnerabilities in eBay.com sub domains. You can see how many days they took for patching & allowing me to publish the vulnerability. But finally ...
    Categories
    Uncategorized
  4. My Nullcon Experience.

    NULLCON is one of the best information security conference in India and every year everyone from the InfoSec community attends it. I have a great interest in Security and hacking ( If you follow my blog you will probably know it already www.hackatrick.com ) and yes I too look forward to the conference. Every year most of my friends who are into security attend NULLCON. I failed to go last year due to my Exams and last to last year i had my class 12 boards exam.

    This time I wanted ...

    Updated 04-04-2017 at 11:15 AM by 41.w4r10r

    Categories
    Uncategorized
  5. Preventing SQL Injection attack ASP.NET PART I


    Introduction


    Security is the most important attribute for any system. Providing secure experience is one of the key principles in the process of gaining customer confidence for a system. Now days, almost all the websites are asking to store user’s personal information in servers to understand the customer and serve better. It’s the responsibility of an organization to confirm that customer’s data is safe and accessed in a secured manner. Security in web ...

    Updated 09-02-2014 at 03:14 PM by mayurlohite

    Categories
    Uncategorized
  6. CVE-2014-0160 Heartbleed Attack POC and Mass Scanner .

    TLS Heart Bleed Attack.

    This is one of the most scary bugs I have seen in the last few years. A lot of discussion is going on and there are quite a number of blogs regarding this. But I couldn't find anything that explicitly talks about the vulnerability and exploitation methods. Also many organizations have multiple https servers using openssl. So I have created this mas auditing tool that could scan them all in one click.

    https://bitbucket.org/fb1h2s/cve-2014-0160 ...
    Categories
    Uncategorized
  7. Trusting 302 Redirects and Content Security Policies security.

    My new year resolution is to blog as much as possible. My writing skills sucks and there's just too great a chance, i'll lower the standards. Any way the show must go on. So am planning to share my weekend notes here from now on.

    Name:  CSP_Shield_Logo.jpg
Views: 5807
Size:  19.4 KB

    Few weeks back I had to design a solution for a challenging web application issue.

    The scenario was as follows.


    A secure Web Application has a Secret Access token . This token ...
    Categories
    Uncategorized
  8. Sandy: Opensource Exploit Analysis Framework .

    Client side exploits are inevitable part of the security Industry. And no matter how much new security is added to these products they would be always exploited. As long as Government and Individuals need to hack into others confidential data there would be a requirement for exploits. So when there's demand, someone will supply.

    Name:  download.jpeg
Views: 6208
Size:  3.2 KBName:  images.jpeg
Views: 5326
Size:  4.2 KBName:  Screen Shot 2014-04-07 at 3.19.33 pm.jpg
Views: 5410
Size:  5.8 KB

    I started developing Sandy an Exploit Analysis and Automation ...
    Categories
    Uncategorized
  9. Everything you need to know about CVE-2014-6271

    FAQ::



    HTML Code:
    Code execution possible on CGI Web Applications:  	Yes [Critical ]
    Code execution possible on SSH                 : 	       Yes [Not critical or is based on architecture ]
    Working Payload for getting reverse Shell Available:      Yes
    Is the Current patch complete:                                    No
    Where was the Bug:

    Bash supports exporting not just shell variables, but also shell functions to other
    ...

    Updated 10-01-2014 at 03:36 PM by 41.w4r10r

    Categories
    Uncategorized
  10. A weekend with Cisco Meraki Bug Bounty, a tale of few web bugs .

    I was not much interested in bug bounties but the fact that I was interested in learning about Cloud Based products, and going through meraki made me a lot interested in there service. Meraki is a "cloud-managed network infrastructure company," whose products are designed to provide large-scale, distributed wired and wireless networks. An application to manage networks from cloud is big and cool to experiment for a hacker.

    So I decided to spent a week end of mine [ May ...
Page 1 of 11 123 ... LastLast