View RSS Feed

Most Popular Blogs

  1. Penetration Testing Biometric System: Part 1 Local Attacks



    Presented in Nullcon 2011: http://nullcon.net/
    Greetz to: B0Nd,Eberly,Wipu,Neo,Vinnu,prashant(null),sud0,Sag ar,rohith,Nishant, atul, r4scal, SmartKD, beenu, d4rkdawn and all Null Members
    Special Thanks to: the_empty, 41w4rior, d4rkest,Abishek Dutta, w3bdevil,

    PDF: http://www.fb1h2s.com/Null_Biometrics.pdf
    PPT: http://www.fb1h2s.com/nullcon-Presen...biometrics.rar


    Abstract: This paper act as a guide explaining the necessity
    ...
    Categories
    Uncategorized
  2. Max OSX 64 bit ROP Payloads.

    6 Months back I did a presentation on Mac OSX 64 bit ROP shellcodes at Null Monthly meet, where I took two different session explaining 64 bit architecture in detail and Mac OSX 64 Rop Shellcode. Today I was browsing through some old stuffs and came across the PPT I used back then. The slides only contains the first day's presentation and I can't find the second days PPT .

    Am sharing it over here. There is nothing new.

    http://www.slideshare.net/RahulSasi2...sx-64ropchains ...
    Categories
    Uncategorized
  3. Enumerating and Breaking VoIP

    Introduction

    Voice over Internet Protocol (VoIP) has seen rapid implementation over the past few years. Most of the organizations which have implemented VoIP are either unaware or ignore the security issues with VoIP and its implementation. Like every other network, a VoIP network is also susceptible to abuse. In this article, I would discuss about various enumeration techniques followed by demonstration of few VoIP attacks. I deliberately will not go to protocol level details as ...
    Categories
    Uncategorized
    Attached Thumbnails Attached Images
  4. Twitter Translation Center CSRF (Change Badge and Notification Settings)

    On 28th September 2012, I found a Cross-Site Request Forgery vulnerability on http://translate.twttr.com which is the Twitter Translation Center.

    While checking the service I landed up on the "Accounts Settings" page which looked like this.


    Name:  settings.jpg
Views: 3429
Size:  30.0 KB

    So we've two options here, first one toggles the Twitter Badge setting on Twitter.com and second one toggles the badge related notification.

    POST request ...

    Updated 10-20-2012 at 11:20 AM by prakhar

    Categories
    Uncategorized
  5. Account Takeover Using Password Reset Vulnerability

    [LEFT][B]Account Takeover Using Password Reset Functionality[/B]
    [/LEFT]
    While researching and working on bug bounties I have found that by using Password Reset Functionality, Token & Link we can Takeover all the users account of a website if that site is vulnerable to this type of attack.


    Using this vulnerability the attacker can modify the email md5 hash to any victims email md5 hash to change their password and in this way he can also reset all passwords ...
  6. How I was able to Read & Download Paypals X.com Users Private Email Attachments

    [B][LEFT]Paypals X.com Failure to Restrict Url Access Vulnerability
    [/LEFT]
    [/B]
    [LEFT]I want to share one of my finding on Paypals X.com which I have reported to them in 3 January 2013.

    [/LEFT]
    I have found that Paypal X.com following Url [URL]https://www.x.com/sites/default/files/failure_to_restrict_url_vul_for_any_attachments.txt[/URL] was vulnerable to Failure to Restrict Url Access Vulnerability as the email Attachments Url can be accessed without Login ...
  7. ASLR DEP bypassing techniques

    In defeating DEP you atleast need some information that will evade the ASLR.
    There are mainly two ways:

    1. Any anti ASLR modules gets loaded into the target application. I mean you have the base address of any module at fixed location always even after the system restart.

    2. You get a pointer leak from a memory leak/buffer overflow/any zeroday. In this technique you can adjust the offsets to grab the base address of the module whose pointer gets leaked.
    ...
  8. Bypassing a Cisco IOS firewall

    Quote Originally Posted by fb1h2s View Post
    This documentation is about a successful attack Strategy on something which I was trying out form last 15 days. It all started with silent-poison handing over to me a webshell, "a non interactive .php shell" on a webserver the shell was having NT-Authority System privileges. He did a good work there, as I was told he used a joomal exploit to get that shell up running. And it was obviously a high priority webserver .He should probably document that part .

    The issue he
    ...
  9. Writing Basic Buffer Overflow

    Writing Simple Buffer Overflow Exploits
    [+]By D4rk357 [lastman100@gmail.com]
    [+]Special thanks to Peter Van Eckhoutte for his awesome Exploit writing series .
    [+]Special thanks to Fb1h2s] for helping me out all the way.
    [+]Garage4hackers.com [My Home and School in The Blue Nowhere]

    Before Starting a practical demonstration of writing basic buffer overflow exploits we will first take a look at concepts and theory first as Abraham Lincoln said “If I had ...
    Categories
    Uncategorized
  10. SQL Injection in INSERT Query

    SQL injection is being one of the mostly exploited issues in web application security and has found a place in OWASP Top 10 since 2004. There are many blog posts, papers available on SELECT query injection exploiting WHERE or HAVING clauses. Today I’m going to discuss SQL injection in INSERT query.

    Here is PDF of the same.
    SQL Injection in INSERT Query.pdf

    Any suggestions, comments are welcome.

    Cheers,
    AMol NAik

    Updated 02-03-2012 at 11:10 AM by amolnaik4

    Categories
    Uncategorized
Page 3 of 11 FirstFirst 12345 ... LastLast