View RSS Feed

Fb1h2s aka Rahul Sasi's Blog

Hacking is a matter of time knowledge and patience
http://www.fb1h2s.com

  1. MS11-046 exploit Code, Windows local Privilege Escalation .

    There was a good article released by Joni on MS11-046 vulnerability based on a malware he analysed .
    http://www.exploit-db.com/wp-content...docs/18712.pdf
    So I taught of spending my staurday night building an exploit for this .

    Windows [not sure about Win 7] lets Mapping of 0x00000000 in user space, and this particular vulnerability windows fix [Ms011-46] was by adding a simple check for Null Pntr in the AFD.sys, which I find odd, so I assume Win 7 it would ...
  2. Internal Attacks vai IVR systems [ Security Vulnerabilities in IVR Applications]

    Am putting down Demo videos along with few important slides form my BlackHat 2012 presentation .

    Here is the video from HITB on the same:


    My presentation were in HTML 5 and am putting down Demo Presentations here. I will upload the HTML5 presentation some were or you could download them form

    https://media.blackhat.com/bh-eu-12/...urity-Tool.zip

    For Better understanding
    ...
  3. Binary Analysis of Oracle Java CVE: 2012-0500 and Alternate Exploitation on Win|Linux

    Main():

    Java Webstart recently had critical security update in it's Webstart module Oracle Java Critical Patch Update - February 2012, that affects Firefox and IE, we will have few quick analysis of the vulnerable binary and few alternate ways to exploit them.

    Little History and Introduction about the Bug:

    Current bug is discovered and reported to Oracle by Vulnerability Research Team of TELUS Security Labs.

    The vulnerability was similar ...
    Categories
    Uncategorized
  4. Hacking the Time

    Open Source Time Travel Project


    Hacking the time how, Time Travel is possible.

    Introduction :.On what our concept is and what its not

    Warning:
    Before reading our concept you will have to erase form your memory all the graphical images that u might have acquired form various science fiction movies, this concept is nothing similar.
    The sci-fi time machine concepts are those shown in movies are as follows. When a person is moving faster than ...
  5. WebBackdoors , Attack, Evasion and Detection:

    PDF:cocon_paper.pdf
    Abstract: This paper provides insight on common web back doors and how simple manipulations could make them undetectable by AV and other security suits. Paper explains few techniques that could be used to render undetectable and unnoticed backdoor inside web applications.
    This paper is mainly an update for an old paper of ours Effectiveness of Antivirus in Detecting Web Application Backdoors, which mainly questioned the effectiveness of AV with respect to ...
  6. Penetration Testing Biometric System: Part 1 Local Attacks



    Presented in Nullcon 2011: http://nullcon.net/
    Greetz to: B0Nd,Eberly,Wipu,Neo,Vinnu,prashant(null),sud0,Sag ar,rohith,Nishant, atul, r4scal, SmartKD, beenu, d4rkdawn and all Null Members
    Special Thanks to: the_empty, 41w4rior, d4rkest,Abishek Dutta, w3bdevil,

    PDF: http://www.fb1h2s.com/Null_Biometrics.pdf
    PPT: http://www.fb1h2s.com/nullcon-Presen...biometrics.rar


    Abstract: This paper act as a guide explaining the necessity
    ...
    Categories
    Uncategorized
  7. Penetration Testing Biometric System: Part II:- Remotel Attacks


    Continued from


    Biometrics: The Technical part:

    Remote Attack: The attack vectors.



    This would be the basic architecture of an IP based remote management protocol of these systems.

    So here the attack points would be as follows,
    1) IP implementation for data transfer
    2) Biometric Management Servers
    3) Biometric Admin/Interface
    ...
    Categories
    Uncategorized
  8. Effectiveness of Antivirus in Detecting Web Application Backdoors

    WEB APPLICATION SECURITY
    Effectiveness of Antivirus in Detecting Web Application Backdoors
    [FB1H2S aka Rahul Sasi]
    http://fb1h2s.com
    http://garage4hackers.com

    Greetz:B0Nd,Eberly,Wipu,Vinnu,webd3vil,Rohith,w4ri 0r,neo,Sids786,SmartKD,Tia,h@xor,Atul,Beenu,d4rkes t,DZZ,ricks2600,su

    do,prashant,sagar
    SpThanks: The_Empty and all G4H and Null members.

    PDF:Effectiveness of AVs in Detecting Web Application Backdoors.pdf

    Abstract: This paper gives detailed ...

    Updated 03-03-2011 at 11:28 AM by fb1h2s (images gone)

    Categories
    Uncategorized
  9. Antivirus/ Firewall Evasion Techniques: Evolution of Download Deploy Shellcode

    [B]# Date: [18/1/2011]
    # Paper Title: Antivirus/ Firewall Evasion Techniques: Evolution of Download Deploy Shellcode
    # Date: [18/1/2011]
    # Author: [FB1H2S]
    # htpp://Garage4Hackers.com http://fb1h2s.com
    #All greets to Garage Hackers Members.
    # I love to start with greets
    # and to NUll and Andhrahackers people
    #Special thanks to w3bd3vil(null), rohith, ricks2600, prashant(null)
    #
    ################################################## ######################### ...
  10. Bypassing a Cisco IOS firewall

    Quote Originally Posted by fb1h2s View Post
    This documentation is about a successful attack Strategy on something which I was trying out form last 15 days. It all started with silent-poison handing over to me a webshell, "a non interactive .php shell" on a webserver the shell was having NT-Authority System privileges. He did a good work there, as I was told he used a joomal exploit to get that shell up running. And it was obviously a high priority webserver .He should probably document that part .

    The issue he
    ...
Page 3 of 4 FirstFirst 1234 LastLast