WPA TKIP cracked in a minute – time to move on to WPA2
Just a quick note to let you know that 2 Japanese scientists (from Hiroshima and Kobe Universities) have found a practical way to crack WPA TKIP in about one minute, using a technique called “Beck-Tews”. This technique is not new. It has been discovered by some Germans back in november, but was somewhat limited in […]
Exploit writing tutorial part 4 : From Exploit to Metasploit – The basics
In the first parts of the exploit writing tutorial, I have discussed some common vulnerabilities that can lead to 2 types of exploits : stack based buffer overflows (with direct EIP overwrite), and stack based buffer overflows that take advantage of SEH chains. In my examples, I have used perl to demonstrate how to build […]
Exploit writing tutorial part 3b : SEH Based Exploits – just another example
In the previous tutorial post, I have explained the basics of SEH based exploits. I have mentioned that in the most simple case of an SEH based exploit, the payload is structured like this : [Junk][next SEH][SEH][Shellcode] I have indicated that SEH needs to be overwritten by a pointer to “pop pop ret” and that […]
Exploit writing tutorial part 3 : SEH Based Exploits
In the first 2 parts of the exploit writing tutorial series, I have discussed how a classic stack buffer overflow works and how you can build a reliable exploit by using various techniques to jump to the shellcode. The example we have used allowed us to directly overwrite EIP and we had a pretty large […]
Exploit writing tutorial part 2 : Stack Based Overflows – jumping to shellcode
Where do you want to jmp today ? In one of my previous posts (part 1 of writing stack based buffer overflow exploits), I have explained the basisc about discovering a vulnerability and using that information to build a working exploit. In the example I have used in that post, we have seen that ESP […]
Exploit writing tutorial part 1 : Stack Based Overflows
Last friday (july 17th 2009), somebody (nick)named ‘Crazy_Hacker’ has reported a vulnerability in Easy RM to MP3 Conversion Utility (on XP SP2 En), via packetstormsecurity.org. (see http://packetstormsecurity.org/0907-exploits/). The vulnerability report included a proof of concept exploit (which, by the way, failed to work on my MS Virtual PC based XP SP3 En). Another exploit was […]
Spread the word ! nmap 5 released
Insecure.org has released a new major version of the free, open source “nmap” security scanner. (Don’t just call nmap a port scanner – Thanks to many improvements over the last years, nmap has become an excellent security scanner). Visit http://nmap.org/5/ for more information about this new version. Although there are roughly 600 updates in this […]
One for the money, second one for the show…
While I was going through the archive of some ‘funny’ pictures at http://failblog.org/, I suddenly realised that I had encountered something funny a couple of years ago myself, when I was attending Blackhat in Amsterdam. When trying to get some money out of the ATM downtown Amsterdam, I noticed this on the screen of the […]
Free tool : Find out where your AD Users are logged on into
Hi, I decided to release another free utility I wrote a while ago. This small command-line utility can be used to find out where Active Directory users are logged on into, and/or to find out who is logged on on specific machines. This should include local users, users that are logged in via RDP, user […]
Juniper ScreenOS : Active/Passive clustering
Introduction In this blog post, I’ll show the easy steps to set up a screenOS based active/passive cluster. I’m not going to discuss the configuration of active/active clusters because, in my opinion, this configuration is only needed in rare circumstances and may introduce some weird behaviour issues. Furthermore, active/passive clusters have been working quite well […]
Donate
Your donation will help funding server hosting.
