Monday, April 27, 2009

Sidejacking

Hamster is a tool for HTTP session hijacking with passive sniffing. It eavesdrops on a network, captures the session cookies, then imports them into the browser to allow you to hijack their session.

Download Link

Monday, April 6, 2009

Web (rat)Proxy

"Ratproxy is a semi-automated, largely passive web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments."

Download ratproxy from the following Link

OR use the following commands:

$> wget http://ratproxy.googlecode.com/files/ratproxy-1.56.tar.gz
$> tar xvf ratproxy-1.56.tar.gz
$> make

On Firefox go to |Tools|Options|Advanced|Network|settings choose manual proxy (rat address). and execute ratproxy with the following command:
$> ./ratproxy -w logfile -d domaintoscan -rlextifscpjm

To get a report in html file use:
$> -./ratproxy-report.sh logfile > report.html

Jacky Altal

WPA Rainbow tables

Offensive security released a list of Cowpatty WPA tables, SSID Specific, using a 49 Million WPA optimised password dictionary file. Each Table is 1.9 GB.

Any one can help by seeding these files.

Infected with Confliker?

Conficker Test is a simple visual test that any one can take in order to evaluate a windows pc just by surfing to this page. Conficker is known to block access to over 100 anti-virus and security websites. This page will loads images from blocked security and antivirus websites.












If you are blocked from loading the remote images in the first row of the top table above (AV/security sites) but not blocked from loading the remote images in the second row (websites of alternative operating systems) then your Windows PC may be infected by Conficker (or some other malicious software).

This test was originally developed by Joe Stewart. As you can see it is a simple test method which can be used by any one.

a link to Confliker removal tool can be found HERE

Jacky Altal

Thursday, April 2, 2009

Manipulating Client Side Scripts

As you can see in the following link posted by Lament just yesterday, there is a big security flow in Ynet forums.

I have read the mails between yaniv and Ynet respone team. And it seams like they are really dosent care. I`m not sure if yaniv did the right thing and post this movie, but no doubt that something had to be done.

I have to admit that this particular flow was known for a while, and to be honest there are many others.....

Attacking SMM Memory via Intel® CPU Cache Poisoning

Attacking SMM Memory via Intel® CPU Cache Poisoning (March 2009) - a research paper published by Rafal Wojtczuk and Joanna Rutkowska describing a new attack that allows to compromise the integrity of the System Management Mode on Intel-based systems.

PDF