background preloader

Hacking

Facebook Twitter

OWASP. Writing Buffer Overflow Exploits - a Tutorial for Beginners. 1. Memory Note: The way we describe it here, memory for a process is organized on most computers, however it depends on the type of processor architecture. This example is for x86 and roughly applies to Sparc. The principle of exploiting a buffer overflow is to overwrite parts of memory that are not supposed to be overwritten by arbitrary input and making the process execute this code. To see how and where an overflow takes place, let us look at how memory is organized. A page is a part of memory that uses its own relative addressing, meaning the kernel allocates initial memory for the process, which it can then access without having to know where the memory is physically located in RAM. . - Code segment, data in this segment are assembler instructions that the processor executes. . - Data segment, space for variables and dynamic buffers - Stack segment, which is used to pass data (arguments) to functions and as a space for variables of functions. 2.

What happens here? 3. 3a. 3b. 4. 4a. 4b. Are you familiar with white hat hacking? If you aren’t, you should be. White hat hacking is a planned attack that checks your systems for vulnerabilities. After the hacker successfully (and harmlessly) compromises your environment, they tell you what to do to fix it. Even though most security loopholes are well-documented, I’m surprised how many open exploits are in applications that we security scan here at INetU. So stand by for a little White Hat Hacking 101, where I’ll teach you how to hack into your own site. Hack One: Injection Attacks I’ll start with injection exploits because most IT professionals, even though they have cursory basic understanding of the dangers, leave too many sites open to the vulnerability, according to the Open Web Applications Security Project (OWASP).

Find a page on your application that accepts user-supplied information to access a database: A login form, signup form, or “forgot password” form is a good start. Hack Two: PHP Remote File Includes. Grimwepa - Project Hosting on Google Code. GRIM WEPA was written in Java and is intended for use with the Linux Operating System (specifically the Backtrack 4 distribution). GrimWepa 1.1 has been translated for Português-Brasil users. It is available in the downloads section. GRIM WEPA is no longer being supported GRIM WEPA is on an indefinite hiatus while I work on other projects. Please use Wifite instead of GRIM WEPA. Wifite is a newer wifi cracker with more functionality and stability than GRIM WEPA. Wifite is available here: Please update your bookmarks and links accordingly. This project will remain open so that I may eventually update GrimWepa. GRIM WEPA is a password cracker for both WEP and WPA-encrypted access points (routers).

Note: the settings & configuration file for Grim Wepa is saved to /etc/grimwepa.conf GRIM WEPA's cracking methods are archaic and have been around for years. Attacks for WEP-encrypted Access Points Attacks for WPA-encrypted Access Points java -jar grimwepa_X.X.jar. Secure Shell FAQ Section 1: About Secure Shell. This section should answer general questions about Secure Shell and what it does and doesn't do. Click here for the contents of this section. 1.1. What is Secure Shell? To paraphrase the README file: Secure Shell is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another.

It provides strong authentication and secure communications over unsecure channels. Additionally, Secure Shell provides secure X connections and secure forwarding of arbitrary TCP connections. The traditional BSD 'r' - commmands (rsh, rlogin, rcp) are vulnerable to different kinds of attacks. The X Window System also has a number of severe vulnerabilities. There are two versions of Secure Shell available: SSH1 and SSH2. 1.2 How widespread is its use? The most current figures available are over 2 million Secure Shell users in over 60 countries. Note that this includes both SSH1 and SSH2 implementations. 1.9 Who maintains Secure Shell?

PHP Security Consortium: PHP Security Guide: Form Processing. Spoofed Form Submissions In order to appreciate the necessity of data filtering, consider the following form located (hypothetically speaking) at <form action="/process.php" method="POST"><select name="color"><option value="red">red</option><option value="green">green</option><option value="blue">blue</option></select><input type="submit" /></form> Imagine a potential attacker who saves this HTML and modifies it as follows: This new form can now be located anywhere (a web server is not even necessary, since it only needs to be readable by a web browser), and the form can be manipulated as desired.

The absolute URL used in the action attribute causes the POST request to be sent to the same place. This makes it very easy to eliminate any client-side restrictions, whether HTML form restrictions or client-side scripts intended to perform some rudimentary data filtering. Spoofed HTTP Requests The telnet utility can be used to perform some ad hoc testing. <? <? The Hacker Webzine.