Oct 31, 2009
Oct 26, 2009
Router Hacking
Oct 25, 2009
Oct 20, 2009
Oct 18, 2009
Oct 10, 2009
Oct 8, 2009
Oct 4, 2009
Cain and Abel Malformed RDP File Buffer Overflow
Cain and Abel is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. This issue affects Cain & Abel 4.9.24 and prior versions.
This is an example of how security and hacking tools themselves might be vulnerable to attack. You can download the exploit code from Milw0rm.
# ITS ©
# 2008 - 2009
Microsoft IIS FTPd NLST Remote Buffer Overflow
Microsoft IIS is prone to a remote stack-based buffer-overflow vulnerability affecting the application's FTP server. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
This issue affects the following:
* IIS 5.0
* IIS 5.1
* IIS 6.0 (denial of service only)
* IIS 7.0 (denial of service only)
Note that Microsoft IIS 7.0 with FTP Service 7.5 is not affected.
Exploit Here : Klik Here
# ITS ©
# 2008 - 2009
Oct 3, 2009
Ubuntu Package Backdoor using a Metasploit
This is a great demo where he shows how to create a trojan using the xbomb game package. He creates the trojan by bundling a Metasploit reverse TCP stager payload with the game package. When the game is installed and executed, the Metasploit payload executes and connects back to the attacker, giving him a shell on the system. As most installations are done as root, this in most cases will end up becoming a root shell. :) Very creative! This is another example to show that Linux Malware can very easily be written and deployed, contrary to popular belief.
# ITS ©
# 2008 - 2009
Oct 2, 2009
Pwning using OpenVAS and Metasploit
OpenVAS stands for Open Vulnerability Assessment System and is a network security scanner with associated tools like a graphical user front-end. The core component is a server with a set of network vulnerability tests (NVTs) to detect security problems in remote systems and applications.
# ITS ©
# 2008 - 2009
Oct 1, 2009
Finding Subdomains using Goorecon
In the Information Gathering stage of a pentest, we are interested in finding out the various sub-domains of our target domain. As we have seen in previous videos, querying DNS servers using zone transfer requests or trying to retrieve entries using a dictionary / brute-forcing attack, is a good start, but fails in most cases. Another alternate technique to figure out sub-domains is to query google and check if it has found any sub-domains during it's web mining exercise on the target. Goorecon is just the tool we need in order to do this.
Download Goorecon :
http://www.darkoperator.com/tools-and-scripts/
# ITS ©
# 2008 - 2009
Remote Keylogger Firefox Addon
This video shows how easy is to make a remote keylogger as a firefox addon. With little knowlege on how to make a firefox addons and coding in javascript you can make a potentialy dangerous addon. You can read on how to make a firefox addon on:
https://developer.mozilla.org/En/Developing_add-ons
Video :
http://securitytube.net/Remote-Keylogger-Firefox-Addon-video.aspx
# ITS ©
# 2008 - 2009
Subscribe to:
Posts (Atom)