Elusive Thoughts

Intro This article is about explaining the Session Fixation and Session Hijacking vulnerability impact and also do a post exploitation analysis of the methodologies used from organized crime. Many people, and by many people I mean Information Security Consultants, Security System administrators and Penetration testers tend to believe that Session Fixation/Hijacking is not so serious problem and when found in a Web Applications, when they report it they characterize it as low risk or when the Web Application is vulnerable to session fixation, they believe that when the session is not passed in the URL it cannot be used in an efficient way to attack the website.Well that is wrong, and I am sure about it because I have seen lots of my clients becoming victims from organized crime. I am also reminding you that if: You become a Cross Site Script victim it might be difficult to detect the attack (especially if you allow concurrent logins). You have a Session Hijacking event it is no...

Intro It is really annoying not being able to learn basic information about penetration testing without struggling to locate the proper information.  This post is about delivering the payload the proper way, the bible is says ask and you shall receive (again this is basic hacking methodology that most penetration testers don't use). So the question I am going to answer in this post is how can someone deliver his or her exploit payload in order to: A. Bypass: Network Based Intrusion Prevention (IPS). Network Based Intrusion Detection  (IDS). Host Based Intrusion Prevention (IPS). Host Based Intrusion Detection (IDS). Network Firewall Device. Web Application Firewalls. Deep Content Inspection Devices.  B. Deliver in short amount of time to:  Large scale networks Low bandwidth networks (happening not so often).       So imagine that your client says to you that you have to test 100 IP's in lets say three days (how can you test for conf...

Intro  This article is dedicated to simple exploitation and exploit fixation. During this article we will reproduce an exploit with disabled Data Execution Prevention (DEP) that concerns Free float FTP Server Buffer Overflow Vulnerability found here , the vulnerable software can be downloaded from here . I will go through the Buffer Overflow Exploitation step by step to show the exploit procedure. The Free Float Ftp Server does not need any installation, it  is  just a simple FTP server. . But before we do anything like that we would have to explain how to disable the DEP from Windows 7 (I am suing windows 7). Completely Disabling DEP In order to successfully reproduce the exploit in your Windows 7 SP1 EN you would have to either completely disable DEP or exclude the Free Float FTP server executable from using DEP. To completely disable DEP you: Click Start, and then click Control Panel. Under Pick a category, click Performance and Maintenance. Under or Pick a ...

Elusive Hack9   Recently the Hack9 asked me to write an article for their magazine and I did, for free of course :), so have a look to my cool magazine article (which BTW  it's name is Trojani-zing USB sticks) at this link here . Below you can see a screen-shot of the electronic copy (which I think is the latest one) and from the link already provided you can actually download a teaser pdf copy ;).

USB nowadays   Now days most of us have a USB flash drive (sometimes also referred to as a USB stick, USB memory stick or simply a flash drive) that what we use when we want to store data temporarily. They are really small and lightweight and are very practical when you want to move files from one computer to another. That is all fine, but what happens when none trusted USB’s are inserted in our USB stick drives, how difficult is it for someone to steal and e-mail all our passwords within seconds? Well the answer for someone that knows is simple, a few seconds is more than enough for someone to collect all your passwords from your laptop. USB flash drives are used when data is moved between home and office. They are also often used when data is moved inside an office, for example when moving data to/from a computer that is not connected to a network. Obviously that is the main reason that a PC not connected to internet can be infected with Trojans, viruses and other malicious...

Intro This post is the third of the Over The Flow series. In this post I am going to explain what is a shellcode and what are the types of shellcodes. In this post I am also going to refer to the types of the shellcode that I will be injecting to our vulnerable application (if you don't know what the vulnerable application is, have a look to my previous posts). But first I am going to do some research on what a shellcode means as based on  Computer Security context.   What is a Shellcode In computer security, a shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability. It is called "shellcode" because it typically starts a command shell from which the attacker can control the compromised machine. Shellcode is commonly written in machine code, but any piece of code that performs a similar task can be called shellcode. Because the function of a payload is not limited to merely spawning a shell, some have suggested that the...