Exploiting the SEH overflow in A-PDF all to mp3 converter 1) I wrote a perl script that creates a “wav” file with 5000 A’s as shown below: Code: #!/usr/bin/perl -w use strict; my $file = "exploit_seh.wav"; my $junk ="\x41" x 5000 ; open OUTPUT, ">", "$file"; print OUTPUT $junk; This script creates a file “exploit_seh.wav”. 2) After I open ...
#!/usr/bin/perl -w use strict; my $file = "exploit_seh.wav"; my $junk ="\x41" x 5000 ; open OUTPUT, ">", "$file"; print OUTPUT $junk;
I decided to blog about an overview of few methods and concepts I used for cracking hashes during DEFCON 2011, Crack Me If You Can. It felt good to win the contest and as a takeaway, there is a need to push the envelope of cracking hashes. In this post, I will talk about JTR. You are all familiar with JTR if you've been cracking hashes for quite sometime. I wanted to draw attention to certain features of JTR which will help you gain a better grasp at how it works and ...
Title: SQL Injection Vulnerability in eBay.com sub domains Author: Yogesh D Jaygadkar Reported: December 27, 2012 Fixed: Jan 15, 2013 Public Released: Jan 25, 2013 Thanks To: Darshit Ashara Greets : Rahul Bro, Aasim, Sandeep, Sagar Description: Last Month I reported SQL Injection vulnerabilities in eBay.com sub domains. You can see how many days they took for patching & allowing me to publish the vulnerability. But finally ...
NULLCON is one of the best information security conference in India and every year everyone from the InfoSec community attends it. I have a great interest in Security and hacking ( If you follow my blog you will probably know it already www.hackatrick.com ) and yes I too look forward to the conference. Every year most of my friends who are into security attend NULLCON. I failed to go last year due to my Exams and last to last year i had my class 12 boards exam. This time I wanted ...
Updated 04-04-2017 at 11:15 AM by 41.w4r10r
Introduction Security is the most important attribute for any system. Providing secure experience is one of the key principles in the process of gaining customer confidence for a system. Now days, almost all the websites are asking to store user’s personal information in servers to understand the customer and serve better. It’s the responsibility of an organization to confirm that customer’s data is safe and accessed in a secured manner. Security in web ...
Updated 09-02-2014 at 03:14 PM by mayurlohite
TLS Heart Bleed Attack. This is one of the most scary bugs I have seen in the last few years. A lot of discussion is going on and there are quite a number of blogs regarding this. But I couldn't find anything that explicitly talks about the vulnerability and exploitation methods. Also many organizations have multiple https servers using openssl. So I have created this mas auditing tool that could scan them all in one click. https://bitbucket.org/fb1h2s/cve-2014-0160 ...
My new year resolution is to blog as much as possible. My writing skills sucks and there's just too great a chance, i'll lower the standards. Any way the show must go on. So am planning to share my weekend notes here from now on. Few weeks back I had to design a solution for a challenging web application issue. The scenario was as follows. A secure Web Application has a Secret Access token . This token ...
Client side exploits are inevitable part of the security Industry. And no matter how much new security is added to these products they would be always exploited. As long as Government and Individuals need to hack into others confidential data there would be a requirement for exploits. So when there's demand, someone will supply. I started developing Sandy an Exploit Analysis and Automation ...
FAQ:: HTML Code: Code execution possible on CGI Web Applications: Yes [Critical ] Code execution possible on SSH : Yes [Not critical or is based on architecture ] Working Payload for getting reverse Shell Available: Yes Is the Current patch complete: No Where was the Bug: Bash supports exporting not just shell variables, but also shell functions to other ...
Code execution possible on CGI Web Applications: Yes [Critical ] Code execution possible on SSH : Yes [Not critical or is based on architecture ] Working Payload for getting reverse Shell Available: Yes Is the Current patch complete: No
Updated 10-01-2014 at 03:36 PM by 41.w4r10r
I was not much interested in bug bounties but the fact that I was interested in learning about Cloud Based products, and going through meraki made me a lot interested in there service. Meraki is a "cloud-managed network infrastructure company," whose products are designed to provide large-scale, distributed wired and wireless networks. An application to manage networks from cloud is big and cool to experiment for a hacker. So I decided to spent a week end of mine [ May ...