-
heffnercj replied to the topic [Article]-Intercepted: Windows Hacking via DLL Redirection in the forum Heffner 11 years, 7 months ago
braxivamov:
I can’t say for sure what the problem might be with OpenOffice; I assume that you are building your redirector DLL against the same original DLLs on the target system? Have you tried running it in a debugger and seeing where it is crashing? Knowing what function in the DLL is causing problems can help a lot. In the case of user32.dll,…[Read more]
-
heffnercj replied to the topic WiFinger AP Fingerprinting Tool in the forum Tools 11 years, 9 months ago
Thanks Otter, we had a lot of fun presenting it too. 🙂
We’d definitely appreciate some capture files of the 802.11b router, and even the ones that you might have that don’t have the factory firmware – we want to try to generate signatures for third party stuff too, like DD-WRT and the like.
-
heffnercj replied to the topic Is this a vulnerability? in the forum Web Applications 11 years, 11 months ago
Hey, that’s what security and discovering exploits is all about: questioning your surroundings. You learned something, and that’s what it’s all about. 🙂
-
heffnercj replied to the topic Is this a vulnerability? in the forum Web Applications 11 years, 11 months ago
“Ive talked to a few people who have just dismissed it as normal behaviour.”
I suspect that’s because this is normal behavior; what you’ve described is exactly how HTTP and HTML are supposed to work. Obviously, you can obtain the IP address, referrer, etc from any request that is sent to a Web server that you control; if you tell…[Read more]
-
heffnercj replied to the topic [Article]-Plug-N-Play Network Hacking in the forum Heffner 12 years, 3 months ago
Looks like a nice tool Erik; UPnP can defiantly be used to help identify hosts and devices on the network, but passive collection tools are very limited when it comes to a full analysis of UPnP. Really all you can glean from the multicast packets are the devices and services that a device supports, and in my experience even this usually isn’t a…[Read more]
-
heffnercj replied to the topic cookie problem in the forum Network Pen Testing 12 years, 3 months ago
I understand what you’re saying, but I’m afraid your logic is flawed; you want to be able to send some un-encrypted token (i.e., the cookie) across an un-secured network, and have that token tied to only your IP address, even though the Web server has no way of knowing for sure what your IP address is. I think the better solution is to simply…[Read more]
-
heffnercj replied to the topic Project about ethical hacking? in the forum Network Pen Testing 12 years, 4 months ago
What would be the working condition gonna be like? probable better than a tent in the desert
Ha! I’ll second that…
-
heffnercj replied to the topic cookie problem in the forum Network Pen Testing 12 years, 4 months ago
From your post I am assuming that you are creating a Web application. I will also assume that when you talk about “RAM cookies” you are referring to session cookies. While session cookies will be destroyed when the browser closes, they are sent to a Web server in the exact same manner that any other cookie is sent, so there is no way for you to…[Read more]
-
heffnercj replied to the topic Issues injecting shellcode in the forum Programming 12 years, 4 months ago
I can’t tell you for sure what is happening, but I would suspect that since your tab character is being corrupted before the strcpy() then it is probably an issue with how the command line argument is being processed. I would try reading the shellcode out of a file or through a socket and see if that fixes the issue. If you can narrow the issue…[Read more]
-
heffnercj replied to the topic Using Cain to sniff windows passwords… in the forum Network Pen Testing 12 years, 8 months ago
What application/service were the hashes related to? Are these Windows logons, or something else? Some services will use a nonce value combined with the password to produce a unique hash value each time. Or, it could be something completely different; you really need to take a look at how the service in question works, what kind of hashing it…[Read more]
-
heffnercj replied to the topic Case Sensitive Search ? in the forum Other 12 years, 8 months ago
http://www.binrev.com/forums/index.php?showtopic=38128
http://www.rohitab.com/discuss/index.php?s=6663bc8bee6ee3e5202f4ed081e74a52&showtopic=31086&pid=10044820&st=0&#entry10044820
http://antionline.com/showthread.php?t=277201Not much more to add other than what those guys said. Although AltaVista used to have a case-sensitive search, I think…[Read more]
-
heffnercj replied to the topic OpenOffice Worm Hits Mac, Linux and Windows in the forum Malware 13 years, 9 months ago
In light of the new worm, I wrote a quick how-to on disabling/severely limiting macros and Java in OO:
http://blog.craigheffner.com/2007/06/09/openoffice-macro-worm-disable-your-macros/
-
heffnercj replied to the topic XSS combined with CSRF in the forum Network Pen Testing 13 years, 11 months ago
XSS and CSRF are everywhere, and I don’t think that most people are really taking them seriously enough. There are some really awesome XSS attacks that can be done, and as this article shows, when combined with CSRF you aren’t safe from them even if your site has no XSS what so ever. I’d reccommend checking out sla.ckers.org, ha.ckers.org and…[Read more]