heffnercj

braxivamov:

I can’t say for sure what the problem might be with OpenOffice; I assume that you are building your redirector DLL against the same original DLLs on the target system? Have you tried running it in a debugger and seeing where it is crashing? Knowing what function in the DLL is causing problems can help a lot. In the case of user32.dll,…[Read more]

Thanks Otter, we had a lot of fun presenting it too. 🙂

We’d definitely appreciate some capture files of the 802.11b router, and even the ones that you might have that don’t have the factory firmware – we want to try to generate signatures for third party stuff too, like DD-WRT and the like.

Hey, that’s what security and discovering exploits is all about: questioning your surroundings. You learned something, and that’s what it’s all about. 🙂

@ethicalhack3r:

“Ive talked to a few people who have just dismissed it as normal behaviour.”

I suspect that’s because this is normal behavior; what you’ve described is exactly how HTTP and HTML are supposed to work. Obviously, you can obtain the IP address, referrer, etc from any request that is sent to a Web server that you control; if you tell…[Read more]

Looks like a nice tool Erik; UPnP can defiantly be used to help identify hosts and devices on the network, but passive collection tools are very limited when it comes to a full analysis of UPnP. Really all you can glean from the multicast packets are the devices and services that a device supports, and in my experience even this usually isn’t a…[Read more]

I understand what you’re saying, but I’m afraid your logic is flawed; you want to be able to send some un-encrypted token (i.e., the cookie) across an un-secured network, and have that token tied to only your IP address, even though the Web server has no way of knowing for sure what your IP address is. I think the better solution is to simply…[Read more]

What would be the working condition gonna be like?  probable better than a tent in the desert

Ha! I’ll second that…

From your post I am assuming that you are creating a Web application. I will also assume that when you talk about “RAM cookies” you are referring to session cookies. While session cookies will be destroyed when the browser closes, they are sent to a Web server in the exact same manner that any other cookie is sent, so there is no way for you to…[Read more]

I can’t tell you for sure what is happening, but I would suspect that since your tab character is being corrupted before the strcpy() then it is probably an issue with how the command line argument is being processed. I would try reading the shellcode out of a file or through a socket and see if that fixes the issue. If you can narrow the issue…[Read more]

What application/service were the hashes related to? Are these Windows logons, or something else? Some services will use a nonce value combined with the password to produce a unique hash value each time. Or, it could be something completely different; you really need to take a look at how the service in question works, what kind of hashing it…[Read more]

http://www.binrev.com/forums/index.php?showtopic=38128
http://www.rohitab.com/discuss/index.php?s=6663bc8bee6ee3e5202f4ed081e74a52&showtopic=31086&pid=10044820&st=0&#entry10044820
http://antionline.com/showthread.php?t=277201

Not much more to add other than what those guys said. Although AltaVista used to have a case-sensitive search, I think…[Read more]

In light of the new worm, I wrote a quick how-to on disabling/severely limiting macros and Java in OO:

http://blog.craigheffner.com/2007/06/09/openoffice-macro-worm-disable-your-macros/

XSS and CSRF are everywhere, and I don’t think that most people are really taking them seriously enough. There are some really awesome XSS attacks that can be done, and as this article shows, when combined with CSRF you aren’t safe from them even if your site has no XSS what so ever. I’d reccommend checking out sla.ckers.org, ha.ckers.org and…[Read more]