Saturday, August 11, 2007

PHP Application Firewall?

I was discussing with Christ1an recently about application firewall and he actually presented me an application firewall written by pdp and maintained by .mario , which to me is very impressive. I actually looked at the source code and i must say that i don't understand a single shit. However, it was a nice effort from Christ1an and guys devoting their time to develop a php application firewall. I am network guy, i do web audit, but i am not good in coding or programming or source code review. Well, i am still learning, i want Christ1an on my team as i think he will be a very good addition to the company. Hey Christ1an, if you read this, please holla at me alright? I want to chat with you about career opportunities, you know how to reach me. Also, for guys who wants a SQLI cheat sheet, check this out:

http://ha.ckers.org/sqlinjection

http://ferruh.mavituna.com/makale/sql-injection-cheatsheet

Check out the PHPIDS Team's IDS and their XSS database

http://php-ids.org

http://www.gnucitizen.org/xssdb/application.htm

The Hacka Man

Thursday, August 9, 2007

Cisco IOS 12.3T onwards with Tool Command Language

I was again reading ioshints blog for cisco tricks. I must say he is the master of Cisco products and configuration. I was reading about tclsh and i must say it is very handy as i can write scripts and store it remotely, NVRAM or in the flash. Well, below are a few links that you can learn the basics of tclsh scripting.

http://ioshints.blogspot.com/2007/05/ios-tclsh-resources.html

http://ioshints.blogspot.com/2007/08/example-tcl-script-with-command-line.html



The Hacka Man

Tuesday, August 7, 2007

Exploiting FTP clients using PASV command

Finally, i am back home to Singapore again. I am so happy and my mood starts to brighten again. I was researching about web security and i came across Wade Alcorn's website. He found out that it was possible to launch a reverse shell and own a Asterisk server using inter-protocol Exploitation. Also, check out BeEF, which is equivalent to Metasploit type of framework for web applications. Lastly, do check out the FTP PASV command manipulation which allows FTP servers to cause vulnerable FTP clients to connect to other hosts.

"The paper discusses how the FTP client flaw in detail and demonstrates how it can be used to attack common web browsers such as Konqueror, Opera and Firefox. Proof of concept code is presented that extends existing JavaScript port-scanning techniques to scan any TCP port from Firefox (even though it now implements "port banning" restrictions)."

http://www.bindshell.net/papers/ftppasv

The Hacka Man

Sunday, August 5, 2007

Michael Lynn Cisco IOS reverse shell exposed?

I was reading articles and looking at how Michael Lynn's exploit works in the 2005 blackhat. Nothing can be found as the code was not leaked out nor anyone knows much actual exploit. I was determined and i found something that relates to heap overflow in Cisco IOS. I think its something similiar to Michael Lynn's exploit using the IOS check_heaps() function. For more, check it out here: http://www.irmplc.com/content/pdfs/Cisco_IOS_Exploitation_Techniques.pdf
The Hacka Man

Attribute-Based XSS and Verifying if your webmail account is Hacked!

These days, i am just plain lazy. Maybe it is due to the mood that i am going back to Singapore or maybe i am just depressed with certain issues here. But whatever it is, i am still doing a lot of researching and penetration testing work. Its been a long time since i last visited Jeremiah's blog. Today, i just went through his blog and discover two interesting topic that catch my eye. One is a new XSS vector known as Attribut-Based Cross-Site Scripting and How to check if your WebMail account has been hacked (Redux). Check it out at http://jeremiahgrossman.blogspot.com. He described a way of how to find out a hacker had hacked into your webmail, how the new XSS vector worked and how to prevent it. It is ab absolutely must read for all webappsec ppl.

The Hacka Man