Friday, July 27, 2007

Basic Cisco Switches Auditing Guidelines

1. Always use VLAN to create collision domain to limit broadcast traffic. Remember that VLAN1 is the admin VLAN which is used for administrative purposes and avoid using VLAN1 to prevent hackers from plugging into unused ports to communicate with the rest of the network.

2. Avoid using autotrunking mode. Dynamic Trunking Protocol allows VLAN-Hopping attacks where hackers are able to communicate in various VLANs. Assign trunk interface to the native VLAN other than VLAN 1

3. Make sure Spanning Tree Protocol is mitigated from attacks. Enable portfast, bpdufiler, bpduguard, and root guard on the switches.

4. Disable all unused ports on the switch to prevent hackers from plugging into unused ports to communicate with the rest of the network.

5. Turn off VLAN Trunking Protocol if not in used. If required, VTP should be used with passwords enabled.

6. Review the network or configuration to limit thresholds for multicast and broadcast traffic on switch ports.

The Hacka Man

Wednesday, July 25, 2007

Remote Command Exec (FireFox 2.0.0.5)

These days, i am reading about web applications hacking and trying out several different stuffs. I happen to stumble across xs-sniper's page and read about his post on owning most major browsers. It appears that there is a problem with Cross Application Browser Scripting where a flaw in the URI handling behavior allows for remote command execution. Be sure to check out his post below:

http://xs-sniper.com/blog/remote-command-exec-firefox-2005/

The Hacka Man

Thursday, July 19, 2007

Thanks Chr1stian, Google Store flaw?

The other night i was talking to Chr1stian about XSS and google. We were chatting and suddenly the topic got more and more interesting. But anyway, Chr1stian is really a kind soul and a nice nice person to talk with. He taught me a lot of things which i don't understand and guide me slowy with each steps. Thank you Chr1stian for your patience, I can say that now i understand at least 90% of what you taught me. Also, we were talking about how security doesn't make money to flaws in google to google did not correct most of them holes that were reported by him.

I am sure that if i got a chance to test the google application, i will find more flaws, however because of my work schedule, i don't really have the time to play around. Anyway, i still wanna say thanks to Chr1stian, don't forget our deal. :)

The Hacka Man

Tuesday, July 17, 2007

The Web Application Hackers Handbook: Discovering and Exploiting Security Flaws

Sorry for the lack of updates. Recently, i had been reading a lot of books about web hacking and RFID and neglected blogging. Its due to work nature that i have to report what i do everyday. However, just yesterday, I had a small chat with the author of the famous burp proxy and realised that he published a book call "The Web Application Hackers Handbook: Discovering and Exploiting Security Flaws". According to him, this was what he said "Our book aims to be the most comprehensive and deep guide to hacking web applications available. It covers numerous advanced topics like blind SQL/other injection, obscure logic flaws, attacking multi-stage authentication, new attacks against webusers, ViewState tampering, decompilation of thick client components, source code review, use of bespoke automation, and many more." As usual, i would always buy books to read and this one is not to be missed. If someone can guarantee me that his book is good, with experience in developing tools and giving talks in blackhat, then i will spend that kind of money in buying his books. Well, let me know what you guys think?



The Hacka Man

Wednesday, July 4, 2007

IPSec VPN in PIX/ASA

For those of you who wants to setup an IPSec VPN connection in the PIX/ASA firewall, below is a snaphot of the commands of how to do it.

crypto ipsec transform-set hacker esp-aes-256 esp-sha-hmac
crypto dynamic-map dynmap 20 set transform-set hacker
crypto map hacker 10 ipsec-isakmp
crypto map hacker 10 match address IPSEC_hackers
crypto map hacker 10 set peer 111.111.111.111
crypto map hacker 10 set transform-set hackerZ
crypto map hacker 20 ipsec-isakmp dynamic dynmap
crypto map hacker client authentication LOCAL
crypto map hacker interface outside
isakmp enable outside
isakmp key ******** address 111.111.111.111 netmask 255.255.255.255 no-xauth no-config-mode
isakmp identity address
isakmp nat-traversal 20
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption aes-256
isakmp policy 10 hash sha
isakmp policy 10 group 1
isakmp policy 10 lifetime 86400
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
vpngroup crm525gp address-pool vpnpool
vpngroup crm525gp idle-time 1800
vpngroup crm525gp max-time 86400
vpngroup crm525gp password ********
vpngroup helpgrp address-pool vpnpool2
vpngroup helpgrp idle-time 1800
vpngroup helpgrp max-time 86400
vpngroup helpgrp password ********

The Hacka Man

DNS Pinning Exposed

Christ1an wrote a very detailed article on Anti anti anti DNS Pinning or you can call it DNS pinning. For those who are still confused or still find it complicated to understand, this article actually explained it with a step by step approach with pictures attached. In it he mentioned the whole dns pinning issues and how it actually works to attack a web browser. Check it out here: http://christ1an.blogspot.com/2007/07/dns-pinning-explained.html

The Hacka Man

Monday, July 2, 2007

VoIP article ready soon

I am in the midst of writing my VoIP article for hakin9 magazine and frankly speaking i am very restless these days. Still, i force myself to quickly write this article, so it can be publish soon for those VoIP auditors to give a comment, or for anyone who is interested in auditing VoIP services. Well, this article is easy to understand and it is not going to be tough to learn the techniques described. For a beginner, you will find this a useful yet interesting article and for a expert, this is not for you. I plan to write a more in depth and advance article in future if i have the resources and time. I will keep you guys updated on the status once it is published.

The Hacka Man