The data, tools, and procedures which, when applied to a specific vulnerability, predictably violate the security design of a system.
66
votes
5answers
20k views
What should a website operator do about the Heartbleed OpenSSL exploit?
CVE-2014-0160
http://heartbleed.com
This is supposed to be a canonical question on dealing with the Heartbeat exploit.
I run an Apache web server with OpenSSL, as well as a few other utilities ...
1
vote
1answer
27 views
Is it possible to use a .Net payload with metasploit?
I'm not exactly sure how metasploit works when exploiting a target machine, and it has been a while since of played with it, so forgive me.
Instead of using meterpreter as a payload in metasploit, ...
0
votes
0answers
27 views
Exploit.Win32.CVE-2010-2568.gen malware detected [migrated]
I am not very good with computers. Actually, I am very bad :( so if you are willing to answer my question, could you please explain your answer in very simple terms, like to a complete dummy? Thanks ...
0
votes
2answers
97 views
Was I a victim of an “Apache PHP Remote Exploit” attack?
I have a server in my computer for testing purposes, accessible from the outside.
I was reviewing the access.log file, and I saw
89.187.33.50 - - [29/Mar/2014:03:39:01 +0100] "HEAD / HTTP/1.0" 200 -
...
0
votes
3answers
255 views
Windows DLL Injection
In the past recent years of mine, I have been doing a lot of DLL injection with a few indie games and MMORPGs. I fully understand how to do it, and how it works for allowing these games to work not as ...
1
vote
1answer
50 views
How can I verify my machine is not vulnerable from a specific exploit?
I'm running Ubuntu 8.04 TLS linux 2.6.24-23, I find that CVE-2009-2692 which exploits by using sock_sendpage() null pointer dereference. It describes this exploit affects linux version prior to 2.6.31 ...
1
vote
2answers
87 views
WordPress Private Expoit? [closed]
I have a friend who said he has a private exploit for all WordPress ran websites. I asked him to take down my private blog, to see if it is real. He couldn't do it. I tried to get some more ...
1
vote
1answer
65 views
A renamed exe automatically running
We are currently developing a web app that allows users to upload files to act as attachments to information they provide.
Obviously allowing users to upload any file types is very dangerous, ...
19
votes
8answers
2k views
How could someone exploit the OS an ATM is running?
As I'm sure many of you have heard, the end of support for Windows XP is the supposed apocalypse for ATM's worldwide. I am cognizant of the fact that this ensures that no more patches are issued, and ...
1
vote
3answers
76 views
Exploiting through a filtered port
I'm doing some pentesting against a machine the lecturer set up in the lab. NMAP shows port 445 to be filtered and Nessus confirms the ms08_067 vulnerability is present on that machine.
I tried ...
5
votes
1answer
525 views
Recent Fritz Box exploit
Background info:
About 50% of the ADSL and cable internet access in Germany (and presumably parts of the EU) goes over AVM Fritz routers, either verbatim or rebranded as e.g. "1&1 Home Server" or ...
1
vote
1answer
130 views
Exploiting XP SP3 with local privilege escalation
I'm trying to exploit my virtual machine (windows xp sp3) by cve-2013-5065. I created exe from python script and ran on my virtual machine. It successfully spawned new shell but cmd.exe was not with ...
-1
votes
1answer
174 views
Can this code be expoited using Buffer Overflow?
I have a piece of code which contains an obvious buffer overflow at strcpy(buf, x) since it doesn't check if buf is large enough to fit the string x. I'm wondering how to actually exploit this bug.
...
0
votes
1answer
39 views
Automatic exploit searches
How to automatically search and download exploits which matches for example with kernel release ?
Is there for example a public REST web service which provide data in XML or JSON format to a client ...
1
vote
2answers
115 views
Python exploit question?
Can someone please explain how and why this struct.pack code is used in the below exploit? I'm trying to understand how it triggers the vulnerability. I understand the buffer overflow aspect, I'm ...
1
vote
1answer
36 views
Why stack is not at the same address when exec running in GDB
During writing some basic challenges, I discover that the exploits are not working if not launched in GDB. To test this behavior, the following program print register values and code address:
...
-6
votes
1answer
79 views
How can mp3blaster vulnerability affect my linux OS? [closed]
Mp3blaster is a terminal mp3 player running a UNIX-like operating system, e.g. Linux, Free/Net/OpenBSD, etc. I usually use this player for playing my music, but yesterday I found a blog which claim ...
0
votes
1answer
56 views
Looking For Compiled Version of Metasploit Local Windows Exploits [closed]
I am looking to have a standalone compiled exploits for all local windows exploits that Metasploit has right now. I was wondering if somebody has done this before or know a place that has these ...
4
votes
1answer
99 views
Why would a user agent string be executed?
I'm having trouble understanding how a particular XSS vulnerability might arise in the real world. Guides for two of the exercises on hackthissite.org:
...
-2
votes
1answer
44 views
websites with vulnerabilities INFO [duplicate]
Websites like
http://www.cvedetails.com/
http://www.securityfocus.com
This websites show information about vulnerabilities and exploits, which other sites are similar?
2
votes
3answers
131 views
Does the principle of the CRIME & BEAST attack affect VPNs?
I was recently reading about the attacks on SSL/TLS that CRIME and BEAST were able to exploit by attacking the compression in the secure session. Upon reading this I remembered that OpenVPN has ...
0
votes
1answer
54 views
Why does this buffer overflow have payload &system-&exit-&BINSH
I'm following a tutorial to write a simple buffer overflow. I have (basic) knowledge of assembly, and the stack. I've written a stack based buffer overflow before and understood it. The program I'm ...
8
votes
2answers
283 views
Are userid and password needed in order to pentest a website?
We are a company that has many web applications developed in ASP.NET. Our Internet service provider (Telefonica) wants to test our web sites looking for vulnerabilities. For that, they are asking us ...
-1
votes
2answers
126 views
Automatically search Metasploit for useable exploits based on vulnerabilties in the database
Is it possible to automatically search the Metasploit database for usable exploits based on information about the vulnerabilities on the hosts?
Searching in Metasploit for each CVE number to see if ...
0
votes
1answer
40 views
Installing a custom SSL Certificate For Local Proxy. Safe?
I've been writing some software for over a year that is a sort of browsing security/privacy application. One of the features of this software is that it uses a local HTTP proxy for some content ...
1
vote
1answer
204 views
Reverse TCP connection from exploited SearchIndexer.exe failing
I'm working on a tool that exploits SearchIndexer.exe on Windows 7 x86 and connects back to a metasploit multi/handler, using standard metasploit reverse TCP stagers.
The exploit seems to function as ...
4
votes
1answer
351 views
Why does Directory traversal attack %C0%AF work?
Introduction: I am trying to learn the basics of Directory Traversal.
Question: While trying to understand the 2-Byte Unicode conversion of characters, I came across this_SANS ARTICLE that explains ...
0
votes
2answers
214 views
Can I exploit Windows kernel from user-mode application?
In this document is detailed technique of exploiting Windows kernel. But writer is talking about accessing kernel memory & doing exploit from user-mode application at the same time. Can I do this ...
0
votes
1answer
56 views
Using buffer overflow on word with macro injection
I know how a buffer overflow works on a local network against an application running on a TCP port, assuming it doesn't drop the connection, but I would like some advice on an "exploit" I would like ...
11
votes
7answers
962 views
Can hackers detect my operating system?
I've seen people demonstrating the use of backtrack to attack VMs. In one of the components of backtrack, it shows the operating system of the targets. Since support for Windows XP is ending soon, i ...
1
vote
1answer
201 views
List of NSA spyware - remote bios exploits [closed]
Found this rather detailed list of the NSA's latest spyware gadgets, with several different remote bios exploits that once installed are virtually undetectable and can survive reinstall of the OS:
...
0
votes
2answers
493 views
Ways to completely spoof browser user agent and hiding OS to a webserver
This is a follow-up to the following question: Can a website determine what OS or web browser a visitor is using if the useragent is blanked/changed?
If I have understood the answers correctly, a ...
2
votes
2answers
176 views
NX bit: does it protect the stack?
I once heard the NX bit was a panacea, then that it was not.
One detail I've wondered about though:
Does the NX (no execute) bit protect against code inserted into the stack and executed there?
It ...
1
vote
2answers
185 views
What hacking risks a site has if it has no input boxes?
I recently posted a question about recovery of website from XSS attacks, http://stackoverflow.com/questions/20759081/how-to-recover-a-site-after-an-xss-attack...
Doing a bit more digging online, i ...
2
votes
1answer
330 views
How to learn programming from a hacker's prospective [closed]
I'm really into hacking and security aspects. But I'm wondering about several things that is stopping me from pursuing this passion for the time being. One of the them is actually Programming ...
11
votes
6answers
354 views
Can a website determine what OS or webbrowser a visitor is using if the useragent is blanked/changed?
Assume that a visitor to a website has changed his useragent to something like the following, but he's using linux:
Mozilla/5.0 (Windows NT 6.2; rv:20.0) Gecko/20121202 Firefox/20.0
Assume that the ...
3
votes
1answer
94 views
Storing product keys on same server as shop?
Situation: An e-commerce system (specifically: PrestaShop) which is used to sell virtual products (specifically: product license keys). To accelerate order processing, a cronjob is supposed to be ...
1
vote
2answers
62 views
How does the stack cookie protect return address from being overwrite [duplicate]
/GS compiler option Micorsoft developed added an extra cookie before
the return address and before returning the cookie is checked, if it
is intact then return address is safe
why ever would ...
4
votes
1answer
107 views
What are the major vulns that affect the Dalvik VM of Android?
I frequently hear about the security risks of using Android. But few people who write articles on this subject ever identify what parts of Android are at fault, nor do they identify design flaws. Can ...
4
votes
1answer
84 views
ROP resistant gadgetless binaries
G-Free: defeating return-oriented programming through gadget-less binaries
This paper describes what seems like a really cool technique to prevent ROP attacks if the source is availible. They use an ...
1
vote
2answers
118 views
How do arbitrary payloads execute on the remote machine?
I understand executing something like a reverse TCP bind via shell relies on resources being available on the victim machine... and in the case of running a, shall we say, Ruby script from the command ...
-1
votes
2answers
286 views
How much are 0-days worth? [closed]
I got discussing this topic with someone recently and we couldn't reach a consensus so I thought I should ask here. There are commonly thrown around figures regarding the cost of buying a ...
5
votes
1answer
357 views
Suspicious activity on contact form, what are their intentions?
I've just started receiving several emails per second and I think it's likely someone is trying to exploit my contact form. I've taken steps to protect my site, I'm just curious what it is they're ...
-1
votes
1answer
98 views
how can I secure my static ip router?
hi I have a static ip and someone is hacking my computer trought it I tried to format my computer and making a clean install but he keeps penetrating it this time i tried to install the AV before ...
4
votes
1answer
155 views
On Hawkes' technique to bypass canaries
I found this reference to bypass canaries: http://sota.gen.nz/hawkes_openbsd.pdf
It recommends to brute force the canary byte-for-byte. I don't understand how this works: "Technique is to brute force ...
0
votes
1answer
562 views
How do Java applet exploits work? [closed]
Browsers store web pages in a local cache on the client's machine. How does a hostile Java applet exploit this information to gain more privileges than it is entitled to?
My understanding is that a ...
2
votes
1answer
192 views
Is there a way to evade -Wformat-security?
I am trying to learn about format string bugs and I found the gcc option -Wformat-security to raise a warning when a potential format string bug is found. I would like to know if there is a way to ...
-1
votes
1answer
206 views
Exploit Compilation Problem [closed]
I am trying to compile the following exploit:
http://www.exploit-db.com/exploits/10613/
But get the following error:
local.c:12:22: fatal error: asm/page.h: No such file or directory
compilation ...
0
votes
2answers
298 views
Transmitting malicious code over audio speakers
In a post that reads like science-fiction, a security researcher claims that malicious code was being passed between computers. A few quotes:
... "badBIOS," as Ruiu dubbed the malware, has the ...
4
votes
2answers
151 views
Smashing the stack if it grows upwards
As we know that on most of the processor architectures, the stack grows downwards. Hence, memory exploits involving smashing of stack and buffer overflow and their explanation make sense.
Just ...
