Tagged Questions
0
votes
2answers
68 views
Can I read/write canary values from %gs register?
I would like to know if it is possible to read (or write) the canary values from %gs register.
If "yes", how; and if "no", why?
Also, I have been reading somewhere that the canary values are stored ...
3
votes
2answers
127 views
How stack smashing is prevented?
I just read AlephOne's paper on smashing the stack, and implemented it on my machine (Ubuntu 12.04), it was a bit old so had to take a lot of help from the internet but I enjoyed it.
Now, I want to ...
2
votes
3answers
124 views
Insert string to memory with null character
I'm trying to implement return-to-libc,
here's the code
void func(const char *str) {
char buf[4];
strcpy(buf,str);
printf("you entered [%s]\n",buf);
}
int main(int argc, char *argv[]) {
...
2
votes
1answer
172 views
How to find the pharmacy hack in a Joomla website?
We've discovered today that our Joomla website has been hacked by a pharmacy trojan.
It was difficult to discover because most users don't see it when visiting our website.
One user reported about 2 ...
4
votes
1answer
281 views
How do I check the code of a Chrome extension to make sure it's not stealing my info?
I've been reading more and more about just how much access browser extensions can have to your data. This is a little unsettling, so I'm curious if there is a way to Vet these extensions and make sure ...
56
votes
7answers
53k views
Can webcams be turned on without the indicator light?
I want to know how secure I am.
I've made a series of pentests in my network and one of the things I've tried was to record webcam and microphone.
Recording an end-user's microphone seems to be a ...
15
votes
4answers
998 views
What is the easiest way to search massive, leaked databases for persons and personal information?
This may seem like a rather nefarious question, however, my motivations are quite the opposite-- I want to know how at risk I might be!
A while ago a very MASSIVE database was leaked that contained ...
1
vote
5answers
460 views
Site backdoor & eval()
I'm running a Joomla 1.7 site which was hacked today. Below script did the hack.
...
5
votes
6answers
2k views
Retrieving OSx Keychain passwords
I have a computer forensics style osx login.keychain file that I am trying to find the passwords from.
I have a very weak mac which I used crowbarkc on to try and brute force but the horsepower is ...
5
votes
5answers
2k views
What kind of attacks against home router's NAT do exist?
I always thought NAT was some kind of a security feature and I still think it is, because if it didn't existed the internet, respectively the clients behind NATs, would be even more insecure, since ...
2
votes
1answer
192 views
solaris equivalent of /proc/self/environ LFI
I need to exploit a Solaris vulnerability for class, but we never dealt with Solaris before and I never installed it.
Does Solaris have an equivalent to Linux's /proc/self/environ, exposing a ...
8
votes
3answers
1k views
Example of a backdoor submitted to an open source project?
To clarify immediately, I'm not interested in writing a backdoor. I have no interest in submitting backdoor changelists to projects myself.
I'm researching some source modeling techniques, and we're ...
2
votes
1answer
151 views
amd64 safer than 686-pae?
Apart from stronger ALSR entropy...
Is a system using amd64 any safer than 686-pae?
What are the advantages, if any?
2
votes
1answer
130 views
Is it safe to invoke PHP GD functions if you don't know whether file is a valid image?
There is image upload function in web application. After image is uploaded, it's resized using functions from PHP GD like imagecopyresampled and others. Before invocation of PHP GD's functions there ...
3
votes
2answers
569 views
How to use attack trees and attack graphs
I am trying to understand how attack trees\graphs can be used in the security process. I read a lot of papers presenting the topic and how this reppresentation can be useful, but I really don't ...
