Skip to main content

Ethical HaCking 0x04

Security is the separation of an asset from a threat.
Security as practiced by the military generally means destroying the threat. A non functioning threat is no longer a threat. So to separate the threat from the asset, you have three options:

• Physically remove or separate the asset from the threat.
• Destroy the threat.
• Move or destroy the asset

As you know destroying assets is undesirable and destroying threats is not most of the time we separate the two from each other.

Elements of Security
Separation can be done by using following elements:

Visibility can be an opportunity for an attacker.What an attacker see,learn or glean into help him in his attack.But think if attacker cant see, then he wont even think of attacking on that thing.Linux provide better ways to go invisible.In linux you can easily DROP ALL such request which can make you visible,like ping replies etc.Unfortunately, visibility is a necessary part of most services since marketing is the core of all business; you must present your wares in order to sell them. Therefore, it is necessary to strike the right balance between what assets should be known to maximize the usefulness and efficiency of services while minimizing exposure.

Access means how much you can interact with the given system.It can be a response,service or any thing.
A service cannot exist without access.The simplest way to prevent access is not to provide it. Physically separating an asset and a threat is the strongest deterrent possible. During penetration tests, the most
common problems can be attributed to a service or application running that does not need to be running. The greatest strength of Linux is the ability to easily choose which ports are open and which services are running

In security sciences, Trust is any unauthenticated interactivity between targets within a scope. For example, a web application may interact with a database server without requiring authentication or specifically identifying itself. (Actually, the request’s IP address may be considered weak identification criteria much like a nametag on a person’s shirt is unqualified identification of a specific person.) Where an attacker finds visibility as opportunity and access as direct interaction, trust is useful for indirect interaction.


Popular posts from this blog

Animated Cursor Vulnerability

Step1: create two file on attacker side 1) default index.html and 2) cursor file to load

Now save the proof of concept in a txt file(cursor.txt). use above command to cut down the hex part from proof of concept and paste it in buffer.ani
Step2:upload the above two files in your apache webserver. 
Step3: Try to open index.html from window-xp and analyse the behavior of IE using ollydgb in order to find the offset address where EIP will get over written. Attach IE in ollydgb and put malicious url in it.

As we can see now that EIP is overwritten with 42424242 that means this place is our offset.
Now we will put the address of jump instruction in place of 42424242 which we will get from user32.dll by searching for command JUMP DWORD [EBX],now we jumped at ebx because it contain the malicious .ani file address.

Just go into view=>executable=>user32.dll , press enter.

Now try to find a jump [ebx] instruction in user32.dll by pressing ctrl+f.Now note down the address of this instruction.…

Hacking Windows 10 UWP App: DLL Injection & common Vulnerabilities

I recently started working on  widows 10 Apps( Apps not Applications) security. Before diving deep in hacking terms lets try to understand what's new in Windows 10 UWP( Universal Platform) as compared to old Apps. Lets begin with how apps actually work on windows 10(desktop/tablet). Now windows 10 comes with a container only for running apps inside the isolated environment. By default, /APPCONTAINER(Linker Flag) is off. This option modifies an executable to indicate whether the app must be run in the appcontainer process-isolation environment. Specify /APPCONTAINER for an app that must run in the appcontainer environment—for example, a Windows Store app. (The option is set automatically in Visual Studio when you create a Windows Store app from a template.) For a desktop app, specify /APPCONTAINER:NO or just omit the option. The /APPCONTAINER option was introduced in Windows 8.
Now there is no registry entry concept for these app in the System HIVE rather they install they own hiv…

Assignment 01(Enroll TO Offensive-Security Course)

Steps 1:download the page.
2:open fc4.js in your favourite editor and add following lines in it or just replace it with vode given below.
3:then open the download html file in browser and fill the form with your email and a garbage value string.
4:thats it? it will show you the real security string??
yeah but  ...theirs another challenge waiting for you ... :D

function fc4me(srvstr) {

   if(! || !document.pleazfc4me.securitystring.value) {
      alert("Please fill in all the required fields!");
      return false;
   else {
   var t=hexMD5("\x74\x72\x79\x68\x61\x72\x64\x65\x72"+srvstr)

Finally Got In :-)