3CTftpSvc TFTP Server BOF

Liu Qixu has discovered a vulnerability in 3CTftpSvc, which can be
exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error during the
processing of TFTP Read/Write request packet types. This can be
exploited to cause a stack-based buffer overflow by sending a specially
crafted packet with an overly long mode field (more than 460 bytes).

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in version 2.0.1. Other
versions may also be vulnerable.

Allright thisone is very simple to understand.

3CTftpSvc is a tftpd and as you know tfpd’s run on udp port 69
The vulnerability allows you to exploit this tftpd by supplying a large
mode field to a GET or a PUT command.

Let’s take a look at the exploit:
(read more …)
(more…)

crack secure Bluetooth devices

Cryptographers have discovered a way to hack Bluetooth-enabled devices even when security features are switched on. The discovery may make it even easier for hackers to eavesdrop on conversations and charge their own calls to someone else’s cellphone.
Source : newscientist.com

Auditing Closed-Source Applications

yesterday i download a paper about auditing Closed-Source Applactions from BlackHat.com (by Halvar Flake ) . This speech will go further into the idea of using reverse engineering to audit closed-source programs.

Download : Auditing Closed-Source Applications

Introduction to Writing Shellcode

Shellcode is machine code that when executed spawns a shell, sometimes. Shellcode cannot have any null’s in it because it is (usually) treated as a C string and a null will stop the reading of the string, as it is the string delimiter. Not all “shellcode” spawns a shell, this has become a more generic name for a bit of position independant machine readable code that can be directly executed by the cpu. Shellcode must always be position independant – you cannot access any values through static addresses, as these address will not be static in the program that is executing your shellcode – environment variables are the execption to this rule. Remember to always use the smallest part of a registerpossible to avoid null’s, and xor is your friend.

Source :telegenetic.net

BlueTooth Cracking

Kevin Finstere & Thierry Zoller showed a demo of BTcrack in the Hack.lu Conference. BTcrack is a Windows tool that can crack bluetooth PIN and linkky .

BlueTooth Crack

BeEF: Browser Exploitation Framework

BeEF is the browser exploitation framework. Its purposes in life is to provide an easily integratable framework to demonstrate the impact of browser and cross-site scripting issues in real-time. The modular structure has focused on making module development a trivial process with the intelligence existing within BeEF.

BeEF in bindshell

The Cross-site Scripting Virus

This paper explores the new threat of cross-site scripting (XSS) viruses. These viruses are a new species which are platform independent and not affected by common firewall configurations. XSS viruses could have a significant impact for Internet continuity, including distributed denial of service (DDOS) attacks, spam and dissemination of browser exploits.

Source : BindShell

Hack.5, My favorite Internet TV

Hak5 is the Internet Television show for the hacker, modder, and do-it-yourselfer. With high quality tech entertainment and all things hack and mod. You’ll find yourself breaking out the soldering iron with Wess Tobler or yielding networks (in)secure with Darren Kitchen. So join the gang on the 5th of each month for an engaging hour of technology and geek humor.

Hack.5 TV web Site