Reconnaissance with Images

Hi Readers!!

Lets see how the Images speak this time.

Gathering data on a target is extremely important if we plan to execute an attack in a more efficient manner. A typical attack scenario starts with a long reconnaissance process. In this case “reconnaissance” refers to the gathering of information in any and all possible manners regarding a particular object of interest. We can gather information from websites online, dumpster-diving offline, and also through the classic act of social engineering. Online information gathering emerged after millions of people all over the world started participating in social networking sites like Orkut, Facebook, Twitter etc. People started to maintain a virtual image of themselves, which may, or may not, be similar to their real-world image. In this article, we shall see the social implications of these dual personas and how they can lead to the exploitation of vanity. We shall also look into how someone’s life can be affected and the risks of geo-localization. This article also features various tools used to perform reconnaissance with the images.

For the full article click here.

Cheers

3psil0nlambda

Virtualization Security in Cloud Computing

Hi Readers!!

Recently I have started writing for Info-sec institute. Here goes my first about security in the cloud!!

2011 ended with the popularization of an idea: Bringing VMs (virtual machines) onto the cloud. Recent years have seen great advancements in both cloud computing and virtualization On one hand there is the ability to pool various resources to provide software-as-a-service, infrastructure-as-a-service and platform-as-a-service. At its most basic, this is what describes cloud computing. On the other hand, we have virtual machines that provide agility, flexibility, and scalability to the cloud resources by allowing the vendors to copy, move, and manipulate their VMs at will. The term virtual machine essentially describes sharing the resources of one single physical computer into various computers within itself. VMware and virtual box are very commonly used virtual systems on desktops. Cloud computing effectively stands for many computers pretending to be one computing environment. Obviously, cloud computing would have many virtualized systems to maximize resources.

Read the full article here.

Cheers

3psil0nlambda

LinkedIN Passwords exposed – A case study by 3psil0nlambda

LinkedIN Hacked

Greetings!

Not long time ago that we saw a Russian hacker post 6.5 million Linked-In password hashes on a Russian hacker forum. After observing the disclosure of the hack, one thing highlighted is that LinkedIn stored passwords using SHA-1 encryption that comes with SSL and TLS protocols.

Using hashes to store passwords – Is it enough?

Storing passwords in clear text would mean lethal for any common user, storing hashes of passwords would make life relatively happier for him. But, is this enough? What are the methodologies that a developer can implement to make password storage more secure and make it difficult for the attacker to crack? Read on…

Salting of hashes:

The concept of salting is simple. Salting is a process of adding salt (a random integer, string, alphanumeric etc.) to your password before computing the hash. This will ensure the randomness in the final hashed password. This would not let the attacker to use the readily available tools, but would challenge him to write a piece of code which would be lot more complicated and time consuming for him.

Possible errors in salting hashes:

  1. Using same salt value for all the passwords
  2. Using too short salts

Making it difficult for the attacker using the concept of KeyStretching:

This refers to a technique to make relatively weak password (referred as key), difficult to crack using the brute force attack by increasing the time taken to crack each case. The final result is termed as the enhanced key. This is preferred to be at least 128 bit long to make brute-forcing least feasible form of attack. A common technique in keystretching would be to apply a cryptographic hash function or a block cipher fuction repeatedly using a loop.

In this article, we have seen a real life scenario of linkedIN attack, and also seen what are the possible ways to fix such kind of attacks by making is less feasible for the attacker.

Cheers

3psil0nlambda

Session Hijacking via XSS in Jabong.com[Patched]

Website:  http://www.jabong.com
Vulnerability: Session Hijacking VIA XSS
Criticality: Moderate to Risky
Author: Karthik R a.k.a 3psil0nlambda
http://www.epsilonlambda.wordpress.org
—————————————————
Another instance of negligence from the team of Jabong .com after repeated emails.
About the site:

Jabong.com is a young and vibrant company that aims to provide good quality branded products. Jabong.com caters to the fashion needs of men, women and kids across footwear, apparel, jewellery and accessories.

At Jabong.com we strive to achieve the highest level of “Customer Satisfaction” possible. Our cutting edge E-commerce platform, highly experienced buying team, agile warehouse systems and state of the art customer care centre provides customer with:

Broader selection of products
Superior buying experience
On-time delivery of products
Quick resolution of any concerns

Multiple Vulnerabilities:

*Cross Site Scripting
*SESSION HIJACKING
*URL Redirection

This can be used to write the cookie data to a text file hosted on a web server and can be later used to compromise user accounts using Cookie Manager Firefox add-on. This Leads to Impersonation of accounts on JABONG.COM

XSS in SnapDeal.com

Site: http://www.snapdeal.com
Threat/Vulnerability: Cross site scripting a.k.a XSS, URL Redirection
Severity : Moderate
Author: Karthik R a.k.a 3psil0nlambda

I have informed the owner (CEO) but got no response, acknowledgement of receipt of the mail.

About the Site:

India’s fastest growing shopping site.

Vulnerability:
*XSS a.k.a Cross site scripting
*URL Redirection

Once found out the Vulnerability, it can be used in the following URL to create any attacks.

*Installing malware in the name of Snapdeal.com and gain credit card and other important credentials
*Phishing URL Redirection, and gain login-ID and password

URL used for crafting attacks:-
*http://www.snapdeal.com/search?categoryId=0&keyword=XSS &vertical=all&clickSrc=go_recent&locId=0
*http://www.snapdeal.com/products/lifestyle-handbags-wallets?q=Brand:Jute Planet,A-maze&sort=XSS

Greetz to side-effects, r4dc0re, lord crusader, team inject0r

10 Wi-Fi security tools for your arsenal – Photostory

Hey guys,

This is an article for WI-fi Pen testers. The must have tools in your arsenal are covered in the form of a photo story on Search-security.IN by me.

Image Courtesy: http://www.clker.com

You can read the story here:
http://searchsecurity.techtarget.in/photostory/2240146791/10-Wi-Fi-security-tools-for-your-arsenal/1/10-Wi-Fi-security-tools-for-your-arsenal

Cheers 🙂
3ps!10nLaMbDa

Fuzzing for fun and profit – Porting exploits to metasploit

This was my paper that I presented at Defcon chennai meet held on jan 29, 2012. I hope you people like it.

This covers the art of fuzzing, SPIKE and also, the metasploit framework. I have also covered how to code your own exploits into the metasploit framework in this paper.

You can view the paper here: Fuzzing for fun and profit_Integrating Exploits to the Metasploit_framework

Cheers
3ps!10nLaMbDa

[Change of Name] Ebook: The BackTrack Experience – An Introduction to White hat Hacking

Hi all,

This is the official announcement regarding the change of title of my book. The new title is changed to “The BackTrack Experience – An Introduction to White Hat Hacking”.  The revision in the title is in effect from 7th February, 2012.

 

Updated link for the purchase of the book:

http://www.amazon.com/BackTrack-Experience-Novice-Introduction-ebook/dp/B006KSVF9Q/

Thank You

Cheers

3ps!L0nLaMbDa

silverstripe CMS persistent XSS vulnerabilties

Hi all,

Yet another bug found, in the silverstripe CMS. 🙂
DISCLAIMER: The publisher is in no way responsible if the information is used for any malicious intent.
silverstripe CMS persisten XSS vulnerabilties
vendor: http://demo.silverstripe.org
Author: Karthik R (3psil0nLambDa)
Email: Karthik.cupid@gmail.com
My blog: epsilonlambda.wordpress.com
Google dork: Powered by the SilverStripe Open Source CMS

* Persistent XSS vulnerability

The page title module of this CMS is vulnerable to persistent XSS.

Exploit:

PoC: http://imageshack.us/photo/my-images/341/silverstripe.png/

Greets to side-effects and Taashu 🙂

10 Linux security tools for system administrators

Hi all,

In recent times, the security aspect of information technology has received considerable attention, and large organizations have dedicated security teams to keep tabs on vulnerabilities in their systems and take preventive or corrective action as appropriate. The same level of commitment to maintaining security may not be seen in most SMBs, but the fact remains that any gaps in security could have disastrous consequences for all businesses, regardless of their size.

Security need not always be a hugely expensive affair. In this article, we shall cover Linux-based security tools and distributions, which can be used for penetration testing, forensics, reverse engineering, and so on.

1. Wireshark – Network Packet analyser
2. NMAP – Network scanner
3. ClamAV, chkrootkit and Rootkit hunter – antivirus and malware hunters
4. SNORT – IDS tool
5. NIKTO – Web scanner
6. Metasploit – Exploit development framework
7. Nessus – Vulnerability scanner
8. SPIKE – fuzzer
9. Ollydbg – Debugger
10. Linux Security Distros like Backtrack, Remnux and Matriux

For complete article with details on the tools, check out my column on SearchSecurity.IN. You can read the complete article by scrolling down, all the way to the bottom of the page, skipping the registration part at:

http://searchsecurity.techtarget.in/tip/10-Linux-security-tools-for-system-administrators

Cheers
3ps!l0nLaMbDa