Since it has been long time I didn't write something, I decided to find something to write about. I was planning to write about one of my findings while I was doing some penetration testing for a customer. I found an interesting vulnerability in a ColdFusion written web site of the client, it took me quite some time to successfully gain full control of the server by leveraging the bug. This portal was in use for long time and a lot of people have tested it and checked it for vulnerabilities, but it seems that all of them missed my finding.
Have you ever wondered about having an EXE without any entry in IAT (Import Address Table) at all? Well, I knew that it's possible, but never saw an actual exe file without IAT entry. So I developed an application which is 1,536 bytes and still does basic annoying malware things. So to summarize, this tiny app:
- Enumerates following APIs:
Hi again! In my previous post, I demonastrated how to use RFID cards to add extra layer of security for logging into Linux systems using PAM modules. In this post, I'm going to show you how I managed to do same thing for Windows.
Hey everyone! I had some freetime last night and I noticed that I have several RFID cards and and RFID reader and I almost do nothing with them. After thinking a little bit about what I can do with RFID reader, I came up with an idea! NFC RFID Linux PAM (Pluggable Authentication Module)! So next time for logging into my computer, user should have an RFID card, otherwise, even entering correct username+password combination, will not work.
When you learn that a company web server compromised because of a small programming mistake in PHP and it was possible to stop the attack by calling a function, you will want to learn more about all those "function calls".
Basically, in this post, I'll talk about possible attacks to web applications and how to stop them.
This is the app I talked about in previous post
Based on shellcode in previous post, I wrote a functional application which injects shellcode into remote process and unloads given module name. We can also call it remote process DLL unloader.
Have you ever dealt with malwares that inject their DLLs into other processes? Sometimes they inject their DLL into some critical processes like csrss.exe (like recent Soraya malware), you are in middle of a hundred breakpoint placed Ollydbg, several IDAs loaded and you are deep in analysis, you just can't restart computer and you can't let malware running in csrss.exe. So I decided to write a basic shellcode to unload any given DLL (module), so I can inject this shellcode into infected process to unload malware or any DLL.
I had to run some tests on some smart cards I received recently in Debian. I did some research to find a very simple, very basic command line code, compilable and runnable in Debian, which will run HEX commands in smart card and show the results again in hex and .
So I wasn't able to find such a code and I decided to write my own. From now on, you can use it too:
I was in the middle of coding some application for android and I needed a File/Folder browsing dialog. But I also needed access to /data and other sensitive folders. So I started searching internet, but I didn't find anything useful. Anyway, I decided to write my own. For initial code, I used sample project from here
I started expanding it, made some changes to it, added images for files and folders, added root access features, added known filetype icons, etc.