usefulfor.com/security

The administrative web interfaces for many wireless access points (APs) provide users with ‘Neighbourhood Wireless Scan’ functionality. This functionality scans for all accessible APs and displays the details of any APs which are identified. However, examination of these administrative interfaces revealed that a large number of them do not properly sanitise the parameters that are passed to them from any accessible APs.

An attacker could set up a fake AP with a malicious payload in the Service Set Identifier (SSID). The malicious SSID would be displayed in the ‘Neighbour’s Access Points Table’ page of the administrative interface and would be executed when an administrator scanned for APs. (more…)

A number of administrative applications are available which allow users to manage a network DHCP server via a web interface. This allows administrators to set up configuration options and view active DHCP leases.

it was found that a large number of these administrative web applications did not properly sanitise parameters that were passed to them from the DHCP server and therefore an attacker. In particular, a specially crafted DHCPREQUEST message containing malicious JavaScript or HTML code in the DHCP Options Hostname field could be sent to the DHCP server; the malicious code would then be displayed in the DHCP active leases page of the vulnerable administrative application and would be executed when an administrator visited the page. (more…)

hack-fu by: rux0r

In the last article (middleware and me (part-1)) we looked at the concept of Middleware security and why it is often a neglected area. In this article we are moving on to look in detail at the security features that can be employed to protect this type of software. For the purposes of these discussions we are going to be focussing on the IBM Websphere MQ product, hopefully in the future I will be able to contrast these discussions against the security controls employed by a number of other messaging technologies.
(more…)

hack-fu by: bob So… this is an amalgamtion of several ideas and bits of work I’ve found floating around that I put together. The result is a handy pentesting/pwnage technique. The following blog that kicked this idea off discusses a modified Metasploit exploit module called smb_server.pm by Kurt Grutzmacher: NTLMv1, Metasploit and You. Around the same time I’d been playing with some ettercap filters, based on the below work at Irongeek: Fun with Ettercap Filters. These two sparked something and gave me a use of those huge LMHALFCHALLENGE rainbow tables I’d downloaded. (more…)

hack-fu by: rux0r

This post is the first in a series on the subject of enterprise messaging and in particular on IBM’s flavour of it. The objective of these posts will be to remove some of the confusion about its purpose, the technologies and the methods of securing it. Hopefully this will help both security testers and other interested parties to feel confident about this important area of IT security.
(more…)

From The Web Application Hackers Handbook a quick quiz:

An input validation mechanism designed to block cross-site scripting attacks performs the following sequence of steps on an item of input:

1.- strip any <script> expressions that appear
2.- truncate the input to 50 characters
3.- remove any quotation marks within the input
4.- url-decode the input
5.- if any items were deleted, return to step 1

how would you bypass it?

Windows Vista includes the “Windows Sidebar”. This new feature allows users to display ‘gadgets’ on the sidebar and on the Windows desktop. Gadgets are small applications containing HTML, XML and JavaScript. They can be very flexible in design and function.

Gadgets are easy to install, to use and can be easily developed by any Vista user. They can enhance efficiency; they can be fun and can look good on a desktop. Windows Vista includes various gadgets by default, such as a calendar, calculator and currency converter. In addition, a large number of organisations have gadgets for download and use, such as London Underground, Amazon, ebay, etc.

Gadgets can be perceived by users as fun and harmless; but their characteristics can make of Gadgets a potential risk for Vista users. They run with the permissions of the logged on user and operate outside of IE’s Protected Mode. Additionally, gadgets will usually communicate with a remote server to obtain information and a rich gadget API which contains some potentially dangerous methods is available.

At the present time there are two main classes of gadget attacks: - (more…)