Regards,
Joćo Cohen
[ 13 comments ] ( 1063 views ) | [ 0 trackbacks ] | permalink |
( 2.6 / 449 )You don't have to be a spy to put steganography to good use. With some free tools for both the Mac and PC, you can embed secret information in image, PDF, HTML and MP3 files for fun or profit.
Unlike encryption, which obscures data in such a way that it's obvious someone's keeping something from listeners-in (and therefore heightens interest in that info), stego techniques offer no hint to the outsider that there's any private data contained within the visible file.
Hide in Picture (Windows)
The free Hide in Picture (Windows only) embeds files into GIF or BMP images, and lets you set a password to retrieve the hidden file.
see if there is any difference between these two pictures :
The picture on the right side, has a secret file hidden inside.
To view it, use the Hide in Picture software.
Hint: The password to decrypt the image is steno
[ 14 comments ] ( 412 views ) | [ 0 trackbacks ] | permalink |
( 2.5 / 437 )Laws of security are used to discover weakness and exploitable problems.
I present you my top ten list :
- Client side security doesn't work.
- You cannot securely exchange encryption keys without a shared piece of information.
- A firewall cannot protect you 100% from attack.
- Any IDS (Intrusion detection system) can be evaded.
- Secret algorithms you may use or develop are not secure.
- If a key isn't required, you do not have encryption - you have encoding.
- Passwords cannot be securely stored on the client unless you have another password to protect them.
- A considered secure system must undergo first an independent security audit.
- Security through obscurity does not work.
- A machine is only as secure as the administrator is trustworthy.
[ 23 comments ] ( 404 views ) | [ 0 trackbacks ] | permalink |
( 3.1 / 373 )It's 4 A.M but the work keeps rushing me into the night.
Dynamic web sites are the new hit, web 2.0, ajax, xml..
Is it so dangerous to leave such security holes open ?
YES.
The damage depends on the data you allow your website to pull from the database, however if the entire database is compromised it is possible to access confidential data.
I will show you a handy tool called sqlmap.
It isn't hard to google for websites which take parameters from the URL (GET or POST) and then query the database with such parameters.
To start my test, i fired up google and typed :
inurl: ?id=
Some results came up, and I decided to test one of them for sql injection problems.
My ethic restricts me from posting the actual content, instead i will demonstrate it with fake data.
debian:/tools/sqlmap# python sqlmap.py -u www.fakesite.fake/noticia.php?id=77 --current-user --current-db
sqlmap/0.5 coded by inquis <bernardo.damele@gmail.com>
and belch <daniele.bellucci@gmail.com>
[*] starting at: 02:51:01
remote DBMS: MySQL < 5.0.0
current user: 'fake@localhost'
current database: 'fake'
[*] shutting down at: 02:51:56
[ 1 comment ] ( 211 views ) | [ 0 trackbacks ] | permalink |
( 3.1 / 300 )
There are many OS detection techniques that can be used without sending a single packet from our host, which are refered as 'passive'.Some of the main stream tools are Ettercap and p0f.
I'm going to discuss the use of ettercap show you some POC (proof of concept).
Ettercap is a suite for man in the middle attacks, it can sniff live connections, content filtering on the fly and many other interesting tricks.
It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis.
For this POC, i'm going to use a Debian 4.0 system.
Let's start by installing the latest ettercap (0.7.3-1.2) :
erp:~# apt-get install ettercap
Reading package lists... Done
Building dependency tree... Done
The following extra packages will be installed:
ettercap-common libnet1 libpcap0.8
The following NEW packages will be installed:
ettercap ettercap-common libnet1 libpcap0.8
0 upgraded, 4 newly installed, 0 to remove and 169 not upgraded.
Need to get 644kB of archives.
After unpacking 1933kB of additional disk space will be used.
Do you want to continue [Y/n]? Y
Setting up libnet1 (1.1.2.1-2) ...
Setting up libpcap0.8 (0.9.8-2) ...
Setting up ettercap-common (0.7.3-1.2) ...
Setting up ettercap (0.7.3-1.2) ...
erp:~#
Okay, we have our tool installed and ready to fire-up.
We are going to use the Curses interface.
erp:~# ettercap -CI'm not going to post screenshots, but I will guide you thru the POC.
Step 1: Open the menu "Sniff", and select "Unified sniffing"
Step 2: Choose the network interface to use: eth0
Step 3: Open the menu "Start", and select "Start sniffing"
Step 4: Open the menu "View", and select "Profiles"
In the main windows you will see : "Collected passive profiles"
Step 5: Fire up your favorite browser, and type in the address of the server you want to sniff.
In this article we are going to open: http://www.fake.pt (home banking website fake).
Right after you open the URL in your browser, if you switch to the terminal where ettercap is running you will see:
Collective passive profiles :
62.28.999.x www.fake.pt
Open the selected profile for more details.
IP address : 62.28.999.x
Hostname: www.fake.pt
Distance : 12
TYPE: REMOTE host
FINGERPRINT: E000:05B4:80:00:0:1:0:1:A:3C
OPERATING SYSTEM: unknown fingerprint (please submit it)
NEAREST ONE IS : FreeBSD 4.6-RC2
PORT : TCP 80 | http [Microsoft-IIS/5.0]
Although the remote fingerprint is unknown, the server told us it is using microsoft internet information services 5.0.
So, with a simple http request, we can determinate that the remote operating system is Microsoft Windows 2000.
How can we tell ? Well, IIS/6.0 ships by default on Windows Server 2003 ;)
You can try this for any other address (http, ftp, etc.)
[ 8 comments ] ( 6302 views ) | [ 0 trackbacks ] | permalink |
( 3.1 / 469 )
Random Entry
