hakin 5/2005

Linux shellcode optimisation

A shellcode is an essential part of any exploit. During attack, it is injected into the target application and performs the desired actions within it. However, the basic rules for building shellcodes are not too widely known, even though they…

Advanced SQL Injection techniques

SQL Injection attacks target the core of a web application: its database. Their most significant impact enables an attacker to retrieve, modify, or delete arbitrary data. It is a serious threat to any application with a database back-end and a…

Exploiting Java VM security vulnerabilities

Java has taken control of the programming world. It runs on servers, appears as browser applets, increasingly takes over mobile phones – it’s even made its way into smartcards. It is usually seen as a highly secure operating environment, but…

Robot wars – how botnets work

One of the most common and efficient DDoS attack methods is based on using hundreds of zombie hosts. Zombies are usually controlled and managed via IRC networks, using socalled botnets. Let’s take a look at the ways an attacker can…

Pharming – DNS cache poisoning attacks

Visiting online banking services and other secured sites is becoming increasingly dangerous. Entering your credit card number on a website which looks deceptively similar to that of your bank might end with a considerable sum disappearing from your account. Unfortunately,…

Firestarter 1.0.3

Firestarter is a graphical tool for simplifying the process of managing, analysing, supervising and configuring a firewall based on netfilter/iptables. It uses the GTK2 library. Author: Tomasz Nowak Source: https://hakin9.org Hakin9 4/2005 Quick start: As an administrator of a Linux server, containing confidential…

Recovering Data from Linux File Systems

If you happen to lose important files on your Linux system – for example after a break-in – do not despair. Though it often requires a lot of time, with the help of a good toolkit you can potentially recover…