2013 is coming to an end. Especially for you we gathered the best articles published in our magazine this year. We are sure that with this compendium you will get a huge load of advanced knowledge about Exploiting.
The best of Hakin9 2013: Exploiting deals with different topics. Inside, you will find four sections on various topics, such as Reverse Engineering, Software Exploitation Techniques, Attacks and WEP Cracking.
With Reverse Engineering chapter you will learn basics such as debugging, but also a few advanced techniques like shellcode, android malware or dotNET reverse engineerig.
A part about Software Exploitation Techniques will lead you from fundamentals of exploiting software to the tools and techniques of the highest level.
Attacks Section introduces you to different types of attack which you can lead, and teaches how to protect your database against SQL Injection, MiTM, Cross Site Scrypting, or Zero-Day.
Finally, at the end of our compendium you will find a chapter dedicated to WEP Cracking. You will find there two advanced articles on how to crack WEP using Gerix and Revear.
We hope you will like it and be with us in the forthcoming year.
Reversing with Stack-Overflow and Exploitation
By Bikash Dash, RHCSA, RHCE, CSSA
The prevalence of security holes in program and protocols, the increasing size and complexity of the internet, and the sensitivity of the information stored throughout have created a target-rich environment for our next generation advisory. The criminal element is applying advance technique to evade the software/tool security. So the Knowledge of Analysis is necessary. And that pin point is called “The Art Of Reverse Engineering”
Android Reverse Engineering: An Introductory Guide to Malware Analysis
By Vicente Aguilera Diaz, CISA, CISSP, CSSLP, PCI ASV, ITIL Foundation, CEH|I, ECSP|I, OPSA
The Android malware has followed an exponential growth rate in recent years, in parallel with the degree of penetration of this system in different markets. Currently, over 90% of the threats to mobile devices have Android as a main target. This scenario has led to the demand for professionals with a very specific knowledge on this platform.
Reverse Engineering – Shellcodes Techniques
By Eran Goldstein, CEH, CEI, CISO, Security+, MCSA, MCSE Security
The concept of reverse engineering process is well known, yet in this article we are not about to discuss the technological principles of reverse engineering but rather focus on one of the core implementations of reverse engineering in the security arena. Throughout this article we’ll go over the shellcodes’ concept, the various types and the understanding of the analysis being performed by a “shellcode” for a software/program.
How to Reverse Engineer dot NET Assemblies
By Soufiane Tahiri, InfoSec Institute Contributor and Computer Security Researcher
The concept of dot NET can be easily compared to the concept of JAVA and Java Virtual Machine, at least when talking about compilation. Unlike most of traditional programming languages like C/C++, application were developed using dot NET frameworks are compiled to a Common Intermediate Language (CIL or Microsoft Common Intermediate Language MSIL) – which can be compared to bytecode when talking about Java programs – instead of being compiled directly to the native machine executable code, the Dot Net Common Language Runtime (CLR) will translate the CIL to the machine code at runtime. This will definitely increase execution speed but has some advantages since every dot NET program will keep all classes’ names, functions’ names variables and routines’ names in the compiled program. And this, from a programmer’s point of view, is such a great thing since we can make different parts of a program using different programming languages available and supported by frameworks.
Reverse Engineering – Debugging Fundamentals
By Eran Goldstein, CEH, CEI, CISO, Security+, MCSA, MCSE Security
The debugger concept and purpose is to test and troubleshoot another written program. Whether the debugger is a simple script, tool or a more complex computer program the idea is to utilize it in order see and verify the functionality of the “target” program / application in such a form that one can see and understand via the debugger what is happening while the “target” program / application runs and especially when it stops.
Software Exploitations Techniques
An Introduction to Exploiting Software
By Claudio Varini, a Ph.D in Computer Science from the University of Bielefeld
Software is basically a sequence of commands that are executed in the order the human programmer intended. However, humans are not perfect and software can contain bugs. A bug is a non-intended code sequence or a condition that someone never thought of when programming. A common bug is the off-by-one error. It essentially happens when programmers miscount by one. A famous off-by-one error was present in OpenSSH, a terminal-based software for secure communication.
Metasploit for Exploits Development: The Tools Inside The Framework
By Guglielmo Scaiola, MCT, MCSA, MCSE, Security +, Lead Auditor ISO 27001, ITIL, eCPPT, CEI, CHFI, CEH and ECSA
A lot of people use Metasploit to gain access to hosts and networks; sometimes in an ethical manner, and sometimes not. In some cases the operation is very simple. If you like the GUI versions, Rapid 7 professional or Armitage, for example, the attack is like a point and exploit activity. The post exploitation task and the pivoting are very simple, but not everyone knows the fact that the framework was developed for ALL of the exploit lifecycle. You start with fuzzing tools and end with usable and integrated modules. Today I want to point my focus to this second aspect of the framework.
Software Exploits (ShellCode)
By Bamidele Ajayi, CISM,CISA,OCP,MCTS,MCITP EA
Software exploits are commands that take advantage of bugs or vulnerabilities in programs that cause unexpected behavior to occur. With this, attackers could gain control of information systems and try escalating their privilege after circumventing the control mechanisms. In this article we would delve into software exploits focusing on shell code. Shell code is a code used in exploiting software vulnerabilities via payloads which typically start as a command shell from which the attacker can control the compromised system. Shell codes are written in machine code. Shell code can be local or remote.
Exploiting Internal Network Vulnerabilities via the Browser Using BeEF Bind
By Ty Miller, CEO and Founder at Threat Intelligence
Browser exploits are a primary attack vector to compromise a victim’s internal systems, but they have major restrictions. Instead of exploiting the victim’s browser, what if the victim’s browser exploited their internal systems for you?
By Daniel Calbimonte, SQL Server Consultant for Databases and Business Intelligence
This article describes how to protect your Database from a particular attack from web pages or applications called sql injection. It gives a brief introduction to the sql injection and how to avoid it.
Session Hijacking Through Cross-site Scripting (XSS)
By Danny Chrastil Senior Security Consultant at BT Global Services
Tired of explaining to clients how an alert() box is a valid proof of concept for a XSS vulnerability. You should be. The truth is that providing a straightforward proof-of-concept code for XSS attacks involving session hijacking, is not so straightforward.
SQL Injection: Threat to web
By Himanshu Bhardwaj
In today’s age of the internet, where almost everything is online and the rest going online. People depend increasingly on information available on the internet, from fairy tales to astronomical reasearch data a lot of possible information is available through the internet. People find the internet a golden source of information. Each and every bit of information is available online. But this can be a potential risk, what happens if someone alters or removes chunks of your precious (stored) data. You could lose a lot of valuable information and invested time perhaps not that important to other people.
HTML Hacking: Stealing localStorage with XSS and MiTM Attacks
By Christopher Duffy, CEH, CHFI,CNDA, EDRP, RHCSA, RHCT, CWSP, CWNA, ISO-27000, GPEN, VCP 3, CIW:WSP, CIW:WSS, CIW:WSE, CIW:WSA, CIW:WFA, Security+, Network+
Hypertext Markup Language version 5 (HTML5) was designed to provide increased functionality to web users. The changes have enabled richer content, improved multimedia capabilities and decreased bandwidth requirements. Unfortunately, web servers that utilize the new HTML5 features are often configured insecurely.
Blind and Time based SQL Injections
By Vidit Baxi, CEH, MCTS, MCP
Blind and Time based SQL Injections are two attacks vectors which exploit the database to the level where even unresponding web pages leak out the data behind.
Zero-Day A Future Threat, And How To Protect Your Data
By Rafael Fontes, Co-Founder at Grey Hat and member of “French Backtrack Team”
It is known that practically all software has security flaws (programming problems that give individuals opportunities to explore previously nonexistent), many of these vulnerabilities not yet discovered, and hundreds are corrected every month through the packages available organizations affected, sometimes new versions and updates.
Cracking WEP Key Using Gerix
by Badrish Dubey
If you are using wireless routers or WLAN (Wireless Local area Network) in your home or in your organization, configuring your device to work on WEP (Wired Equivalent Privacy) security and thinking that your router or WLAN is secured from hacking attacks or unauthorized access then you must read this article before your neighbor hacks your routers or WLAN. In the rest of the article we will see how the WEP encryption and decryption works, how to crack them and how to secure them.
Cracking WPA/WPA2 Key Using Revear
by Badrish Dubey
By the year 2001 hacking attacks on WEP (Wired Equivalent Privacy) grew up with the information shared on the Internet and by then it had become necessary for IEEE (Institute of Electrical and Electronic Engineers) to come up with better security mechanisms. In the year 2003 IEEE and Wi-Fi alliance came up with Wi-Fi Protected Access (WPA) which was also known as bullet proof security for Wi-Fi devised. But, as the technology developed, different types of attacks took place for cracking WPA/WPA2. In this article we will see the most recent type of attack for cracking WPA/WPA2 using the tool REAVAR.