EXPLOITING FOR BEGINNERS – EXPLOITING SOFTWARE COMPENDIUM

Dear Readers,

We are happy to supply you with second publication devoted to those of you who want to learn some basic hacking skills. Let us present Hakin9 StarterKit – Exploiting Software Compendium. This publication encloses basic articles on exploiting software that were published in our magazine this and last year.
The articles address various topics – Linux Kernel, Buffer Overflow, Raspberry Pi, Reverse Engineering, SamuraiWTF Toolkit. We hope that the knowlegde you get after reading the articles will come in handy.

---

SAP Exploit

ERP Security: How to Assess SAP® Vulnerability with Open Source and Free Tools
By Sergio Abraham, ERP Security Researcher at Onapsis and Ezequiel Gutesman, Head of Research at Onapsis

SAP Application security is becoming a widely-adopted practice in the Information Security industry. In this article you will learn how to use an open source tool to perform vulnerability assessments and Penetration Tests over SAP systems, offering a wide range of modules and exploits to assess the security of these platforms. We will go through several vulnerabilities and attacks on SAP components, starting with an introduction to the overall architecture, passing through SAP application-layer vulnerabilities and finally, illustrating the possibility of achieving full access over an unsecured system – everything without even having a valid SAP user.

How (IN)Secure is SAP J2EE
By Alexander Polyakov, The father of ERPScan Security Scanner for SAP. ZeroNights’ organizer

It is a well-known fact that it is impossible to create 100% secure software. Software vendors have embraced the hard fact that, even if they were to triple their secure software development resources and efforts, their software will ship with unknown vulnerabilities in them and many of the vulnerabilities will be discovered and exploited. This is particularly true for complex software systems which have millions of lines of code and rely on multiple technologies from operating systems to programming languages.

How to Exploit SAP System Users
By Derick Burton, CISSP-ISSAP, M. Inst. ISP, M.Sc. Network Security

SAP can often seem daunting and mysterious to those of us not initiated in the arcane mystery that it presents, and for many years the security of SAP systems rested in its obscure nature. However, as any security professional will tell you, security through obscurity is no security at all. In fact it is often worse than having no security because of the false sense of “security” it breeds.
So has been the case with SAP. What was once closed and hidden has been exposed to the harsh light of security researchers and what has been exposed has often been unpleasant.

How important is Master Data in Data Conversion
By Can John Guven, Strategic, Entrepreneurial, Global Operations and Process Engineering Executive

When I was asked to write an article discussing ERP implementations, I had to give it some thought concerning the stages that will be crucial to any ERP implementation. After spending some time thinking, I came to the conclusion that data conversion and busted data governance would be the key for any of these.

How to Exploit SAP? Fast Track and General Guidelines for Exploitation
By Rodrigo Salvalagio, Pentest, Vulnerability analysis and Incident Response and Luiz Milagres, A specialist in penetration tests in infrastructure and web applications

Undoubtedly, SAP is the main star among ERP softwares available on the market. It’s modular concept allows business rules to be changed, large scale integration and data consistency across the enterprise. Using ERP to ensure integrated management is a fundamental part of any business, increasing the chances of business perpetuity and operations efficiency. SAP is highly comprehensive, extending to all business units and support areas, from manufacturing to the president or managing committee.

Reverse Engineering

How to Analyze Applications With Olly Debugger
By Jaromir Horejsi, A computer virus researcher and analyst

When you write your own programs and you would like to change or modify some of their functions, you simply open the source code you have, make desired changes, recompile and your work is done. However, you don’t need to have source code to modify function of a program – using specialized tools, you can understand a lot from program binary file, you can add your new functions and features and you can also modify and alter its behavior. Process of analyzing computer program’s structure, functions and operations without having a source code available is called reverse engineering.

How to Identify and Bypass Anti-reversing Techniques
By Eoin Ward, An Anti- Malware Analyst with Microsoft Corporation

Learn the anti-reversing techniques used by malware authors to thwart the detection and analysis of their precious malware. Find out about the premier shareware debugging tool Ollydbg and how it can help you bypass these anti-reversing techniques.This article aims to look at anti-reversing techniques used in the wild. These are tricks used by malware authors to stop or impede reverse engineers from analysing there files.

How to Reverse Engineer
By Lorenzo Xie, The owner of XetoWare.COM

If you are a programmer, software developer, or just tech savvy, then you should have heard about reverse engineering and know both its good and evil side. Just in case, here is a brief introduction for those who don’t know what it is. In this article, we are going to talk about RCE, also known as reverse code engineering. Reverse code engineering is the process where the code and function of a program is modified, or may you prefer: reengineered without the original source code. For example, if a software programmer has created a program with a bug, does not release a fix, then an experienced end user can reverse engineer the application and fix the bug for everyone using the program. Sounds helpful doesn’t it?

How to Reverse the Code
By Raheel Ahmad, CISSP, CEH, CEI, MCP, MCT, CRISC, and CobIT Foundation

Although revealing the secret is always an appealing topic for any audience, Reverse Engineering is a critical skill for programmers. Very few information security professionals, incident response analysts and vulnerability researchers have the ability to reverse binaries efficiently. You will undoubtedly be at the top of your professional field (Infosec Institute). It is like finding a needle in a dark night. Not everyone can be good at decompiling or reversing the code. I can show a roadmap to successfully reverse the code with tools but reverse engineering requires more skills and techniques.

Linux Kernel

Configure and Build Your Own Secure Linux Kernel
By Dusko Pijetlovic, IT Manager and Sr. Systems Administrator in Vancouver

One of the best ways to get a feeling for the Linux kernel internals and security features is to configure its settings and then compile it. Most GNU/Linux users and administrators use kernels configured and provided by the community (free and open source distributions) or corporate sponsors (e.g. Red Hat Enterprise Linux, SUSE Linux Enterprise, Canonical – Ubuntu).

Linux Kernel Exploit. Android OS – The storm is over
By Sembiante Massimiliano M.S.c. Computer Security

Writing an article on Linux Kernel Exploitation is always a challenge. During the last decade the Linux Kernel has been constantly under the spotlight for a number of issues including vulnerabilities, controversial design, and structural aspects. The security of Linux Kernel has been covered at many levels. Discussing the latest penetration technique or the latest bug report is always a useful exercise, but makes it seem that defense strategy is exclusively based on a reactive approach rather than a preventive approach.

Raspberry Pi

Raspberry Pi Hacking
By Jeremiah Brott, IT Consultant, professor at Sheridan Institute

Follow this guide at your own risk. I take no responsibility for any outcome from anything you attempt to do within this guide – sais the author. The Raspberry Pi is a credit-card sized computer that plugs into your TV and a keyboard. It’s a capable little PC which can be used for many of the things that your desktop PC does, like spreadsheets, word-processing and games. It also plays high-definition video. We want to see it being used by kids all over the world to learn programming. If you love your Pi you’ll definitely love to hack it.

Third-party PHP
By Sergey Scherbel, Security Expert at Positive Technologies

When you do penetration testing, the server under examination often seems quite harmless for the first sight: it runs the latest versions of a web application and other services. But you still have to find vulnerabilities in them, so everything should be inspected. For example, if the server runs a third-party PHP version, everything can prove more serious. There are a number of third-party PHP versions currently in use. All of them were created to increase the performance and functionality of the language. A third-party PHP version increases the average operating speed of the application up to 5 times, which is definitely a lot. This is a result of cross compilation.

SQL Injection
By Wong Chon Kit, MCP, MCSA, MCSE, MCTS, MCTIP Enterprise Administrator, Microsoft Certified Trainer, Redhat Certified Technician, Vmware Certified Professional, C|EH, E|CSA, C|HFI, CISSP

The devastating method which also known as SQL injection, many people say they know what it
is all about. But how many of them are practicing on securing their server? What exactly is SQL injection? It is the vulnerability that results when you give an attacker the ability to influence the Structured Query Language (SQL)queries that an application passes to a back-end database which could potential leak all the sensitive information such as credit card, phone number and etc.

Windows 8 Security in Action
By Dan Dieterle, CyberArms Security Blog owner with over 20 years in IT Security

Is Windows 8 the next operating system for your enterprise? In this article, we will take a quick look at Microsoft’s new OS – Windows 8. We will see some of the new security features that make it more secure than its predecessor Windows 7. We will also run the security through the paces and see some of the possible issues that are new to the OS and some that have carried over from previous versions of Windows. From the Backtrack 5 r3 security testing platform, the author uses the Metasploit Framework and Social Engineering Toolkit to see how Windows 8 stands up to the most common internet based threats.

SamuraiWTF Toolkit

Malware, a Cyber Threat Increasingly Difficult to Contain
By Pierluigi Paganini, 20 years in IT Security, Certified Ethical Hacker

When we speak about malware we introduce one of the worst cyber threat that daily evolve with the capacity to hit every sector without distinction.

Memory Levels Gate Mitigation
By Amr Thabet, A freelancer malware researcher and penetration tester

The author created two Modes (normal and high modes) to stop any way to bypass the mitigation and solutions for any incompatibility problem you could face.

Anti-Rootkits in the Era of Cyber Wars
By Igor Korkin, Ph.D. Moscow Engineering Physics Institute

Some of the major issues that have been covered in the media included Stuxnet, Duqu, and Flame. By learning of these tools and their capabilities, it is important to think about what could be next. This article is intended to provide a concept of information security system design, particularly for stealth detection.

Web Filtering with Websense. To Be or Not to Be filtered: That Is The Dilemma
By Abdy Martinez, Telecommunications Administrator at AES Panama, specialized in Network / Information Security and Forensics

Network performance is just one of the reasons that we should consider to implement Web Filtering with Websense in our rganizations. In this article, you will learn what is Web filtering, how it works, Websense solution, and basic considerations when you are choosing your Web filtering solution.

Password Construction and Management
By Gaurav Kumar

Although alternative technologies for authentication, such as biometrics, smartcards, and one-time passwords, are available for all popular operating systems, most organizations still rely on traditional passwords and will continue to do so for many years.

Buffer Overflow

The Basics Of Buffer Overflow, Fuzzing and Exploitation
By Richer Dinelle, Network administrator, programmer

The stack can contain different kind of information: instructions for the cpu, characters strings for example. Buffer Overflow can be caused by many different programming errors or implementation. The one we will test is going to be about the bounds of an array of characters that are not properly checked. You will see what is application fuzzing and how to exploit the bugs we find and what problems it creates to developers in terms of program availability, functionality and most of all security.

Exploit Software with Buffer Overflow Vulnerability and Bypassing ASLR Protection
By Ahmed Sherif, IT Security researcher

Buffer overflow is an anomaly where a program while writing data to a buffer overruns the buffer’s boundary and overwrites adjacent memory. This is a special case of violation of memory safety. It is the most dangerous vulnerability in the software world because it could allow for an exploitation for OS which include this vulnerable software. You will learn how to write your own exploitation with python programming language and bypassing ASLR protection and finally, how to run your own shellcode to control Vulnerable OS.

Recovering Passwords and Encrypted Data Remotely in Plain Text
By Daniel Dieterle, CyberArms Security Blog owner with over 20 years in IT Security

There has been a lot of buzz across the web the last few months about a program called “Mimikatz”. It is an interesting program that allows you to recover Windows passwords from a system in clear text. Why spend hours, days, or months trying to crack a complex password when you can just pull it from Windows memory as unencrypted text?Recovering passwords remotely with WCE is very similar; you create the website in SET, and use the Java attack. Once the target system allows the backdoored applet to run, a remote session is created. After you connect to the session in Meterpreter, you need to run the “Bypassuac” script, and connect to the newly created session that has System level access. Then run the WCE script and the passwords are displayed in plain text. You will learn how a remote attacker can recover encrypted files and you will understand why you should never allow scripts or programs to run from websites that you do not know or trust.

Overriding Function Calls in Linux
By Umair Manzoor, IT Security consultant with Cigital

Function hooking and overriding plays a vital role in penetration test of thick client application. In this article we will discuss how shared libraries in Linux environment can be overridden with out recompiling the code. By overriding the function calls we can sniff the communication protocol, modify the communication parameters and fuzz the communication protocol.