So one day you wake up and you think…why should I buy an alarm installation if I can just make my own. The normal answer is because you usually don’t have the skills nor the time for it. In my case I preferred the answer, because you can learn new skills and do cool stuff. Well that motivated me so here I am writing about how I build my first amateur laser alarm(which is far from finished). Keep on reading if you are curious about my first steps into the hardware world.
The previous post explained how to setup the environment so that we would be able to actually debug the crashing process. In this post I will try to explain the process of analyzing it and building a working exploit. So the first step is to identify why it crashed in the first place.
n0limit his legend preceeded him but the real deal is way better then the legend! No, really this dude really helped me out in the process to making it work. When doing BOF bugs there is a HUGE difference between reading about it and putting it to practice. Another big thanks go out to KD he got me interested in this stuff again. I mean with all the web exploiting going on these days…you’d almost forget about the giant of all times. The infamous Buffer Overflow!
Well this isn’t as nice as my last post about Geographically locating ip addresses but still this is highly interesting specially with all the LBS(Location Based Services) that are going on. LBS are usually based on companies and/or software which has extreme access to information able to pin point the location of a person. These techniques are often used when performing somebody is beeing investigated or when someone makes a distress call to 911(112 in europe). Before you carry on reading I highly apreciate feedback about my english writing :) so don’t be ashamed to correct me or tell me about any errors in my postings. I regret that this post isn’t as detailed as I wanted it to be…but then again I hate keeping information to myself for ages. So here is a first glance at this topic.
A lot of people ask the question: How can I recover my truecrypt password? Others ask the question: How can I crack a truecrypt container? So out of curiousity I went on a little investigation to know what the current tools are to bruteforce a truecrypt container. So here is a small compilation of the methods I’ve found to bruteforce a truecrypt container.
I always loved this subject. In movies they are all so cool about it. It’s all like:
Sir, his ip is 126.96.36.199.
Go ahead triangulate it so we can nail him.
Sir, we have got him, he is in bla bla bla
Last night a buddy of mine asked me if it was possible to geolocate an IP address, he was interested for fun where the hell his “viagra” spammer lived. So triggered by his question I started investigating the possible methods and resoures to geolocate an IP address and at the same time find out how realistic hollywood is in it’s movies.
Intercepting proxies and other intercepting software like tamperdata are ideal tools to modify a http request or response when you are taking a peek into the nice world of web application hacking.
Burp suite is not free like webscarab but I like it because the interface is more intuitive. It seems though that wescarab-ng is doing a pretty good job on the interface part. So what is burp suite exactly?
From the burp suite website:
Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, authentication, downstream proxies, logging, alerting and extensibility.
The best thing? It can be extended!
abusing the trust people have in signed applets.
It’s been blogged before but oh well I always learn by example so here is an example. The thing I’m talking about is trusting signed java applets. In short when you trust a java applet it can do whatever it wants. So what could you do with a java applet? The java source code will steal your mac address, rather useless but it serves the example purpose good enough. The stolen mac address get’s submitted to a page in this case it will be google which will look like this: