HOME | DISCUSSION | ALL ARTICLE | aBOUT ME

Buffer overflow or format string? Human stupidity is more fun to be exploited

external links

CONTACT

Ph03n1X

License

These informations are provided freely to all interested parties and may be redistributed provided that it is not altered in any way, the author is appropriately credited and the document retains. The supplied exploit code is not to be used for malicious purpose, but for proof of concept only. The authors of the exploit/tool/article doesn't responsible for anything happened by the cause of using all information on these website.

LATEST POSTS

[paper] - GRID COMPUTING INSECURITY

I've planned to publish this draft on TOKET k-elektronik, but release of TOKET seems to be cancelled. Finally we're proudly present the first draft technical security assesment on grid computing.

[tools] - PHPBB PASSWORD LOGGER

Patch ucp.php to log username/password phpbb forum version 3.0.1. This idea is much better than guessing md5 hash.

[tools] - OPEN DNS SERVER FINDER

Simple perl code to find open DNS server. You can use this tool to find DNS server which allows recursive query for zombie DDoS.

[exploit] - SSH WORM ON DEBIAN

Simple SSH worm on debian using libssl flaw. Try to add a report when a machine compromised.

[tools] - ABUSE EMAIL PERL CODE FOR PRELUDE

Perl code to send automatically abuse email when attacking with high serverity detected by prelude-manager. Email is sent to email owner of ip address which attacks our network.

[advisory] - VULNERABILITY IN MULTIPLE WEB APPLICATION

Vulnerability in some website applications Chicomas CMS - ZompLog Blog Engine - WheatBlog Blog Engine. Just a lamme web bugs and nothing special.

[tools] - REMOTE KNOCK REVERSE BACKDOOR

Knock-Reverse is very usefull on backdooring server inside of NAT with restricted inbound firewall in gateway

[tools] - FTP BRUTE FORCER

FTP brute forcer guesses username login and password in FTP server using userlist and password list

[exploit] - SUN SOLARIS UNAUTHORIZED KERNEL MODULE LOADING

This flaw allows unpriviledge local user to cause kernel modules to be loaded. "modload" this modules, then user with uid 60001 has a root priviledge

[exploit] - SUNOS 5.10/5.11 SPARC MASS EXPLOIT

mass exploit for telnet authentication bypass flaw on SunOS 5.10/5.11 Sparc architecture

[paper] - LINUX SYSTEM HARDENING

Artikel yang sudah saya publish di ezine echo 17. Sangat sederhana tapi saya berharap bisa membantu admin pemula mengamankan mesin linuxnya.

[paper] - SQL INJECTION PHP - MYSQL

SQL injection on a website based PHP-MySQL - lamme but fun enough.

[paper] - FUN WITH OPENBSD LOADABLE KERNEL MODULE

Konsep dan implementasi editing syscall OpenBSD untuk mendukung proses backdooring.

[paper] - SSH PASSWORD GUESSING DAN TINDAKAN PREVENTION

Seni menebak user dan password ssh dengan menggunakan teknik password guessing disertai tindakan prevention bagi para sysadmin.

[advisory] - AIX 4.3 LOCAL ROOT COMMAND EXECUTION

AIX 4.3 local root command execution uses 'lsmcode' command. Anyway, just click this link OK :)