Word Challenge is a game on facebook in which you get 6 letters and need to make up words in order to get points, this game is highly addictive because you play against your friends. Since this Swedish girl made 14,098 points (very high) and since I had to beat her in word challenge I decided to cheat
…So I built up this bot, basically it’s a python script that sends keystrokes to the software using simple word combinations. The script “knows” how to send 3 letters and 4 letters combinations, I’ll leave it to the reader to handle the 5 and 6 letters combinations in case he wants to extend the script, what I’ve done was sufficient for my purpose.
In case you want to test the script, you’ll have to have python installed and run my script from the command line (make sure after you hit “3comb” you set the focus to the word challenge window, you have 2 seconds for that).
I wanted to share with you my favorite challenges website, +Ma’s Reversing. Although I wasn’t very active in this website in the last two years (don’t have a lot of free time), it is still a nice place to come back to and spend a day or two on solving a tough ridlle
Two things you should know:
The plus sign next to +Ma, indicates that the founder of Ma’s reversing, Malattia, was an active student in the +HCU academy which was foudned by +ORC in 1997. +ORC really gave a big push forward to spread the knowledge of cracking/reversing through his tutorials.
If you’ll visit +Ma’s Reversing, you’ll notice a weired domain name. Well… the numbers actually represents a 32bit value of his old server’s IP address I find it quite amusing.
Anyways, if messing with steganography or solving classical ciphers (let’s say Playfair) is your thing, this website will appeal to you.
Try to deserve it
Well… this is not 100% fool-proof but if you care about your passwords and there is a chance that a keylogger is installed on the PC you are using (of course you must use it! and not a safer one), try the following method to type your passwords, it is simple but yet will overcome a decent amount of keyloggers out there:
If, for example, your password is ghostbuster:
Type random parts of your password correctly: ghostbuster (type just htbu).
In another window, type a lot of gibberish , like that: “;jklehf;3jmxmpojgedrjqhnm,bBNVuytewpirk,vmb” (-:
Copy & Paste parts of your password and start assemble it in the password textbox ghostbuster
Use random order when copy & pasting
Delete parts of it by selecting parts of the password text and by pressing any key, do not use the backspace
If you place spaces in the password text then select the text by pressing Ctrl+Arrow
Assemble the password using all the above tips with random order
Hmmm… It seems interesting, Exploiting a dangling pointer in a generic way seems to be far fetched IMO. Exploiting it in a specific way is much more feasible, but it’ll be dependant on the specific bug. Until they publish their research about dangling pointers and show that their method applies to ANY dangling pointer without modifications, its just marketing.
Using a dangling pointer in order to execute code may look like this:
You cause function A to be called, where you can control the data of the local variables, when it returns the stack is prepared for function B and initialized with your data.
You cause function B to be called (it could be the next function in the flow), where it takes a stack variable and decides to pass it by reference to function C, which has some arguments defined as “IN OUT” -> Function B holds the bug.
In function C, the initialized data (you initialized it) is being treated somehow and might be exploited to execute code.
A common programming error?
Trying to think about a common programming error that could be exploited using a dangling buffer, I came up with this piece of code:
CHAR unintialized_data[64];
WCHAR wideLinkName[64] = {0};
…
swprintf(wideLinkName, L”\\DosDevices\\CdRom%d”, Â Â Â Â cdromNumber);
RtlInitUnicodeString(&unicodeLinkName, wideLinkName);
…
if (err) {
    RtlFreeUnicodeString // <- You're dead!
}
What is common here you ask?
You should not use RtlInitUnicodeString to initialize a string that is located on the stack. If you’ll look at its implementation (ntoskrnl.exe), you’ll see that a UNICODE_STRING structure is just a placeholder for the pointer and the string length, a UNICODE_STRING structure is reffered as a “counted string“. This is not obvious for beginners, and they may think that RtlInitUnicodeString also allocates a seperate buffer. More specifically, the bug happens if calling to RtlFreeUnicodeString (maybe in some other function or alternate flow of code), This bug could be exploited since RtlFreeUnicodeString frees the buffer, which in our case is on the stack itself, and since you controll the buffer header using the dangling buffer, you could execute code -> using regular heap overflow techniques.
Need to think about a brand name for your product or company?
A name generator might do the job, NameGen is a python script developed by Erez Shinan and is hosted at Algorithm.co.il. NameGen is being fed with a list of names (in our case, brand names) and generates names that sounds the same or built in the same way.
My highly mathematical solution is to use the sophisticated Google CAPTCHA word generator. Just go to Gmail, enter a worng user name and password and click “Sign in” some several of times until the CAPTCH word generator appears. Continue to press that button until you get your desired brand name!
Google knows how much people hate CAPTCHA so they made their word generator not totally random, the words generated by it will sound like regular words that people are used to type.
