28th July, 2008

My favorite challenges website /--evilbitz   

Hi,

I wanted to share with you my favorite challenges website, +Ma’s Reversing. Although I wasn’t very active in this website in the last two years (don’t have a lot of free time), it is still a nice place to come back to and spend a day or two on solving a tough ridlle :-)

Two things you should know:

  1. The plus sign next to +Ma, indicates that the founder of Ma’s reversing, Malattia, was an active student in the +HCU academy which was foudned by +ORC in 1997. +ORC really gave a big push forward to spread the knowledge of cracking/reversing through his tutorials.
  2. If you’ll visit +Ma’s Reversing, you’ll notice a weired domain name. Well… the numbers actually represents a 32bit value of his old server’s IP address :-) I find it quite amusing.

Anyways, if messing with steganography or solving classical ciphers (let’s say Playfair) is your thing, this website will appeal to you.
Try to deserve it :-)



Posted in hacking, reversing | Be The First To Comment!

22nd October, 2007

An approach to overcome a keylogger /--evilbitz   

Well… this is not 100% fool-proof but if you care about your passwords and there is a chance that a keylogger is installed on the PC you are using (of course you must use it! and not a safer one), try the following method to type your passwords, it is simple but yet will overcome a decent amount of keyloggers out there:

If, for example, your password is ghostbuster:

  1. Type random parts of your password correctly: ghostbuster (type just htbu).
  2. In another window, type a lot of gibberish , like that: “;jklehf;3jmxmpojgedrjqhnm,bBNVuytewpirk,vmb” (-:
  3. Copy & Paste parts of your password and start assemble it in the password textbox ghostbuster
  4. Use random order when copy & pasting
  5. Delete parts of it by selecting parts of the password text and by pressing any key, do not use the backspace
  6. If you place spaces in the password text then select the text by pressing Ctrl+Arrow
  7. Assemble the password using all the above tips with random order

Thanks,
Guy.



Posted in security, hacking, stega | 3 Comments

24th July, 2007

Dangling Pointer Exploitation /--evilbitz   

Just saw this: New hacking technique exploits common programming error on Slashdot.

Hmmm… It seems interesting, Exploiting a dangling pointer in a generic way seems to be far fetched IMO. Exploiting it in a specific way is much more feasible, but it’ll be dependant on the specific bug. Until they publish their research about dangling pointers and show that their method applies to ANY dangling pointer without modifications, its just marketing. :-)

Using a dangling pointer in order to execute code may look like this:

  • You cause function A to be called, where you can control the data of the local variables, when it returns the stack is prepared for function B and initialized with your data.
  • You cause function B to be called (it could be the next function in the flow), where it takes a stack variable and decides to pass it by reference to function C, which has some arguments defined as “IN OUT” -> Function B holds the bug.
  • In function C, the initialized data (you initialized it) is being treated somehow and might be exploited to execute code.

A common programming error?

Trying to think about a common programming error that could be exploited using a dangling buffer, I came up with this piece of code:

CHAR unintialized_data[64];
WCHAR wideLinkName[64] = {0};

swprintf(wideLinkName, L”\\DosDevices\\CdRom%d”,     cdromNumber);
RtlInitUnicodeString(&unicodeLinkName, wideLinkName);

if (err) {
    RtlFreeUnicodeString // <- You're dead!
}

What is common here you ask?

You should not use RtlInitUnicodeString to initialize a string that is located on the stack. If you’ll look at its implementation (ntoskrnl.exe), you’ll see that a UNICODE_STRING structure is just a placeholder for the pointer and the string length, a UNICODE_STRING structure is reffered as a “counted string“. This is not obvious for beginners, and they may think that RtlInitUnicodeString also allocates a seperate buffer. More specifically, the bug happens if calling to RtlFreeUnicodeString (maybe in some other function or alternate flow of code), This bug could be exploited since RtlFreeUnicodeString frees the buffer, which in our case is on the stack itself, and since you controll the buffer header using the dangling buffer, you could execute code -> using regular heap overflow techniques.



Posted in hacking, programming, lowlevel | 1 Comment

2nd January, 2007

How to find a brand name /--evilbitz   

Need to think about a brand name for your product or company?

A name generator might do the job, NameGen is a python script developed by Erez Shinan and is hosted at Algorithm.co.il. NameGen is being fed with a list of names (in our case, brand names) and generates names that sounds the same or built in the same way.

My highly mathematical solution is to use the sophisticated Google CAPTCHA word generator. Just go to Gmail, enter a worng user name and password and click “Sign in” some several of times until the CAPTCH word generator appears. Continue to press that button until you get your desired brand name!

Google knows how much people hate CAPTCHA so they made their word generator not totally random, the words generated by it will sound like regular words that people are used to type.



Posted in random, hacking | Be The First To Comment!

12th November, 2006

Does PayPal Sucks? /--evilbitz   

I’m using PayPal for more than a year now, the service is great but there are some flaws with it. I’m selling some digital products and I had some issues with serial refunders, those people who tries to get things for free. I’m not going to describe all the methods I know they use but there are methods that can cost you a lot and you (almost) always lose.

The most annoying thing is when the buyer doesn’t ask for a refund but rather just cancels his credit card transaction. When a buyer does this you can issue a charge-back, the first thing PayPal does is subtracting the amount that was canceled from your account. Then, a long 90 day journey begins where PayPal does you a “favor” and tries to get your money back. Along the way, you would find out that PayPal charged you $10 to handle this charge-back “as it is said in the user agreement”, but they don’t tell you this before you issue the charge-back. PayPal pays the credit card company in order to open a complaint against the buyer. The funny thing is, PayPal charges you with another $2.xx fee on those $10!! I don’t see the reason here…

If you sell digital products, issuing a charge-back would always turn out to be the wrong thing to do, as you will be paying some extra bucks and the buyer already got his reward. It is the credit card company interest to keep it’s customers satisfied, so no justice would be done. The bright side of the story is that you get the buyer’s name along with the transaction, so you can find your resort and send him anthrax to his house ;-)

I wonder if you can open a PayPal account, sell a digital product for $5,000 and buy it with your own credit card. then, all you need to do is close the PayPal account (withdraw the money) and cancel the credit card transaction…
Just kidding. kids, don’t try this at home :-)



Posted in random, hacking | 6 Comments

« Older Entries
Top »
"If you can't join them, beat them!"
Search Evilbitz: