Sunday, September 18, 2011

IRANGE - Pays close attention to your valueable items

This isn't an information security post, but definitely in the personal security field.

I want to present an idea that I have developed with a help from two of my friends, it's called - i-Range.

Unfortunately, I didn't had a time yet to develop this product.


I hope you will enjoy watching the video: 




i-Range is a product that gives support in the field of personal security.
It's main goal is to protect every day items, which are considered to be valuable.

The product consists of two end points; The Master unit, the user wears, could be a watch or a bracelet and the Slave unit which is a tiny sticker, that can be easily glued on any item.

The i-Range will pay close attention to the valuable items such as: wallet, keys, cell phone, laptop, passport, etc.

The user will glue the sticker on the valuable item.
Both end-points constantly communicate with each other wirelessly, while the Slave unit sends the signals and the Master unit receives them.
The user can configure the reception range, which allows the user to change the secure radius.
When an item exits the secure radius, the system immediately and constantly alerts the user by vibrating and beeping to the user.
Posted by at 4:38 AM 1 comments
Labels: ,

Monday, December 13, 2010

Linkedin ViewLink and ViewArticle mechanism opens new kind of Phishing attacks

In this post I'll explain how it's possible to execute Phishing attacks on LinkedIn users while the attacked users will see in the address bar the LinkedIn.com domain.


LinkedIn users allowed to attach links to their posts in linkedIn website.


User that will click on these links will open the links using the LinkedIn ViewLink mechanism that will open the link in a iFrame.


Attackers can upload a regular LinkedIn phishing page and abuse this ViewLink mechanism and fool users and steal their passwords, all they need to is to attach a link to this phishing page in their posts.


I did this POC (proof of concept) today, here is what I got:
Step1:

Step2:

Step3:
 

So now the poor users need not just to verify the domain on the address bar, they also need to verify they are not entering their credentials on ViewLink or on ViewArticle pages.

Posted by at 11:58 PM 1 comments

Wednesday, November 17, 2010

SCADA Exploitation - Hacking into national infrastructures

Hackers find their next target using SHODAN search engine

SHODAN (http://www.shodanhq.com/) is a search engine that allows find specific computers (routers, servers, etc.) using a variety of filters. They grad this "horrible" data from (routers, servers, etc.) 'banners'.

Using this DB, hackers can find SCADA Internet-facing Web interfaces, default passwords for web servers and network devices, IP cameras, vulnerable systems (filtering by IIS 5, windows 200, etc), and many more.

Some interesting SCADA information (took from SHODAN DB):
By the way, Simatic S7 SCADA like mention above, are the same systems that were targeted and penetrated by Stuxnet worm.

Using this information, H4ck3rs can locate these critical national infrastructures systems and try to penetrate them, what can be sometimes very easy.

Here is one nice example:

Here are some default password in use:

Please don't use this data to hack these systems, this is illegal !!
Posted by at 3:26 AM 1 comments
Labels: , , ,

Wednesday, September 22, 2010

Source-Link-Phishing (A.K.A. TabNabbing) - New technique for phishing attacks

I would like to demonstrate a new technique that could be used for phishing attacks.

Using this technique, Phishers can more easily fool naive users and steal there login credentials.

Attack scenario:
Let's suppose that a Phisher wants to get some bank's (Or any other "Interesting" online system) users credentials and this bank allows posting links as comments on some pages.
The Phisher just need to post this link: http://shlominar.50webs.com/Source-Link-Phishing.html
and anyone that will click on this link will open new tab and after a few seconds the "Source" tab will be changed to a Phishing page.

I call this technique: Source-Link-Phishing

Demo
Posted by at 3:22 AM 0 comments
Labels: , ,

Tuesday, April 6, 2010

Directory Traversal Cheat Sheet

You can use this cheat sheet for exploiting web servers and application servers for directory traversal.

This is eight level of deep Directory Traversal. There are 880 variants of Directory Traversal attack signatures.

To use this list effectively, you need to replace the "(Filename)" phrase to the desired file - Depending by the attacked web server OS.

Be my guest to suggest more variants to this awesome list.

Enjoy ;-)

Credits to Luca "ikki" Carettoni for this list.

Open the cheat sheet (this will take few seconds to load this long list)

Posted by at 10:24 PM 8 comments
Labels: , ,

Friday, February 19, 2010

ClickJacking Advertisement

I want to present you JavaScript scheme that I wrote in recent days.

This demo presents how it can possible to “steal” users clicks and force them to click on your advertisements for example.

Using these advanced methods, the “bad guys” can make a lot of money using PPC (Pay per Click) and other affiliates programs that are very popular in these days.

Here's my online demo (Click here).
Posted by at 5:05 AM 3 comments
Labels: , ,

Wednesday, February 3, 2010

Hacking Citrix and Terminal Server Techniques

Friend of mine is security consultant and from time to time he's asking my help for hacking Citrix and Terminal Servers.
So I decided to write a list of my hacking techniques that I use in case someone tries to close some registry keys ;-)

I'll try regularly update this list:


Basic shortcuts:
  • Open file: Ctrl + o
  • Save File: Ctrl + s
  • Open New Browser: Ctrl + n, Shift (or Ctrl) + Left Click on link
  • Browser History: Ctrl + h
  • Task Manager: Ctrl+Shift+Esc
  • File manager: Windows + E
  • Run commands: Windows + R
  • Utility Manager: Windows + U
  • Windows search: Windows + F

Open Internet browser:
  • Press F1 – Click on any URL to open.
  • Click on help on the language bar.
  • Windows + U -> Help
  • Run calc -> Help -> Help Topics -> Mouse right click on the window blue frame -> Jump to URL

Get local files (like cmd.exe):
  • Printing window (Ctrl + p) -> print to file -> filename=* -> Enter -> and browse to system32
  • Right Mouse Click (or Shift + F10) -> Save Picture As -> filename=* ->…
  • View Source -> filename=* ->…

If the right mouse click is forbidden:
  • Use Shift + F10

Run Command Shell:
  • Run command.com
  • Drag other file on cmd.exe or command.com
  • Shortcut to cmd.exe or command.com
  • Batch file with: c:\windows\system32\cmd /c (Or /K) any_command
  • VBS script:
    • Dim shlomi ShellSet shlomiShell= WScript.CreateObject ("WScript.shell") oShell.run "cmd /K CD C:\ & Dir" Set shlomiShell= Nothing

Open file manager using IE:
  • Favorites -> Drag any folder to browser’s window.

Using office applications:
  • Insert Picture -> filename=* ->…
  • Insert Hyper Link - > file://c:\windows\system32\cmd.exe
  • Insert object -> Create from File -> cmd.exe or command.com
  • Run VB (or VB Macro).

If you can't run shell:
  • Rename cmd.exe (or command.com) to applicationName_uCanRun.exe.
  • Use Debug.exe, using this you can run almost any exe you like. You just need to upload the Assembly code or write by yourself.
  • Run VB compiler, using office applications.
Posted by at 10:08 AM 4 comments
Labels: , , ,
Subscribe to: Posts (Atom)