Network Security

An amusing attack was demonstrated in the course of the last penetration testing. It is a good example of practical application of Cross-Site Scripting. We had the following situation:

- User segment with an attacker (me) operating from it;
- Technological network with strictly restricted outgoing traffic;
- A web application in the technological network that is vulnerable to Remote File Including (RFI);
- A web application in the technological network that is vulnerable to SQL Injection.

A method that I discovered today in MySQL documentation struck me with its simplicity and the fact that I haven’t noticed it before. Let me describe this method of bypassing WAF.

MySQL servers allow one to use comments of the following type:

/*!sql-code*/ and /*!12345sql-code*/

As can be noticed, SQL code will be executed from the comment in both cases! The latter construction means that "sql-code" should be executed only if the DBMS version is later than the given value.

Some WAFs skip comments during signature search. Among such WAFs, there is the latest stable assembly of Mod_Security (v. 2.5.9).

Here is a simple example:

A few months ago, I released a new version of both SmartSniff and SniffPass with support for using them with Microsoft Network Monitor 3.x

In the release details, I also specified that 'Wifi Monitor Mode' button was added for using 'Monitor Mode' under Windows Vista/7/2008, but without giving extensive explanation about how to use this feature. So in this blog post, I'll add more details about this 'Wifi Monitor Mode' and how to use it on SmartSniff and SniffPass.

When a wireless network card enters into a 'Monitor Mode', it listens to specific channel that you choose and captures all the packets that are sent by wireless networks on your area in the specific channel that you selected.  If the wireless network that sent the packet is unsecured,   SmartSniff and SniffPass will be able to show you the packets data.

Before I start to explain you how to use this mode, here's the system requirements for using  'Monitor Mode':

Here’s a small but useful post for people, who use Internet Download Manager and have recently moved to Firefox 4. The old firefox addon that came with IDM is not compatible with Firefox 4. There are alternative solutions on the internet like the FlashGot extension. Anyhow, it’s a simple matter of a new addon. Download the addon below and install it on your Firefox 4 browser.

1- Open Firefox 4,
2- Paste the link to the addressbar and Go,
3- Wait for the download,
4- Restart Firefox,
5- Enjoy.

Alternatively, if the above link doesn’t work for some reason or is an older one. Here’s on hosted on my site with the latest version.

DRIL (Domain Reverse IP Lookup) Tool is a Reverse Domain Tool that will really be useful for penetration testers to find out the domain names which are listed in the the target host, DRIL is a GUI, JAVA based application which uses a Bing API key.

DRIL has a simple user friendly interface which will be helpful for penetration tester to do their work fast without a mess, this is only tested on Linux but as it is JAVA it should work on Windows too.

There are various other tools which carry out similar tasks, especially utilizing the Bing API.

You can download DRIL here:

"The vulnerability that I want to share first, Is a critical vulnerability in Blogger (Google Service),
That vulnerability could be used by an attacker to get administrator privilege over any blogger account (Permission Issue),Yes I know it sound kind of crazy but it's true :),
Here are the details regarding the issue in Blogger service,
I found a HTTP Parameter Pollution vulnerability in Blogger that allow an attacker to add himself as an administrator on the victim's blogger account,"

After a very successfull release of Sql Poizon v1.0, The Exploit Scanner Tool, I am hereby introducing you with the new release which is more handy. It has new features as well as bug fixes from the older release. Please take a look for it below:

One of  my blog readers asked me "How can i use trial version software's forever" .Instead of answering him i taught i can write a tutorial on How to use trial version software's for Ever


Concept :-
When you  install a software for the first time it makes an entry into the Windows Registry with details such as Installed Date and Time, installed path etc.After installation every time you run the software it compares the current system date and time with the installed date and time.So with this it can make out whether the trial period is expired or not. So if we make software think that the trial period is not over we can use the software for ever

To hide IP some of us use Anonymizers(anonymity server) , some use Proxy Servers .