SQL insertion
During the time that we were preparing for BlackHat, Haroon Meer (haroon@sensepost.com) started extensive fiddling with SQL insertion. A topic that has been touched on before, but never really studied in depth, Haroon decided to spend some time on it (between 2am and 5 am). He wrote a paper on it for Phrack Magazine that didn’t make it on account of formatting issues. After licking our wounds, we decided to put the paper out there and Haroon posted it to Pen-Test mailing list. In true Haroon style, the paper is a little difficult to follow, and I promised him I would recycle so that it would make sense to all the listeners out there.
Tuesday, October 29, 2002
very basics of TCP/IP - Layers and what they do
ntroduction – what is TCP/IP TCP/IP stands for Transmission Control Protocol/Internet Protocol and is the system of standard protocols that runs the web. That is to say, any computer that wants to send WWW information to another via the internet will almost certainly want to use TCP/IP as the transmission protocol, and understanding it is the key to understand the ‘lower levels’ of how the internet works. Though keep in mind that other protocols such as SMTP and FTP take over to control email and some file transfers respectively.
ntroduction – what is TCP/IP TCP/IP stands for Transmission Control Protocol/Internet Protocol and is the system of standard protocols that runs the web. That is to say, any computer that wants to send WWW information to another via the internet will almost certainly want to use TCP/IP as the transmission protocol, and understanding it is the key to understand the ‘lower levels’ of how the internet works. Though keep in mind that other protocols such as SMTP and FTP take over to control email and some file transfers respectively.
Freenet
Freenet is a large-scale peer-to-peer network which pools the power of member computers around the world to create a massive virtual information store open to anyone to freely publish or view information of all kinds.
Freenet is a large-scale peer-to-peer network which pools the power of member computers around the world to create a massive virtual information store open to anyone to freely publish or view information of all kinds.
Increasing Wireless Security with TKIP
TKIP is a quick-fix method to quickly overcome the inherent weaknesses in WEP security, especially the reuse of encryption keys. According to "802.11 Planet," "The TKIP [security] process begins with a 128-bit 'temporal key,' [which is] shared among clients and access points. TKIP combines the temporal key with the [client machine's] MAC address and then adds a relatively large 16-octet initialization vector to produce the key that will encrypt the data. This procedure ensures that each station uses different key streams to encrypt the data. TKIP uses RC4 to perform the encryption, which is the same as WEP. A major difference from WEP, however, is that TKIP changes temporal keys every 10,000 packets. This provides a dynamic distribution method that significantly enhances the security of the network."
TKIP is a quick-fix method to quickly overcome the inherent weaknesses in WEP security, especially the reuse of encryption keys. According to "802.11 Planet," "The TKIP [security] process begins with a 128-bit 'temporal key,' [which is] shared among clients and access points. TKIP combines the temporal key with the [client machine's] MAC address and then adds a relatively large 16-octet initialization vector to produce the key that will encrypt the data. This procedure ensures that each station uses different key streams to encrypt the data. TKIP uses RC4 to perform the encryption, which is the same as WEP. A major difference from WEP, however, is that TKIP changes temporal keys every 10,000 packets. This provides a dynamic distribution method that significantly enhances the security of the network."
The IP Smart Spoofing
This paper describe a new technique for spoofing an IP address with any networking application. IP spoofing is not new and various hacking tools have been developed to exploit it. In the following, we will discuss on the way to use it with any standard application. As a result, we will explain why IP based access control is not reliable in many cases, and should not be used in many corporate networks.
This paper describe a new technique for spoofing an IP address with any networking application. IP spoofing is not new and various hacking tools have been developed to exploit it. In the following, we will discuss on the way to use it with any standard application. As a result, we will explain why IP based access control is not reliable in many cases, and should not be used in many corporate networks.
Subscribe to:
Posts (Atom)
