Garage4hackers

Twitter Wipe Address Book CSRF Vulnerability

Wed, 16 May 2012 12:59:00 -0500

I disclosed a CSRF vulnerability with Twitter, that could allow a malicious attacker to wipe the address book of an unsuspecting user. I reported the vulnerability in the beginning of March and they fixed it on the 22nd! I wouldn't want to comment on the process and internal business logic that they follow, but honestly that was a a pretty long period for them to come up with a fix.

Anyways, getting to the vulnerability, the issue was that a user could delete his own address book with a single click URL, which is alright as long as the user wishes to do so himself. However, with the server not verifying whether the request

Teensy USB HID for Penetration Testers - Part 3 - Programming sketches in Arduino

Thu, 26 Apr 2012 12:46:00 -0500

In previous post we saw very basic usage of Arduino Development Environment (ADE) and ran our Hello World using Teensy. Let's have a look at doing something more with Teensy and ADE.

You know that there are two bare minimum functions called setup and loop in a sketch. But there are many more functions which are very useful while programming complex sketches. Have a look at the below sketch, which opens up notepad and types "Hello World" in it.

Code:

   void setup()

    {

    delay(5000);

    Keyboard.set_modifier(MODIFIERKEY_RIGHT_GUI);

Network Architecture Review Checklist

Sun, 22 Apr 2012 06:45:00 -0500

The primary goal of the checklist is to make it useful and as a trusted guide for IT Auditors,Security Consultant in Network Architecture Review assignments.The checklist is drawn from numerous resources referred and my experience in network architecture reviews.Though the essentially doesn't essentially cover all elements of a network architecture review,I have tried to bring in aspects of the security element in a network architecture.Thanks to Punter & B0nd for their useful inputs.

I strongly believe there can be lot of controls which can fit into this checklist looking forward to your comments,criticism,contribution and suggestions to improve the Network Architecture Review Checklist
Please send your recommendations

Teensy USB HID for Penetration Testers - Part 2 - Basics of Arduino and Hello World

Fri, 13 Apr 2012 08:07:00 -0500

In the first post we installed Arduino Development Environment (ADE). Now lets have a look at basics of Programming Teensy using ADE

Make sure that proper board is selected from the menu. Then choose the correct device type

Attachment 335

In Arduino Development Environment (ADE), programming is done in a C type syntax. We have variables, methods, conditional operators and pointers etc. A program is called a sketch in ADE.

Now, let's have a look at sketches. A sketch must have a setup

HP DataProtector - Porting exploit to metasploit.

Tue, 10 Apr 2012 08:05:00 -0500

Nowadays, in almost all my penetration testing projects, HP dataprotector has been the most vulnerable software installed.
I thought of porting the same as a metasploit exploit module. Hence, I wrote exploit for Hp_dataprotector_cmdexec. I will try to describe my work step by step. The input for this was a working exploit-db code (HP Data Protector Remote Root Shell for Linux). The shell code when run normally will give a netcat shell.
So here I start up:
1. Took a standard metasploit module for arbitrary port scanner.
2. I started with making the adjustments in update_info () function and initializing parameters

MS11-046 exploit Code, Windows local Privilege Escalation .

Sun, 08 Apr 2012 07:05:00 -0500

There was a good article released by Joni on MS11-046 vulnerability based on a malware he analysed .
http://www.exploit-db.com/wp-content...docs/18712.pdf
So I taught of spending my staurday night building an exploit for this .

Windows not sure about Win 7 lets Mapping of 0x00000000 in user space, and this particular vulnerability windows fix [Ms011-46] was by adding a simple check for Null Pntr in the AFD.sys, which I find odd, so I assume Win 7 it would be possible too[#assuming ] .

There was no POC exploit available, so I just made a quick POC, well things

Teensy USB HID for Penetration Testers - Part 1 - Introduction and Arduino Install

Fri, 06 Apr 2012 05:42:00 -0500

Hi All,

This is my first post to Garage, please bear with mistakes. I will write a series of posts which will also be posted on my blog.

My first blog post after two back to back awesome conferences Black Hat Europe and Troopers. At Black Hat Europe I conducted a workshop called Teensy Programming for Everyone. The workshop was well recieved by most of the participants. But I found that many of them

Internal Attacks via IVR systems [ Security Vulnerabilities in IVR Applications]

Tue, 27 Mar 2012 23:20:00 -0500

Am putting down Demo videos along with few important slides form my BlackHat 2012 presentation .

My presentation were in HTML 5 and am putting down Demo Presentations here. I will upload the HTML5 presentation some were or you could download them form

https://media.blackhat.com/bh-eu-12/...urity-Tool.zip

For Better understanding about these demos go through the html 5 slides

Binary Analysis of Oracle Java CVE: 2012-0500 and Alternate Exploitation on Win|Linux

Tue, 13 Mar 2012 09:08:00 -0500

Main():

Java Webstart recently had critical security update in it's Webstart module Oracle Java Critical Patch Update - February 2012, that affects Firefox and IE, we will have few quick analysis of the vulnerable binary and few alternate ways to exploit them.

Little History and Introduction about the Bug:

Current bug is discovered and reported to Oracle by Vulnerability Research Team of TELUS

Gmail XSS vulnerability through Content Sniffing

Mon, 12 Mar 2012 09:16:00 -0500

Hi all,

a few months before i found this vulnerability which was reported to google and patched (Basically my way to google hall of fame).

Product: Gmail.com
Setup: Windows XP SP3 with IE 7.0 (Google Chrome frame installed)
Vulnerability: XSS possible using malicious Image as attachment(works for IE6/7)

Introduction:
The vulnerability was in www.gmail.com which can be used to send Emails. We can send images as attachments to any user. By creating malicious image file and attaching it to mail attacker can exploit this vulnerability