Showing posts from April, 2013

Turn Android Emulator into a Pwnage Weapon

Today, we’re going to look at a scenario where the Android Emulator can be re-purposed as an exploitation tool. Specifically, we will look at attacks that involve cloning an application and user data from a stolen Android phone onto a computer running the Android emulator. An attacker that does this will be able to use the application as if they were the user. They would also be able to return the phone to the user before the target becomes aware of the compromise.
A natural defense to this sort of attack would be to have the application verify what device is running it before giving the user access. The application would only be allowed to run on a device registered with the user’s account. A natural defense against this kind of attack would be to have the application verify the device and to run only on a device registered with the user’s account.
We will demonstrate a new tool that repurposes the Android emulator to give false device information in order to subvert suc…

Transparent Computer Prototype Interface

Computers have pretty much stayed the same since the visual user interface was introduced. It was a huge success when it was first released, and we’re still using upgraded versions of it today. But is there really no other concept of interacting with our computers than what we are using today? I mean, the keyboard and the mouse (and of course the WYSIWYG user interface) is good and all, but maybe a transparent computer could replace our now dated ways of interacting with computers. We have seen conceptual prototypes of transparent displays at conventions before, but not as a complete interaction solution. This transparent computer (and I don’t mean the actual computer here) is a pretty neat project that if further developed could come to change how we interact with computers in general. The system, dubbed the SpaceTop 3D Desktop Computer, works in several dimensions at once. Its purpose is to give the user new ways to manipulate, navigate and interact with what’s on the screen. With c…

Send Emails From Terminal Using Gmail

Note: I’ve tested these steps on Ubuntu 12.04 and Fedora 16.
Security certificate
Before proceeding, we need Gmail’s security certificate on our system. Why? Gmail sends encrypted data over SSL (Secure Sockets Layer) for security; this certificate is necessary for encryption of data.
Ideally, you should have the file Equifax_Secure_CA.crt under /usr/share/ca-certificates/mozilla/. If you do, you’re ready to move on.
SSL Certificate
We want to connect to Google securely which means you'll need the latest SSL certificates. To get those, use the openssl client onyour machine. Run:
openssl s_client -connect -showcerts which should show two blocks of
-----BEGINCERTIFICATE-----...-----ENDCERTIFICATE----- in the output. You'll want to take each block (including the BEGIN/END CERTIFICATE lines), and put each of them into their own file. I put the first one in a file gmail.crt and the second one in the file google.crt (since the first signs which …

Top five Web security assessment tools

Scanning websites is an entirely different ballgame from network scans. In the case of websites, the scope of the scan ranges from Layer 2 to 7, considering the intrusiveness of the latest vulnerabilities. The correct approach for scanning websites starts from Web-level access, right up to scanning all backend components such as databases. While most Web security scanners are automated, there could be a need for manual scripting, based on the situation.
Nikto Let’s start with this tool because of its feature set. This open source tool is widely used to scan websites, mainly because it supports HTTP and HTTPS, and also provides findings in an interactive fashion. Nikto can crawl a website just the way a human would, and that too in the least amount of time. It uses a technique called mutation, whereby it creates combinations of various HTTP tests together to form an attack, based on the Web server configuration and the hosted code.
Thus, it finds critical loopholes such a…

Prevent a fork bomb by limiting user process

 fork bomb is a denial-of-service attack whereby a process continually replicates itself to deplete available system resources. It can be prevented by limiting user processes.  Limiting user processes is important for running a stable system. To limit user process just add user name or group or all users to /etc/security/limits.conf file and impose process limitations. Understanding /etc/security/limits.conf file
<domain> can be:an user name a group name, with @group syntaxthe wildcard *, for default entrythe wildcard %, can be also used with %group syntax, for maxlogin limit<type> can have the two values:"soft" for enforcing the soft limits"hard" for enforcing hard limits<item> can be one of the following:core - limits the core file size (KB)<value> can be one of the following:core - limits the core file size (KB)data - max data size (KB)fsize - maximum filesize (KB)memlock - max locked-in-memory address space (KB)nofile - max number of op…

Defusing Fork Bomb

Due to their nature, fork bombs can be difficult to stop once started. Stopping a fork bomb from reproducing further requires the termination of all running copies, which can be difficult to achieve. One problem faced is that a separate program to terminate the fork bomb cannot execute if the process table is fully saturated. The second major problem is that in the time taken between finding the processes to terminate and actually terminating them, more may have been created.
Some fork bombs can be stopped relatively easily. Consider the shell fork bomb:
:(){ :|: &};: By replacing the function identifier and re-indenting, the code reads:
bomb(){ bomb | bomb &}; bomb The fork bomb in this case is a recursive function that runs in the background, thanks to the ampersand operator. This ensures that the child process does not die and keeps forking new copies of the function, consuming system resources.
One important "feature" in this computer code means that …

In-Depth understanding fork() Bomb ~ :(){ :|:& };:

Can you explain the following bash code or bash fork() bomb?

:(){ :|:& };:
The fork bomb is a form of denial-of-service (DoS) attack against a Linux based system. It makes use of the fork operation.
:(){ :|:& };: is nothing but a bash function. This function get executed recursively. It is often used by sys admin to test user process limitations. Linux process limits can be configured via /etc/security/limits.conf and PAM.
Once a successful fork bomb has been activated in a system it may not be possible to resume normal operation without rebooting the system as the only solution to a fork bomb is to destroy all instances of it.
WARNING! These examples may crash your computer if executed. Understanding :(){ :|:& };: fork() bomb code:() - Defined the function called :. This function accepts no arguments. The syntax for bash function is as follows:
foo(){arg1=$1arg2=$2echo'Bar..'#do_something on $arg argument}fork() bomb is defined as follows:
:(){ :|:& };:
:|: -…