«
Expand/Collapse
20 items tagged "order"
Related tags:
hacks [+],
denial of service [+],
xt commerce [+],
xen [+],
vulnerability [+],
swf player [+],
sql [+],
player [+],
flash [+],
extent [+],
commerce [+],
code execution [+],
arbitrary users [+],
adobe flash player [+],
working in china [+],
wire [+],
while [+],
welding equipment [+],
weights [+],
vulnerabilities [+],
type mismatch [+],
tag [+],
symlink [+],
surface mount [+],
stretch bike [+],
stephen hobley [+],
service vulnerability [+],
security management products [+],
sean barnum [+],
robots [+],
resistors [+],
resistor values [+],
resistor [+],
pic 16f628 [+],
phillip torrone [+],
pendulum clock [+],
pendulum [+],
passive network [+],
nick johnson [+],
news [+],
msp [+],
misc [+],
mike [+],
microcontrollers [+],
meterpreter [+],
memory [+],
mandarin chinese [+],
mandarin [+],
libtiff [+],
lawnmower [+],
green [+],
few days [+],
extra step [+],
exploitation activities [+],
exercise machines [+],
exercise bike [+],
exercise [+],
everything [+],
enemies [+],
electricity [+],
eeprom [+],
drive crash [+],
drive [+],
david kerb [+],
cve [+],
colin ames [+],
code [+],
clock [+],
classic [+],
china [+],
cargo transport [+],
board electronics [+],
black hat [+],
bike [+],
barnum [+],
attack patterns [+],
attack [+]
-
-
14:32
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability found in Adobe Flash Player's Flash10u.ocx component. When processing a MP4 file (specifically the Sequence Parameter Set), Flash will see if pic_order_cnt_type is equal to 1, which sets the num_ref_frames_in_pic_order_cnt_cycle field, and then blindly copies data in offset_for_ref_frame on the stack, which allows arbitrary remote code execution under the context of the user. Numerous reports also indicate that this vulnerability has been exploited in the wild. Please note that the exploit requires a SWF media player in order to trigger the bug, which currently isn't included in the framework. However, software such as Longtail SWF Player is free for non-commercial use, and is easily obtainable.
-
14:32
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability found in Adobe Flash Player's Flash10u.ocx component. When processing a MP4 file (specifically the Sequence Parameter Set), Flash will see if pic_order_cnt_type is equal to 1, which sets the num_ref_frames_in_pic_order_cnt_cycle field, and then blindly copies data in offset_for_ref_frame on the stack, which allows arbitrary remote code execution under the context of the user. Numerous reports also indicate that this vulnerability has been exploited in the wild. Please note that the exploit requires a SWF media player in order to trigger the bug, which currently isn't included in the framework. However, software such as Longtail SWF Player is free for non-commercial use, and is easily obtainable.
-
14:32
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability found in Adobe Flash Player's Flash10u.ocx component. When processing a MP4 file (specifically the Sequence Parameter Set), Flash will see if pic_order_cnt_type is equal to 1, which sets the num_ref_frames_in_pic_order_cnt_cycle field, and then blindly copies data in offset_for_ref_frame on the stack, which allows arbitrary remote code execution under the context of the user. Numerous reports also indicate that this vulnerability has been exploited in the wild. Please note that the exploit requires a SWF media player in order to trigger the bug, which currently isn't included in the framework. However, software such as Longtail SWF Player is free for non-commercial use, and is easily obtainable.
-
-
10:01
»
Hack a Day
A hard drive crash, and some other happenings that aren’t entirely clear to us, led [Devbisme] to put in a parts order. As he wanted to make the most of his shipping costs, he decided to fill out the order with parts that he’ll use eventually. He’s been working with surface mount designs and wanted [...]
-
-
10:18
»
Hack a Day
A while ago when he was working in China, [Phillip Torrone] started learning Mandarin Chinese in order to help him communicate more efficiently with his peers. Unfortunately, once he returned to the US, he slowly started forgetting most of what he had learned. He recently wrote a piece over at Make: explaining why he’s attempting [...]
-
-
12:01
»
Hack a Day
[Stephen Hobley] has been experimenting with an electromagnetic pendulum in order to build himself a clock. Through the course of his experiments, he has learned quite a bit about how pendulums function as well as the best way to keep one moving without the need for chains and weights, which are typically associated with these [...]
-
-
8:22
»
Packet Storm Security Exploits
xt:Commerce 3 suffers from a second order SQL injection vulnerability that can be leveraged to reset passwords of arbitrary users and administrators.
-
8:22
»
Packet Storm Security Recent Files
xt:Commerce 3 suffers from a second order SQL injection vulnerability that can be leveraged to reset passwords of arbitrary users and administrators.
-
8:22
»
Packet Storm Security Misc. Files
xt:Commerce 3 suffers from a second order SQL injection vulnerability that can be leveraged to reset passwords of arbitrary users and administrators.
-
-
11:00
»
Hack a Day
Many exercise machines generate electricity as you pedal or climb in order to run the on-board electronics. Unfortunately if you stop or even slow down too much the juice will die and your exercise program will reset. Wanting to improve on this gotcha, [Mike] cracked open his exercise bike and added some super capacitors. On [...]
-
-
8:00
»
Hack a Day
I took a little time to look into porting code written for AVR in order to run it on the MSP430 architecture. It’s easier than you think, being mostly small differences like an extra step to enable pull-up resistors. But there is a lot to be learned in order to transition away from using EEPROM. Since [...]
-
-
12:00
»
Hack a Day
[MC] realized he had forgotten about an order for 2000 cut wires that was now due in a few days. Rather than dropping everything to complete the task, he whipped up this machine to cut the wires for him. A PIC 16F628 board drives a couple of battery-powered drill motors. One of them powers two lawnmower [...]
-
-
8:46
»
Hack a Day
This long bike is built for haulin’. After needing to find a truck to transport his welding equipment (ironically in order to build another bike) [Nick Johnson] decided it was time to make a two-wheeled cargo transport. He extended the frame in order to add a cradle in the front. Eventually there will be sides [...]
-
-
1:25
»
SecDocs
Authors:
Colin Ames David Kerb Tags:
Metasploit meterpreter Event:
Black Hat DC 2010 Abstract: A crucial step in post-exploitation technology is memory manipulation. Metasploit's Meterpreter provides a robust platform and API on which to build memory exploitation tools to assist the attacker in post-exploitation tasks. This talk will cover several examples of memory manipulation using meterpreter and introduce an extension to aid post-exploitation activities. We will demonstrate the extraction of unique process memory to analyze for valuable information such as passwords. We will also demonstrate the injection of utilities into a processes memory in order to alter execution flow to provide new "features" like Putty Hijack. Another example that will be covered is interacting with the lsass process memory in order to steal windows session hashes required for pass the hash. Finally we will discuss the use of meterpreter to patch process memory in order to introduce vulnerabilities which can be leveraged for things such as persistence. Another form of "memory" is the knowledge a host has about its network environment. This presentation will discuss the utilization of a meterpreter extension to automate and facilitate passive network reconnaissance over time, allowing for smart network data acquisition and analysis.