Results tagged “hacking” from Just Another Hacker

I am presenting at this months Ruxcon Monthly Meetup.

Date: Friday, 25th June
Time: 6:00PM
Location: RMIT University, City Campus
https://my.rmit.edu.au/portal/page/portal/RMITPortal/campusmaps?dsize=max
Room: Building 8, Level 9, Room 42 (008.09.042)

RMIT Building 8 entrance is off Swanston Street (just past Swanston and 
La Trobe). Please take the lift to Level 9 and make your way to Room 42. 
We will have directions posted up in the building.

Presentations
=============

Unsanitary Web Activities - Tim Noise (MovingData)

In the land of the internet, web developers are constantly rolling out 
new applications and letting them free into the Internet. Many with 
little knowledge or experience in security. They assume the users will 
provide data in a manner they expect. This talk will cover webapp 
security basics and commonplace attacks, showing you the effect this 
oversight can have, and how to prevent it.

Pownage Coquillage: Real World Tales From The Trenches - Sash Biskup  
(Stratsec)

In this talk the presenter will discuss various security incidents he 
has been involved in during the course of his career.  Starting with old 
school bof through to modern day malware and blackmail.  This isn't a 
deep technical analysis of each incident but an overview of the 
charateristics of each of the attacks and what the repurcussions were to 
the organisation or individual.

Static analysis with Graudit - Eldar Marcussen

Graudit is a rough audit tool, that can be used to find vulnerabilities 
in source code (C, ASP, .NET, JSP, PHP, Perl and Python). In this 
presentation I will show how to get the most out of graudit.

In the spirit of openness the Apache foundation has released an excellent post mortem write up of their recent compromise. It started with a XSS attack leveraged through the issue tracking software they use (JIRA) and ended with complete root access on one server, limited access to another and a number of passwords compromised.

Read the entire story at https://blogs.apache.org/infra/entry/apache_org_04_09_2010

My favourite con is back! Ruxcon 2010 will be held in Melbourne (FOR TEH WIN!) at RMIT campus on December 4 & 5. The call for paper is out, deadline for submissions is 30th of July.

Please see http://www.ruxcon.org.au for more details.

With smpCTF looming I thought I would link to these excellent "post mortems" from
CCDC 2010 and Reiners exploiting past sql filters, something we have seen in the last two codegate and owaspeu10 challenges...
CCDC 2010 - Part1
CCDC 2010 - Part 2
Reiners - Exploitiing hard filtered sql injection article

smp Capture The Flag (CTF), 2010 Hacker Olympics, is a contest designed by "hackers" and "security enthusiasts" for the like to battle it out against each other over a highly sugar induced weekend. In the smpCTF Hacker Olympics teams and individuals are put up against other teams from around the globe in the same environment with the same objectives and a mission to accomplish.

Do you have what it takes to compete...?

More details at http://www.smpctf.com/ dates and times have not yet been decided.

Robert Hansen is at it again. This time he has produced a very simple exploit that will steal passwords that are stored (remembered) in the browser.The code is very simple and works a treat for Firefox.

I would recommend this over the usual XSS alert boxes the next time you are demoing cross site scripting. Try it out at http://ha.ckers.org/weird/xss-password-manager.html. I haven't tried it in any browsers besides firefox, but even if you can't read it straight out of the DOM, you could always rewrite the form action url or even hook the onsubmit call to send the username and password to a destination of your choosing.

I had some spare time, so I created a little game. I've called it security roulette. The object is to find as many web application security flaws as you can in a given number of websites in a limited timeframe.The number of websites is determined by google and the time limit is self imposed or agreed to if you are challenging someone.

I wrote a quick mashup to help you play. The scorecard could probably use some tweaking. My suggested house rule is "no browser plugins or third party applications allowed".

Security roulette is a simple game I have made up, the instructions are provided once you start. Use the form below to get started.

For my second wintereenmas article I look at game hacking through number theory. This is a huge subject, even without hacking, but I focused on two of the most common techniques that I have been able put to extensive use. You can read the full article here.

In most games there is a fair amount of mathematics involved. It may not always seem that way, but the numbers are there, you just have to find them. Now you don't have to be a mathematics expert to take advantage of numbers theory to cheat or win at games. Quite often you only need a single advantage to take you to the winning side. Although some of this will be applicable to board games, or MMORPS I am basing this article around browser based games. To illustrate I will use a fictional rpg game where I play an angry axe wielding barbarian. Lets call it browsercraft...

Negative numbers

Using negative numbers is the easiest way to gain an advantage in a game. It is based on the idea that subtracting a negative number from the product will add the subtraction to the product. Case in point: 2 - -2 = 4. The easiest way to abuse this in a game is to use a buy/sell screen. Most games have a buy/sell feature, although not all are susceptible to negative numbers.

In my fictional game I started out as you do in most games with little money or equipment. My 100 starting coins could only buy me a single healing potion. How boring is that? Luckily the game developers aren't familiar with negative numbers so the first thing I did was buy -1000 potions at 100 coins each. BAM! now I have 100100 coins (100 -(-1000*100)). Enough to buy all the top gear right off the bat.

Decimal points

The abuse of decimals is based around the fact that most games deal in complete numbers (integers) and most calculations performed result in decimal numbers (floating point). Sometimes you will be able to combine multiple decimals to tip the total over, other times you can use decimals to reap the rewards from the magic space between integers. I will give you a simple example:

Cash exchange
In "browsercraft" you can exchange gems for coins. However as you can only possess whole gems the calculation turns your number of gems sold into an integer (discarding decimal points) whilst the gems to coins conversion does not. So after an adventure my barbarian has 5 gems in his possession, each gem can be exchanged for 100 coins each. However, my barbarian will be using decimal points to extract more than the 500 coins it would normally exchange for. When asked how many gems to exchange I enter 0.9 as the amount of gems to exchange. This converts to 0.9 * 100 = 90 coins while subtracting 0 gems from my inventory (the .9 is discarded). Free cash!

There are also several other number techniques that are valuable when playing games. With or without being cheats. If there is enough interest I will write a follow up post where I cover techniques such as:

• Overflows
• Underruns
• Reverse engineering formulas
• Optimal paths