localh0t security blog
echo "127.0.0.1 localh0t.com.ar" >> /etc/hosts
27 sept 2012
10 jun 2012
backfuzz v0.3 released
Hey guys, just announcing that v0.3 came out, new changes are:
(*) Added the ability to use different type of patterns while fuzzing (Cyclic | CyclicExtended | Single | Format-String).
(*) Removed a lot of un-useful parameters and use global variables instead.
(*) Minor Help Screen improvements.
Help Screen:
Example with CyclicExtended:
Download:
https://github.com/localh0t/backfuzz
(*) Added the ability to use different type of patterns while fuzzing (Cyclic | CyclicExtended | Single | Format-String).
(*) Removed a lot of un-useful parameters and use global variables instead.
(*) Minor Help Screen improvements.
Help Screen:
Example with CyclicExtended:
Download:
https://github.com/localh0t/backfuzz
14 abr 2012
Wordpress Plugin: Email Before Download <=3.16 Remote Blind SQL Injection
Etiquetas:
email before download,
injection,
plugin,
sql,
wordpress
8 abr 2012
30 mar 2012
Bypassing tolower() filters in buffer overflows
This whitepaper goes into detail on how to bypass tolower() filters in buffer overflows. It uses a stack-based buffer overflow as an example but the technique can also be applied to heap overflows as well.
Hope you guys enjoy it :).
23 mar 2012
Website Pro <= 3.1.13.0 "Referer:" Remote Buffer Overflow PoC
The crash occurs when the application tries to write ECX (0x00000000) into the address that contains EAX (we control EAX) (0xBAADBEEF) . Possible explotable, not tested yet.
SHODAN Dork: "Server: Website/3.1"
Link: http://www.1337day.com/exploits/17806
12 mar 2012
backfuzz - protocol fuzzing toolkit
Well, after a while I am releasing this simple fuzzer.
Crash reached (FTP):
Crash reached (HTTP):
File Fuzzing:
File Fuzzing (Files):
You can use this basically to fuzz different protocols (FTP, HTTP, IMAP, etc) but also has no-protocol plug-ins (Example: File Fuzzer).
The general idea is that this script has several functions already predefined in the file "functions.py", so whoever wanna write his own plugin's (for another protocol) in a few lines and add it to the script can do so.
I know the code is still in beta and requires a lot of work to get better, so any questions / suggestions / criticism / comment is welcome.
Screenshots:
Help Menu:
Crash reached (FTP):
Crash reached (HTTP):
File Fuzzing:
File Fuzzing (Files):
GitHub page:
Installation:
Suscribirse a:
Entradas (Atom)