Showing posts tagged #security

Return Home

Today I came across this post that states that it is not possible to get a hard-coded password out of a binary by using the strings command.
But a while back I also remember reading another article saying that it is indeed possible.

So, is it?

I grabbed the code from the linked article, compiled it and executed strings on the binary only to get the same results as the original author.

$ strings pass
/lib64/ld-linux-x86-64.so.2
libc.so.6
exit
strncmp
puts
printf
strlen
__libc_start_main
__gmon_start__
GLIBC_2.2.5
yomaf <---
AWAVA
AUATL

Read More

Amongst all the files captured in my honeypot all had a common thing: they were executables. All but one. A single lonely C source file. Naturally, this caught my attention, so I decided to read the source code.

After all, it was a rudimentary port scanner by someone going by the alias of Lupu to scan B-class networks. What really got my attention was this line of code:

strcpy(argv[0],"/bin/bash");

That... can not work, right? I mean, is really Linux going to report my process as being the obviously innocuous bash shell just because I

Read More

If you want to have a look of what's been downloaded in my honeypot over these months you can now.
In this period of time over 15.000 files have been downloaded, the majority of them being empty files due to bad redirects or malware servers being down. After cleaning up the empty files I'm left with 215, which are available for download here.
The site is password protected but if you want in you can contact me using the contact form found in my landing page or drop a comment below.

I am not responsible for whatever you may

Read More

Notice: This post does not endorse piracy. It's purpose is merely educational. Decompiling and cracking software is illegal in most cases.

OS X native software is written in Objective-C, a superset of C which is not very hard to hack away. In this post I will try to demonstrate the basics of reverse engineering in said platform.

The goal

Sublime Pop Up

Our goal will be to stop the annoying Sublime Text pop-up from reminding you to buy a license each now and then (but you totally should if you are going to use it). I will be using Sublime Text latest build

Read More

The Ruby on Rails framework provides a pretty good built-in filter for SQL injection if you use ActiveRecord methods such as find or find_by.
But that does not mean you can carelessly throw parameters to an ActiveRecord method as the methods that take an SQL fragment are still vulnerable to SQLi by default.

For example, I came across these lines in a production environment:

def some_controller_method
  MyModel.all.order("#{sort_column} #{sort_direction}")
end

private

def sort_column
  params[:sort] ? params[:sort] : 'created_at'
end

As you can see the sort parameter is being interpolated

Read More