There is a new page created on Facebook to keep updated of all new and important post. Join :
https://www.facebook.com/pages/pusheaxcom/373711796082900
========
pusheax.com
Content spoofing attack (Brother of Reflected XSS)!
Content spoofing is altering data/text of web pages. XSS uses <script> or any other JS (E.G: <script>alert(1)</script> whereas Content spoofing not. It can be using text or html code. A hacker can deface the page virtually. But not able to own the server/web.
Since there are two good explanation of this vulnerability so you better read there:
https://www.owasp.org/index.php/Content_Spoofing
http://projects.webappsec.org/w/page/13246917/Content%20Spoofing
Something like this:
https://www.owasp.org/index.php/Pusheax.com_is_a_independent_penetration_tester,_ethical_hacker_who_always_love_to_learn_new_things_and_share_knowledge.Knowledge_should_be_free_but_not_the_hard_work._There_is_nothing_perfect.
http://projects.webappsec.org/w/page/13246917/%28pusheax%20is%20a%20regular%20independent%20pentester%20,%20I%20love%20to%20learn%20new%20things,and??
It is not such a powerful to hack entire server or an website but sometime these kind of vulnerability is enough to make the users fool.
Since there are two good explanation of this vulnerability so you better read there:
https://www.owasp.org/index.php/Content_Spoofing
http://projects.webappsec.org/w/page/13246917/Content%20Spoofing
Something like this:
https://www.owasp.org/index.php/Pusheax.com_is_a_independent_penetration_tester,_ethical_hacker_who_always_love_to_learn_new_things_and_share_knowledge.Knowledge_should_be_free_but_not_the_hard_work._There_is_nothing_perfect.
http://projects.webappsec.org/w/page/13246917/%28pusheax%20is%20a%20regular%20independent%20pentester%20,%20I%20love%20to%20learn%20new%20things,and??
It is not such a powerful to hack entire server or an website but sometime these kind of vulnerability is enough to make the users fool.
(N)ASM LoadLibrary,GetProcAddress and MessageBox!
When i was reading shellcode writing tutorial The LoadLibrary and GetProcAddress was been just confused me. But it was really easy to understand in normal asm code. It was bit harder for me when i first tried to write a bit dynamic windows shellcode. So for understanding the dynamic dll loading in shellcode first i decide to learn to load the dll dynamically in normal (n)asm code and it was easy:
section .data
ldlibry dd 0
pro dd 0
dll db "user32.dll",0
myFtion db "MessageBoxA",0
MSG db "ASM GetProcAddress",0
extern _LoadLibraryA@4
extern _FreeLibrary@4
extern _GetProcAddress@8
extern _ExitProcess@4
global _start
section .text
_start:
push dll ;push user32.dll
call _LoadLibraryA@4 ;Call the API.
mov [ldlibry],eax ;eax hold return address. So eax=LoadLibrary("user32.dll") and now ldlibry=LoadLibrary("user32.dll")
;now we need to call GetProcAddress
push myFtion ;The API name we are going to call
push eax ;LoadLibrary("user32.dll")
call _GetProcAddress@8 ;GetProcAddress(LoadLibrary("user32.dll"),"MessageBoxA"). Again eax holding the return address
push 0x0 ;MB_OK
push MSG ;TITLE="ASM GetProcAddress"
push MSG ;Messgage="ASM GetProcAddress"
push 0 ;Reserved=0
call eax ;Call MessageBoxA through GetProcAddress.
push dword [ldlibry] ; ldlibry holding the LoadLibrary("user32.dll"). Again load to Free up.
call _FreeLibrary@4 ;Call the Windows api FreeLibrary()
;We should exit the process otherwise it may cause "access violation"
push 0 ;load 0 to stack
call _ExitProcess@4 ;Call ExitProcess
;Assembl:
;nasm -fwin32 ldlibrary.asm
;ld -o ldlibrary.exe ldlibrary.obj -lkernel32
Subscribe to:
Posts (Atom)