So, we have written an article about PHP Command Injection (Applies to other platforms too, we just covered PHP).
Read it here! PHP Command Injection - Insecurety Research
More to come...
~Insecurety Research Team.
Showing posts with label ownage. Show all posts
Showing posts with label ownage. Show all posts
Thursday, 15 March 2012
Tuesday, 14 February 2012
POST-it DoS
So. Got bored waiting for a lecturer who showed up late, and decided to add some shit to POST-it DoS while working on code for RailGun.
I added a massive list of Useragents (like 70k of em or something, its big...), randomize-useragent-from-list function, and a rather epic random junk generator for the POST data instead of using just a big load of X's.
So now it hits a bit harder (actual random junk) and may even defeat some failures of IDS/IPS... until the target box dies, that is.
It KIND OF implements a SlowLoris attack of kinds too, just to make it even more awesome.
Check it out here --> POST-it DoS and as always, use SVN to get it :)
I added a massive list of Useragents (like 70k of em or something, its big...), randomize-useragent-from-list function, and a rather epic random junk generator for the POST data instead of using just a big load of X's.
So now it hits a bit harder (actual random junk) and may even defeat some failures of IDS/IPS... until the target box dies, that is.
It KIND OF implements a SlowLoris attack of kinds too, just to make it even more awesome.
Check it out here --> POST-it DoS and as always, use SVN to get it :)
Sunday, 29 January 2012
New Linux Local Root Exploit in the wild
Just a quick post, plan to test this in a VM later and make a video for all to see... (if I remember!)
http://git.zx2c4.com/CVE-2012-0056/plain/mempodipper.c
Very interesting technique!
Play safe...
http://git.zx2c4.com/CVE-2012-0056/plain/mempodipper.c
Very interesting technique!
Play safe...
Subscribe to:
Posts (Atom)