Section: .. / papers / bypass /
| /// File Name: |
0x00_vs_ASP_File_Uploads.pdf |
Description:
|
White paper covering the topic of upload systems written in ASP. Many upload systems written in ASP suffer from a common problem whereby a NULL byte can be inserted into the filename parameter leading to any extension, after the null byte, being ignored when writing the file. This means that in some cases it is possible to bypass checks for valid extensions, even if one is appended by the application.
| | Author: | Brett Moore SA | | Homepage: | http://www.security-assessment.com | | File Size: | 139745 | | Last Modified: | Jul 13 08:52:00 2004 |
| MD5 Checksum: | cad2ad76c53cad21e6285f854026b213 |
|
| /// File Name: |
aslr-bypass.txt |
Description:
|
Whitepaper discussing an ASLR bypassing methodology on the Linux 2.6.17/20 kernel.
| | Author: | sorrow | | Homepage: | http://fhm.noblogs.org/ | | File Size: | 10023 | | Last Modified: | Sep 5 11:36:02 2008 |
| MD5 Checksum: | 69eac3945ce943b762c014d7d22bb2ba |
|
| /// File Name: |
Blind_XPath_Injection_20040518.pdf |
Description:
|
This paper describes a Blind XPath Injection attack that enables an attacker to extract a complete XML document used for XPath querying, without prior knowledge of the XPath query.
| | Author: | Amit Klein | | Homepage: | http://www.sanctuminc.com | | File Size: | 46391 | | Last Modified: | May 19 21:03:40 2004 |
| MD5 Checksum: | e7b01772daac419ef8451d1e2780969c |
|
| /// File Name: |
BluezHCIDpwned.txt |
Description:
|
Document that outlines an exploitable scenario for hcid using the popen() bug in security.c. This was written in response to a claim that the bluez vulnerability was quite trivial.
| | Author: | Kevin Finisterre | | File Size: | 6517 | | Last Modified: | Aug 18 03:48:10 2005 |
| MD5 Checksum: | b72ff079514eeeedc49d026f205fb05b |
|
| /// File Name: |
bypassEPA.pdf |
Description:
|
Article discussing how to bypass the Execution Path Analysis used by the PatchFinder utility, avoiding Windows 2k/XP rootkit detection.
| | Author: | Edgar Barbosa | | File Size: | 108266 | | Last Modified: | Feb 16 15:09:00 2004 |
| MD5 Checksum: | 1b7c12d5a2c92ff9de2469db1560d07a |
|
| /// File Name: |
bypassing-win-heap-protections.pdf |
Description:
|
Whitepaper detailing a new way to bypass Microsoft Windows heap protection mechanisms. The methodology explained here is different from the method introduced by Alexander Anisimov.
| | Author: | Nicolas Falliere | | File Size: | 89925 | | Last Modified: | Aug 17 02:58:28 2005 |
| MD5 Checksum: | bbe8f8d36f5ad8e3f1c34915ce9660aa |
|
| /// File Name: |
Bypassing_NAC_Solutions_Whitepaper...> |
Description:
|
Bypassing network access control (NAC) systems - This whitepaper examines the different strategies used to provide network access controls. The flaws associated with the different network access control (NAC) solutions are also presented. These flaws allow the complete bypass of each and every NAC mechanism currently offered on the market.
| | Author: | Ofir Arkin | | Homepage: | http://www.insightix.com/resources/whitepapers/bypassing.aspx | | File Size: | 889707 | | Last Modified: | Sep 26 19:28:58 2006 |
| MD5 Checksum: | 7d510a73435ecac3bb94797d2379039f |
|
| /// File Name: |
bypassScript.txt |
Description:
|
Whitepaper discussing the bypassing of script filter with variable-width encodings.
| | Author: | Cheng Peng Su | | File Size: | 7104 | | Last Modified: | Aug 18 01:34:51 2006 |
| MD5 Checksum: | d6ee6506d4d8e6e0d0032a49e253c3a6 |
|
| /// File Name: |
Cisco_IOS_Exploitation_Techniques.p..> |
Description:
|
It has been more than a year since Michael Lynn first demonstrated a reliable code execution exploit on Cisco IOS at Black Hat 2005. Although his presentation received a lot of media coverage in the security community, very little is known about the attack and the technical details surrounding the IOS check_heaps() vulnerability. This paper is a result of research carried out by IRM to analyze and understand the check_heaps() attack and its impact on similar embedded devices.
| | Author: | Gyan Chawdhary | | Homepage: | http://www.irmplc.com/ | | File Size: | 596924 | | Last Modified: | Jun 27 20:28:17 2007 |
| MD5 Checksum: | de1e5098e579eb286a1dbc30729d80a5 |
|
| /// File Name: |
Creating_Backdoors_in_Cisco_IOS_usi..> |
Description:
|
This short technical briefing describes a technique using Tcl to create a backdoor within IOS that would allow a remote attacker to execute privileged commands on a networking device.
| | Author: | Andy Davis - IRMPLC | | Homepage: | http://www.irmplc.com/ | | File Size: | 538499 | | Last Modified: | Nov 27 22:35:11 2007 |
| MD5 Checksum: | c36b7968fecc31dca537fcdf4e5975d8 |
|
| /// File Name: |
defeating-xpsp2-heap-protection.pdf |
Description:
|
The MaxPatrol team has discovered that it is possible to defeat Microsoft Windows XP SP2 heap protection and data execution prevention mechanisms. Full analysis with code provided.
| | Author: | Alexander Anisimov | | Homepage: | http://www.ptsecurity.com/ | | File Size: | 91734 | | Last Modified: | Jan 29 03:27:55 2005 |
| MD5 Checksum: | acfd948da84a412b6743310864395ea6 |
|
| /// File Name: |
exploiting-rpc.pdf |
Description:
|
Paper describing how to reuse dumped portmapper data on one machine in order to still make use of rpc services on a remote machine without portmapper being exposed.
| | Author: | David Routin | | File Size: | 465941 | | Last Modified: | Apr 19 01:03:21 2007 |
| MD5 Checksum: | 5f99244bffdda5a0293024b78fe24c9d |
|
| /// File Name: |
Forge-Amit.txt |
Description:
|
Whitepaper titled "Forging HTTP Request Headers With Flash".
| | Author: | Amit Klein | | File Size: | 14839 | | Last Modified: | Jul 26 04:03:46 2006 |
| MD5 Checksum: | 6b97464da5cf5a4ea42215c97ec35944 |
|
| /// File Name: |
GOT_Hijack.txt |
Description:
|
This short paper discusses the method of overwriting a pointer used in a function for the sake of overwriting the associated entry in the Global Offset Table (GOT) which in turn allows for execution flow redirection.
| | Author: | c0ntex | | Homepage: | http://www.open-security.org | | File Size: | 16696 | | Last Modified: | Aug 28 15:59:30 2005 |
| MD5 Checksum: | ffbeb2e8b0768454f781f66654e95478 |
|
| /// File Name: |
HeaderFlash.txt |
Description:
|
Formal write up discussing how arbitrary HTTP requests can be crafted using Flash 7/8 with Internet Explorer.
| | Author: | Amit Klein | | File Size: | 3041 | | Last Modified: | Aug 27 13:50:03 2006 |
| MD5 Checksum: | 211b836130d25cc1e62f50c3f63cdcdb |
|
| /// File Name: |
HostFingerprinting.pdf |
Description:
|
Host Fingerprinting and Firewalking With hping - This paper discusses some of the techniques that can be effectively used in host fingerprinting, especially when a host is behind a firewall. Various tools are discussed with hping as a primary focus.
| | Author: | Naveed Afzal | | File Size: | 46668 | | Last Modified: | Nov 30 13:37:55 2005 |
| MD5 Checksum: | 3e2bea990221c86fe51e24c4388388c4 |
|
| /// File Name: |
httpsplit.txt |
Description:
|
This technical note describes a detection/prevention technique that works in many cases both with HTTP Response Splitting and with HTTP Request Smuggling.
| | Author: | Amit Klein | | File Size: | 10124 | | Last Modified: | Aug 17 02:30:51 2005 |
| MD5 Checksum: | 6dd02db0137701d3c42986ed49b1c661 |
|
| /// File Name: |
ids_evasion_oracle_sqlnet.pdf |
Description:
|
Write up discussing Oracle database IDS evasion techniques for SQL*Net.
| | Author: | Joxean Koret | | File Size: | 143377 | | Last Modified: | Aug 27 19:40:24 2006 |
| MD5 Checksum: | d59cda5242ec3439f74c6f7b13fb69ad |
|
| /// File Name: |
javascriptFun.txt |
Description:
|
This tutorial is an overview of how javascript can be used to bypass html forms and how it can be used to override cookie/session authentication.
| | Author: | Dr_aMado | | File Size: | 8733 | | Last Modified: | May 7 04:57:10 2005 |
| MD5 Checksum: | 9dff177e25d94281c9a2dab498241834 |
|
| /// File Name: |
keylog.txt |
Description:
|
Small white paper regarding keyloggers and basic circumvention.
| | Author: | priestmaster | | Homepage: | http://www.priestmaster.org | | File Size: | 2368 | | Last Modified: | Sep 9 23:58:10 2004 |
| MD5 Checksum: | c57a57587c61465fbe82503b216368b8 |
|
| /// File Name: |
lkbackdoor.tar.gz |
Description:
|
Small paper describing how to add a quick backdoor into the setuid code for the Linux 2.4 kernel series.
| | Author: | Michal Stys | | File Size: | 1120 | | Last Modified: | Nov 12 19:06:53 2004 |
| MD5 Checksum: | 74bad9990e8c7f8f46b2aeeeb4e5d543 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
