Government Security
Network Security Resources

Jump to content

What Is The Best Way To 'hack'?

- - - - - security windows buffer overflow hacking dns sql injection trojan java php sql
  • Please log in to reply
2 replies to this topic

#1 Guest_uncle777_*

Guest_uncle777_*
  • Guests

Posted 08 April 2011 - 02:07 PM

It may too general and vague question, but are some methods better than others? Here are my (sceptical...) comments on some known methods:

SQL injection:
problems: Forget it when it comes to php, i am even lazy now to explain "why". Also, forget it on most 'above average level' websites - that is...it would only work on a asp.net/java website designed by some total newbie.
While there's a chance that you can hack something serious - it's as probable as hitting the jackpot of the Omaha state lottery.

Buffer overlow:
The Jimmy Hendrix of hacking! I mean...it's definetly a classic and definetly something you shouldn't be so excited about these days...the reasons here are again far too many to mention them.

Trojans:
Not so much fun with improved security in windows 7...also people are way too cautious these days when they're approached to open an exe

Directory traversal:
too easy and naive.

XSS:
see trojans above ^

Dangling pointer, heap overflow:
see buffer overflow above.

So what else? DNS poisoning? social engineering? google hacking? etc?

10x!

#2 infiltrator

infiltrator

    Staff Sergeant

  • Sergeant Major
  • 421 posts

Posted 08 April 2011 - 06:45 PM

Embedding a reverse shell in a PDF document, is another way to infiltrate into a system. The only downside is that, the end user will have to open the PDF document.
Some users may feel inclined to do so, so there's always the human exploitation factor, and that's where social engineering can become useful.

#3 Edu

Edu

    First Sergeant

  • Members
  • 2,269 posts

Posted 09 April 2011 - 07:54 AM

when we talk about client computers / home users running Windows...well forget about those vulns which all you need to know is the target IP address to exploit a remote vuln and gain access. why ?

The main reason is that most ISPs nowadays block the access ports which basicly are :

135,139,445. There may be some others, but these are the main ones.

Some ISPs provide connection protection in their side to users, blocking incoming connections on all ports. that means you would need to hack the ISP server and change settings for the IP address of your target.

If the target has only some ports blocked by ISP, something that could be useful (on Windows OS) is eg. a vulnerability in the firewall upon reading/filtering incoming packets, or in the TCP/IP driver. Needless to say the dificulty level to achieve reliable code execution in this situation could be relatively high.

So yeah the best way is exploiting a vuln in a popular application such as :

- Text Editors/Processors
- Media Players
- Web browser

In the above scenarios all a user would have to do is opening a specially crafted file or click a link to a webpage. In the case of clicking a link, well it is the same as opening an HTML document.
You do need a bit of social engeneering. But some types of files such as images and popular documents (Word doc, PDF, RTF...) are quite easy to convince people into opening them.

The old vulns you mention...BOF, XSS, SQL injection, Trojan etc... can still be useful, but obviously you need to bypass the security measures of today to prevent them. They will likely take place both server and client side so take your chalenge :P
http://www.secumania.net - Secumania security blog.


Embed any executable in a JPEG image and get it to run upon opening the image with this cool tool that abuses a feature of GDI in Windows systems. for governmentsecurity.org members only! click here to get it!





Also tagged with one or more of these keywords: security, windows, buffer overflow, hacking, dns, sql injection, trojan, java, php, sql