"Dem sind keine Grenzen gesetzt, der sie nicht hinnimmt." - Japanische Weisheit _

.:: Apple und die Passwörter ::.

"The latest version of OS X Lion allows any user to easily change the password of any local account, due to permissions oversights on Apple's part. The news comes less than a month after another Lion vulnerability that let users bypass LDAP without a password gained notoriety.
Any user can accomplish this trick by simply invoking the directory services listing using the /Search/ path -- for example, $ dscl localhost -read /Search/Users/bob (where "bob" is the username). "

Quelle: Hack in the box

Tja zuerst braucht's gar keine Passwörter für LDAP und wenn's nun doch welche braucht, kann man lokal die Hashes klauen. Mal schauen was als nächstes kommt ;)
20.09.11 11:45:33 - balle - 944 comments - Exploits

.:: Stoned MBRs ::.

"Die Quellen des Boot-Virus Stoned stehen ab sofort frei zur Verfügung. [...] Mit dem Boot-Virus ist es möglich, über den Bootsektor Windows-Installationen ab 2000 in der 32-Bit-Version mit Administrationsrechten zu übernehmen. Zudem kann Stoned auch auf Systeme zugreifen, die mit dem bereits veralteten Truecrypt 6.1a bis 6.2a oder Diskcryptor in Version 0.7 und 0.8 verschlüsselt wurden."
Quelle: Golem
05.01.11 16:01:29 - balle - 452 comments - Exploits

.:: Exploiting JBoss ::.

BlackHat 2010 Presentation by Papathanasiou about Abusing JBoss, deploying your JARs without Authentication and executing Code on JBoss and Tomcat Java servers.

Und das dazu passende Metasploit Module
14.04.10 14:55:00 - balle - 816 comments - Exploits

.:: Metasploit 2 Java Applet ::.

This exploit dynamically creates an applet via the Msf::Exploit::Java mixin, converts it to a .jar file, then signs the .jar with a dynamically created certificate containing values of your choosing. This is presented to the end user via a web page with an applet tag, loading the signed applet. The user's JVM pops a dialog asking if they trust the signed applet and displays the values chosen. Once the user clicks 'accept', the applet executes with full user permissions.
23.02.10 15:26:00 - balle - 1370 comments - Exploits

.:: Unlock Windows with Firewire ::.

“A security consultant based in New Zealand has released a tool that can unlock Windows computers in seconds without the need for a password.
… merely by plugging in your Firewire cable and running a command”.

Get the source
27.03.08 13:37:00 - balle - 1170 comments - Exploits

.:: Bluetooth L2CAP exploits ::.

POC exploit by Pierre Betouin that crashes hcidump by sending bad L2CAP packet.

Proof of concept exploit that resets Sony/Ericsson phones via a flaw in Bluetooth.

Oder direkt als komplettes Tool geschnürt:
"Performs several L2CAP checks sending malicious packets (L2CAP). Initial source code analysis from tanya tool (tbear)"
07.07.07 14:03:00 - balle - 1138 comments - Exploits