House of Hackers

quad
Share 

Quad's Friends

quad's Groups

quad's Discussions

IPv6 Question.

Replied Jan 20

Wifi... sniffing... monitor mode.. the works...

Replied Jan 20

 

::1 Page

Gifts Received

Gift

quad has not received any gifts yet

Give quad a Gift

Latest Activity

rosebaby left a comment for quad
November 23
Anarchy Angel commented on quad's blog post 'Restricted character set limits exploit vector of SQL injection vulnerability'
windows or linux?
October 8
quad commented on quad's blog post 'Restricted character set limits exploit vector of SQL injection vulnerability'
Thank you Unicode! With UTF-8 encoding, it's entirely possible to insert spaces in the query. Wondering if that works for other characters too. Still, much more flexibility now. (I also forgot to mention that the curly braces pass through. They c...
October 7
quad added a blog post
While performing a pentest for a client, I discovered that the virtual host HTTP header of a web server was vulnerable to SQL injection (!). This is probably because the default vhost runs an application that store the vhost sent by the client bef...
October 7
Anarchy Angel commented on quad's blog post 'Troubles while testing winlockpwn'
well this exploit is from 08 so its likely all new pcs have a updated driver unlike an old server sitting in a rack that god knows when it gets updated so maybe try checking driver versions and/or firmwares. or maybe idk wtf im talking about lol p...
July 10
quad added a blog post
So any Windows box can be quickly owned when the computer is equipped with a Firewire (IEEE 1394) port. I tried to reproduce the attacks by carefully following online guides, but it proved much more difficult than it seemed. In my work environmen...
July 9
quad commented on quad's blog post 'SQL injection scenario involving .NET + MySQL + Win2k3'
Unfortunately it's a backend system to which we don't have access. There is no way for us to footprint the OS other than by injecting SQL through the web site. Are you thinking of any other good technique to further gather information on the back...
February 27
Analog Anomaly commented on quad's blog post 'SQL injection scenario involving .NET + MySQL + Win2k3'
Dually noted. You did not attempt to probe for information on it's OS and open ports? I believe even some of the more basic port scanners such as Angry Ziber's Angry IP Scanner and hoobie.net's mingsweeper offer such features. They tend to prove u...
February 27

Quad's Blog

quad

Restricted character set limits exploit vector of SQL injection vulnerability

While performing a pentest for a client, I discovered that the virtual host HTTP header of a web server was vulnerable to SQL injection (!). This is probably because the default vhost runs an application that store the vhost sent by the client before it processes it further. Still, it's interesting because it's not so obvious to exploit.

The database engine is SQL Server. The version is unknown. Here comes the fun part: the "Host" HTTP header is validated by IIS first, so most symbols are filte… Continue

Posted on October 7, 2009 at 2:09am — 2 Comments

quad

Troubles while testing winlockpwn

So any Windows box can be quickly owned when the computer is equipped with a Firewire (IEEE 1394) port. I tried to reproduce the attacks by carefully following online guides, but it proved much more difficult than it seemed.

In my work environment, I couldn't find any workstation equipped with a 6-pin 1394 port, and I only had two types of Firewire cables: 4-pin to 6-pin and 6-pin to 6-pin. Laptops ar… Continue

Posted on July 9, 2009 at 9:16pm — 1 Comment

quad

Having trouble with rainbowcrack

I modified rainbowcrack 1.2 to add support for generating MySQL rainbow tables. Modifications are light and straightforward, but I'm now running into this problem:
$ ./rtgen mysql323 numeric 1 3 0 300 10000 test
hash routine: mysql323
hash length: 8
plain charset: 0123456789
plain charset in hex: 30 31 32 33 34 35 36 37 38 39
plain length range: 1 - 3
plain charset name: numeric
plain space total: 1110
rainbow table index: 0
reduce offset: 0

generating...
10000 of 10000 rainbow chains gen… Continue

Posted on February 19, 2009 at 3:23am —

quad

SQL injection scenario involving .NET + MySQL + Win2k3

To all of you SQL injection gurus.

Suppose there's this vulnerable application we have to test for a client. It's a classic example of a SQL injection vulnerability where the webapp miserably fails if a single quote is included in a URL parameter. However it's an unusual environment.

Some facts:
* The application is written in .NET.
* It probably runs on Windows 2003 Server (not confirmed, just assuming).
* Debug output is still turned on so there's some disclosure of the C# source code along… Continue

Posted on February 18, 2009 at 9:13pm — 7 Comments

quad

Credit card transaction security measure

I stumbled upon this page where the author relates how easy it is for counterfeiters to capture credit card information off an ATM or PoS. What I found most interesting was Michael Janke's comment about how security could be improved on credit card tra… Continue

Posted on January 21, 2009 at 4:00pm —

Comment Wall (1 comment)

You need to be a member of House of Hackers to add comments!

Join this Ning Network

At 7:45am on November 23, 2009, rosebaby said…
rose.david50@yahoo.com
HELLO
My name is miss Rose i saw your profile today at(houseofhackers.ning.com) and fund you worthy to be mine as some one whom i can lay on his arms as long as love is concern, caring and teassing you all the nightlong and ,l will also like to know you the more,and l want you to send an email to my email address (rose.david50@yahoo.com) so l can give you my picture for you to know whom l am. Here is my email address I believe we can move from here! I waiting for your mail to my email address above. miss Rose
(Remeber the distance or colour does not matter but love matters alot in life)
 
 

About

pdp pdp created this Ning Network.
 

© 2009   Created by pdp on Ning.   Create a Ning Network!

Badges  |  Report an Issue  |  Privacy  |  Terms of Service

Sign in to chat!