ARP LAND-Attack
Yeah, you know the deal. Another network-based attack! This time, a LAND-attack (Local Area Network Denial – attack). I know the first thing that comes to your mind is: “LAME. With a MITM (Man-in-the-Middle), you can at least steal data, with this you simply DoS someone…” Not so fast. I’ve actually found this quite useful.
Client side hacking with noscript (FF-addon) enabled
While noscript is a great plugin to make your browser secure I tried finding ways to break it and succeeded. This means that it is possible to break the browser client side while noscript is enabled (and the site(s) are disallowed). I did not fully debugged the bugs because I am not in the mood
The reincarnation of the RFI
Hey! Remember the good old days when the web spouted RFI’s everywhere? We miss those days. So me and Fredrik figured out a new way to reincarnate the old dusty RFI’s! This is an unexpected feature in PHP that allows you to communicate with external servers even though allow_url_include = Off. We eventually played around
CAM Table Overflow
Here comes another example on how nokitel can be used for penetration testing. Ever heard about a CAM-Table-Overflow? Though so. It’s not a very common exploitation method. This is a short description quoted from hakipedia,com: “A switch’s CAM table contains network information such as MAC addresses available on physical switch ports and associated VLAN parameters.
Stuxnet’s Credentials
I had a hard time finding the Stuxnet-rootkit and the credentials it used to exploit the Siemens WINCC6 SCADA system. So here you go, here’s the default credentials it used towards the WINCC6′s MSSQL Server: Username: WinCCConnect Password: 2WSXcder Username: WinCCAdmin Password: 2WSXcde. Just for documentation. The odds for you to stumble upon one of