Jonathan Arbib

Exploits

On Hacking MicroSD Cards « bunnie’s blog

by on Dec.31, 2013, under Exploits, Gadgets, Tech Junk

The hardware hacker Bunnie Huang gave a talk at the Chaos Compute Club Congress where he offered some good news and some bad news. The good news? SD cards contain powerful, handy micro controllers that are useful to hackers and hobbyists. The bad news? SD cards are woefully insecure.

In a detailed and readable post, Huang describes the exact problems with Flash memory. In order to reduce the price and increase the storage space, engineers have to fight a never-ending form of internal entropy that slowly but surely scrambles the data on every Flash drive.

[techcrunch.com]

[www.bunniestudios.com/blog/?p=3554]

On Hacking MicroSD Cards « bunnie’s blog.

Leave a Comment :, , , , , more...



WPA2 broken?

by on Jul.29, 2010, under Exploits, Tech Junk

Source: http://www.airtightnetworks.com/WPA2-Hole196

WPA2 Hole196 Vulnerability

WPA2, perceived as the most solid Wi-Fi security protocol, is widely used by enterprises for securing their Wi-Fi networks. But security researchers at AirTight have uncovered a vulnerability called “Hole196” in the WPA2 security protocol that exposes WPA2-secured Wi-Fi networks to malicious insiders. Exploiting the vulnerability, an insider can bypass WPA2 private key encryption and authentication to sniff and decrypt data from other authorized users as well as scan their Wi-Fi devices for vulnerabilities, install malware and possibly compromise those Wi-Fi devices. AirTight researcher, Md. Sohail Ahmad, will be demonstrating this vulnerability at the Black Hat Arsenal and at DEFCON18 in a presentation entitled “WPA Too?!” in Las Vegas on July 29th and July 31th respectively.

Leave a Comment :, , , , , , more...


MITM Attack on Smartphones whitepaper

by on Nov.06, 2009, under Exploits, Tutorials

From Daily Dave Mailing List

SMobile has released a detailed report on research indicating that smartphone users are just as susceptible to man-in-the-middle (MITM) attacks as PC users. This report details the results of attempts to produce MITM attacks to determine whether it is possible to intercept SSL encrypted communications between various smartphone devices and servers. Of the devices that were tested, each of the major smartphone operating systems appeared to lack the ability to natively detect and defend against MITM attacks, allowing the testing team to intercept sensitive information that should have been encrypted via SSL.

Paper can be downloaded here:
http://threatcenter.smobilesystems.com/?page_id=1331

thanks to MAYANK

Leave a Comment :, , more...

RainbowCrack 1.4 is released

by on Jul.24, 2009, under Exploits, Tutorials

From http://project-rainbowcrack.com/

This version focus on more effective rainbow table file format. New features:

* New compact rainbow table file format (.rtc) reduce rainbow table size by 50% to 56.25%
* New rt2rtc utility convert rainbow table from raw file format (.rt) to compact file format (.rtc)
* New rtc2rt utility convert rainbow table from compact file format (.rtc) to raw file format (.rt)
* The rcrack/rcrack_cuda program support both .rt and .rtc rainbow table file format
* Conversion from non-perfect to perfect rainbow table is supported by rt2rtc utility

Smaller rainbow table significantly improve table lookup performance!

Leave a Comment :, , , , , more...

phpbb.com Hacked – A Thorough Description!

by on Feb.07, 2009, under Exploits, Tutorials

phpbb.com was hacked. Sites get “broken into” every day, but in this case a very thorough description was published here on how the attack was carried out. There is a lot to learn form there, even if techniques used are mostly straight forward. After the attack, someone else then ran the list of recovered passwords through an analysis program, and here is what he came out with.

Links:

phpbb Home Page

Details of Attack

Password Frequency Analysis

Happy Hacking!

Leave a Comment :, , , , , , more...

WPA PSK lookup tables: wpa_psk-h1kari_renderman

by on Nov.11, 2008, under Exploits, Tutorials

Since link was broken on the Church of wifi website I got a copy though tbhost.eu. Now their link is broken. Here is an http copy and a torrent file (Please use torrent where possible…)

HTTP (not possible anymore due to high bandwidth usage)

Torrent

Credits:

HTTP Download from here (Broken Links?)
Church of Wifi
and The Shmoo Group for the previous Hosting of the torrent.

2 Comments :, , , , , more...

Interesting (possible) phishing for admins?

by on Oct.06, 2008, under Exploits, Tutorials

Read the posts on this forum

Then visit the site linked at the bottom of the page, or click here

That looks like phishing to me… Very simple attempt…

But could be effective if indeed it IS phishing…

To test it out, someone could perhaps create a “super” jailed ssh account on a system to perhaps see if someone attempts to login using those parameters… Someone wants to attempt it, and report back?

Leave a Comment :, , , , , , more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!