hakin9_01_2007(1).pdf

~ t q w ~

~ t q w ~

~ t q w ~

hakin9

Anatomy of change

Welcome in the year 2007! It is always a tradition that with

the new beginning we are more open to changes. Each of us

has some NewYear's resolutions. Our is very simple – let's

conquer the world! Cheeky? Even if, why not to do that? New

Year is a perfect opportunity for such a challenge, and you,

Dear Readers, are the reason of change.

This is the irst new hakin9 issue. We've changed few

things, we hope that for better. Now we have three sections

in the magazine: basics, attack and defense. Wide spectrum

of subjects can be placed here and information is very easy

and straightforward. Don't worry, not everything will change

– we are going to sustain the highest quality level of pre-

sented articles and still surprise you with content.

Another new thing is a self exposure column where we

prompt how to make some money on security. We are open

to your proposals – what would you like to know, which

opportunities are interesting, with who we should talk to?

There's nothing more important than freedom of speech,

that's why we would like to encourage you to take part in our

tests. In this issue we present opinions on security scanners.

We asked our readers, companies engineers and private

users what are their impressions. If you still hestitate which

solution is the best in regards to your needs, our test should

give the right answer.

Finally, we proudly present our new regular columnist

– Matt Jonkman from Bleeding Edge Threats. Quoting the

author, we hope that would be a fun place to rant and rave

about the things that bothers Matt. And initiate discussion

between you and him.

In this issue we shed some light on the way ptrace()

works and present how to write your own backdoors

(p. 32). You will get to know what are the obstacles wait-

ing for the attackers trying to execute a shellcode on the

attacked system as well as the techniques to avoid these

obstacles (p.46). You will learn how to employ XPath injec-

tion method to bypass safeguards in certain applications

(p. 24), see how to bypass the randomness protection of

Linux kernel 2.6 to successfully exploit the stack based

buffer overlow vulnerabilietes (p .56) and read an inter-

view with Richard Stallman, a founder of the GNU Project,

the Free Software Foundation and the League for Pro-

gramming Freedom.

Last but not least – security comunity annoucement: we

would like to invite you all to cooperation with hakin9. You

are welcome as authors, betatesters, advisors. The most

important is to know the enemy’s strategy, I’m sure together

we can make the computer world a more secure place. And

if we can, it’s worth trying.

All companies interested in partnership are welcome

in our .pro club, which makes cooperation possible even

on several levels and brings mutual beneits. Unitedly we

can create the best IT security guide which becomes your

loyal friend who supports you when dificult times are

ahead.

In brief

Magdalena Błaszczyk, Justin Seitz

A selection of news from the world of IT security

CD content

Marta Ogonek

What's new in the latest hakin9.live version (3.1.1-

aur.) and must-have applications full versions + Cisco

Certiied Network Associate Course on our CDs.

Tools

Scanrand (part of Paketto Keiretsu)

Damian Szewczyk

The author presents a part of Paketto Keiretsu, which

is a collection of tools that use the latest strategies for

manipulating TCP/IP networks. Scanrand seems to

be infallible when the time is crucial.

General Purpose Fuzzer (GPF)

Jared DeMott

You wish to fuzz something like IMAP, DNS, FTP. How

can you do that? The author describes a testing technique

enabling to ind bugs and vulnerabilities in software.

Basics

XSS – Cross-site scripting

Paul Sebastian Ziegler

Reading this article will help you to learn how to inject

script code into vulnerable websites and how to secure

websites against XSS.

Attack

Introduction to XPath

Injection techniques

Jaime Blasco

Having read this article you will know, for example,

how to employ XPath injection method to bypass

safeguards in certain applications and how XPath

and XML work.

Function Overwriting using ptrace()

Stefan Klaas

This text sheds the light on the way ptrace() works and

presents how to write your own backdoors. We will learn

how to understand ptrace () function systemcall and how

to use it to alter execution low.

Shellcodes Evolution

Happy New Year from hakin9 crew!

Itzik Kotler

Thanks to this article you will get to know what are the

obstacles waiting for the attackers trying to execute

a shellcode on the attacked system as well as the

techniques to avoid these obstacles.

Marta Ogonek

marta.ogonek@software.com.pl

hakin9 1/2007

www.en.hakin9.org

~ t q w ~

Hard Core IT Security Magazine

Defense

Editor in Chief: Ewa Dudzic ewal@software.com.pl

Executive Editor: Marta Ogonek marta.ogonek@hakin9.org

Editor: Magdalena Błaszczyk magdalena.błaszczyk@hakin9.org

Editorial Advisory Board: Clement Dupuis, Matt Jonkman,

Jay Ranade, Terron Williams

DTP Director: Robert Zadrożny robert.zadrozny@software.com.pl

Art Director: Agnieszka Marchocka agnes@software.com.pl

CD: Jakub Wojnowski, Rafał Kwaśny ( Aurox Core Team )

Proofreaders: N. Potter, D. F. Leer, M. Szuba, P. S. Rieth

Top betatesters: Wendel Guglielmetti Henrique, Justin Seitz,

Peter Hüwe, Damian Szewczyk,Peter Harmsen, Kevin Bewley

How to bypass kernel 2.6

stack randomness protection

Enrico Feresin

The author of the article shows how to bypass the

randomness protection of Linux kernel 2.6 in order

to exploit the stack based buffer overlow vulner-

abilities.

President: Monika Godlewska monikag @software.com.pl

Senior Consultant/Publisher: Paweł Marciniak pawel@software.com.pl

National Sales Manager: Monika Godlewska monikag@software.com.pl

Production Director: Marta Kurpiewska marta@software.com.pl

Marketing Director: Ewa Dudzic ewal@software.com.pl

Advertising Sales: Marta Ogonek marta.ogonek@hakin9.org

Subscription: subscription@software.com.pl

Prepress technician: Robert Zadrożny robz@software.com.pl

Consumers tests

Tested products – security scanners

Publisher: Software Media LLC

(on Software Publishing House licence www.software.com.pl/en )

Barksdale Professional Centre

Newark, DE 19711, USA

Tel: 004822 8871010

www.en.hakin9.org

A new section in hakin9! In this edition we present

users opinions on advantages & disadvantages of

security scanners.

Interview

Software LLC is looking for partners from all over the World. If you are

interested in cooperating with us,

please contact us by e-mail: cooperation@software.com.pl

I wish I could be the World Liberator

Print: 101 Studio, Firma Tęgi

Printed in Poland

Marta Ogonek

An interview with Richard Stallman, a founder of the

GNU Project, the Free Software Foundation and the

League for Programming Freedom.

Distributed in the USA by: Source Interlink Fulfillment Division, 27500

Riverview Centre Boulevard, Suite 400, Bonita Springs, FL 34134

Tel: 239-949-4450.

The Bleeding Edge

Distributed in Australia by: Europress Distributors Pty Ltd, 3/123

McEvoy St Alexandria NSW Australia 2015, Ph: +61 2 9698 4922,

Fax: +61 2 96987675

Rants from the Bleeding Edge

Whilst every effort has been made to ensure the high quality

of the magazine, the editors make no warranty, express or implied,

concerning the results of content usage.

All trade marks presented in the magazine were used only

for informative purposes. All rights to trade marks presented

in the magazine are reserved by the companies which own them.

Matt Jonkman

New columnist in hakin9! News from Bleeding Edge

Threat. You wanna rant?

Self exposure

To create graphs and diagrams we used program by

company.

Marta Ogonek, Magdalena Błaszczyk

How to make some money on security? Our new

column brings some fresh ideas and opportunities.

CDs included to the magazine were tested with AntiVirenKit by G DATA

Software Sp. z o.o

The editors use automatic DTP system

Books reviews

Damian Szewczyk, Jarosław Pawlak

Reviews of books: Nagios. System and Network

Monitoring by Wolfgang Barth, PGP & GPG – Email

for the practical paranoid by Michael W. Lucas

ATTENTION!

Selling current or past issues of this magazine for prices that are

different than printed on the cover is – without permission of the

publisher – harmful activity and will result in judicial liability.

hakin9 is also available in: Spain, Argentina, Portugal, France, Morocco,

Belgium, Luxembourg, Canada, Germany, Austria, Switzerland, Poland,

Czech, Slovakia

Product review

Rafał Kwaśny

We've tested AirPcap by CACE Technologies

The hakin9 magazine is published in 7 language versions:

EN PL ES CZ

IT FR DE

Upcoming

Marta Ogonek

Announcements of articles to be published in the next

issue of hakin9.

DISCLAIMER!

The techniques described in our articles may only be

used in private, local networks. The editors hold no

responsibility for misuse of the presented techniques

or consequent data loss.

~ t q w ~

www.en.hakin9.org

hakin9 Nr 2/2006

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: