Socks 5 client support for twisted

Posted on Mi 05 Februar 2014 in Programming • Tagged with Python, Twisted, Socks5, Programming, SecurityLeave a comment

I recently forked twisted-socks to add SOCKS 5 support for my GoogleScraper in order to scraper Google pages asynchronously. Obviously I needed SOCKS5 support to anonymize the parallel requests such that I can scrape more pages simultaneously.

I tested the code for SOCKS4 and SOCKS4a with a local TOR proxy and twistd -n socks and the SOCKS5 protocol with the dante socks proxy server on my VPS. So I guess the basic functionality should be working by now. GSSAPI (Kerberos) support is planned.

Here is the socksclient code, which is ...

Continue reading

The art of cheating: Making a chess.com chess bot following an unusual approach!

Posted on So 26 Januar 2014 in C • Tagged with C, Chess.com, Cheating, Firefox, Hooking, Chess, Lowlevel, Programming, SecurityLeave a comment

Table of contents

  1. Preface: Giving first insight into the idea and why I think that hooking into a browser is a good idea.
  2. Many different ways to make browser game bots: Discussion various techniques to write HTTP/WebSocket bots
  3. How does chess.com internally look like?: Investigation of the client side behavior of chess.com
  4. How the bot works: Explaining how my shared library hooks firefox network functions
  5. Conclusion: Summary of my discoveries
  6. Demo Video and another, better demo video: You might only watch that video, but make sure you ...
Continue reading

Exploiting wordpress plugins through admin options (No 3. — Easy Media Gallery stored XSS)

Posted on Di 17 Dezember 2013 in Php • Tagged with Vulnerablity, Websecurity, Exploit, Stored, Php, Programming, Security, Xss, Wordpress, Easy-media-galleryLeave a comment

Preface

This post is about general security weaknesses in wordpress plugins, that allow malicious attackers to gain code execution access on the web server (which is quite often the user www-data). To outline the problem shortly: Often, wordpress plugins need a administration form to handle settings and options. These options are meant to be exclusively alterable by the admin of the wordpress site. But unfortunately, lots of wordpress plugins suffer from a very dangerous combination of CSRF and stored XSS vulnerabilities, that wrapped up in a social engineering approach, may ...

Continue reading

IAT hooking

Posted on Sa 07 Dezember 2013 in C • Tagged with C, Hooking, Programming, Security, Windows, Nt, Assembler, IatLeave a comment

What

I just rummaged through my old hard disk and suddenly stumbled across some old C sources from around a year ago when I played with IAT hooking on windows 7. I will not explain much, but I made the bottom code around a year ago (Thus, in 2012) and it should be able to hook any code (depicted as the handler here) into running processes via the IAT. I suppose the code is not working properly, but it gives a good picture of how an IAT hooking approach might ...

Continue reading

Cryptographically secure rand() replacement

Posted on Do 14 November 2013 in Cryptography • Tagged with Cryptography, Php, Security, ProgrammingLeave a comment

If you are a programmer, you sometimes find yourself in the need for random numbers. There are many possible use cases:

  • Generate data for unit-tests.
  • Build secure passwords or keys as input for ciphers like AES, Twofish and its colleagues.
  • Simulating the real world for modelling applications.
  • A prominent use case: Lot's of gambling sites depend on good random number generators.

Now if you code in PHP, there are quite some different ways to obtain random numbers. There is the rand ( int $min , int $max ) function for instance: It ...

Continue reading

A tale of a twofold broken wordpress captcha plugin

Posted on Mo 04 November 2013 in Programming • Tagged with Captcha, Security, Programming, ExploitLeave a comment

Last Edit (Effective: 7th November 2013)

It seems like the plugin authors updated the security of the plugin. All the bottom blog entry deals with version 3.8.7. In this new paragraph, I will look whether these recent updates to version 3.8.8 added the necessary security to prevent conducting an...

  • Attack vector one: Parsing the captcha logic.
  • Attack vector two: Reversing the decode() function and just reading the solution from the hidden fields.

Let's get started:

At line 942 of the plugin code (The start of ...

Continue reading