‘Meanwhile – On the Other Side of the Web Server’
‘
‘
‘The whitepaper explaines a technique to perform web based attacks by ‘smuggling’ HTTP requests.
‘
‘
‘
‘
What do you have to know before reading?
You have to know assembly language, C language and Linux/Unix. Of course, you have to know what a buffer overflow is (we highly recommend reading [1]).’
‘
‘
‘
‘
‘
‘
‘Users authenticate themselves on a Domain Controller (DC) using NTLM/NTLMv2. However the DC sometimes goes offline or the network cable is unplugged; in this situation, the Local Security Authority System Service (LSASS) uses password cache entries from the registry to perform offline logon.
* Helping pentesters or security bso retrieving the password cache entries (hash value) for auditing purposes;
* Providing more compatibility for programs that may require access to these entries without using the LSA API.’
‘
‘
‘
‘
‘
‘MySQL is not an easy database for Blind SQL Injection: it displays no errors when an UNION occurs between two columns of different type and there isn’t a way to make a query displaying errors from parameters passed inside the query itself. Many times happens that auditing the code of a PHP/MySQL application, we find an injection vulnerability that is not exploitable, because we cannot see the output or we see always an error cause the value retrieved is passed to multiple queries with a different numbers of columns before the script ends.
‘
The stream cipher RC4 with key length up to 128 bits is used in Microsoft Word and Excel to protect the documents. However, when an encrypted document gets modified and saved, the initialization vector remains the same and thus the same keystream generated from RC4 is used to encrypt the different versions of that document. The consequence is disastrous since a lot of information of the document could be recovered.’