2

SSL v2.0 on Internet Explorer

-

Posted by on Mar 2, 2007 in Cryptography, Web application security | 2 comments

Cryptography IE6 SSL sslv2
Now that Firefox 2.0 does not have option to enable SSL v2.0, there’s one way it can still be activated in Internet Explorer. Goto Tools -> Internet Options -> Advanced as shown in the screenshot and uncheck all other ciphers except SSL 2.0 and you should be able to check if a particular website supports SSL v2.0.

Activating SSL 2.0 in IE

0

Using cURL as a SOAP client

-

Posted by on Mar 16, 2007 in HowTo, Tools, Web application security | 0 comments

curl soap web services X.509

cURL (groks URL) can be used as a SOAP client to send XML SOAP requests to web services. But the problems that I was facing in sending the data directly with the -d switch of curl is that DOS command shell would greet me with an error message:

< was unexpected at this time.

But there is a great way to send data in the POST requests by using the -d switch with the @ symbol. For example to send the xml data in the xmlfilewithdata.xml in the POST request to http://www.somesite.com/thewebservice you could use the following command:
curl -d @xmlfilewithdata.xml http://www.somesite.com/thewebservice

Off go all the errors and there it is …. your SOAP client – cURL!

0

Machine Learning Security in the age of Supply Chain Attacks

-

Posted by on Apr 7, 2024 in AppSec | 0 comments

deserialization machine learning pickle supply chain xz

As can be seen from the recent “xz attack” discovery that there nation states have realized that this is likely the “best” vector to impact large-scale systems in big organizations. With the cloud computing providers being the “source of computing” for most large corporations today, we should anticipate that a larger portion of the attacks will fall into this category. Also, just like “sleeper cells” in traditional espionage, such “sleepers” may exist in numerous OSS projects. Does that mean we should stop using open source – hell no. All that means is we just need to be careful. Can we detect these attacks? It’s tough to detect but yes we can detect them by good ol’ school, telemetry and observability.

But that’s not what this blog post is about. I think the most interesting bit from the xz attack for me was that the libraries that get harder to debug and decode are much juicier targets. How does that matter? The ML libraries that are super popular like pytorch and tensorflow and others are quite hard to compile out of bound from scratch. Such libraries can have interesting attack vectors which allow nice pickle compromises. I say “nice” because the family of insecure deserialization has existed in CWE since 2006! It’s older than many other issues and will continue to exist.

My only hope is that maintainers of core ML projects such as PyTorch, Tensorflow, keras and others start showing a slightly higher level of paranoia and build reproducibility so the supply chain attacks can be avoided on such harder to debug libraries.

1

ToorConX in San Diego

-

Posted by on Oct 2, 2008 in Conferences | 1 comment

Conferences toorcon

I recently came back from the ToorConX in San Diego, CA. It was a great conference with some really cool talks. Especially RFD (Remote file download using blind sql injection), reversing malware using browser hooking, cracking crypt() hashes using Ps3, grey box peach fuzz xml generation tool (nunchaku), voip eavesdropping, bypassing browser memory protection.
These were some really cool talks but I still don’t have access to any presentation slides yet for the con. May be those will be posted some time.

0

PaiMei and MySQL error – eax_deref default value

-

Posted by on Nov 13, 2007 in HowTo | 0 comments

error exploit fuzzing paimei

I was playing with PaiMei and trying to get some initial stuff working on Pai Mei Reverse Engineering framework by Pedram Amini.
It was a smooth ride until the following steps:
1. Install MySQL
2. Install wxPython
3. Install GDE and uDraw

There was a slight problem in the __install_requirements.py file that it would always look at C:\Program Files for the files whereas my files were in S:\Program Files.
Either way a small change from C to S in the __install_requirements.py did the trick. Thereafter, when I ran __setup_mysql.py script I got the following error:

_mysql_exceptions.OperationalError: (1101, “BLOB/TEXT column ‘eax_deref’ can’t have a default value”)

Seems like MySQL should not be running in “strict” mode while you run this script. I got this information from the following link:
http://paimei.openrce.org:8000/ticket/5

0

Skype4Com API to script skype

-

Posted by on May 3, 2008 in Programming | 0 comments

API hacking IVR skype Skype4Com

I came across the interesting Skype4Com API that could aid users to dial several numbers using skype.
To install Skype4Com simply unzip the contents of the archive and execute the following command:

c:\> regsvr32 Skype4Com.dll

Upon executing this you can use the Skype4Com API using .Net (C#, VB Script) and even Python.
One can even generate DTMF tones to dial in to 1-800-numbers and automate the process so you can directly get through the initial wait times and directly speak to the customer representative.

0

ERROR 1045 (28000): Access denied for user ‘root’@’localhost’ (using password: NO)

-

Posted by on Jul 24, 2010 in HowTo | 0 comments

error HowTo mysql

If this is the error you are getting then one of the solutions is to reset your root password on the MySQL database server.

$ pkill mysql
$ sudo mysqld --skip-grant-privileges
$ mysql

At this point you get the mysql command shell. You will need to update the root password and flush the table when you reset the password.

mysql> set UPDATE mysql.user SET Password=PASSWORD('YOUR_NEW_PASSWORD') WHERE User='root';
mysql> FLUSH PRIVILEGES;

Now that you’ve flushed your passwords, just restart your mysql daemon.

$ sudo pkill mysqld
$ sudo /etc/init.d/mysqld start
$ mysql -u root -p
Enter Password: YOUR_NEW_PASSWORD
mysql>

You should be all set now!