Offensive Thinking

Internet Thoughtcrime

Watching Security Tube

Posted: 2009-06-04

I found a new occupation while ironing today: watching videos on Security Tube. As the name already says, it’s the Youtube of security related videos.

So I hooked up my laptop to the TV (yay me for owning a full HD TV with a VGA connector) and watched Top Ten Web Hacking Techniques of 2008 by Jeremiah Grossman. It was a really nice overview of some vulnerabilities / exploit techniques found in 2008. I already knew about them before watching this, but found two things I didn’t know yet:

First, I wasn’t really aware of the paper from Baror, Yogev and Sharabani about “Flash Parameter Injection”. I wrote about this stuff in this RedTeam blog post (yes, that’s the other blog I write in. Go check it out, it’s awesome ;)) without knowing about their research. I discovered this way of exploiting Flash files as many of our clients nowadays use at least a little bit of Flash in their websites, so I got to play quite a bit with it. I didn’t expect this stuff to be only known to me, but it’s nice to see that there indeed were people doing research in this. And they came up with more attack vectors than I did, so go and download their paper, it’s way more detailed than my blog post.

The second thing I found is that sensepost developed a fantastic little tool called reDuh. It allows for tunnelling TCP connections through JSP (the most tested), PHP and ASP pages. This is something really sweet if you exploit for example web servers and are able to upload your own scripts. It would e.g. go very well with our (RedTeam’s) JBoss AS exploits (search for “Who’s the JBoss now” on the page for a Whitepaper in German and slides in German and English). If you can upload scripts you can of course always code your own little exploit tool, but reDuh is hopefully able to save me some time there. I hope I won’t be disappointed once I try it out next time I can upload scripts to a server.