Test Foro de elhacker.net SMF 2.1

Leo en el blog "Infomático y segurata"  (http://informaticoysegurata.blogspot.com/2010/01/las-10-mejores-tecnicas-de-hacking-web.html)una anotación sobre el "Top Ten Web hacking techniques of 2009" (http://jeremiahgrossman.blogspot.com/2010/01/top-ten-web-hacking-techniques-of-2009.html) de Jeremiah Grossman y compañía. El artículo de Jeremiah y la descripción de las técnicas esta en inglés. Son enlaces a los diferentes blogs de Jeremiah, Eduardo Vela, Rich Mogull, Dinis Cruz, Chris Hoff, HD Moore, Billy Rios, Dan Kaminsky, Steven Christey, Jeff Forristal, Michal Zalewski y Romain Gaucher.

Os pongo el top ten aqui pero en la anotacion original hay 82 y 3 son de sirdarckcat.

CitarTop Ten Web Hacking Techniques of 2009! (http://jeremiahgrossman.blogspot.com/2010/01/top-ten-web-hacking-techniques-of-2009.html)

1. Creating a rogue CA certificate (http://www.phreedom.org/research/rogue-ca/)
Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de Weger

2. HTTP Parameter Pollution (HPP) (http://blog.mindedsecurity.com/2009/05/http-parameter-pollution-new-web-attack.html)
Luca Carettoni, Stefano diPaola

3. Flickr's API Signature Forgery Vulnerability (MD5 extension attack) (http://netifera.com/research/)
Thai Duong and Juliano Rizzo

4. Cross-domain search timing (http://scarybeastsecurity.blogspot.com/2009/12/cross-domain-search-timing.html)
Chris Evans

5. Slowloris HTTP DoS (http://ha.ckers.org/blog/20090617/slowloris-http-dos/)
Robert Hansen, (additional credit for earlier discovery to Adrian Ilarion Ciobanu (http://www.securityfocus.com/archive/1/456339/30/0/threaded) & Ivan Ristic - "Programming Model Attacks" section of Apache Security (http://www.apachesecurity.net/about/table-of-contents.html) for describing the attack, but did not produce a tool)

6. Microsoft IIS 0-Day Vulnerability Parsing Files (semi‐colon bug) (http://soroush.secproject.com/downloadable/iis-semicolon-report.pdf)
Soroush Dalili

7. Exploiting unexploitable XSS (http://stephensclafani.com/2009/05/26/exploiting-unexploitable-xss/)
Stephen Sclafani

8. Our Favorite XSS Filters and how to Attack them (http://sirdarckcat.blogspot.com/2009/08/our-favorite-xss-filters-and-how-to.html)
Eduardo Vela (sirdarckcat), David Lindsay (thornmaker)

9. RFC1918 Caching Security Issues (http://www.sectheory.com/rfc1918-security-issues.htm)
Robert Hansen

10. DNS Rebinding (3-part series Persistent Cookies (http://ha.ckers.org/blog/20090120/persistent-cookies-and-dns-rebinding-redux/), Scraping & Spammin (http://ha.ckers.org/blog/20091118/dns-rebinding-for-scraping-and-spamming/)g (http://ha.ckers.org/blog/20091118/dns-rebinding-for-scraping-and-spamming/), and Session Fixation (http://ha.ckers.org/blog/20091116/session-fixation-via-dns-rebinding/))
Robert Hansen

Espero que disfuteis con la lectura.

(http://jeremiahgrossman.blogspot.com/2010/01/top-ten-web-hacking-techniques-of-2009.html)

CitarThe Complete List

• Persistent Cookies and DNS Rebinding Redux (http://ha.ckers.org/blog/20090120/persistent-cookies-and-dns-rebinding-redux/)
• iPhone SSL Warning and Safari Phishing (http://ha.ckers.org/blog/20090329/iphone-ssl-warning-and-safari-phishing/)
• RFC 1918 Blues (http://ha.ckers.org/blog/20090608/rfc1918-blues/)
• Slowloris HTTP DoS (http://ha.ckers.org/blog/20090617/slowloris-http-dos/)
• CSRF And Ignoring Basic/Digest Auth (http://ha.ckers.org/blog/20090630/csrf-and-ignoring-basicdigest-auth/)
• Hash Information Disclosure Via Collisions - The Hard Way (http://ha.ckers.org/blog/20090713/hash-information-disclosure-via-collisions-the-hard-way/)
• Socket Capable Browser Plugins Result In Transparent Proxy Abuse (http://www.thesecuritypractice.com/the_security_practice/2009/03/socket-capable-browser-plugins-result-in-transparent-proxy-abuse.html)
• XMLHTTPReqest "Ping" Sweeping in Firefox 3.5+ (http://ha.ckers.org/blog/20090720/xmlhttpreqest-ping-sweeping-in-firefox-35/)
• Session Fixation Via DNS Rebinding (http://ha.ckers.org/blog/20091116/session-fixation-via-dns-rebinding/)
• Quicky Firefox DoS (http://ha.ckers.org/blog/20090727/quicky-firefox-dos/)
• DNS Rebinding for Credential Brute Force (http://ha.ckers.org/blog/20091117/dns-rebinding-for-credential-brute-force/)
• SMBEnum (http://ha.ckers.org/blog/20090809/smbenum/)
• DNS Rebinding for Scraping and Spamming (http://ha.ckers.org/blog/20091118/dns-rebinding-for-scraping-and-spamming/)
• SMB Decloaking (http://ha.ckers.org/blog/20090811/smb-decloaking/)
• De-cloaking in IE7.0 Via Windows Variables (http://ha.ckers.org/blog/20090810/de-cloaking-in-ie70-via-windows-variables/)
• itms Decloaking (http://ha.ckers.org/blog/20090819/itms-decloaking/)
• Flash Origin Policy Issues (http://foregroundsecurity.com/MyBlog/flash-origin-policy-issues.html)
• Cross-subdomain Cookie Attacks (http://skeptikal.org/2009/11/cross-subdomain-cookie-attacks.html)
• HTTP Parameter Pollution (HPP) (http://blog.mindedsecurity.com/2009/05/http-parameter-pollution-new-web-attack.html)
• How to use Google Analytics to DoS a client from some website. (http://sirdarckcat.blogspot.com/2009/04/how-to-use-google-analytics-to-dos.html)
• Our Favorite XSS Filters and how to Attack them (http://sirdarckcat.blogspot.com/2009/08/our-favorite-xss-filters-and-how-to.html)
• Location based XSS attacks (http://www.thespanner.co.uk/2008/12/01/location-based-xss-attacks/)
• PHPIDS bypass (http://www.thespanner.co.uk/2009/01/04/phpids-bypass/)
• I know what your friends did last summer (http://www.thespanner.co.uk/2009/01/07/i-know-what-your-friends-did-last-summer/)
• Detecting IE in 12 bytes (http://www.thespanner.co.uk/2009/01/28/detecting-ie-in-12-bytes/)
• Detecting browsers ‭‬javascript hacks (http://www.thespanner.co.uk/2009/01/29/detecting-browsers-‭‬javascript-hacks/)
• Inline UTF-7 E4X ‭‬javascript hijacking (http://www.thespanner.co.uk/2009/02/24/inline-utf-7-e4x-‭‬javascript-hijacking/)
• HTML5 XSS (http://www.thespanner.co.uk/2009/03/20/html5-xss/)
• Opera XSS vectors (http://www.thespanner.co.uk/2009/05/08/opera-xss-vectors/)
• New PHPIDS vector (http://www.thespanner.co.uk/2009/06/01/new-phpids-vector/)
• Bypassing CSP for fun, no profit (http://www.thespanner.co.uk/2009/11/23/bypassing-csp-for-fun-no-profit/)
• Twitter misidentifying context (http://www.thespanner.co.uk/2009/11/23/twitter-misidentifying-context/)
• Ping pong obfuscation (http://www.thespanner.co.uk/2009/11/23/ping-pong-obfuscation/)
• HTML5 new XSS vectors (http://www.thespanner.co.uk/2009/12/06/html5-new-xss-vectors/)
• About CSS Attacks (http://sirdarckcat.blogspot.com/2008/10/about-css-attacks.html)
• Web pages Detecting Virtualized Browsers and other tricks  (http://jeremiahgrossman.blogspot.com/2009/08/web-pages-detecting-virtualized.html)
• Results, Unicode Left/Right Pointing Double Angel Quotation Mark  (http://jeremiahgrossman.blogspot.com/2009/06/results-unicode-leftright-pointing.html)
• Detecting Private Browsing Mode  (http://jeremiahgrossman.blogspot.com/2009/03/detecting-private-browsing-mode.html)
• Cross-domain search timing (http://scarybeastsecurity.blogspot.com/2009/12/cross-domain-search-timing.html)
• Bonus Safari XXE (only affecting Safari 4 Beta) (http://scarybeastsecurity.blogspot.com/2009/06/bonus-safari-xxe-only-affecting-safari.html)
• Apple's Safari 4 also fixes cross-domain XML theft (http://scarybeastsecurity.blogspot.com/2009/06/apples-safari-4-also-fixes-cross-domain.html)
• Apple's Safari 4 fixes local file theft attack (http://scarybeastsecurity.blogspot.com/2009/06/apples-safari-4-fixes-local-file-theft.html)
• A more plausible E4X attack (http://scarybeastsecurity.blogspot.com/2009/05/more-plausible-e4x-attack.html)
• A brief description of how to become a CA (http://schmoil.blogspot.com/2009/01/brief-description-of-how-to-become-ca.html)
• Creating a rogue CA certificate (http://www.phreedom.org/research/rogue-ca/)
• Browser scheme/slash quirks  (http://i8jesus.com/?p=37)
• Cross-protocol XSS with non-standard service ports (http://i8jesus.com/?p=75)
• Forget sidejacking, clickjacking, and carjacking: enter "Formjacking" (http://i8jesus.com/?p=48)
• MD5 extension attack (http://netifera.com/research)
• Attack - PDF Silent HTTP Form Repurposing Attacks (http://www.secniche.org/papers/SNS_09_03_PDF_Silent_Form_Re_Purp_Attack.pdf)
• XSS Relocation Attacks through Word Hyperlinking (http://www.secniche.org/papers/SNS_09_01_Evad_Xss_Filter_Msword.pdf)
• Hacking CSRF Tokens using CSS History Hack (http://securethoughts.com/2009/07/hacking-csrf-tokens-using-css-history-hack/)
• Hijacking Opera's Native Page using malicious RSS payloads (http://securethoughts.com/2009/10/hijacking-operas-native-page-using-malicious-rss-payloads/)
• Millions of PDF invisibly embedded with your internal disk paths (http://securethoughts.com/2009/11/millions-of-pdf-invisibly-embedded-with-your-internal-disk-paths/)
• Exploiting IE8 UTF-7 XSS Vulnerability using Local Redirection (http://securethoughts.com/2009/05/exploiting-ie8-utf-7-xss-vulnerability-using-local-redirection/)
• Pwning Opera Unite with Inferno's Eleven (http://securethoughts.com/2009/08/pwning-opera-unite-with-infernos-eleven/)
• Using Blended Browser Threats involving Chrome to steal files on your computer (http://securethoughts.com/2009/11/using-blended-browser-threats-involving-chrome-to-steal-files-on-your-computer/)
• Bypassing OWASP ESAPI XSS Protection inside ‭‬javascript (http://securethoughts.com/2009/08/bypassing-owasp-esapi-xss-protection-inside-‭‬javascript/)
• Hijacking Safari 4 Top Sites with Phish Bombs (http://securethoughts.com/2009/08/hijacking-safari-4-top-sites-with-phish-bombs/)
• Yahoo Babelfish - Possible Frame Injection Attack - Design Stringency (http://zeroknock.blogspot.com/2009/12/yahoo-babelfish-possible-inline-iframe.html)
• Gmail - Google Docs Cookie Hijacking through PDF Repurposing (http://secniche.org/gmd_hijack/gc_hijack.xhtml) & PDF (http://secniche.org/gmd_hijack/advisory_gmail_google_docs_pdf_repurposing_attack.pdf)
• IE8 Link Spoofing - Broken Status Bar Integrity (http://secniche.org/ie_spoof_myth/)
• Blind SQL Injection: Inference thourgh Underflow exception  (http://dbellucci.blogspot.com/2009/12/blind-sql-injection-inference-through.html)
• Exploiting Unexploitable XSS (http://stephensclafani.com/2009/05/26/exploiting-unexploitable-xss/)
• Clickjacking & OAuth (http://stephensclafani.com/2009/05/04/clickjacking-oauth/)
• Google Translate - Google User Content - File Uploading Cross - XSS and Design Stringency - A Talk (http://zeroknock.blogspot.com/2009/12/google-translate-google-user-content.html)
• Active Man in the Middle Attacks (http://blog.watchfire.com/wfblog/2009/02/active-man-in-the-middle-attacks.html)
• Cross-Site Identification (XSid)
  (http://blog.quaji.com/2009/12/out-of-context-information-disclosure.html)
• Microsoft IIS with Metasploit evil.asp;.jpg (http://blogs.technet.com/msrc/archive/2009/12/27/new-reports-of-a-vulnerability-in-iis.aspx)
• MSWord Scripting Object XSS Payload Execution Bug and Random CLSID Stringency (http://zeroknock.blogspot.com/2009/12/google-chrome-webkit-msword-scripting.html)
• Generic cross-browser cross-domain theft (http://scarybeastsecurity.blogspot.com/2009/12/generic-cross-browser-cross-domain.html)
• Popup & Focus URL Hijacking (http://ha.ckers.org/blog/20091228/popup-focus-url-hijacking/)
• Advanced SQL injection to operating system full control (http://www.blackhat.com/presentations/bh-europe-09/Guimaraes/Blackhat-europe-09-Damele-SQLInjection-slides.pdf) (whitepaper (http://www.blackhat.com/presentations/bh-europe-09/Guimaraes/Blackhat-europe-09-Damele-SQLInjection-whitepaper.pdf))
• Expanding the control over the operating system from the database (http://www.slideshare.net/inquis/expanding-the-control-over-the-operating-system-from-the-database)
• HTML+TIME XSS attacks (http://pastebin.com/f7ac1cced)
• Enumerating logins via Abuse of Functionality vulnerabilities (http://websecurity.com.ua/2840/)
• Hellfire for redirectors (http://websecurity.com.ua/2854/)
• DoS attacks via Abuse of Functionality vulnerabilities (http://websecurity.com.ua/2981/)
• URL Spoofing vulnerability in bots of search engines (http://www.webappsec.org/lists/websecurity/archive/2009-04/msg00047.html) (#2 (http://www.webappsec.org/lists/websecurity/archive/2009-04/msg00056.html))
• URL Hiding - new method of URL Spoofing attacks (http://websecurity.com.ua/3383/)
• Exploiting Facebook Application XSS Holes to Make API Requests (http://theharmonyguy.com/2009/10/09/the-month-of-facebook-bugs-report/)
• Unauthorized TinyURL URL Enumeration Vulnerability (http://securethoughts.com/2009/02/unauthorized-tinyurl-url-enumeration-vulnerability/)

http://jeremiahgrossman.blogspot.com/2010/01/top-ten-web-hacking-techniques-of-2009.html

CitarLeo en el blog "Infomático y segurata" una anotación sobre el "Top Ten Web hacking techniques of 2009" de Jeremiah Grossman y compañía. El artículo de Jeremiah y la descripción de las técnicas esta en inglés. Son enlaces a los diferentes blogs de Jeremiah, Rich Mogull, Dinis Cruz, Chris Hoff, HD Moore, Billy Rios, Dan Kaminsky, Steven Christey, Jeff Forristal, Michal Zalewski y Romain Gaucher.

tambien el mio xD

Sí, ya he corregido la lista que pone des en su blog :P

Veo enlaces a tus maravillosas anotaciones en estas, si me falta alguna añadela :xD

20 How to use Google Analytics to DoS a client from some website.
http://sirdarckcat.blogspot.com/2009/04/how-to-use-google-analytics-to-dos.html

21 Our Favorite XSS Filters and how to Attack them
http://sirdarckcat.blogspot.com/2009/08/our-favorite-xss-filters-and-how-to.html

35 About CSS Attacks
http://sirdarckcat.blogspot.com/2008/10/about-css-attacks.html

yo soy el 8...

Vale, vale, lo que pasa es que luego en la lista general cambian el orden :xD

Eso iba a decir!

Estas en el 8 en el top 10, y en el 21 en la general XD, igual la que vale es la de arriba, ... tiene letras más grandes XD

Saludos

Tengo un libro de historias hackers y en uno de esos habla de HD Moore, Cando lo vi en la misma lista a sdc dije "aaa no mam.... neta!!"

Eso es todo sdc sigue asi.

Saludos

sdc, ¿Y el libro sobre "Advanced Web Attacks Evasion & Obfuscation" cuando lo vais a publicar?

Muy buena documentación en general, hay mucho por leer y aprender

@t0rete en junio/julio/agosto

sdc que estudios tenes? a que edad empezaste con todo esto de prgramacion? trabajaste engoogle?

Cita de: cɐstg en 26 Enero 2010, 08:18 AM
sdc que estudios tenes? a que edad empezaste con todo esto de prgramacion? trabajaste engoogle?

Si buscas por sirdarckcat vas a encontrar mucha info. Creo que sdc es de mi edad como 7 meses mas chico que yo xD.

La edad que el te la diga.

Saludos

la edad la tiene en el perfil: 1337