So there I was, checking out tech books at Borders, when I noticed … DUN DUN DUN … the Blue Screen of Death!

CBS’s 60 Minutes ran a segment on internet insecurities and they showed the ease of finding tutorials on youtube to exploit them. They chose our video on cracking WEP to demonstrate and showed a short clip of it. The segment is up on the CBS website and you can check it out here. Thank you CBS for the free publicity!
—————————————————————————————————————————– Update – Live Stream

In this episode of Full Disclosure we are explaining the website attack known as Cross-Site Scripting (XSS). Cross-Site Scripting is a type of security vulnerability that affects web applications that do not sanitize user input properly. This kind of vulnerability allows an “attacker” to inject HTML or client side script like JavaScript into the website. Cross-Site Scripting is most commonly used to steal cookies. Cookies are used for authenticating, tracking, and maintaining specific information about users; therefore, by stealing a user’s cookies an attacker could bypass the website’s access control. There are three types of XSS attacks: Persistent, Non-Persistent, and DOM-Based. In this episode we will cover Persistent and Non-Persistent Cross-Site Scripting attacks.

Live Stream Here
Download Here

Download Cookie Catcher Here

I currently attend Southern Illinois University at Carbondale, and I am taking Digital Circuit Design with Dr. Weng who also teaches Network Processing Systems Design. Today in class he invited all his students to go a tour of SIUC’s computer network with his Network Processing Systems class. Of course I took up his often because it is not every day a regular student can walk into the core networking room and server mainframe of a large University. Basically, the network is system up on a three layer infrastructure (Core Layer, Distribution Layer, Access Layer). At the Access Layer (which is the layer that provides network access to client computers) the University uses Cisco Catalyst 2950 switches. Those switches are connected via cross-over cable to the Distribution Switch which is a Cisco Catalyst 3524. In turn, the Distribution switch connects via fiber wire to the Core Switch which is a Cisco Catalyst 6509. The entire can network runs at 1 Gigabyte; however, the internet bandwidth is capped at 300 Mb! Furthermore, only 90 Mb of bandwidth is dedicated to the Residence Halls!! All the Core Switches goto the student center where the internet point of entry is located. Also, internet traffic is filtered through a SourceFire firewall. Some more interesting networking facts: SIUC has 9 Wireless AP (I believe) which are managed by a Cisco Wireless LAN Controller, for access control they use Cisco 1111, for VPN they use Cisco VPN Concentrator 3000, and for their servers they use Sun System SunFire. A interesting security fact is that they only use SSH to configure switches remotely because the web interface has security issues. Lastly, you probably noticed that most of their networking devices are Cisco this is for compatibility reasons, they had problems in the past for using multiple vendors. Well thats about it, hope you enjoyed hearing about SIUC’s Network.

Typical Network Layout of a SIUC Building:

My Dorm’s Network Layout:

The Sql Injection Challenge has already been completed, so here is a video demonstration on how to find this Sql Injection flaw and exploited it to extract password hashes. In this video I use a firefox plugin ‘Data Tamper’ that can be download here

 

Full Size Video
Download Here

I’m proud to announce the first Infinity Exists’ Hacking Challenge! The challenge is to find a Sql Injection flaw in our forums, and exploit it to extract password hashes. The first person to complete this challenge will receive a free Infinity Exists T-shirt. The Sql Injection vulnerability is hidden deep in Infinity Exists’ forums, and will be much harder to find then the vulnerability demonstrated in Full Disclosure Episode 11. Tips to help you get started:

1. Watch Full Disclosure Episode 11!
2. Download Wp-Forums Source Code
3. The variable that is used to manipulate the Sql Statement is a POST variable.

Good Luck!
Discuss Here
—————————————————————————————————————————–
Update!
marcel.romard and esc both won Infinity Exists’ Sql Injection Challenge!! Marcel.romard found the Sql injection flaw in the forum’s search that this challenge was based around. Esc found a Sql Injection flaw that we were unaware of in the forum’s RSS feed. Congrats to both of you!