Midnight Research Labs

XSSDB
sth posted in Uncategorized on September 26th, 2006
comments:0

This is a useful XSS reference page that adds to, and puts an interface on, the previously mentioned XSS Cheat Sheet by RSnake. GnuCitizen has had a lot of interesting posts on XSS type attacks recently, and also has some other interesting projects going on that help demonstrate (well) that XSS isn’t a benign attack vector. If you’re at all interested in web application security, I reccommend both GnuCitizen and Ha.ckers.org.

MRL and upcoming conferences
sth posted in cons on September 23rd, 2006
comments:0

We have a couple conferences that we’ll be going to and also speaking at that are coming up over the next couple weeks. The first is Toorcon, and then the following week we have Security Opus. Both of which are very much worth attending (even if we weren’t speaking there, =), so you should come out and join us. Say “hi” if you’re around, we should have MRL stickers on hand. Here’s the schedule:

• @Toorcon: Aaron Peterson: wicrawl — A next-gen wi-fi auditor
• @Security Opus: Jason Spence - “CTF toolkit”
• @Security Opus: Peter Kacherginsky and Aaron Peterson - “Next generation tools from Midnight Research Labs”

See you there!

What google thinks of MRL
sth posted in meetings on September 16th, 2006
comments:0

So, this is what Google thinks of MRL after our meeting… especially after playing around with SEAT.

MRL September meeting
sth posted in meetings on September 15th, 2006
comments:0


Fellow Hackers, Slackers, and Code-crackers:

Agenda:
Phase 0x0: Bootstrapping
- Greetings and welcome
- MRL updates and status
- MRL projects update
Phase 0x1: Initialization
- Mini-presentation: Intro to distributed cracking with clusters
- wicrack brainstorming
- Poking at hardware
- Electric glowing pickle experiment
Phase 0x2: Local exploits
- Food
- Off topic tools, toys and other shiny things -- If anyone
has any interesting to show off or play with, please bring
it.
- Whatever till whenever -- This is the more social
part of the event. People are invited to stay and
hack and have a couple drinks till whenever this
phase is no longer self-sustaining, =)


Wifitap
sth posted in tools on September 14th, 2006
comments:0

I just found this pretty interesting project called WifiTap. Basically it allow for communication over a wifi network through traffic injection so that you’re not actually associated to the AP through the driver interface. Apparently you can actually route IP traffic over it and everything like a “real” interface.

The reason this is cool for us, is that it’s a step closer to the 2.0 framework for wicrawl and being able to multi-plex Access points over one card. It’s proof that a software only stack for 802.11 works end to end without crazy firmware issues. A video of his presentation at recon is available online.

Another cool thing I found out while checking out the presentation, is that Scapy actually has packet classes for all the of the different 802.11 management frames, etc.

netcat in the hat
sth posted in hacking contests on September 8th, 2006
comments:0

If you’re not familiar with The Ethical Hacker Network you should check it out, it has a decent amount of good content for the aspiring hacker. Among other things, they have new security news and tutorials, but probably the most interesting is the challenges that they post every other month or so. I found the latest challenge entertaining, so I thought I would forward it on. The challenge is in the form of a Dr. Seuss like peom titled netcat in the hat. If you are a winner in one of the categories for the challenge, you get an autographed copy of Counter hack reloaded.

Packet Attack Map
sth posted in Uncategorized on September 7th, 2006
comments:0

Here’s A little flash movie showing a sample of traffic submitted to dshield within the last 5 minutes:



Where:

1 pixel: < 10
2 pixel: < 100
3 pixel: < 1000
4 pixel: < 10000

The color indicates the packet type based on the following classification:
Blue: Not categorized.
Red: Well known services (Ports 80,53,25,22 ...).
Yellow: Windows related traffic (Port 135,137,139... ).
Green: P2P Traffic/Afterglow (Port 6881,6346,4672... ).

The Science of fingerprints and Security Engineering
sth posted in nfo on September 2nd, 2006
comments:3

I found a couple interesting books linked from schneier.com that are online and available for free. The first is Security Engineering, a Guide to Building Dependable Distributed Systems with a forward by Bruce Schneier. You can download it in chapters, or you can find the whole book in torrent form here.

The second book is The Science of fingerprints. It was written by the FBI in 1963. Its introduction is by J. Edgar Hoover and the book is available on Project Gutenburg. Another site (posted in the comments) had some interesting links on fingerprints and current technology and also a document on the official Interpol “Method For Fingerprint Identification”.

Here is an excerpt from the introduction by J. Edgar Hoover:

This booklet concerning the study of fingerprints has been prepared by the Federal Bureau of Investigation for the use of interested law enforcement officers and agencies, particularly those which may be contemplating the inauguration of fingerprint identification files. It is based on many years’ experience in fingerprint identification work out of which has developed the largest collection of classified fingerprints in the world. Inasmuch as this publication may serve as a general reference on classification and other phases of fingerprint identification work, the systems utilized in the Identification Division of the Federal Bureau of Investigation are set forth fully. The problem of pattern interpretation, in particular, is discussed in detail.

Here is a partial diagram from the science of fingerprints

New Tools
sth posted in tools on September 1st, 2006
comments:0

So every once in a while I troll around the PacketStorm latest tools RSS feed, and this time I noticed a few things of interest:

• – A new version of Aircrack-ng is out. It fixes many bugs. I also just noticed that it now has windows support.
• – Iodine looks like a good easy way to tunnel IPV4 over DNS. I think that anyone who travels should have something like this, or ptunnel (ping tunnel) setup and running since many wi-fi captive portals still allow ICMP and DNS through.
• – rhj is a proof of concept syscall hijacker. This looks pretty cool, I still need to test it out though. I’m curious how well it works.

These are all good candidates for the “tool of the week” column I’ve been meaning to get off the ground — If anyone feels like putting together a write-up, I’ll make sure to post it here.