skeletonscribe.net
Skeleton Scribe: Chronofeit Phishing
http://www.skeletonscribe.net/2010/12/chronofeit-phishing.html
Saturday, 18 December 2010. This combines RSnake's Popup and Focus URL Hijacking. The basic concept behind this attack is to use URL hijacking to change a legitimate login page to a fake one in the gap between when the user checks the URL and when they enter their username/password. This implementation uses polling to detect the moment the user logs in, then redirects them to a classic phishing page saying their password was incorrect, and hopes that they don't re-check the URL. As you've probably notice...
skeletonscribe.net
Skeleton Scribe: Exploiting Path Relative Style-Sheet Imports (PRSSI)
http://www.skeletonscribe.net/2015/02/exploiting-path-relative-style-sheet.html
Wednesday, 18 February 2015. Exploiting Path Relative Style-Sheet Imports (PRSSI). I've posted a detailed breakdown of how to succesfully exploit path-relative stylesheet imports and navigate the associated pitfalls over at http:/ blog.portswigger.net/2015/02/prssi.html. Posted by James Kettle. 7 June 2015 at 01:29. Subscribe to: Post Comments (Atom). HTML5 Security Cheat Sheet. Practical HTTP Host header attacks. Simulating targets for XSS/CSRF attacks in hacking games. Hackxor hacking game beta.
skeletonscribe.net
Skeleton Scribe: Sparse Bruteforce Addon Detection
http://www.skeletonscribe.net/2011/07/sparse-bruteforce-addon-scanner.html
Friday, 1 July 2011. Sparse Bruteforce Addon Detection. This post demonstrates a technique for discovering which browser addons/extensions people who visit your website have installed. This could be used for fingerprinting, compatibility purposes or pre-exploit reconnaissance. Detects top 1000 extensions). Detects 10% of top 1000 addons). Both demos use the well known technique. Img/script src='chrome:/ [imageFromAddon]' onload='addonExists=true' onerror='addonExists=false'. Posted by James Kettle. Simul...
insert-script.blogspot.com
InsertScript: August 2013
http://insert-script.blogspot.com/2013_08_01_archive.html
Friday, August 16, 2013. UXSS – Internet Explorer EUC-JP Parsing Bug. While I was using. One vector had a really weird result. The vector was: img src=x *chr*. The result said that in Internet Explorer 10. A certain character in the euc-jp charset. Consumed the , which lead to the execution of the onerror event handler but viewing the test case resulted in no code execution. After retesting the vector, there were either no results or different characters got detected, but still no test case worked. View ...
skeletonscribe.net
Skeleton Scribe: Comma Separated Vulnerabilities
http://www.skeletonscribe.net/2014/08/comma-separated-vulnerabilities.html
Saturday, 30 August 2014. My latest research, on exploiting spreadsheet-export functionality to attack users via malicious formulae, is over at: http:/ contextis.co.uk/blog/comma-separated-vulnerabilities/. Please note I no longer work at Context. Posted by James Kettle. Subscribe to: Post Comments (Atom). HTML5 Security Cheat Sheet. Practical HTTP Host header attacks. Simulating targets for XSS/CSRF attacks in hacking games. Hackxor hacking game beta. Sparse Bruteforce Addon Detection.
skeletonscribe.net
Skeleton Scribe: Phrack ebook
http://www.skeletonscribe.net/2011/12/phrack-ebook.html
Tuesday, 20 December 2011. I've converted all 25 years of Phrack magazine. Into an ebook suitable for viewing on e-readers:. The conversion wasn't perfect; text and code are fine but some of the ascii diagrams have been horribly mangled. I outright stripped base64-encoded tgz/png. This is. A work in progess; I will update it whenever I feel like some heart-withering text-processing. If you would like to roll your own version, download the epub generation code. Or the mobi version. Posted by James Kettle.
skeletonscribe.net
Skeleton Scribe: X-Frame-Options gotcha
http://www.skeletonscribe.net/2012/06/x-frame-options-sameorigin-warning.html
Saturday, 2 June 2012. X-Frame-Options: SAMEORIGIN validates window.top not window.parent. This is bad news for sites that frame untrusted content. Attacks rely on loading the target page in an iframe. The standard defence against them is to deny framing by using the X-Frame-Options. XFO) server header. Unfortunately there is a slight quirk in this feature's implementation which has left some sites vulnerable to clickjacking in spite of their use of XFO. The fix is simple: if you must iframe untrusted co...
skeletonscribe.net
Skeleton Scribe: Practical HTTP Host header attacks
http://www.skeletonscribe.net/2013/05/practical-http-host-header-attacks.html
Wednesday, 1 May 2013. Practical HTTP Host header attacks. Password reset and web-cache poisoning. And a little surprise in RFC-2616). How does a deployable web-application know where it is? Creating a trustworthy absolute URI is trickier than it sounds. Developers often resort to the exceedingly untrustworthy HTTP Host header ( SERVER["HTTP HOST"] in PHP). Even otherwise-secure applications trust this value enough to write it to the page without HTML-encoding it with code equivalent to:. When the user v...
skeletonscribe.net
Skeleton Scribe: Hackxor hacking game beta
http://www.skeletonscribe.net/2011/02/hackxor-hacking-game-beta.html
Tuesday, 1 February 2011. Hackxor hacking game beta. EDIT: the final version of hackxor is out at http:/ hackxor.sourceforge.net. I've just released a public beta of hackxor at http:/ sourceforge.net/projects/hackxor. This is a beta. Unless you want to try it out and give some feedback, you might as well wait for the final release. It is complete in terms of the exploits and how they fit together, but the websites need polish. The final release will be in. Open the image in hackxor using VMware player.
skeletonscribe.net
Skeleton Scribe: Simulating targets for XSS/CSRF attacks in hacking games
http://www.skeletonscribe.net/2011/05/simulating-targets-for-xsscsrf-attacks.html
Wednesday, 11 May 2011. Simulating targets for XSS/CSRF attacks in hacking games. Many web application hacking techniques require a victim as well as a vulnerable website. Such techniques include XSS, CSRF, XST, HTTP response splitting, session fixation, and various others. While it is possible to find. These without a victim, to truly understand them it helps to exploit. Them And you can't exploit them without a victim. This post explains how to simulate victims using HtmlUnit. Final HtmlPage login = br...
SOCIAL ENGAGEMENT