The other day I found myself in the situation where I had to access my LSA (Local Security Authority) secrets on my Windows box. For those of you who doesn’t know what it is; let me quote Microsoft: “The Local Security Authority (LSA) is a protected subsystem of Windows that maintains information about all aspects of local security on a system, collectively known as the local security policy of the system….
More+I was at the CCC (28C3) congress in Berlin recently. Where the two researchers Alexander ‘alech’ Klink and Julian ‘zeri’ Wälde disclosed a DoS vulnerability affecting about all programming languages in the way they utilize hashtables. Funny thing is, most server technologies, PHP, ASP (.NET), Java variants, Pyhon (django) etc, all appear to be vulnerable to different variants of the attack. It consists of abusing the hashtable datastructure(s) in a way…
More+What have been seen, cannot be unseen.
After my release about the Tiny PHP Shell, Mr. Gareth Hayes @ The Spanner made a non-alphanumeric variant. I got inspired by his nifty script and started researching further. My main plan was to create an array of data with different values in order to have something to work with. So my first shot was this: @$_[]=@!+_; PHP will try to parse the green underscore as a constant, when the interpreter…
More+This is how you feel when you discover obvious vulnerabilities.
‘Nuff said.
Cya soon.