Setup your machine to a server

Recently, I wanted to setup a ssh server on my computer so that I can remote to it in case I need something from my school. Bellow are some of my experience.

First, set up static internal ip for the machine.
Since the computer is connected to internet via a router, we need to set it up to be static to the router. We can do it either from the Network Setup of the machine or in the router using network interface’s MAC address
Continue reading

Basic watermarking technique for image integrity using LSB

This is actually a lab exercise from my course ImSecu. We tried to implement basic algorithms for protecting image integrity using watermarking. The idea is to make use of the least significant bit (LSB) of the image to store some information of the image (checksum, compressed bits) and retrieve them for checking. This is a blind watermarking algorithm, which means that we don’t need the original image to verify the integrity.

Result of LSB random bit

Result of LSB random bit detection

Continue reading

Malware vs virus vs worm vs trojan vs rootkit

Such similar terms may easily create confusion.

Malware is shorted for malicious software which implies that every piece of code that is malicious is malware. So it is safe for us to call virus, worm or trojan or whatever does bad things malware.

Virus needs a file to attach to and gets executed when the file is executed. Virus can envolve.

Worm is a computer program. It stands alone and doesn’t need to attach to anything. Worm autonomous spreads through the network very quickly.

Trojan is a seem-to-be normal program but do malicious things without user’s awareness. Trojan cannot replicate himself.

Rootkits or backdoor is a piece of code that attacker leaves in the system after he successfully breaks into to hide his presence and allows his comeback.

Preventing against XSRF

After trying to exploit the XSRF (previous post), it is considerable to put in mind techniques to prevent against the this attack. This post will try to evolve from very basic protection and to better security approach by discussing their weaknesses. The technique discussed in this post including changing state by POST request, CAPCHA, prevention token and crytographic token.
Continue reading

A simple example of Cross-site request forgery attack using PHP

Cross-site request forgery (XSRF) is an attack which exploits websites that have weak authorization by taking the advantage of browser session and same-origin policy. To understand clearly about Cross-site request forgery, you can read the wiki page here. This post will demonstrate a simple exploitation using this technique.
Continue reading

Exploit stack-based buffer overflow using NOP-sled technique

Stack-based buffer overflow is a common programming error that I get when I started to learn programming but I did not know that it would be really dangerous. In this post, I will try to note down what I have learned after trying to exploit this vulnerability using the well-know NOP-sled technique.

Continue reading

Filesystem mazes race condition attack (2)

This post will demonstrate in detail how to exploit the TOCTTOU race condition of linux.
To understand basic idea of Filesystem mazes attack, read the first part here

In order to attack, we must first generate the maze and the trap and a program that calls the access and open call of kernel to generate race condition.
Continue reading

Filesystem mazes race condition attack (1)

One of the attack that usually happens in linux system is the attack that takes advantage of the TOCTTOU race condition. When a user wants to open a file, the OS will first checks the permission of the user, then grants/denies access to the file. Only after the authorization finished, OS will open the file. TOCTTOU (time of check to time of use) is the time different between the authorization of the file and the time when it is actually used. The attacker can exploit this race condition and change the link to file that he has permission to read to a private file during TOC and TOU.

Continue reading