hakin9_2005_03_3.pdf

~ t q w ~

~ t q w ~

~ t q w ~

Editor-in-Chief: Roman Polesek

Basics

Removing Spiderwebs – Detecting Illegal

Connection Sharing

Mariusz Tomaszewski, Maciej Szmit, Marek Gusta

People who share Internet connections in violation of agree-

ments with their Internet service provider can cause severe

headaches for both the provider and the network adminis-

trator. There are several ways to detect such practices. In

this article, we demonstrate how to apply these methods in

practice and how to bypass them.

hakin9 : The Mad Hatter

Finding and Exploiting Bugs in PHP Code

Sacha Fuentes

Applications and scripts developed in PHP, one of the most

popular scripting languages, are frequently vulnerable to

a variety of attacks. The reason for this lies not with the

language itself, but with common design errors made by

inexperienced programmers. In this article, we will take

a look at typical security bugs in PHP applications and learn

how to i nd them in source codes and how to exploit them.

One of our authors, Sacha Fuentes ( Finding and Exploiting

Bugs in PHP Code ), is right to warn against trusting users.

The human factor has always been the Achilles' heel of com-

puter security, and it is no secret that the most vulnerable and

error-prone element of practically any IT system is the pathetic

collection of proteins connecting the chair to the keyboard.

The problem is that this weakest link in any computer

system is also the reason for its existence. If it weren't for us,

there would be no need to perform calculations or to send data

all across the globe. Whatever the moral implications, without

us there would be no theft (Jakub Nowak, Protecting Windows

Programs from Crackers ), to give tinkering with commercial

code in order to unlock its full functionality may its proper

name, nor would other criminal practices exist, e.g. Internet

fraud ( Removing Spiderwebs – Detecting Illegal Connection

Sharing ). If it weren't for human activity, we wouldn't have

to struggle against the mindless malice of Internet worms

(Michał Piotrowski, Honeypots – Worm Traps ) or track down

intruders hiding in other people's systems. There is no get-

ting away from our human vices, since history shows they are

an unavoidable consequence of our sense of property.

After all, devices for registering compromising emissions

(Robin Lobel, TEMPEST – Compromising Emanations ) are

no different from your old nosy neighbour listening at your

wall with a glass to her ear, while anyone breaking into the

server room in the dead of night (Jeremy Martin, Physical

Security Design ) bears a striking resemblance to a caveman

crawling into someone else's cave by the light of the moon.

At hakin9 magazine, we never shy away from difi cult and

sometimes slippery subjects, switching our hats from black

to white at will. Whatever the moral implications of the activi-

ties we write about, they are all a testament to our humanity,

for better or for worse. As long as evil plots exist and we all

have to continue the perennial game of cops and robbers, we

can be sure that we are still human – which is what we wish

for ourselves and for all our esteemed readers.

Attack

SQL Injection Attacks with PHP and

MySQL

Tobias Glemser

There are several attack techniques commonly used against

the PHP+MySQL environment, and SQL Injection is among

the most frequently used. The idea behind the technique is

to force the target application to accept our input and use

this ability to execute SQL commands. Let's see how the

technique can be used in practice.

Hiding Kernel Modules in Linux

Mariusz Burdach

Placing a rootkit module in the victim's system is only the

beginning of an intruder's labours. If the intrusion is to remain

undetected, the malicious code must be hidden in a way

which does not arouse suspicion. Let's take a look at some

methods which will enable us to hide any system module.

TEMPEST – Compromising Emanations

Robin Lobel

TEMPEST , also known as van Eck phreaking , is the art of

transforming involuntary emissions into compromising data.

The method mainly concerns electromagnetic waves, but it

can be equally well applied to any kind of unwanted emana-

tions induced by the inner workings of a device. We demon-

strate how to start building your own TEMPEST system.

Roman Polesek

romanp@hakin9.org

www.hakin9.org

~ t q w ~

hakin9 3/2005

Defence

OS Fingerprinting – How to Remain

Unidentiied

Michał Wojciechowski

Every operating system has a number of characteristic

features which can be used to remotely identify it. In this

article, we'll try to modify certain system parameters so

as to fool remote OS detection programs into believing

that our machine is actually running a different operating

system.

DISCLAIMER!

The techniques described in our articles may only be used in pri-

vate, local networks.

The editors hold no responsibility for misuse of the presented

techniques or consequent data loss.

Honeypots – Worm Traps

Michał Piotrowski

Internet worms spread at a lightning rate, so taking effective

countermeasures requires their code to be captured and

analysed as soon as possible. Honeypot systems let us cap-

ture worms and observe their activity, but can also be used

to remove them from infected machines.

is published by Software Wydawnictwo Sp. z o.o.

Executive Director: Jarosław Szumski

Editor-in-Chief: Roman Polesek romanp@hakin9.org

Managing Editor: Tomasz Nidecki tonid@hakin9.org

Assistant Editor: Ewa Lipko ewal@software.com.pl

Distribution: Monika Godlewska monikag@software.com.pl

Production: Marta Kurpiewska marta@software.com.pl

DTP: Anna Osiecka annao@software.com.pl

Cover: Agnieszka Marchocka

Advertising department: adv@software.com.pl

Subscription: subscription@software.com.pl

Proofreaders: Nigel Bailey, Alex S. Harasic, Tomasz Nidecki

Translators: Michał Wojciechowski, Michał Swoboda,

Zbigniew Banach, Ewa Dacko

Top betatesters: Adrian Pastor

Betatesters: Sergei Laoun, Wendel Guglielmetti Henrique

Protecting Windows Programs from

Crackers

Jakub Nowak

A shareware application programmer's work will sooner

or later be sabotaged by crackers. Quite often, a crack or

keygen can be found on the Internet the very same day that

an application is published. However, there exist effective

methods for protecting code from thieves. Let's learn how

to use them in practice.

Postal address: Software–Wydawnictwo Sp. z o.o.,

ul. Lewartowskiego 6, 00-190 Warsaw, Poland

Tel: +48 22 860 18 81,

Fax: +48 22 860 17 71

www.hakin9.org

Software-Wydawnictwo Sp z o.o. is looking for partners from all over

the World. If you are interested in cooperating with us,

please contact us by

email: cooperation@software.com.pl

Physical Security Design

Jeremy Martin

There is no merit in spending money on protecting data we

can recreate; what could possibly happen? – comments

like are all too often heard from many top executives. From

employee misuse to industrial espionage to natural disasters,

company assets are exposed to a variety of threats that are

often overlooked or ignored. And after all, the irst line of

defence is physical security.

Print: 101 Studio, Firma Tęgi

Printed in Poland

Distributed by: MLP

Parc d’activités de Chesnes, 55 bd de la Noirée -

BP 59 F - 38291 SAINT-QUENTIN-FALLAVIER CEDEX

Whilst every effort has been made to ensure the high quality

of the magazine, the editors make no warranty, express or implied,

concerning the results of content usage.

All trade marks presented in the magazine were used only

for informative purposes. All rights to trade marks presented

in the magazine are reserved by the companies which own them.

Tools

To create graphs and diagrams we used program by

company.

The editors use automatic DTP system

Ant

A graphical tool which simpliies the analysis and

security tests of networks and computer systems.

ATTENTION!

Selling current or past issues of this magazine for prices that are

different than printed on the cover is – without permission of the

publisher – harmful activity and will result in judicial liability.

Knock

A client-server tool allowing users to open SSH

connections.

hakin9 is available in: English, German, French, Spanish, Italian,

Czech and Polish.

hakin9 3/2005

www.hakin9.org

~ t q w ~

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: