We already have come across a lot of topics on shell. This one is about how the attacker fools the vulnerable image uploader to get his shell uploaded on the server. I have created a very simple small testing application to demonstrate this. You can even download this vulnerable uploader code file at http://db.tt/ApNzszJT . The …

Just few days back I had come across this creepy undying malware that keeps on striking the innocent people with its scarewares, scaring the hell out of them. Announced under the general term Malware, it’s more specifically a worm or rather a cryptoworm. Infection and Prevention So the first question you might be wondering about …

I had kept this topic on hold since long, as it was planned to be the last of the recently targeted posts on exploiting WordPress. This topic involves replacing the existing code in a theme file with that of the shell, and that to after the login has been cracked using wordpress login bruteforce or using …

You all might have come across the serious 0-day vulnerabilities found in Yahoo, Hotmail and AOL, exposed around a week ago, that allowed to reset the passwords of the legitimate account owners without them noticing it. This almost endangered the bulk of email account holders from being hacked. Though this has been fixed within a …

Just yesterday, I came across the activity of a trojan names as Tatanarg. The trojan is so very cleverly designed to work that it is hardly possible for any media to detect its activity. It hijacks the SSL connection between the browser and the online banking sites, blocking the client antivirus notifications and uninstalling any …

As we had discussed earlier about the SQL Injection, it  is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. We discussed there about the login screen bypassing, that might have been beneficial to the so called script kiddies, who approach hacking just through available scripts and …

Do you want to surf some unauthorised sites and to stay undetected…??  Do you get a shit message that “This site has been blocked by Administrator” when you go to Internet cafe and type some Banned sites….?? Did your boss blocked your favourate Social networking sites like facebook, orkut or myspace and other sites like …

The two popular trojans propagating through the web are Infostealer.Coinbit and Trojan.SpyEye. I will describe how both of these function out. While Infostealer trojan targets to locate the Bitcoin wallets owned by only few people and mails back to the attacker. As of June 2011, there are just over 6.5 million Bitcoins in existence, distributed …