reversing.org

Complete with the rest of Mysql blind injection papers in the web.



Currently tools are being used to get SQL data from a blind (Microsoft) sql injection, like datathief of absinthe. The problem in Mysql is the dificulty to get the database structure. In Mysql there are no Objects database or alike, so it's not possible to create an stored procedure to walktrough a database catalog as these programs do with other database managers.



The approach explained here is from a web service viewpoint. It's, from a web service vulnerable to sql injection.

closelook to reducing bruteforce timings.



When bruteforce is the only way to step out, bad bruting of the password will lead to an endless task with no guaranties. One of the reason could be a really big dictionary or a short period of times or number of attempts.



The size of the dictionary could be reduced, also the number of attemps, if an adaptive model is used against the guess. An dapative model is really usefull when a part of the guess (most of the times the password) is known.

Password cracking: abandoned topic.



Everybody talks about password cracking. It's a must when no other resource is available. Also everybody looks for a dictionary sometimes. But there's a truth that everybody fears.. there's NO the best dictionary. Success of bruteforce is achieved only (and only) if the correct word is found in the test time. But time is limited and even if the word is included in the dictionary, the result may be failed.

Another funny research in QT was this one. After using qtree for one month I realized of some applications building the objects tree in several parts down in stack, so looking for them was too hard that I decided to find another way to locate them.. a Faster way than a tree walktrough.



The next step (this one) was to interrupt QT event handler to notify another application when a qt object is receiving an event, so we can react properly to treat that widget. The idea was called qttach, and while attached to a qt application it will dump objects properties when you move the mouse over it.

Damn.. this one remained in oblivion for years!.. This essay is about QT (@ trolltech) runtime debugging. It's the first of 2 articles about qt runtime manipulation. In this one we get a tree of objects from a qt applicatión, locating their main structure address memory pool. Once located a widget enable or disable buttons or menu items is a simple task.



This little tool called qtree when attached to a qt application (tested in qt2.x and qt3.x) will dump it's objets tree. Now it may be outdated, as qt is now free.

There had been well known ways to know if a program is being debugged, most of then using signals and ptrace (see references). The following methods try not only to identify the presence of a debugger, but also identify it in a more passive way..



This paper was first published in august 2001. The crackme released for a (supossed white-hack)-con: ncn at Mallorca, spain, includes one of the methods explained in the paper. I've translated it to english just skipping historical notes and so.