Word Press: Md5 hash in Cookie

I realised word press uses a static cookie, even when u have not enabled remember-me option. This static value holds the md5 of your password (md5(md5 of password)), which remains static. Thus an xss exploit in wordpress could be really handy as the cookie remains the same unless the password for the user is changed.

Abusing TCP/IP name resolution in Windows to carry out phishing attacks.

I was playing with name resolution in windows and i found that it sends broadcast requests over the network for the hostnames not resolved by DNS or WINS services. This is characteristic behaviour of windows and *nix boxes do not send any such broadcast requests. As these are the broadcast request, these can easily be abused to carry out phishing attacks. I wrote a small paper on this. You can access it here.

UPDATES: Here is good article from microsoft which discusses this process in detail. Here are a few drawbacks of this atatck:

1. This attack will ony work for domain names that are less than 16 characters.

2. Routers typically do not forward broadcasts, so only NetBIOS name on the local network can be resolved and the attacker thus has to be on the same local network.

3. The victim has to enable Netios Over TCP/IP to send out broadcast request.

Under Construction

This website is currently under construction. Kindly visit again in some time.