«HAKIN9 2007 ISSUE 1 English Language»

»Scanrand (part of Paketto Keiretsu)

Damian Szewczyk
The author presents a part of Paketto Keiretsu, which is a collection of tools that use the latest strategies for manipulating TCP/IP networks. Scanrand seems to be infallible when the time is crucial.

»General Purpose Fuzzer (GPF)

Jared DeMott
You wish to fuzz something like IMAP, DNS, FTP. How can you do that? The author describes a testing technique enabling to find bugs and vulnerabilities in software

»XSS – Cross-site scripting

Paul Sebastian Ziegler
Nowadays, when the Internet has become an essential part of many people's lifes, the injection of code into various parts of dynamic websites poses a serious, and interesting at the same time, threat to security. Reading this article will help you to learn about the ideology and the practical uses of such attacks.

»Introduction to XPath Injection techniques

Jaime Blasco
An XPath Injection attack is one of the latest techniques employing manipulating XPath queries in order to extract information from an XML database. Having read this article you will know, for example, how to employ XPath injection method to bypass safeguards in certain applications.

»Function Overwriting using ptrace()

Stefan Klaas
This text sheds the light on the way ptrace() works and presents how to write your own backdoors. Please, notice though that to fully benefit from this article the basic knowledge of ANSI C programming and some ASM knowledge is required.

»Shellcodes Evolution

Itzik Kotler
Thanks to this article you will get to know what are the obstacles waiting for the attackers trying to execute a shellcode on the attacked system as well as thetechniques to avoid these obstacles. The reader will also find some future guidelines for smarter shellcode designing and programmin

»How to bypass kernel 2.6 stack randomness protection

Enrico Feresin
As new buffer overflow vulnerabilities are discovered more and more often, protection methods working regardless of the vulnerabilities present in our software are inevitable. The author of the article shows how to bypass the randomness protection of Linux kernel 2.6 in order to exploit the stack based buffer overflow vulnerabilities.

»Tested products - security scanners.


A new section in hakin9! In this edition we present our readers' opinions on advantages & disadvantages of security scanners. You can find out if the prizes are adequate to the quality, what are the main problems that the users experienced and finally you will see the rating.

»I wish I could be the World Liberator


This month, hakin9 talks to Richard Matthew Stallman. He is a founder of the GNU Project, the Free Software Foundation and the League for Programming Freedom. An acclaimed hacker, his major accomplishments include the original Emacs the GNU C Compiler, and the GNU Debugger.