Tuesday, 13. March 2012
XSS ChEF - Exploitation Framework
This is a Chrome Extension Exploitation Framework - think BeEF for Chrome extensions. Whenever you encounter a XSS vulnerability in Chrome extension, ChEF will ease the exploitation.

What can you actually do:

Monitor open tabs of victims
Execute JS on every tab (global XSS)
Extract HTML, read/write cookies (also httpOnly), localStorage
Get and manipulate browser history
Stay persistent until whole browser is closed (or even futher if you can persist in extensions' localStorage)
Make screenshot of victims window
Further exploit e.g. via attaching BeEF hooks, keyloggers etc.
Explore filesystem through file:// protocol
Bypass Chrome extensions content script sandbox to interact directly with page JS




FBI says $700,000 worth of unauthorized charges made by Anonymous
Back in December of last year when Anonymous hacked into security think tank Stratfor, one of its claims was the theft of 200GB worth of data, including e-mails and client credit information.

Now, the FBI saying that between December 6, 2011 in February 2012, “at least $700,000 worth of unauthorized charges were made to credit card accounts that were among those stolen during the hack”.



ClubHack Magazine Issue 26, March 2012
This issue covers following articles:-

0x00 Tech Gyan - Network Security
0x01 Tool Gyan - Who wants to be a Millionaire
0x02 Mom's Guide - Protect your privacy online with ’TOR’
0x03 Legal Gyan - Section 66A - Sending offensive or false messages
0x04 Matriux Vibhag - EtherApe – Graphical Network Monitoring
0x05 Poster

Download PDF