Xanda's Blog !~!

JRE 1.7 0day Exploit Released – Disable Your Java Support

Aug
27

Earlier today, FireEye, DeepEndResearch and AlienVault has posted on their blog regarding their findings on the recent JRE 1.7 0day exploit. Within seconds, @jduck1337 has came out with the PoC of the exploit and later it has been ported and made public by Metasploit

While waiting for the patch (from Oracle) to be available, users are highly recommended to disable the Java support in their browser. Java support can be disabled by:

  • For Internet Explorer user
    • Click Tools and then Internet Options
    • Select the Security tab, and select the Custom Level button
    • Scroll down to Scripting of Java applets
    • Make sure the Enable radio button is unchecked
    • Click OK to save your preference
  • For Google Chrome user
    • Click on the wrench icon, then select Options.
    • Select Under the Hood and then Privacy Content Settings.
    • The Content Settings panel will appear.
    • In the Plug-ins section, select the Disable individual plug-ins link to check whether Java is enabled
    • Click on the Disable link (if the Enable link appears, Java is already disabled)
  • For Mozilla Firefox user
    • Start Mozilla Firefox browser
    • At the top of the browser, select the Firefox button (or Tools menu in Windows XP), then Add-ons
    • The Add-ons Manager tab will open.
    • In the Add-ons Manager tab, select Plugins
    • Click Java (TM) Platform plugin to select it
    • Click on the Disable button (if the button says Enable, Java is already disabled)
  • For Safari user
    • Launch Safari browser
    • Click on Safari and select Preferences
    • Click on the Security tab
    • Uncheck (unselect) Enable Java check box
    • Close Safari Preferences window

Stay safe. Bye

Reference: http://java.com/en/download/help/enable_browser.xml

AREsoft-updater Released

Aug
25

Hi everyone and Eid Mubarak to my Muslim friends.

If you haven’t heard about A.R.E. yet, it is basically The Android Reverse Engineering (A.R.E.) Virtual Machine that combines the latest Android malware analysis tools in a readily accessible toolbox.

Tools currently found on A.R.E. are:

A github repo created by the A.R.E maintainer for easy installation and update, however the rapid development of each individual project above, does not sync with the update of the A.R.E github repo. This is why AREsoft-updater was created.

AREsoft-updater is an updater script for Android Reverse Engineering Software belongs to ARE VM from the Honeynet Project

AREsoft-updater will check for the latest available version of each individual project/tool listed above and compare it with the local (installed) version in A.R.E. If newer version is available, AREsoft-updater will automatically download and install the update for your A.R.E

AREsoft-updater also support the latest (recently released) DroidBox for Android 2.3 and APIMonitor

AREsoft-updater will require curl to work. Kindly install curl in your A.R.E virtual machine

AREsoft-updater is released under WTFPL (Do What The Fuck You Want To Public License) at my github https://github.com/xanda/AREsoft-updater

 

Thanks

PHP-Shell-Detector Bypassed

Aug
10

Hi and Ramadan Mubarak to my Muslim friends.

Last few night I saw a twitter update from @pentestit on a project called PHP-Shell-Detector; a php script that helps you find and identify php/cgi(perl)/asp/aspx shells.

My friends and I were a bit disappointed because we have developed the same thing but not yet released to the public for no reason.

But speaking about PHP-Shell-Detector, new stuff still need to be tested 🙂 so I’ve put it into a test

I’ve tested with a webshell I’ve found in the wild. Impressive.. PHP-Shell-Detector managed to detect it. The GUI and ajax was nice as well

I’ve spent some time to take a look at the code and found that the “suspicious functions used” part was implemented with the use of regex and I’ve found that something is missing.. So i’ve created a simple webshell to test my theory. So here is my code:

<?php
$cmd = $_GET['cmd'];
echo `$cmd`;
?>

And lets see the result:

This is due to the backtick is not in the regex and I believe it is not in the signature part as well.

I’ve reported this issue on the github page and comeout with the regex and tokenizer suggestion as the solution but from the response that i’ve get, i dont think it will be implemented in this near soon.

Anyway.. As overall, PHP-Shell-Detector is a good project and would help the webmaster to simplify the process of “searching” the hidden planted shell in their website.

Thanks

[Update]

I’ve received an email from the project maintainer saying that the regex has been update. Awesome! 🙂

Android Emulator Error on Ubuntu 64bit

Aug
02
SDL init failure, reason is: No available video device

If you are getting the above error while launching Android emulator on 64bit OS, these are what you need to do:

sudo apt-get update
sudo apt-get install ia32-libs

Thats all.. Now relaunch you emulator.

Thanks

Updated on 7th August 2012

Here is another tips for you on How to Start Intel Hardware-assisted Virtualization (hypervisor) on Linux to Speed-up Intel Android x86 Gingerbread Emulator