Guest Blogging at Prohack

Lately I was thinking of ways of how we can share knowledge better with all of you, I have gotten emails from a lot of join us at Prohack knowledgeable people who are quite open to share their views on technology. Prohack invites You to share your views ideas, articles and provides you an open platform to make the world hear you out loud (sounds corny but I guess that works :P) . In formal language, you can join us and send your articles/tutorials,reviews on hacking,gaming,programming, security, open source,linux, tutorials or just technical topic. We will publish it on Prohack and will link to your site and provide your credential on the article. You will get popular :) and will benefit from our huge user base !!

Article guidelines

The article shall be well formatted and it doesn't needs to be extremely long,what is important is that you have something to say or to share,for e.g. you can discuss an interesting software or useful tools. You can share your ideas here with us review some games or tools in the meantime :)

Article format : doc,docx,txt .

Send in your articles at luckyelites [at] gmail.com and I will try to publish them in 24 hours.

 

Cheers

XERO

 

5 More sites for budding hackers

Last time I wrote about 5 sites for budding hackers and shared websites which I visit regularly for knowledge and  5 More sites for budding hackersqueries.This time I m expanding it by sharing 5 more sites which in general are the best place to hangout and devote time if you are a budding hacker. Remember,as I repeat my words, NOBODY can make you a hacker, its your passion that makes you one. But for starters,here are some really good websites to have a look into.

Securityfocus
Securityfocussince its advent in 1999,securityfocus has focused on high quality original technical papers and original content.SecurityFocus was formed with the idea that community needed a place to come together and share its collected wisdom and  knowledge.The bugtraq here is of high volume and consists of full disclosure mailing list for detailed discussion and announcement of computer security vulnerabilities.

Packetstormsecurity
PacketstormsecurityPacket Storm is a a non-profit organization comprised of security professionals that are dedicated to providing the information necessary to secure networks on a global scale.It offers an abundant resource of up-to-date and historical security tools, exploits, and advisories.

Rootsecure
Proclaimed as the Security News Site For Systems Administrators & Hackers,Rootsecure provides comprehensive hand picked links to the new security related news articles every day, along with a daily mailing list bringing the latest security news direct to your inbox every morning.

Irongeek
Adrian Crenshaw's information security site which specializes in videos and articles that illustrate how to use various pen-testing and security tools.

DarknetDarknet
Sited as one of the top 5 security blogs,its always updated with latest news in information security. It offers latest tools of trade,updates to security tools and comments on various security topics which are not mainstream otherwise. A great site to learn and bookmark.

Keep learning

PS : Like this article ? You can always support me by buying me a coffee or You can always try some of the cool merchandize from PROHACK.


POSTED BY XERO ALL RIGHTS RESERVED.


iPhone, IE, Firefox, Safari owned at Pwn2Own

At Vancouver this year,the best hackers flocked to show off their skills CanSecWest conference. Pwn2own 2010 as its called exemplified a platform for beating the best security protections of industry giants and like wise it turned out that it became another grim day for internet security at the annual Pwn2Own hacker contest Wednesday, with Microsoft's Internet Explorer, Mozilla's Firefox and Apple's Safari and iPhone succumbing to exploits that allowed for remote administration. iphone 3GS hacked

The rules were simple..use previously unknown exploits and undocumented vulnerabilities to to expose sensitive system data or allow the remote execution of malicious code. In its 4th year of organizing,Pwn2Own has come to highlight the alarming insecurity of most internet-facing software. The exploits were impressive as they bypassed state of art security protocols and mitigations designed by software giants with no sweat. Microsoft’s DEP or data execution prevention, ASLR, or address space layout randomization and the code signing by Apple were thrashed at Pwn2Own.

iPhone, IE, Firefox, Safari owned at Pwn2Own

Halvar Flake, a security researcher for Germany-based Zynamics commented "Code signing by Apple is tough, though I'm not sure if they do it for security or just to lock people into their platform," . Flake compromised the iPhone using an exploit written by his colleague Vincenzo Iozzo. The iPhone's code signing mechanism requires code loaded into memory to carry a valid digital signature before it can be executed. To get around it, the researchers used a technique known as return-oriented programming, which takes pieces of valid code and rearranges them to form the malicious payload.

As a result, hackers were able to create a malicious website that when visited by iPhone allowed to compromise the sms database revealing the list of contacts as well as complete copies of messages that have been sent and received and even deleted ones (unless a user has deleted them manually ).

at Pwn2Own 2010

DEP and ASLR, which Microsoft began implementing with the release of Service Pack 3 for Windows XP, didn't fare much better as Peter Vreugdenhil, a Netherlands-based  researcher hijacked a laptop running IE 8 running on Windows 7 using an information disclosure exploit, a combination widely considered by white hat hackers as among the hardest to compromise. CanSecWest pwn2own2010

Firefox running on Windows 7 and Safari were also smitten at Pwn2own.The iPhone hack fetched $15,000 and the browser exploits were awarded $10,000 each. 

The genius of a contest like Pwn2Own is that it exposes the insecurity of software that rarely gets exploited by criminals. Plenty of Linux and Mac fans cite the absence of real-world exploits on those platforms as proof positive that they are inherently safer than the prevailing Microsoft operating system. It's an argument that carried little weight in Vancouver.

"The problem Microsoft has is they have a big market share, said Vreugdenhil, the hacker who attacked IE. "I use Opera, but that's basically because it has a tiny market share and as far as I know, nobody is really interested in creating a drive-by download for opera. The web at the moment is pretty scary, actually."

 

The Register

 

PS : Like this article ? You can always support me by buying me a coffee or You can always try some of the cool merchandize from PROHACK.

POSTED BY XERO ALL RIGHTS RESERVED.

 

Halo Custom Edition – Relentless wild fun for Free !!

Some games never lose their charm…They are supposed to be played over and over with friends and foes alike till your fingers start aching and mind gets numb,and no,I m not exaggerating. Halo:Combat Evolved was launched in 2001 by The original Halo was a great game :) Bungie and it redefined the fps genre then. When it was launched on PC, it gave new horizons on fps genre,making an already good game to an insanely good one. Its been 9 years and the killing has continued. Although not on same level as Counter strike, but still, just jump into a Halo game and you will find plenty of servers out there.Then came Halo Custom Edition..released in 2004 by Gearbox software,its a multiplayer only, standalone unsupported version of Halo on the PC. Halo CE includes several new multiplayer features and options, the most notable of which is the ability to play user-created content.The point of Halo: Custom Edition is to allow game modders and fans to create their own content such as new maps and mods which will hopefully result in a more varied game experience and extend the lifetime of Halo and it succeeds entirely. Along with the ability to mod the game Gearbox Software also fixed a number of bugs and graphical issues that can still be found in Halo: PC.

 

Halo Custom Edition title screen Halo Custom edition supports a lot of mods and the gameplay is a blast with friends :)

I spend my entire weekends having a blast while playing Halo CE with my friends,and trust me, its a blast you wont forget :P You can also find a portable edition with some googling around.

You can download it here

You might wanna also look at Halo Tips and tricks and Learn how to mod it..or you can join me at Xfire :)

 

Cheers

 

PS : Like this article ? You can always support me by buying me a coffee or You can always try some of the cool merchandize from PROHACK.

POSTED BY XERO ALL RIGHTS RESERVED.

 

JSKY - Free Vulnerability Scanner

With hordes of vulnerability scanners and frameworks launching everyday (mostly commercial) Jsky makes an impressive Vulnerability :Pattempt to set itself apart by keeping it free and keeping it real by packaging everything in a small package. Don't be fooled by its small size, it packs quite a punch when compared to other professional packages considering its release  version.Good vulnerability scanner ? check ! Web backdoor and SQL Injection? Check ! Directory traversal,sensitive directory and file scan? check ! Jsky is quite promising in its features..

Jsky packs powerful web spider and multi-threaded scanner which crawls hundreds of thousands of pages with ease & allows to extract links from JavaScript and flash.It uses Pangolin as its engine and allows for advanced and in-depth SQL injection,and hence can detect these vulnerabilities exactly with no sweat unlike others which using method of Pattern Matching.Supported databases include Oracle, MSSQL, Mysql, Informix, DB2, Access, Sqlite, Sybase, PostgreSQL and even more. Jsky has a modular design which allows for everybody to code and share their custom modules. Also a XML-based vulnerability file system and an integrated a Web vulnerability executive parser means you can design a vulnerability just by editing the XML file, no need to code any program.
The best part ? ITS FREE !

  • SQL Injection
  • XSS
  • Unsecure object using
  • Local path disclosure
  • Unsecure directory permissions
  • Server vulnerabilities like buffer overflow and configure error
  • Possible sensitive directories and files scan
  • Backup files scan
  • Source code disclosure
  • Command Execute
  • File Include
  • Web backdoor
  • Sensitive information

Jsky Vulnerability Scanner

 

I was lying about its bbest part..The best part is that it can also be used to launch and test exploits.. A must have for any security professional :)

Download it from Here

 

PS : Like this article ? You can always support me by buying me a coffee or You can always try some of the cool merchandize from PROHACK.

POSTED BY XERO ALL RIGHTS RESERVED.

John the Ripper – Password cracking at its best

If you are into password cracking then you probably know about it,John the Ripper is one of the most popular password Crack passwords using john the ripper testing and breaking program available. JTR, as its fondly called ,combines multiple password cracking packages into one package,includes auto detection of hashes and is a fast password cracker. It is currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS and supports 15 different platforms . Its primary purpose is to detect weak Unix passwords ( no..I m kidding,Its primary purpose is to break passwords :P ).It can natively detect and crack various encrypted password formats including several crypt password hash types most commonly found on various Unix flavors (based on DES, MD5, or Blowfish), Kerberos AFS, and Windows NT/2000/XP/2003 LM hash. JTR has an active community and multiple third party patches have been added to increase its functionality to include MD4-based password hashes and passwords stored in LDAP, MySQL and others unsupported hashes. JTR is the penultimate when it comes to password cracking in windows (Cain and Abel is the ultimate :P), but for Linux and open source,its the best you can get your hands on.Fire it up with a wordlist and you are good to go
Here is a sample output of JTR in Debian environment (shamelessly taken from Wikipedia)
root@0[john-1.6.37]# cat wpass.txt
user:AZl.zWwxIh15Q
root@0[john-1.6.37]# john -w:password.lst wpass.txt
Loaded 1 password hash (Traditional DES [24/32 4K])
example         (user)


guesses: 1  time: 0:00:00:00 100%  c/s: 752  trying: 12345 - pookie



John the ripper GUI 


You can download JTR from here



PS : Like this article ? You can always support me by buying me a coffee or You can always try some of the cool merchandize from PROHACK.





POSTED BY XERO ALL RIGHTS RESERVED.




Prohack updated :)

32 days and no articles..folks I was exhausted by a tight schedule of competitions,upgrades and technical fests. Whilst I was snoring off due to practicing whole night for the fests, I was flying off to multiple colleges and preparing for my college’s own technical event. I went to Chitkara Institute of Engineering and Technology and took part in Cellular workshop, Praudyogikii 2010 Microsoft quiz known as Pragyaan and Hacking event known as Crackle. The results were quite under whelming because of event management. I qualified for semifinals for Microsoft Pragyaan quiz and for Hacking Finals & both of events started simultaneously at 11:00 am. How a person is supposed to take part in 2 events simultaneously at 2 different locations is out of my mind. The result ?  I got a 3rd position in hacking event and 2 participation certificates for Microsoft quiz. My rotten luck..I got stuck in 4th level of Crackle event and when I got past it, It was already too late (apparently my sql injection failed on level 4).

Later I organized hacking in my college, it was a steganography-cryptography-cracking based challenge in which you have Spontania 2010 to first work yourself off with NTFS data streams, then get your tools and data from 3 images and then crack Winrar 3.93 using Codefusion and hackers Diss-assembler. The tricky part was getting the exact memory address to be patched as hackers Disassembler doesn't allows for values to be edited in runtime.Neverthless, I took part in Photoshop event, a technical quiz and Crack the code event, and I was awarded 2nd prize in Photoshop, 1st prize in Technical Quiz and 2nd prize in Crack the code event. Not bad for a good ending.

In the mean time, I upgraded my blog with a domain and have been experimenting with different platforms as well. I m thinking of moving on to wordpress but it might be a tricky move. Man…I was so busy that I was not able to celebrate the birthday of PROHACK. Belated happy birthday to my site. Meanwhile, I m back on blogging and will resume to my usual technoblogging.

 

Cheers and Keep Learning

 

XERO

 

POSTED BY XERO ALL RIGHTS RESERVED.