Our Ebook [$5 USD]
Buy our Ebook!
Monday, June 6, 2011
Python Programming Lesson Four. ( beginning strings )
Site Update.
Sunday, June 5, 2011
Python Programming Lesson Three.
Reverse Engineering Java Applets : Basic Level
I will be doing this method from my OS (which is Ubuntu) so I will be doing a lot of command line for my compiling (because frankly I don't care enough to get a compiler. For these steps, use your own method of compiling a Java applet, there is not really one specific way to follow this tutorial)
For this tutorial you will need
- JDK (Java Development Kit), you can download this from Sun Microsystems' Website
- JAD (Java Decompiler), you can download this here
- Basic knowledge of Java
- Java Compiler (you can use your own, or do it from command line, it's still simple from command line, but most people want a GUI)
Once you've downloaded the JDK (if you didn't already have it) and the Java Decompiler, you're going to need to find an applet that you want to reverse engineer. I found (through searching "java applet examples" on Google) an applet that I thought would be perfect for this tutorial here
Basically, I just wanted to see how this applet works. So, I decided I'd crack it open and get to it.
First, we need to actually get the class file. The class file is a binary file that makes it so that the interpreter (probably used the wrong word, but whatever) can display the applet (since it can't read plain text like we can). To get this class file, we need to find out where the class file is located
Note: Almost all class files will be in the same directory as the applet you're viewing
But, to be sure, we're going to right click the page and select the "View Source" option. Once we do that, we need to press Ctrl+F and search for "APPLET" (make sure that match case is off when you do this)
You want to keep searching until you find a tag that looks something like this
Now, if you're not on the same website as me, then this will look different. But, the class file that we're looking for is located after "CODE=". In this case, we can see that the class file is "image3dcube.class". So, to get this file we need go into the url bar, get rid of "applet2.html" and put in "image3dcube.class" like so
<APPLET CODE="image3dcube.class" WIDTH=250 HEIGHT=250>
./jad image3dcube.class
And it should end up looking like this
javac image3dcube.java
This will compile the code and give you a new image3d.class file. You can now modify the code from the image3dcube.java file, compile, and then run it. But, we need a way to actually view the applet. Unfortunately for us, the source code from the original applet uses Parameters. So, in order for this code to run properly, we need to copy the applet code from the original site's source file and change some values.
The original code for the applet is this:
Now, what you'll need to do, is copy the applet code then create a new .html file. I generally name this file "applet.html" because it's a general name. Once you've made this file, paste the code into the applet.
<APPLET CODE="image3dcube.class" WIDTH=250 HEIGHT=250> <PARAM name="background" value="FFFFFF"> <PARAM name="shadowcolor" value="FFFFFF"> <PARAM name="textcolor" value="000000"> <PARAM name="spotlight" value="no"> <PARAM name="showlightbutton" value="no"> <PARAM name="sleeptime" value="5"> <PARAM name="target" value="_self"> <PARAM name="anglestep" value="8">
<PARAM name="mouseresponse" value="6"> <PARAM name="zoomspeed" value="4"> <PARAM name="image0" value="2comp1.gif"> <PARAM name="image1" value="2comp2.gif"> <PARAM name="image2" value="2comp3.gif"> <PARAM name="image3" value="2comp4.gif"> <PARAM name="image4" value="2comp5.gif"> <PARAM name="image5" value="2comp6.gif"> <PARAM name="url0" value="http://oran.k12.mo.us/fbla/index.html"> <PARAM name="url1" value="http://oran.k12.mo.us/fbla/index.html"> <PARAM name="url2" value="http://oran.k12.mo.us/fbla/index.html"> <PARAM name="url3" value="http://oran.k12.mo.us/fbla/index.html"> <PARAM name="url4" value="http://oran.k12.mo.us/fbla/index.html"> <PARAM name="url5" value="http://oran.k12.mo.us/fbla/index.html"> </APPLET>
For applets that don't use parameters, you can simply copy and paste this:
<applet code="CLASS FILE HERE" width="WIDTH OF APPLET" height="HEIGHT OF APPLET"> </applet>
change the values, and it will run. But, since this applet uses parameters, we need to satisfy these parameters or change them if necessary. If we were trying to reverse engineer a real applet, we'd want all of the pictures that the applet originally used, but for this, the general idea of this applet is so that you can put your own images. For the Linux users, you can use wget and usually get all of the images you need. For a guide to wget, go here. If you end up getting not-needed images, then try changing the level.
Luckily for us, this applet is very flexible about our images, and our original goal was to see how this worked, maybe improve it, and then put in our own images. So, to do this, all you need to do is put images (maximum of 6) on your server or in your folder (the same folder as your applet) and then change the applet's parameters to be the file name of those images. Then, open the applet or use "appletviewer YOUR FILE NAME HERE.html" and see if it works.
There are many uses for reverse engineering a Java applet. To crack a password, to see where files are stored, or just to see how an applet works so that you can maybe improve your own code or heaven forbid leech the source. Anyway, I hope you enjoyed this tutorial, and you will hopefully be seeing some more useful tutorials later on in the future.
Thanks,
- Clocwork
Programming Lesson Number Two ( Math.py )
Saturday, June 4, 2011
AWUS036H Product Review
Friday, June 3, 2011
Programming Lesson Number one.
import time
a = time.time()
print a
time.sleep(3)
[EBOOK] Ye Old Social Engineering [$5]
Thanks,
- Clocwork and Preistpower
Doxing Assistant V4 or AIO.
Thursday, June 2, 2011
Chat bot.
Wednesday, May 11, 2011
CONGRATS TO SHADOWDRIFTER!
So as many of you know cell phone voicemails are incredibly insecure. Now for reconnaissance this isn’t useful when you are gathering information on big companies. Mostly due to the fact that employee cell phones are often private. When doing reconnaissance you should always be aware of the information you have already found, and how it can be used. Thats where an employee directory comes in handy. Many top businesses use the Audix voicemail system so knowledge of the system is invaluable.
Simple coin flip simulation.
import random
# Assigning the variables
i = 1
h = 1
t = 2
lit = []
lih = []
# Starting the loop
while 101 > i:
# Random function to select 1,2 to represent heads and tails.
data = random.randint(h,t)
print data
i = i + 1
data = int(data)
if data == 1:
lih.append("1")
if data == 2:
lit.append("2")
e = len(lit)
e = str(e)
f = len(lih)
f = str(f)
print 'You flipped tails ' + e + ' ' + 'times ' + 'and ' + 'You flipped heads ' + f + ' times'
raw_input()
This is just an example of what you can do with very simple functions, and just a few lines of code.
Sunday, May 8, 2011
PODCAST : Episode Four - Dead Drops
Saturday, April 30, 2011
Router Hacking.
to hack routers. I will just be going over a few ways to find unsecure routers, and poorly configured routers
The simplest way is to just gain access to the network, and go commonly to
192.168.1.1 for the router page. You will encounter routers without passwords, but you should learn some of the most common
default passwords for routers just in case.
Common default passwords for any router username:password:
admin:admin.
admin:password.
admin: no password.
nothing in either username nor password.
admin:guest
guest:password
Those few password combinations will be the most commonly used. I personally used admin:admin just the other day.
Now we have logged into router so what can we do? Well the first thing we can do is enable remote management ( Remote management is the ability to control the router from a remote location); it is different
for each router, and some do not even have the option. If you do happen to find the option; you will need to change the default
password, and make sure you allow your I.P address to connect. This is all very self explanatory when you are familiar with routers.
By the end of this post you will be well on your way to becoming an expert at router configuration.
Now its easy to find routers from just finding secure, and unsecure wireless networks to try and access. There are a lot of
routers that web interfaces are actually indexed in Google! So with a simple Google dork we can find dozens even hundreds of unsecured routers
just waiting for someone to experiment with.
Google dorks to find routers:
intitle:"SpeedStream * Management Interface" ( Speed Stream routers )
intitle:"Setup Home" "You will need * log in before * * change * settings" ( Belkin routers )
intitle: "actiontec" main setup status " Copyright 2001 Actiontec Electronics Inc"
Those three dorks should keep you busy for quite some time. Now there is one more method that is hit, and miss really.
If you happen to find a target. Port scan them, and look for port 23 which is by default Telnet. There are a lot of off the shelves routers with telnet
active with only the default passwords in place. Which are very similar to the default router passwords except for a select few.
Default Telnet router passwords:
guest:guest
guest:password
user:guest
admin:guest
That is all for now; may your blades stay sharp, your mind sharper! Shadowdrifter.
Using the Bystander Effect
The term bystander effect refers to the phenomenon in which the greater the number of people present, the less likely people are to help a person in distress.
- Darley, J. M. & Latané, B. (1969). Bystander “apathy.” American Scientist, 57, 244-268.
The Bystander Effect, although a phenomenon, can have some practical use in Social Engineering.
PLEASE NOTE: This effect will not happen every single time as there are good people in this world that are willing to help those in distress. We do not condone using this for illegal purposes, this post is only for information about psychological phenomenon.
Standard tests done by many psychologists involve the use of an injured victim laying in the middle of a busy side-walk. Passers-by simply ignore the injured person and continue walking no matter how much the person in distress is moaning. Occasionally, someone will confront the injured victim and ask if he or she needs any assistance. The number of people that actually help is very slim when compared to the number of people that simply continue walking.
Most psychologists say this is because people are lazy, other psychologists say that its because no one else sees the distressed person as a priority, so it must not be that big of a deal. Others, including myself (even though I'm not a psychologist) say that they simply avoid the distressed person because they think the person could be pulling a con. However, keep all of these points in mind, as they could be useful for a Social Engineer.
Lets say someone gets pick-pocketed. They start to fuss, they make a big commotion, and they tell people to stop the pickpocket. Now lets say that you had a group of people just walk by the distressed person completely ignoring him. There is a high chance that everyone else around the distressed person would do absolutely nothing simply because no one else was doing anything.
In theory, a group of pick-pockets could go around and steal purses, wallets, sunglasses etc. in the most non-secretive way possible and they would be able to get away with it (so long as the victim doesn't start chasing after the pick-pocket).
A Social Engineer can use this effect in many ways to get away with certain crimes. The biggest factor is the number of people that the Social Engineer has with him. If there's a smaller number of people, the less likely it is that he will get away with his con. The larger the number of people, the easier it will be to get away with it.
So ask yourself, if you saw someone in distress, would you help them? What if no one else was helping them, would you still help them, or would you just walk away?
Thanks for reading,
- Clocwork
Friday, April 29, 2011
PODCAST : Episode Three - Phreaking
In this podcast we discuss different types of phreaking methods, and you get to hear a prime example of Social Engineering from Ian.
Clocwork Hack Diary : Random Mischief Part One
I feel like I've been getting too soft lately, like I haven't done anything really mischeivious. So, I've decided that I'm going to be doing random acts of mischief until I'm satisfied. Currently, I'm seated in a lawn chair on the porch of another person's house smoking a cigar and watching some birds fight over seed in a bird feeder. To make it more interesting, the person doesn't know I'm here, and I don't know the person at all. I hope they don't show up, but, I need some water, and I know where to get it.
Now I'm seated in a chair at some private pool area. Just got a drink of water from the water fountain out here. Some just yelled at me and told me to leave, I'm telling him I needed some water. Walking over the water fountain again. Water just shot in my face, lol. Just got some water, the guy is still staring at me. About to hop the fence and continue with my running. Since today is Friday and tomorrow is Saturday (and Sunday comes afterwards, Rebecca Black reference bitches) I'll probably do some more mischief then. But, I gotta get home and upload the next podcast, gotta run about 3 miles back and then I'll post it.
Thanks for reading,
-Clocwork
P.S. That guy stared at me the whole time I wrote that last message, now his kid is staring at me. Oh well, I just needed some water
Thursday, April 28, 2011
Clocwork Hack Diary : The Festival
It started off like any other normal Sunday, woke up late, did some stuff, and then sat down at my computer and got on Skype. I saw a message from Shadow talking about how he found some vulnerable website. He messaged me the website and I saw that it was vulnerable to SQLi. After a little pen-testing on the site, we saw that the only vulnerability on the site was SQLi. So, we got down to business doing some different commands (of course the site had to be v.4 right?).
We managed to find some tables, but unfortunately for us the tables for users and admins (if they existed) didn't have any information in them at all. I kept trying to find more and more tables and then it hit me to go ahead and try out the names of the different events (in case you couldn't tell by the title, this website was a site about a festival that happens every year, the site apparently is done by volunteers, go figure, and everyone in the festival is a volunteer). Sure enough, the names of the events gave us a lot of information: emails, addresses, and names for people in large organizations as well as the "Festival Queen" and some country music stars (yay.........).
After extracting basically the entire database in about 10 minutes, Shadow messages me saying that the admin of the site has a vulnerable password. In fact, the password was the first name of the festival (ie. if the festival name is Lorem Ipsum, the password was lorem). So, thanks to pure human stupidity, we were able to actually access the site.
Shadow didn't want to deface, but I wanted to screw around as I hadn't had a successful hack in a while. So, me being me, I posted some Pedobear images in the "Kids Festival" section, and added a nice page explaining how we did what we did, or really... how Shadow did what he did. After a little more screwing around, the admin finally erased the pages, and reverted the page back to normal, and changed everyone's password. Well, the admin forgot to change his own password, so we had access to the admin panel once again. This time I decided to send messages to everyone on the staff explaining how weak the security of the website was. This was fun, but the interesting part has yet to come.
Later on we got bored again and we created a new user on the page, gave him admin privelages, and then logged in to the site as him (because the admin finally had the sense to change the Wordpress passwords, but again we still had access to the site panel, which allows us to edit all of the events). As we were on the site, the admin started to change all of the user passwords to a random string of characters and he deleted our account, but their biggest flaw was when the fact that they had their logins as PHP Sessions with no timeout. So, if we wanted to, we could still be an admin today as long as we didn't log out (if the site were still up that is, the festival is over now though).
Since we knew the admin was at his computer, we decided to call the guy up and tell him about what we had done. We told him how we got in, and how he could fix it, and I also gave him some suggestions on his PHP code (which is funny because I'm only 17 and I'm definitely not an expert at PHP). To my surprise, he was actually very grateful for the help (or so it seemed) and he even offered us a job working on the site for next years festival. Guess good can pay off after all.
Thanks for reading, and I hope you enjoyed my first hack diary,
- Clocwork
PODCAST : Episode Two - Picking Your Target
Thanks to YouTube time restrictions, we had to divide this podcast up into three segments.
In this podcast we discuss how to pick a target for hacking, and also how to defend yourself from people like us.
Saturday, April 23, 2011
Javascript Injection Toolbox
Requirements :
- Computer with internet access
- Some basic knowledge of Javascript
Recommended :
- Firefox Browser
What is this toolbox?
Basically what this toolbox is, is it's a collection of scripts that make Javascript Injection a lot easier, and are stored in your browser's Bookmark Bar.
Example:
You can easily make your own scripts if you have knowledge of the language. I threw together my "Execute Remote JS" script in about a minute with very little knowledge of the language.
How do I Make it?
Go to your Bookmark Bar (Firefox) and right click on it. Now, select the option "New Folder." You can name this folder anything you want, I just named mine "Scripts" to save space (since my bookmark bar is actually rather full).
Now, right click on the Bookmark Bar again. Select the option "New Bookmark." You should see a box like this (the title will be different)
Example:
(check out the thread on HackForums http://www.hackforums.net/forumdisplay.php?fid=47 )
Friday, April 22, 2011
Hakipedia.
If you have any comments on it please message me on that site my name is Whitehaze.
Signed, Shadowdrifter.
Monday, April 18, 2011
Shadowdrifter Hack Diary : The Festival
I had tested dozens of sites for vulnerabilities, finding none. When I was ready to give up
I stumbled across a site that was vulnerable to SQL. When I noticed that the SQL version was 4; I was filled
with anger and hatred. After many attempts at finding the user tables I decided my time was best spent getting
my normal four hours of sleep. I sent a message to my colleague Clocwork, and took my rest.
When I awoke from my slumber I had a message which simply said "Cool". I should have known Clocwork wouldn't care about it until he had seen it for himself. When he finally joined me in my endeavours we began to test the site for other vulnerabilities; finding none we focused solely on the sql injection.
After many creative attempts we finally found the user table. When we inspected in further I noticed that
there was no password column. Disappointed I continued to search through the table only finding the usernames.
So, distraught Clocwork and I retreated to ponder our attack. While he was working on the password
columns I decided "Hey, why not try password guessing". So I got a list of every username, and began my attack
I tried the name of the event, and presto! I was granted super administrator access. Dumbstruck by the adins
terrible password choice I paused to really contemplate his ignorance. Then I messaged my colleague to tell him the good news, and we planned our next move. Our plan was to simply email the admin explaing how we got in, but I decided to go with a different plan. So we created a deface page as a proof of concept then preceeded to dox the system admin. After finding his information we called his home, and had a good chat. Promptly he fixed the vulnerabilities, and changed the passwords to something much more difficult to guess. During our chat Clocwork and I were offered the opportunity to volunteer and do security for the festival next year. So sometimes doing a white hat hack has its benefits.
This is all for my hacking diary... For now. May your blade stay sharp, your mind sharper.