Security Lab

Got Listed in Apple Inc. Hall of Fame

2017-09-04T00:43:00.000-07:00

Got Listed in Apple Inc. Hall of Fame

Apple Web Server notifications
This article provides credit to people who have reported potential security issues in Apple's web servers.
A cross-site scripting issue was addressed. We would like to acknowledge Mousab Elhag Hassan (facebook.com/mousab.elhag) of mousab.com and an anonymous researcher for reporting this issue.
It Was Old Vulnerability Reported by me But the Listing at HOF was during this Month 09/2017.

Vulnerability Reported : XSS + Multiple Vulnerabilities.
Hall oF Fame Link: https://support.apple.com/en-us/HT201536

INTERNETWACHE CTF 2016 (misc90) Write Up

2016-02-23T11:56:00.004-08:00

Hello Every One . Today I would like to talk about a Write Up in (INTERNETWACHE CTF 2016), that me and my friends was Playing as a Team (Hacku) in The last few Days , It was full of fun and cool Tasks, We Enjoyed a lot at IRC freenode.

The CTf was full of Tasks and were in a lot of Categories In :

- Misc
- Web
- Reversing
- Crypto
- Code
- Exploit

In This Article , I would like to share some of my solution of one of the Tasks with My resources that I used, and i spent a couple of Hours to solve it .

Al-thought it's have 90 Point(with high score), But It's very simple solution (I know That). At least it could help you or Give You a little Tips in another CTF .

So let's Go and have a Fun ...

The Title of The Task Says : BarParty (misc90)

The Description Says : Can you read the barcodes?

And Have the following Image Attached .

First , I Thought it's have Hidden Message , So I made some quickly steps to analyze the Image but found Nothing .

Then i thought to My self (Common it's Clearly Message says in a challenge way : Can you read the barcodes?)

So I made a decision To retrieve The BarCode and Opened The Photoshop and Started to cut The Barcode into Pieces .

I Separated First All Pieces with Pen Tool .

Then in a new Window , i Transformed the pieces and tried to make it into pairs linked to each other like this .

Then I went to www.onlinebarcodereader.com to read The Barcode Online and it's read to me with (IW{Bar), this is the beginning of the Flag So i knew that am in the right Direction .

I returned back to Photoshop and Linked All the pieces Together and this is the final Image i Made .

Finally , I read all the pieces separately from onlinebarcodereader.com and got the flag : IW{Bar_B4r_C0d3s}

Stegosploit : Malicious Code In Pictures

2015-06-01T10:21:00.004-07:00

Stegosploit: Hacking With Images

The Security Researcher Saumil Shah from Net Square security has presented at Hack In The Box conference in Amsterdam his Stegosploit project which allows an attacker to embed executable JavaScript code within an image to trigger a drive-by download.

The Stegosploit digital steganography project could open new scary scenarios for Internet users that could be infected by viewing a picture on any website, even without clicking on it or downloading it. The image could be the container for the priming of the malware. Shah has no doubts, Stegosploit could be the future of online attacks.

Technical Details and explain in the video

WordPress SEO by Yoast Plugin Vulnerability Affects Millions

2015-03-11T12:47:00.000-07:00

WordPress SEO by Yoast Plugin Vulnerability Affects Millions

A critical vulnerability has been discovered in the most popular plugin of the WordPress content management platform (CMS) that puts tens of Millions of websites at risks of being hacked by the attackers.

The vulnerability actually resides in most versions of a WordPress plugin known as ‘WordPress SEO by Yoast,’ which has more than 14 Million downloads according to Yoast website, making it one of the most popular plugins of WordPress for easily optimizing websites for search engines i.e Search engine optimization (SEO).

The vulnerability in WordPress SEO by Yoast has been discovered by Ryan Dewhurst, developer of the WordPress vulnerability scanner ‘WPScan’.

All the versions prior to 1.7.3.3 of ‘WordPress SEO by Yoast’ are vulnerable to Blind SQL Injection web application flaw, according to an advisory published today.

Read : More About WordPress SEO by Yoast Plugin Vulnerability

Got listed in Oracle Hall of Fame Page

2015-02-26T01:43:00.001-08:00

Got listed in Oracle Hall of Fame Page

Security Researcher Acknowledgments for Oracle has listed me in the hall of fame security researchers page for finding and reporting multiple security vulnerabilities in the Oracle main site .

link : http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/2367957.xml

Got listed in ebay Hall of Fame Page

2014-10-21T10:45:00.002-07:00

Got listed in ebay Security Researchers Acknowledgment

Security Researcher Acknowledgments for ebay has listed me in the hall of fame security researchers page because of finding and reporting two security vulnerabilities in the ebay site .

Link : http://ebay.com/securitycenter/ResearchersAcknowledgement.html

Accelerate copying Files

2014-09-07T21:58:00.000-07:00

A Program to accelerate transportation and copying

Teracopy

The program is used to speed up copying files on the computer

The program features
1 accelerate the process of copying files and transport
2 You can stop transcription temporarily and then re-completed
3 You can control the files copied during the backup process by deleting or adding files to the backup process.

Download the program: teracopy

Photoshop Online

2014-09-07T21:31:00.000-07:00

Photoshop Online Editor

There is no doubt that many people uses Adobe Photoshop almost daily
But a lot has faced problems with that program between it and use it, of those problems, for example,
Size of the program that consumes from the computer's memory, causing a slow machine, and the consumption of space in [Drive:C] to show us a message there is no enough space.
Also another problem, namely the possibilities of graphics device that may make the use of Photoshop it is not possible .

To overcome these problems there is alternative for Photoshop Online, Alternative almost looks like the original large extent, and at the same time will not consume your device or memory area, and does not require a high specification graphics, and does not need to install, and is available wherever you are ..

You can visit the Photoshop online via the following link :

https://pixlr.com/editor/

Check if your mail hacked before !

2014-08-29T10:21:00.001-07:00

Have i been pwned ?

Have I Been Pwned service contains a huge database containing data for emails and passwords that the hackers posted on the Internet at sites major breakthrough that could inevitably be registered by .

just type your email and will indicate the site in a message to you in red if it does not have the breakthrough was published after one of the sites that have subscribed, either in the case of the contrary, the site will show you the message that your email address is not common in the list of data leaked after penetration sites.

Visit : Have I Been Pwned ?

Bill Gates accepts Mark Zuckerberg Challenge

2014-08-29T09:03:00.001-07:00

Bill Gates accepts Mark Zuckerberg’s ALS Ice Bucket Challenge

Got listed in Microsoft Hall of Fame

2014-08-01T11:57:00.003-07:00

Got listed in Microsoft Hall of Fame :

Security Researcher Acknowledgments for Microsoft Online Services has listed me in the hall of fame security researchers who have helped make Microsoft online services safer by finding and reporting security vulnerabilities in the month for july 2014 .

Link : http://technet.microsoft.com/en-us/security/cc308575

Online Viewer for Pdf

2014-07-27T14:29:00.000-07:00

Online viewer for PDF

You can view Your PDF Files and PostScript files as browsable images and Word documents as web pages.

Given a URL on the net or a file from your computer, the viewer will try to retrieve the document, convert it and show it to you. No plugin software is required.

Visit this service : http://view.samurajdata.se/

Then upload your pdf from computer or by adding url path of the pdf files .

Anubis | Online Malware Analysis

2014-07-27T14:14:00.003-07:00

Online Analyzing Unknown Binaries
Anubis is a service for Analyzing Malware

This can be done by Submit your any Windows executable file or Android APK and receive an analysis report telling you what it does.

Alternatively, submit a suspicious URL and receive a report that shows you all the activities of the Internet Explorer process when visiting this URL.

It's a good service that i used before a lot , especially for those who think that thier computer hacked by someone . by looking for any port Exist or specially by looking for (@no-ip.com) for any external access .

After uploading the suspicious file , the report exists in four format Choose the txt view for simplicity .

Visit Anubis Site : here

Send free sms | WorldWide

2014-07-27T09:21:00.001-07:00

Send Free SMS

Here is a simple way to send any message worldwide .

first visit : http://www.afreesms.com/freesms/

in the text box (To Mobile Number) put the number u want to send it .

Type your Message in less than 160 character .

choose your phone number in the [sender id] this feature not works in some countries .

write the Captcha and then press send .

Asus Replied to my SQLI report

2014-07-27T09:06:00.000-07:00

Critical Sqli Vulnerability On Asus

I found Critical sqli Vulnerability on asus subdomain Website that leads to read any data on the database with respect to mysql root pass .

I was reported to asus security team to fix it . They replied me with thanks .
Anyway bug status now seems to be fix it on my side .

Reply form asus

Pexels | High Quality Photos

2014-07-27T08:51:00.001-07:00

Pexels

This is a site for Free high quality photos you can use everywhere .

If u are interesting in in high quality images for desgingeing or even for web pages , this is a good site is for search images in HD .

visit it here : www.pexels.com

Some Images Might Reach 10 mb due to it's high pexels

Wayback Maschine | broswe old site

2014-07-27T08:32:00.000-07:00

The Wayback Machine

Wanted to browse the history of your site at any date ?

The Wayback Machine is a front end to the Internet Archive's collection of public Web pages. It includes more than 100 terabytes of date—a huge collection with huge storage requirements. The Wayback Machine provides access to this wealth of data by URLs.

It is not text searchable—a user needs to know the exact URL of a particular Web page, or at least the Web site, to be able to enter the archive.

browse your site here : http://archive.org/web/

here an example of showing how it look google.com @ 1999

Test Heartbleed bug

2014-07-26T21:58:00.002-07:00

The Heartbleed Bug

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet.

SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

for more info about the bug visit : http://heartbleed.com/

to test your site online for Heartbleed Bug visit : https://filippo.io/Heartbleed/

What is Geek ?

2014-07-26T15:42:00.001-07:00

What is Geek ?

In this topic we will know the Meaning of the word Geek

Geek It is an English which means a person obsessed dramatically in the field or a particular field such as math geek or games and cares about modern technology and fantasy worlds, and the word is used today in most of the uses to describe those interested in the computer, the Internet and electronic games is very large.

You understand now ?

All basic programs at one CLICK after Format Windows

2014-07-26T14:13:00.002-07:00

Every time we format our computer, we need to install all the basic programs such as adobe flash player, office , Winrar , antivirus .. etc .

In this issue we'll see how we install all the basic software of your choice at one click .

The method is based on the site Ninite where you choose which programs you want and then start install programs at once .

first go to the site : www.ninite.com

then mark on all the programs you want to be install on your computer and press the Get Installer .

After downloading open it and will download and the selected programs on the site

Write in upside down text Trick

2014-07-26T13:31:00.001-07:00

In this lesson, we will explain the trick in writing inverted facebook . Leave your friends in Facebook in astonishment by writing text in upside down text , as follows "ɯoɔ ˙ ʞooqǝɔɐɟ˙ ʍʍʍ".

or any other name u want to display.

just go this site : www.upsidedowntext.com

and write your words like this .

Best Websites for Free Domain

2014-07-26T08:11:00.001-07:00

Best Websites For Free Domain

Many people want the experience of owning a site, but does not have the money to buy a domain and pay for hosting or does not have the means to do the piece.
In this issue we will see the best companies that offer for you a free domain.

1 - Www.freedomain.co.nr
This site gives you a free domain on this form: www.websitename.co.nr hosting unlimited and without advertisements.

2 - Www.com.co.in
This site gives you a free domain on this form: www.websitename.com.co.in not expose any ads in your web page in addition to the more advantages.

3 - Www.dot.tk
This location is good and is used by many websites providing free domain on this form: www.websitename.tk.

DVWA (Dam Vulnerable Web Application)

2014-07-26T02:50:00.002-07:00

DVWA (Dam Vulnerable Web Application)

This vulnerable PHP/MySQL web application is one of the famous web applications used for or testing your skills in web penetration testing and your knowledge in manual SQL Injection, XSS, Blind SQL Injection, etc. DVWA is developed by Ryan Dewhurst . he is ethical hacker and is part of RandomStorm OpenSource project.

download project : here

SQLMAP - Automatic SQL Injection Pentest tool

2014-07-26T02:24:00.000-07:00

Sqlmap Description

The tool is instructed to identify possible SQL injections and exploit them by enumerating and dumping entries of all databases' tables containing one or more of the columns specified by the user. sqlmap always stores dumped entries in a local CSV file upon successful dump. The technique used to dump this data from the back-end database software is the default, boolean-based blind SQL injection.

It is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of back-end database servers. It comes with a broad range of features lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

download sqlmap : here

See the Official sqlmap video demonstration

Sql Injection Vulnerability Found in Avira

2014-07-19T15:09:00.004-07:00

Reply from Avira !

I found sqli Vulnerability on avira Website .

I was reported to avira security team to fix it . They replied me.
Unfortunately, Avira currently does not provide any form of compensation for security testing that did not have a contract in place prior to the start of the testing.

anyway i keep going for better work on getting the Vulnerability to be fixed.

^-^

Security Lab

Got Listed in Apple Inc. Hall of Fame

Got Listed in Apple Inc. Hall of Fame

INTERNETWACHE CTF 2016 (misc90) Write Up

The CTf was full of Tasks and were in a lot of Categories In :

Stegosploit : Malicious Code In Pictures

Stegosploit: Hacking With Images

Technical Details and explain in the video

WordPress SEO by Yoast Plugin Vulnerability Affects Millions

WordPress SEO by Yoast Plugin Vulnerability Affects Millions

Got listed in Oracle Hall of Fame Page

Got listed in Oracle Hall of Fame Page

Got listed in ebay Hall of Fame Page

Got listed in ebay Security Researchers Acknowledgment

Accelerate copying Files

A Program to accelerate transportation and copying

Teracopy

Photoshop Online

Photoshop Online Editor

Check if your mail hacked before !

Have i been pwned ?

Bill Gates accepts Mark Zuckerberg Challenge

Bill Gates accepts Mark Zuckerberg’s ALS Ice Bucket Challenge

Got listed in Microsoft Hall of Fame

Got listed in Microsoft Hall of Fame :

Online Viewer for Pdf

Online viewer for PDF

Anubis | Online Malware Analysis

Online Analyzing Unknown Binaries Anubis is a service for Analyzing Malware

Send free sms | WorldWide

Send Free SMS

Asus Replied to my SQLI report

Critical Sqli Vulnerability On Asus

Pexels | High Quality Photos

Pexels

Some Images Might Reach 10 mb due to it's high pexels

Wayback Maschine | broswe old site

The Wayback Machine

Wanted to browse the history of your site at any date ?

Test Heartbleed bug

The Heartbleed Bug

What is Geek ?

What is Geek ?

All basic programs at one CLICK after Format Windows

Write in upside down text Trick

Best Websites for Free Domain

Best Websites For Free Domain

DVWA (Dam Vulnerable Web Application)

DVWA (Dam Vulnerable Web Application)

SQLMAP - Automatic SQL Injection Pentest tool

Sqlmap Description

Sql Injection Vulnerability Found in Avira

Online Analyzing Unknown Binaries
Anubis is a service for Analyzing Malware