Davao Hackers

Joomla-based Filipino sites still vulnerable

noreply@blogger.com (yheng) — Thu, 02 Oct 2008 06:13:00 +0000

Few weeks had past since joomla team release a security update regarding high-priority issues of Joomla 1.5x version where admin passwords can be reset when token sanitation failed to sanitize correctly which results in a successful password reset. Affected versions ranges from Joomla 1.5.0 – 1.5.5, but to my dismay I found out ‘till now some joomla-based sites which belongs to some of my fellow filipino people haven’t updated yet their joomla sites which are very vulnerable to exploitation. I even conducted a penetration test to see if it is still possible to reset there admin passwords and gain privileges to their site. I got a few list of vulnerable sites but I don’t want to share it publicly for security purposes. One of my hit lists belongs to Academic institution, including some local government sites and personal site. I’ve contacted a few webmasters regarding their site but more are left uninformed about the security issue, leaving their site prone to exploitation.

On the other hand, I reached to the point where I almost decided to hack their site just to vandalize it or post some explicit/vulgar words but thank God He had given me strength and a solid faith to avoid such unethical practices. I guess I grew up a little bit each day not like when I was in my younger days when I had no doubt and fear of doing such stupid things.

How to recover deleted SMS message from mobile phone

noreply@blogger.com (yheng) — Tue, 22 Jul 2008 06:25:00 +0000

Now you can recover deleted sms messages from mobile phone using this tutorial. First you'll need some tools to make it possible, pre-requisites are listed below:

Smart card reader that is compatible with the Windows smart card subsystem
Smart card reader that is compatible with the Windows smart card subsystem. You probably also need a Plug-in (GSM SIM card size) to ID-1 (ordinary smart card size) adapter card so the SIM card fits into the reader physically or ChipDrive Micro RS232 from Towitoko.

Download this tool UndeleteSMS

After downloading run the program thru command.com or simply type cmd.exe (ex. click windows button->run->then type cmd.exe and drag the Undeletesms.exe to command and check the given info before proceeding. make sure you already attach you devices before executing it.

Q & A

Q: My GSM SIM card reader does not work with UndeleteSMS, how come?

A: Dedicated GSM SIM card readers are usually not compatible with the Windows smart card subsystem.

Q: Where do the erased SMS's end up?

A: They are printed in the Command Prompt window.

Q: What does "message is not in default alpabet [40] cannot decode" mean?

A: It usually means that the entry is an EMS or MMS instead of an ordinary SMS.

Q: I have a question that is not covered here. Where can I get help?

A: Send me your question. I can't promise that I will have time to answer, but I'll do my best.

All credits goes to Arne Vidstrom - http://vidstrom.net

Network intrusion - How to defend yourself

noreply@blogger.com (yheng) — Tue, 22 Jul 2008 06:02:00 +0000

Last week I conducted an experiment for our local area network (LAN) to check whether it is secured or not. We have firewall installed on our network and over 30 computers on LAN area.

To check the integrity of our network to know if we are safe (I mean on a local area only) I use a software to perform a packet sniffing - a method to sniff traffic/packet over network. Surprisingly, I was able to sniff usernames and passwords for more than thirty computers on my network I was able to sniff them including cookies on secure connection (referring to browsers' cookie).

The method I perform is called ARP Spoofing, many software like this available online and for penetration testing only. If used improperly may cause you to trouble. I used cain & abel from oxid.it to perform such spoofing and I really like this software for conducting penetration tests. Note that your antivirus might flag it as a "virus" because it uses some packet sniffing method. Download only on that site for security purpose.

My purpose of ARP spoofing is to know if the packets sent over our network is safe and can't be intercepted and immune to local network attacks. But to my surprise I was able to gain their username and passwords, email, secure certificates, browser coockies, and other important details of each computer's user transaction.

I do not suggest you to take advantage and do evil things by using this program, as per IT security experts motive is to conduct a penetration test and not to harm network and perform hacking unethically. Nor I myself did not take advantage to those sniffed passwords and all other materials gathered during penetration testing.

How to secure your password - Things you don't know yet about your password

noreply@blogger.com (yheng) — Tue, 22 Jul 2008 05:22:00 +0000

There are several ways on how to secure your password. Basically people use passwords base on their pet names, spouse, birthdays or any other important events and names which are alphabetically simple. On my previous post I mentioned having a seven (7) characters long password is important. In this case, having a seven characters long password is still easy to crack/decode using various method as I have mention on my previous post that it can be much easier using those tools to gain/crack passwords even if it is seven characters long.

A great way to secure your password is having a combination of alphabetical and number, more than seven characters long passwords. Base on my experience, a 7 characters long alphabetical password is cracked only in a few seconds compare to combined alphabet and number passwords. Even a longer than seven (7) characters is cracked within a minutes of waiting using a special method of cracking. Want some proof? Check out my previous post on using Ophcrack and see for yourself!

Even my twelve (12) characters long password - all alphabetical - was cracked by myself in a few minutes which I myself forcefully decided to change it having a number combination to harden the encryption. How does this happen? Having all alphabetical passwords are crack faster because of having "only alphabets" no numbers included, and a less time for decoding it. Truly, MD5 hashed passwords are hard to crack but having your passwords composed of only alphabetical is still vulnerable to cracking. A Salted MD5 hash would do because salted hash is a lot difficult to crack but on windows system is not reliable enough to protect you password.

Myspace Private Picture Hack

noreply@blogger.com (yheng) — Fri, 20 Jun 2008 00:20:00 +0000

Can't view private pictures on someone's profile? Here is a trick to show off that private pics they hide on their profile on Myspace. I do not recommend using any software/program this time but a simple url trick would do.

To be able to view private pics on Myspace profile just copy this URL below:

http://lads.myspace.com/slides/photoslider.swf?u=

so just put your private person or anybody's myspace id after the = and you can see all their photos

For example: http://lads.myspace.com/slides/photoslider.swf?u=29736584

have fun :)

Hacking Joomla Sites

noreply@blogger.com (yheng) — Wed, 18 Jun 2008 05:24:00 +0000

Personally I like Joomla! based sites because it is easy to manage and sort things out even doing the SEO just like on wordpress blogging and even creating your own site design. But these days more and more Joomla! sites are getting hacked by anonymous hackers on the web globally. Reasons are easily be pointed out to unaware webmasters/owners of the site the installation of extensions or shall we say add-ons to Joomla resulting in a more vulnerable of getting exploited, massive damage and defacement to their site including loss of prospects, personal information, and on financial aspect.

How these events had happened? When the site owners pointed fingers to their hosts blaming for unsecured web server, failed security, failure monitoring and so forth. But they don't know that by adding some extensions without checking first if the extension that they are using have a bugs or vulnerable to exploitation then it would be a major reason that their site is prone to hacking. For my personal experience I manage to obtain admin password hashes of several Joomla based sites in a minutes of exploiting using Google as search engine. Using MD5 hash cracker the encrypted MD5 passwords are converted into readable ascii letters. Fortunately a lot of web based MD5 cracker is available on the net making the cracking process speed up.

It is really a big issue for security aspect on your site if you are not aware of these kind of vulnerables and bugs of those extensions that you applied on your Joomla site. It is best advised to manage and update the extensions used (if update of such extension is available) then you should update it to address the known security issues to your site to avoid getting hacked.

Windows XP Cracking Passwords the Easy Way!

noreply@blogger.com (yheng) — Wed, 18 Jun 2008 05:09:00 +0000

Well, many of us trying to crack/decode a password on Windows XP System had a hard time or shall we say most of the time we end up failure specially if we are cracking more than seven (7) characters long passwords. Some people uses cracking programs whether brute forcing, dictionary based cracking and so on. Face the fact that seven or more characters long passwords are harder to decode, possibly you can crack it for a few or more days by brute forcing.

Now we can easily crack long passwords for an instance in my personal experience I will introduce to you using the 0phCrack and the infamous "Rainbow table" algorithm. Surprisingly the seven character long or more passwords are cracked in a few seconds! Yes it's true, But bear in mind that I have my Rainbow table as big as 669 MB which it can be loaded by 0phcrack and cracks passwords in a few seconds (5 user accounts on my system with 12 characters long passwords!).

Maybe you'll think that this is just another work-today-die-tomorrow cracking tricks but to let you know that this process cracks MD5 hashes. LM and NT passwords are easily cracked by this method specially on Windows XP system. I will not discuss further as to where you can find 0phcrack and rainbow tables that I used (669MB file size) but believe me it helps me a lot, making the process done quickly as I never expected before. You can find those tools and references on many sites for free. But if you really want to know where the hell I get those tool and the rainbow table then you are free to send me pm or post your comments here.

Using this method of cracking Windows Xp password there is no need for you to reset loss password, saves your day ahead without getting caught for resetting the administrator password on windows xp. Just make sure you have the privilege to install the mentioned program/tools so that your cracking will be successful.

So start cracking now!

How to use Airodump (from WEP cracking tutorial)

noreply@blogger.com (yheng) — Thu, 10 Apr 2008 08:39:00 +0000

Airodump usage: airodump [interface] [output file prefix] [channel no.] [IVs flag]

1. The [channel no.] can be set to a single channel (1 thru 14) or set to 0 to hop between all channels
2. The [IVs flag] can be set to 1 to only save the captured IVs

e.g. airodump eth1 testfile1 6 produced the in progress capture below:

Basics to be aware of from the above screen capture are:

- BSSID = MAC address of the access point (but not always!)

- Beacons = Number of captured beacon packets (of no use!)

- # Data = Number of IVs captured so far (this is the all important figure!)

- MB = Data Rate '48' mixed mode in the above example. A '.' appears after the figures if the Data Rate is dedicated e.g. '48.'

- WEP = Network is configured as WEP

- Number of IVs required to break WEP depends on the WEP key length
* Approximately 300.000 IVs for 40-bit WEP (AKA 64-bit WEP)
* Approximately 1.000.000 IVs for 104-bit WEP (AKA 128-bit WEP)

Examples:

airodump wlan0 capture1 10 (Interface=wlan0, filename=capture1, channel=10)

airodump eth1 testfile 6 1 (Interface=eth1, filename=testfile, channel=6, only captured IVs saved)

airodump ath0 alpha 0 (Interface=ath0, filename=alpha, channel hopping mode)

Output Files:

An airodump capture with produce the following output files .txt, .cap and .gps

The .txt file contains:

* BSSID and MAC addresses

* Time/Date info

* Channel Info

* Data rate

* Encryption method

* No. of beacons captured

* No. of IVs captured

* LAN IP

* ESSID

The .cap file contains the packet capture from your session. This is the file that is input into aircrack for WEP cracking.

The .gps file contains GPS related info if you have a GPS device enabled

Troubleshooting:

Be aware of the modes of your card and target network (802.11b or 802.11g). I have observed Airodump capture only around 2,000 IVs an hour (on a busy network) when the card is an 802.11b card and the network is working in 802.11g mode. Be sure your card and the target network are using the same mode.

On a saturated 802.11b network we captured around 23,000 IVs a minute.

On a saturated 802.11g network we captured around 140,000 IVs a minute.

Source:http://wirelessdefence.org/Contents/Aircrack_airodump.htm

Wep Cracking - The Fbi Way

noreply@blogger.com (yheng) — Thu, 10 Apr 2008 08:31:00 +0000

WEP cracking usually takes hours. Lots of hours, depending on the amount of traffic on the access point. A few months ago, two FBI agents demonstrated how they were able to crack a WEP enabled access point within a couple of minutes. 3 minutes to be exact. This is unbelievable when compared to, say 3 days of work. Here is how they did it, and how you can do it. You may need to know your way with each and every of these tools to get this done. You can ask Google for that. Anyway, if you are familiar with them, just do as follows :

1. Run Kismet to find your target network. Get the SSID and the channel.
2. Run Airodump and start capturing data.
3. With Aireplay, start replaying a packet on the target network. (You can find a ‘good packet’ by looking at the BSSID MAC on Kismet and comparing it to the captured packet’s BSSID MAC).
4. Watch as Airodump goes crazy with new IVs. Thanks to Aireplay.
5. Stop Airodump when you have about 1,000 IVs.
6. Run Aircrack on the captured file.
7. You should see the WEP key infront of you now.

The software runs on Linux, they are all available on the Knoppix Linux Live CD. And finally, I think you should always use a combination of 2 or more security features. As for what you need, get Aircrack (Includes Airodump, Aireplay, Aircrack and optional Airdecap for decrypting WEP/WPA capture files) and get Kismet.

Update: Kismet for Windows (Kiswin32) is available now.

Download this tools:

Kismet:Win32 version
http://www.kismetwireless.net/code/setup_kismet_2007-10-R1.exe

Aircrack:
http://download.aircrack-ng.org/aircrack-ng-0.9.3-win.zip

Source:h++p://masc2279.no-ip.org/gadgets-toys/internet/wep-cracking-the-fbi-way/

[Trick]Easy Way to Locking and Hiding Hard Drives!

noreply@blogger.com (yheng) — Thu, 10 Apr 2008 05:38:00 +0000

Here I' m going to tell you about manually locking/hiding your hard drive tricks without using any software! Just follow this steps:

1. Open Registry (go to run command, type "regedit" and press enter)

2. then go to this key

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer

3. Now click right button and create DWORD Value (blue color)

4. Rename it as "NoViewOnDrive" (for locking drive) or Rename it as "NoDrives" (for Hiding drive)

5. Double click it and put some numbers to lock your desired Drive and click ok.

Here is Drive No.
A: 1
C: 4
D: 8
E: 16
F: 32
G: 64
H: 128

finally restart or log-off the computer to take effect.

Keep in mind that "0" is Default Value or Disable or remove this setting.

Note:At your own risk! If you fucked up your registry settings then try "System Restore" or have your backups before you edit your registry.

Tips & Tricks: Multi-login Yahoo! Messenger

noreply@blogger.com (yheng) — Fri, 04 Apr 2008 08:30:00 +0000

In this tutorial you can use ym in a multiple account. Basically you can't use Yahoo! Messenger with multiple login account for an instances. This trick requires registry editing.

This will be very easy to understand as we go on with the tutorial, just simple steps required:

1. Go to START->RUN-> Type ‘regedit’ and press ENTER.

2. Then navigate to ‘HKEY_CURRENT_USER\Software\Yahoo\Pager\Test’

3. Now in the right pane right click New->DOWRD Value. Name it as ‘Plural’

4. Now Double click the the Plural DWORD you created & set the value to 1

5. Reboot may or may not require, you can test it by opening another Yahoo Messenger program :)

Enjoy!

5 ways to crack or reset a forgotten Windows XP administrator password

noreply@blogger.com (yheng) — Fri, 28 Mar 2008 05:30:00 +0000

There are already so many articles written on how to recover or reset a password that I’m not going to reinvent the wheel, but instead will guide you to the best online resources that I used to crack my Windows XP password.

1. Ophcrack Live CD - My favorite ways to blank out or crack a Windows password is to use a Linux Live CD. These are special distributions of Linux that run directly from the CD (no installation required) and are specially designed for cracking Windows passwords. You can read the documentation to learn how to use it. Simply burn the ISO and boot using the CD and the program will get right to work. It won’t work, however, on very complicated password because it actually tries to determine the password rather than reset it.

2. Offline NT Password and Registry Editor - This is a very small program, only 3MB in size, that you can burn to a CD and boot to. It’ll auto-detect the Windows installation and the account names (that is if everything was installed in the default Windows directories). Using this program you can reset or blank out a Windows password, which means it doesn’t matter how long or complicated it is. I tried this program on Vista and it would not load afterwards, so definitely only use for Windows XP or earlier!

3. Login Recovery - Login Recovery is a web site that has a program that you can either download onto a floppy disk or a cd and that you use to boot up with. You’ll get a list of account and some numbers when the program runs. Take those numbers and enter them onto the web site and Login Recovery will crunch it through it’s system to find out password for Windows NT, 2000, XP and Vista. I have tried this site and it did not work for my password, which was 11 characters and mostly symbols, numbers, and letters. However, if the password was something simple, they will probably be able to crack it.

4. John The Ripper - Another free password cracker that works on Windows, Linux and Macs, so it’s useful for any Mac or Linux user who wants to recovery a password. Pretty easy to use and comes with good instructions, so most people can follow along.

5. Knoppix STD - G4TV has a good article on another Linux distro you can download and use to crack your Windows password. Follow the detailed instructions he gives and if the password is not too long or difficult, it should be able to crack it!

As you can tell, the best ways to crack a Windows password is using Linux! It might be a little too techie for some people, but it’s definitely worth it if you want to avoid having to re-install Windows and lose all of your data! Any questions, post a comment!

Take over the website using C99.php shell

noreply@blogger.com (yheng) — Tue, 25 Mar 2008 06:25:00 +0000

You can hack a certain site using C99.php shell by uploading it to web server. Unfortunately I cannot post the source code of c99 shell here but I will provide tips on how to find c99 shell script. The c99.php is detected as harmful to your pc scanned by various anti-virus but basically it doesn't harm your pc anyway, it's just a hack script which is applicable only to webserver running Php under Linux platform or maybe on Windows server (haven't tried yet) but 99% works on Linux servers.

You can find c99 shell using Google by using a 'Google Dork', just type [allinurl: c99.php"] without the brackets google will provide your results which links to c99.php shell. I advise that you copy the c99.php code and save it as "c99.php" and upload it to web host. To be able to use the c99 shell script just access it via URL (i.e. www.somesite.com/c99.php) or similar to this and voila! You can retrieve/modify password, upload file, modify, etc..

But before you access the file make sure you have your proxy setup to avoid getting caught. It is unwise to access directly the exploit without protecting yourself first!

How to Obscure Any URL

noreply@blogger.com (yheng) — Tue, 25 Mar 2008 05:09:00 +0000

How Spammers And Scammers Hide and Confuse

Maybe this topic is too old for you to read but most of the people on web are victimized by phishing. A lot of people are tricked with this simple yet very useful for phishers.

Using this trick you can hide your real URL into something (e.g. hexadecimal, dword, etc..) and make your victim think that it brings them to real site.

Visit this site:http://www.pc-help.org/obscure.htm

How to become user SYSTEM in Windows XP

noreply@blogger.com (yheng) — Tue, 25 Mar 2008 04:51:00 +0000

Ok, to start, go to Start>Run.
Type cmd.exe and hit ok.
Now in the command prompt that appeared, type at and hit enter. It should say "There are no entries in the list", but if it comes up with some stuff, we should be fine.
Now type this into the command prompt:

at XX:XX /interactive "cmd.exe"

Where XX:XX is approximately 1 minute from the current time in 24 hour format.
When the system clock reaches that time, a new command prompt will open.
Now type tasklist in the command prompt and hit enter. A list of all the processes running on your computer will be displayed.
Search through this list for explorer.exe. Once located, remember the PID number next to it.
Now enter this into the command prompt:

tskill XXXX

Where XXXX is the PID number of explorer.exe.
Finally type explorer.exe into the command prompt.
When you press the start button again, your username should be changed to SYSTEM, and you will have full administrative rights over the entire computer.
You can kill processes that Windows normally locks, change all the user account names and passwords, delete Windows files, pretty much anything that you wouldn't normally be able to do.

Thanks for looking and I hope you find this informative and useful.