Monday, October 15, 2007

Hacker Face Off

Kevin Mitnick
  • An accomplished hacker
  • Had already been arrested for various computer crimes

Tsutomu Shimomura

  • Computer security researcher working at the San Diego Supercomputer Center

See the action as documented in this presentation...


Vista Blue Pill

This presentation details the Vista Blue Pill hack by famous hacker Joanna Rutkowska

Sunday, September 09, 2007

Hacking Orkut

Orkut recently upgraded the interface of their website. The site now looks good in shades of white and blue. But with the upgrade came a few problems. Many people noticed that they cannot delete the scraps now (link). When ever you try to delete any scrap it posts the page back with a link in red on the bottom which says report bug (BTW that link doesn't work either). Lets take a look at the delete button code.

<span class="rfdte"><span class="grabtn"><a href="javascript:void(0);" onclick="_singleDelete(function(){_doDelete(document.deleteForm, 26109785, 5037483, 1189339191)}); return false;" class="btn">deletea>span><span class="btnboxr"><img src="http://img1.orkut.com/img/b.gif"alt="" height="1" width="5"

The onclick function has the _singleDelete which calls _doDelete with some parameters.To look for these functions you will need to have a look at the javascript that is loaded with the page. I found out the following location and opened it.

http://img4.orkut.com/js/gen/scraps005.js

I found the code for delete as this._singleDelete() which does nothing but counts the number of scraps to delete and posts it back. Orkut has tried a lot to make the JS code obscure and so I stopped looking at it. The report bug link which comes on the page once you try to delete anything is interesting, it points to

http://b/createIssue?component=965&cc=te-orkut%2Cnarayan%2Cmanu&notes=OrkutRedesign%3AYes%0D%0ABuild%3A+HamsterXXX%0D%0AServer%3A+%28+test-castro.orkut.com%2C++qa-castro.orkut.com+%2C++staging-castro.orkut.com%29%0D%0AFeature%3A+%28+example-+home+notification+%2Cpolls%2C++...%29%0D%0AAccount%3A%0D%0A%0D%0A%0D%0A%0D%0AREPRODUCIBLE+on+following+OS%2FBrowsers%3A%0D%0AWinXP%2FIE+6.0%0D%0AWinXP%2BFF+2.0%0D%0ALinux%2BFF+1.5%0D%0AMac%2BFF+1.5%0D%0A%0D%0ASTEPS+TO+REPRODUCE%3A%0D%0A1.Login+to%0D%0A2.%0D%0A3.%0D%0A%0D%0ARESULT%3A%0D%0A%0D%0A%0D%0AEXPECTED+RESULT%3A%0D%0A%0D%0A%0D%0A%0D%0A&issue.type=BUG&issue.priority=P3&issue.severity=S2&hotlistIds=56

This looks like an internal link and not something Google would like to put in for everyone to see. It mentions Orkut, Narayan and Manu, which I guess are Google Developers working on the site. We can also see the following servers which Google uses to test orkut.
  • test-castro.orkut.com
  • qa-castro.orkut.com
  • staging-castro.orkut.com

Google must use these for test, quality assurance and staging Orkut internally. The other things points at the OS, how to reproduce the bug and severity issues. It looks to me as if this link was used by Google to report bugs internally but somehow made it to the internet as they did not properly test Orkut, before the new redesign. May be they were in too much hurry to do something new with increasing popularity of facebook.

Wednesday, January 03, 2007

Flash Hacking

Ever wanted to score higher in Kitten Cannon? How about owning at Defend the Castle from the very first level? Some jumps in N-Game too hard for you? Maybe you're ticked off by that guy who got several billion in Push the Button. Whatever the motive, you're here for one reason, you want to hack flash games.

All flash games are written in a code called Actionscript. It'll help you if you know it, but the code is straightforward enough to where even a n00b could do this with almost any game they wanted.

http://zenwarfare.com/flash_hack.php

Tuesday, January 02, 2007

How to sniff plain-text passwords in 13 steps

The following is an instructional tutorial. I hope to show how easy it is to sniff people's passwords in plain-text form on virtually any wired network. Common applications for this would be on a university, school or otherwise large network. This has only been tested on a Windows machine, but can be used to sniff passwords from any operating system.

Step 1: Download, install and run Cain & Abel at http://www.oxid.it/cain.html.
Step 2: Click "Configure" in the top bar.
Step 3: In the "Sniffer" tab, click the adapter which is connected to the network to be sniffed, then click "Apply", then "OK".
Step 4: Click the "Sniffer" tab in the main window.
Step 5: Click the network card in the top bar (2nd icon from the left).
Step 6: Click the "+" button in the top bar.
Step 7: Select "All hosts in my subnet", click "OK". Entries should appear in the main window under the "IP address", "MAC address" and "OUI fingerprint" headings.
Step 8: From the "Sniffer" tab, click "APR" in the bottom tab.
Step 9: Click the top right pane in the main window. Click the "+" button in the top bar.
Step 10: Click on the router in the left pane. The router is generally the entry which has the lowest final IP value (xxx.xxx.xxx.*). Highlight the IP addresses to sniff in the right pane. Click "OK".
Step 11: Click the ARP icon in the top bar (3rd icon from the left). Wait until other users have logged into websites on other computers. Depending on the size of the network and the traffic which this network receives, this can range from minutes to hours.
Step 12: After some time has passed, click "Passwords" in the bottom tab.
Step 13: In the left pane, select the bolded entries. The right pane should show the time, server, username, password (in plaintext) and site accessed.

Please use this tutorial with caution as most private institutions, as well as countries, have strict rules and laws against network sniffing and could lead to expulsion from an institution, as well as critical litigation! This tutorial is for educational purposes only and should only be used to demonstrate the security weaknesses of common networking infrastructures.