Close Panel

20

Jun

2010

How to Cheat The Ads for Profit!

By IPSECS Admin. Posted in SEO and Ads | No Comments »

Have you ever thought to put your ads in compromised website? Have you ever done to modify someone ads with your own? Putting your ads in someone website will not help increasing your revenue in low-traffic website.

Have you ever thought to insert malware in compromised website and exploit their clients? yeah browser vulnerability is the answer! Inserting in low-traffic website will not really help spreading your malware and compromise their clients!

Now, even this is old for us (IPSECS), we release tool to identify trafffic rank based on Alexa. This tool will help you to identify Alexa Rank on massive collected domains. By knowing the traffic rank of domains, this tool helps you to decide if website is worth or not if you put your ads on them. By knowing the traffic rank of domains, you can know if website is potential or not in boosting your revenue. Our simple tool need some perl module to be installed:

  • strict
  • warnings
  • Switch
  • POSIX
  • LWP::UserAgent
  • HTTP::Message

Lastly, you can download our tool to help indentifying traffic here. Cheat the ads for your profit, Boost your revenue now!

 

19

Jun

2010

DoD 8750 Directive

By IPSECS Admin. Posted in Management | No Comments »

The Department of Defense (DoD) is currently undergoing an organizational process involving Information Assurance (IA) standardization.

DoD 8570 seeks to accomplish the following objectives:

1. Create standards whereby IA Workfoce personnel, at all levels and fuctions, obtain a uniform level of competency with regard to DoD information and networks.
2. Establish a minimum skill level for all IA Workforce personnel throughout the DoD.
3. Provide qualified IA Workforce members to the soldiers that need them.
4. Creation of a set of formal training requirements and establishment of certification programs.
5. Add to the knowledge base of every IA Workforce team member through education or experience.

DoD 8750 document can be found here while DoD 8750 training and assessment can be reached at GIAC/DoD8750.

This article is ripped and modified from http://dod8570.net/

 

24

May

2010

IPv6 Hackit – The IPv6 Army Knife

By IPSECS Admin. Posted in Exploitation, News | 1 Comment »

IPv6 is future protocol internet with rich of security features but hackers always do research and try to exploit it. Times by times, days by days, papers and presentations which explains who to defeat this protocol are widely published. Van Hauser of The Hacker Choice (THC) releases his IPv6 attack toolkit to exploit IPv6 protocol weakness. His tools can be freely downloaded on THC website. HD Moore, author Metasploit project wrote paper about Exploiting Tomorrow’s Internet Today: Penetration testing with IPv6 which can be read on http://uninformed.org. His paper tells us about exploiting  IPv6 applications by proxying/relaying via IPv4.

IPSECS, unofficially releases his IPv6 Hackit on sourceforge and papers which nearly complete explains IPv6 exploitation. His papers content of :

  • Introduction to IPv6
  • Connecting to IPv6 Backbone (IPv6-in-IPv4 Tunneling using TSP)
  • An Introduction to IPv6 Socket Programming
  • IPv6 Discovery & Scanning (via ICMP, TCP, DNS)
  • Writing IPv6 Remote Exploit & Shellcoding (Stack Based Buffer Overflow, Format String)
  • IPv6 Protocol Vulnerability (Man In The Middle, Denial of Service)

You can freely download this paper on core.ipsecs.com written in Indonesian. IPSECS wrote IPv6-Hackit using Perl Scripting Language which means that the tools don’t need to be compiled. Somehow, this tool needs some perl module to be installed:

  • strict
  • warnings
  • Switch
  • English
  • Net::DNS
  • POSIX
  • Getopt::Long
  • LWP::UserAgent
  • HTTP::Message
  • IO::Socket::INET6

This tool supports to do:

  • Hosts Enumeration finding which host is up/down.
  • TCP Port scanning to find which port is open/close.
  • Googling via unix shell to find possible IPv6 domains.
  • Finding AAAA IPv6 host record from single or massive collected domains.
  • Getting shell from IPv6 binding shellcode/payload.
  • Getting shell from IPv6 reverse shellcode/payload.
  • Exploiting simple IPv6 application weakness (currently this module is still developed)
  • IPv6 Binding backdoor with authentication (currently this module is still developed)

You can easily download this IPv6 Hackit on ipv6hackit.sourceforge.net. Meanwhile you play this tools and read the paper, now we develope grid-toolkit to be released soon. So just follow and watch this website, IPSECS just gives best stuff to play with! Finally enjoy guys!

 

10

May

2010

Shell Scripting – Mastering in 3 Days

By IPSECS Admin. Posted in Presentation | No Comments »

Understanding shell scripting is one step to make efficient your work with linux command. Some times we have to work with complex shell command every day and type it repetively. Without shell scripting we have to type all of that command manually and wasting our time. This paper has been presented in PT. Datacomm Diangraha at 8-10th May 2010, which contents of,


Table of Content
1. Basic Shell Scripting
a. Redirections & Pipes
i. Redirections
ii. Pipes
b. Variables
c. Conditional & Looping Statements
i. Conditional if .. then
ii. Conditional if .. then .. else
iii. Conditional switch .. case
iv. Looping for
v. Looping while
vi. Looping until
d. Introduction Bash I/O Scripting
i. Using read
ii. Using command line argument
e. Arithmetic & Strings Operations
i. Arithmetic Operations
ii. Strings Operations
2. Advanced Shell Scripting
a. Array
b. Regular Expression
i. Grep
ii. Awk
iii. Sed
c. System Administrative Command Scripting
d. Aliases
e. Functions
f. I/O Redirections
g. Using /dev & /proc
i. Using /dev
ii. Using /proc
h. Security Issues
i. Code Poetry
3. Shell Scripting in Practice
a. Creating & Scheduling Automatic Backup
b. Creating & Scheduling Automatic File Integrity Checker
c. DomainToIP Enumeration Script
d. Start & Stop GRE Tunneling Script
e. Automatic Default Routing Switcher Script
f. Start & Stop Firewall Script
g. Start & Stop Bandwith Management Script
h. Datacomm needs?? Q&A

Just download this paper at here and all bash script presented here. Oke, that’s all and hope it help! Enjoy :)

 

7

May

2010

Hacker develops multi-platform rootkit for ATMs

By IPSECS Admin. Posted in News | No Comments »

One year after his Black Hat talk on Automated Teller Machine security vulnerabilities was yanked by his employer, security researcher Barnaby Jack plans to deliver the talk and disclose a new ATM rootkit at the computer security conference.

He plans to give the talk, entitled “Jackpotting Automated Teller Machines,” at the Black Hat Las Vegas conference, held July 28 and 29.

Jack will demonstrate several ways of attacking ATM machines, including remote, network-based attacks. He will also reveal a “multi-platform ATM rootkit,” and will discuss things that the ATM industry can do to protect itself from such attacks, he writes in his description of the talk, posted this week to the Black Hat Web site.

Jack was set to discuss ATM security problems at last year’s conference, but his employer, Juniper Networks, made him pull the presentation after getting complaints from an ATM maker that was worried that the information he had discovered could be misused.

The security researcher found a straightforward way of getting around Juniper’s objections, however. Last month, he took a new job as director of security research with IOActive.

ATM machines do get compromised, but in a roundabout way. Thieves often hit them by installing card skimmers on them to extract magnetic stripe data from the cards. Then, using a hidden video camera, they steal login numbers. Using all of this information, the crooks can build their own duplicate cards and empty bank accounts.

But Jack’s talk looks at a new area: bugs in the software used to run the machines.

He’s taken advantage of the extra year provided by Juniper’s ban to do more research. “Last year, there was one ATM; this year, I’m doubling down and bringing two new model ATMs from two major vendors,” Jack says in his talk description. The security researcher couldn’t immediately be reached for comment.

Jack doesn’t say which ATMs he plans to discuss, but it could be any major vendor, according to Black Hat Director Jeff Moss. “He’s got a living room full of a lot of different brands of ATMs, and they all seem to suffer from one or the other problem,” he said.

ATMs haven’t received a lot of serious scrutiny by security researchers, so Jack’s talk will break new ground, Moss said. “Apparently you can make all the money come out,” he said.

Source: www.networkland.com

 

7

May

2010

More About Computer Forensics

By IPSECS Admin. Posted in Forensics | No Comments »

Computer forensics is part of information security in finding legal evidence on computers and digital storage media. You can find more about forensics resource on internet which some of them are free, yeah it’s free!

We have Open Source Computer Forensics Manual at http://oscfmanual.sourceforge.net. We also have cool article (book) entitled with “Forensic Discovery” at http://www.porcupine.org/forensics/ which published freely and completed with some tools. You can follow  http://blogs.sans.org/computer-forensics/ or read First Responders Guide to Computer Forensics at CERT.

Finally, you can download some free book about forensics and information security here.

 

6

May

2010

PHPNuke 7.0/8.1/8.1.35 Remote Code Execution

By IPSECS Admin. Posted in News | No Comments »

PHPNuke is old and mature Content Management System (CMS), but once again hacker proofes us that’s nothing 100% secure. Its maturity doesn’t guarantee its security, PHPNuke is vulnerable to remote code execution which can be exploited to compromise apache user.

Most fearsome statement from the author of the exploit is that about wormable remote code execution in PHPNuke. Since PHPNuke is one of the most popular CMS used by many webmasters, then how many sites will be compromised? Well then, just take the proof of concept here.

 

6

May

2010

Last minute checks for DNSSEC upgrade

By IPSECS Admin. Posted in News | No Comments »

Network admins prepare for internet security upgrade.

Network administrators are being encouraged to run some last minute checks on their DNS servers, routers and firewalls before the final cluster of the internet’s root servers are loaded up with the DNSSEC security upgrade tomorrow night.

As reported late last week on iTnews.com.au, from May 5 the DNSSEC upgrade will attach a digital signature to every response from the root servers where the DNS resolver is configured to request signed answers (via setting the DO bit in the Extensions to DNS – EDNS settings) to requests for an internet page, in order to provide an additional layer of assurance for internet users that they are connecting to the correct page.

Concerns have been raised that the upgrade might cause some problems for network administrators working with older networking equipment that is preconfigured to either not accept DNS responses over 512 bytes or not accept DNS responses split into several packets using the TCP protocol.

ICANN’s latest update on the upgrade, released yesterday, confirmed that root server cluster ‘J-Root’ is the last of 13 root server clusters to transition to DNSSEC on May 5 at 1700 – 1900 UTC.

Read more »

 

13

Dec

2009

Buffer Overflow & Format String

By IPSECS Admin. Posted in Exploitation | No Comments »

This is really old archive, it’s almost three years since January 2007. But, i guess this will really be useful to start learning. Check this out.

 

Can you imagine our indonesian internet core routing to be shutted down? None can browse their email, open facebook, or just search through google. Can you imagine indonesian internet banking stopped working for a while? Automatic Teller Machine (ATM) won’t work to response your request? That’s all just the lowest risk when core routing to be compromised.

Can you imagine when your confidential data to be sniffed without none notice it? Can you imagine when your username and password to be stealed? Oh that’s not big deal huh? But try to imagine your banking transaction to be intercepted and modified, yeah that’s the real fear on digital world. Hell yeah, this paper explains you how that problems are possible. This paper try to tell you how weak our indonesian core routing infrastructure, check it out!

 

3

Dec

2009

Another FreeBSD Root Exploit Leaked!

By IPSECS Admin. Posted in Exploitation | No Comments »

The latest version of freebsd is found to be vulnerable. This vulnerability is found in run time link editor (rtld) which can be tricked to accept LD variables even on setugid binaries. You might see this flaw by analyzing this exploit.

With this leaked exploit, it’s more than 10 exploitable vulnerability leaked to public this year (2009)! So it’s that true if freebsd as secure as what people said?!

 

24

Nov

2009

Web Backdooring & Keylogging

By IPSECS Admin. Posted in Exploitation, Presentation | 1 Comment »

Thinking how to backdoor & keylog website in unusual way is something that fun to be implemented. Kiddies usually use public backdoor to come back to compromised server or website, dumping the database, and cracking hash of confidential information likes password and CC number. Public backdoor is somewhat easy to be detected by administrator while hash cracking sometimes gives no result.

Modifying source code of website to be a backdoor and keylogger is not kind of new technique, but just few kiddies know about this. By modifying the source code, we can make more invisible backdoor than using public ones. We also can record confidential information likes password and CC number in plaintext, so we don’t have to crack it. I have implemented this technique in phpbb3, modifying its source code become backdoor & keylogger. This concept can be used to modify ecommerce application so just try to imagine when your CC number being stolen.

Download my paper, presentation, and phpbb3 patch which has been presented in STIMIK Palcomtech Palembang.

 

17

Sep

2009

idsecconf 2009 Call For Paper

By IPSECS Admin. Posted in News | No Comments »

Kami dari komite idsecconf 2009 memberi kesempatan pada rekan-rekan penggiat keamanan komputer di seluruh Indonesia untuk berpartisipasi lewat penyerahan paper. Topik yang kami cari adalah seperti di bawah ini:

* Web hacking
* Wireless hacking
* Metode Penetration testing
* Forensic dan Anti Forensic
* Kriptografi
* Fuzzing
* Exploit writing
* System hardening
* Lock Picking
* Open Hardware Implementation

Jika anda memiliki judul paper diluar cakupan topik diatas, kami masih terbuka untuk mempertimbangkannya selama masih berkaitan dengan security.

Format paper adalah file Open Office Writer dengan ukuran halaman “Letter” Gambar bisa langsung disisipkan ke dalam dokumen atau dibuat terpisah. Format gambar adalah PNG dengan ukuran dimensi maksimal (lebar x tinggi ) 640 x 480 pixel dengan resolusi 72 pixel per inch. Jika nama file dipisahkan, mohon nama file dirujuk dari naskah. Setiap gambar harap disertai keterangan secukupnya.

Naskah yang dikirimkan juga sudah harus mencakup:

# Nick, email dan nomer telepon yang bisa dihubungi
# Biografi singkat, afiliasi, dan achievement (Maksimal 250 Kata).
# Rangkuman dari Persentasi (Abstraksi)(Maksimal 1250 Kata)
# Peralatan Pendukung yang dibutuhkan (video, internet, wireless, audio, etc.)
# Durasi yang di butuhkan (60 menit, 90 menit, 120 menit)

Pengiriman naskah ditujukan ke e-mail address: submitHAPUSHURUFBESAR@idsecconf.org dan
diterima paling lambat Jumat, 18 September 2009.

Keputusan penerimaan atau penolakan paper adalah sepenuhnya wewenang komite idsecconf 2009 dan tidak bisa diganggu gugat. Bagi yang papernya diterima, akan menerima pemberitahuan tertulis lewat e-mail untuk persiapan presentasi on-stage pada acara idsecconf 2009.

Kami tunggu partisipasi anda semuanya!

salam,

komite idsecconf 2009

 

An independent security consultant publicized this week the details to a critical flaw in the server message block version 2 (SMB2) component of Microsoft’s Windows Vista, Windows Server 2008, and the release candidate for Windows 7.

The researcher, Laurent Gaffié, claimed in his advisory that the vulnerability causes a Blue Screen of Death, a pernicious crash on Windows system, but other researchers have subsequently concluded that the flaw is actually remotely exploitable, a more serious issue.

Microsoft acknowledged the flaw on Tuesday in an advisory. The flaw does not affect the latest version of Windows 7, Windows Server 2008 R2, nor Windows XP, the company stated. Microsoft took the researcher to task for disclosing the information before it fixed the security issue.

Yet, Gaffié argued that the disclosure was fair. The software company should have done more software quality assurance (SQA) on the networking components, he said in an e-mail interview with SecurityFocus. If they did, they would have easily found the issue — it took his fuzzer only 15 packets to crash the component, he said.

“So I personally think the one who has been irresponsible is Microsoft for shipping this driver on any Server 2008, Vista, and Windows 7 (system) without doing any SQA and security review,” he responded.

Gaffié said he notified the company, but had a typo in the e-mail address.

The flaw was disclosed on Monday, the day before Microsoft’s regularly scheduled patch day. The software giant issued five patches for eight vulnerabilities, including three flaws in the company’s TCP/IP networking stack. Other flaws affected Windows’ Javascript engine and its Windows Media components.

While Microsoft has not released a fix for the issue, the software giant recommended that administrators disable SMB version 2 or block the specific TCP ports (139 and 445) used by the file-sharing feature.

Source : http://www.securityfocus.com/brief/1009

 

2

Sep

2009

All Linux Kernel Are Targeted

By IPSECS Admin. Posted in Exploitation | No Comments »

Yupe, that’s true when sock_sendpage() is discovered to be vulnerable by Tavis Ormandy and Julien Tinnes. The function is vulnerable to NULL pointer dereference that can be exploited to escalate priviledge to be root. Most of linux kernel are reported to be vulnerable. Exploit to take advantage of this flaw has been developed and spreaded freely on internet. The exploit can be used to bypass security restriction like SElinux.

http://milw0rm.com/exploits/9435 – the first written exploit by spender of gresecurity
http://milw0rm.com/exploits/9436 – another exploit taken from www.frasunek.com
http://milw0rm.com/exploits/9479 – another exploit from p0c73n1
http://milw0rm.com/exploits/9545 – another exploit written by Ramon de Carvalho Valle of risesecurity

Download the exploit, compile and execute! BOOMMM It’s root! Finally, this post is a little bit late :D .