May 5, 2011

Anonymous after Sony responds to Congress

I think you all read the news that Sony responds to Congress about SOE was hacked. Sony say  that investigators found a file on one of the servers named "Anonymous" with the words "We are Legion" inside it. (See detail in the news). But now Anonymous has released the message again about that. I don't sure this message is from Anomyous Group or not(fake?). Let's look at the message.

Update the video from Anonymous Group, you can determine by yourselves about this video is fake or not.

Download Link:

Source Video:

Osama Bin Laden Facebook Worm [Sourcecode]

After the news of Osama Bin Laden was released, hacker take this chance to spread malicious Facebook application with Osama Bin Laden's video.

This post want to warn you do not click it 'cause it just fake message to get your privilege in Facebook.And I got the source code of this app. from twitter.

If you want to see the source code what it's look like, please go to the link.


May 3, 2011

HTML5 XmlHttpRequest 2 - Cross origin request

Great article of HTML5.

HTML5 specification has introduced a few enhancements for XmlHttpRequest object and one of them is the ability to make cross-origin request. That is, a host can send a XmlHttpRequest request to another host and receive a response in return. On the server-side, a check can be made to see whether the request can be accepted from the given origin. In this post I'll try to explain how this can be done using ColdFusion.

Client side:

On the client side, a XmlHttpRequest object is created and then a GET request is made to the remote server.

 var client = new XMLHttpRequest();  
 client.onreadystatechange = readyStateChangeHandler;"GET","http://{remote-address}/{path-to-file}.cfm",true);  

For example, say wants to get a response from another domain say, then as observed from the above code the request would look like:"GET","",true);  

Server side:

When a request is sent to the server, the request header would contain a key ORIGIN whose value will be the domain name from which the request was made. In this case the value would be The server side code can then perform a check to see whether the request origin belongs to the list of origins from which the request can be accepted.

 <cfif structKeyExists(getHTTPRequestData().headers,"origin") >  
      <cfset origin = getHTTPRequestData().headers.origin />  
      <cfif origin eq "">  
           <cfheader name="Access-Control-Allow-Origin"  

As seen from the above code, the response header ACCESS-CONTROL-ALLOW-ORIGIN is set to allow cross-origin requests from This now enables requests from to be served from 


Tools for Anonymous

Reddit: Creating a subreddit at is an easy way to implement a communication/collaboration platform whereby participants can submit ideas and relevant info which may then be voted up or down based on perceived relevance and utility. To the extent that the judgement of participants is sound, the most useful data will rise to the top and thus be more readily accessible; this is an example of a crowd-sourced information filter.
IRC: IRC provides for an easy-to-use method of realtime communication. Download a free IRC client and join or another server of your choice. Type /join #(name of room you'd like) to join and create a new room. Invite participants and prospective participants.
Free Mind: Free-to-use mapping software useful for organizing information of all sorts, visualizing relationships, etc.
Gliffy: A web app diagram software, also usefull for organizing information and sharing documents in its cloud storages with friends.
Wikis: Setting up a wiki is a good method by which to compile information in a useful way that is easily accessible to the public.
Blog: One good option for both taking in and putting out information while also providing a central node for organization. Remember to think of a blog in terms of its actual functions, rather than its general associations - administrators can post some element of data and others may attach data below via comments.
Etherpad: and are etherpads - “multiplayer notepads” - by which several people can write and edit at once. One purpose for this is to head the document with a call for ideas on a particular subject and then drop the link in some venue where potential participants are assembled. Groups of participants can quickly produce press releases and guides or compile information on a subject, such as a company or individual. Excellent way to aggregate links in a readable form.  Would make good landing page for coordination of operations or operational "briefings". Semi-anonymous video chat. Excellent for ad-hoc meetings. Disposable web based IRC like chat rooms Disposable web based IRC like chat rooms Anonymous disposable web based chat rooms UUID based Create disposable named web based chat rooms UUID based disposable web chat UUID based disposable web chat UUID based disposable web chat similar to anologue password protected quick message passing Anonymous blogging system Text based web page hosting; excellent for publishing documents anonymous message passing system free website hosting HTML based web page hosting Easy to use wiki hosting Wiki hosting Drag & Drop file sharing File sharing at it's best; has a realtime filesharing option on by default (this means you can upload files and someone can download while you are uploading) Personal information aggregator.  Recommended use it aggregation of other content Anonymous web hosting (HTML and some mark-up supported) Send files to multiple file-sharing sites at once Realtime file-sharing  allows you to create a site to argue anything, useful for testing ideas encrypted pastebin social networking search engine turn any webpage into a PDF instantly.  excellent for capturing information for posterity (in case it gets taken down for example) Web based IRC like disposable chat rooms Personalized URL redirection good for creating faux domains for projects or acting as a project entry point. instant web based desktop sharing (supports Win32 and OSX) easy way to determine your current ip address create a "newspaper" from public social networking sources good for monitoring activity save a web page, read it later generate shallow cover identities (not good for long term operations, will not provide deep cover)

SSLSnoop [ Live ssl decryption from stealing keys in memory ]

  $ sudo easy_install sslsnoop
  $ mkdir outputs

You really have to. Please.
  $ sudo sslsnoop    # try ssh, sshd and ssh-agent... for various things
  $ sudo sslsnoop-openssh live `pgrep ssh`       # dumps SSH decrypted traffic in outputs/
  $ sudo sslsnoop-openssh offline --help         # dumps SSH decrypted traffic in outputs/ from a pcap file
  $ sudo sslsnoop-openssl `pgrep ssh-agent` # dumps RSA and DSA keys

and go and check outputs/.

hints :
a) works if scapy doesn't drop packets. using pcap instead of SOCK_RAW  helps a lot now.
b) works better on interactive traffic with no traffic at the time of the ptrace. It follows the flow, after that.
c) Dumps one file by fd in outputs/
d) Attaching a process is quickier with --addr 0xb788aa98 as provided by haystack
    INFO:abouchet:found instance <class 'ctypes_openssh.session_state'> @ 0xb788aa98
e) how to get a pickled session_state file :
  $ sudo haystack --pid `pgrep ssh` sslsnoop.ctypes_openssh.session_state search > ss.pickled
If you want to download it, please go to the Source.