Jun 18, 2011

Find Malware Site.

I found the new great site to find malware website. Click the pic. if you want to try.

Jun 17, 2011

Sniffing using iptables

If you want to see full detail, please go to the Source.

  • Capture packets generated by user nobody to file nobody.pcap
  • # iptables -A OUTPUT -m owner --uid-owner nobody -j CONNMARK --set-mark 1 # iptables -A INPUT -m connmark --mark 1 -j NFLOG --nflog-group 30  # iptables -A OUTPUT -m connmark --mark 1 -j NFLOG --nflog-group 30  # dumpcap -i nflog:30 -w uid-1000.pcap
  • Capture tcp packets from/to port 80
  • # iptables -A INPUT -p tcp -m tcp --sport 80 -j NFLOG --nflog-group 40  # iptables -A OUTPUT -p tcp -m tcp --dport 80 -j NFLOG --nflog-group 40  # dumpcap -i nflog:40 -w port-80.pcap

Source:  http://www.honeynet.org/node/690

Jun 13, 2011

Howto: Find free proxy with Google Search

Today, I want to use proxy to make me anonymous. And I want to use Google search to do find the list of proxy. This is keyword that I use to find the list.

”:8080? +”:3128? +”:80? filetype:txt

Now, try by yourself. What do you get from the search.

Sony Breach All [2011-04 -> Now]

I cut some records from the Source. And take in this post with my form. If you want to see full detail of attack or another news. Please go to the Source.

Now the score : Hackers 20 - 0 Sony

1    2011-04-04     Site: Anonymous Engages in Sony DDoS Attacks Over GeoHot PS3 Lawsuit
    The group Anonymous declares Sony an enemy and begins a DDoS attack against PSN over the 'GeoHot' lawsuit filed earlier in the year.

2     2011-04-26     Site: PlayStation Network (PSN) Hacked    By: Anonymous (?)
    Sony admits attack took place between April 17 and 19, but did not disclose until around the 26th. Anonymous blamed by Sony initially, but denies involvement in hack.
    Records breached: 77 million names, addresses, email addresses, birthdates, PlayStation Network/Qriocity passwords and logins, handle/PSN online ID, profile data, purchase history and possibly credit cards obtained (DatalossDB Entry)

3     2011-05-02     Site: Sony Online Entertainment (SOE) hacked SOE Network Taken Offline
    Records breached: 24.6 million customer dates of birth, email addresses and phone numbers, including 12,700 non-U.S. credit or debit card numbers and expiration dates and about 10,700 direct debit records including bank account numbers (DatalossDB Entry)

4    2011-05-07     Site: Sony succumbs to another hack leaking 2,500 "old records" By: Sony(Himself)
    This information was available via a Sony website and indexed by Google. This was not a "hack" by any means. File originally found at products.sel.sony.com/shared/santa/dbs/sweepstake.xls (now offline)
    Records Breached: 2,500 names and partial addresses of 2001 Sony sweepstakes

5     2011-05-17     Site: PSN Accounts still subject to a vulnerability    By: unknown
    With this vulnerability, an attacker has the ability to change a user's password using only their account's email and date of birth. Rumors suggest it was being exploited by bad guys.
    Update: Prolexic did provide services to Sony, but only for DDoS mitigation.

6     2011-05-20     Site: Phishing site found on a Sony server    By: unknown
7     2011-05-21     Site: Hack on Sony-owned ISP steals $1,220 in virtual cash (So-net Entertainment Corp)    By: unknown
    Records Breached: e-mail and virtual currency of 128 accounts

8     2011-05-21     Site: Sony Music Indonesia Defaced By k4L0ng666    By: k4L0ng666
    No evidence of personal information being compromised.

9     2011-05-22     Site: Sony BMG Greece the latest hacked Sony site    By: b4d_vipera
    Apparently done via SQL Injection. Pastebin dump
    Records Breached: 8,500 usernames, email addresses, phone numbers and password hashes (DatalossDB Entry)

10     2011-05-23     Site: LulzSec leak Sony's Japanese Websites    By: LulzSec
    SQL Injection in www.sonymusic.co.jp Sophos says databases do "not contain names, passwords or other personally identifiable information"

11     2011-05-24     Site: Sony says hacker stole 2,000 records from Canadian site (Sony Erricson)    By: Idahc
    Sony Ericsson Got Hacked by Idahc - Lebanese hacker via SQL Injection Idahc dumped 1,000 of the cords to http://pastebin.com/4YGAWxQZ (since removed)
    Records Breached: Email addresses, passwords and names of 2,000 users (DatalossDB Entry)

12     2011-06-02     Site: LulzSec versus Sony Pictures    By: LulzSec
    Sophos says 4.5 million records exposed. LulzSec initially thought to target the elderly, but clarify they dumped the database by DoB and stopped at 1943. Lulz? Sony hackers deny responsibility for misuse of leaked data
    Records breached: Over 1,000,000 users' passwords, email addresses, home addresses, dates of birth, as well as administrator login passwords. Information taken from AutoTrader users database, Summer of Restless Beauty users database, Sony Wonder coupons database, Sony Wonder music codes database, Seinfeld Del Boca Vista database (DatalossDB Entry)

13     2011-06-02     Site: Sony BMG Belgium (sonybmg.be) database exposed    By: LulzSec
    Records Breached: Email addresses, usernames, cleartext passwords, internal release dates of records, sales reports (DatalossDB Entry)

14     2011-06-02     Site: Sony BMG Netherlands (sonybmg.nl) database exposed    By: LulzSec
    Records Breached: Usernames, cleartext passwords

15     2011-06-03     Site: Sony Europe database leaked    By: Idahc
    Dump of the apps.pro.sony.eu database via SQL Injection
    Records Breached: 120 names, phone numbers and e-mail addresses (DatalossDB Entry)

16     2011-06-05     Site: Sony Pictures Russia (www.sonypictures.ru) databases leaked    By: unknown
    Another SQL injection attack. @LulzSec confirms they did not find it.
    Records Breached: all (?) databases of Sony Pictures Russia

17     2011-06-06     Site: LulzSec Hackers Post Sony Computer Entertainment Developer Network (SCE Devnet)    By: LulzSec
    LulzSec "press release" on incident
    Data Leaked: 54meg torrent of Sony Computer Entertainment Developer Network (SCE Devnet) source code

18     2011-06-06     Site: LulzSec hits Sony BMG, leaks internal network maps>    By: LulzSec
    While @LulzSec released the data in one torrent, the group confirmed the BMG maps did not come from SCE Devnet (tweet since deleted), making this a distinct and separate compromise.
    Data Leaked: Sony BMG internal network maps

19     2011-06-08     Site: Sony Portugal latest to fall to hackers    By: Idahc
    Dump of the sonymusic.pt database. Idahc says he found SQL injection, cross-site scripting (XSS) and Iframe injection vulnerabilities in the site.
    Records Breached: Customer e-mail addresses

20     2011-06-08     Site: Spoofing lead to fraud via shopping coupons at Sonisutoa / My Sony Club (Google Translation)    By: unknown
    Through "spoofing", an attacker used 95 accounts to exchange online shopping coupons worth 278,000 points at Sonisutoa (My Sony Club), defrauding Sony of ~ 280,000 yen (~ US$3,500). Sony cannot confirm if e-mail addresses or passwords were leaked.

Source:  http://attrition.org/security/rants/sony_aka_sownage.html