Apr 27, 2012

Skype user IP-address disclosure

    1. Downloading this patched version of Skype 5.5:
    2. Turn on debug-log file creation via adding a few registry keys.
    3. Make "add a Skype contact" action, but not send add request, just click on user, to view his vcard(general info about user). This will be enough.
    4. Take look in the log of the desired skypename.
    The record will be like this for real user ip: -r195.100.213.25:31101
    And like this for user internal network card ip: -l172.10.5.17
    21:16:45.818 T # 3668 PresenceManager: aїљ noticing skypetestuser1 0x3e54a539a91a19fc-s-s65.55.223.23 :40013-r195 .100.213.25:31101-l172 .10.5.17:22960 23d23109 82f328ff
    5. Catch user via whois service.
    This is help you to get info about skype user: City, Country, Internet provider and internal user ip-address.
    Now you can troll him about CIA and Mossad, he-he.
    Perl script to automate the search in the debug log.
    while(<RD>){ chomp;
     if( ($line=~ /PresenceManager:/) and ($line=~ /noticing/) ){
      $line=~ /-r(\d+.\d+.\d+.\d+)/;
      print WR $line."\n";
      print WR "IP: $ip\n";
      if ($line=~ /$SKYPENAME/){
       print $line."\n";
       print "${SKYPENAME} IP: $ip\n";


Source: http://pastebin.com/rBu4jDm8

If you like my blog, Please Donate Me

Apr 26, 2012

Tor Browser on iOS

Enhance your web privacy

Onion Browser is a minimal web browser that encrypts and tunnels web traffic through the Tor onion router network and provides other tools to help browse the internet while maintaining privacy.

you can get the full detail and download it from http://v3.mike.tig.as/onionbrowser/

If you like my blog, Please Donate Me

Apr 23, 2012

Nmap script for "Detect Internet Connection Sharing"

Detects whether the remote device has ip forwarding or "Internet connection
sharing" enabled, by sending an ICMP echo request to a given target using
the scanned host as default gateway.

The given target can be a routed or a LAN host and needs to be able to respond
to ICMP requests (ping) in order for the test to be successful. In addition,
if the given target is a routed host, the scanned host needs to have the proper
routing to reach it.

In order to use the scanned host as default gateway Nmap needs to discover
the MAC address. This requires Nmap to be run in privileged mode and the host
to be on the LAN.
The script is here: http://seclists.org/nmap-dev/2012/q2/att-192/ip-forwarding.nse 

If you like my blog, Please Donate Me

Apr 22, 2012

WordPress Vulnerabilities and How to Fix Them

If you want to see all the top attack and how to defend, please go to the Source.

Vulnerability # 1: SQL Injection & URL Hacking.

The problem: WordPress is a database-backed platform that executes server-side scripts in PHP. Both of these characteristic can make WordPress vulnerable to malicious URL insertion attacks. Commands are sent to WordPress via URL parameters, which can be abused by hackers who know how to construct parameters that WordPress may misinterpret or act on without authorization.
SQL injection describes a class of these attacks in which hackers embed commands in a URL that trigger behaviors from the database. (SQL is the command language used by the MySQL database.) These attacks can reveal sensitive information about the database, potentially giving hackers entrance to modifying the actual content of your site. Many of today's web site defacement attacks are accomplished by some form of SQL Injection.
Other versions of URL hacks can trigger unintended PHP commands which, again, can lead to injecting malware or revealing sensitive information.
The defense: Most WordPress installations are hosted on the popular Apache web server. Apache uses a file named .htaccess to define the access rules for your web site. A thorough set of rules can prevent many types of SQL Injection and URL hacks from being interpreted.
The code below represents a strong set of rules that you can insert into your web site's .htaccess file that will strip URL requests of many dangerous attack injections:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^(.*)$ - [F,L]
RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
RewriteCond %{QUERY_STRING} tag\= [NC,OR]
RewriteCond %{QUERY_STRING} ftp\:  [NC,OR]
RewriteCond %{QUERY_STRING} http\:  [NC,OR]
RewriteCond %{QUERY_STRING} https\:  [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|ê|"|;|\?|\*|=$).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(&#x22;|&#x27;|&#x3C;|&#x3E;|&#x5C;|&#x7B;|&#x7C;).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127\.0).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare).* [NC]
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
RewriteRule ^(.*)$ - [F,L]

Vulnerability # 2: Access to Sensitive Files.

The problem: A typical WordPress install contains a number of files which you don’t want outsiders to access. These files, such as the WordPress configuration file, install script, and even the “readme” file should be kept private.
The defense: As with preventing URL hacking, you can add commands to the Apache .htaccess file to block access to sensitive private files. For a typical WordPress installation, the following code will block access to directory listings, plus a set of specific files related to WordPress and the Web server itself.
Options All -Indexes
<files .htaccess>
Order allow,deny
Deny from all
<files readme.html>
Order allow,deny
Deny from all
<files license.txt>
Order allow,deny
Deny from all
<files install.php>
Order allow,deny
Deny from all
<files wp-config.php>
Order allow,deny
Deny from all
<files error_log>
Order allow,deny
Deny from all
<files fantastico_fileslist.txt>
Order allow,deny
Deny from all
<files fantversion.php>
Order allow,deny
Deny from all

Vulnerability # 3: Default Admin User Account.

The problem: Many default WordPress installs include an administrator user account whose username is simply “admin”. Hackers may try to log into this account using guessed passwords.
The defense: Any element of predictability gives hackers an edge. Although a hacker would still need to guess or brute-force your password to access the admin account, you are even more secure without an “admin” account at all.
Instead, log into WordPress and create a new user with an unpredictable name. Assign administrator privileges to this user. Now delete the account named “admin”. A hacker would now need to guess both the username and password to gain administrator access, a significantly more challenging feat.

Source: http://www.esecurityplanet.com/open-source-security/top-5-wordpress-vulnerabilities-and-how-to-fix-them.html

If you like my blog, Please Donate Me