Aug 25

Unpack JS

Tagged as , , , , under Info Is Wealth, Technology 2 Comments »

Without any intro - crap that I usually write explaining why I had to write this post, I’m going for the subject. You(general junta or web developers or scared security guys) might see some eval packed javascript which phishing idiots ask you to copy paste on your URL bar and hit enter key.

Unpacking JS is a PITA was an answer that my brain use to give whenever I think about it. Just now, I found a very easy method to convert it into readable Javascript without any extra tool (IE boys, run away) Its very simple in FF or Opera.

FF guys, all you need to do is …

  1. Copy the eval packed JS. something like —- eval(function(p,a,c,k,e,d){e=function(c) …………………. }
  2. Open Error Console on your firefox
  3. Paste the packed JS in Code input tab
  4. Add eval = alert; at the beginning of the code
  5. Hit Evaluate

You will get the proper javascript for the packed javascript. Copy paste it into any code prettifier. It will become perfectly readable. Opera folks, follow this. Packed JS is a huge asset for Phishing as who would have expected that packed JS in this code will make you join around 26 communities and send some stupid message to all your friends without your knowledge as soon as you copy paste some JS code on your URL bar and hit enter.

Aug 03

Escape from Phishing Nets

Tagged as , , , , under Info Is Wealth, Technology 3 Comments »

Recently, too much action happening when it comes to email accounts. Couple of friends complained that they’ve lost their logins all of a sudden. One friend from college complained that his girl’s email account was compromised. They believe that some hacker at brazil opened his terminal and wrote ./hack user@gmail.com to hack them. Few really think that it as simple as opening Microsoft Word and write “Access Granted” in Green color to hack.

I want to tell them one thing. These days, most of the email services are fairly secure ( *cough* *cough* Not talking about rediff which added ssl login a month before or India times which use to save password in cookie as plain text) But, I’m talking about services like Gmail or Yahoo. But, we need to accept the fact that even though we are intelligent and we’ve some protection on our computers like Antivirus, firewalls for windows folks, or like my friend Hari tells, install Linux, or as Ashok suggests OS X … we are busy most of the time. Some times, we don’t use our brain while doing some small things.

You would be talking to your friend on mobile phone and checking orkut for new scraps. The guy one phone might be telling you about his new project or something like that and you are involved in the chat. There could be some scrap from a girl … Karteek, greeting card for you !!! As usual, we click on the link, and it tells you that you need to login to view the card and you just login while talking on phone.

[Recap]

What happened ? -> You clicked on the link

After that ? -> It asked you to login

Then ? -> You logged in

Then -> It might tell you to login again as your password is wrong

After that ??? -> You logged in or it logged you in automatically or you just left it

Now, the analysis part. Well, nothing big happened. You were just Phished. You tried to login to a service on a fake login screen. You might lose many things through that username and password (your email might have much info).

Now, coming to the important part, how to escape from it ? Well, be careful is my answer. But, I know that I told you that we might just get carried away sometimes. For that I coded a small greasemonkey script which will protect you from low level phishing attacks. Yes, only low level. If the hacker is intelligent, he can game it easily, but most of the time intelligent hackers have much more useful things to do than to hack you. So, dont worry much about it.

The script is well commented. It doesn’t do wonders but just serves the purpose. Feel free to edit it make it more useful and share with others. I dont care about licenses, so I don’t mind even if you tell your girl friend that you coded it to protect her from being phished ;)

Very important. Never ever install a greasemonkey script unless you read it and damn sure that its secure. Anyway, you can find the script here.

Update : Code made little more logical. Now it won’t annoy much. And by default, I made it support Google, Yahoo, Hotmail and Wordpress. Adding other services is very easy.