Blogs

chrom dox

(function(define, require, requireNative, requireAsync, exports, console, privates,$Array, $Function, $JSON, $Object, $RegExp, $String, $Error) {'use strict';// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

// chrome.runtime.messaging API implementation.

// TODO(kalman): factor requiring chrome out of here.
var chrome = requireNative('chrome').GetChrome();
var Event = require('event_bindings').Event;
var lastError = require('lastError');
var logActivity = requireNative('activityLogger');
var logging = requireNative('logging');
var messagingNatives = requireNative('messaging_natives');
var processNatives = requireNative('process');
var utils = require('utils');
var messagingUtils = require('messaging_utils');

// The reserved channel name for the sendRequest/send(Native)Message APIs.
// Note: sendRequest is deprecated.
var kRequestChannel = "chrome.extension.sendRequest";
var kMessageChannel = "chrome.runtime.sendMessage";
var kNativeMessageChannel = "chrome.runtime.sendNativeMessage";

// Map of port IDs to port object.
var ports = {};

// Change even to odd and vice versa, to get the other side of a given
// channel.
function getOppositePortId(portId) { return portId ^ 1; }

// Port object. Represents a connection to another script context through
// which messages can be passed.
function PortImpl(portId, opt_name) {
this.portId_ = portId;
this.name = opt_name;

var portSchema = {name: 'port', $ref: 'runtime.Port'};
var options = {unmanaged: true};
this.onDisconnect = new Event(null, [portSchema], options);
this.onMessage = new Event(
null,
[{name: 'message', type: 'any', optional: true}, portSchema],
options);
this.onDestroy_ = null;
}

Look for TWCable routers..Examples below..

___WiFi_Passwords________
#1:
SSID: "DG1670A52"
psk: "DG1670ACF5052"
Key MGMT: WPA-PSK
#2:
SSID: "DG1670AD2"
psk: "DG1670AA9EBD2"
Key MGMT: WPA-PSK
#3:
SSID: "TC8715D0D"
psk: "TC8715DB3270D"
Key MGMT: WPA-PSK
#4:
SSID: "TC8717T26"
psk: "TC8717T111726"
Key MGMT: WPA-PSK
#5:
SSID: "TG862G12"
psk: "TG862GBF4E12"
Key MGMT: WPA-PSK

Sik1est3 /G\

WIFI PASSWORD LESS THAN 15 SECONDS!!

First download Router Keygen Apk..this app gives you the name of the router..and of course the Mac address.. Use the first(4) of the last (6) of the Mac address and place them in front of the last (2) of the name of the router..TimeWarner Routers only..if the route's default on its name..so is the password!! Enjoy..Sik1est3 /G\ ORDER of the TEMPLAR KNIGHTS /•\

cpanel

I have a problem of login into admin accounts (cpanel, inmotion hosting etc...). Last several websites that i have hacked using SQL injection , and obtaining admin username,password , as well as finding admin login pages (admin_panel_finder.py) . Every time same message (INVALID LOGIN).....Can anyone help???
Thanks for your time!!!!
P.S. This is a link to my latest failed admin login attempted:

http://www.gulf1bank.com/cpanel/

username: Admin
password: wtjV0uFSoKRRl6Y%3D

The Linux Security Circus: On GUI isolation

The Linux Security Circus: On GUI isolation
There certainly is one thing that most Linux users
don't realize about their Linux systems... this is the
lack of GUI-level isolation, and how it essentially
nullifies all the desktop security. I wrote about it a
few times, I spoke about it a few times, yet I still
come across people who don't realize it all the time.
So, let me stress this one more time: if you have two
GUI applications, e.g. an OpenOffice Word Processor,
and a stupid Tetris game, both of which granted
access to your screen (your X server), then there is
no isolation between those two apps. Even if they run
as different user accounts! Even if they are somehow
sandboxed by SELinux or whatever! None, zero, null,
nil!
The X server architecture, designed long time ago by
some happy hippies who just thought all the people
apps are good and non-malicious, simply allows any
GUI application to control any other one. No bugs, no
exploits, no tricks, are required. This is all by design.
One application can sniff or inject keystrokes to
another one, can take snapshots of the screen
occupied by windows belonging to another one, etc.
If you don't believe me, I suggest you do a simple
experiment. Open a terminal window, as normal
user, and run xinput list, which is a standard
diagnostic program for Xorg (on Fedora you will likely
need to install it first: yum install xorg-x11-apps):
$ xinput list
It will show you all the pointer and keyboard devices
that your Xorg knows about. Note the ID of the device
listed as “AT keyboard” and then run (as normal
user!):
$ xinput test id
It should now start displaying the scancodes for all
the keys you press on the keyboard. If it doesn't, it
means you used a wrong device ID.
Now, for the best, start another terminal window,
and switch to root (e.g. using su, or sudo). Notice
how the xinput running as user is able to sniff all
your keystrokes, including root password (for su),
and then all the keystrokes you enter in your root
session. Start some GUI app as root, or as different
user, again notice how your xinput can sniff all the
keystrokes you enter to this other app!
Yes, I can understand what is happening in your
mind and heart right now... Don't worry, others have
also passed through it. Feel free to hate me, throw
out insults at me, etc. I don't mind, really (I just won't
moderate them). When you calm down, continue
reading.
In Qubes the above problem doesn't exist, because
each domain (each AppVM) has it own local, isolated,
dummy X server. The main X server, that runs in
Dom0 and that handles the real display is never
exposed to any of the AppVMs directly (AppVMs
cannot connect to it via the X protocol). For details
see this technical overview.
You can repeat the same experiment in Qubes. You
just need to use the ID of the “qubesdev” device, as
shown by xinput list (should be 7). Run the xinput in
one of your domains, e.g. in the “red” one. Because
we actually use the same device for both mouse and
keystrokes, you should now see both the key
scancodes, as well as all the mouse events. Notice
how your xinput is able to sniff all the events that are
destined for other apps belonging to the same
domain where you run xinput, and how it is unable to
sniff anything targeted to other domains, or Dom0.
BTW, Windows is the only one mainstream OS I'm
aware of, that actually attempts to implement some
form of GUI-level isolation, starting from Windows
Vista. See e.g. this ancient article I wrote in the days
when I used Vista at my primary laptop. Of course,
it's still easy to bypass this isolation, because of the
huge interface that is exposed to each GUI client (that
also includes GPU API). Nevertheless, they at least
attempt to prevent this at the architecture level.

Real thoughts on Defcon 23

Hey, I hope everybody enjoys the intentionally ridiculous Amp Blasts post that I made about Defcon 23. The big theme I generally have for these posts is that they are based on elements of truth but made to be ridiculous to the point where it comes off as funny. With that in mind I figured that I should share my genuine thoughts about my experience with Defcon 23 as it was an important event for me for reasons different than most people.

Originally, I wasn't planning on going to Defcon due to the fact that I figured I had no legitimate incentive to go back due to how the event has inherently changed over the years. What changed though was that I gave my Elena (my girlfriend during Defcon, now my fiance) the choice on if she wanted to go to Vegas or not and that if we did it would be more of a general vacation which Defcon would just be one aspect of. I honestly didn't expect her to say yes to this so the end result was that I ended up back at Defcon. Overall, the sad reality though is that while I did enjoy that trip to Vegas as it afforded the opportunity for myself and Elena to take a much needed vacation, the reality is that for myself (along with Blake and other SX associates who attended the event) it was probably the least enjoyable Defcon overall.

Now, I'm going to state upfront one important reality about why this may be the case. When SX and many of its associates started to attend this event, we all did it during the Alexis Park era which was much more intimate. Thus I feel one thing that can be pointed out is that part of what happened may be the fact that there may be an element of nostalgia for some of us now for that era. However, this doesn't encompass the reasons that were stated though for feeling this way.

Amp Blasts: Defcon 23

Disclaimer: The following is intended to be an intentionally ridiculous post parodying internet rage. I hope everybody is able to enjoy this. Also, an actual post on my Defcon 23 experience will be posted shortly after this goes up as beyond this post I wanted to share my genuine thoughts on the event. I apologize for not writing this sooner as well.

I remember in 2000, Badger, Blake, and myself all walked into Defcon for the first time representing SX. It was a hell of an experience and gave us an opportunity to meet like-minded people which is something that due to the locations that the three of us came from, was extremely rare. In my case, I inadvertently became a part of the crew after making some flashwork and starting to write some tutorials so it was an inadvertent fluke which I am more than willing to admit to. Over the years me and Blake continued to attend Defcon, albeit infrequently and after Defcon 23, we both agreed that it fucking sucked.

Let's face it, we both already know that by becoming a bigger event and revamping to be more generally accessible we would face an element of idiocracy. However, it went far beyond what we saw from Defcon 21 and 22 by leaps and bounds. Splitting up the convention between two hotels and having people travel between them amongst non-con attendees was one of the worst decisions that was made by far. What was the thing that was beyond ridiculous though was that they have already confirmed that the same thing will be going on for Defcon 24 despite saying that they would have a better gameplan. I'm waiving a giant brown bullshit flag on this and I am not the only one.

About w0rm

So me. I am a high school student that loves to program and make things. My love for programming was started by my dad, who himself is an insane programmer, and a really smart guy. My first programming experience was back in 2007(I was 8 ), when my dad installed Flash MX on my computer. He installed flash on my computer just because he had another copy, and he thought that it would be fun thing for me to do. The first program I ever made(with my dad), was not your hello world program, but a program that did this:

In pseudocode:

int dog_number = 1;

while(dog < 10){
print("Dog" + dog_number + "chased the cat");
dog_number += 1;
}

At the time I thought it was such a dumb program. I was little, and I wanted to program games, not little programs that did apparently nothing. I wanted to do visual things, but my dad made me learn core actionscript. That did teach me an important lesson when I started to program games, as I knew the language in it's entirety when I moved on to making games. What he taught me was to learn the language, not just know enough to get by.

The first flash game that I made was dumb. It wasn't even a game. And I thought it was so cool. I made a little flash magic 8 ball. My first thing I did all by my self.

The next thing I got into was HTML, CSS, and JavaScript. After learning a lot, I tried to make a little webpage maker, that was in the browser. Long story short, I didn't think it through at all, but it did work. The web pages just looked really bad. My dad saw I was trying to make interactive web pages, so he installed WAMP server on my computer, so I could mess around with server side stuff. This was like when I was 10. PHP was really hard for me; so was SQL, and my next project that I worked on for a while was trying to make a simple forum from scratch. What it ended up being was a simple anonymous text bulletin board(I was to dumb to figure out how to make it so you could have users).

5.10.0

Thanks for all the hard work and effort being put in to this for feeble folks like me. We would not survive without peeps like the testers and everyone involved! Thank you, thank you, and thank you a thousand times. I know it is time consuming, so I want you all to know how much we appreciate it. Thanks.

Verzon.net Exploit PoC

Introduction
This is a Proof of Concept article describing a BlackBox pentest on a low-level target giving way to a High-level vulnerability in a big name company.

During Pre-engagement the target was identified only by BSSID and ESSID (great..one of those tests). The reinterpreted mission Scope: "Reconnect target 'without' brute-force or noisy network activity." The verbatim Scope: "Discover any possibilities of attacking victim or victims account status without using aggressive attack methods."

For this mission 'Wifi Hacking', 'Common Sense', & 'Possible Social Engineering' are at the disposal of the attacker.

You can read my notes at the end of this article

[disclaimer statement]

For obvious reasons detailed steps are omitted for sake of brevity and the safety of other innocent targets which are not aware of attacker activities. Please note: I am trained and authorized to perform these objectives disclosed in this article. I assume no responsibility for others attempting to reproduce the actions discussed in this article. If you are aware of the missing information, please be ethical in your actions.

As always, the information I provide in articles is purely for Educational purposes ONLY!

[/disclaimer statement]

Mission 1: Identify the Target

Identifying the target proved to be an easy task since the target is identified by BSSID and ESSID only. Naturally, a scan within range of the Pre-engagement site topped the list of 'to-dos'. To begin this objective Airmon-ng, Airodump-ng and Aircrack-ng are the tools of choice.

(Note: If you are unaware of the steps required to perform this attack, consult google. Describing the syntax and options used in a Wifi attack are beyond the scope of this article. This is not a tutorial)

//Airmon-ng succeeded in starting interface
//Airodump-g succeeded in displaying APs

Syndicate content