Intel Website Hacked : Another SQL Injection From Unu

This is kind of a luck because the amount of SQL injections are affecting the large website is just unbearable. This time the Hacker is one the best and my favorite hacker in the world "unu". unu have previously hacked some really popular website like The Wall Street Journal and Kaspersky Lab’s Websites.

I know this news is petty late as the Intel website was down near 23rd of December of 2009. which you can say about 1 week ago.But when the website was hacked, it was lead down and was showing a message of “investigating the matter.”

Not only is the website vulnerable to sql injection but it also allows load_file to be executed making it very dangerous because with a little patience, a writable directory can be found and injection a malicious code we get command line access with which we can do virtually anything we want with the website.

Upload phpshells, redirects, infect pages with Trojan droppers, even deface the whole website.

This is a kind of pity on the Intel security engineers,  but what can we do, if they don't pay to the security professionals....

Screenshots : Telling the Story

Screenshot tells everything, they reveal all the stuff and thus the story behind the hack of the Intel's website. Ok enjoy the story which is the based on the SQL injection.

Conclusion

The growing number of SQL injections are growing and there is a need to look at the security against the SQL injection vulnerabilities or websites like Intel will grow to the attacked and be attacked several times.

Read More →

How Youtube Got Hacked : How The F*ck She Did That ?

As Mashable Reported this Evening the YouTube video On "twista ft. do or die-do you"Hacked the Number of views on YouTube. Which is near about 79 Billion Views Actually the time i wrote this article, it was 79,441,058,538 views, which in My view is Impossible kind of stuff.

Actually the Number of Views Matter allot for the YouTube Freaks and hacking the number of views is something that everybody would want. But after reviewing the video i am pretty damn Sure its some kind of "Big Bug" in the YouTube CMS.

This is some king "Glitch" in the YouTube i think :D Best would be if anybody found it before anybody else do. The video is a "Ft. Do or Die" and if u ever read the video comments you would only get one comment out all of them.

How The F*ck She Did That ?

Video

 

How The F*ck She Did That ?

Obviously the Engineers behind the Google would be working on it and would soon give the Reply to this hack or would release any news of it. As soon as they do that you can find that Glitch and Use it.

And as a matter of fact i love this Ft.

Read More →

Windows 7 GodMode Hack [Turtorial]

Windows 7 The New shiny product of Microsoft is just revealed and some windows guys have uncovered a new Hack in Windows 7 which the team at windows call is "GodMode"

The Hack is some kind of Glitch as we have also seen the Glitch in YouTube yesterday, What this does is bring you to an new settings page which got some good options in it to play with the windows.

Obviously not the control panel settings, they contain some of the good one's in them like"Back up Your computer" and "Login Credentials" and stuff like that.

The "GodMode" Contains a List of Over 50 sections consisting of setting for you which can be enabled by a simple rename.  But it might be a new promotion by the windows guys to promote their New windows 7...

Whatever, lets focus on the Trick that we are going to apply to enable the, so called "GodMode" in windows 7.

Steps

The Hack is very easy one, with a simple rename you can access it. So don't blame me if this is Lame.

1. Create a new folder.
2. Rename the folder to
   GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
   (note that you can change the “GodMode” text, but the following period and code number are essential).
3. The folder icon will change — double click it to show the GodModewindow:

ScreenShot

Conclusion

This might be good for you as you can now apply various setting to your Windows 7 at a single place. btw i don't use Windows 7 that much, i just Love the Window Xp. It might a new promotional way by the Microsoft guys. well who cares.

- Enjoy

Read More →

@purehate_ Launches Online WPA Cracker : 10$ For 540 Million Passwords

@purehate_  is a backtrack Developer and penetration tester too. He recently Developed a New Online WPA Kracker. For cracking the passwords of the hashed network key is exchanged and validated in a “four-way handshake”.

 

This tool is great as you can see it uses nearly about 540 Million passwords to crack the WPA, well i am not sure, as i am not experienced with the WPA cracking that much. But here is what it does.

Ok i am sorry for the name, because i was unable to Find the Name, I hope to get to know his real name. but i got a guess would be Nick as it was written in the contact page as nick pure_hate. Nevermind...

What exactly does service thing do?

This is a research project, not a cracking tool. WPA-PSK is vulnerable during client association, during which the hashed network key is exchanged and validated in a “four-way handshake”. In order to use this web interface you will need the “four-way handshake”.

WPA-PSK is particularly susceptible to dictionary attacks against weak passphrases and this server can greatly improve the speed of the attack. Your cap file will be tested against a list consisting of about 540 million passwords and can take up to two hours to complete.

A email will be sent along with the results to whichever email address you specify to the uploader.

 

Direct Link

You Can Follow Him on twitter too @purehate_

His Website Ph33rbot.com

Read More →

iiScan : Security On The Cloud

iiScan the newly built tool for the pen testers is just cool as a cloud. This tool i pretty awesome as you can manage your security projects on a cloud and there are many surprises in it.

 

What iiScan does is that, on the simple basis, you built and web App, it surely contains the Vulnerability in it, they found the vulnerabilities in them from Xss to Sql injections making it cloud, then you get the report of the vulnerabilities and then you can work on them or remove them.

iiScan provide a cloud-computing based security service which focus on web application security. With iiScan, you can get your web application assessed by iiScan expert and the only thing you have to do is clicking the START botton.

After that, a report contained all details of vulnerabilities or risks of your website will be sent to your mailbox. Then you can fix it and make your website safer.

Well you can register on their website and use the tool for your upcoming projects and web projects too...

iiScan can detect and test most Web Vulnerabilities without manual intervention :

SQL injection

Cross Site Scripting (XSS)

File Upload Vulnerability

Information Leakage

Insecure Direct Object References

Buffer overflow

and many more ..

The tool also have been very famous on twitter for few days between security guys. The tool is very powerful as it seem to be.

The tool is easy to use, you can go there register and start your work. I have been looking forward to it and you should too.Your Website HealthCheck results will be emailed to you as a PDF report. You will receive a second and separate email with the password to open the PDF report.

So what do you say about it.

Read More →

MITM iPhone's PhotoSwap : How To Steal Hot Pics Of Chicks

PhotoSwap is an application for the iPhone that allows you to send an anonymous photo and receive an anonymous photo back. The service is great for upbeat, healthy, family-fun photo sharing, but managed to become a cesspool for photo debauchery.

MITM as we have discussed earlier is a pretty good technically but using it in a iPhone is innovative. The idea is pretty good and the victim is changing from 1 person to another as soon as their images comes on the iphone.

You can also visit http://samy.pl/swap/ for the full details of the hack. The hack is pretty awesome and is its usability by a hacker. What happens here, explained by samy kamkar as

"It takes a random picture of mine and sends it out. Once I get a picture back, I then send that picture out into the ether. I get another picture back, I now send that...essentially, I'm quickly sending/receiving everyone's photos.

I get most, if not all, of the pictures floating through the service, and without disruption, send them back out so another anonymous person can receive them."

The vulnerability here is that when the users send the pics to another person then a hacker like us can use them to know the GPS positions of them. As my friend samy kamkar have explained here and have also experimented with it.

Here are some of the pics that he was able to steal from this iPhone App -

  

Note : GPS coordinates removed to protect the guilty.

The Most vulnerable thing to note here is that the positions of the people can be known which is a major threat for them but good for us.

Samy have also explained how he managed to view the GPS positions of the people through Iphone routing http://samy.pl/mapxss/ . He have shown a little bit of the whole procedure involved in it.

You can visit Samy's website 

Read More →

US Army Website Defaced : TinKode Strike Again

Tinkode is an awesome hacker who have hacked many websites previous with his qualities in sql injections and Xss abilities and have defaced many big websites.

But this time Tinkode website is also down. Tinkode some days before hacked and defaced the website of UN Army website named http://onestop.army.mil with the vulnerability of Blind Sql injection in it.

But Apparently his website is down too and the reason remains the same he hacked the website of UN Army. The day Army website was hacked just the other day of it the website of Tinkode was down. I was having a eye on this and was pretty sure about this incident...

The US army website is Down and as is the website of Tinkode. The vulnerability he used was same as most of the big website including Intel, and many others are being hacked. Which we have covered in the previous posts.

SceenShots

Screen Shots tells the story easy way. So enjoy them -

 1=1– (True)

1=2– (False)

all main informations about webserver.

so let’s see the tables from principal database “AHOS”

Note : Last Screenshot isn't Here because of privacy.

Conclusion

This is a clear vision of what happens to the hackers, when they found a vulnerability in the website and hack them. But whatever is the main reason of letting down the website of Tinkode the matter remains the same.

Tinkode which have previously hacked many ig websites like Kaspersky Thailand, Nasa.gov, ESET NOD 32, Apple, Yahoo Blind SQL Injection etc Ya, he is awesome .

You can follow him on Twitter Here

Read More →