“Life comes to the miners out of their deaths, and death out of their lives” Mary Harris Jones

Advertisements

State of ART Phishing Attack Stealing 50K Credit Cards Revealed

“State of ART Phishing Attack Stealing 50K Credit Cards Revealed”

Incident 50K Credit Cards

(This is real incident with real samples and real data)
As usually we detect a clone using the referrer logs. The client is a it’s a very profitable target for the attackers because of the online transactions. The clone was created using the original content from the original web site with live links to the real page, which is target for phishing attack. In this kind of attacks using referrer, it’s easy to detect just analyzing a web server logs.

Continue reading “State of ART Phishing Attack Stealing 50K Credit Cards Revealed”

HeartBleed luck or hack?

Yesterday i decided to test the “HeartBleed”  attack against my personal web page hosted on shared host. I grab the POC script from https://github.com/musalbas/heartbleed-masstest/blob/master/ssltest.py and started to play. After a 10-15 tries i got the BINGO the COOKIE of a web site hosted on same web server. The web site is famous online news portal and the COOKIE is from the administrator. So i was lucky because you can try for a lot of time and you will not receive a confidential data.

Screen Shot of the retrieved data containing the confidential information.

Screen Shot 2014-04-10 at 23.41.50

Here is the whole COOKIE retrieved them the web server affected with HeartBleed flaw.

Screen Shot 2014-04-10 at 23.46.01

 

So with a luck and simple script you can retrieve a sensitive data needed to perform illegal hacks.

Source : http://heartbleed.com

 

Password cracking: proving your login insecure (or not)

page183image896
Password cracking: proving your login insecure (or not) by N. Gobbo, S. Aruch, D. Vitali {n.gobbo, s.aruch, d.vitali}@reply.it “
Please, enter your username and password.” In our digital life we read this request many times a day, for example while accessing our e-mail portal, the bank account, facebook and any other web-service that, in order to deliver the tailored experience we are used to, needs to know the answer to a simple question: “who are you?”
The process of proving who you are to another entity that knows you only “partially” or, maybe, cannot meet you in person, is called authentication: this problem came up quite often in history and still poses a challenging task nowadays. If we get back in time, for example, we may have found a sentry asking the secret sentence before letting the stranger in front of him cross the bridge. Moving forth in time, we may have intercepted some treasure chests secured by a couple of padlocks or a letter sealed by a peculiar-shaped red-wax insignia. More recently, instead, you may have been asked to put your face into a wall hole in order to have your face analyzed before entering the bank vault.
Each of the examples presented shows one of the three authentication factors that has been identified in literature. You may prove your identity using:
fig1
Figure 1. Examples of the three authentication factors: Google login prompt filled with credentials, an OTP key from RSA and a human fingerprint 

Time to alert “Sparkasse Bank Macedonia” before someone hack them.

Time to alert “Sparkasse Bank Macedonia” before someone hack them..

Again the same vulnerable CMS in one of the EUROPE’S famous bank in Macedonia. I published the FCKEDITOR hack before one and a half years a go. And like I see that there is no any positive wish to fix this RISK that is coming with the FCKEDITOR. Unfortunately a famous bank is also using this EDITOR for their web site  SPARKASSE.COM.MK of Republic of Macedonia which have the exploitable version of FCKEDITOR.

The POC the proof of concept is very simple:

 

site:MK inurl:WEBARCHITECT   and you will see the address http://www.sparkasse.com.mk/

and the second step is just to paste the code:

/FCKeditor/editor/filemanager/browser/default/browser.html?Type=/../&Connector=connectors/aspx/connector.aspx

This will activate the Directory Traversal Attack

http://en.wikipedia.org/wiki/Directory_traversal_attack

Continue reading “Time to alert “Sparkasse Bank Macedonia” before someone hack them.”

Simple hack into web server of CUSTOMS of Republic of MACEDONIA

Dear my lovely Macedonia,

Now I’am far away from my hometown Gostivar and my country Macedonia, and trying to help to my  country in the IT security is still my priority, also how we can increase the Security Awareness is still my main concern. I published the FCKEDITOR hack before one and a half years a go. And like I see that there is no any positive wish to fix this RISK that is coming with the WEB ARCHITECT CMS platform. Unfortunately a lot-of Government institutions are using this platform for their web servers. One of them is CUSTOMS.GOV.MK of Republic of Macedonia which have the exploitable version of WEBARCHITECT CMS which have the working exploit of FCKEDITOR. So I hope this will raise some positive alarm to the IT TEAM of the CUSTOMS and fix this hole before some “ATTACKERS” make some defacement of the CUSTOMS.GOV.MK web server and even to leak some confidential data.

Continue reading “Simple hack into web server of CUSTOMS of Republic of MACEDONIA”

Simple hack to avoid waiting list in Mailbox App.

If you download the Mailbox App from App Store for a free, you will be in waiting list like 300.K and probably you need to wait a long time. So i decided to dig inside this app from my Jailbroken iPhone5 and i found a way how to bypass this.

So just enable the ” orchestra.velvet.room.allowed ” with iFile from your iOS device.

Enjoy.

20130210-211959.jpg20130210-212006.jpg

Continue reading “Simple hack to avoid waiting list in Mailbox App.”

Proud to announce that i successfully finished the training-education project with Turkish Armed Forces

Blog at WordPress.com.

Up ↑