Archive | June, 2006

THC Releases Nokia Phone ROM Images

Use Netsparker


I have to agree with their sentiment, I’m all for open hardware standards.

Even if you don’t open it, people will copy it anyway (See the mass of Cisco knock-offs in China for a fraction of the price with almost exactly the same functions and IOS)

So why not open it, let us play with it.

At least let us know how the hardware we are paying for works.

The following webpage contains ROM images from various mobile phone operating systems. Our intention is to motivate other reverse engineers to take a look at the images and to discover other hidden secrets. Other reasons are that it is said to be hard to extract the ROM. Certainly another reason is that Nokia does not release any technical information about the hardware and I find this rather disappointing. (It’s my strong believe that when I buy hardware that I should also be allowed to know what’s in it and how to use it.)

There are ROM images from various models such as NOKIA 6630, NOKIA n70, NOKIA N-GAGE and also from SE the SonyEricsson P900 ROM image.

Mobile Phone ROM Image and Reverse Engineering Invitation

Posted in: Hardware Hacking, Telecomms Hacking

Topic: Hardware Hacking, Telecomms Hacking


Latest Posts:


DeepSound - Audio Steganography Tool DeepSound – Audio Steganography Tool
DeepSound is an audio steganography tool and audio converter that hides secret data into audio files, the application also enables you to extract from files.
2019 High Severity Vulnerabilities What are the MOST Critical Web Vulnerabilities in 2019?
So what is wild on the web this year? Need to know about the most critical web vulnerabilities in 2019 to protect your organization?
GoBuster - Directory/File & DNS Busting Tool in Go GoBuster – Directory/File & DNS Busting Tool in Go
GoBuster is a tool used to brute-force URIs (directories and files) in web sites and DNS subdomains (inc. wildcards) - a directory/file & DNS busting tool.
BDFProxy - Patch Binaries via MITM - BackdoorFactory + mitmProxy BDFProxy – Patch Binaries via MiTM – BackdoorFactory + mitmproxy
BDFProxy allows you to patch binaries via MiTM with The Backdoor Factory combined with mitmproxy enabling on the fly patching of binary downloads
Domained - Multi Tool Subdomain Enumeration Domained – Multi Tool Subdomain Enumeration
Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains.
Acunetix Vulnerability Scanner For Linux Now Available Acunetix Vulnerability Scanner For Linux Now Available
Acunetix Vulnerability Scanner For Linux is now available, now you get all of the functionality of Acunetix, with all of the dependability of Linux.


New Spyware Blackmails Users Into Purchasing Software

The New Acunetix V12 Engine


Ah this is almost like Ransomeware again, messing up your machine then extorting money from you.

Make sure you educate your non tech savvy relatives about such threats, spyware, adware, trojans and worm type viruses. Education is THE most powerful defence against malware and computer security incidents.

Some simple patching, a free Antivirus protection like Avast! Using Firefox or Opera and most people will be safe with a little education.

A new spyware program that lures computer users by claiming to give free access to pornographic Web content ends up by “blackmailing” them into purchasing a program to clean the infection, a security firm said.

US-based Panda Software said the program called DigiKeyGen generates passwords that supposedly enable users to access to pornographic websites.

At the same time, a spyware program and an alleged anti-spyware application are installed on a computer without the users’ knowledge, Panda said.

Ah the age old adage of free porn, won’t people learn? There’s no such thing as a free lunch, if it’s too good to be true…ITS NOT TRUE!

Porn does power the Internet though, that’s another matter entirely..

These guys say basically the same thing.

You must always be suspicious of offers for something in exchange for almost nothing,” said Luis Corrons, director of Panda Software Labs, noting that the technique is not new.

“Cybercrime, which aims to make easy money, simply applies traditional fraud techniques to the Internet and as a result, anybody tempted by the chance to get something for nothing is taken in, unaware of the risks of apparently harmless actions, such as downloading small programs or accessing certain websites.”

In a separate security warning, Sophos Labs warned Tuesday that a security alert claiming to be from Microsoft is in fact a “trojan” that steals passwords.

It seems to never end.

Source: Yahoo! News

Posted in: Malware

Topic: Malware


Latest Posts:


DeepSound - Audio Steganography Tool DeepSound – Audio Steganography Tool
DeepSound is an audio steganography tool and audio converter that hides secret data into audio files, the application also enables you to extract from files.
2019 High Severity Vulnerabilities What are the MOST Critical Web Vulnerabilities in 2019?
So what is wild on the web this year? Need to know about the most critical web vulnerabilities in 2019 to protect your organization?
GoBuster - Directory/File & DNS Busting Tool in Go GoBuster – Directory/File & DNS Busting Tool in Go
GoBuster is a tool used to brute-force URIs (directories and files) in web sites and DNS subdomains (inc. wildcards) - a directory/file & DNS busting tool.
BDFProxy - Patch Binaries via MITM - BackdoorFactory + mitmProxy BDFProxy – Patch Binaries via MiTM – BackdoorFactory + mitmproxy
BDFProxy allows you to patch binaries via MiTM with The Backdoor Factory combined with mitmproxy enabling on the fly patching of binary downloads
Domained - Multi Tool Subdomain Enumeration Domained – Multi Tool Subdomain Enumeration
Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains.
Acunetix Vulnerability Scanner For Linux Now Available Acunetix Vulnerability Scanner For Linux Now Available
Acunetix Vulnerability Scanner For Linux is now available, now you get all of the functionality of Acunetix, with all of the dependability of Linux.


SyScan’06 – The Asian Hackers’ Conference

The New Acunetix V12 Engine


The Symposium on Security for Asia Network aims to be a very different security conference from the rest of the security conferences that the information security community in Asia has come to be so familiar and frustrated with. SyScan’06 intends to be a non-product, non-vendor biased security conference. It is the aspiration of SyScan’06 to congregate, in Singapore , the best security experts in their various fields, to share their research, discovery and experience with all security enthusiasts in Asia.

SyScan’06 – The Hackers’ Conference, will be held in Singapore from 20th to 21st July 2006. This is the third year running for SyScan.

SyScan 06 Day 1 20th July 2006

8:00 a.m. Registration
8:40 a.m. Welcome Speech – Thomas Lim
8:45 am Marc Maiffret Chief Hacking Officer, eEye – Keynote Speech
9:30 a.m. Paul Craig – Unpacking Malware, Trojans and Worms
10:30 a.m. Coffee and Beer Break
11:00 a.m. Thorsten Holz – Towards Automated Botnet Detection and Mitigation
12:30 a.m. Lunch
1:30 a.m. Enrique Sanchez – I-worm.Fuzzer: A New Propagation Type of Virus
2:30 p.m. Andrew Griffth – Securing Unix/Linux Systems
3:30 p.m. Hendrik Scholz – VoIP Security Issues: Problems on the users side and what are the providers doing wrong?
4:30 p.m. Coffee and Beer Break
5:00 p.m. Barnaby Jack – Exploiting Embedded System
6:00 p.m. Alexander Sotirov – Reverse Engineering Microsoft Binaries
7:00 p.m. End of Day 1

SyScan 06 Day 2 21st 2006
9:00 a.m. Joachim De Zutter – Feedback Fuzzing
10:00 a.m. Coffee and Beer Break
10:15 a.m. Angelo Rosiello – Writing behind a buffer
11:15 a.m. Andre Protas – Skeleton in Microsoft closet
12:15 p.m. Lunch
1:00 p.m. Nish Bhalla – Binary Analysis, Finding Secret in ISAPIs
2:00 p.m. Marek Bialoglowy – Are You Sure Phone Banking Is Safe?
3:00 p.m. Coffee and Beer Break
3:15 p.m. Fyodor Yarochkin and Meder Kydyraliev – Yet Another Web Application Testing Toolkit
4:15 p.m. Alexander Kornbrust – Oracle Rootkits and Oracle Viruses
5:15 p.m. Coffee and Beer Break
5:30 p.m. Joanna Rutkowska – Subverting Vista Kernel for Fun and Profit
6:30 p.m. Closing Speech and Lucky Draw
7:00 p.m. End of SyScan 06

For more information check here:

http://www.syscan.org/

Posted in: Events/Cons, Hacking News

Topic: Events/Cons, Hacking News


Latest Posts:


DeepSound - Audio Steganography Tool DeepSound – Audio Steganography Tool
DeepSound is an audio steganography tool and audio converter that hides secret data into audio files, the application also enables you to extract from files.
2019 High Severity Vulnerabilities What are the MOST Critical Web Vulnerabilities in 2019?
So what is wild on the web this year? Need to know about the most critical web vulnerabilities in 2019 to protect your organization?
GoBuster - Directory/File & DNS Busting Tool in Go GoBuster – Directory/File & DNS Busting Tool in Go
GoBuster is a tool used to brute-force URIs (directories and files) in web sites and DNS subdomains (inc. wildcards) - a directory/file & DNS busting tool.
BDFProxy - Patch Binaries via MITM - BackdoorFactory + mitmProxy BDFProxy – Patch Binaries via MiTM – BackdoorFactory + mitmproxy
BDFProxy allows you to patch binaries via MiTM with The Backdoor Factory combined with mitmproxy enabling on the fly patching of binary downloads
Domained - Multi Tool Subdomain Enumeration Domained – Multi Tool Subdomain Enumeration
Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains.
Acunetix Vulnerability Scanner For Linux Now Available Acunetix Vulnerability Scanner For Linux Now Available
Acunetix Vulnerability Scanner For Linux is now available, now you get all of the functionality of Acunetix, with all of the dependability of Linux.


My SQL2005 Diary – Part 2

The New Acunetix V12 Engine


So over a month down the line, our SQL2005 upgrade project should now be in the workable prototype stage. But as with all things that “should” be(More security in IE, Great Britain ruling the world and my kitchen being fitted), it’s not, it’s not even close. On top of this our company is currently undergoing some “painful but neccessary steps to streamline our profitiablility in the european market”. In other words, lots of people are about to get the chop. Anyhow, on with the analysis.

SQL Server 2000 -> 2005 upgrade tool.

Overall I’m impressed with the upgrade tool, it made a fine job of upgrading our code and data, with almost everything going straight into 2005. All our DTS’s were wiped as expected, and our custom written security mod was discarded as a “fault” in the 2000 install(Not a big deal), but everything else looked fine. Little were we to know a shitstorm was about to start when we released the 2005 run site to a small group of testers. As a constant piece of self-evaluation we allow some users to run there own SQL code, it’s nothing major, just simple “Get this from here” stuff, but it allows us to monitor what users can access and when we have to change security or file flow we can be sure that normal users cannot access sensitive data. Unfortunately 2005 didn’t have the same notion of security that we do, and decided that encrypted fields that were created using our custom mod weren’t really that important, so it unencrypted them all using our mod(Hang on, I thought our mod was a “Fault”?) and then removed the permissions, allowing users to get direct access to the data. That’s a bad thing. So we pulled the plug immediately and scrapped the whole server, experiment over.

We learnt a couple of important lessons there, the main one being, dont trust the update tool. It un-encrypted the data without informing us, and removed permissions without raising an error(Allthough the permissions removal was later found buried in the upgrade log).

Initial impressions

There was some fairly impressive(From an MS point of view) changes to how SQL installs that caught our eye, namely the large number of components and features that were disabled by default. Not least XP_cmdshell, that is generally used to execute external programs or hack into sql databases. About fucking time too.

If your an MSSQL2000 regular you’ll be hoping to just boot up 2005 and have your permissions all working, but unfortunately its not that simple. The security model has changed radically, and your going to have to work a lot harder to keep things secure, but the means to do so have actually been provided this time. With principals and securables being included this time around, you will have to be a lot more careful, but once your in the know your a lot more secure. As always the best place to read up on this stuff is the MSDN, particularly this section on the changes between 2000 and 2005.

Enterprise Server Pricing

While I’m harping on about how great MSSQL2005 is, a lot of you are sat there wondering why were not using Oracle. Well the price is the the main reason, and I was going to have a detailed breakdown of the difference in costs between MSSQL2005 and Oracle with our current setup. But as a friend of mine quite rightly pointed out our setup could be radically changed by deploying Oracle, with us maybe needing less servers and therefore less licenses. So I’ll work on the principle that were upgrading to an identical network, but its not a 100% accurate comparison.

MSSQL2005 has a fairly simple licensing scheme, with no issues involving DC or HT chips, and a clear definition of what a “user” is and where that user can access the data from. On average a 1 processor license of SQL Server standard will set you back £4500GBP($8300USD), which is a tiny cost for any medium to large company. If your a fairly small company you can get a 5 CLT(Not to sure what the acronym is, but its a Client Access License) for around £600GBP($1100USD). Now for us we would be looking at per processor, and we have 23 processors running SQL2000, with the rest of the boxes using MSDN versions for development. So in total for our entire setup to go 2005 it would cost us £103500GBP($192000USD), which is again a fairly small amount of money for us to spend on replacing our entire database setup.

Now, Oracle. Its a little bit harder to find out what Oracles charges, and I’m not going to go into the details, you can find all the relevant info on there website if you wish to check what I’ve come up with. I’ve used the price offered by oracle themselves for a perpetual processor license(£23236GBP($42996USD)), but oracles pricing is per core for there enterprise product, and considering nearly all our servers run on xeons, were looking at a hefty bill. In total we have 43 “Oracle” processors, giving us a total bill of £999148GBP($1900000USD). Yes, thats almost one million pounds. Again thats not an enormous amount of money for a company our size, but when your compairing the two side by side, you have to wonder where all that extra cost comes from.

For next time

Round 3 will involve us upgrading one of our smaller and less mission critical databases(IT Support) and trying to switch over. Then we can have a bash at breaking it.

Posted in: Database Hacking

Topic: Database Hacking


Latest Posts:


DeepSound - Audio Steganography Tool DeepSound – Audio Steganography Tool
DeepSound is an audio steganography tool and audio converter that hides secret data into audio files, the application also enables you to extract from files.
2019 High Severity Vulnerabilities What are the MOST Critical Web Vulnerabilities in 2019?
So what is wild on the web this year? Need to know about the most critical web vulnerabilities in 2019 to protect your organization?
GoBuster - Directory/File & DNS Busting Tool in Go GoBuster – Directory/File & DNS Busting Tool in Go
GoBuster is a tool used to brute-force URIs (directories and files) in web sites and DNS subdomains (inc. wildcards) - a directory/file & DNS busting tool.
BDFProxy - Patch Binaries via MITM - BackdoorFactory + mitmProxy BDFProxy – Patch Binaries via MiTM – BackdoorFactory + mitmproxy
BDFProxy allows you to patch binaries via MiTM with The Backdoor Factory combined with mitmproxy enabling on the fly patching of binary downloads
Domained - Multi Tool Subdomain Enumeration Domained – Multi Tool Subdomain Enumeration
Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains.
Acunetix Vulnerability Scanner For Linux Now Available Acunetix Vulnerability Scanner For Linux Now Available
Acunetix Vulnerability Scanner For Linux is now available, now you get all of the functionality of Acunetix, with all of the dependability of Linux.