Logo

As of right now, I am trying to fetch the URL that exists in the Internet Explorer address bar.  I tried using registry to call out to "Software\Microsoft\Internet Explorer\TypedURLs\url1" but Internet Explorer only changes the registry if the adress bar's URL windowas entered by the user!  If you were to link to another page with a click, the registry would not be updated.  What I am doing right now is to use a different method, to find the window of the address bar and retrieve the text directly.  However, I find this method rather hard although proven effecient, a little of Google search got me into this link which right now I am using.  Whether or not it gives me the final solution, I will post it up later in a full article on how to retrieve it with the source code available!  This link has also provided me a good tool to check on windows classes, texts and its child, a little much more better than the Microsoft Spy++.  The tool is called Windowse.  Below is the link to the article that is helping me right now.

Article: http://delphi.about.com/od/windowsshellapi/l/aa060303a.htm

A month ago I have bought Rootkits, Subverting the Windows Kernel by Greg Hoglund and James Butler and I find it superb.  If you are a rootkit developer or looking to be one, this is a must have book that you need to get a hold of.  It teaches you generally the stuffs you want to learn such as hiding processes, files and directories, registries and lots more.  Conquering the kernel level as well as beating up Antiviruses are one of the topics that are discussed on!  Recently I am busy with my final years so I hope I can find time to post some useful articles.

In a previous post I wrote about downtime I ended with the sentence, “For those following along at home, we’re now powered by 152 physical processors, 511 gigabytes of memory (RAM), 174 hard disks with several terabytes of storage, and we’re adding new servers constantly.”

That last part about “adding new servers” was especially true, for WP.com we’re now at 8,921 CPU cores across 2,475 physical processors, 8,200 gigabytes of memory (RAM). We’ve changed how we’ve done storage, but now that layer includes on its own 1.3 terabytes of RAM, 1.3 petabytes of storage, and 8.9 terabytes of solid state disks. (Plus Amazon S3, which we use as backup to our internal systems.)

Article: http://en.blog.wordpress.com/2011/03/08/some-turbulence/

 

User2sid and Sid2user are two small utilities for Windows NT, created by Evgenii Rudny, that allow the administrator to query the SAM to find out a SID value for a given account name and vice versa. User2sid.exe can retrieve a SID from the SAM (Security Accounts Manager) from the local or a remote machine and Sid2user.exe can then be used to retrieve the names of all the user accounts and more. These utilities do not exploit a bug but call the functions; LookupAccountName and LookupAccountSid respectively. These tools can be called against a remote machine without providing logon credentials except those needed for a null session connection. These tools rely on the ability to create a null session in order to work.

Source: http://www.windowsecurity.com/whitepapers/Windows-Enumeration-USER2SID-SID2USER.html
Download: http://securityoverride.com/infusions/pro_download_panel/download.php?did=24

I was searching for some tutorial on how to use ListView in VB .NET a few minutes ago and this was the solution that I gotten from Google search engine.  I have to complete my project of a Parental Control Software in 40 days, I wonder whether I can complete them in the remaining amount of time.  Although the project looks easy, it is not something I am coding for my own interest which makes me feel lazy everytime I turn on Visual Studio 2008.  But whatever, let us hope I can get the things done at the right time!

Link: http://www.fryan0911.com/2009/06/vbnet-listview-tutorial-add-edit-and.html

Today was rather tiring and took quite alot of my brain consumption.  I tried installing VMware in my laptop which is running Ubuntu 10.10 trying to replace VirtualBox which I have been using all the while.  Unlike what Ubuntu Software Center offers, installing VMware is not easy and requires certain techniques.  If you are looking for a way to install VMware Server on Ubuntu, click on the link below.

Solution: https://help.ubuntu.com/community/VMware/Server

We all know that by using the Windows delete key and removing them from the trash is not going to be sufficient as I have previously written in one of my posts Recovering Deleted Files and Partitions.  SDelete is a tool that is capable of preventing these tools from recovering them!  Mark Russinovich tells us more about SDelete.

"The only way to ensure that deleted files, as well as files that you encrypt with EFS, are safe from recovery is to use a secure delete application. Secure delete applications overwrite a deleted file's on-disk data using techiques that are shown to make disk data unrecoverable, even using recovery technology that can read patterns in magnetic media that reveal weakly deleted files. SDelete (Secure Delete) is such an application. You can use SDelete both to securely delete existing files, as well as to securely erase any file data that exists in the unallocated portions of a disk (including files that you have already deleted or encrypted). SDelete implements the Department of Defense clearing and sanitizing standard DOD 5220.22-M, to give you confidence that once deleted with SDelete, your file data is gone forever."

Source: http://technet.microsoft.com/en-us/sysinternals/bb897443

For those that are interested in contacting the windows registry via C, here's a list of WinAPI functions that you need to know.

RegOpenKeyEx
RegCreateKeyEx
RegSetValueEx
RegQueryValueEx
RegCloseKey

Complete list of registry functions - MSDN

If you need a tutorial on step by step for each functions, read LeetCoders - Registry Operations using Win32

Now here's a shortcut function which is usually developed for retrieving (stealing) serials for games and applications.  It is called GetKeyData(HKEY, char *, char *, LPBYTE, DWORD).  To use it simply place the code below.  storeHere would be a variable to store the retrieved value of the key.

GetKeyData(HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Run", "ApplicationName", storeHere, strlen(storeHere));

[code]
int GetKeyData(HKEY hRootKey, char *subKey, char *value, LPBYTE data, DWORD cbData)
{
HKEY hKey;
if(RegOpenKeyEx(hRootKey, subKey, 0, KEY_QUERY_VALUE, &hKey) != ERROR_SUCCESS)
return 0;

if(RegQueryValueEx(hKey, value, NULL, NULL, data, &cbData) != ERROR_SUCCESS)
{
RegCloseKey(hKey);
return 0;
}

RegCloseKey(hKey);
return 1;
}
[/code]



Since there is the GetKeyData, there should also be the SetKeyData(HKEY, char *, DWORD, char *, LPBYTE, DWORD). An example to use would be

SetKeyData(HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Run", REG_SZ, "ApplicationName", "C:\ApplicationPath\ApplicationName.exe", strlen("C:\ApplicationPath\ApplicationName.exe"));

[code]

int SetKeyData(HKEY hRootKey, char *subKey, DWORD dwType, char *value, LPBYTE data, DWORD cbData)
{
HKEY hKey;
if(RegCreateKey(hRootKey, subKey, &hKey) != ERROR_SUCCESS)
return 0;

if(RegSetValueEx(hKey, value, 0, dwType, data, cbData) != ERROR_SUCCESS)
{
RegCloseKey(hKey);
return 0;
}

RegCloseKey(hKey);
return 1;
}
[/code]

The blog has been down for at least 1 or 2 days as I had violated the TOS of WordPress.com,  as of now I am removing all existing adf.ly and sharecash.org links.  Please do not proceed into clicking if you see one, instead post a comment if you by chance come across one so that I will be alerted to remove it.

I am currently removing adf.ly and sharecash.org links as i believe it have violated the agreement to use wp.com.  Please be patient as i remove them all and please post a comment on posts that have these links as i might miss them.  At the meantime, hear this.

This source code below is written by se7en from LeetCoders.  It is capable of running through the enter C drive in 8 seconds on my computer finding more than 230,000 files.  Although the downside of it is that it costs quite an amount of CPU usage during its process.  You might try to optimize it by placing Sleep function or something that is possible in reducing the CPU usage.

Take a stroll on what Scott Berkun has to say on how is WordPress.com made here.

A member in HackForums by the handle Jakash3 has posted a source code on how to download files from the Internet that can be compiled in both Linux and Windows.  Another great feature is that it supports IPv6.

Life in a Star Wars battleship.

Some of the tutorials posted by h-boy from HackForums that would come in handy.

I stumbled upon one great app from BigBoss and it is called SleepFX written by Malcolm Hall!  You can generally get it from Cydia from BigBoss source.  Although so, some of you might be getting it from other sources and for free instead of paying.  Well that is totally up to you where you get it.

Some of you might have gotten SleepFX but it generally crashes after 5 or 6 times locking and unlocking.  The only way to get it working again is to respring it and this is totally uncool.  You might want another way around so basically these steps below will help you solve that problem!

Snort® is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol, and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and more than 300,000 registered users, Snort has become the de facto standard for IPS.

Source: http://www.snort.org/

Tcpdump is similar to what Wireshark in which i have explained earlier in my posts.  It captures packets that travels through your network into your computer disregarding whether it is from the Internet or your inner network.  Tcpdump is a command line utility whereby you would have to set the options before you proceed in capturing packets.  This application is very useful especially for network administrators as well as security analyst to analyze threats that are in the system.  Personally, i run tcpdump on my Ubuntu laptop.  To get tcpdump on your Ubuntu, type "sudo apt-get install tcpdump".  The thing is that tcpdump runs in Linux based machines while it is called WinDump in the Windows operating system.  Basically it is up to you to run tcpdump in Linux, WinDump in Windows or Wireshark (Linux/Windows) but the most important thing is how good are you at using it.

Source: http://www.tcpdump.org/

Wireshark is one of the tools that help you identify incoming and outgoing packets be it UDP or TCP level, ICMP or IP level.  Wireshark is a tool that intercepts packets and analyze them.  One of the helpful tool that helped me analyze how website POST GET works for my projects, it is considered user friendly thanks to its Graphical User Interface.  The GUI of Wireshark is one of its strong points.  You are able to look at a list of tens and thousands of packets and filter them according to your need with conditional statements.  Wireshark is capable of running in both Linux and Windows.

Obfuscation is the act of rendering virtually anything, not understandable.  Code obfuscation is where programmers code in such a way that no other programmers can understand. 

Basically i am supposed to deliver a presentation next week on the great Adrian Lamo!  Well, i already knew him a year ago from the Internet although i do not remember where now.  He is a person that sleeps over at his friends or at the abandoned buildings.  Although so, do not judge him as someone poor.  It is merely his intention to do so.  Adrian Lamo is someone rather adventurous that people call him the Homeless Hacker.

"To me," Lamo explains, "ending up in a city that I've never been to before, with no money, where I know nobody, and yet somehow making it work out is as much a unique and amazing exercise of faith as going to a computer network that I know nothing about and somehow finding myself in its innermost recesses."

Source: http://www.wired.com/wired/archive/12.04/hacker.html

He became world famous when he hacked the New York Times intranet.  He does not code in C++ or Java nor can he find system exploits.  Instead, his primary tool was the web browser.  He trolls company websites and find holes in them.  He then notifies the company and help them fix the holes.  Although many may give their gratitude, not many will think the same.  When Adrian Lamo hacked New York Times, he added his real name to the list of op-ed writers.  Next, he notified Kevin Poulsen, a reporter for SecurityFocus.com.  Kevin Poulsen later called up the Times to verify the story.

Getting New York Times to realize the hole was exactly what Adrian Lamo wanted.  It was his MO.  Adrian Lamo is a grayhat hacker that helps companies find security holes in them and fix them.  However, New York Times find his actions illegal.  Times filed a complaint and a warrant was issued for Adrian Lamo's arrest in August 2003 following a 15 month investigation by federal prosecutors in New York.  On September 9 2003, he surrendered to the US Marshals in Sacramento, California after spending a few days hiding.  He later re-surrendered to the FBI in New York City on September 11 and pleaded guilty against Microsoft, Lexis-Nexis and New York Times on January 4, 2004.

Wikileaks:

A LAND (Local Area Network Denial) attack is a DoS (Denial of Service) attack that consists of sending a special poison spoofed packet to a computer, causing it to lock up. The security flaw was actually first discovered in 1997 by someone using the alias "m3lt", and has resurfaced many years later in operating systems such as Windows Server 2003 and Windows XP SP2.

Source: http://en.wikipedia.org/wiki/LAND

By using the tool hping3 by Hping, this packet can be crafted!  Although most firewalls are already there to stop this, this concept is nonetheless creative.  A similar command from hping3 would include:

[code]
hping3 --baseport 80 --destport 80 --syn --spoof TARGET_IP TARGET_IP
[/code]

hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping(8) unix command, but hping isn't only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.

A very good article to understand on how the PE file format works B. Luevelsmeyer.  Below are the contents included.  This article was given to me by a member by the handle mindlessdeath from HackForums.

mindlessdeath, a member from HackForums have posted a thread regarding how to write a crypter in C!  I find this source code a very good example for people that are trying to learn to write their own crypter.  Compared to any other source codes that are posted on the internet, the author of this source code gave a very detailed information on each line on what the statements does.  In order to use this source code without much trouble, there are some prerequisites that was mentioned by the author himself. 

I was asked by a friend to complete a questionnaire and i came across a few question that i never thought of.  Nor did i have any answer in heart.  Here is some of the question that i was given; and you might want to question yourself too. 

We all hate people that plagiarizes; stealing our property and using it for their own selfish use without giving any credits to the people that had done much.  Have you ever drew any wallpaper that is cool and shared it to the world wide web only to find that someone had claimed it to be a property of his?  Find this situation common?  Use TinEye, a website where you can upload your own image and search through the world wide web for any duplicates of your own product!

Source: TinEye Reverse Image Search

I always wonder how to have Ubuntu as my primary OS and run BackTrack inside it because VirtualBox just doesn't seem to like him! Probably VirtualBox just has personal issues with him, we don't know.  Today i found a partner that may just suit BackTrack and she is called VMware.  Although i knew this software since the age of dinosaur, i never came to look into it in detail.  As i was requiring BackTrack in my Ubuntu desperately, i went to Google and found an intriguing result!

Are you a rootkit developer?  Can you fulfill my idea in the Ideas and Challenges page?  I am looking for some articles or any resources that can help me solve the following.

• Hide a process


• Hide a file


• Hide a registry


• Hide a port


• Contact userland application, vice versa


• Keystroke logging

Do you know that Google is a very powerful search tool?  I am not trying to pull your leg here asking you to use Uncle Google in time of needs.  I had a lesson today in one of my lecturer classes given by my professor in the subject Malicious Software and Security Programming.  Do you know that googling may give you result you may never expected?  Try googling for "site:myschool.com allintext:exam paper filetype:doc OR filetype:pdf".  This may just give you your coming exams paper!  Today i will be posting some of the amazing links that can be helpful with Google!

1.) IHS | GHDB
2.) Google Hacking Database, GHDB, Google Dorks

I would like to highlight that the first link posted above is the person that has discovered GHDB according to my professor.  If you like this post or require some study materials in learning Google Hacking, write a comment below so i will update it further.

If you have already decrypted passwords for Firefox 1, 2 and 3 (if you need them, it's here), here is the source code in C that helps you decrypt Firefox passwords for version 3.5 and 3.6!  This source code is written by ZeR0 from HackHound.org.  This source code is generally open source by the author but the terms of use is to give credits if you use it.

Download source code here.
Download binary / application here.

I was in a restaurant yesterday when i realized I desperately needed to break wind.  The sound system was really, really loud, so i timed it to coincide with the beat of the music.

I finished my coffee and noticed that everybody was staring at me.

Then i remembered.  I was listening to my iPod.

.

Source: Reader Digest Asia, January Edition of 2011.
If you like this post, do a simple favor and post thanks =)

Well i have this link stuck on my Firefox browser for somewhat a month, i think it is time i remove it from the tab and put it somewhere permanent where i can always find it when i need it.  As for those that are curious, this link i found is one of the easiest guide i find understandable as compared to others.  Click on the link below if you are interested in knowing everything about Assembly language!

Tutorial: http://doorknobsoft.com/tutorial/asm-tutorial-learning-assembly/

Check out the updated list of forums one should join!  If you have a forum that you would wish to post so that people can get to know about your forum, remember to reply it there!

Link: http://genesisdatabase.wordpress.com/2010/12/31/list-some-of-your-favourite-forums/

 

Generally there was someone in one of the forums i am on was asking how to duplicate a file.  So basically this little post i made up was to help this guy.  There are fundamentally few ways so i will write them up in code tags below.

It is something i have learned previously.

It is something i have learnt previously.

This is a tutorial that was given by one of the professor in my university that my friend was studying.  He is in the gaming course so basically he learned some flash programming and now 3d programming too.  Some of the subjects include DirectX so the professor gave them a website that guides you from the basics.  This website is called DirectX Tutorial.com and the website is as below.  Although i am not fancy of writing anything related to graphics i find that it is quite an interesting subject.  By learning how to write with D3D (Direct 3D), a C or C++ programmer may find it useful for their future projects.  To jump start the tutorial, visit here.

Homepage: http://directxtutorial.com/

Note: If you are looking for the DirectX SDK it is here.

While i was searching online for a way to display processes for all users, i came across this source code which was coded profesionally.  The source code can be found here.  Be sure to check their homepage here too for more source codes.

Today i came across a very interesting website while searching for a method to display processes for all users!   This website, http://win32.mvps.org/ provides alot of useful information coded in C!  As a C/C++ programmer, it is highly suggested to give this website a visit!  As for the source code i was looking for (displaying processes for all users), it is here!

Visit it for a better you here.

Nirsoft is a website where you can find utilities for nearly every possible need in computing!  Doesn't matter whether you're a programmer, network administrator, forensics specialist or a nobody, Nirsoft provide tools that are useful for everyone.  You can find password recovery tools (where hackers usually use them for their malicious intent), or system tools where you can view detailed information of your computer (although you would require certain knowledge to understand them).

Visit NirSoft here.

Can someone out there tell us what are the differences between a hacker and an ethical hacker?  The first thing that comes in mind would be (1) a hacker is someone bad hacking computers whereas (2) an ethical hacker is someone that hacks but it is for the goodness.  Alright here comes the contradiction, my professor called Ali says that "if there is an ethical hacker, can there be an ethical liar or an ethical murderer

Do you know what Metasploit is?  Have you ever used it?  Metasploit is one of the most useful penetration testing tool used by security specialists to look for vulnerabilities in a system.  If you are a hacker, this is a must learn tool for you.  If you are a penetration tester, this is a must have tool for you to find weaknesses in your own system and prevent hackers from entering.  Metasploit works in both Windows and Linux, although i believe most of the users would be Windows, professionals often use Linux for this task.  Visit their homepage here.  Speaking of the word hacker, i was enlighten by one of my professors in my university few days back, let me write it out in a new post :).

Want to know how Antivirus and rootkits protect themselves from being terminated? You might have tried running Windows Task Manager and find it impossible to kill avp.exe by Kaspersky. This is because the process is being protected by a higher privilege, the kernel.  This article assume that you know how to write using Windows Driver Kit.

Article: http://unlmtd.wordpress.com/2007/07/27/protecting-by-hooking-zwopenprocess/

Technically, there's 2 way of loading a rootkit according to Greg Hoglund when he wrote Rootkits: Subverting the Windows Kernel book.  One is called The Quick-And-Dirty Way to Load a Driver.  This method allows you to "load a driver into the kernel without having to create any registry keys.  "Pageable" refers to memory that can be swapped to disk. If a driver is pageable, any part of the driver could be paged out (that is, swapped from memory to disk). Sometimes when memory is paged out, it cannot be accessed; an attempt to do so will result in the infamous Blue Screen of Death (a system crash)" by using an undocumented API call. 

Do you have any programming ideas or challenges that is tough and hard to code that you require help?  Post it at our new page and let us know!

Well, i am finally back!  The job is done and i hope that i still have the enthusiasm in me to blog!  I have tonnes of forensic application in my list that i have not yet post so be sure to check it out!

If you are a forensic investigator, you would need to know how to study files byte by byte understanding their signatures.  You need to check their header or magic number.  For example, executables magic number would be the ASCII value "MZ" or hexadecimal value "5A4D".  By using hex editors such as Hex Workshop, you are capable of reading files in their bytes.  If you doubt a file of it's actual extension you can always use Hex Workshop and check with Filext.com, an online website that helps you see what magic number files have!  Search the file extension in Filext.com and look at its magic number and compare with the one you saw in Hex Workshop.

As i am working currently for an important event, i am unable to blog as frequent as i used to do.  Please visit often to stay updated, i will be back by 24th!