Retail Hacking

Facebook Vuln

Mon, 16 Jan 2012 14:34:14 +0000

Hi, I found a facebook vulnerability from a Turk guy.. the vulnerability is that if you use a domain level other than www.facebook.com (Example x.facebook.com) the information for the password reminder page is handled otherwise and one could TAMPER THE EMAIL AUTH DATA to send the confirmation email to the attackers emails and this link-page doesn't check for previous passwords so one could change the password and log in without any further due.

But the attacker must know the victims email address and the worst of all is that they have updated this function since new year so that the handlers maybe? check the token packets twice, I need some help more people = more changes to crack something, they changed the GET function from what I understand and they changed the confirmation script url to hex code?..

This vulnerability isn't popular at all .. so I'm thinking that they didn't mind to sanitize the code enough to prevend further exploits.

REFERER:	http://x.facebook.com/recover?cuid=AYgN0SgNxgW2gyg-8HgNZ53Cvj5RdK7V7-XXXn_GIk-TYiDlcPthoxSUA-P2d81d7rqGaa_N42VBzYzpaguuGBazBPUUoyGDUBD7YYkhoRNm37SUrL9LvhRh-
FX6PetxpYpd5huCZD3c4_RXWhu_hDp0l1n7PEICkppMSK1-gxLFmw&refsrc=http%3A%2F%2Fx.facebook.com%2Frecover&
refid=0&_rdr
COOKIE:	datr=RBsUT7FrOTTh_8JqLs5WYnke; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F; lsd=LOuM6; m_ts=1326719401; L=2; reg_fb_ref=http%3A%2F%2Fx.facebook.com%2Frecover%3Fcuid%3DAYg4ZfAfedOw7TT_BUj6hKdk1zZTnHulCYjbO8yNLQMQNN6sAflr0uctssfHlsx8M4nM-
Fpgn_VuyCM4r7OkEwTjxFiCVAjEOkA9C3T0ZC4Q1PhtfbSjX5ozNgR9M2Xp6IZD4uVzWmS4ifRACfyEDlSvI31zlKV9-1RDdbqRR7Gxiw%
26s%3D100%26referer%3Dhttp%253A%252F%252Fx.facebook.com%252Flogin%252Fhelp%252Fidentify%252F%253Fselect_user_url%
253D%25252Frecover%2526no_selection_url%253D%25252Fhelp%25252Fcontact.php%25253Fshow_form%25253Dcannot_identify%
252526flow%25253Dpw_reset%2526instructions%253Dpassword_reset%2526flow%253Dpw_reset%2526skip_confirmation%
253D1%2526refid%253D0%26refid%3D0; W=1326719429; i_id=%3Aasync_conf; sfiu=AYhFUajIX5kqTZc4rD5zdb5Ri7DaNwTXI0okem5R-8UeD17DcmskH82_T89aX8PrCFSchy0rfasQlU4nbt-1CRfrR3ITeCNhsM6_ge-
RxD6wf1xR-I2H2JV9LHGy_BeOF0sKEiAr7uQtPaG6T16bhfUli3ggj7NTKkJ4EsRLAEBVFw
	
	
	
	
LSD:	LOuM6
POSTID:	cda97d47228e889ffc3bd811513b4a0e
CHARSET:	%E2%82%AC%2C%C2%B4%2C%E2%82%AC%2C%C2%B4%2C%E6%B0%B4%2C%D0%94%2C%D0%84
EMAIL AUTH:	AYgQ7G_APrmuZFhmHzRx5PFD-WW8O6R4jOb0-I_tJn0FWcR1EvW3aPid6Fj90fGc2D1FuyiFdisBX8SnL5jYjvZ6
CONFIRMATION (do_send_code):	%CE%95%CF%80%CE%B1%CE%BD%CE%B1%CF%86%CE%BF%CF%81%CE%AC+%CE%BA%CF%89%CE%B4%CE%B9%CE%BA%CE%BF%CF%8D+%CF%
80%CF%81%CF%8C%CF%83%CE%B2%CE%B1%CF%83%CE%B7%CF%82
	%CE%95%CF%80%CE%B1%CE%BD%CE%B1%CF%86%CE%BF%CF%81%CE%AC+%CE%BA%CF%89%CE%B4%CE%B9%CE%BA%CE%BF%CF%8D+%CF%
80%CF%81%CF%8C%CF%83%CE%B2%CE%B1%CF%83%CE%B7%CF%82

Before they patch it you could pretend that you are the victim asking to reset the password using email and when you send the data over change the victims EMAIL AUTH TOKEN with the attacker EMAIL AUTH TOKEN and the link would be sent to the attackers email so he could change the password. They don't check anything else if one could get a hold of this link he could steal the victims account.

Don't leech.

EDIT:

They are using dynamic cookies .. this must be what they have changed. If someone wants to work on this..post here your findings.

If one finds something it's going private.

UPDATE: I thought that if they didn't properly sanitize data before on x.facebook.com how about testing other domain levels *.facebook.com for the same vulnerability and I know that most mobiles browsers don't use dynamic cookies and I remember if I log from an old mobile they use a different code from scratch not only different layout because the old mobile browsers have compatibility issues.

1.
Use the mobiles HTTP REFERRER ?? emulate mobile environment?? How about WAN traffic it's different from GPRS..

2.
Change mobiles OS and tamper data from it! ( I know about booting a mobile with backtrack but the WIFI doesn't work yet. )

Decoding Mac Serial Numbers

Thu, 12 Jan 2012 01:27:38 +0000

The week of manufacture on macs is based upon the third, fourth and fifth digits of the serial number.

example:

serial number w123456abcdef
the WOM is 234

The first number of the three is the year. The second two are the week.

So this product was made in 2002, in the 34th week.

The first two numbers tell at what manufacturing plant it was created in.

This site will give you all the info on your mac. Apparently they've already found a way to decypher mac serial numbers:

http://www.chipmunk.nl/klantenservice/applemodel.html

http://www.appleserialnumberinfo.com/ <- another site that does the same thing

If anyone has any more information on how their serial numbers work, please post here

Twitter Account

Fri, 05 Aug 2011 03:06:12 +0000

So I noticed a while back, one of my favorite musicians' twitter accounts is just some kid wishing he was that musician. While that's no crime or anything, it really just made me wish the kid would change his password to something he forgot and change the recovery email to something he didn't own so he'd be relieved of his compulsion to impersonate said artist. (Said artist is @JohnFrusciante)

I really hope nobody takes this into their own hands and liberates that twitter handle. I can't think of a real downside to that, but it's most certainly illegal and I'd never endorse anything like that.

Again, the account was http://twitter.com/#!/JohnFrusciante

Gathering multiple images from a page

Wed, 08 Jun 2011 22:26:37 +0000

Alright so this my first post here but this seemed like the right place to take my question too. So first some background then my problem: I just got done learning to create iphone apps and i needed an idea of one to create so a friend suggested i make an iphone version of site called Polyvore where you make outfits from different clothes. It seemed like a good idea so i checked out the page and found that all the pictures of the clothes, which you drag into a window in the middle, are stored in a frame to the side. You cannot right click and save the pictures individually.

Now to my problem, I was wondering if there is a way to gather all of the images from that frame and save them to a server that could be called upon by the iphone app to bring up the images on the iphone? Any help or pointing in the right direction would be a great help! Thanks in advance!

Magnetic Stripes (big money)

Tue, 07 Jun 2011 05:58:43 +0000

Need some one that understand the workings of magnetic stripes and replicating (no carding involved). Could earn alot of money.
don't need some one that swipe, copy and duplicate. This involves a little bit more work to it. Need some one that knows coding on the stripes and rev eg.

Let me know if any one is out there wanting to help.

free 83k shell booter

Sun, 05 Jun 2011 04:23:34 +0000

hello guys im giving away an 83k shell booter because im looking for more users to try out this booter. i haven't used it in awhile and wanted opinions on it. less than 3/4 the shells are dead so theres like 20k ones that are still alive. i havn't cleared out the dead ones yet but i will by this weekend. proof of the booter below.

[IMG]http://img638.imageshack.us/img638/5016/mlgbooter.png[/IMG]

virus scan:
Report date: 2011-05-27 22:46:18 (GMT 1)
File name: crazybooter-exe
File size: 442368 bytes
MD5 hash: 18234da1bde303c4d545151cf5245954
SHA1 hash: 08af761364489b346e281a396e11294ba94bed50
Detection rate: 0 on 6 (0%)
Status: CLEAN

STEP 1: open link.

Step 2: wait 5 seconds for advertisement

Step 3: click "SKIP" on top right.

Step 4: Download the file.

Step 5: open the file.

Step 6: Follow the instructions.

Step 7: Hit some kids offline and win those gb matches.

DOWNLOAD EITHER ONE.(one has 5 second advertisement the other one doesnt.

http://sankpwns.info/tmp/crazybooter.exe

http://adf.ly/1elMI

Hotmail hacked

Thu, 26 May 2011 18:21:46 +0000

Hello a friend of me her Hotmail is hacked. She tried to get it back by contacting the support team without luck. Does anybody know how she can get her account back?

sql help needed

Sun, 08 May 2011 04:26:51 +0000

what to do if server displays following error when usin order by to search vulnerable links


Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.

Details: To enable the details of this specific error message to be viewable on remote machines, please create a  tag within a "web.config" configuration file located in the root directory of the current web application. This  tag should then have its "mode" attribute set to "Off".

<!-- Web.Config Configuration File -->








Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's  configuration tag to point to a custom error page URL.

<!-- Web.Config Configuration File -->

and how to get this web.config file

Forgot Toshiba Windows Login Password? How to Reset it?

Fri, 29 Apr 2011 03:55:05 +0000

Security-conscious or just want to ensure your files are private? You can prevent others from using your unattended Windows PC by creating a password to use Windows or quite your screen saver.

Well, everything has two sides to. On one hand we can ensure the safe of the Toshiba computer privacy or confidential files; on the other hand, we are always bothered how to crack or reset the forgotten Windows password. Today, we will focus on how to reset Toshiba password and regain your access into the Toshiba.

Of course, if you input “how to reset Toshiba password”, you will find various related info for this. Indeed, if you forgot Toshiba Windows password, you can reset it by taking a Windows password hint, a password reset disk, a system Installation Disc which is provided by Microsoft or just reinstall your Toshiba laptop. But have you ever realized that these methods can make sense only when they are under some conditions.

From now on you do not need to worry about these problems. According to our experience, we would like to recommend you another easier and practical solution--- a third party program. Here we also download Windows Password Unlocker for instance, which is well-recognized and wide-used shareware on Windows password recovery. Now, follow the step-to-step guide and reset Toshiba password within a few minutes.

Requirement: A bootable CD/DVD or USB flash drive
Time: within 5 minutes
Recovery Rate: 100%
Step 1: Go to Windows Password Unlocker official site to Download and install it any available PC.

Step 2: After installation the program, insert a CD/DVD or USB flash drive for burning an ISO image file

Step 3: Set your locked Toshiba PC boot from CD ROM or USB with the password reset disk

Step 4: Reset Toshiba Windows Password in minutes. After restart Toshiba laptop you can login straightly without a password required.

So, is it more convenient to reset your forgotten Toshiba password with this Windows password recovery tool? Well, this program applies to all the popular OS like Windows 7/XP/Vista/2000 and Windows Server 2003/2008. When you take this Windows password recovery for your need, you wil feel much time and money saving and have a relaxed trip with the friendly interface.

Astro Empires Hacks

Mon, 17 Jan 2011 06:33:32 +0000

If you know how to hack any of their forum accounts or in-game accounts tell me plz !

They are corrupt greedy admins that have almost started a revolt of players, just with the problems they had over the past 2 days they have lost 10% of their player base.

sql-injecting Oracle database

Wed, 05 Jan 2011 19:47:41 +0000

I'm dealing to what i would term as "Oracle-Blackhole". For few past days i'm trying to probe myself into oracle-database-server running Oracle 11g Enterprise Edition 11.1.0.7.0. How did i came to know this(version) well i was able to successful retrieve the banner by using the get_host_address function. So it started good. I mean i was also able to do the authentication by-pass and got the web-console but my luck soon ran out as i realized that this account was configured not as much of pure dba/admin roles one it was like one of those strict role-based account in which you can only update set table attributes and fields, CANNOT delete , search/modify or do other administrative tasks. (i think this user has only rights to one table not full database?)

I needed to explore more in depth the construction and design details of the whole database. I'm sure there would not be one databases but multiple tables, and i want to inquire about details of privileged accounts existing on machine and lastly i want to run some o/s level commands accessing the back-end database (perhaps being able to make new user-account,delete others and yes ultimately getting the root level access to the box)

So far oracle sure has been all tough on me...coz i have tried to inject various attack strings but i was bombarded with sql-error ORA-xxx . I know i'm terribly wrong somewhere but i don't know where? this is my first time playing around with an Oracle db and so far it didn't turned out to be a piece of cake for me. So far this is what i have achieved (-ve results / errors)

string:' OR SELECT username FROM all_users ORDER BY username--
function:List Users
error:ORA-00936: missing expression

string:' or SELECT name,spare4 FROM sys.user$ -- priv, 11g--
function:list pwd hashes
error:ORA-00936: missing expression

string:' or SELECT DISTINCT grantee FROM dba_sys_privs WHERE ADMIN_OPTION = 'YES'--
function:priv, list DBAs, DBA roles
error:missing expression

and same set of error when Hostname, IP Address information is queried for

SELECT UTL_INADDR.get_host_name FROM dual;
SELECT host_name FROM v$instance;
SELECT UTL_INADDR.get_host_address FROM dual; -- gets IP address
SELECT UTL_INADDR.get_host_name('10.0.0.1') FROM dual; -- gets hostnames

I want to know what the easiest way to hack into oracle db? and do i have to do some buffer-overflows attacks meaning exploiting application level vulnerabilities against vulnerable oracle services to gain / execute machine/system level commands. Does the programming language matter in this case? In my case i have asp.net and the back-end machine is window 2003.

I would really appreciate help from this great community. Thanks

How to bypass web filters !!

Sat, 04 Dec 2010 02:29:46 +0000

How to bypass web filters

There are several occasions where you will be at a public te How to bypass web filters
rminal, and require access to a particular website that is blocked for some reason or another. How to bypass these restrictions is a very common question, and will be covered here.

Lets pretend for a moment that the Internet is made up of 26 websites, A-Z. The web filter blocks your browser from accessing sites X-Z, but not sites A-W. Simply make the browser think you’re going to A-
W. There are a variety of ways to do this:

Proxy Servers:
This is a list of http proxies. These sites may not be up forever, so you may need to search for “free http proxy” or “public proxy servers” or other similar terms.

Proxy server lists:
• http://www.aliveproxy.com
• http://www.multiproxy.org
• http://www.publicproxyservers.com/index.html
• http://www.tehbox.com/proxy
• http://www.proxz.com
• http://www.proxy4free.com/index.html
• http://free-proxies.com

Now that you have a list of proxies, you would open IE (internet explorer) and click on Tools > Internet Options > Connections > LAN Settings > Advanced. Enter the address and port of one of the servers from the list in the proper area (http) and make sure the “use a proxy server for your LAN” option is selected. Remember to replace the proxy and port at your terminal to the original when you're done.

*Note: Some proxies listed may not work, and this method may decrease your surfing speed. By trying various entries, you’ll find one that works, or works faster.

The infamous translation trick:
Go to a web page translation site and use their services to “translate a page to English” thus accessing the blocked page through their trusted site.

You’ll notice that several translation sites are blocked, but by using less popular ones, this method can still be effective. Here is a list of some translation services. Again, these sites may not be up forever, so you may need to search for them.

• http://babelfish.altavista.com
• http://world.altavista.com
• http://translation.langenberg.com
• http://freetranslation.com/web.thm

Url Scripting:

Url scripting is the easiest method. It works on a select few web filters and is based on the same principal as the translation trick. By typing and address like “www.yahoo.com@www.restricted_site.com the filter will not go into effect as it recognizes the trusted site (in this case yahoo.com)

Other tricks:
Simply open the command prompt and type:
Ping restricted.com ? restricted.com obviously being the restricted site
At this point you can take down the IP address (ex. 216.109.124.73) and enter it into the browser. If access to the command prompt is also restricted, see “How to bypass restrictions to get to the command prompt.” If this article has been taken from information leak, then know that it involves anything from opening the browser, selecting view > source, then saving it as X.bat and opening it to opening a folder or browser and typing in the location of cmd.exe depending on the OS. I will not go into further, as this a completely different topic.

Use https://restrictedsite.com as referring to it as a secured site may confuse the filter.

Note: These are ancient methods that many new filters defend against, but still may be applicable in your situation. If not, a little history never hurt anyone.

Web based Proxies:
Another one of the easier, yet effective methods include web based proxies. These are simple in the fact that you just enter the restricted address and surf! Some of these have some restrictions, like daily usage limits, etc but you can also use another proxy (perhaps one that sucks, like a text only) to bypass their restrictions as well. Here is a list of some:

• http://proxify.com]http://proxify.com
• http://www.anonymizer.com/index.cgi]http://www.anonymizer.com/index.cgi
• http://www.guardster.com/]http://www.guardster.com/
• http://anonymouse.ws/anonwww.html]http://anonymouse.ws/anonwww.html
• http://www.the-cloak.com/login.html]http://www.the-cloak.com/login.html
• https://www.megaproxy.com/freesurf]https://www.megaproxy.com/freesurf
• http://www.anonymizer.ru]http://www.anonymizer.ru
• https://nadaily.com/cgi-bin/nph-proxyb.cgi]https://nadaily.com/cgi-bin/nph-proxyb.cgi
• http://www.userbeam.de/cgi-bin/nph-userbeam.cgi]http://www.userbeam.de/cgi-bin/nph-userbeam.cgi
• http://www.free2.surffreedom.com/nph-free.cgi]http://www.free2.surffreedom.com/nph-free.cgi

Proxy Programs:
There are many proxy programs that allow you to surf anonymously that are more or less based on the same topics we’ve covered here. I’ve added them just to cover the topic thoroughly:

• http://www.hotscripts.com/Detailed/28480.html]http://www.hotscripts.com/Detailed/28480.html
• http://www.inetprivacy.com/a4proxy/anonymous-grc.htm]http://www.inetprivacy.com/a4proxy/anonymous- grc.htm
• http://www.orangatango.com/home/index.ie.html]http://www.orangatango.com/home/index.ie.html
• http://www.steganos.com]http://www.steganos.com
• http://www.anonymization.net]http://www.anonymization.net ? toolbar that requires admin rights to install

Making your own CGI proxy server:

Making your own proxy server may come in handy, but I personally find that simply uploading a txt file/w a list of proxies to a free host makes for a much easier and headache free solution. If you don’t know PERL, there is code out there to help you set it up. Check out these sites for more info:

• http://httpbridge.sourceforge.net]http://httpbridge.sourceforge.net
• http://www.jmarshall.com/tools/cgiproxy]http://www.jmarshall.com/tools/cgiproxy
• http://www.manageability.org/blog/stuff/open-source-personal-proxy-servers-written-in-java/view]http: //www.manageability.org/blog/stuff/op...en-in-java/view

Admin Access:
When all else fails, you can simply take over the PC and alter or delete the damn filter. This method varies according to the OS (operating system) you are dealing with. Please see “Hacking Windows NT” for more information. If this tutorial has been taken from information leak, then I will go as far as to say it involves booting the PC in another OS, copying the SAM file and cracking it using a program like saminside or LC5 rather than start a whole new topic within one.

Who Is The Real Hacker In Facebook ??

Fri, 03 Dec 2010 16:37:05 +0000

Guys I Found This Guy In FB He Helped me a lot And u can Add him 2

Go to facebook.com/ankitthehacker
And Add him as Frn. He Helps A Lot.............

McInternals

Sat, 27 Nov 2010 00:29:44 +0000

Going along the lines of the WayPort network thread I'd like to share my information:

1: The WayPort Access / ATTWifi networks are NOT connected to the internal store network.
The AT&T equipment is far separate from that network. Also note that trying to get to the gateway by way of, say, 192.168.6.1 will redirect you to AT&T's website. AT&T has remote interfaces to diagnose problems with the equipment. When I called in reporting problems they could remotely connect in and see that it was experiencing problems.

2: Internal store networks are restricted.
There's one PC that any crewmember could use -- the eLearning computer. The web browser is limited to certain sites thanks to a network blacklist. Typical stores will only allow access to sites like StationM (crew-only network site), Partnernet sites, and other related sites. This machine is on the same network as the ISP, CCU, KVSes, and the registers.

3: The ISP/CCU
The ISP, or In Store Processor, runs on Windows Server 2003 and also SCO UNIX on top (if I recall correctly). Logins are time-restricted and will log out after X minutes of inactivity both on the actual ISP interface within UNIX and another time limit on the Server 2003 side.
I have no info on the CCU other than that it handles the registers themselves. It also supposedly has TFTP/PXE boot capabilities and images for the registers. There supposedly also are recovery images on the ISP for the ISP itself.

4: Registers - PCPOS + NewPOS
There are two different registers I've encountered - PCPOS, which is DOS based; and NewPOS, a Windows XPe based solution. Both types can run on the same hardware. Supposedly you can drop NewPOS to a desktop by way of the Manager menu and then a Support menu, but there's apparently a special generated password for the Support menu. Yet again as on the store network you cannot go very far. Depending on the register, USB ports may be hidden under a screwed down flap. Many functions will require a managers' number even in regular operation (voiding more than 5 items, certain promos, giftcard cashout, etc).

If you unplug the Verifone terminal you can cause a DOS attack as it will cause NewPOS to lock up on every orders' start. Just lift up on the unit and gently rock the cable out.

5: Connecting to this network is hard
There's nothing in the lobby to connect to this internal network. No Ethernet ports, no wireless, and so on. Only way you'd get in is to find an Ethernet port in the back. The computer closet is always locked.

6: Drive-through headset hacks don't work
New stores have new headsets -- HME's iQ system. These are on the 2.4 GHz spectrum, digital, encrypted. To add a headset to the system (which supports a maximum of 16 headsets, IIRC) you have to pop the master xmit box open and put it in pairing mode.

Borders Comps

Tue, 16 Nov 2010 07:20:04 +0000

Brothers and Sisters;

I go to Borders bookstore often (as i'm sure many of you do) and I have always noticed the computers that they allow customers to use for book searches. I have noticed that they are relatively locked down in terms of surfing the net or using any other programs other than the book search.

I was wondering what we could learn about the computers there; possible access methods, their network structure, more about how the book search program works, etc. I am just curious.

I don't want to cause any damage, for I enjoy the atmosphere of Borders and wish that establishment no harm. I am merely curious what we could learn about their computers through a bit of exploratory probing. Perhaps at the benefit of the community.

To add the first bit of knowledge; At my local store, the intro screen with the textboxes has a small square of brown at the top-rightish of the screen, not noticeable to anyone who isn't looking. I noticed one day that employees click there to log into profiles for other functions. I apologize but do not have any pics at the moment. I have not tried to look into these boxes, as the last time I was there it was quite a hurried affair. We should look further into said boxes and other possibilities, such as booting a linux distro off of a thumb drive and taking a look around. Thank you for your input in advance and I hope my first post was a good one.