Latest News

EXPLOİT LANSE HOST ADMİN PAGE DEFAULT PASSWORD VULNERABİLİTY

  1. ######################
  2. # Exploit Title : Lanse Host admin page Default Password Vulnerability
  3. # Exploit Author : Darkcrew.Org
  4. # Vendor Homepage : http://www.lansehost.com/
  5. # Google Dork : "web tasarım : Lanse Host"
  6. # Date: 2015/12/19
  7. # Version : All
  8. #
  9. ######################
  10. # PoC:
  11. # User: admin  or lanse
  12. # Password: 123
  13. #
  14. #Demo:
  15. #
  16. #http://www.akonreklam.com.tr/admin/login.php
  17. #http://ozbasakdegirmen.com.tr/admin/login.php
  18. #http://agapak.com.tr/admin/login.php
  19. #http://ucelmutfak.com.tr/admin/login.php
  20. #http://www.modemfiltre.com/admin/login.php
  21. #http://www.haliklinik.net/admin/login.php
  22. #http://www.umut-osgb.com/admin/login.php
  23. #http://www.ozhonsan.com.tr/admin/login.php
  24. #http://www.konyalux.com/admin/login.php
  25. #
  26. ######################
  27. # Discovered by :
  28. # Batur-ı Mir Sultan (https://www.facebook.com/BaturMirSultan)
  29. # DarkCrew.Org (https://www.facebook.com/Istiklal.Official)
  30. ######################
  31. Tnx : All My Friend And DarkCrew.Org Family
  32. ######################

Secure Application Development And Modern Defenses

Abstract

When it comes to the internet, security has always been an after-thought. A great evidence to support the theory can be seen when we look at the history of the internet. The internet was created by US military back in 1969, branded as "Arpanet" at that time. In 1973, ARPANET created TCP IP protocol suite which later enabled the development of protocols such as "SMTP, POP3, FTP, TELNET " in 1980's and HTTP in 1991. 

All of these protocols could be easily eaves-dropped upon by an attacker as they do not encrypt the traffic. Their secure versions were released only later, such as FTPS, SMTPS, SSH, and HTTPS since at that time connecting people and building features was the priority.  If security would have been present by design, we would not have encountered these problems today. 
The same is the case of when we develop the products today, we consider security to be an after-thought rather than an in-built feature, as a reason of which, security breaches occur.  In this article, we would talk about secure application development and why SDLC (System Development Lifecycle) is an ideal model for building secure products.

The model leads "Security By Design" and "In-depth Defense" approach. The idea behind this model is that security should be an essential part of all phases of SDLC so that the bugs are addressed during the early stages of development. Fixing security issues at earlier stages of the development cycle directly reduces costs, time, effortand resources.

Application Layer Security Attacks

As time passes by, we witness a rise in application security attacks, an upward progression in layer of insecurities of the OSI model. In 80 and 90's most of the attacks were related to Layer 1, Layer 2 and Layer 3 of the OSI model, ​today we are at the point that we have developed a great defense at Network Level, however application layer security remains a big challenge. 

According to a report by Gartner Research, it states that 75% of the attacks today occur at the application layer of the OSI Model. According to a survey by Trustwave, 82% of web applications are vulnerable to XSS attacks. According to another survey, 80% of all the security incidents in the financial sector occur due to Cross-site Scripting. Therefore, building defense at application layer is mandatory.

Application Layer Defenses/Approach

Overtime, there have been multiple defenses and approaches established at application level, most notable being a "Web Application Firewall" and "Runtime Application Self-Protection" so on and so forth.  

A Web Application firewall could be used as an additional layer of security, however all WAF's rely upon Blacklist i.e. Reject Known Bad, as whitelisting mode is not practically applicable in the real world (it's not easy to implement). This can be largely attributed to the fact that the majority of web applications are dynamic, and it is very difficult to predict all the possible inputs in order to write a whitlelist of what is allowed. The blacklist, however is not really effective, and this has been proven in past. As a matter of fact, Bypassing WAF's is my day-to-day job and back in 2013, I had written a cheatsheet "Bypassing Modern WAF's XSS Filters" for bypassing Web Application firewalls in which I had written bypasses for top Web Application firewalls. 

Runtime Application Self Protection is relatively a new approach for preventing application layer attacks, which empowers the application to protect in against attacks in real time. A RASP sits at each junction point of the application such as between the application and database, the file system and the network, it sits there and identifies & blocks any malicious activity, enabling the application an ability to protect itself. The problem, however, with this solution is that it still is based upon a blacklist, it is very costly and requires a lot of time to mature itself. 

The cost of removing an application security vulnerability during the design phase ranges from 30-60 times less than if removed during production.”- NIST, IBM, and Gartner Group

Bottom line is that, You cannot write a vulnerable code and rely upon WAF, RASP and other protection mechanisms to protect your application. 

Secure SDLC 

The defenses we talked about above do help in improving our security model. However, in my opinion, it is the wrong way of solving the problem. The best approach is that the application should itself carry the ability to protect itself and henceforth, be built with security in mind from day one. Experts recommend that security should be embedded into all stages of SDLC i.e. Requirements gathering, Design, Development, Testing, Implementation.
Let's talk about how security could fit into all stages of SDLC:

i) Requirements

The first phase of SDLC is the "Requirement" in which project scope and goals are set.  In this phase, OWASP recommends the establishment of security requirements of the application. The requirements of the customer should be checked in accordance with the security standards such as the password policies, secure network protocols etc. 

ii) Design 
In the design phase, OWASP recommends the building of design with security in mind. This involves what is known as Threat modelling, which is an approach that involves analyzing the security of an application in order to mitigate the threats which yields the security plan. ​ The following is a great presentation on how threat modelling should be performed. 



iii) Development 

In Development phase, OWASP recommends developers to follow "Secure Coding Standards" for which, the organization must conduct an awareness on Secure Coding for developers, because guidelines are often overlooked by developers. Apart from that Source code, reviews must by done by internal team. It is also recommended to have this conducted via third party to mitigate additional findings.

iv) Testing 

In testing phase, OWASP recommends performing a penetration test including infrastructure assessment, in order to counter verify if the findings present inside the design and development phase have been properly fixed. Both Static and Dynamic code analysis should be thoroughly performed. 

Special attention should be paid to Business logic bugs which cannot be otherwise found by automated scanners as the business logic varies for every application. Efforts made in second phase i.e. Design could reduce the number of business logic bugs significantly. 


v) Deployment 

Deployment is a phase where your application goes from development into production environment. In this phase, OWASP recommends securely conducting the migration process from development phase to production phase and to ensure that post production security requirements are met.

In case you would like to learn more about Secure SDLC, I would recommend the following presentation - "Secure Development Lifecycle".

Security is an ongoing process, no specific requirement has to be met for 100% security. 

It should be noted that even after introducing security in every process of SDLC, 100% security cannot be achieved. However, the threat probability could be reduced. As security analysts, we have to close a 100 doors from which an attacker could enter and as an attacker, s/he only needs one door.  The fact that appeals most to me about this approach is that it's proactive, not reactive which is how most of the application development nowadays is done. ​

000web Host hack -The dump Is here



The high profile company attacks keep coming these days with Target, Home Depot and, most recently, TalkTalk. Now word comes out that a major web hosting service has also fallen victim, spewing a generous amount of information to anyone interested.
000WebHost is working to resolve the problems, which led to 13 million emails and passwords being made public, but in the meantime it is trying to take precautions to protect users, though it seems a bit late for that.
Visiting the site now defaults to error.000webhost.com and displays information of how to reset your login and password. A message appears at the top reading "Important: Due to security breach, we have set www.000webhost.com website on maintenance until issues are fixed. Thank you for your understanding and please come back later".
Australian security researcher Troy Hunt obtained the data and confirmed its authenticity. In a blog post he wrote "It was very apparent that if this was legitimate, it was indeed a very serious data breach and one that had the potential to impact a very large number of people". In fact, he claims the 13 million estimate is a bit on the low side.
Meanwhile 000WebHost has issued a statement on its Facebook page "We have witnessed a database breach on our main server. A hacker used an exploit in old PHP version to upload some files, gaining access to our systems. Although the whole database has been compromised, we are mostly concerned about the leaked client information".
Accusations have been made that both security researchers and a journalist from Forbes gave 000WebHost ample warning, but the company failed to follow up on these. Now 13 million-plus user names and plaintext passwords are out there.

Airtel Diwali Offer — Get 100MB 3G Data For Free [ Limited Time]

Airtel Is Come Up With Free Data Diwali Offer. Where You Will Get Free 100 MB 3G Data Without Any Cost, This Offer Is Valid For Very Short Time So Friends Avail This Offer Now.

How to Get This Deal ?

* First Go to "Messaging" Of Your Phone

* Create a New Message
 
* TYPE TRY3G And Send It to 51617

* Done Your Will Get 100MB 3G Data.

Second Method :-

• Call On 129, Now Choose Language Between Hindi or English

• Now You Will Hear Something Like That Get 100 MB 3G Data Platinum Pack For Free

* Now Press 1 For Activait This Plan

Enjoy Free Data

Tokri.com Offer — Register Now And Get Free Rs.500 Cash [Pune Users]

Hi Friends
Here Is A New Offer For Our Visitors, Tokri.com Is Offering Free Rs.500 Cash For Pune Users. You Can Use This Cash For Purchasing Item Thats You Need Daily. So Friends What Are You Waiting For, Avail This Offer Now.

How to Get This Deal ?

* Goto Offer Page

* Register New Account

* Enjoy Free Rs.500 Cash

* You Can Use This Cash For Online Purchase.

Vodafone Diwali Loot - Get 100 MB 3G Data For Free !!

Vodafone Is Also Celebrating Diwali In This 2015 Year, So It Is Giving Free 100 MB Data Pack
(3G or 2G) On 11 Nov. by Sending A Sms So Friends Enjoy Free 100MB Data In This Dewali.

How to Get This Deal ?

* First Take Your Phone In Your Hand

* Now Go to "Messaging"

* Create A New Message

* TYPE "DIWALI" And Sent it To 199

* Enjoy Free 100 MB Data.

NOTE :- This Offer Will Work On 11th Nov.Only.

Paytm 100% Cashback Sale [Live]

Paytm Now A Big Recharge Shopping Site.
Which Has Come Up With A New Cashback Offer,
Where You Will Get Flat 100% Cashback On
Selected Products So Make Your Shopping From
Paytm & Get Huge Discount & Cashback.

How to Get This Deal ?

* Go to Offer Page

* Select Product & Click On Buy Now

* Log In Or Register

* Proceed to Checkout

* Apply Promo Code :- MKT100

* Add Shipping Details

* Pay Amount

Cashback Added To Your Wallet Soon

GoGo Read- Swipe App Offer — Get Rs .10 For Each Referral [ Max .100 ]

GoGo Is A New Earning Android App Which Is Giving Rs.10 For Each Referral And You Can Also
Earn Money By Reading Article & Doing Other Tasks.
This Android App Is Also Giving 500 Points Means Rs.5 For Sign Up Bonus And You Can Earn Maximum Of Rs.100.

So Hurry Up & Claim Your Rs.100 Now.
How to Get This Deal ?
* Download GoGo Swipe Earn Talktime App

* Open The App & Register New Account

* After That Complete Verification.

* After Successful Registration, You Will Get 500 Points Mean Rs.5 Sign Up

* Now Start Referring Your Friends And Earn 1000 Points Means Rs.10 Per Refer.

* You Can Refer Maximum Of Your 10 Friends, And Max Earn Rs.100.

Minimum Redeem Amount Is Rs.100

Happy Earning.

[Freecharge] Get Rs.50 Cashback On Recharge Of Rs.50 For New Users

Freecharge Has Come Up With A New Loot Offer, Where You Will Get Rs.50 Cashback On Min Recharge Of Rs.50 This Offer Is Valid For New Users, Payment Must Done by Credit/Debit Card to Get Cashback.
How to Get This Deal ?
• Go to Freecharge
• Register New Account
• Start a Recharge Worth Rs.50
• Apply Promo Code :- HEY75
• Make Payment.
After Successful Payment You Will Get Cashback
Terms Added Soon

OLA STORE MAHALOOT:- Rs 100 off on min purchase of Rs 101 (New users)

ola-store-logo@2x.png
Hi Friends
[Ola Store] Rs 100 off on min purchase ofRs 101 (New users)

HOW TO GET THIS DEAL:-
1. Firstly Visit OLA STORE
2.Coupon code:“FLAT100"
3.Valid till Nov 15 2015

Celebrate Diwali with Mi – Get Deals at Re. 1 & Many More

Hi Friends
Diwali is just around the corner and the festive shopping has already begun. While most e-commerce sites have already started their respective festive sales, Xiaomi also seems prepared to hold its sale. A couple of days back, the company had hinted about its Diwali sale in the market.Today, Xiaomi has shed some more light on its Diwali sales plan – it will be hosting Re. 1 Flash sale on some of its products. On Diwali on November 3, 4 and 5, So get ready to bangthis Diwali and avail this offer, here are the steps :-

How to Get Rs.1 Flash Sale :-

About Rs.1 Sale:-
  • The flash sale will be held on mi.com/in at 2pm and 6pm on the 3rd, 4th and 5th November.
  • Users are eligible for the flash sale only if the promotion from mi.com/in/— hasbeen shared via Facebook/Twitter between 10 am 28th Oct to 4 pm 5th Nov.
  • To be eligible users need to share the promotion2 hours prior to the flash sale. i.e 2pm and 6pm during 3rd-5th November.
  • Sharing the promotion once via Facebook/Twitter will be sufficient for users to be eligible for all the flash sales held between 3rd to 5th November.
  • Warranty service are not applicable for products sold during the flash sale at ₹1
1
After Sharing this on Facebook you will get this Message
Untitled

Festive Offer prices to be revealed soon :-


23
24
25
26

Paymyreview Refer And Earn Offer — Refer Your Friends And Get Rs.10 Recharge For Each [Ending Soon]

Paymyreview Is A New Earning App, Where You Will Get Rs.10 Fo Each Referral. You Can Earn Maximum Of Rs.200 By Referring Friends.

How to Get This Deal ?
* Download Paymyreview

* Open The App & Register With Facebook Or Gmail

* At Last Complete Your Profile & Verify Your Mobile No.

* Apply This Referral Code For Supporting Us :- A6F582A9

Now Refer Your Friends Using Your Referral Code, You Will Get Rs.10 For Each Friends

You Can Use This Cash For Recharge

Unlimited Trick -
* Install Youwave On Your Computer

* After That Download Paymyreview App On Youwave

* Open Paymyreview

* Register New Account Using New Email Or No.

* Enter Your Referral Code.

* You Will Get Rs.10 For Each Referral.

Now Restore Youwave & Repeat Above Steps Again For Earn Unlimited.

Wooplr Offer - Get 50 Points On Registration + 20 Per Refer !

Wooplr Is New Android App Which Is Giving 50 Points For Registration Bonus + You Can Also Refer Your Friends And Earn 20 Points For Each Friends.

You Can Redeem Your Earning As
Shopping Gift Cards So Friends Download This Amazing App & Start Earning.

• You Will Also Get Gigato 25 MB Gift Voucher Via Sms For Redeem This Coupon, Go to Gigato App & Redeem Your Coupon/>

How to Get This Deal ?

* Download Wooplr App

* Install The App & Open it

* To Get 50 Points Enter This Promo Code :- AMA506 And Apply It.

If You Skip This Steps Then You Will Not Get 50 Points Joining Bonus

* After That Choose Log In Option Between Facebook Or Google

* Now Select Gift Logo, Now Share Your Referral Code

You Will Get 20 Points For Each Referral Minimum Payout Is 500 Points

Paypal Mobile Verification And Payment Restrictions Bypass


In this post, i would like to share a very simple logic flaw I found earlier this year I have found a way to circumvent mobile verification by utilizing a different portal for logging into a paypal account. The flaw lies in the fact that paypal does not perform two step verification/authorization checks on all different portals that are used to log into a paypal account. Ideally, there should be a centralized authentication mechanism to authenticate the user or else additional authorization checks have to be applied to all different portals that are used to log into paypal ccount.

In this case, We could use the mobile activation page to log into the paypal account without happen to use a mobile phone.

https://www.paypal.com/us/cgi-bin/?cmd=_mobile-activate-outside


Demonstration



Unfortunately, the bug was marked as duplicate so it was not eligible for a bounty, however that really doesn't matter as the fun and the learning is more important. However, there are still other ways to circumvent mobile verification, however i did not wish to report.

Bypassing Payment Restrictions

After you have bypassed paypal might restrict you from transferring funds to another account, however there is a simple way of bypassing it as well, all you have to do is to create a donation button or any other payment button from paypal and directly use that to transfer money, paypal does not enforce any restriction on it.

Example

https://www.paypal.com/id/cgi-bin/webscr?cmd=_flow&SESSION=OvGwImW-aZGi7_Jf-oBOYlXFljX6KfnUMxeUoxyow7Woq8ZZYb7SihFpKQy&dispatch=50a222a57771920b6a3d7b606239e4d529b525e0b7e69bf0224adecfb0124e9b61f737ba21b08198d1a93361f052308ac20c1249d8113f4c

TABLET PWN PAD 3 IS DESIGNED FOR HACKING

002
Pwnie Express Company is widely known in narrow circles as a manufacturer of various "spy" gadgets flush pentesting, that is to test the network for vulnerabilities without the knowledge of the company's employees. We go to the office, leave the unit, disguised as an outlet or extension cord, and he collected all the necessary information. Now the company has released a hacker third model tablet Pwn Pad - its flagship product for mobile pentesting.
Pwn Pad 3 is made ​​based on the Nvidia Shield, so that from a hardware perspective is fairly powerful (see. Review of the tablet): Cortex A15 processor at 2.2 GHz and 2 GB of RAM correspond to the level of notebooks about five years ago.
It is important that it pre-installed the necessary software. Manufacturer careful in choosing the software and gradually improves and updates the list of programs on the operating system, Kali Linux. Now added to the list of Kali Disk Forensics for analysis of hard drives. External drive must be connected directly via USB-cable, mount - and it will be available to the hacker set of utilities.
To connect the peripherals bundled with the tablet cable goes OTG.
Another innovation in the Pwn Pad 3 has become a feature update "over the air". Previously, you had to manually change the firmware, now it comes and installed automatically.
The new version of the kit (it includes an external adapter Bluetooth, WiFi, Ethernet and cable OTG, pictured above) is a lot of: $ 1095. But fun and something much!

004


QUADROCOPTERS HACKING WIRELESS NETWORKS :DEFCON

Hacker added to the arsenal of unmanned aerial vehicles. The conference Defcon quadrocopters the presentation of the company's Aerial Assault, which is equipped with everything necessary for overflight of territory and automatic network hacking surrounding Wi-Fi.
Quadrocopters with the right equipment showed the hacker David Jordan (David Jordan), Officer Aerial Assault, reports AFP."Such opportunities never had before," - he commented. This is the first drone programs for pentesting operating in automatic mode.
davidjordand
Aboard the drone is a mini-computer Raspberry Pi with specialized software, which is included in the distribution Kali Linux. Quadrocopters range scans for insecure networks and record the exact GPS-coordinates of the victims. He can perform brute force passwords or perform other programmed actions. Theoretically, it can be programmed to spread malicious software, downloading the appropriate scripts.
The conference Defcon representative of Aerial Assault is located in the commercial section and sold quadrocopters of inhumane cost $ 2,500.
The previous version of the UAV from the Aerial Assault equipped with Wi-Fi router and worked as a free hotspot, collecting confidential information from the computers of users who are connected to it.

Problem in kali linux via USB installation ? Take a look here

So many users reported to Kali linux team , about the issue  CDROM not couldn't be mounted 

This is the issue , when you are trying to install kali linux via USB




 Solution ?
yeah it is very simple ,,

when the Window shows  CDROM not couldn't be mounted , 
1.Unplug your USB from system and re insert it
2. wait for mount/ detection (usb LED glow)
3. Hit Continue

that's all

Your linux will install as like as previous options


 

How to Upgrade kali 1.1.0 to 2.0

Upgrade to Kali 2.0




Kali Linux users can upgrade their Kali 1.x to Kali 2.0 without reinstalling whole operating system from scratch. To do this, you will need to edit your source.list entries, and run a dist-upgrade as shown below. 

open : 

/etc/apt/sources.list in leaf pad

and delete all (else replace old kali sources )  and add 


deb http://http.kali.org/kali sana main non-free contrib
deb http://security.kali.org/kali-security sana/updates main contrib non-free

and run 
apt-get update 
apt-get dist-upgrade

after finish hit reboot

this method will take 2.6GB of online data.. and take much time .. depends upon your dataspeed 


you can also run this cmd in terminal (copy paste it )


cat << EOF > /etc/apt/sources.list
deb http://http.kali.org/kali sana main non-free contrib
deb http://security.kali.org/kali-security/ sana/updates main contrib non-free
EOF

apt-get update
apt-get dist-upgrade # get a coffee, or 10.
reboot

Contact Us

24x7 online , we happy to answer you
tamilcypc@gmail.com

Disclaimer

This Blog and its TUT's are intended for educational purposes only, no-one involved in the creation of this TuT may be held responsible for any illegal acts brought about by this Blog or TuT.



Featured Post

Custom Domains And HTTPS Redirection Code