Ha.ckers.org on: De-anonymizing Tor, or any HTTP Proxy

8 10 2007

Just a heads up for all you peeps seeking anonymity and or privacy on the net. I saw this article on Ha.ckers.org – De-anonymizing Tor and Detecting Proxies

This code (it takes a several seconds to load) uses a piece of JavaScript to instantiate a Java socket call back to the origin site. In doing so it bypasses the proxy settings of the browser, allowing you to de-anonymize people using proxies. It works great for Tor or just about any HTTP proxy that I can think of. Cool stuff.

Source – ha.ckers.org web application security lab

Daaaaaaamn!!  That’s some scary shit for those of us just trying to keep a bit of privacy on the net.  Some of us just want to look at some titties without the whole net following us around.  Some of us want to study some information perceived clandestine by our governments. (Note: Germany just made posting penetration testing tools illegal!! See Darknet)

There’s alot of information to cover here and some of it just plain confused me at first, so I summarized what I saw as potential  bullet points in the article.

Follow the jump to read the rest: Read the rest of this entry »





Free Download For Hackers: Immunity Debugger

8 08 2007

A pentesting company called Immunity has released an amazing debugging application that is totally free of charge.  Supposedly it will cut down the time it takes to find an exploit in any given application by %50.  I don’t know if that is true, but it certainly has all the bells and whistles of a non-free debugger like IDA Pro.

Here’s the Download Link: IMMUNITY : Debugger

Dan Goodin had this to say in “The Register“, about my new favorite app:

The folks at Immunity, a company specializing in tools for penetration testing, have released a free application advertised to streamline the development of software exploits.

Immunity Debugger, as the app is called, will cut exploit development time by half, according to this product announcement. The debugger is designed with malware writers in mind, providing a rich GUI, powerful scripting language and connectivity to fuzzers and exploit development tools.

The program gives developers the option of using command line or GUI depending on the task at hand, and runs plug-ins written in Python by third-party developers.

In my opinion this could replace OllyDbg!!  No offense to those hardcore OllyDbg fans out there, but you should give Immunity Debugger a whirl just to see how powerful it really is.

N00B Alert – Debuggers and disassembler’s are used for “cracking” apps, as well as finding malicious exploits.  I expect that Immunity Debugger will be just as useful for cracking as anything else, if not more.  Of course you need to have the right assembly code set to really utilize the extra speed promised by Immunity Debugger.

I’ll see what I can do about finding some tutorials in the near future.  If my gut instinct is correct, this is gonna become a staple for most hackers out there (White, Grey or Black Hat).





Tutorial: “Unlock” Your iPhone With SuperSim via Hackint0sh

6 08 2007

So far this hack is only reported to work in Europe.  Basically all you need is a blank SIM card and a SIM card reader/writer, oh and the instruction posted at the link below:

Tutorial: “Unlock” your iPhone with SuperSim – Hackint0sh

Sure its old news, but I just thought some peeps would like to know.





NES Emulator on the iPhone

6 08 2007

Hey there iPhone lovers.  Yes, there is finally a NES emulator for the iPhone.

Find the code here: iphonenes – Google Code

And just in case you don’t believe it…

After searching around a bit I found some more links that will probably satisfy you lust for iPhoneNES emulator details:

There are alot of links out there with the Google Code for iphonenes.  Have phun.

My original source: http://popurls.com/





Point n’ Click Gmail hacking With Wi-Fi (via) TG Daily and Blackhat

3 08 2007

For everyone out there that keeps commenting on “How To Hack Gmail, Hotmail, Yahoo, etc etc”  (MOM), here’s a great article on hacking into a gmail account WITHOUT using fake login screens or any of that pesky hard work.  TG Daily has this great article, “Point and click Gmail hacking at Black Hat” that gives you a peek into the latest and greatest way to get into someone else’s email account.

Here’s an excerpt:

[...] The attack is actually quite simple. First Graham needs to be able to sniff data packets and in our case the open Wi-Fi network at the convention fulfilled that requirement. He then ran Ferret to copy all the cookies flying through the air. Finally, Graham cloned those cookies into his browser – in easy point-and-click fashion – with a home-grown tool called Hamster.

[...] But if that wasn’t scary enough, Graham told us that he can even log in the next day or possibly several days later into the Gmail account.  “I can just copy the data to a file and replay it later.  I’ve been able to log into Gmail accounts one day later,” said Graham.

Since the attack relies on sniffing traffic, using SSL or some type of encryption (like a VPN tunnel) would stop Graham in his tracks.  However, many people browsing at public wireless hotspots don’t use such protections.

“You’re an idiot if you use T-Mobile hotspot,” said Graham.

I personally love the last comment there from Graham… just sayin.

In my mind I see this type of hack working on any web based email client that uses cookies to auto-login.  Also, you can probably just use FireFox’s “Add-n-Edit” cookies, instead of Grahams app called Hamster.  As for Wi-Fi sniffing, if you don’t know how to do this or what apps to do it with, just use Google to search it out, or visit Remote Exploit and grab a copy of BackTrack2.

One last note, read the friggin article. CLICK THE SOURCE – PLZ kthx.

There, let’s hug it out bitches!!!








Follow

Get every new post delivered to your Inbox.

Join 44 other followers