0001100100110111110001011101100001000001010100110011011000011110111011110101110101001101010011110001000100110000100001000010011110
1001100010101111001101001011100110111100111100111011011100000110110001010011010001001111011111000100000101010110100101011000000101
1101011101011000001011010101001011010110100001001010010111000100101011101011011001011110110111101110010110101110101111100011001111
1001011111010000000011010101111111011000011101010111000001010110100000111101111110100110010111100111010100111001011101110000000000
0001110011010010100000001011001000010100001110001111111010000000011000010101000000111010011110010110100111010111111101010000101101
1010111000110101011100010000100010010101100110000101000000010011000000011101100101001001011111001111100011100000101101001111011100
1010000000010100000111110100101001011011011111100100101101001001011010001110000001100101010010111111101101101010010100011101111001
1011110000101010011100100101110001101110111001010110000110111000010000001000000101000111100100111011000001110110001000010001010100
1111001111000001111101110111100011000000000000110001001011010001001100010100100100001111101011010000101010001110101000011000011100
1110101111100011000010000101101101101110001110101000000100000011100011000111011011010110011001010101111101010010110100011011010010
0100010011010011100101101111000110001000011001101111001111011000011001001011111101110010000100010101000110110100101100110100001010
0010111101001000010011111101000100100001011111001100101000000010101000101011010110100111001000101111001001001110011110101001111010
RE |
RE-Tools |
Security |
Operating Systems |
Development Tools |
Digital Art |
Didatic Materials |
Virtualization |
zines... |
Tuesday, July 29, 2008
The new service of Google, Knol
http://knol.google.com
Well, this is great but, a lot of people will be confused trying find something more "familiar", the database is not organized by i.g. science/subject/area etc, IMHO this make clear that Knol is not (maybe wont be) some kind of service to compete with Wikimedia Foundation.
Again, IMHO i would like to see an approach to Google + Wikipedia + MIT, i think you got it, each of these have a different way to deal with "sharing".
Maybe its possible, they are not the BSD licenses + GNU(aren't they? :) ).No its completely different...
Too soon to say ...
Btw, applauses for Google Inc, that company shake the world rly!
Something that i would never see comming from ...
:)
Tuesday, May 20, 2008
Blender 2.46
I'm not here to tell you the new enhancements, that you can find in the official website or in the wiki.I'm here to something more, that we have more one great tool that is open source, and that in nowdays has reached a place that can clearly compete with the commercial tools.Frequently i see people become really the true "tards" when they claim that this kind of project based on these philosophy wont get success, even that this is a blind vision of someone, that's not the only reason people defend it.
I like so much of that philosophy of open source movement;
1.They help students
2.They help the common users discovery a "brand new world"
3.They help with concurrence
4.They help with the transparency
5.They help with the philosophy that there is good people =p
6. ...
That's awesome and always will be, thanks not just to the Blender foundation but for that "big community", Stallman, Torvalds, others that own the concept of "sharing" like Fravia, Kaspersky etc.
i think you have search engines enough to find the website to download the blender.
=p
Tuesday, May 13, 2008
A new hat released
:)
Q:What's the difference between Fedora and Ubuntu?
A:Basically Fedora is more complete.
I recommend you use Fedora, i have the 8th version here and it's awesome, easy like Ubuntu but with a bunch of things that almost any developer on nix systems would like to have.
Link
http://fedoraproject.org/
--------------------------------------------------------------------------------------------
TouchPad Issue
Its happens because someone disabled some option ;0
in the x server configurations...
/etc/X11/xorg.conf
add this one
Section "InputDevice"
Driver "synaptics"
Identifier "TouchPad"
Option "SendCoreEvents"
Option "Protocol" "auto-dev"
Option "SHMConfig" "on"
Option "TapButton1" "1"
Option "TapButton2" "2"
EndSection
and make sure that you have the "Identifiers" name into this section too
Section "ServerLayout"
Identifier "Layout0"
Screen 0 "Screen0"
InputDevice "Keyboard0" "CoreKeyboard"
InputDevice "TouchPad" "CorePointer"#<------ here
EndSection
--------------------------------------------------------------------------------------------
Nvidia Drivers Issue
Well another problem i got when i tried compile one module to install one driver from the nvidia website for the x86_64 architecture.
And here we go with the log file generated...
/tmp/selfgz5076/NVIDIA-Linux-x86_64-169.12-pkg2/usr/src/nv/nv-vm.c:364: erro
r: implicit declaration of function âglobal_flush_tlbâ
make[4]: *** [/tmp/selfgz5076/NVIDIA-Linux-x86_64-169.12-pkg2/usr/src/nv/nv-
vm.o] Error 1
make[3]: *** [_module_/tmp/selfgz5076/NVIDIA-Linux-x86_64-169.12-pkg2/usr/sr
c/nv] Error 2
make[2]: *** [sub-make] Error 2
NVIDIA: left KBUILD.
nvidia.ko failed to build!
make[1]: *** [module] Error 1
make: *** [module] Error 2
The problem is into nv-vm.c source file at line 364 when occur one implicit declaration of function, well appears to be simple, but i'll not say anything by now ...
Wednesday, May 7, 2008
A dilemma in the botnet scene
by Cody and Pedram Amini
"
...
Cody and I thought it would be interesting to examine Kraken with the specific goal of infiltrating the bot network. We started with a sample from Offensive Computing and working from there eventually concluded that we would indeed be able to infiltrate and take over increasingly larger portions of the Kraken bot net. Cody did most of the manual labor of protocol dissection, reverse engineering the encryption routines and eventually creating a fake Kraken server capable of overtaking a redirected zombie. His detailed write up on the reverse engineering process is available under "Owning Kraken".
..."
The links
http://dvlabs.tippingpoint.com/blog/2008/04/28/kraken-botnet-infiltration
http://dvlabs.tippingpoint.com/blog/2008/04/28/owning-kraken-zombies
Thanks Pedram for posting it on open.rce, some times i forget to check out others sources of information.
I know that is hard choice do what you want, but seems that you guys have doubts about the choice, so keep in secret analyzing... sometimes when you have to do the right thing you can't make it public, you know...
the world in a nutshell...
Sunday, April 20, 2008
Games - Newcomers in the world of "Game Development"
The topic is: Game Development.
The focus is: Newcomers.
So you have decided that you want make your own game, want make sure that what you want will give you some reward, stop , stop , stop, the first thing that you cannot do is think in the money!
First you might take a look into that "reality" before start dreaming about fantasy.
Well, make a MOD for some game that you like to play.
Q:Make a MOD, Whats this?
A:Modification.
Q:What you mean?
A:Change your favorite game, i mean improve it like you wish.
The reasons are:
1.With a MOD you will know things about work in a group with one clean objective, and the first impressions in most times you will be surprised on how things that are simple can be hard!
2.After you get some experiences working with people with "same interests" you might start your project with a serious dedication, at first time, yea appears to be a hard goal, but that is your first attempt, so relax and try again.
3.The tools, most of the games today provide some tool kits, like Microsoft SDK, it make things simple because the API of the SDK of the games work on top of the Engines.
Another question
Q:But what can i do with a MOD, MOD is just a MOD no?
A:Did you forget the famous CS (Counter Strike)?
This thing so far got more success than Halflife, and this is just a MOD.On my opinion i believe that TS(The Specialists) was the best MOD shooter for Halflife because the great conversion and new brand effects and dynamic that in Counter Strike you don't have so far.
Long time i have seen too many amateurs that make MOD's in a variety of areas making their things better than professionals, mainly in the games.
Q:Why it?
A:Because the industry of the games(no only games) is always cloning things that others do, and amateurs don't care about it, they are in most times original.
More one great thing, don't start making an MMORPG thats what i see in every forum, make something without networking stuff, but after you make it, read a lot about security on server side applications because at these days some bad infrastructure can break your business.
Has passed some years that i have found some "crackers" working for some "underground" services...
So, start as soon as possible dealing with a clean and safe structures.The internet is growing, the information together, and they go to the both sides...
"Googleing" you may find this site in the first "shot"
http://www.moddb.com
maybe later i put more letters in this post...
Friday, April 4, 2008
Automated - Unpackers
Ok are you new in RCE world?
You know some websites that you can find tools, but you still don't believe that these are safe tools?
I have a solution for you!
http://www.dswlab.com/
That company have so many tools and some of them is specially made to unpack executables and identify them.
You can trust, that company is a real one, there is no crackers going to put a rootkit with a backdoor on your machine after you use his tools!
They are really professionals and have great tools:
-------------------------------------------------------------------------------------
For PE Identifier
*File Format Identifier v1.4(the public version)
http://u6.dswlab.com/ffi.zip
Note: that tool is not just for identify the PE, it can unpack it.For be serious there is a variety of packers supported.
-------------------------------------------------------------------------------------
Just for unpack
*VMUnpacker 1.4.3
http://update4.dswlab.com/vmunpacker.zip
-------------------------------------------------------------------------------------
=p
Tuesday, April 1, 2008
Immunity Debugger v1.5
The API has been reinforced with new functionality which allows you to gather more information from the remote process, such as Threads, findRetValue. This release also includes some important fixes such as correct Memory Page protection flags, which are also available via the Python API." March 27, 2008
And more, was announced that they are looking for some experts (hackers =p)
http://debugger.immunityinc.com/hireahacker.html
Immunity Debugger is very similar to the OllyDbg but with great support for python language and a lot of useful functionalities already done for use with python language, for example, the functionalities intent to hook are pretty good.
Well, cya, i go test that release !
1st of April
"Metasploit Framework 4.0 is Closed Source
Emerging from over a year and a half in stealth-mode, Metasploit Corporation has announced the 4.0 release of their flag-ship product, The Metasploit Framework. The new release comes jam-packed with exciting features that are sure to please even the German legal system. After years of struggling to define Metasploit's licensing position a final decision has been made to "screw it" and move the framework to a closed source license agreement. The decision was made to sell out for a number of reasons, not the least of which has to do with the benjamins. Metasploit 2.x and 3.x will no longer be available for public download. We request that anyone who has downloaded a copy of Metasploit 2 or 3 to please remove the hard drive from their computer and destroy it in the most efficient way possible (grind the disks, melt the platters, etc). "
LOL i forgot that today is the "Day" ^^
Now i'm waiting someone say "Microsoft acquire Yahoo" Haha!
Wireshark 1.0 Released
If yes you have Wireshark!
Ok, you still can use WinPcap libraries to do your job in some customized application using c/c++, python, and so on, but with wireshark you have so far a good tool.
The 1.0 version has finally reached, i remember when i first used the ethereal(old name), but now it's amazing, with more statistics, better parser, more protocols, functionalities, etc.
What's New
Bug Fixes
The following vulnerabilities have been fixed. See the security advisory for details and a workaround.
*The X.509sat dissector could crash.
Versions affected: 0.99.5 to 0.99.8
*The Roofnet dissector could crash on Windows, Solaris, and possibly other platforms.
Versions affected: 0.99.5 to 0.99.8
*The LDAP dissector could crash on Windows and possibly other platforms.
Versions affected: 0.99.2 to 0.99.8
*The SCCP dissector could crash while using the "decode as" feature.
Versions affected: 0.99.6 to 0.99.8
The following bugs have been fixed:
*Several SNMP-related bugs have been fixed.
*Several memory-related bugs have been fixed.
New and Updated Features
The following features are new (or have been significantly updated) since the last release:
*The "About" box finally displays version 1.0.
*Wireshark now supports custom columns.
*This release includes an experimental Mac OS X package.
New Protocol Support
*IEEE 802.15.4, Infiniband, Parallel Redundancy Protocol, RedBack Lawful Intercept, Xcsl
Updated Protocol Support
AFS, ALCAP, ATM, BACapp, CIGI, DCC (renamed from DCCP), DCCP (renamed from DCP), DCERPC SPOOLSS, DCERPC NT, DHCP, DirectPlay, EtherCAT, FIX, GIOP, GTP, H.248, HTTP, ICMPv6, ICQ, IPv6, ISIS, JXTA, NCP, P_Mul, PCAP, PKIX1Explicit, PTP, RADIUS, Roofnet, RTCP, RTMPT, RTP, RX, SABP, SCSI OSD, sFlow, SMPP, SNMP, SSCOP, TAPA, TIPC, TPNCP, UNISTIM, X.25, X.509sat, XML
New and Updated Capture File Support
Hilscher Analyzer "
http://www.wireshark.org/
Thursday, March 27, 2008
Firefox 2.0.0.13
OMG! =p
Firefox 2.0.0.12
MFSA 2008-19 XUL popup spoofing variant (cross-tab popups)
MFSA 2008-18 Java socket connection to any local port via LiveConnect
MFSA 2008-17 Privacy issue with SSL Client Authentication
MFSA 2008-16 HTTP Referrer spoofing with malformed URLs
MFSA 2008-15 Crashes with evidence of memory corruption (rv:1.8.1.13)
MFSA 2008-14 JavaScript privilege escalation and arbitrary code execution
That's my favorite browser because the amazing plug-ins like firebug, but looking at these bugs i'm still afraid to run it on my machine! even though if i'm with Windows Vista with latest patches (Vista with its isolation is pretty good, but really i think that we need be careful before do somethings...)
Hey i'm not protecting the Internet Explorer, i just don't use it, but anyway later i think that i'll make a comparison of both browsers.
Would be good "fly" in the web inside one VM, or an isolation especially made for web applications inside the OS's!
^^
BitBlaze - Binary Analysis for COTS Protection and Malicious Code Defense
Anyway i still don't have a concrete idea in what this will be when it release, so i'm just someone that is curious. :)
Well one thing really make sense, we are in an era that information is growing more each day, and a way to organize it is by computers in general term, but what about the security?
That's good!
Today we have a wide variety of tools that generate malware in seconds... is good we start improve our "skills" in something beyond the old "signatures" ...
Thursday, February 14, 2008 has occur an event by Dawn Song at UC Berkeley
I would like to watch it :]
If i find the video i'll post here...
More informations at:
http://bitblaze.cs.berkeley.edu
Saturday, March 1, 2008
Blender
Here is some examples in where you can reach with some practices
http://www.blender.org/features-gallery/gallery/images/
Blender Wiki
Some Books
- Introducing Character Animation with Blender
- Blender Basics Second Edition
Finally Code::Blocks 8.02 has been released!
Just because thats the best IDE for code C-C++ stuff on various platforms, really fast(the software is fast and package take you ready to code!), i recommend to beginners and professionals that code something that go beyond the Windows(that is good, why you will code forever just for windows?thats really not good...we change with the time!)
However i recommend to anybody never be attached to just "one thing", the world is big and we have a lot of things, why be focused on just one thing?
If you like to code in both platforms like Windows and Unix like systems, you can use others tools too(i mean related with c/c++ coding):
Eclipse: thats a good tool, but for code in both systems you will need some time to set up the configurations and make sure that what you did is the right thing(bad for who is starting)
Netbeans: same as eclipse in some aspects and you still need be more experienced with programming on these languages and compile systems.
As you see if you want first learn the language (C/C++ in this case) an later venture in something else (i recommend first learn language :) ) better you choose the CodeBlocks IDE that come with compiler(in case of windows the MinGW).
Thats all, thanks for the guys that made this IDE, go there download the IDE and start coding maybe in sometime you can make a great thing like they did now.
:)
Friday, February 29, 2008
Monday, February 18, 2008
How to recovery passwords from Windows NT
As you know the passwords on many systems are stored like hash, if the password has almost the same size of the hash you will have more success to recover, but if you think that the password has a bigger size, you will get so much collisions, that is very simple to understand, the hash has one fixed size and no matter whats the size of what you use like an input, the function always will generate the output in the same size.So you think, your password is something like 400 bytes, the hash have always 64 bits of size, there you go:
(your pwd) => 2^(8*400) = the number of combinations that you have with 400 bytes
(hash) => 2^64 = the number of combinations that the hash can hold
I don't need to tell you that for represent something more than 2^64 will generate same "identifications", think about 2^65 ((2^64)*2), the half of values will be collisions, in other words each "identification" can represent 2 different values.
However for each algorithm somethings like the forecast of the collisions would appear distinct from each other.
Well, if you want to know more about hash, here is a link:
http://en.wikipedia.org/wiki/Cryptographic_hash_function
Lets back to the LM hash:
http://en.wikipedia.org/wiki/LM_hash
size: 16 bytes(string)
Windows Passwords:
size: 15 characters long(OEM)
Here we have a good success rate.
The tool:
-------------------------------------------------------------------------------------
Image .iso
http://lasecwww.epfl.ch/~oechslin/projects/ophcrack/
Author: Dr Philippe Oechslin
-------------------------------------------------------------------------------------
Testing
If you want test with a VM like i did.
In Virtual PC:
Menu Bar >> Capture ISO Image... >> ophcrack-livecd-1.2.2.iso
Choose VESA Mode, and just look :)
-------------------------------------------------------------------------------------
Tuesday, February 12, 2008
Learning how Windows NT work
So, anyway here is a simple guide that i tested on windows xp sp2 for install the MS debugging tools, the first step for who is learning how OS work, is start at "startup process".
http://en.wikipedia.org/wiki/Windows_NT_startup_process
The tools that you can use for look how the OS work on NT:
-MS Virtual PC
-Debugging tools for windows
------------------------------------------------------------------------------------
First - Installation
Install MS Virtual PC Link: Click here to download
Install Microsoft SDK Link:Click here to download
------------------------------------------------------------------------------------
Second - the Settings
Note: the target to debug here is a Microsoft Windows XP into one VM(we are using MS Virtual PC)
1.Install the Windows XP on your VM(Virtual Machine), after it edit the boot.ini file, you can do it just following some steps, open the properties of
My Computer" >> Advanced [Startup and Recovery] >> Settings >> Edit.
Now you should see something like this:
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
Copy it to one line below it, but add some little things like /DEBUGPORT=COM1 /BAUDRATE=115200
Should look like:
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /DEBUGPORT=COM1 /BAUDRATE=115200
Now, go shutdown the VM and set up others configurations: in Virtual PC Console choose your VM, go to it settings in COM1 for example and add in Name Pipe:
\\.\pipe\kd That's a IPC that we going to use for debug from the kernel side.
Done it you can start VM if you want, if you do it, choose the second line that you added to the boot.ini(i mean the line that specify the parameters to debug)
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /DEBUGPORT=COM1 /BAUDRATE=115200
Configuring the WinDbg
After you do the previous things do the following:
1.make a .bat file with some contents that i will write below.
if you got the "Windows Symbol Packages" from the microsoft website and unpacked them to c:\windows\symbols...
windbg -y C:\WINDOWS\Symbols -k com:pipe,port=\\.\pipe\kd,resets=0,reconnect
else
windbg -y SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols -k com:pipe,port=\\.\pipe\kd,resets=0,reconnect
later, be sure that VM is running and all settings are done, you can verify the pipe made by VM using follow tool:
Link:Click here to download Run it from prompt(console mode).
Do you see the name kd?
If you see you can go on.
------------------------------------------------------------------------------------
Third - Testing
Now, go to the host window, execute the .bat file that you had created to run windbg,
if you see "Opened \\.\pipe\kd Waiting to reconnect...", go to:
Debug >> Kernel Connection >> Cycle Initial Break.
Now, restart the VM and you get it waiting for your commands. :)
------------------------------------------------------------------------------------
Complementary study
Virtualization(related to MS Virtual PC)
http://en.wikipedia.org/wiki/Virtualization
Reverse Engineering(related to WinDbg)
http://en.wikipedia.org/wiki/Reverse_engineering
------------------------------------------------------------------------------------
Saturday, February 2, 2008
Framework 3.1
"The Metasploit Project announced today the free, world-wide availability of version 3.1 of their exploit development and attack framework. The latest version features a graphical user interface, full support for the Windows platform, and over 450 modules, including 265 remote exploits. "Metasploit 3.1 consolidates a year of research and development, integrating ideas and code from some of the sharpest and most innovative folks in the security research community" said H D Moore, project manager. Moore is referring the numerous research projects that have lent code to the framework." http://www.metasploit.com/
That new version came with more exploits and a better GUI, the browser is not required(it make things better, we know that compatibility between the browsers are not good).
Thanks guys, just it. :)
http://www.metasploit.com