Pages

123

Showing posts with label Network hacking. Show all posts
Showing posts with label Network hacking. Show all posts

June 07, 2014

:Facebook Will Allow Children to Join the Network:

Facebook Will Allow Children to Join the Network


The company is trying to figure out the way to allow children under 13 years old join the social network. It turned out that Facebook has designs for a system that allows children under 13 to be supervised by parents, as the US legislation prohibits children under 13 from using any online services that collect information without explicit “verifiable parental consent”. At the moment, the social network doesn’t allow users under 13 to join.
Screen_Hunter_01_Jun_06_01_05.jpg


Facebook is now trying to address this problem, and the company filed a patent application based on 2-year-old research, but it is not a predictor of future work in this area. According to the patent, the company developed a system of parental supervision. First of all, the parent would have to verify their own identity before allowing the child to create an account. Then parents get access to parental controls tools that would allow to restrict access to specific content, friends and 3rd-party apps like Facebook games. The chances are that a system proving the identity of a parent and their consent would have to be approved by the US Federal Trade Commission.

Despite the fact that the social network prohibits children under 13 from using the website, they still do it. The problem is that verifying a person’s age is very difficult to do online, particularly for people without official government-issued identity papers or other age-related identities.

Security experts explain that the matter is that children are already using Facebook, with or without parental supervision, and they are unlikely to stop getting on there, regardless of Facebook avoiding accepting preteen members. The social network is actively trying to remove underage children – for instance, about 800,000 preteens have been removed from Facebook in 2012 alone. In the meantime, it was also estimated that 5.6 million underage accounts remained active on Facebook, many of them having been created with the help of parents.

The social network claimed that it has nothing to announce thus far in regard to allowing children under 13 to join Facebook, and that the patent application was filed in response to research being conducted in the area, which is not necessarily indicative of future work.

EnjOy..:)
Bugs Of Techn0l0gy

March 26, 2014

:Facebook To Buy Oculus VR, Maker Of The Rift Headset, For Around $2B:

Facebook To Buy Oculus VR, Maker Of The Rift Headset, For Around $2B In Cash And Stock


Facebook has announced plans to purchase Oculus VR, the company behind the Rift headset, for around $2B in cash and stock. This includes $400M, and 23.1 million Facebook shares. An additional $300M earnout will be paid in cash and stock if Oculus hits certain unspecified milestones.
“I’m excited to announce that we’ve agreed to acquire Oculus VR, the leader in virtual reality technology,” said Facebook CEO Mark Zuckerberg in a statement today.
Our mission is to make the world more open and connected. For the past few years, this has mostly meant building mobile apps that help you share with the people you care about. We have a lot more to do on mobile, but at this point we feel we’re in a position where we can start focusing on what platforms will come next to enable even more useful, entertaining and personal experiences.
This is where Oculus comes in. They build virtual reality technology, like the Oculus Rift headset. When you put it on, you enter a completely immersive computer-generated environment, like a game or a movie scene or a place far away. The incredible thing about the technology is that you feel like you’re actually present in another place with other people. People who try it say it’s different from anything they’ve ever experienced in their lives.
Zuckerberg says that their efforts with Oculus will continue to focus on gaming initially, and that the company will continue to operate independently of Facebook. But after gaming, Zuckerberg says, they’re going to expand into a variety of other arenas.
“After games, we’re going to make Oculus a platform for many other experiences. Imagine enjoying a court side seat at a game, studying in a classroom of students and teachers all over the world or consulting with a doctor face-to-face just by putting on goggles in your home,” he says. “This is really a new communication platform. By feeling truly present, you can share unbounded spaces and experiences with the people in your life. Imagine sharing not just moments with your friends online, but entire experiences and adventures.”
Facebook, of course, found early success with games. Social gaming is responsible for a lot of the growth and spread of Facebook as a platform, rather than just a social service. Acquiring Oculus could signal a variety of things, but being able to tap into what is potentially the next big gaming trend is likely one of them. In addition, Facebook has been aggressive about understanding and supporting mobile use cases but only after an initial period of foot-dragging and desktop focus. If VR is ‘what’s next’ then Facebook will want to tap the market early, to avoid any transitional gaffes this time around.
The purchase is expected to close in Q2 of 2014. Oculus has taken over 75k orders for its virtual reality headset so far. Those headsets have both been developer editions designed to get developers interested in playing around with VR technology. The most recent ‘Crystal Cove’ prototype features a full 1080P display and more sensors to detect and position users in virtual environments.
Of course, if you pull the thread of virtual reality out really, really far you could see a future where we’re not talking about the percentage of time people spend on mobile vs. desktop. Instead, we’re talking about the amount of time that people spend in virtual reality vs. actual reality. In that kind of landscape, Facebook starting in on VR early makes painfully obvious sense.
The company has received a total of $93.4M in funding so far from Spark, Matrix, Founders Fund, Formation 8, BIG Ventures and Andreessen Horowitz. Oculus got a big boost in legitimacy recently when one of the founding fathers of 3D gaming..
EnjOy..:)
Bugs Of Techn0l0gy

February 17, 2014

:Surf the Blocked Websites encrypted with Chrome Extension "ZenMate":

Surf the Blocked Websites encrypted with Chrome Extension "ZenMate"


1-Click-Browser-Security-–-Surf-the-Web-encrypted-with-ZenMate

Surf the Blocked Websites encrypted with Chrome Extension "ZenMate"

The Internet is a great place with many possibilities. Unfortunately it’s not the safe place any more that it used to be. Unpleasant surprises from hackers, spying internet service providers, restrictive governments, I.D. thieves, and viruses are often “just around the corner” and users are unprotected, without even knowing it.
With Zenmate, Your Internet connection is highly encrypted and redirected via the ZenMate cloud where our encryption- & acceleration software is installed. To deliver you maximum speed and utmost uptime senmate only rented servers from the most reliable and trustworthy hosting providers around the world. This great choice allows you to choose the location you need to get protection as well as a free, unrestricted and private Internet experience.
Zenmate is the only one browser extension, that are providing SSL encrypted traffic .

Download Google chrome browser extension.
Now you have the option to change your location

1-Click-Browser-Security-–-Surf-the-Web-encrypted-with-ZenMate1

it,s currently free and providing the high speed servers in the five country. You can easily switch to other country location. Your IP is always hidden and your privacy will be protected with ZenMate.

1-Click-Browser-Security-–-Surf-the-Web-encrypted-with-ZenMate1

Enjoy free VPN service with Zenmate.
Bugs Of Techn0l0gy

October 10, 2013

:Remote Access Any Computer Using Chrome:

Remote Access Any Computer Using Chrome

There are many free and Open Source software that is very good for Remote Access. Do you know that remote access is also possible in Google Chrome. Here is the procedure to use Google Chrome to remote access any PC. Check it out.

google_chrome

Chrome Remote Desktop

Download this free extension HERE.

Chrome Remote Desktop extension

After installation click on the ICON which can be found in the Startup page of Chrome.

Chrome remote

Click continue and you will asked to allow access to your data. proceed with allowing access.

Google authorize
You will be asked whether you want to share your own computer to some other system or connect to a shared computer.
share computer in Chrome
If you have clicked “share this computer“, then it will generate automatic sharing code.
Code generated by Chrome remote 

Just send this code to your partner and ask him to enter into the app. After he has entered, he will be able to view your screen

EnjOy..:)
Bugs Of Techn0l0gy

September 29, 2013

: How to hack with IP address:

  Did you know how much stuff you can do with an ip address?

There is a plenty of tutorials  that go into how to get an IP Address from the preferred mark of your choice. Now I will not go into that subject. Alright so say we got the targets IP Address finally. What do we do with this IP Address. Well first you should ping the IP Address to make sure that its alive or how we say online. Now at the bottom I will include some links where you can get some key tools that may help on your journey through the electronic jungle. So we need to find places to get inside of the computer so we can start trying to find a way to "hack" that. Port Scanners are used to identify the open ports on a machine thats running on a network, whether its a router, or a desktop computer, they all have ports. Protocols use these ports to communicate with other services and resources on the network.  Well Blues Port Scanner will scan the IP address that you chose and identify open ports that are on the target box. 

Blues Port Scaner you can download from here:

For example:
Idlescan using Zombie <Domain Name> (192.150.13.111:80); Class: Incremental
Interesting ports on 208.225.90.120:
(The 65522 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
25/tcp open smtp
80/tcp open http
111/tcp open sunrpc
135/tcp open loc-srv
443/tcp open https 1027/tcp open IIS
1030/tcp open iad1
2306/tcp open unknown
5631/tcp open pcanywheredata
7937/tcp open unknown
7938/tcp open unknown
36890/tcp open unknown

In example we see that there are a variety of ports open on this box. Take note of all the ports that you see listed before you. Most of them will be paired up with the type of protocol that uses that port (IE. 80-HTTP 25-SMTP Etc.). Take all that information and paste it into notepad or the editor of your choice. This is the beginning of your targets record. So now we know what ports are open. These are all theoretical points of entry where we could wiggle into the computer system. But we all know its not that easy. Alright so we dont even know what type of software or what operating system that this system is running.

NMAP the Port Scanner has unique OS fingerprinting methods so when the program sees a certain series of ports open it uses its best judgement to guess what operating system its running.

NMAP you can download here:


So we have to figure out what type of software this box is running if we are gonna start hacking the thing right? Many of you have used TELNET for your MUDS and MOOS and weird multiplayer text dungeons and many of you havent even heard of it before period. TELNET is used to open a remote connection to an IP Address through a Port. So this means is we are accessing their computer from across the internet, all we need is their IP address and a port number. With that record you are starting to compile, open a TELNET connection to the IP Address and enter one of the open ports that you found on the target.
So say we typed 'TELNET -o xxx.xxx.xxx.xxx 25' This command will open up a connection through port 25 to the IP xxx.xxx.xxx.xxx. Now you may see some text at the very top of the screen. You may think how is text going to help me. Well It will. Get that list you are starting to write, and copy the banners into your compilation of the information youve gathered on your target. Banners/Headers are what you get when you TELNET to the open ports. Heres an example of a banner from port 25.

220 jesus.gha.chartermi.net ESMTP Sendmail 8.12.8/8.12.8; Fri, 7 Oct 2005 01:22:29 -0400

Now this is a very important part in the enumeration process. You notice it says 'Sendmail 8.12.8/8.12.8' Well what do you know, we now have discovered a version number. This is where we can start identifying the programs running on the machine. There are some instances in which companies will try and falsify their headers/banners so hackers are unable to find out what programs are truly installed. Now just copy all the banners from all the open ports *Some Ports May Have No Bannners* and organize them in the little record we have of the target. Now we have all the open ports, and a list of the programs running and their version numbers. This is some of the most sensitive information you can come across in the networking world. Other points of interest may be the DNS server, that contains lots of information and if you are able to manipulate it than you can pretend to hotmail, and steal a bunch of peoples email. Well now back to the task. Apart from actual company secrets and secret configurations of the network hardware, you got some good juicy info. http://www.securityfocus.com is a very good resource for looking up software vulnerabilities. If you cant find any vulnerabilities there, search on google. There are many, many, many other sites that post vulnerabilities that their groups find and their affiliates.

At SecurityFocus you can search through vendor and whatnot to try and find your peice of software, or you can use the search box. When i searched SecurityFocus i found a paper on how Sendmail 8.12.8 had a buffer overflow. There was proof of concept code where they wrote the shellcode and everything, so if you ran the code with the right syntax, a command prompt would just spawn. You should notice a (#) on the line where your code is being typed. That pound symbol means that the command prompt window thats currently open was opened as root. The highest privilage on a UNIX/Linux Box. You have just successfully hacked a box. Now that you have a command shell in front of you, you can start doing whatever you want, delete everything if you want to be a  jerk, however that is not recommended. Maybe leave a text file saying how you did it and that they should patch their system. Whoever they are. And many times the best thing you can do is just lay in the shadows, dont let anyone know what you did. More often than not this is the path you are going to want to take to avoid unwanted visits by the authorities.

There are many types of exploits out there, some are Denial of Service exploits, where you shut down a box, or render an application/process unusable. Called denial of service simply because you are denying a service on someones box to everyone trying to access it. Buffer Overflow exploits are involved when a variable inside some code doesnt have any input validation. Each letter you enter in for the string variable will be 1 byte long. Now where the variables are located at when they are in use by a program is called the buffer. Now what do you think overflowing the buffer means. We overflow the buffer so we can get to a totally different memory address. Then people write whats called shellcode in hex. This shellcode is what returns that command prompt when you run the exploit. That wasnt the best description of a buffer overflow, however all you need to remember is that garbage data fills up the data registers so then the buffer overflows and allows for remote execution of almost every command available. There are many, many other types of attacks that cannot all be described here, like man-in-the-middle attacks where you spoof who you are. Performed correctly, the slave will enter http://www.bank.com and his connection will be redirected to your site where you can make a username and password box, make the site look legit. And your poor mark will enter their credentials into your site, when they think its really http://www.bank.com. You need to have a small script set up so it will automatiically display like an error or something once they try and log in with their credentials. This makes it seem like the site is down and the slave doenst give it a second thought and will simply try again later.

So as a summary of how to own a box when you only have an IP Address
Method Works On both *Nix and Windoze

You can do the same with domain names (IE google.com) than what you can with IP Addresses. Run a whois Lookup or something along those lines. Or check up on InterNIC you should be able to resolve the domain name to an IP address.

- Port Scan The Address And Record Open Ports
- Telnet To Open Ports To Identify Software Running On Ports

netcat - Network swiss army knife. Like TELNET only better and with a lot more functionality. Both can be used when you are trying to fingerprint software on open ports

- Record Banners And Take Note Of The Application Running and The Version Number
- Take A Gander Online At SecurityFocus.com or Eeye.com. If you cant find any vulnerabilities then search google.
- Make a copy of some Proof-Of-Concept code for the vulnerability.

I will not teach you how to cover your track. This is prohibited and i put that here only for informational reasons.

EnjOy..:)
Bugs Of Techn0l0gy

August 20, 2013

: FACEBOOK 'VULNERABILITY' 2013:

  FACEBOOK 'VULNERABILITY' 2013


Facebook Exploit [ post to facebook users even they are not in friend list] August-2013

Name : Khalil Shreateh  

Address : Yatta-Hebron/Palestine
Job : unemployee :/
Days ago i discovered a serious Facebook vulnerability that allows a Facebook user to post to all Facebook users timeline even they are not in his friend list .
 
i report that exploit through whitehat --> www.facebook.com/whitehat
this email shows my report including facebook security replay : -

Hi Ḱhalil,
I dont see anything when I click link except an error.
Thanks,

Emrakul
Security
Facebook

-----Original Message to Facebook-----
From: kha
****@hotmail.com
To:
Subject: post to facebook users wall .

Name: Ḱhalil
E-Mail: khal
****@hotmail.com
Type: privacy
Scope: www
Description: dear facebook team .

my name is khalil shreateh.
i finished school with B.A degree in Infromation Systems .

i would like to report a bug in your main site (www.facebook.com) which i discovered it .

repro:
the bug allow facebook users to share links to other facebook users , i tested it on sarah.goodin wall and i got success post
link - > https://www.facebook.com/10151857333098885
-----End Original Message to Facebook-----
describing to them about the exploit with a link to facebook post that i made to Sarah Goodin's timeline
Sarah Goodin is the girl that was in the same college with Mark Zuckerberg .
this picture shows the post .



facebook security replay was that the link gives error opening , if course they didnt use their authority to view sarah's privacy posts as sarah share her timeline posts with her friends only , i was able to view that post cause i'am the one who did post it even i'am not in her friend list . that what i told them in a replay and i also told them i may post to  Mark Zuckerberg timelime as this picture shows :  



as usual they ignored my replay so i did report another , this email shows their replay to my second report including the report :


Hi Ḱhalil,

I am sorry this is not a bug.
Thanks,

Emrakul
Security
Facebook

-----Original Message to Facebook-----
From: khali***@hotmail.com
To: 
Subject: urgent : post to non friends facebook users wall . 
Name: Ḱhalil
E-Mail: kh***@hotmail.com
Type: privacy

Scope: www

Description: dear facebook team . 
my name is khalil shreateh. 
i finished school with B.A degree in Infromation Systems . 
i would like to report a bug in your main site (www.facebook.com) which i discovered. 
i'am reporting this bug for the second time.
repro:
the vulnerability allow's facebook users to share posts to non friends facebook users , i made a post to sarah.goodin timeline and
 i got success post 
link - > https://www.facebook.com/10151857333098885 
of course you may cant see the link because sarah's timeline friends posts shares only with her friends , you need to be a friend
 of her to see that post or you can use your own authority . 
this is a picture shows that post : 
https://fbcdn-sphotos-h-a.akamaihd.net/hphotos-ak-ash4/q71/s720x720/999429_10151857336258885_2061448780_n.jpg
-----End Original Message to Facebook-----
i told them that sarah shares her timeline with her friends only as i also sent them a picture shows the post i made to sarah's time line , their replay was " sorry this is not a bug " , so i replay back and i said that i has no choice than to post to Mark Zuckerberg's timeline .  


so i did post post to Mark Zuckerberg's timeline , as those pictures shows :




i told him about the exploit and all the report i sent with a link to the last report including facebook security replay , minutes after a facebook security engineer  Ola Okelola    comment on my picture on facebook asking me to send him all the details about the exploite :

you can see the conversation on this link :  https://www.facebook.com/10151865722018885
a minute after that i got my account disabled ,as they said facebook has all the right to disable any facebook account without any reason given , i made another report asking facebook security to reactivate my account , this is the email shows my report including their replay :
Dear Khalil,

Facebook disabled your account as a precaution. When we discovered your activity we did not fully know what was happening.
Unfortunately your report to our Whitehat system did not have enough technical information for us to take action on it. 
We cannot respond to reports which do not contain enough detail to allow us to reproduce an issue. When you submit reports 
in the future, we ask you to please include enough detail to repeat your actions.

We are unfortunately not able to pay you for this vulnerability because your actions violated our Terms of Service. We do hope,
 however, that you continue to work with us to find vulnerabilities in the site.

We have now re-enabled your Facebook account.

Joshua
Security Engineer
Facebook
-----Original Message to Facebook-----
From: khalil1828@hotmail.com
To: 
Subject: bypass facebook posts to timeline privacy

Name: Khalil Khalil
E-Mail: khalil1828@hotmail.com
Type: privacy
Scope: www
Description: ok , this is the third time i report this bug , 

i know that you guys now know that it’s a bug for sure after 
facebook.com/ola deactivate my account which is facebook.com/khalil.iz.sh

i want my account back soon as possible , as i report the bugs for you and i didnt use another fake accounts or test accounts to
break privacy .

although my account contains important messages that some of my friends need them back .

https://fbcdn-sphotos-d-a.akamaihd.net/hphotos-ak-ash3/1174822_10200988067716575_1496625129_n.jpg

repro:

this the last post i made before " www.facebook.com/ola " deactivate my account ,
i had no choice after you guys replay twice back again to me that this is not a bug . 

https://fbcdn-sphotos-d-a.akamaihd.net/hphotos-ak-prn1/543398_10151865722018885_1202186069_n.jpg

-----End Original Message to Facebook-----
i replay back that facebook report page has a " prove concept " and i cant prove without sending pictures or video . that is bullshit
after my second report i record this video which shows the exploit , i was rush recording it cause they was able to close that exploit in any second :

EnjOy..:)
MamoOn..

March 12, 2012

:How to Trace Any IP Address:

How to Trace Any IP Address


In my earlier post I had discussed about how to capture the IP address of a remote computer. Once you obtain this IP address it is necessary to trace it back to it’s source. So in this post I will show you how to trace any IP address back to it’s source. In fact tracing an IP address is very simple and easy than we think. There exists many websites through which you can trace any IP address back to it’s source. One of my favorite site is ip2location.com.
Just go to http://www.ip2location.com/demo.aspx and enter the IP address that you want to trace in the dialog box and click on “Find Location”‘. With just a click of a button you can find the following information for any given IP address.
1. Country in which the IP is located
2. Region
3. City
4. Latitude/Longitude
5. Zip Code
6. Time Zone
7. Name of the ISP
8. Internet Speed
9. Weather Station
10. Area Code and
11. Domain name associated with the IP address.
A sample snapshot of the results from ip2location.com is given below
ip2location_results
You can also visually trace route any IP address back to it’s location. For this just visit http://www.yougetsignal.com/tools/visual-tracert/ and enter the IP you want to trace in the dialog box and hit the “Proxy Trace” button. Wait for few seconds and the visual trace route tool displays the path Internet packets traverse to reach a specified destination. Hope this helps. Please pass you comments.
EnjO.. =))
MamoOn..