Paypal closes its doors to India – Alertpay, the second choice…

Paypal dropped bomb on the Indian online entrepreneurs who use their servies for online transactions. A run through  Paypal's official announcement sates that starting this march 1st, you will not be able to receive payments that exceed $500 per transaction. Also, you won’t be able to keep any money in your PayPal account,all the money shall be transferred to your Indian bank account within 7 days.Rubbing salt to the injury, the final blow comes as you will not be able to purchase goods using your Paypal account. You can read the official story here

If you want to transfer money, then you need to transfer your money from your credit card to the paypal account. Guess they have gone nuts as pissing of a whole subcontinent of customers is not a very good idea. I already packed my stuff to move on to Alertpay, its convenient & it gives me money too :) You too can earn money using it. 

Sign up by clicking the button below..

Earn money with AlertPay

 

Why Alertpay ?

• Its convenient than Paypal.
• If you have a Paypal account already (like me), nothing is lost in getting an Alertpay one :)
• I cant trust Paypal anymore.. neither you should.
• More flexible..

A gentle advice :  Move on to Alertpay before Paypal backstabs you.. click here to join Alertpay..

 

 

Like this post ? "Join AlertPay"

Facebook bug in the page insights – Post Insights bug

Guess facebook has got one more bug in it.. while I was posting content on Prohacks facebook fanpage, i clicked on  insights button which is available only to admins. I was tempted to see the insights as from sometime, my page insights were not consistent in nature. Hence, I selected like november 2010 to jan 2011, & see what I got -

 

yep.. it rolls back to the summer of 69 :D everything goes down to zero, the month, the date, the stats..I tried again & got the same result.

I googled it & got a result that facebook is fixing post insights bug, but that one was unrelated to it. Anyone else getting the same result ?

 

Like This post ?  You can buy me a Beer :)

Playstation Phone (Xperia Play), PSP2 Unveiled – rumors confirmed

Months of rumor are finally confirmed when at “Playstation Meeting” Kazuo Hirai unveiled PSP2 ; whilst simultaneously, engadget got its hands on the “Playstation Phone” or shall I say “Xperia Play” . In a pre-review, engadget commented on its durability, playstation pad style buttons, and capability of running games. However they still were not able to verify the processor inside it & were unsure how games will be developed & delivered on the phone. They tested emulated playstation games on it which ran fairly smoothly.

The expected specs are -

• PlayStation style controller
• 4-inch 854 x 480 LCD touchscreen
• 512MB RAM
• Up to 1GHz processor
• 5 Megapixel camera
• Wi-Fi Connectivity
• Android 2.3 Gingerbread operating system

PSP2 has been dubbed as Next Generation portable & is the world’s first 3G hand held gaming device. Dubbed as “Next Generation Portable” ,the new PSP2 promises image & animation quality at par with Sony Playstation 3. The expected specs are -

• Wi-fi and 3G connectivity
• Five-inch long OLED touch panel
• Rear panel touch pad
• Motion sensor
• Front and rear cameras
• Dual analogue sticks
• Oval design
• 182.0 x 18.5 x 83.5mm

Hmm..guess a lot of competition will be there in the handheld market with Nintendo arriving with 3DS..

You might also like to play Playstation & Playstation 2 games on PC, read the following articles -

1. How to Play playstation 1 games on PC
2. How to Play Playstation 2 games on PC

Cheers..

 

Like This post ?  You can buy me a Beer :)

Mousezahn - Open source free fast traffic generator and packet crafter tool

Mausezahn is a free fast traffic generator written in C which allows you to send nearly every possible and impossible  packet. It is mainly used to test VoIP or multicast networks but also for security audits to check whether your systems are hardened enough for specific attacks.

Mausezahn can be used for example:

• As traffic generator (e. g. to stress multicast networks)
• To precisely measure jitter (delay variations) between two hosts (e. g. for VoIP-SLA verification)
• As didactical tool during a datacom lecture or for lab exercises
• For penetration testing of firewalls and IDS
• For DoS attacks on networks (for audit purposes of course)
• To find bugs in network software or appliances
• For reconnaissance attacks using ping sweeps and port scans
• To test network behavior under strange circumstances (stress test, malformed packets)

Mausezahn is basically a versatile packet creation tool on the command line with a simple syntax and context help. It could also be used within (bash-) scripts to perform combination of tests. By the way, Mausezahn is quite fast; when started on my old PIII-Laptop (1.4 GHz, Gigabit Ethernet) I measured 755 Mbit/s using the interface packet counters of an HP ProCurve 5400 switch.

Currently Mausezahn is only available for Linux platforms. Please do NOT PORT Mausezahn to Windows! (Here is a nice explanation why; I really share Felix von Leitner’s point of view.)

Yoiu can download Mausezahn here:

mz-0.40.tar.gz

Or read more here.

Like This post ?  You can buy me a Beer :)

Crazy Cabbie, Crazy Taxi score hack – learn how to hack crazy cabbie game score

Facebook & Orkut have a lot of flash games nowadays, and you might have played games there & might have wished if  you can create a highscore in any game. Videogame hacking is easy, flash game hacking is easier. You only need a right set of tools & some time to do that. Today I will be writing a tutorial on how to hack crazy cabbie game or how to hack crazy taxi game on facebook or orkut or on any prominent social networking website. You will need -

• Internet Explorer – yep..this is quite vulnerable to memory injections..thats why. Comes packed with windows.
• Cheat Engine – quite prominent tool to hack flash applications & games. Download it here
• Time – umm..now thats upto you.

Open Internet explorer & login into facebook.

 

Go to crazy Taxi / Crazy cabbie page , & open application.

Now open cheat engine.

 

On the menu bar, click on computer button to select a process, click on iexplore.exe (Internet explorer process) & click on open.

Cheat engine now will be attached to the Internet explorer.

Now in the browser, play the game

and intentionally lose.

Now open cheat engine, click on  “Enable speed hack “ & give a value of 100 to 400 in the input, & click on apply.

 

Now make sure as you do it you “KEEP PRESSING UP ARROW KEY”, click on the play again link & voila..

easy huh ?

 

This hack is applicable on Crazy cabbie, crazy taxi and their clones & more racing facebook games . You can make as much score as you want. This was a simple tutorial on hacking crazy taxi / hacking crazy cabbie games.

stay tuned for more :)

Like This post ?  You can buy me a Beer :)

3 excellent sites for hackers – perl , reversing & searching

Sometimes I marvel at the internet, even more than usenet somehow. The sheer amount of information it holds for us &  almost everything is waiting to be discovered. I have blogged about some of the best resources for security enthusiastic at my own website before at

• 5 hacking sites for budding hackers
• 5 more hacking sites for budding hackers
• 5 hacking sites for security basics

Here I come again with 3 more hacking websites or security websites which you didn't know about :) Before I go, let me repeat my words again, don't ask me

“ how to be a hacker ? “ or “how to hack” or “how to hack someone”

Nobody can make you a hacker, its your passion, attitude & dedication that can make you one. These are sites which satiate my security lust & constitute a major part of my web surfing & have excellent resource on reverse engineering, shellcode, linux , exploits & underground scene.

 

Okidan’s Perl Paradise

A very good site of yester years on cryptography, perl & hacking maintained by Okidan, the site has not been updated since a long time, but its worth every shred of info you can get here.

 

Phiral

Again, a very good site which has a good collection of articles on shell code, reverse engineering, papers & mirrors of Phrack , Blackhatbloc & Fravia’s Searchlores. A must visit..

 

Searchlores

Fravia was a legend in reversing scene, his techniques & style are renowned & he has been hailed as the greatest reversers of all time under the alias of the Old Red Cracker (ORC) . His website has meticulously collected pdfs on security, his favoritism of opera & searching techniques (basic, intermediate & advanced) .

cheers

 

Like This post ?  You can buy me a Beer :)

Truth about facebook password hacking - How not to get hacked

You might have seen a lot of websites that offer to hack Facebook passwords, some claim to hack them using the expertise they gained in last X years , some claim to hack it using previously existing loopholes & some say we submit it to hackers & act as brokers. Goes same for Facebook password crackers, Facebook password stealers or Facebook password cracker software ..

Type “Facebook password hacker” or “Facebook Password Stealer” in Google & see for your self. Countless results of websites who claim to hack Facebook passwords or help you to steal Facebook passwords or hack Facebook accounts.

Its all bullshit. Folks..there is NO Facebook Hacking Software, no Site that can Hack Facebook. It all seems like the early 2000 “Hack any email” websites or Free Email hacking software who made a fool of people by claiming that they can hack email ids.

have a look at it, this is a typical FAQ of a typical website which claims to hack Facebook passwords.

 

 

Facebook password hacking needs VB 1337 skills ? I get it, PHP & perl may make sense as Facebook has fair share of PHP, but VB ? do they try trojan programs on the users ? Also, NO GURANTEE clause adds up to it..sheesh.

So ? what's the truth then ?

Ah well..these websites demand 100$ to 300$ per account for hacking facebook & get you Nothing..yep..Nada..zilch..absolutely nothing. You might be in luck if the target of yours has a weak password that might be broken using bruteforcing in mobile website of Facebook , but to be frank, I have yet to meet such lucky guy. As for facebook password cracker software, any company or website that claims to hack password using software usually show a md5 hash of the password which is nearly indecipherable by a normal user and social engineer him into buying that facebook hacking software.

There is an general rule in password hacking & hacking tools,

hacker release their tools in public when they become obsolete to them.

Get smart folks.

Till then..

stay gold

 

Like This post ?  You can buy me a Beer :)

Microsoft Data Access Components Vulnerability - Pwn2Own heap overflow

In pwn2own 2010 Peter Vreugdenhil founder of Vreugdenhil Research, Holland found a vulnerability in Microsoft Data  Access Components which allowed him to pwn windows. The vulnerability was a int wrap during heap allocation which was later used to store a bit more information then would fit in there. To be more specific as he explains at his blog -

<XML ID="xmlid1">
<Devices>
<Device>
<AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA />
</Device>
</Devices>
</XML></pre>

Inside an HTML file would give you access to what is called an XML Data Island. This is actually acts as an database interface. You can query the XML data, retrieve rows and data and add more rows. The underlying object is an MSAdo object.
The db objects exposes a property called ‘CacheSize’ that you can use to determine how many records it should keep in its cache. Internally the CacheSize is multiplied by 0×4 and then 0×10 is added (I am typing this from memory so I might be a bit off, but the rough data is correct).

You can read about the vulnerability at Vreugdenhil Research .

Pwn2Own – Paper by Peter Vreugdenhil

 

Like This post ?  You can buy me a Beer :)

Learn how to connect Yahoo, Gmail and Facebook accounts – A tactical move by Yahoo

I never imagined that this can happen , this morning, Yahoo brought me pleasant surprise of connecting my Gmail  account with my Gmail one, & even my Facebook id. Wow !!! Think about one world theory :) Yahoo states that the transition will take some time.Like the hell I care..

I quickly connected my Gmail account to check if it works, voila it worked seamlessly, now you can sign in into one ID & can enjoy the benefits of Gmail & Yahoo simultaneously. Here is how you can do that.

Go to Yahoo mail & click on the respective Gmail button.

 

Once done, Google will prompt you if you want to grant access to Yahoo, click Allow to do that.

 

 

Once done, you will be prompted to enter username password & other fields, click on top link to sign in if you already have a Yahoo Id. Enter your Yahoo Id & click sign in..

 

Voila.you are done :) Now you have all the goodies of your social world at one place :)

Why Yahoo did that ?

Seeing that it has dropped down to 4th rank worldwide according to Alexa, yahoo quickly had to make a move..First Google, then Facebook & Youtube. Seems like everybody was trampling it over & getting ahead. So it was a tactical move to entice the the Google followers to have a piece of Yahoo :)

(click on image to see the top sites)

as the old adage says,

If You Can't Beat 'Em, Join 'Em ..

A tactical move by Yahoo :)

 

Like This post ?  You can buy me a Beer :)

Pro Hack Version 3.0 Changes – Mobile version released

Before I start posting in full, I would like to enumerate Prohack ver3.0 changes, so that you get familiar with the site. Trust me, you will agree that Prohack is better than ever as of now & it will continue to improve. I have experimented with wordpress, It was nice, but I will hold on till I get a superb hosting & a template that completes my set of requirements. Hence forth, the major changes are -

• Mobile version – Yep, a brand new mobile version of website is live at

http://m.theprohack.com

You can access the mobile version by clicking on the top bar link too

 

• Brand new theme – The most obvious change is the theme of Prohack, its minimalistic & other elements will enhance its looks. Bare me with me :)

 

• More streamlined interface – The interface has been stripped down to bare minimum with navigation streamlined to maximum extent. I got a lot of feedback (100+ mails) regarding the look of website & implemented the most sought out changes here.

 

• Faster loading time – Now thats a real gem. the loading time has been decreased by more than 55% to 4.38 seconds as compared to staggering 11 seconds earlier. See the stats for Prohack & Mobile version courtesy of GTmetrix , click here to see the actual stats in realtime . Also, better Yslow & Pagespeed scores have been attained, as compare to older version which scored way below in both these parameters.

 

 

 

• Advertising rates shed down – The name says it all, go to advertising section for more details.

 

• Pagerank 4 – Once again :) It was a real charm to have a Pagerank 4 from 3 :)

 

• Less advertisements - Or you can say less advertisements that come into your way while you are surfing :)

 

• Brand new propaganda – Its what I leave upto You to decide. However I will be having a tactical shift to more tech oriented articles with practical guides.

 

Plus, small changes have been implemented at the website, which you will experience in your stay.

 

                       

 

Feedback..the most important part of the whole change, please drop an email to me at

admin@theprohack.com

 

Cheers

 

- Rishabh Dangwal

“xero”

Duke Nukem Forever drops on May 3 – Get ready to kick some alien ass

“It's time to kick ass and chew bubble gum... and I'm all outta gum”

Yep..Duke is back :) After 12 years of waiting, Duke Nukem Forever has given up its “ForNever” status with backing from Gearbox software. The reveal trailer kicks ass, great music, shaking booties, kicking alien ass, crazy one-liners & best of all , Duke is back !!! You can check out the cool trailer below -

Man..its carnage..It all started with Duke when he was a whimp, but Duke 3d brought out the best of Duke in all his manliness. Even today it is a classic, the series spawned a lot of Duke titles but the “Forever” became infamous due to the development hell it was facing. The closing of 3D realms led to a lot of speculation regarding series future..but then, Gearbox stepped in & now we are orgasming over Duke Nukem Forever. The game is set to release on May 3 in North America & May 6 Internationally.

Cant wait to play it…

“ Nobody steals our chick..& lives ”

Like This post ?  You can buy me a Beer :)

First DOS based virus celebrates silver jubilee

Yesterday the world celebrated the silver jubilee of DOS based computer viruses, yep, 25 years ago 2 Pakistani brothers Basit & Amjad Alvi wrote what would become an inspiration for the future virus writer - The Brain Virus. It was initially a copyright protection measure which protected their proprietary software from piracy by replacing the boot sector of an infected floppy disk with malicious code , thus moving the real boot code to another part of disk. It also slowed disk access & some unfortunate disks were rendered useless by it. Furthermore, all other floppies that were inserted on the infected machine would get infected but Brain did not copy itself to hard disk drives.
The flipside? Well..The Lahore-based Alvi brothers were upright about their actions & even included far their names and business address in the malware code.

Welcome to the Dungeon
© 1986 Basit & Amjad (pvt) Ltd.BRAIN COMPUTER SERVICES
730 NIZAB BLOCK ALLAMA IQBAL TOWN
LAHORE-PAKISTAN
PHONE :430791,443248,280530.
Beware of this VIRUS....
Contact us for vaccination............ $#@%$@!!

The virus infected machines in even US & UK, quite peculiar for a malware that was targeted at copyright violators. Times have changed..This virus was targeted at copyright violators, & was a curious attempt for the motivated, by the motivated. But today, every other virus would evolve into a Zombie botnet client.
As quoted by EL Reg

“Thanks to Alvi brothers could never have imagined we'd get here, even though they arguably helped pave a small part of the way towards a world of Windows malware. “

Like This post ?  You can buy me a Beer :)

Posted by XERO. ALL RIGHTS RESERVED. 

Linux Bot owned – Vulnerability makes botnet at Risk

Trojan.Jnanabot, or alternately as OSX/Koobface made waves in security scene when it was discovered that it can attack  Linux/Mac OSX machines (Windows ones included). The trojan once installed, hid itself inside an invisible folder & communicated using strong encryptions. The host can be forced to perform vanilla attacks like DDOS, Facebook profile status updates (obviously fake ones) & some other ones. Holy crap, i m forced to eat my words back .. Now out of blue,researchers at Symnatec uncovered a specific weaknesses in the bot's p2p functionality that may allow rival criminals to remotely hijack the botnet or plant files on the victim's hard drive.

“Even though it's encrypted and even though it was written in Java to make it cross-platform, it was still vulnerable to basically a directory transversal exploit,”

exclaimed Dean Turner, director of Symantec's Global Intelligence Network. He added -

“From a technical perspective, it goes to show that even if you have all those things where you're building in a secure platform, if you're not building application security into your malware, other bad guys will probably take advantage of it.”

P2P function is designed to make botnets harder to take down by providing multiple channels of communication. Once a website sends a single GET request to an infected host, it can discover all the info needed to upload any file to any location on host, furthermore,attackers can then install a simple backdoor & can totally own the machine.

Interestingly, statistics by Symnatec show that the bot’s favorite host platform is Windows - 85 % & Mac comes 2nd by 15 % . They didn't show any infections on Linux machines. Speaking of botnets, you might want to read about Project Blackout too ..

source : El Reg

Like This post ?  You can buy me a Beer :)

Posted by XERO. ALL RIGHTS RESERVED.

Welcome to Version 3.0

Hi folks ..

I believe you will be pissed off as the website was experiencing a lot of ups & down recently, broken feeds, unfinished redirections, error 404, error 500 .. the list goes on.. My move on wordpress was quite shaky ( bad dns resolution, non availability of internet, exams..jesus ) & the only thing I can say as of now is that I am back to blogger, this time with quite minimalistic look, which will be updated with time (as i tweak css in my free time). Prohack has changed, yep, a lot. The new template is designed by splashytemplates & i kind of liked it. Its quite low on resources & saves my happy ass & time as of now.

Please review my website & suggest improvements, till then, welcome to Prohack ver.3.0

 

 

- Rishabh Dangwal

 

Like This post ?  You can buy me a Beer :)

Posted by XERO. ALL RIGHTS RESERVED.

Errata guide to Ettercap GUI - through trial, error & experience.

Ettercap is one of the best sniffing tools available to day, but when it comes to using it on non-security-distro's on which it is not pre-configured to use with like Fedora , you might land into some problems like me. It all started on a sunny day when I actually thought to try it on Fedora Linux.

PS : I wont be covering ncurses as its quite easy & offers little to no hassles in operations, gave me no errors in operation strangely.

Anyways..I installed ettercap it by typing -

[root@zion xero]#su
Password:
[root@zion xero]# yum install ettercap

or

[root@zion xero]# yum install ettercap-gui

( I actually had problems with this one..)

Yum resolved dependencies & installed it, I ran it on my local lan network assuming to run it on default configuration.

[root@zion xero]# ettercap -T -Q -M ARP //192.168.1.3

It successfully captured all the packets & I was able to get details about capturing.   The real problems started when I started to run it on GUI mode.

[root@zion xero]# ettercap –G

well, the gtk gui popped up & prompted me to the stuff. I quickly pressed shift + U to choose network interface ( in this case my local lan network hooked up to my roommates laptops ), & chose 'eth0' the default Ethernet interface. I went ahead by scanning for hosts by pressing "ctrl + s" & bam..it crashed.

ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA

Ooops ! This shouldn't happen...

Segmentation Fault...

Please recompile in debug mode, reproduce the bug and send a bugreport

okay..I got it..it might need to be crashing cause it has not been updated since a long time. Ah well, I compromised it by scanning partially for hosts & then running it. Again, I chose the host, added it to my target,mitm & started ARP poisoning (using the menu) & then started with unified sniffing.

I got nothing.

Realizing it was not backtrack, I sensibly closed it ( rearping the network..not by deliberately closing it like windows users do by abusing the [X] button) & opened etter.conf

[root@zion xero]# vi /etc/etter.conf

& uncommented the iptables option to look like this

# if you use iptables:
redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"

saved it, ran it again.

Again, the same drill, partial hosts scanning,target selection,mitm,arping,sniffing.

bang, I got nothing..again.
I looked at the console output & found -

[root@zion xero]#
ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA

iptables v1.3.3: can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.

wow..I am running the program as root , edited the read only file as root & all i got was to upgrade my kernel ? bullshit! Anyways..back to etter.conf , this time I changed the privileges to 0

[privs]
ec_uid = 0                # nobody is the default
ec_gid = 0                # nobody is the default

The program ran & the error went away :)

but still..i was unable to capture anything in the GUI mode, guess the more user friendly you make it, the more hassles you add with it...sheesh. I was into new stuff like after 10 minutes of waiting I got this -

SEND L3 ERROR: 44 byte packet (0800:06) destined to 192.168.xxx.xxx was not forwarded (libnet_write_raw_ipv4(): -1 bytes written (Operation not permitted)

great...now this was what I was talking about. Now this really got me moving. Its not like everyday when you can target a network in CUI using one command of a program but using a GUI has a lot of strings attached.

Now I did everything very carefully, although I was still not able to figure out the real reason of "Segmentation Fault problem" , but I guess everything works fine if you do it like this -

Configure etter.conf like I stated above, set uid to 0 & uncomment iptables section.

run ettercap using kdesu, yep ran it with elevated privileges in kde environment to avoid "cant initialize iptables error".

[root@zion xero]# kdesu ettercap -G

give your password , & choose network interface (shift + U).

Once done, please be patient, open a new terminal window, change to root & type this command (forwards packets, avoids error :P ) -

[root@zion xero]# echo "1" > /proc/sys/net/ipv4/ip_forward

it will avoid the "SEND L3 ERROR" . Once done, do your drill & you will be "finally" able to capture data using GUI. For the rest of elites out there, I guess

[root@zion xero]# ettercap -T -Q -M arp:remote -i eth0 /192.168.1.3/ //

seems to work :) man..what a trip.. I would choose wireshark over it anyday..

Happy new year once again..

 

Like This post ?  You can buy me a Beer :)

Posted by XERO. ALL RIGHTS RESERVED.