Root777 » Pen Testing

The Most Popular Usernames and Passwords, a Visual Representation

Ajit Gaddam — Wed, 15 Sep 2010 23:55:03 +0000

Dragon Research Group has compiled a list of the most popular usernames and passwords that are prevalent by SSH scanners/brute forcer attackers. It does not relate to popular account credentials such as the RockYou password research.

Popular SSH Usernames

Popular SSH Passwords

Ethical Hacker Network Challenge : Miracle on Thirty – Hack Street

Ajit Gaddam — Sun, 08 Aug 2010 12:52:23 +0000

The results for the Ethical Hacker Network Challenge – Miracle on Thirty Hack Street are finally in and I won a Technical Honorable Mention!

The challenge was pretty good and was focussed on Facebook security or insecurity rather. Before I list my answers to the challenge, make sure to check out my blog post on Facebook privacy settings guide. The objective of this hacking challenge was to access a file on someone’s account. The way to access that person’s Facebook profile was to add that person’s friend to my friends list and then misuse the “share with friend of friends” privacy setting on Facebook.

Check out the challenge first before scrolling down and see if you can solve it first.

Challenge Question # 1: What is the name of the following mathematical property? If a=b and b=c, then a=c.

The mathematical property is that of a Transitive relation

Challenge Question # 2: What FQL query or API call can be used to retrieve information about vacations from Kris Cringle’s (uid 100000565751882) Facebook account?

fql.query is : SELECT content FROM note WHERE uid = “100000565751882”

http://wiki.developers.facebook.com/index.php/Note_(FQL)

The output

While nothing can be as important to me as the night of the 24th, vacations with Mrs. Claus are a very close second! (Don’t let her know that.)

We have done many things over the years. disney was a blast. I will stay at the Swan and Dolphin again!

hawaii was tons of fun, even if Mary got a sun burn.

washington dc was impressive. I really liked the National Cryptographic Museum. The Enigma machine was cool.

norway was definitely the best though. Not only will I always remember that trip, but it will be part of my daily life from now on!

Challenge Question # 3: What Facebook privacy setting allowed this data leakage? What is the default value of this setting?

The privacy setting is Posts by Me which controls privacy settings for status updates, links, notes, photos, and videos.

The default privacy setting is not “Everyone” as a different account who is not a friend of Fred Gailey returns an empty string to the fql query from Question #2. This also rules out “Only Friends” option as well. The conclusion is “Friends of Friends” privacy setting. Santa needs to strengthen his Facebook security

Challenge Question # 4: What is the text from the decrypted message from the Judge?

The hints for the passphrase were the lowercase locations of disney, hawaii, washington and norway.

Trying them resulted in the secret passphrase being norway. The decrypted pdf file content:

December 9, 1901

Dear Mr.Santa,

My mom asked me to write you this letter with my Christmas wish list. I’ve always wanted a Righteous Bison Indivisible Particle Smasher for Christmas. I will use it for good – I promise!

Here is a picture:

I’ve tried to be a very good boy all year.

Thank you,

Henry X. Harper

Age 10

P.S. My middle name is “X-mas”!

P.P.S. Someday, I hope to be a judge when I grow up!

Bonus Question: What other information can you pull from the Kris Cringle Facebook account (uid 100000565751882)?

1. Photo Albums and Profile Picture

http://www.facebook.com/photos.php?id=100000565751882

http://www.facebook.com/album.php?aid=-3&id=100000565751882

fql query:

SELECT aid, cover_pid, owner, name, created, modified, description, location, link, size, visible FROM album WHERE owner=100000565751882 AND aid IN (aid)

Gives us the link to all the 18 photos and profile picture links. From there, we can navigate to the full four photo albums of Hawaii, Disney, Washington and Norway.

2. Profile picture, profile last updated time, timezone, locale, notes count, note title

fql query:

SELECT name, pic, affiliations, profile_update_time, timezone, notes_count, locale FROM user WHERE uid=100000565751882

Profile picture: http://profile.ak.fbcdn.net/v22939/1987/118/s100000565751882_350.jpg

Profile updated: 1260040422 UNIX time or Sat 5 Dec 2009 at 7:13:42PM GMT

Timezone: GMT -5 or Eastern Standard Timezone

Notes Count & Title: 1 note called Vacations

How to crash Google Chrome

Ajit Gaddam — Fri, 05 Sep 2008 01:25:16 +0000

Google claims that its browser Google Chrome is able to isolate events that may crash a browser, isolated within those individual tabs. However, an issue exists with how Google Chrome handles undefined handlers in chrome.dll version 0.2.149.27 which is the latest version of the browser. A crash can result without any user interaction.

When a user visits a malicious link which has an undefined handler and followed by a special character, the browser crashes. You can also crash the browser by typing the characters :% in the Chrome URL bar. Google Chrome crashes with a message ” Whoa! Google Chrome has crashed. Restart now?”

Tested on : Windows Vista SP1, Windows XP SP2, Windows XP SP3

Howto: Type :% in the Google Chrome URL bar

Google Chrome crashes with all Tabs

Proof of Concept:

Note: Do not hover over the link below if you are currently using Google Chrome and running something critical. Google Chrome actively links to any URL in any page. So, you don’t even have to click on the link below for Google Chrome to crash. A mere hover will do.

PoC Working exploit to crash Google Chrome:
Click for a demo HERE

According to SecuriTeam, it crashes on “int3″ at 0x01002FF3 as an exception/trap, followed by “POP EBP” instruction when pointed out by the EIP register at 0x01002FF4

UPDATE (9/7/2008): Google has patched this vulnerability in Chrome. They released an update to the browser. Please make sure you update your current version to 0.2.149.29

Physical Security & Information Gathering

Ajit Gaddam — Mon, 31 Mar 2008 22:12:52 +0000

This is a great presentation by Johnny Long at Defcon. He talks about how easy it is to gain access to secure locations without any “hacking” aka physical security.

Click here to view the embedded video.

The History of Hacking

Ajit Gaddam — Fri, 01 Feb 2008 03:36:07 +0000

Discovery Channel played a very interesting documentary titled “The History of Hacking”. This goes into the whole history of hacking starting with phone phreaking and Blue boxes and to the present state of hacking.

However, a significant portion of this documentary tackles Social Engineering especially the most famous or rather infamous social engineer of all, Kevin Mitnick. Folks in Computer Security should definitely read up on Kevin Mitnick’s books , The Art of Deception and The Art of Intrusion, both very interesting reads.

Click here to view the embedded video.