Hey guys,
Sorry haven't posted a single thing in ages but I'm close to finishing my senior year and kinda busy. Anyways, i just have to post this, as me myself am using the dir300. This exploit was posted to bugtrack and I thought I'd share.
dir300
Rename the above file to .php and execute
Thursday, November 11, 2010
Thursday, July 22, 2010
/dev/urandom saves my day
Hi guys,
It has been a long time since I have last posted something on my blog, I have been very busy with my senior year and have not been able to post anything due to upcoming exams that happen almost every other week, but I have still be reading and researching on security stuff.
Anyway, I have been recently researching on password recovering and for those who don't know I have created a collection of password recovery related scripts in perl on google code http://code.google.com/p/kalgecin feel free to checkout the svn.
I have been downloading ophcrack vista live cd on my friends internet that is fast. Well we reached 99.8% and the power went off, withit the internet and others.Well I mounted the .iso on /mnt and performed md5 checksum on the files. I showed several IO errors because the image was not complete and the table3.index did not match the checksum. Damn it, so I decided to eliminate the IO error by using dd to add some bytes to the .iso so that the memory of the iso will match the memory of the image. I performed the checksums again, this time without any IO errors and WOW the table3.index showed OK! I tried doing the same again just to see if it were the random bits that completed the checksum or just the memory space, but couldn't get the checksum right again.
Well that shows that i was just lucky that time. But I still did finish the download on my VERY slow internet that is at most 3KB/s and all the checksums fell into place.
It has been a long time since I have last posted something on my blog, I have been very busy with my senior year and have not been able to post anything due to upcoming exams that happen almost every other week, but I have still be reading and researching on security stuff.
Anyway, I have been recently researching on password recovering and for those who don't know I have created a collection of password recovery related scripts in perl on google code http://code.google.com/p/kalgecin feel free to checkout the svn.
I have been downloading ophcrack vista live cd on my friends internet that is fast. Well we reached 99.8% and the power went off, withit the internet and others.Well I mounted the .iso on /mnt and performed md5 checksum on the files. I showed several IO errors because the image was not complete and the table3.index did not match the checksum. Damn it, so I decided to eliminate the IO error by using dd to add some bytes to the .iso so that the memory of the iso will match the memory of the image. I performed the checksums again, this time without any IO errors and WOW the table3.index showed OK! I tried doing the same again just to see if it were the random bits that completed the checksum or just the memory space, but couldn't get the checksum right again.
Well that shows that i was just lucky that time. But I still did finish the download on my VERY slow internet that is at most 3KB/s and all the checksums fell into place.
Tuesday, February 9, 2010
End CD Age?
Some time ago, I read about the end of CD's coming soon. Well, i didn't actually belive that, but yesterday I had to agree with that. I had downloaded a Fedora 12 Live CD and DAMN... I didn't have any empty CD lying around. Well waht the hell should i do? Run to the shop and buy a CD-R ? Well not exactly I had another Idea. I took my 1GB flash disk and did
# dd_rescue /dev/sdb /home/kalgecin/FLASH.img
# dd_rescue Fedora-Live.iso /dev/sdb
Booted my laptop from the flash disk (by the way the bootup time was way faster) and installed the Fedora (againg increadably fast). The did
#dd_rescue /home/kalgecin/FLASH.img /dev/sdb
and BOOM! I have my data on my flash back, I have the Fedora installed!. For the DVD version lovers, you can do the same with an 8GB Flash (Or 4GB if it's less than that cos Full DVD is 4.6GB).
Happy Fun :)
# dd_rescue /dev/sdb /home/kalgecin/FLASH.img
# dd_rescue Fedora-Live.iso /dev/sdb
Booted my laptop from the flash disk (by the way the bootup time was way faster) and installed the Fedora (againg increadably fast). The did
#dd_rescue /home/kalgecin/FLASH.img /dev/sdb
and BOOM! I have my data on my flash back, I have the Fedora installed!. For the DVD version lovers, you can do the same with an 8GB Flash (Or 4GB if it's less than that cos Full DVD is 4.6GB).
Happy Fun :)
Monday, December 21, 2009
Also on Opera!
For those with opera accounts, I'm also on opera as kalgecin and bloging there also. my.opera.com/kalgecin/blog. Feel free to add me as a friend
Tuesday, December 15, 2009
The power of crack.pl[.rb]
I've generated 5GB of rainbowtables with crack.pl and set to work. Visited md5decrypter.co.uk and downloaded their uncracked hashes(over 100K!) opened msfconsole loaded crack plugin and started to lookup the hashes. After 6 minutes, it looked up all the 100K hashes and cracked about 23% !!
One of the powers of the crack.pl framework is the ability to create rainbow tables from the wordlist, no other rainbow table cracker does this (correct me if i'm wrong) and the lookup of a hash is instant! almost no delay!
enjoy your holidays ;)
One of the powers of the crack.pl framework is the ability to create rainbow tables from the wordlist, no other rainbow table cracker does this (correct me if i'm wrong) and the lookup of a hash is instant! almost no delay!
enjoy your holidays ;)
Friday, December 11, 2009
Crack.rb
Hi guys,
as promised, i've added something new to the crack.pl project. I've added a Metasploit plugin! just copy the crack.rb file into your metasploit plugin folder and load it! you can use your existing tables folder with the metasploit plugin
# sudo mount --bind /path/to/crack.pl/tables /metasploit/data/crack.rb/tables
This will bind your existing tables to the metasploit directory!
The plugin is in the svn repository
as promised, i've added something new to the crack.pl project. I've added a Metasploit plugin! just copy the crack.rb file into your metasploit plugin folder and load it! you can use your existing tables folder with the metasploit plugin
# sudo mount --bind /path/to/crack.pl/tables /metasploit/data/crack.rb/tables
This will bind your existing tables to the metasploit directory!
The plugin is in the svn repository
Wednesday, December 9, 2009
Finally Holidays !
Finally that i have holidays and the stress of exams is off, i'll continue to develop crack.pl and maybe metascanner .
P.S. 81MB of crack.pl rainbowtables contains over 6 Million passwords!! beat that. Lookup is instant!
code.google.com/p/kalgecin
ENJOY!!
P.S. 81MB of crack.pl rainbowtables contains over 6 Million passwords!! beat that. Lookup is instant!
code.google.com/p/kalgecin
ENJOY!!
Subscribe to:
Posts (Atom)