Chromecast Experience in .MY Part 1.

Living is not that easy these days. The cost of living have increased to a point where a mere average salary guy like me have a little bit trouble coping with my current life.  Yeap I admit I do have some sort of financial difficulty a bit . But Alhamdulilah I am bless with good  families and friends who are willing to help me in surviving the capitalistic nature of today's modernity.  

Nonetheless, the difficulty in one life shouldn`t be a burden to the soul in the quest of acquiring new knowledge.

Few months back down the road google have release the Chromecast . " A device that change makes your Smart TV Smarter"..

It cost us 35 bucks + 6 dollar shipping. Thanks to a friend of mine, Amir Shahir who bought it for me kindly.
Ifixit  had teardown for us. You can look on their website to see the inside of Chromecast.

To powered up the device is straight forward. Simply plug into your HDMI port  , and USB for power and it will boot on.

On my Sharp TV

Yeah terbalik dunno why.

Anyway the whole bunch of the Chromecast is actually a custom light webbrowser with HTML5 + Jscript + CSS Support. You can cast your content over WebRTC (since WebRTC support peer connect) or forward certain streaming sites request such as Youtube and Netflix (at this moment)..

Unfortunely we're living outside of the States. So surfing a Netflix is going to be a bit of problem.. Viewing geo-locked content is not a problem for PC users since a lot of proxies, VPN, can be used to bypass the protection.

That's not the situation with chromecast. This pricy small stuff is a bad-ass. You couldn`t rigged with it at all. The DNS Resolver is hardcoded in the device itself. One could root the device with previous firmware . But Google is also playing evil by updating the devices firmware without notifying the user, same goes to Google Chrome..

Solutions?

If you cannot customize/root the device. Then you make the device program behave like it was rooted. So for the past 48 hours , I've been testing analysing the chromecast traffic and studying the arts of bypassing of an unbypass devices..Hey presto the solutions is simple , i managed to sketch it on a nice A4..

Continue soon...
Just in case nobody belives me it's possible even using a cap telekom DIR-615...

One Way Web Hacking .........

One of things that we are going to teach in our HITB Class (kalo tak kansel)



Updated: It sucks using slideshare

DL:  http://www.sendspace.com/file/6z8m61

"Pentest is dead, so we are here to revive it"

We have arrived in an era where vulnerability assessment and
exploitation tools can be done with just a simple few clicks.
The ease provided  by modern commercial vulnerability assessment tools
especially regarding the reports generated by these tools give the
illusion that penetration testing is a simple task that can be
done/managed automatically ignoring the needs to increase the IT
security personnel competency.

However the ease of these tools is like an opium to the masses of IT
security practitioner. Relying solely on the results provided by these
tools somehow give the sense of false security towards the
organization that they are safe. The output of the tools only shows a
certain perspective of the whole security in the system. You might
have a good firewalls rules but have you ever considered an attack
could occurred by redirecting our attack by manipulating the
white-list rules? Worst, what's the point of patching your Oracle
Database to the latest update when the tnsname is predictable and the
7-Devil Oracle Default User are created  when a new DB is initialized?

In the Blackbelt Penetration Testing Training , we are here to quench
the thirst of the hollow exist in most IT Security Enthusiast. We are
trying to unlock the potential of any IT Security Enthusiast not to be
limited by the view provided by most security tools now-days. The
class is designed to unlock the creativity on technique to compromise
servers or find vulnerabilities that are not detected by tools. We
also give an in-depth view on common/uncommon  weakness found in the
World of Windows and Unix/Linux.  Do you trust your antivirus or
firewall? We will show you that under certain condition, some
malicious files can be encapsulated to bypass antivirus and firewall
protection. This is not a class that you are going to miss.

Feel free to sign up at 
http://conference.hitb.org/hitbsecconf2013kul/tech-training-5/

Becoming a beautiful believer.

On 4th of July I named my Daughter Iman Sofea which can be translated as Beautiful Believer. May Allah give here the beauty that can be reflected back towards our Deen. Just like our beloved Prophet Muhammad s.a.w which is described as a reflection of the moon. He is not the light itself but the reflection of the light that guided people travelling in the dark night.

Few days or probably still going on, in our own country we are faced with a questionable  picture regarding some Non Muslim wishing us the Muslim to have a good Ramadhan. I do not know what is the original picture nor quote since it's long gone and multiple Photoshop or Edited Picture appeared everywhere across the vast Internet.

Like any other believers, my first reaction is anger, shocked, agitated what is the motive behind posting with such questionable picture? Are they mocking my religion? Are they that ignorant about Islam at all? Didn't they learn Islam in their SPM at least in History class?

But in the midst of anger, shocked , full of emotional swing we have to look back what did our Prophet s.a.w do encountering such situation? For the believers , the beautiful way to handle the situation is... do not get angry. If we look in the 40 Hadith of Imam Nawawi  wrote:

On the authority of Abu Hurayrah (may Allah be pleased with him):

“A man said to the Prophet, ‘Give me advice.’ The Prophet, peace be upon him, said, ‘Do not get angry.’ The man asked repeatedly and the Prophet answered each time, ‘Do not get angry.’”

Related by Bukhari & Muslim.

If we succumbed to anger to make a judgement . Then that is not right ,another beautiful story about the Prophet s.a.w

There was a muslim man who came to the Prophet (sallallahu alayhi wa sallam) of Allah who gave him as a gift a bottle of wine. The Prophet (sallallahu alayhi wa sallam) said “didn’t you know that Allah prohibited wine?”. He said “I did not know that”. Then he whispered to the man who came with him a servant and then the man said “What did you just tell him?”. He said “I told him to go sell it”. The Prophet (sallallahu alayhi wa sallam) said “the one that prohibited its drinking also prohibited its selling. He said “In that case go dump it out”. 

Now we never know what the intention of the original poster posting the picture. But by looking at the behavior of our beloved Prophet s.a.w he didn`t react with Anger. He calmly told the person that he couldn`t accept the wine. Not shouting mocking cursing like majority of us sadly did today.When did we lost this type of beauty in us?

Another story that some addressing the same issue,

Ibn Abi Hatim recorded that `A'ishah said, "Some Jews came to the Prophet and greeted him by saying, `As-Sam `Alayka, O Abul-Qasim.' So I said to them, `wa `Alaykum As-Sam (the same death be upon you).' The Prophet said,(O `A'ishah, Allah does not like rudeness and foul speech.) I said,  `Didn't you hear them say, `As-Sam Alayka' He said,(Didn't you hear me answering them back by saying, `Wa `Alaykum (And the same upon you)')

The wife of the Prophet sa.w  upon hearing someone mocking his beloved Husband , like any other wife would are upset . (If your wife doesn`t get angry when someone telling bad things about you in front of her, well better check out lolz) . Neverless the Prophet s.a.w told her to calm down and do not get angry or used any foul language to retaliate back . For foul words affects the heart , the mind  and the soul (Which i discovered recently). It disturbed the inner peace within our hearts which affects the beauty of our soul.

Now to make some sense, when someone talk with the intention of mocking making fun of our Deen. Know that that's how it always been since the dawn of the Deen. People are making fun of our Deen constantly from the day the Prophet s.a.w first  preach until today :). It's all over the Internet where you can find people constantly mocking our religion with serious bad logic and misinterpretation .

Instead of getting angry we should be glad this is a signed of a legitimate legacy revelation that we received, adopted in our life. The fact that we care about matters like this (where other ummah doesn`t care anymore etc look how the comedian/cartoons/media  making fun of their own religion, and of course other religion as well. )This is a good sign that our Deen, our people is still gazed with sight of Loved by our Lord.

Last but not least, traditional Islamic Scholars defined Dakwah as inviting People to our Deen . Repairing corrupted Muslim is called amar maaruf nahi munkar, nonetheless how fare is our dakwah to these people? What is the steps that we have took to explain the situation/ethiques and why it's inappropriate. The meaning of dakwah is invitation.

So if we going to invite some strangers to our dinner should one say
" You look filthy, I hate you, If you don`t want to get kill, come to my house for dinner".  I doubt people will come.

If we are unable to see the beauty within the message of others. Then we should avoid making such ugly commentary or statement.

And Allah knows best.

Ihack 2013: Image and Writeups.. Download VM

Sorry for the delay. I`m not well for the past few days. 3 Days with sleepless night makes my decision capability affected quite badly. Nevertheless we manged to setup everything with few hiccups..

Congratulations to the winner. Now the bad parts.

1.Quality versus Quantity

Setting up 31 team's Network with VPN plus few custom network rules/patches is not an easy task. Writing a scoreserver is also not an easy task (A team from UTP even found a undefined  reference bug to bypass challenge score server). Neverless I did oops we did our best to ensure the game run smoothly with few hiccups along the way.

So it's quite a disappointment when participants asked some question such as :

1. Camane nak setup ip static?

2. Camane nak run VPN?

3. Ada Internet ke tak?

4. Ada laptop/pc lebih tak? Kami tak bawak PC/laptop.

Those of you who fall under that category should rot in the limbo's of /dev/null..

2. Alliance and Downfall of the web.

Scores was not submitted until 9:00 pm on-wards due to some improper configuration that I did that didn`t delegate appropriate privileged to retrieve the flags. The TBDIan guys starts owning the web and nightmares' begin around  9:00 pm onwards.

Startegy. Just like in real world we choose the correct friend. In the cruel CTF world, choosing the right allied may help you to secured your place in the competition.

3. One bug to rule em all.

There are 3 interesting daemon in the  image. Majority people reused the exploit from the web.. Which is a local travesal exploit via php streamwrapper. 

But I`m gonna summarized em up.

1. VSFTPD  backdorored exploit (Writeup from Sindrosa )

2. Faggot daemon  leaked address exploit . (Daisuke write a nice writeup)

3. And the Web yeah even the All Girl teams (does it sound sexist? who cares) managed to use this one... 

Kudos to the winner and here is the link to download to the VM.. There are no root accounts so u need to reset it to rw init=/bin/bash to create a a new account... 

Image expired in 5 days.

Download Ihack 2013 vulnerable image.

 Updated link

DOwnload with mega

Leveraging Metasploit Meterpreter PHP the smart way.

As a metasploit dogs.. U alway try to integrate any vulnerabilities that you found during pentest with metasploit. One of my favourite metasploit payloads is PHP/meterpreter/reverse_tcp.

Now having said that, Metasploit is not really smart !!! (At least is not efficient in every scenario.)
For example suppose we generate the php/meterpreter/reverse_tcp payload.

Notice that u would always need to specified the LHOST.

This will caused an inconvenience in a sense that if u r in an environment where your IP address will always changes (for my sake let say i hate to register domains/or behind a shadowed network ).

Checking the payload output

You noticed that reverse remote IP Address is hardcoded in the payload..
What we can do is we can replace the $ip strings with remote addr global server  $_SERVER['REMOTE_ADDR']  .

Now we can upload it anywhere we want and we don`t have to setup our LHOST every again :). This trick can also be applied to jsp and asp files but i left that parts to you guys.

Exercise of the past.

So someone give me a crackme challenge. It was a challenge on the previous Uniten@10 hacking competition.

Some people prefer Olly  but I'm using  Immunity Debugger. Configure it with Microsoft Symbol.

It's  quite straightforward actually.

• Each byte will xor with 0x65
• EDX is set to 00000000
• First Xor byte will be compared with to EDX+EE300C
• If match, inc EDX ,and 2nd xor byte will be compared to EDX + 1h + EE300C and so so on
• We know the length of the string is 20 , since the last check is CMP EDX, 14 (20 in decimal).

We know the strings will be compared from  EE300C  until EE3020.

We can xor the compared value immedietely.

And get our flag.

Fun thought.