Uitm Ihack Part2

With our victorious smash on Saturday , we thought Sunday might be a good day, Well unfortunately it wasn`t that good. First of all we were delayed by the trouble of the networks. We supposed to start at nine but well due to the network probs we were delayed like (30 minutes ? ) what a crap .and the game that suppose to be end at 3:00 pm suddenly end at 2:30 pm... Why becoz... nvmind i won`t say it much.

Owh well we did got 2nd place for CTF? It`s a pity when we realized at the end there`s an exploits for the cgi , sshd and simple sqldump. :(

Seriously, getting the 2nd place is not so bad. Instead of diving into hell in HitB CTF we get tickets to go the conference which is muchx3 more better :)


Thanks to all the last generation of Pr0ject Tango . Until we meet again next year!!!

Uitm Ihack 2007 Part 1

It`s been a while since i blogging. Busy preparing myself for the Uitm I-Hack 2007 in Shah Alam from 17-19. Thanks to a contact of mine we managed to hook a car and drived around like crazy.

Well nothing much to be talk about the Hacking Seminars. From my point of view it`s more like business orientated stuff. However some of the speakers is quite concern about security in the codes and steps that user should use.

Hurm what interest me is the flyers nearly makes me roll my eyes!!. To protect yourself from port sniffing use Windows Firewall! I mean OMG !! what happen to the other alternative solution?

Leaving that aside , today is the day for Forensic Challenge ..

Well most of binary files exist in windows. Our expertise in linux don`t help much . Unlike previous year where players can only make 5 attempt to retrive a flag. This year is unlimited but well it`s okay. The forensic covers from reading logs to debugging ,jpeg stengraphy , (blax3 what you expect on school level hackings).

Well the game starts from 9 -4pm.. And we proudly won the game by solving 7 out of the 9 question. While there`s the CTF games tomorrow. Pray to God we win !!

UTP Doomsday Network..? Is it becoming true

Well this is just a persona chronologi analysts by me. A bystander for my beloved campus network. The network activities inside the campus have been very interesting from legal network connection to ethical and educational hacking purpose :) Well let's just say screwing around is bad but the knowledge gains from these network activities are very essentials. Because these weird knowledge makes our campus different from each other . Now almost 4 years have past since i enter UTP and ImHO our network activties are starting to fall apart especially after the ITMS start splitting up the network intravillage :)... If nothing is done this situation might appear :) I choose next semester as my parody chronicle


21 January 2008

New Semester have just started, me and Kage have gone from UTP temporarily. At firs the current IRC Opers just maintain the IRC server as always without changing anything except a few things. At the end of the month things start to crash out.

21 Feburary 2008

It`s been barely a month yet the ITMS took the advantange of the absenst of most admins to change the way they define IP`s for each village. IRC server soon going to fall down as nobody knows what to do as me and kage are out of contact.

21 March 2008

Several students who claim "l33t" tried to setup their own IRC server but it`s based on Windows , cause more bugs more damaged . DC++ is no longer a place to meet and downloads. but just a place to downloads :)

21 April 2008

There is a a war between forum administration each claim they are doing it for UTP sakes. But unfortunately the practice of freedom of speech is not seen at all. The effects? Low post more spams and people who loves to watch quarrel rather than stopping it.


21 May 2008

The Net activites such as IRC service , DC++ are running but with few activities and project. Nobody gives a damn bout it anymore . ITMS took this opportunity to close all these activites once and for all .


Now this situation may or may no go along so explicitly like i stated there. But we have seen the sign of the doomsday of UTP network , eg there are not many people entering the IRC Network, not many Opers have the administrattive skills , and lastly the rise of lechers but no seeders.


Shout off your idea here UTPians here

Running 32 apps on top 64 bit Debian/Ubuntu

I`m quite jealous with the RPM multiarch that provides architecture compatibility that is much cleaner than the Debian System. If you are like me ( a Debian or Ubuntu users) , need to run 32 bit software under a 64 bit enviroment here`s a good place to start.

Beating the crap of Streamyx ; Torrent Flux Torrent furious!!

Aha i just love living in this bolehland country. Why ?

1. We keep losing on every sport we conquered in the past
2. Using helicopter that will crashed every 2-3 years.
3. Last but not least largest broadband yet crappiest service.

Putting all those problem aside , I'm quite bore so i think I'm going to reveal some dark secrets how to speed uer downloading stuff without all those VPN. (yes VPN connection is truly an art of state of security but be honest how many of us take care bout security much in this bolehland country nway?)

The things that you may / may not need:

1. A web hosting ( linux based , windows is crap) with python/php/perl support. If possible get a "I don`t care what you do " policy webhosting. A shell would be nice!
   
2. Torrentflux /Torrenflux b4rt ; A good web based torrent client with bittornado as it backends.
3. If your life is filtered with a proxy that filtered GET <= 2MB. Then you may need a phpsplit or !!

Well i don`t want to explain the setup one by one because most of the stuff that i mentioned earlier already contained their own respective manual. But hey the perfomence is very good. Me myself have purchased a hosting somewhere in Amsterdam under an anonymous name.
A quick summary would be like this:

• Download the files to the webserver first. ( it will go extremely fast around 3MB).
• If you are using a connection behind firewall. split the file 2MB 2MB 2MB.
• Download the file from your private web server to your PC directly hehehe :)
• If you want more enchancment, get a shell or if your account doesn`t provide shell there always.
  

Look at the bleeding speed.

Well on a 1 mbps streamyx ( so far so good)

If you are interested in getting a "i don`t care what you do" policy webhosting feel free to contact me or leave a comment :) :p !!

Feisty Fawn repositery update in UTP

Fuu.. it`s been a while since i update my blog. Just to tell that the ubuntu feisty fawn in utp is rolling back up with full updates and cron daily at 4.am in the morning :)

In the past i used the apt over https method and zenity as the frontend of my system configuration repositery. Now i`m on y way porting all the scripts using kaptain as i found out the grammar is quite easy to understand :)

The algortihm for the configuration is like this :

User> Choose between inside UTP or outside >

if inside
check v5 or not!
if v5
simple
else
apt-over https

else
outside use taiwan repo


done :)

Hitb 2007 is back

The hottest stuff in Malaysia is back!! This is an event that you shouldn`t miss at all. Learn with your heart all about network security from professional network admins to the underground blackat community. Based on my experience in the past HITB, this is a conference that you shouldn't miss especially if your job/works/studies is related to the IT Market.

Unfortunely , the price for the conference may be a little deep for normal Malaysian students, well you can go out and volunteer yourself! (some skills are required) and you can get to know the guys better :)

Well what interest me is the CTF game!!.Capture the Flag

Last year , as a winner of the Uitm I-Hack Competition 2006 me and my team managed to get a free seat for the HiTB CTF. Little does we know it really surprise us! Basically it's all about
reverse engineering / binary hacking / exploit writing

Non of these is related to any web hacking like th Uitm. I knew we are considered as f*** n00bs that always being tapau from that moment. Never less what surprise me is that most of the participants from Malaysia also don`t have a clue on wat's goin on .

Well a year have pass.
This time i think i`m quite confident on howto debug and detect the exploits. But seems like the competiton is getting tougher each year! Will my team managed to at least get some respectable place?

Strategies on winning.
1. Analysis of each services running on the box.
2. Scan for available listening port. (on localhost no need for nmap and blax3)
3. Analysize binary for exploitation
4. Write exploits.

Things to read on.

1. Izis paper on randomize va space attack.
2. Shellcoding operand.
3. Overwriting heap/stack
4. Assemble , Dissasemble and Fun with C :)

Anymore suggestion?