Pages

Sunday, July 31, 2011

BackTrack 5 R1 to be released on August 10th




The BackTrack Team has announced that Backtrack 5 R1 (Release One) is set to be released on the 10th of August 2011.

I’m sure many of our infosec friends out there are already excited to download its new release on the said date. The update includes 100 bug fixes, package updates, and the addition of over 30 new tools and scripts.

BackTrack 5 will surely rock your ninja skills because it’s the most favored penetration testing linux distro; and once again it’s back in action.

The crew will also have a pre-release event of BackTrack 5 R1 at the BlackHat / Defcon Conference a few days earlier. Cool isn't?

May the sauce be strong with you.” – BackTrack Crew

Way to go BackTrack Team!

For more info, just visit the BackTrack Official Website.


P.S.

I attached a spoofed video about Backtrack 4 but its thoughts are true.

So anyone out there who wants to master this tool and show off your skills on our next meet up?
Perhaps on ROOTCON 2012? Any volunteers? Email us at info[at]rootcon[dot]org. Thanks.



About the Contributor:

Shipcode is an InfoSec enthusiast from Cebu. During his high school days he was just an ordinary script kiddie. He loves to search for web exploits and other issues concerning network / wireless security.


ROOTCON is managed by like minded InfoSec professionals across the Philippines. All rights reserved.Designated trademarks, brands and articles are the property of their respective owners.

Wednesday, July 27, 2011

Linux 3.0 Kernel Released! Linux 3.0.c Kernel Exploit also Released!


It was in the evening of July 22, 2011 when Linus Torvalds posted on Google+ about the new 3.0 kernel version which marked the end of 2.6.x series of kernel versions. After which, the initial plans of 3.1 were then a big issue to his followers because its exploit was released a few days after it was announced officially.



A guy named Dan Rosenberg compiled a C code entitled the “DEC Alpha Linux 3.0 local root exploit” which points out the vulnerability of the new 3.0 kernel version. Then also, a guy named Cross from ROOTWORM also published his Perl script entitled “2011 Linux Auto Rooter Beta 1.0” which includes the kernel versions 2.6.18 series to 3.0 kernel version exploits. The Perl script of Cross was also posted in most of the underground websites.

For those of you who are not familiar of a kernel exploit, a kernel exploit is written in C and its objective is to root a Linux box. With this exploit, a normal user of a certain machine can become a super user of a certain box which gives him more privileges like installing more repositories, installing other softwares, hosting malicious codes, hosting an ssh scanner, etc. Thus it’s a big, big trouble.

As of now, The Linux team is still fixing some of the current kernel’s bugs and issues. We hope to see the release of the 3.1 kernel version soon.



About the Contributor:

Shipcode is an InfoSec enthusiast from Cebu. During his high school days he was just an ordinary script kiddie. He loves to search for web exploits and other issues concerning network / wireless security.


ROOTCON is managed by like minded InfoSec professionals across the Philippines. All rights reserved.Designated trademarks, brands and articles are the property of their respective owners.

Monday, July 25, 2011

Philippine Congress Hacked by BashCrew for #AntiSec


The Philippine Goverment has become the latest target in the #antisec operation by a foreign hacker team known as BashCrew. The Philippine Congress Website (http://www.congress.gov.ph/) was hacked and some of its data were leaked. The leak has personal information, emails, contact numbers etc via pastebin.


Source: http://www.thehackernews.com/2011/07/philippine-congress-hacked-by-bashcrew.html




About the Contributor:

Shipcode is an InfoSec enthusiast from Cebu. During his high school days he was just an ordinary script kiddie. He loves to search for web exploits and other issues concerning network / wireless security.


ROOTCON is managed by like minded InfoSec professionals across the Philippines. All rights reserved. Designated trademarks, brands and articles are the property of their respective owners.

Saturday, July 23, 2011

Hacker group strikes again, wishes Aquino good luck at SONA

After attacking the website of the Office of the Vice President (OVP) Friday, a hacker group hit another government website early Saturday, and left a message for President Benigno Aquino III.

The group, calling itself PrivateX, attacked the site of the Food and Drug Administration (FDA), then wished Aquino good luck in his State of the Nation Address (SONA) this coming Monday.

A screenshot of the FDA website after it was attacked by a group that hacked the OVP website. GMA News

PrivateX, the hacker group that attacked the OVP website Friday, hit the FDA website the next day and left a "good luck" message to President Aquino for his State of the Nation Address on Monday. GMA News

“GoodLuck to SONA PNOY," the group said in a popup message that greeted visitors to the FDA website before dawn Saturday. PNOY (short for President Noy) is Aquino’s nickname.

It was not immediately clear if the message was a taunt to Aquino as the hack came a month after Malacañang hinted it will make a security review of government websites.

The idea to review security stemmed from attacks on government websites by the hacker group Philker.

Last June 14, presidential spokesman Edwin Lacierda said the National Security Adviser “is studying the creation of a task force to undertake a security review of government websites."

In Saturday’s attack on the FDA website, visitors were greeted with a series of popup messages similar to those in Friday’s attack on the OVP website.

The messages in the FDA attack included “Sorry, not intended hacked... i
swear.PrivateX," “guess who?rhodzx labzx" and “I will be always here..~MJM~."

But in some cases, the popup messages triggered “VBS malware-gen" alerts from antivirus software, indicating the possibility that malware may have been planted on the hacked site.

After clicking on the popup messages, visitors to the FDA site were then redirected to a web page where the hackers expressed support for the AntiSec movement.

The AntiSec movement, started by hacktivist group Anonymous and joined by Lulz Security, seeks to attack government and corporate sites and leak their information online.

“We do support Antisec movement that originated with the hackers Anonymous and Lulzsec," PrivateX said in the redirected site on Pastehtml.com.

It “assured" the FDA site administrator that no data was taken during the hack, but added government “needed" the attack.

“We are not trying to destroy government websites but you need this," it said.

The group even wished nursing board examinees “good luck."

Visitors trying to leave the site were also greeted with a popup message saying “see you again." — LBG, GMA News

Source: GMA News


ROOTCON is managed by like minded InfoSec professionals across the Philippines. All rights reserved. Designated trademarks, brands and articles are the property of their respective owners.


Sunday, July 17, 2011

The Artificial Lurkers of IRC



I guess most of you are familiar with the IRC or the Internet Relay Chat. According to Wiki, IRC is a form of real-time Internet text messaging (chat) or synchronous conferencing. It is mainly designed for group communication in discussion forums, called channels, but also allows one-to-one communication via private message as well as chat and data transfer, including file sharing.

But is IRC still alive these days? Yes it is, in fact it is the home of underground hackers and crackers, to name a few; defacers, rooters, carders, script kiddies, hardcore Linux users, etc. IRC is often referred as a primitive way of chatting because of its style and because of the new generation of voice and video chatting just like Tinychat and Facebook. And because of Facebook, some of the teenagers don't even know how to use IRC clients.

But of course, we will not deal more about how to use it and where to have a good chat mate. Instead we will talk about some of the hidden agendas of IRC users and the dark side of IRC. Forgive me for referring to it as the dark side thingy but that's what other IRC users usually call it.

In IRC there are some users that have botnets or bots in their channel which can do ; udpflooding, check for vulnerable websites, portscanning, nmap, sqli, rfi, lfi, check for good credit cards and many more. These botnets are coded in languages like perl, php and python.

In fact, some of these bots are hosted on a hacked or rooted boxes or even websites that have backdoor shells. Users with bad intentions like doing a DDoS attack would not run their scripts on their own machine in order to avoid getting traced or caught.

The images below are screenshots I took and uploaded so that people may be aware that these kinds of lurkers exist in the cyber world and could also be a threat or an advantage.



Thus it would be easier to say that an IRC bot is an independent program or script that connects to IRC as one of the clients but differs to other clients because it performs automated functions.


Nowadays, these bots are often scattered in public channels and who knows, you may be able to encounter one. Now don't panic, they won't infect you, they are just waiting for their handlers to command them. Like I said, they are different from infecting botnets like the Zeus Bot.

The bots shown here are for educational purposes only, no live accounts and servers were tested and rooted in order to run these scripts.



About the Contributor:

Shipcode is an InfoSec enthusiast from Cebu. During his high school days he was just an ordinary script kiddie. He loves to search for web exploits and other issues concerning network / wireless security.



ROOTCON is managed by like minded InfoSec professionals across the Philippines. All rights reserved. Designated trademarks, brands and articles are the property of their respective owners.

[Hacked] Lapu Lapu City Government Website another victim

I was working in front of my laptop in the afternoon of Sunday, July 17, 2011 at around 2:30PM when a friend of mine on YM (Yahoo Messenger) informed me that www.lapulapucity.gov.ph was hacked recently. I visited the site and below is the screen shot, hacked by LatinHack Team.

Basic Google stuff, I searched the group “LatinHack Team” and surprisingly they defaced a quite a number of websites already since February 21, 2010.

The previous state of www.lapulapucity.gov.ph was:

Lapu Lapu City Government website was hacked on July 15, 2011, just few more days before the closing date of ROOTCON 5 Security Conference.


Please be informed that we already invited some government offices to participate ROOTCON 5 Security Conference which will be held on September 9 – 10, 2011 at Parklane International Hotel, Cebu City.


I’m not sure if the government of Lapu-Lapu City (a part of Cebu province) received our invitation but rest assured we do our best to invite them after this incident.


If you happen to read this blog post, kindly contact your friend from the city government of Lapu-Lapu City.


To my friend on YM, thanks for sharing. You know who you are.


In the end, should this be a wake up call?

[Update as of 8:47PM, Sunday, July 17, 2011]

I checked the site again at this time and their site is now under maintenance. Screen shot below:


[Update as of 12:09AM, Monday, July 18, 2011]

So far the pages has been restored to its default page. But still it boils down to one question - "Is their website secured now?"


Related Blog:

Hackers: Coming Soon to a Website Near You



About the Contributor:

A self-confessed blogger minus the coffee. He maximizes his skills in consultancy, project management, professional networking, social media campaigns and very active in conceptualizing things. To date he already conducted several IT / Information Security events as his passion since 2007. Currently he's working as a Technical Support Specialist in a local company.


ROOTCON is managed by like minded InfoSec professionals across the Philippines.
All rights reserved. Designated trademarks, brands and articles are the property of their respective owners.