Friday, December 30, 2011

WiFi Protected Setup (WPS) Is Vulnerable, 2 Bruteforce Tools Unleashed


Two computer security experts and network ninjas discovered that WiFi Protected Setup is vulnerable because it can be brute-forced using WPS pins which allow attackers to retrieve the WPA/WPA2 in less than 10 hours.
Aside from that, two penetration testing tools that cracks routers that have WPS on it have been released, made open source and available for download. These two tools are Reaver and Stefan Viehböck’s PoC Bruteforce Tool. Reaver was released by Tactical Network Solutions and the PoC Bruteforce Tool was obviously developed by Stefan Viehböck. Stefan said that his tool is a bit faster than Reaver but it does not support all Wi-Fi adapters. I haven’t tried Stefan’s tool yet but I was able to play and set Reaver tool in my Backtrack 5 Linux Operating System. 
Reaver version 1.1 has been released last night while I was writing a tutorial on how to set it up. You can download or wget Reaver version 1.1 or 1.0 on this link. And if you want to try Stefan Viehböck’s PoC Bruteforce Tool, you can download it here.


There is no patch yet for this vulnerability so it would be advisable to disable WPS in order to keep it away from your neighbors who are crackers.


About the Contributor:
Shipcode is a prolific blogger of ROOTCON and at the same time an InfoSec enthusiast from Cebu. He was inspired to join ROOTCON as part of the core team to share his knowledge in information security.  He encourages other like minded individuals to come forward and share their knowledge through blogging right here at ROOTCON Blog section.

ROOTCON is managed by like minded InfoSec professionals across the Philippines.  All rights reserved. Designated trademarks, brands and articles are the property of their respective owners.
Read More

Tuesday, December 20, 2011

Securing The TimThumb Script in Wordpress to Prevent Remote Code Execution

TimThumb Vulnerability is not a 0-day vulnerability anymore but there are still vulnerable Wordpress blogs today that are vulnerable to Remote Code Execution which is very risky.

Why this vulnerability is very risky and dangerous? Because it allows hackers to upload a backdoor in your website or deface your website. In fact, the self-proclaimed world’s no.1 hacker Gregory Evan’s blog was pawned with this kind of exploit. But we will not talk about Evan’s issue here whose name is flagged in Security Errata, our main topic is how to secure your TimThumb script if you have  a Wordpress blog that has timthumb.php.

How To Fix and Secure it:
1. Update to the latest version.

2. Omit flickr.com, picasa.com , img.youtube.com, upload.wikimedia.org, photobucket.com, imgur.com, imageshack.us, tinypic.com from this code:

$ALLOWED_SITES = array (        
                                  'flickr.com',         
                                  'picasa.com',         
                                  'img.youtube.com',         
                                  'upload.wikimedia.org',         
                                  'photobucket.com',         
                                  'imgur.com',         
                                  'imageshack.us',         
                                  'tinypic.com',     
                  );

3. Rename the TimThumb script and put some .htacess configuration or file on your sensitive folders just like how you secure an admin page.

4. Install security plugins.

5. Owh and make sure that the script have ALLOW_EXTERNAL line code set to false.

define ('ALLOW_EXTERNAL', FALSE);


You should update your blog or else you could end up like this:



About the Contributor:
Shipcode is a prolific blogger of ROOTCON and at the same time an InfoSec enthusiast from Cebu. He was inspired to join ROOTCON as part of the core team to share his knowledge in information security.  He encourages other like minded individuals to come forward and share their knowledge through blogging right here at ROOTCON Blog section.

ROOTCON is managed by like minded InfoSec professionals across the Philippines.  All rights reserved. Designated trademarks, brands and articles are the property of their respective owners.
Read More

Hackers Relief Ops CDO/ Iligan

Last December 17, 2011 typhoon Sendong struck the city of Cagayan De Oro and Iligan. The typhoon has caused huge damage to buildings, offices and homes and took away to near 700 lives, the two cities are in need of donations it might be in form of cash, clothes, canned goods and the like. Calling all Hackers and Geeks to participate this very little effort, ROOTCON Goons and a couple of fellow hackers are already planning to take part of this very sad tragedy.

You may donate through PayPal through the following:

CDO: francis.siason@gmail.com
Iligan: fleiremae@yahoo.com

ROOTCON and fellow hackers are accepting donations in form of cloths, canned goods, blanket and any other useful materials for our brothers and sisters in CDO and Iligan.

If you wish to donate through Hackers Relief Ops CDO/Iligan you may contact the following:

Cebu: ec [at] rootcon d0t org
Manila: Myself through Twitter (@semprix) and jhvallente [at] gmail d0t com

Our brothers and sisters in CDO and Iligan needs us this time.

Hackers Unite!!!!!
Read More

Monday, December 19, 2011

ROOTCON 6 Venue

We would like to officially announce ROOTCON 6 Date and Venue. ROOTCON 6 will be held on September 7-8, 2012 at Cebu Parklane International Hotel. To maintain the sanity and quality of the conference we set a limited tickets to 150 pax. The early registration cost is still Php2800.00.

ROOTCON 6 website will be launched soon, for now stay up-to-date on our Facebook (http://www.facebook.com/rootcon or follow us on Twitter (http://www.twitter.com/_rootcon_)
Read More