viernes, 29 de noviembre de 2013

[SLAE] ASM Hello World

Hello. It's a just small example of hello world from SLAE course


; HelloWorld.asm
; Author: Andriy Brukhovetskyy

global _start

section .text

_start:

        ;print hello world on the screen
        mov eax, 0x4
        mov ebx, 0x1
        mov ecx, message
        mov edx, mlen
        int 0x80

        ;exit the program gracefully
        mov eax, 0x1
        mov ebx, 0x5
        int 0x80


section .data

        message: db "Hello World!"
        mlen     equ $-message

;int 0x80 invoke a system call


For creating object from this .asm you need (install if missed nasn, sudo apt-get install nasm in Ubuntu)

sudo nasm -f elf32 -o helloworld.o hw.asm

and then

ld -o HelloWorld helloworld.o

more information about syscalls in Ubuntu you can find in: /usr/include/i386-linux-gnu/asm/unistd_32.h 

Nice article : Sysenter Based System Call Mechanism in Linux 2.6

Best regards



lunes, 25 de noviembre de 2013

domingo, 24 de noviembre de 2013

Jailbreak PS3 12Gb Super Slim OFW 4.50


This weekend I searching information about how to jailbreak PS3 12Gb Super Slim with OFW (firmware official) 4.50, this version is published in October-November 2013.

In many forums/blogs/pages people offer .PUP for downgrade PS3 to version 3.55, this version needed to can install CFW (custom firmware), all what I found it's a scam, what offers to you download .PUP for free from page X with putting your phone number and with a small letter at the end of a page they say what you will pay > 30 euros and you will subscribed to X services.

So at the moment the unique solution is flashing with E3 Flasher or with the Cobra ODE.

Here you can see how to install Cobra ODE on PS3 serie 4000 (SuperSlim).


This information published just for education purpose and protect you from scams, if you do jailbreak the author is not responsible for any damages,  you do it at your own risk. In many countries jailbreak is illegal.

Best regards

domingo, 10 de noviembre de 2013

[Script] VirusTotal public and private API v2 with all features


Few days ago I finish to improve previous script and add private API  support, so very big thank to VirusTotal team for this :)

I will show a few options with examples, for all options see usage

Important! Some functions as behaviour have many options, if you want active all of them, just use -v/--verbose. For get more details from report use verbose mode.

You can use options --dump for dump json to file, and after analyse it, you can combine this, so you will can see a report and dump him to file, and after pass file as the parameter instead of hash/scan-id/url/etc...

File scan:
Important, if file has been scanned before, you will get a report, file will not be uploaded
Files with size bigger then 32mb will be ignored and you will see warning with file name

You can use name/path wildcard as: /home/user/malware*/*Zeus*

vt.py -f path_to_file


vt.py -f path_to_file -v #with verbose mode you will see the same more detection by AV's



Url scan and report:

Depend of API, if you have public API you can scan up to 4 urls. With private api up to 25 urls.
Example for scanning 2 urls/domains

python vt.py -ur google.com virustotal.com



When you trying to get report and url/domain is not scanned before, and you will upload it to scan you can execute it with option:

python vt.py -ur -u google.com virustotal.com

If you directly want add it to scan/rescan just execute it as:

python vt.py -u google.com virustotal.com

Report search

Here you can use md5/sha1/sha256 hash or scan-id


python vt.py -s 99017f6eebbac24f351415dd410d522d

MD5       : 99017f6eebbac24f351415dd410d522d
SHA1     : 4d1740485713a2ab3a4f5822a01f645fe8387f92
SHA256 : 52d3df0ed60c46f336c131bf2ca454f73bafdc4b04dfa2aea80746f5ba9e6d1c

Scan  Date     : 2013-11-02 05:21:11

Detections:
      39/46 Positives/Total


                                   output is very long, so it's just a part of him

Permanent link : https://www.virustotal.com/file/52d3df0ed60c46f336c131bf2ca454f73bafdc4b04dfa2aea80746f5ba9e6d1c/analysis/1383369671/


Domain search:
Get resolver Ip and date  of the domain

python vt.py -d http://027.ru --dump -v #public api



Get domain info with all info: # the same execution but with private api

You can get all info with verbose mode or just activate options what you want to see, see usage



Get IP info:

python vt.py -i ip/json_dump #public api


Search report
python vt.py -s 99017f6eebbac24f351415dd410d522d #private api example


ExifTool file metadata:


                                                                  <cutted>



Cluster info:

python vt.py --cluster 2013-10-01



Distribucion:

python vt.py --distribution-files --report --limit 1



python vt.py --distribution-urls



Permanent link : https://www.virustotal.com/url/6df0f88d03421a4c202bb6151d4b16666be0d8fac3780d387a5b818ca824d6b7/analysis/1383121114/


Get comments:



Behaviour:

it's very cutted output of behaviour, because is very very long






          And much more!

Process Tree

pid:484
name:82a4d0467f93e3ddec3b51a66dbd55cfce3f6c5725d2759850fb4b3b37c28304
children:[]


You need to see usage for all options

python vt.py -h

Enjoy it!

sábado, 9 de noviembre de 2013

[How-to] Backdoor + DDNS + VM as server


This day I played with ¿Backdoor?, As I notices a principal module for creating a secure channel for communication between server<>client is outdated and don't work with lates version of python Crypto library (missed Iniciacion Vector in AES implementation), so I work for the update full this script to python 2.7.x and updated parts with AES encryption, so soon I hope I will send updated source to author and he will update it, and small bug fixes :)

But return to the initial theme, as I see many of the people have the problem with connections between DDNS(example: no-ip.com) with forwarding traffic from the router to the virtual machine.

After a bit of research I get the solution.

For start by parts:
1) How to Create a Free Redirect Domain With No IP

2) IMPORTANT: Set your virtual machine static ip address  and put this machine in DMZ, and configure network card in bridge mode, for get the same ip range what and the rest of machines on your lan.

3) Set Up Port Forwarding on a Router

Finally as you can see everything work perfect :)



Best regards :)

domingo, 3 de noviembre de 2013

[How-to] How To View Passwords For Wi-Fi Access Points Saved On Your Android Device

With multiple Wi-Fi access points saved on your Android device, it is quite normal to forget the security key to a certain network. This article presents a small, handy work-around for the rare instance where you need to view a forgotten password. For instance, your friend needs to connect to the Wi-Fi network you’re currently using on your Android device, he or she asks you for the security key but you just can’t remember it. What do you do? Read on after the jump to find out.
Albeit through a counter-intuitive way, the app can help you with finding passwords of your Wi-Fi access points, old or new. This method requires your device to have root access. If it doesn’t, type “rootdevicename” in the search bar above to gain root access on your device using one of our own guides, or you may simply take a look at our comprehensive compilation of Android root guides to see if your device is listed there or not, and if it is, how to gain root access on it.

Also, you’ll need a file explorer that gives you read access to root-level documents. Root Explorer and Super Manager (Professional Edition) includes said feature.
  • Navigate to the root directory /data/misc/wifi. If your file explorer opens the SD card (/mnt/sdcard) directory by default, press back twice to open the root directory, then navigate to the mentioned path.
  • Open the document wpa_supplicant.conf. If you’re using Root Explorer, simply tap the file to open it in a text viewer or hold it (long tap) to open its context menu and select View as text to do the same.
  • From within said file, you can view all your saved Wi-Fi access points along with their passwords. Look under the SSID (Access Point Name) of the Wi-Fi network whose password you need to view. The password is written within quotes in the line that says psk=”password”.

As evident by the screenshot above, once you open said conf file, you’ll be able to sneak peek into almost every access point that ever got registered with your Android. All you need to do is lookup for the required access point, note down the password displayed under it, key it in the password field, and you’re good to go. The above method has successfully been tested on HTC Desire Z (running CM7). Hopefully, we shall soon be introduced to an app that has the propensity to automatically fetch APs from said file, complete with passwords and other relevant settings, and tie them to the present APs with the same titles. Till then, manual route is the best route!