CoBank & CitiBank - Internal Access - Hacked!

// c0mrade    // 6-17-12    // Twitter.com/officialcomrade         Hello, my minions. Let me start off by answering some questions.         Q. Do you support Jester?    A. Yes. I do not support the dilettante that follows him around though. They're trying to act as some corporate spies. It's funny. Jester has that part of the scene on lock. Don't even try mining it, please.         Q. Why is your

Your LinkedIn password is in the news or not?

Last night, the password(SHA1) of LinkedIn was leaked and if you want to know your password is in the list or not, try this script(from Phobos Technology) for check it. 

if you want to see full details of this news, please go to the Source.

1. Download Password from
http://wordpress.phobostechnology.com/wp-content/uploads/2012/06/combo_not.zip

2. Run this python script.

"""
Save this file as

SSLsplit – transparent and scalable SSL/TLS interception

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted
network connections. Connections are transparently intercepted through a
network address translation engine and redirected to SSLsplit. SSLsplit
terminates SSL/TLS and initiates a new SSL/TLS connection to the original
destination address, while logging all data transmitted

All posts that I got about Exploit RDP(MS12-020) in couple days ago.

1. Proof Of Concept Exploit in 15-03-2012

http://pastie.org/private/01qvw08ffwzulqgtt8fpbg
 


 2. Detail and Proofed Exploit DoS 

http://blog.binaryninjas.org/?p=58



3. Another Good Post :) And I think this is the best.
http://aluigi.org/adv/termdd_1-adv.txt

If you like my blog, Please Donate Me




One Dollar $1.00 Two Dollar $2.00 Three Dollar $3.00

Vulnerability in Novell website By Team

Vulnerability in Novell website. From: Team Date: Wed, 08 Feb 2012 23:10:21 -0200  Hello :-) I sent email stating the problem for the company,waited a few days and got no response, so I'm making the vulnerabilitypublic: Scan date: 2-2-201213:33:54===================================================================================================|Domain: http://

XSS in au.tv.yahoo.com

Try to type XSS in the search name box of http://au.tv.yahoo.com/plus7/royal-pains/

 


Source: http://thehackernews.com/2012/01/xss-vulnerability-reported-in-yahoo.html



If you like my blog, Please Donate Me




One Dollar $1.00 Two Dollar $2.00 Three Dollar $3.00

Wordpress 3.3 XSS vulnerability

# Exploit Title: Reflected Cross Site Scripting in wordpress 3.3

# Google Dork: intext:"Proudly powered by WordPress"
# Date: 2.Jan.2012
# Author: Aditya Modha, Samir Shah
# Greetz: Jigar Soni, Mr 52
# Software Link: http://www.wordpress.org/download/
# Version: 3.3
# Tested on: apache
# CVE :  Nope.Step 1
: Post a comment to the target websiteStep 2


: Replace the value
of author

Android X iOS Security

Infographic by Veracode Application Security


Source: https://www.veracode.com/resources/android-ios-security#.TwPVfPRitb0.facebook

If you like my blog, Please Donate Me




One Dollar $1.00 Two Dollar $2.00 Three Dollar $3.00

SpecialForces.com was hacked!!!

If you want the detail, please go to the Source. 


http://ibhg35kgdvnb7jvw.onion//lulzxmas/specialforces_full.txt.gz  <- orders/addresses/ccs

http://ibhg35kgdvnb7jvw.onion//lulzxmas/specialforces_passwords.txt  <- just the passwords

http://wikisend.com/download/287544/specialforces.tar.gz    <- both combined

 

# grep -R -H -i '.mil' specialforces_passwords.txt | wc

    1274    8072  127545

Another site of UN was hacked again by SECTORLEAKS 404

--------------- ACNUR ONU HACKED  BY SECTORLEAKS 404---





HOST..........



Target: http://www.acnur.org/t3/index.php?id=166&tx_refugiadosamericas_pi1%5Buid%5D=%Inject_Here%COL



DB Detection: MySQL >=5 (Auto Detected)

Method: GET

If you want the detail, please go to Source.


If you like my blog, Please Donate Me




One Dollar $1.00 Two Dollar $2.00 Three Dollar $3.00

Think You're Anonymous? Google Analytics May Prove Different

How He Did It


You'd think that this would take some serious sleuthing
techniques right? Well, thinking of tracking bloggers using their GA
code seems some hoopy thinking – but the method isn't hard.


Basically, Baio plugged the anonymous domains into eWhois:




Using a sample of 50 anonymous blogs pulled from discussion
forums and Google news, only 14 were using Google Analytics,

Howto: How to downgrade 5.0.1 to 4.3.3 / 4.3.5 - iPhone 4, 3GS, iPod Touch 4G, 3G, iPad:

Step 1: Make sure that you have downloaded the version of iOS
which you gonna downgrade to (4.3.5, 4.3.3 or any iOS version), you can
download any iOS firmware from our library - Click Here.

Step 2: Navigate to :
Windows Users: Windows > System 32 > drivers > etc
Mac Users : etc

Open hosts file with the text editor then add the following code to the end of the file :

74.208.105.171

MS11-083 Details And Honeypot.

Microsoft Security Bulletin MS11-083 - Critical


Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)


Executive Summary
This
security update resolves a privately reported vulnerability in
Microsoft Windows. The vulnerability could allow remote code execution
if an attacker sends a continuous flow of specially crafted UDP packets
to a closed port on a target system.

The

Cloud Service of Amazon was hacked.