Thursday, June 20, 2013

Recon on GITHUB ? ----this ought-a be good

Assuming you have done a recon on a webapp/website and found that it uses a CMS or an ERP or a web app that is hosted on GITHUB.... here is a search phrase u might want to use


EXTENSION:{file extension e.g php} {function}

extension:php mysql_query $_GET

most of this apps will have a fault then you can quickly deduce what to do from then,,,,, ADAPTATION

Now we have a MySQL injection

extension:php mysql_query $_POST

MySQL and SQL Column Truncation Vulnerabilities

Developers :-) morning.... and hackers (we know u dint sleep so ...sup)

heard of MySQL and SQL Column Truncation Vulnerabilities?...No?

ok so ..... its when a simple misconfiguration happens when developers dont escape data size options in coding e.g
$submitted_data = null;
if (isPswdCorrect($uame, $pswd)) {
$submitted_data = getUserDataByLogin($uname);

this gives us/a hacker chance to create another admin/user with the same privillages as a known user but with a diff password...

that is if i login as :admin x: instead of :admin: it will still work with a diffrent password that i would have created as :admin x: (without the ::)
happy security information :P

P.S video coming up soon....

Tackling security and getting Free Internet* :)

I love emoticons ... its like me only in character... if you dint get that....
any who.... am in Kenya for now... and its quite tricky to get free* internet but not impossible... so here is a trick i used to get free internet via orange Kenya ISP.... a while back....boring sunday = free internet

but heres the catch after that escapade i ventured into looking for other alternative methods to get free internet and what do you know.... there are other methods...see on pre-paid modems you purchase bundles to be able to access the internet.. but for orange ke. its a different story simply connect your modem and connect... well its not like you wont be redirected to their annoying proxy every time you dont have bundles and/or credit toped up on you sim/ruim.... the good thing is theres a way around this... how... heres a way around it.

Proxies---- to be more specific i used TOR you can get it here tor download or whatever proxy you are best comfortable with... an easier way to also work this around is to do a simple goole search for free proxy servers... then use them ... here is one way to do that:

after that.... Just browse....the port settings should be as such.... 80 for http and 443 for https.
Meanwhile if ou wanna find out more about how this trick works wait for my second post an i will update thee :)

UPDATE-EDIT: For those really curious if it still works... NO ....why? IT OBVIOUSLY GOT PATCHED

UPDATE-EDIT: For those really curious it still works YES/NO yes on the EVDO/CDMA modem set to port 53(DNS) <---this is open on orange gateway problem is that it disconnects after 10 minutes
on the GSM.... Not yet accomplished.


:) No longer posting, all articles should be treated as archived and outdated