Facebook Bug - Open Redirection To Blocked Sites

Link Shim Of Facebook (l.php) 
A very good explanation for 'Link Shim' can be found here. It is a sweet note written by one of the security engineer at Facebook. In short, Facebook tries to protect their users by creating a list of harmless sites and harmful sites. So, sites which are malicious and are marked as `harmful` cannot be used on facebook.

eg. A user cannot post a link of a blocked site.

Try to post `http://ringcloud.com` on Facebook. You won't be allowed and a `warning` message will be displayed saying that `ringcloud.com` is blocked.

Send Dialog

Facebook introduced a 'Send Dialog' long time back. You can find details about it here. It was designed for sending private messages with `links` to one's friends, etc. It can be integrated on third party sites.

Have a look at this

https://www.facebook.com/dialog/send?app_id=145634995501895&link=http://www.pranavhivarekar.in/2014/10/hackerone-bug-redirect-filter-bypass.html&redirect_uri=https://www.google.com

The 'Send Dialog' accepts few parameters.
1. app_id (App needs to be created for using send dialog)
2. link (Link to be shared)
3. redirect_uri (Redirection to site mentioned here after sending message)
- See more at: http://blog.hackersonlineclub.com/2015/01/facebook-bug-open-redirection-to.html#sthash.qDk8qdUT.dpuf

After pressing `Send` or `Cancel` user will be redirected to the site mentioned in `redirect_uri`

Final Exploit 

The values passed to `link` parameter were getting passed through 'Link Shim'. So, attacker is limited to share only those links which are present in `harmless` list of link shim. eg. Attacker can share any link like `http://pranavhivarekar.in`.

 Now, note other `redirect_uri` parameter. I observed that it was not passed through link shim. So. attacker can redirect victims to any site after sending message. eg. Attacker can redirect users to any site like http://pranavhivarekar.in/.

 So, what is the bug here? 

I checked `redirect_uri` parameter against `harmful` list of 'Link Shim' and was really amused and glad to see the redirection to `harmful` site. eg. I entered `http://ringcloud.com` and after `Sending`message or pressing `Cancel` it redirected me to `http://ringcloud.com` So, it proves that there were no access controls placed to protect users from redirection to `harmful` sites and it did violate the working of 'Link Shim'. 

So, this bug was accepted and rewarded by facebook. Now, if you try to use this exploit then it will show error like this. eg. Try this --->

https://www.facebook.com/dialog/send?app_id=145634995501895&link=http://www.pranavhivarekar.in&redirect_uri=https://ringcloud.com#sthash.9CfjyRC7.dpuf

It will show you error like.

This bug was rewarded as it affected other users of Facebook and for pointing exactly about the policy of 'Link Shim'. 

About The Author:

http://pranavhivarekar.in/

Thanks for spending time to read this ...! Comments are welcome. :-)

Facebook Vulnerability Allows to Video-Call Mark Zuckerberg!

Have you ever desired to Video-Call the Founder of Facebook? Well, with this Vulnerability it's still possible!. The following used vulnerability allows with a GET (In-URI) CSRF Parameter to avoid the Video-Calling blocks into Mark Zuckerberg Privacy Setting's. 

.First let me introduce what a CSRF Vulnerability IS:
 "A Cross-Site Request Forgery (CSRF) Vulnerability is a type of attack that occurs when a malicious Web site, email, blog, instant message, or program causes a user?s Web browser to perform an unwanted action on a trusted site for which the user is currently authenticated." (*) 

Now, Let's start analyzing it! First we start from this URL (like we are actually Video-Calling one of our Friends): - 

https://www.facebook.com/videocall/incall/

When we've identified the Vulnerable GET Parameter, we may apply it as below!

https://www.facebook.com/videocall/incall/?peer_id=

After the peer_id= parameter, we'll insert Mark Zuckerberg ID (which is id=4)

So, definitely, the Complete URL, will look like this below:

https://www.facebook.com/videocall/incall/?peer_id=4

Regarding this Bug, Facebook Security Team have not yet released a FIX, on the fact continuing to allow Attackers to use this flaw against the whole Social Community!.

Reference: OWASP CSRF Guide

https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet

About the Author 
Christian Galeone  is a Cyber Security Researcher from Italy, he's currently studying to ITCL Marco Polo ( Vocational Technical Institute | Vo-Tech ) attending the IT Programming Class. He has been Acknowledged by the TOP 5 Companies including Yahoo!, Microsoft, AT&T, Sony etc. He is currently working with HOC as author of Cyber Security & Critical Tools Research Articles.

FireEye is Hiring Sr. Reverse Engineer/Malware Analyst.

If you have strong programming skills, are experienced in malware analysis or reverse engineering, and are looking for an opportunity to collaborate with an industry-leading team—then the FireEye Labs Advanced Reverse Engineering (FLARE) Team is looking for you!

As a malware analyst working within FLARE you will dissect attacker tools and backdoors in support of incident responders. You will also help develop innovative tools to aid other business lines and automate malware analysis.

Essential Duties and Responsibilities
Analyze executable and malicious files.
Collaborate with a team of experienced malware analysts and researchers.
Develop novel solutions to challenges facing incident responders and malware analysts.
Support the company’s research and development efforts.
Required Skills
Strong programming skills
Ability to analyze disassembly of x86 and x64 binaries
Knowledgeable in the use of:
IDA Pro disassembler
User- and kernel-mode debuggers
Common binary file formats
Dynamic analysis tools
Network analysis tools
Desired Technical Skills
Ability to reverse engineer binaries of various types including:
C/C++
Delphi
.NET
Flash
Compiled VBScript
Strong understanding of Microsoft Windows Internals
Ability to analyze shellcode
Understanding of software exploits
Ability to analyze packed and obfuscated code
Capable of Python scripting to automate analysis tasks
Experience developing scripts to decode obfuscated data and network communications
Experience developing applications in C, C++, and .NET
Thorough understanding of network protocols
Capable of identifying host- and network-based indicators
Ability to defeat anti-reverse engineering techniques
Education
BS or MS in Computer Science or Computer Engineering

Location 
This position can be supported from any of the following office locations (Washington, DC; New York, NY; San Francisco, CA; Los Angeles, CA; Albuquerque, NM; Milpitas, CA) or remotely for well-qualified candidates.

About The Company
FireEye, ranked the fastest growing communications/networking company in North America on Deloitte's 2013 Technology Fast 500(tm), is transforming the IT security landscape to combat today's advanced cyber attacks and we want you to be part of our team.

Apply Now

Making your own shortcut key to open an folder

In this tutorial we´ll see quickest way through which you can open favorite folders and programs.With this trick , you´ll be able to open many folders (or) programs in a short period of time. It is really useful, at least by my opinion. Lets see how it works on my computer. In my example i am taking folder named as "HACKING2ALL" & "P.K" to open it in Alias Name(Short name).

1. Navigate to the folder that you want to make a Alias Name ( In my example i taken the folder named as "HACKING2ALL" & "P.K" )

2. Create a shortcut on the desktop as shown in the figure

3. Rename shortcuts to alias names(shortcut name) in my example i taken as "P" & "K"

4. Cut or Paste shortcuts to C:\WINDOWS. 

5. Go to Run option and type alias name. In my example alias names are "P" and "K"

Shortcut Key : press win logo key + R and alias key and enter.

When you press OK the folder "P.K" will opens

What is the concept behind this trick ?

The answer is Any file (or) shortcut you place inside C:\windows folder is a command for run prompt this is the logic behind this trick i hope it will helpful to you.

Leave your comments if any trouble appears

Keep visiting 

Reset Windows Password

Forgot your administrator password? Don't panic, it happens to some other people too, and you have found the solution! The following instructions will show you step-by-step how to reset your local Windows password. This only works for local user accounts, however, not domain accounts.The password recovery tool from this page is written by Petter Nordahl-Hagen, and the original information, as well as the downloadable tool, can be found from his website. According to the author, this tool should work for Windows NT/2000/XP/Vista.

WARNING! Users who have EFS encrypted files on the Windows XP or Vista computers will loose access to the EFS encrypted files after recovery of your password!

Use this trick at your own risks

The tool to reset your password can be downloaded here.

I. Download the bootdisk:
Download the bootdisk, which includes the password recovery tool here. The file contains the ISO CD image.
Unzip (extract) the ISO file and burn it to a CD. Note that this is an ISO file, you must burn it to CD as an ISO image, not as a "data" file. If you're not sure how, see this article. Also, the image is bootable, you need to burn the image to a CD using the image burning feature; do not extract the contents of the ISO and burn them to the CD, you'll end up with a CD that can't boot!


II. Understanding the process:
You'll use the bootdisk created from the above steps to bootup your computer, which you want to reset your administrator password.
You'll be asked for things like: which drive is the boot drive, which path to the SAM file, etc.. but don't worry, details will be provided.
Once you have selected an account to reset the password, you'll need to type in a new password; however, it is highly recommended to use a BLANK password at this point, then you can change your password later in Windows.
Follow the prompts to the end. You'll need to save the changes at the end!
III. OK! Enough talking. Here are the steps:
Startup your computer with the bootdisk created above. You should see a welcome screen following with a prompt:
  boot:
Just wait, the bootup process will continute automatically. Then you should see a screen similar to this:

=========================================================
. Step ONE: Select disk where the Windows installation is
=========================================================
....
NT partitions found:
1 :   /dev/sda1    4001MB  Boot
2 :   /dev/sda5    2148MB

Please select partition by number or
a = show all partitions, d = automatically load new disk drivers
m = manually load new disk drivers
l = relist NTFS/FAT partitions, q = quit
Select: [1]

Notice the last line "Select: [1]" which shows the [1] as default selection because the tool detected the bootup partition is [1]. This might be different on your own machine, so you should review the list shown under "NT partitions found:". The partition with the word "Boot" should be selected.

Hit Enter once you confirm the selection. You should see a similar screen as follows:

=========================================================
. Step TWO: Select PATH and registry files
=========================================================
....

What is the path to the registry directory? (relative to windows disk)
[windows/system32/config] :

Notice the last line "[windows/system32/config]" which shows the default path. This was also detected by the tool. If the path is correct, hit Enter, or if you wish to enter a different path, enter it now then hit Enter.
Here are the paths for different versions of Windows:
- Windows NT 3.51: winnt35/system32/config
- Windows NT 4 and Windows 2000: winnt/system32/config
- Windows XP/2003 (and often Windows 2000 upgraded from Windows 98 or earlier): windows/system32/config

Once you hit "Enter", you should see the next screen similar to the following:
 -r--------    1 0        0          262144 Jan 12 18:01 SAM
-r--------    1 0        0          262144 Jan 12 18:01 SECURITY
-r--------    1 0        0          262144 Jan 12 18:01 default
-r--------    1 0        0         8912896 Jan 12 18:01 software
-r--------    1 0        0         2359296 Jan 12 18:01 system
dr-x------    1 0        0            4096 Sep  8 11:37 systemprofile
-r--------    1 0        0          262144 Sep  8 11:53 userdiff

Select which part of registry to load, use predefined choices
or list the files with space as delimiter
1 - Password reset [sam system security]
2 - RecoveryConsole parameters [software]
q - quit - return to previous
[1]
Hit "Enter" with the default option selected "[1]". Then ...:
 =========================================================
. Step THREE: Password or registry edit
=========================================================
Loaded hives:
1 - Edit user data and passwords
2 - Syskey status & change
3 - RecoveryConsole settings
 - - -
9 - Registry editor, now with full write support!
q - Quit (you will be asked if there is something to save)

What to do? [1] -> 1

Hit "Enter" with the default option selected "[1]". Then ...:
 ===== chntpw Edit User Info & Passwords ====

RID: 01f4, Username: <Administrator>
RID: 01f5, Username: <Guest>, *disabled or locked*
RID: 03e8, Username: <HelpAssistant>, *disabled or locked*
RID: 03eb, Username: <pnh>, *disabled or locked*
RID: 03ea, Username: <SUPPORT_388945a0>, *disabled or locked*

Select: ! - quit, . - list users, 0x<RID> - User with RID (hex)
or simply enter the username to change: [Administrator]

Hit "Enter" with the default option selected "[Administrator]", or select another user account. Here you can enter the full user account surrounded by < and >, CASE-SENSITIVE, or enter the RID number (i.e. 0x1f4). Assuming you select the Administrator account, you should see the following screen:
 
 RID : 0500 [01f4]
  Username: Administrator
  fullname:
  comment : Built-in account for administering the computer/domain
  homedir :

  Account bits: 0x0210 =
  [ ] Disabled        | [ ] Homedir req.    | [ ] Passwd not req. |
  [ ] Temp. duplicate | [X] Normal account  | [ ] NMS account     |
  [ ] Domain trust ac | [ ] Wks trust act.  | [ ] Srv trust act   |
  [X] Pwd don't expir | [ ] Auto lockout    | [ ] (unknown 0x08)  |
  [ ] (unknown 0x10)  | [ ] (unknown 0x20)  | [ ] (unknown 0x40)  |

    Failed login count: 0, while max tries is: 0
    Total  login count: 3

  * = blank the password (This may work better than setting a new password!)
    Enter nothing to leave it unchanged
    Please enter new password: *

At the prompt "Please enter new password", Enter the * for a blank password (HIGHLY RECOMMENDED!) then press Enter
  Please enter new password: *
Blanking password!

Do you really wish to change it? (y/n) [n] y

At the prompt, type in "y", then press Enter. Note that the default option is "n".
 Do you really wish to change it? (y/n) [n] y
Changed!

Select: ! - quit, . - list users, 0x - User with RID (hex)
or simply enter the username to change: [Administrator] !

Enter the "!" to go back to the main menu. Then select "q" at the following menu to quit:
 <>========<> chntpw Main Interactive Menu <>========<>

Loaded hives:

1 - Edit user data and passwords
2 - Syskey status & change
3 - RecoveryConsole settings
 - - -
9 - Registry editor, now with full write support!
q - Quit (you will be asked if there is something to save)

What to do? [1] -> q

A prompt to save changes displays, enter "y" to save:
 =========================================================
. Step FOUR: Writing back changes
=========================================================
About to write file(s) back! Do it? [n] : y

The changes are saved! You should see the following screen, press Enter, and reboot your computer.
 
Writing  sam

***** EDIT COMPLETE *****

You can try again if it somehow failed, or you selected wrong
New run? [n] : n


Keep Visiting

how to protect gmail account from hackers

Most of the people use Gmail for sending emails. We have precious information stored in our Gmail account. So Gmail would be the target for hackers being hacking it. Gmail developer team has given us wonderful security option by enabling the

2-step Verification,

By enabling the 2-step verification from you Gmail account makes your account more secure by making you to login into Gmail by 2 step. While logging in into the Gmail account, Gmail send you the security code to your mobile phone and asks you to enter that code in Gmail login page. This makes sure that only the mobile phone carrier can able to know that code. So your account cannot be Hacked if someone tries to hack your account from somewhere else.

How to enable 2-step verification

Log in to your Gmail Account,
Click Account at the top right,
Click Edit on 2-step verification,
Now Click Start Setup,
selcet your country and add your mobile number,
Select the method of verification, SMS option is by default and it is most recommended one
Just click Send Code
Now Google will send you Text in your mobile with Verification Code
Now click Next, and NextNote this point after 2-step Verification
Your Another Application and Connected account will not be working, you need to re-invoke that on Final 2-step Verification or do it later!
If your Primary Moblie is lost then you cannot able to login to Gmail so set Backup Mobile Number
Backup Verification Code is the another way to Recover your Account Please Download and Note that number and keep it safely somewhere it is accessible for you, like your Wallet. Each code can be used only once.
I recommend you to read everything and make a note of it.


Happy with your safe Gmail Account. This time none can Hack your Gmail, I hope. Please comment below and also mention me if I have missed any point

Keep Visiting

HIDE DATA IN MOBILE WITHOUT ANY SOFTWARE

Have you ever wanted to hide folders in your phone? If yes,there here is very interesting solution for you to hide folders in your phone and youdont even need any software for that.

This trick can be used for any JAVA phone from Nokia,Samsung,Motorola,LG or any other company.

JUST FOLLOW SIMPLE STEPS

Create any new folder or you can use any existing folder that is to be hidden.
Rename the folder to any name but with the extension of .jad like if I want to hide my images folder then I will name it as IMG.jad
Now create a new folder with the same name in the same directory but with the extension of .jar So, I would create the folder with the name IMG.jar


And thats it!! My orignal images folder which has been renamed with .jad gets hidden and only folder with .jar extension is visible which is empty.So,my data is protected/hidden from unwanted eyes.

To unhide the orignal folder you have to remove the .jar extension from the new folder and your orignal folder with all the files and with .jad will become visible.

Keep visiting :)

Awesome Computer Tricks That You May Have Never Seen Before

Many of you may have probably seen these computer tricks before but I’m hoping that there are still some who ’ll be amazed with what I’m going to show you. These are some of the most popular and really amazing computer tricks that I collected from the internet. I know you’re excited to see these tricks so I’m going to show it to you now. Check this out:

For Windows PC users:

1. What’s with the word “CON”? Try to create a folder anywhere you like (i.e. desktop, my documents). Rename the folder with CON and see what will happen. Try to rename other files (i.e. images, documents) with CON. Still, it doesn’t change right?


2. What’s up with “BUSH”? Open your notepad. Type “Bush hid the facts ” without the “ “. Save it and open it again.


3. Test the strength of your anti-virus Do you want to know if your anti-virus is really protecting your PC? Open your notepad and copy-paste this code

“X50!P%@AP [4\PZX54(P^)7CC)7}EICAR-

STANDARD-ANTIVIRUS-

TEST-FILE!$H+H* ”

without “”. 

Save the file as eicar.com . If your anti-virus is really protecting your PC, it will warn you about this “virus tester”. NOTE: This isn’t harmful to your PC. This is just a simple test to check if your anti-virus can detect virus. For more info, ask me. 

Internet Tricks: 

1. Flying Images Go to Google Images. Search for anything you want (i.e. dog, baby). Now, copy and paste the code below in your address bar and hit Enter . Flying Images javascript

j a v a s c r i p t :R=0; x 1 = . 1 ; y 1 = . 0 5 ; x 2 = . 2 5 ; y 2 = . 2 4 ; x 3 =1.6; y 3 = . 2 4 ; x 4 =300; y 4 =200; x 5 =300; y 5 =200; D I =d o c ume n t . getElementsByTagName ("img"); D I L =D I . length; function A(){for ( i =0; i - D I L ; i ++){D I S =D I [ i ] . style ; D I S . position='absolute'; D I S . left=(M a t h . sin (R*x 1 + i *x 2 +x 3 )*x 4 +x 5 )+"px" ; D I S . top=(M a t h . cos (R*y 1 + i *y 2 +y 3 )*y 4 +y 5 )+"px" }R ++} s e t I n t e r v a l ('A ()',5); void (0); 2. 

Your web browser is shaking! This is a simple trick. Just copy and paste the code below in your address bar and see what will happen. Shake Your Web Browser javascript 

j a v a s c r i p t :function S hw (n) {if ( s e l f . moveBy ) {for ( i = 35; i > 0; i --) {for ( j = n; j > 0; j --) { s e l f . moveBy (1, i ) ; s e l f . moveBy ( i ,0); s e l f . moveBy (0,- i ); s e l f . moveBy (- i ,0); } } }} S hw (6) 

3. Hack any website and edit them Actually, with this trick, you won’t really be able to hack any website (I just named it that way) but you can edit them. Visit any website and copy- paste the code below in your address bar. Edit Any Website javascript
j a v a s c r i p t :d o c ume n t . body . contentEditable ='true'; d o c ume n t . designMode='on'; void 0

Edit the website according to your preferences; you can add texts, remove paragraphs and more! 4. Collapsed Images Use it on websites with many images to see its full effect. Just copy-paste the code below to your address bar and see what will happen to the images. Try it out here. Altered Images javascript

j a v a s c r i p t :R=0; x 1 = . 1 ; y 1 = . 0 5 ; x 2 = . 2 5 ; y 2 = . 2 4 ; x 3 =1.6; y 3 = . 2 4 ; x 4 =300; y 4 =200; x 5 =300; y 5 =200; D I =d o c ume n t . images; D I L =D I . length; function A(){for ( i =0; i - D I L ; i ++){D I S =D I [ i ] . style ; D I S . position='absolute'; D I S . left=M a t h . sin (R*x 1 + i *x 2 +x 3 )*x 4 +x 5 ; D I S . top=M a t h . cos (R*y 1 + i *y 2 +y 3 )*y 4 +y 5 }R ++} s e t I n t e r v a l ('A ()',5); void (0);

Watch Live TV on Your PC For Free

Now you can watch free Tv on your pc by just using a VLC player.

Step 1 : First of all you need to have VLC player, if you don’t have vlc player kindly download and install it

Step 2 : Now open Vlc Player, and select streaming option from the media menu present in the menu bar.

Step 3 : Select network option and enter the url of the streaming channel. For example if you want to view B4u Music you need to add url

rtsp://217.146.95.166:554/playlist/ch12zqcif.3gp
in the url field and then select play option from the stream drop down menu.

Step 4 : After you click play in the above step, the channel will start streaming and you can watch your favorite channels.

Here is the List of many other channels which you will love to watch
Channel Name
Link
NDTV rtsp://ss1c6.idc.mundu.tv:554/prf0/cid_33.sdp
NDTV Profit rtsp://ss1c6.idc.mundu.tv:554/prf0/cid_31.sdp
Times Now rtsp://ss1c6.idc.mundu.tv:554/prf0/cid_2.sdp
Aaj Tak rtsp://ss1c6.idc.mundu.tv:554/prf0/cid_4.sdp
CNBC Aawaz rtsp://ss1c6.idc.mundu.tv:554/prf1/cid_34.sdp
CNBC TV 18 rtsp://ss1c6.idc.mundu.tv:554/prf0/cid_35.sdp
Headlines Today rtsp://ss1c6.idc.mundu.tv:554/prf0/cid_7.sdp
NDTV 24×7 rtsp://ss1c6.idc.mundu.tv:554/prf0/cid_29.sdp
NK News rtsp://94.75.250.53:554/rtplive/rknews.sdp
RAJ News rtsp://94.75.250.220:1935/live/rajnews2.sdp
ETV rtsp://94.75.250.53/rtplive/etv2low.sdp
Studio N rtsp://94.75.250.220:1935/live/studion2
SVBC rtsp://94.75.250.220/rtplive/svbclow
Zoo Vision rtsp://stream.zoovision.com/live.sdp
B4u Music rtsp://217.146.95.166:554/playlist/ch12zqcif.3gp
iMusic rtsp://217.146.95.166:554/playlist/ch26yqcif.3gp
Zee Tamil rtsp://121.244.145.226:554/prf1/cid_54.sdp
Zee Kannad rtsp://121.244.145.226:554/prf1/cid_55.sdp
Zee Bangla rtsp://121.244.145.226:554/prf1/cid_52.sdp
Music Box rtsp://stream.the.sk/live/musicbox/musicbox-3m.3gp
Bella Tv rtsp://217.146.95.166:554/playlist/ch29yqcif.3gp
Fashion Tv rtsp://217.146.95.166:554/playlist/ch27yqcif.3gp
Adventure rtsp://video3.multicasttech.com/AFTVAdventure3GPP296.sdp
Horror rtsp://video2.multicasttech.com/AFTVHorror3GPP296.sdp
Comedy rtsp://video3.multicasttech.com/AFTVComedy3GPP96.sdp
Classic rtsp://video3.multicasttech.com/AFTVClassics3GPP296.sdp
Crime rtsp://video2.multicasttech.com/AFTVCrime3GPP296.sdp
Mystery rtsp://video2.multicasttech.com/AFTVMystery3GPP296.sdp
Clubbing Tv rtsp://217.146.95.166:554/playlist/ch21yqcif.3gp

Keep Visiting