Blackhat hacker penguinman2100 demonstrates how to hack google to upload any hacker files or pictures to any website using PHP Photo exploits.

The blackhat hacker penguinman2100 hacks into websites using this tutorial as you can see in our video.

He has illegally hacked into sites such as http://textideas.com and http://www.sq-bleiburg.at as he has proven with the access in this video.

Penguinman2100 writes on his cracker blog:

**NEWS: I have recently become intrested in “Google Hacking” now I know that sounds pretty bad but it isnt really. “Google Hacking” is basically accessing things on Google in which the average person cant do and in which some illegal activity can occur.

The blackhat hacker Penguinman2100 is also known as Zachary D., he is male and 19 years old, and he currently lives in Calgary, Alberta (Canada), where laws against blackhat hacking in google do not exist.

His hack partner SteveTheMaster (Steve Nahilian) also a blackhat and is a much dangerous hacker with advanced skills.

Zach~
Hello! we are hacking partners. my name is zach. im not as good as of a hacker as steve, but i’ll do my part.

Steve~
sup, i am Stevethemaster (click here to chat on AIM) from Steve Company, i am the king of goldfinger & Qcode64 hacking. i do every type of hacking known to hackers on da web, l00k 0ut 4 my vids. Zach is my hacking partner, he has a great mind on image hacks. we are from spiralmountain.co.uk

Thank you to Zachary D. and Steve the Master Hacker for producing these excellent hacking video tutorials to teach blackhats how to hack illegally into websites such as textideas.com. Please we are waiting for episode 2 of How to Hack Google! Keep up the good works and submit great hacking tutorials for our readers!

There have been a lot of Mac web blogs hacker defaced recently by hackers that are using 0day XSS scripting exploits in Wordpress.

One victim of the 0day XSS Miles Evans from MacApper.com writes:

“I took the liberty of analyzing the hack a bit in the hopes it helps others prevent this from happening to them. Although we had updated our blog to the latest version of Wordpress, near as I can tell the hack was accomplished via an XSS (cross site scripting) exploit. By executing some malicious code in the query string the hacker was able to write to our .htaccess file the following:

#this is for rotten mac fanbois - suck it down.
#RewriteRule ^divider.png$ /rotten/divider.png [L]
#RewriteRule ^rotten.jpg$ /rotten/rotten.jpg [L]
#RewriteCond %{REQUEST_URI} !^/rotten.*
#RewriteRule !rotten/index.html$ /rotten/index.html [L]

The problem is that the exploit appears to be unknown to Wordpress as far as I can see (I will be reporting it to them), so other Wordpress blogs may be susceptible. I wish I could offer more help.”

“[…] By default WP wants to handle the .htaccess file dynamically so it needs to be set world writable. We tweaked this before putting the blog back online and we should be safe now. If anyone needs a hand feel free to email me (milesevans _AT_ macapper.com).”

Loweded Wookie adds some helpful technical feedback for advanced Mac users:

“When I was using XOOPS I got hacked once but all the little retard did was create a file called index.html. All I did was alter the Apache file so that PHP files were executed before HTML files and any hack after that from little brained people would have been thwarted. Any further attempts to hack WordPress are thwarted by a simple permissions change. Of course .Mac accounts are different because the hacker would first have to find your machine, intercept the Kerberos encrypted password (yeah, good luck on that one), and then do some damage. Considering many .Mac pages are edited using iWeb then any hacked pages would be up for a grand total of… however long it takes to upload to .Mac. Hell, comment floods can be removed simply by clicking the comment box and hitting delete in iWeb.”

Another reader, Chris, asks the very question that came into our mind as we read this report:

“To even GET data to the server, it would have to be a type 2 attack. I doubt this was overlooked in the release of WordPress 2.3.1, since the primary release was for security. Secondly, the vulnerable page would have to be a publicly accessible page, making a type 2 XSS even more rare. Finally, why would you possibly leave your HTACCESS file world-writable, and how would this “hacker” write files back to your server using a type 2 exploit anyways? At most it could be redirected to another site. Please explain.”

Wookie offers more technical advice:

“It’s more common than you know. This was something that needed to be done on older versions of XOOPS. It had to have at least administrator rights to access the file but the passwords etc are all plain text so it’s reasonably easy to hack a PHP based content management system and WordPress is no exception.”

Another Macintosh web blog, GlenWolsey.com, a Macblog site on blogspot has been taken down by a blackhat XSS hacker. The black-hat technique used in this attack was also a Wordpress XSS overwriting of a world-writable .HTACESS file.

A quote from the hacked site: “This website has been flagged for excessive Apple fanboism, and has been taken down for 24 hours. This is a message to the rest of the Mac community, so listen up. Ever heard of hubris? Tone it down, and you will not be attacked. Everyone else is open game.”

The XSS Blackhat hacker, known as Malcor, has posted many threats to his own pages:

“The target will be posted on this site once the attack begins. I will be sending said target a note with a heads up before. Hopefully, by the end of the attack, a sea change will begin to happen. Does anyone disagree with me that the Mac world be a much more pleasant place if smugness wasn’t tolerated?”

“The attacks will be untraceable, and unstoppable.”

Source: http://malcor.blogspot.com

“A design flaw in the WordPress blog software authentication process makes it easier than previously believed for attackers to compromise a system. Most content management systems and blogs save user passwords as hashes in the underlying database. So even if attackers were to get access to the hashes stored in the database, for instance by means of an SQL injection hole, they have not been able to do much with them up to now.”

http://en.wikipedia.org/wiki/Password_Cracking

“Specifically, if they want to recover the passwords, they would have to compare a hash with entries in a “rainbow table” – a process that can take some time and may not work at all for long passwords, for which there simply are no tables.”

“But according to a security advisory published by Stephen J. Murdoch of the University of Cambridge, a property in WordPress can be exploited to get access without the password. Instead of trying to obtain the password, Murdoch used its hash to generate an authentication cookie to gain access to the system. A member of the core team behind The Onion Router (TOR) anonymization project, Murdoch says that the MD5 hash only has to be hashed a second time with MD5. According to his report, the authentication procedure implemented in WordPress then looks like:

wordpresspass_<MD5(url)>=MD5(user_pass)

Here, the URL is clearly spelled out, and user_pass corresponds to the hash (MD5(password)). Along with the wordpressuser cookie (that wordpressuser_<MD5(url)>=admin), access is then reportedly provided to the WordPress admin account. Murdoch says he has informed the developers of WordPress of the problem, but they have yet to react.”

http://en.wikipedia.org/wiki/HTTP_cookie

“A design flaw in the WordPress blog software authentication process makes it easier than previously believed for attackers to compromise a system.”

This attack is very dangerous 0day for wordpress 2.3, and it only requires the hacker to compromise adminitrator access to wordpress using another more serious hole, and then instead of using admin access or creating new users or modifying user or backdoor into wordpress, he can take encrypted md5 from hacked database and gain access as a user to the wordpress he has previously hacked. All user are encouraged for upgrades. See more:

Sources:

http://heise-security.co.uk/ - Security and Internet Security Expert Consultants.

http://www.cl.cam.ac.uk/users/sjm217/advisories/wordpress-cookie-auth.txt

“One of the world’s most prominent cryptographers issued a warning on Friday about a hypothetical incident in which a math error in a widely used computing chip places the security of the global electronic commerce system at risk.”

“Adi Shamir, a professor at the Weizmann Institute of Science in Israel, circulated a research note about the problem to a small group of colleagues. He wrote that the increasing complexity of modern microprocessor chips is almost certain to lead to undetected errors.”

“A subtle math error would make it possible for an attacker to break the protection afforded to some electronic messages by a popular technique known as public key cryptography.”

Mr. Shamir wrote that if an intelligence organization discovered a math error in a widely used chip, then security software on a PC with that chip could be “trivially broken with a single chosen message.”

Executing the attack would require only knowledge of the math flaw and the ability to send a “poisoned” encrypted message to a protected computer, he wrote. It would then be possible to compute the value of the secret key used by the targeted system. With this approach, “millions of PC’s can be attacked simultaneously, without having to manipulate the operating environment of each one of them individually,” Mr. Shamir wrote.

An Intel spokesman noted that the flaw was a theoretical one and something that required a lot of contingencies.

Mr. Shamir said he had no evidence that anyone is using an attack like the one he described.

Thank you to John Markoff for writing this useful warning article.

Source: John Markoff @ NYTIMES

Dr Craig Wright has described a new attack vector known as Cross-Site Faxing (XSF) that abuses weaknesses in OCR 2.0 anti-phishing technology to bypass commercial anti-CSF appliances such as the i-XSS BloggerShield and UBsecure’s new XRCF Webfender 2.1.

On Nov 18, Dr Craig Wright (cwright@bdosyd.com.au) writes to pen-test:

“I have thought of an alternate path to loading a virus bases on a network OCR’d fax server. In the scenario, we have to assume that the system is sending the output to a web front end or HTTP enabled email (not that uncommon).”

Dr Wright subsequently illustrates to the reader what he has previously written using the following hypothetical scenario:

• The system has no input filters and prints all characters to the email, web app.
• The OCR engine is highly accurate and does not add spaces etc.
• The email or web app displays exactly what it received

“Now given that scenario, we have a possible XSS (cross-site-scripting) attack. If there are no filters for an outgoing connection (i.e. no firewall/proxy that strips scripts) and the client browser/email application allows access to the Internet, the attacker could create a script in the page that makes a call to an external system to download a file … a script could also embed a simple XOR obfuscation key to modify the downloaded code. On the web server it would be inert. When XOR’d with the key in the script (after being downloaded and installed), this will thus bypass the AV server (if there is one) and install the malware on the users system. […] Regards, Dr Craig Wright (GSE-Compliance)”

It is interesting to see this challenge considered by the security community. Are there currently any products we can purchase to scan incoming faxes? What about physical mail? A malicious attacker could embed scripting into an application form that is then printed and sent through snail mail to a recipient mail desk which scans the mail and forwards as a pdf or tiff image to the unsuspecting victim.

This attack is very deadly as it takes advantage of embed or macro or client side exploits against pdf or tiff clients and users. This is a very dangerous attack vector that must be explored, and all security consultants are encouraged to alert the wider community of the dangers of Cross Site Faxing and Cross-Site Postage exploits.

Click here to send your facebook cookies to xssworm (-;

http://www.facebook.com/share_redirect.php?h=fef648d6fe6177edfa9ff58e779a83&url=http%3A%2F%2Fwww.facebook.com%2Fshare_redirect.php%3Fh%3D0%26url%3Dhttp%3A%2F%2Fxssworm.com&sid=6330305874

We can upload JPG injected with JAR? or 2nd pass of redirect bugs. Facebook now allows embed of mp3 and other items using share bookmarks

javascript:var d=document,f=’http://www.facebook.com/share’,l=d.location,e=encodeURIComponent,p=’.php?src=bm&v=4&i=1182484661&u=’+e(l.href)+’&t=’+e(d.title);1;try{if(!/^(.*\.)?facebook\.[^.]*$/.test(l.host))throw(0);share_internal_bookmarklet(p)}catch(z){a=function(){if(!window.open(f+’r'+p,’sharer’,'toolbar=0,status=0,resizable=0,width=626,height=436′))l.href=f+p};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else{a()}}void(0)

Facebook has many hole like this

vaj.