Hacker

Thursday 4 August 2011

Latest Hacking news|| latest vulnerability

Android app turns smartphones into hacking machines


Sometimes back, we had seen neopwn for Nokia n900 which was full fledged penetration testing suite for mobile phones. Its support for other platform was a big issue. A good news for all android dominated security nerds out there! At DefCon, Itzhak Zuk Avraham, also known by the handle @ihackbanme showed off the new hacking tool. The tool is called “The Android Network Toolkit,” named Anti for short. It will soon be available for free in the Android Market. It is is designed for penetration testing, searching out and demonstrating vulnerabilities in computer systems so that they can be patched.
  This tool kit offers a wi-fi-scanning tool for finding open networks and showing all potential target devices on those networks, as well as traceroute software that can reveal the IP addresses of faraway servers. When a target is identified, the app offers up a simple menu with commands like ‘Man-In-The-Middle’ to eavesdrop on local devices, or even ‘Attack;’ The app is designed to run exploits collected in platforms like Metasploit or ExploitDB, using vulnerabilities in out-of-date software to compromise targets. It can also target default SSH passwords in jailbroken iPhones. Soon the application will be ported for iOS. The application is expected to launch in android market by next week.

 --------------------------------------------------------------
Today, i m publishing an issue in DRDO’s site :
But Before reading this content, read the Disclaimer specified, into the description of this category, or, you can use this link to jump over their :  Disclaimer
the DRDO’s site is developed in a nice web scripting language ie. JSP, and off course, i like it… i love each and every java technology, although i m not proficient with JSP.. :-(
DRDO’s details are :
drdo_logo_name
DEFENCE RESEARCH & DEVELOPMENT ORGANISATION
Ministry of Defence, Govt. of India
you can check their official site and find more, information about them at :
  1. http://drdo.org
  2. http://drdo.gov.in
But, their is a vulnerability, in their site as well, they make use of GET method for propagating data between, different web pages very extensively….
you can exploit it, and play with their website:
Issue 1:
If you would like, then you can just hang up, their web site (on your system, as well as server also), by sending the thread, by which you are connected to their server in infinite looping state, question arises how to do that, check out the following url:
http://drdo.gov.in/drdo/English/index.jsp?pg=homebody.jsp
Concept:
in this url , they are passing a variable pg  by get method, to a page index.jsp , for fetching up some other page up from the server and displaying it, over their, in an area meant for it, since they had made a structure or backbone page, for their website and display most of the pages into that area.
What if we open index.jsp , by passing pg‘s value as index.jsp, in index.jsp
i think, if you are intelligent enough to read this document, then you understand the consequences..
       

                                                        
Posted by at

1 comment:

  1. Raghunath Samantaray5 August 2011 at 01:10

    kyuni nahi sir jarur jannaa chahenge

    plz i want hack gmail id, so plz tell me .........................http://salmanmusiclover.blogspot.com/

    ReplyDelete

Subscribe to: Post Comments (Atom)