Beng Hacks

Monday, August 04, 2008

New blog site

Starting on a new blog site to better identify with my roots aka Singapore.

Check it out here (or hopefully be redirected in 10 seconds)!

Sunday, August 03, 2008

Can you figure this out?

-[shift][shift][shift][shift][shift][shift][shift][shift][shift][shift][shift][shift][shift][shift][shift][shift][shift]; [<-][<-][<-][<-][<-][<-][<-][<-][<-][<-][<-][<-][<-][shift][shift][shift][shift][shift][shift][shift][shift][shift][shift] [shift][shift][shift];-[C][C]b14b44b82bnbb0vxzkgjb14b420.,,.,.,.,.,.,,..,.,.awwwwwwwwwwwwwwwwwwwwwwww wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwa [ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl] [ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl][ctrl]awwwwrwb44.,,.,.,.,.,.,.,.,.,61000dot [tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab] [tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab] [tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab] [tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab] [tab][tab][tab][tab][tab][tab][tab][tab][tab][tab]b14,.,,.,.,.,.,..,,.,..,,.wwwwwwwwwwwwwwwwa[tab][tab][tab][tab] [tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab] [tab][tab][tab][tab][tab][tab][tab][tab][tab]dddddddddddddddddddddddddddddddddddddddddwddddddddddddw wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwb42,..,,.,.,.,.,..,.wwwwwwwwwwwwwwwwwww wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaadwdwwwawdddddddddddddddddddddddddwwwwwwwwwwwwwwwwwwaaaaaawwwwwwwwwwwww wwwwwwwwwwwwwwwwwwwwwdddwwwwwwwwwwwawaaaaaaaaaawwwwwwwwwwwwwwwwwwwwww wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww[tab][tab][tab][tab][tab][tab][tab][tab] [tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab] [tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab] [tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab] [tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab] [tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab][tab] [tab][tab][tab][tab][tab][tab][tab][tab]b44,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,..,.,wwwwwwwwwqqwwwwwwwwwwwwwwwwwww wadwdwwwddddddddddddddddddddddddd

Can you decipher the above? Heheh... it's someone playing a game that uses WASD keys to move, and the number keys for weapons... Actually it's Counter-Strike!! TAB for score, shift to run? I think ctrl is duck LOL.... captured this from one of my victims infected with my keylogger.

Still got ppl playing CS? Mmm maybe CS:Source.

National Day fast approaching. Since I did the National Day (Beng)Hack(s) Run last year, this year I'll do it again. 43rd birthday Singapore! NDP'08 should be a special one, with 8.8.8 being a big deal for China and the Olympics. But what? Oh btw I found that I wasn't the only one (ok lah, I'm not that a big deal that everything I do is original!!!) doing National Day attacks heheh. Very common to use holidays to get ppl to read spam and get themselves infected with trojans. There was a cool attack during the USA 4th July Independence Day this year, using fireworks as a cover. You can read about it here.

Anyway back to topic. Haven't decided what to do yet but Trinity suggested something to do with NDP'08, like Marina Bay or the heart-shaped fighter jet stunt (which BTW I can see from my place every NDP preview session!). Maybe that ba.

My lecturer suggested I check out the JobCentre fair at Suntec this month, to see if there's available jobs in the market for people of my interests, ie hacking code, writing virus, etc... yes I'm going down, see see look look. I was thinking at the same time, if ppl give out free thumbdrives during the session, how many of them will have autorun trojans?

Oh and 1 more thing, I'm thinking of moving to benghacks.lah.cc, what do you think? I find Wordpress's features alot more appealing than Blogspot's which is very limited.

Sunday, July 13, 2008

Local shit

So after avoiding the HWZ forums for awhile, I decided to pay it a visit... still a sad lousy place with no useful discussion. Look around see only topic like why BT is throttled, which ISP is best with which online speedtest, Vista themes, which firewall or antivirus to use, etc... sianz.

There WAS one thread which caught my eye:

http://forums.hardwarezone.com.sg/showthread.php?t=1934815

This guy was convicted and jailed for CMA, actually his friend was caught and bunknife him. Then he swee swee go confess to everything even when the police no evidence against him. Wa hero take a grenade for the team. Anyway la, now with criminal record he asking why ppl dun hire ex-blackhats.

Sir, I dun think you can be considered a black hat cuz actually in the eye of local company u're a criminal first. Maybe if you're in the US or if u're a disciple of Kevin Mitnick then ya no problem. Otherwise in kiasi singapore, how can?? Cool sidenote someone mentioned me by name HAHAHA...

Anyway la, dunno if is I dun visit enough local forums or really local forum no real technical discussion. Even my poly internal forums no technical discussion worth reading lor. Wonder if uni level forum got such discussion anot. By discussion I mean the stuff that hacker teams talk about. Like the chinese Security Teams, eg Phantom, Angel, etc. They are pro sia, publish zero-day exploits and code like nobody's business. Wonder if they're being paid by the chinese govt to attack US and defend their Great Firewall of China?

Wednesday, July 09, 2008

Vista and UAC

Recently I discovered something interesting about Vista. Maybe not interesting, maybe more shocking.

I found out that UAC will ignore certain applications and not prompt you to "Continue" or "Cancel". It has a list, haven't found where the list it yet. But I found one type of file that UAC will ignore: the Autoplay/Autorun.

If you specially craft an exe in a removable media and specially craft certain other files (try to guess what they are!), then rename it as autorun.exe, UAC will not prompt you if you run it. If you want to be technical, this is an exploit. U might need to do a few more things but not sure yet if they also help to fool UAC.

If you want more details, email me.



The other day I was talking to my poly lecturer and I told him about my interests and also my website. Yesterday he asked me to see him.... !!!! thought at first was cuz my assignment. But actually later he told me that he visited my blog and was concerned that I am breaking the law with my activities, like hacking and wifi mooching.

Something like Computer Misuse Act I read a few times appearing on papers, is quite a serious offense. So he thought that I should either be VERY careful with my hobby, or stop it. He did say that entries in a blog cannot be used to arrest me, so still ok. I know in NYP there's a guy there who is also like me (I met him b4 btw) and is on criminal record cuz he really did get caught under CMA. But even with that blackmark he escape jail cuz of age and still manage to go into poly. No need to mention names u can google him. Last I heard he is top of his cohort. Dunno whether true anot.

So far I'm still quite safe, no one knock on my door hahahah. But think need to be more careful esp online when people start asking for my personal info, say what la is a trust issue they must trust me first b4 they accept my help, and one way to gain that trust is to meet F2F.

Erm... u wan to trust me but how should I trust you? So muz be fair and both reach out and grab each other hands I guess. If dun like, walk away. If like, embrace with open arms.

Wednesday, June 04, 2008

Rudra ADT

Rudra is synonymous with Shiva the God of Death and are interchangable (wiki). Rudra is also the name of a new anti-virus software, which is currently being sold here in SG.

Can't find any info about this Rudra, except that it's created by a local company. Seems that Rudra is an old type of Indian language called Sanskrit. Meaning to day Rudra is created by our local Indian FTs? Power...

This Rudra, the box is black in colour and it claims that it can protect your PC against virus and worm without updates. Hmmm.. if it isn't using signatures to detect, means 2 things. 1 is that it's not a normal AV but more of an active type of protection software, like rootkit detector, blacklight, behaviour detector, etc. 2 is that Rudra is total crap, selling stoopig software to stoopig ppl.

There is no free or downloadable version for demo and the box is a big cardboard box with a CD and paper sleeve, din buy but u shake it u can tell. Anyone bought it got comments?

Monday, May 26, 2008

Keylogging logs cache!

Is Google a CIA front? Does the CIA pay Google millions a year to feed their need for info and data? Considering that the Google bots are really really good at spidering, I think anyone will think that way.

Google is famous for being a good engine and people even use it to hack, there's even a book called Google Hacking! It seems one Google Hack has been Digged.

It's a server which seems to have been hacked and used as a storage server for trojan keyloggers. The server is in Korea so maybe the hackers are korean but the logs all point to US sites. I suspect this infection vector is from software like software key generators, game EXE cracks or similar.

I downloaded the logs, quite recent totalling 133 files right now, contained URLs and the usernames/passwords used to connect or login to them. Yet to read thru them but the early ones contain actual email logins. Also got some funny IM chats here's a sample:

Send a Text Message
trackResponses=No
subject=honey
callback=
sender=
type=0
text=im+home+babe.+my+dads+on+my+home+phone.
+the+first+time+i+smiled+all+day+was+seeing+you+come+around
+the+corner+with+you+jordan+box+%3A-%29%0D%0A
min=6093137304
ID=f23037830a6d3b164a5b
verification_code=9+k+z+6+h
...
...
text=idk+if+u+can+reply+to+the+email+but+u+can+try.
+im+probably+gonna+call+u+tomorrow+about+monday.
+i+love+you+so+much


Ok I admit it's rude to post this, but I see this type of shit all the time on my keylogs and some even more steamy. Tip to future trojan programmers, dun store ur trojan keylogs in webservers and if you do, dun store ur logs in plaintext!

Tuesday, May 13, 2008

Inspirations

What sites or magazines do you read for insights?

I visit a few hacking related sites. One of them is OpenRCE.org, a really technical site on reverse engineering. Why RE? Cuz in RE you see the real inner workings of the very thing you're trying to hack, the computer, as well as the very stuff you use, the code/binary.

Another one I like is Boing Boing (boingboing.net) cuz it's techie and oso fun to read. They also have a webcast if you don't like to read.

I also read Hackin9, a hacking-related magazine, u can get it from Borders Lane Crawford. It covers from basic topics to detailed code to build, hack and protect. Very insightful but sometimes the editing is abit bad cuz the writer is not a native english speaker.

Locally, there's nothing to read. Occasionally I visit HWZ and VRZ but it's mostly for entertainment cuz peeps there don't talk about hacking cuz it's treated as illegal and are scared to discuss it. Too bad.

Hopefully when I start looking for a job I can find one where I can actually talk and work hacking. Dream job come true!!! Too bad no such thing here.