Beng Hacks: May 2008

Monday, May 26, 2008

Keylogging logs cache!

Is Google a CIA front? Does the CIA pay Google millions a year to feed their need for info and data? Considering that the Google bots are really really good at spidering, I think anyone will think that way.

Google is famous for being a good engine and people even use it to hack, there's even a book called Google Hacking! It seems one Google Hack has been Digged.

It's a server which seems to have been hacked and used as a storage server for trojan keyloggers. The server is in Korea so maybe the hackers are korean but the logs all point to US sites. I suspect this infection vector is from software like software key generators, game EXE cracks or similar.

I downloaded the logs, quite recent totalling 133 files right now, contained URLs and the usernames/passwords used to connect or login to them. Yet to read thru them but the early ones contain actual email logins. Also got some funny IM chats here's a sample:

Send a Text Message
trackResponses=No
subject=honey
callback=
sender=
type=0
text=im+home+babe.+my+dads+on+my+home+phone.
+the+first+time+i+smiled+all+day+was+seeing+you+come+around
+the+corner+with+you+jordan+box+%3A-%29%0D%0A
min=6093137304
ID=f23037830a6d3b164a5b
verification_code=9+k+z+6+h
...
...
text=idk+if+u+can+reply+to+the+email+but+u+can+try.
+im+probably+gonna+call+u+tomorrow+about+monday.
+i+love+you+so+much


Ok I admit it's rude to post this, but I see this type of shit all the time on my keylogs and some even more steamy. Tip to future trojan programmers, dun store ur trojan keylogs in webservers and if you do, dun store ur logs in plaintext!

Tuesday, May 13, 2008

Inspirations

What sites or magazines do you read for insights?

I visit a few hacking related sites. One of them is OpenRCE.org, a really technical site on reverse engineering. Why RE? Cuz in RE you see the real inner workings of the very thing you're trying to hack, the computer, as well as the very stuff you use, the code/binary.

Another one I like is Boing Boing (boingboing.net) cuz it's techie and oso fun to read. They also have a webcast if you don't like to read.

I also read Hackin9, a hacking-related magazine, u can get it from Borders Lane Crawford. It covers from basic topics to detailed code to build, hack and protect. Very insightful but sometimes the editing is abit bad cuz the writer is not a native english speaker.

Locally, there's nothing to read. Occasionally I visit HWZ and VRZ but it's mostly for entertainment cuz peeps there don't talk about hacking cuz it's treated as illegal and are scared to discuss it. Too bad.

Hopefully when I start looking for a job I can find one where I can actually talk and work hacking. Dream job come true!!! Too bad no such thing here.