This site is some kind of personal database gathering notes about my day-to-day discoveries in the IT world basically about security.
While some are howtos and tips (we learn a new thing every day eh), hopefully you'll find some of them informative !

August 1, 2008

Hacking InvisionFree forums

Ever wanted to hack that InvisionFree forum that you despise? Or maybe you're the ethical hacker that simply wants to show InvisionFree owners how to stay secure (through demonstration, no less). Either way, you might find this guide useful.

Requirements:
- Basic HTML knowledge
- Advanced-ish PHP knowledge
- Advanced-ish Javascript knowledge
- An inconspicuous image
- A PHP host
- An (active) Invisionfree forum to hack
- Proxy/proxies (optional, but recommended)
- Possibly social engineering skills

That's a long list of requirements, but I'm sure most of you have these things.

STEP ONE: THE COOKIE STEALER
You need to write a cookie stealer. Preferrably, the cookie stealer should show itself as an image so you don't have to redirect your victims to it (ensuring a quickly blown cover). I'm not going to tell you how to write one, mainly because you have an unlimited amount of information at your fingertips, hiding under the name "Google". Just have there be a GET variable containing the cookie and then store it in a text file or a MySQL database. If you choose the latter, remember to include a file that gets the cookies from the database and also guard against SQL injections.

STEP TWO: IMPLEMENTATION
It's time to implement your cookie stealer. You will need the forum to have HTML in signatures. If you already have HTML in the signatures, skip to the next paragraph. If you're unlucky enough not to, you're going to have to convince the admin of the forum to enable HTML in signatures. For instance, say you have a killer Flash signature that you just HAVE to include.

Include the cookie stealer's image in an img tag. Give it a unique id like "snarfblat" or "cacklemuffs" so you can edit the image source with Javascript.

InvisionFree doesn't filter out "onFocus", which is great for us. Add a body tag with the onFocus attribute that changes snarfblat/cacklemuffs' src. It would appear something like:



Submit and try it out. If it works, congratulations! Move to step three. If it doesn't, you might have done something wrong.

STEP THREE: GETTING THE COOKIES
Post. If you feel like you're not getting good enough cookies fast enough (you want access to the ACP), PM the admins.

STEP FOUR: WHAT NOW?
Crack the admin passwords. They're unsalted. If you somehow don't know how to distinguish between admin and member, find the member ID's of the admins. Then find those ID's in your cookies (e.g. [forumname]member_id=1), locate the pass_hash of the cookies, and start cracking the MD5's.

Once you have the admin passwords, log in as the admins and do whatever you want.

PREVENTION
To prevent this from happening, filter out the attribute "onFocus" loosely. If you're extremely paranoid, disable HTML in signatures altogether.

DISCLAIMER
You are responsible for your own actions.

ref: hellboundhackers.org

0 comments

ARP Poisoning

This article is meant to teach how ARP works and how one can go about poisoning the ARP cache and enable them to completely sniff traffic over a switched network. This article assumes that you already have access to a switched network. ARP Poisoning is a way of tricking computers over a switched network to send traffic through you before going to other computers or out to the internet.

Introduction
This article is meant to teach how ARP works and how one can go about poisoning the ARP cache and enable them to completely sniff traffic over a switched network. This article assumes that you already have access to a switched network. ARP Poisoning is a way of tricking computers over a switched network to send traffic through you before going to other computers or out to the internet.

ARP
Address Resolution Protocol (ARP) is a dynamic protocol to map a 32bit IP Address to a 48bit physical hardware address (MAC Address). If one system over a network wants to communicate with another system over a network, it will first check if it already knows that systems MAC Address and if not it will send out an ARP broadcast which will look for the hardware address of the destination system. There are four types of ARP messages but the main two are ARP Request and ARP Reply. When a system starts broadcasting an ARP Message it sends out an ARP Request. An ARP Request is a message sent to the broadcast address, the message contains the sender’s IP Address and MAC Address and requests the MAC Address of the given IP, and then it waits for an ARP Reply. An ARP Reply replies to the ARP Request and tells the computer sending the ARP Request what its MAC Address is.
The ARP Cache is a temporary storage place that holds a table with MAC Address’s and IP Address’s. If a computer wants to talk to another computer and it doesn’t already have its MAC address stored it will send an ARP Request. If the Computer that is sending the ARP Reply does not have the requesting computers MAC Address it as well will save it to cache. So now both computers have the MAC Address. A system cannot communicate with another until it has its MAC Address.
ARP is a stateless protocol with no authentication built in so any ARP Reply, whether there was a request or not will update the ARP Cache on a computer. All systems will accept an ARP Reply regardless if there was an ARP Request sent.

The Switch
Media Access Control (MAC) is a standard addressing system for all Ethernet devices. Most networks use switching devices and in a switched network packets are only sent to the port they are destined to according to their destination MAC Address. Switches maintain a table that associates MAC Address’s with certain ports. A switch constructs a route table by extracting the source MAC Address from the Ethernet frame of each packet processed. If any entry in the route table does not exist the switch will forward the packet out all of its ports.

Within a switched network packets are only sent to the destination device making it, so other devices cannot see the traffic.

Poisoning
There are a few tricks to manipulating a network to send traffic through you before sending it to the packets to the destination device. One of these methods is referred to as ARP Poisoning and it is when you send a customized ARP Reply to different computers across the network tricking their computers into updating their ARP cache with new MAC Address’s (Your MAC Address). So now each time computer1 wants to send a message to computer2 it gets the MAC address of computer2’s IP and sends the message to that MAC address. But if that MAC address is changed to your MAC address, by poisoning the ARP Cache the message will be sent to you instead. After packets are sent to you, you must forward the packets to the computer it was meant to go in the first place or DoS will be caused and the hosts will not be able to communicate anymore. Another factor that you must weigh in are timeouts, if there is no traffic over the network, after a timeout period the ARP cache of the computers across a network will be flushed out and you will need to send another constructed ARP reply to the hosts so that traffic is once again forwarded to you. One way to fix this is to automatically send ARP Replies every 10 seconds or so to the hosts that you want to poison.

Sniffing
Sniffing is the act of capturing packets that aren’t necessarily meant for public viewings. When you sniff packets across a network you can come across many interesting things such as emails, instant messages, and even passwords to email accounts and ftp accounts and many other types of passwords which in my experience are more often than not, left unencrypted. There are many tools out there that will automatically scan packets for username and password info. You can also see what websites the person is going to.

Wireless
If an access point is connected directly to a hub or a switch than it leaves the entire wireless network open to ARP Poisoning. Wireless internet is becoming more and more used and it is hard to be anywhere that does not have a wireless access point, especially in well populated areas. This leaves a huge security risk to most networks because in theory someone with a laptop could go into the lobby of a business and get on their network by cracking their WEP key or just simply connecting if they don’t even have WEP. The attacker would then just need to poison the ARP Cache of the different computers across the network and then forward all traffic through you. You would get their passwords and usernames, the websites they go to and anything else that you feel would be fun to look at.

ref: hellboundhackers.org

0 comments

November 29, 2007

Secure your apache server from given info to hackers

By default, most pre-packaged apache installations come with full information leakage, so if you telnet to port 80 on your webserver you can check, just type in the GET / HTTP/1.1 line, then hit enter twice

#telnet localhost 80
Trying 127.0.0.1…
Connected to localhost.localdomain.
Escape character is ‘^]’.
GET / HTTP/1.1

HTTP/1.1 400 Bad Request
Date: Fri, 30 Mar 2007 09:59:37 GMT
Server: Apache/2.0.54 (Debian GNU/Linux) PHP/4.3.10-18
Content-Length: 337
Connection: close
Content-Type: text/html; charset=iso-8859-1
Here we see the Apache version, the distro, and the php version. If you had any extra apache modules installed, it would also show them as well as their versions. We can easily fix this by modifying the config file which will be distribution dependent. On Debian/Ubuntu its /etc/apache2/apache2.conf,We will need to modify the ServerSignature and ServerTokens lines, if you don’t have them, add them in. Here’s what they should be set to

ServerSignature Off
ServerTokens Prod
Now you need to Secure PHP version information

By default when php serves a page your header will show

X-Powered-By: PHP/4.X.X
You need to modify the php.ini and set the expose_php variable to Off. For Debian/Ubuntu, the file is /etc/php4/apache2/php.ini (If you are using php5 you need to edit this file /etc/php4/apache2/php.ini) . This will remove the X-Powered-By line.

expose_php = Off
Another problem in php could be display_errors, you want this turned off for a production web site because it might provide file paths or other informaiton.

display_errors = Off
Now you need to restart the apache web server using the following command

#/etc/init.d/apache2 restart
Test your Apache server

telnet to port 80 on your webserver just type in the GET / HTTP/1.1 line, then hit enter twice

# telnet localhost 80
Trying 127.0.0.1…
Connected to localhost.localdomain.
Escape character is ‘^]’.
GET / HTTP/1.1

HTTP/1.1 400 Bad Request
Date: Fri, 30 Mar 2007 09:59:37 GMT
Server: Apache
Content-Length: 337
Connection: close
Content-Type: text/html; charset=iso-8859-1
Now you can see in the above information you don’t find any apache version details,Distro and php version details.

0 comments

November 21, 2007

Stop SPAM Using Postfix Configuration

I assume you have a fully working mail server using Postfix. There are a lot of docs and howto to configure postfix as your mail server.

Open /etc/postfix/main.cf and place the following lines in it (replacing the respective settings if they exist):

vi /etc/postfix/main.cf

smtpd_recipient_restrictions =
 permit_mynetworks,
 permit_sasl_authenticated,
 reject_unauth_destination,
 reject_invalid_hostname,
 reject_non_fqdn_hostname,
 reject_non_fqdn_sender,
 reject_non_fqdn_recipient,
 reject_unknown_sender_domain,
 reject_unknown_recipient_domain,
 reject_unauth_pipelining,
 permit_mynetworks,
 reject_rbl_client zen.spamhaus.org,
 reject_rbl_client multi.uribl.com,
 reject_rbl_client dsn.rfc-ignorant.org,
 reject_rbl_client sbl-xbl.spamhaus.org,
 reject_rbl_client bl.spamcop.net,
 reject_rbl_client dnsbl.sorbs.net,
 reject_rbl_client ix.dnsbl.manitu.net,
 reject_rbl_client combined.rbl.msrbl.net,
 reject_rbl_client rabl.nuclearelephant.com,
 reject_rbl_client list.dsbl.org,
 reject_rbl_client sbl.spamhaus.org,
 reject_rbl_client cbl.abuseat.org,
 reject_rbl_client dul.dnsbl.sorbs.net,
 reject_rbl_client multihop.dsbl.org,
 reject_rbl_client unconfirmed.dsbl.org
 reject_rbl_client relays.ordb.org,
 permit

This just tell Postfix to check those website if it is listed on their spam database before sending out to the users.

Anti-spam blacklist
disable_vrfy_command = yes
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_sender_restrictions = reject_unknown_address
smtpd_helo_restrictions =
 permit_mynetworks,
 reject_non_fqdn_hostname,
 reject_invalid_hostname,
 permit
strict_rfc821_envelopes = yes
invalid_hostname_reject_code = 554
multi_recipient_bounce_reject_code = 554
non_fqdn_reject_code = 554
relay_domains_reject_code =554
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_relay_recipient_reject_code = 554
unknown_virtual_alias_reject_code = 554
unknown_virtual_mailbox_reject_code = 554
unverified_recipient_reject_code = 554
unverified_sender_reject_code = 554
Also force Postfix to limit incoming or receiving email rate to avoid spam.
smtpd_error_sleep_time = 1s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20
Just put this in your main.cf and restart Postfix. I have 250+ users and this configuration block over 1500+ spam emails a day.

0 comments

10 reasons websites get hacked

Below you will find list of top 10 web vulnerabilities classified by OWASP, here is also description of the problem and some examples.

I will just give you the list in case you missed it before, i will not comment on any of these as there is already hot discussion about this matter on several sites/forums.

So here it starts:
1. Cross site scripting (XSS)
The problem: The “most prevalent and pernicious” Web application security vulnerability, XSS flaws happen when an application sends user data to a Web browser without first validating or encoding the content. This lets hackers execute malicious scripts in a browser, letting them hijack user sessions, deface Web sites, insert hostile content and conduct phishing and malware attacks.
Attacks are usually executed with JavaScript, letting hackers manipulate any aspect of a page. In a worst-case scenario, a hacker could steal information and impersonate a user on a bank’s Web site, according to Snyder.
Real-world example: PayPal was targeted last year when attackers redirected PayPal visitors to a page warning users their accounts had been compromised. Victims were redirected to a phishing site and prompted to enter PayPal login information, Social Security numbers and credit card details. PayPal said it closed the vulnerability in June 2006.
How to protect users: Use a whitelist to validate all incoming data, which rejects any data that’s not specified on the whitelist as being good. This approach is the opposite of blacklisting, which rejects only inputs known to be bad. Additionally, use appropriate encoding of all output data. “Validation allows the detection of attacks, and encoding prevents any successful script injection from running in the browser,” OWASP says.

2. Injection flaws
The problem: When user-supplied data is sent to interpreters as part of a command or query, hackers trick the interpreter — which interprets text-based commands — into executing unintended commands. “Injection flaws allow attackers to create, read, update, or delete any arbitrary data available to the application,” OWASP writes. “In the worst-case scenario, these flaws allow an attacker to completely compromise the application and the underlying systems, even bypassing deeply nested firewalled environments.”
Real-world example: Russian hackers broke into a Rhode Island government Web site to steal credit card data in January 2006. Hackers claimed the SQL injection attack stole 53,000 credit card numbers, while the hosting service provider claims it was only 4,113.
How to protect users: Avoid using interpreters if possible. “If you must invoke an interpreter, the key method to avoid injections is the use of safe APIs, such as strongly typed parameterized queries and object relational mapping libraries,” OWASP writes.

3. Malicious file execution
The problem: Hackers can perform remote code execution, remote installation of rootkits, or completely compromise a system. Any type of Web application is vulnerable if it accepts filenames or files from users. The vulnerability may be most common with PHP, a widely used scripting language for Web development.
Real-world example: A teenage programmer discovered in 2002 that Guess.com was vulnerable to attacks that could steal more than 200,000 customer records from the Guess database, including names, credit card numbers and expiration dates. Guess agreed to upgrade its information security the next year after being investigated by the Federal Trade Commission.
How to protect users: Don’t use input supplied by users in any filename for server-based resources, such as images and script inclusions. Set firewall rules to prevent new connections to external Web sites and internal systems.

4. Insecure direct object reference
The problem: Attackers manipulate direct object references to gain unauthorized access to other objects. It happens when URLs or form parameters contain references to objects such as files, directories, database records or keys.
Banking Web sites commonly use a customer account number as the primary key, and may expose account numbers in the Web interface.
“References to database keys are frequently exposed,” OWASP writes. “An attacker can attack these parameters simply by guessing or searching for another valid key. Often, these are sequential in nature.”
Real-world example: An Australian Taxation Office site was hacked in 2000 by a user who changed a tax ID present in a URL to access details on 17,000 companies. The hacker e-mailed the 17,000 businesses to notify them of the security breach.
How to protect users: Use an index, indirect reference map or another indirect method to avoid exposure of direct object references. If you can’t avoid direct references, authorize Web site visitors before using them.

5. Cross site request forgery
The problem: “Simple and devastating,” this attack takes control of victim’s browser when it is logged onto a Web site, and sends malicious requests to the Web application. Web sites are extremely vulnerable, partly because they tend to authorize requests based on session cookies or “remember me” functionality. Banks are potential targets.
“Ninety-nine percent of the applications on the Internet are susceptible to cross site request forgery,” Williams says. “Has there been an actual exploit where someone’s lost money? Probably the banks don’t even know. To the bank, all it looks like is a legitimate transaction from a logged-in user.”
Real-world example: A hacker known as Samy gained more than a million “friends” on MySpace.com with a worm in late 2005, automatically including the message “Samy is my hero” in thousands of MySpace pages. The attack itself may not have been that harmful, but it was said to demonstrate the power of combining cross site scripting with cross site request forgery. Another example that came to light one year ago exposed a Google vulnerability allowing outside sites to change a Google user’s language preferences.
How to protect users: Don’t rely on credentials or tokens automatically submitted by browsers. “The only solution is to use a custom token that the browser will not ‘remember,’” OWASP writes.

6. Information leakage and improper error handling
The problem: Error messages that applications generate and display to users are useful to hackers when they violate privacy or unintentionally leak information about the program’s configuration and internal workings.
“Web applications will often leak information about their internal state through detailed or debug error messages. Often, this information can be leveraged to launch or even automate more powerful attacks,” OWASP says.
Real-world example: Information leakage goes well beyond error handling, applying also to breaches occurring when confidential data is left in plain sight. The ChoicePoint debacle in early 2005 thus falls somewhere in this category. The records of 163,000 consumers were compromised after criminals pretending to be legitimate ChoicePoint customers sought details about individuals listed in the company’s database of personal information. ChoicePoint subsequently limited its sales of information products containing sensitive data.
How to protect users: Use a testing tool such as OWASP’S WebScarab Project to see what errors your application generates. “Applications that have not been tested in this way will almost certainly generate unexpected error output,” OWASP writes.

7. Broken authentication and session management
The problem: User and administrative accounts can be hijacked when applications fail to protect credentials and session tokens from beginning to end. Watch out for privacy violations and the undermining of authorization and accountability controls.
“Flaws in the main authentication mechanism are not uncommon, but weaknesses are more often introduced through ancillary authentication functions such as logout, password management, timeout, remember me, secret question and account update,” OWASP writes.
Real-world example: Microsoft had to eliminate a vulnerability in Hotmail that could have let malicious JavaScript programmers steal user passwords in 2002. Revealed by a networking products reseller, the flaw was vulnerable to e-mails containing Trojans that altered the Hotmail user interface, forcing users to repeatedly reenter their passwords and unwittingly send them to hackers.
How to protect users: Communication and credential storage has to be secure. The SSL protocol for transmitting private documents should be the only option for authenticated parts of the application, and credentials should be stored in hashed or encrypted form.
Another tip: get rid of custom cookies used for authentication or session management.

8. Insecure cryptographic storage
The problem: Many Web developers fail to encrypt sensitive data in storage, even though cryptography is a key part of most Web applications. Even when encryption is present, it’s often poorly designed, using inappropriate ciphers.
“These flaws can lead to disclosure of sensitive data and compliance violations,” OWASP writes.
Real-world example: The TJX data breach that exposed 45.7 million credit and debit card numbers. A Canadian government investigation faulted TJX for failing to upgrade its data encryption system before it was targeted by electronic eavesdropping starting in July 2005.
How to protect users: Don’t invent your own cryptographic algorithms. “Only use approved public algorithms such as AES, RSA public key cryptography, and SHA-256 or better for hashing,” OWASP advises.
Furthermore, generate keys offline, and never transmit private keys over insecure channels.

9. Insecure communications
The problem: Similar to No. 8, this is a failure to encrypt network traffic when it’s necessary to protect sensitive communications. Attackers can access unprotected conversations, including transmissions of credentials and sensitive information. For this reason, PCI standards require encryption of credit card information transmitted over the Internet.
Real-world example: TJX again. Investigators believe hackers used a telescope-shaped antenna and laptop computer to steal data exchanged wirelessly between portable price-checking devices, cash registers and store computers, the Wall Street Journal reported.
“The $17.4-billion retailer's wireless network had less security than many people have on their home networks,” the Journal wrote. TJX was using the WEP encoding system, rather than the more robust WPA.
How to protect users: Use SSL on any authenticated connection or during the transmission of sensitive data, such as user credentials, credit card details, health records and other private information. SSL or a similar encryption protocol should also be applied to client, partner, staff and administrative access to online systems. Use transport layer security or protocol level encryption to protect communications between parts of your infrastructure, such as Web servers and database systems.

10. Failure to restrict URL access
The problem: Some Web pages are supposed to be restricted to a small subset of privileged users, such as administrators. Yet often there’s no real protection of these pages, and hackers can find the URLs by making educated guesses. Say a URL refers to an ID number such as “123456.” A hacker might say ‘I wonder what’s in 123457?’ Williams says.
The attacks targeting this vulnerability are called forced browsing, “which encompasses guessing links and brute force techniques to find unprotected pages,” OWASP says.
Real-world example: A hole on the Macworld Conference & Expo Web site this year let users get “Platinum” passes worth nearly $1,700 and special access to a Steve Jobs keynote speech, all for free. The flaw was code that evaluated privileges on the client but not on the server, letting people grab free passes via JavaScript on the browser, rather than the server.

How to protect users: Don’t assume users will be unaware of hidden URLs. All URLs and business functions should be protected by an effective access control mechanism that verifies the user’s role and privileges. “Make sure this is done … every step of the way, not just once towards the beginning of any multi-step process,’ OWASP advises.


Comments and introduction to Top-10 list can be found on following:
The Open Web Application Security Project 
Network World
Info World 
Computer World

0 comments

April 12, 2007

DNS Extract Zones

Let's just say I'm curious what is in the records of someones DNS server.

First I need the IP address using the host command.


Why www.dost.gov.ph? Because they are the Department of Science and Technology.

Second step. Go to dnsstuff.com and look for DNS Report. Enter the domain www.dost.gov.ph and click DNS Report button.
Now you will get the report. What I want is the IP of the DNS Server this domain name is registered.

So I have the IP of the nameservers.
Next step, use the dig command to view the zone records.
Try the first IP:
This means that the server deny zone transfer.
Now the second IP prints the zone records of the domain.
What's the use of this? You have information!

"How to do it on Google"
Software: WS-DNS-BFX

What does it do?
This program was written to extract valid hosts of a domain that deny zone transfers.
The program supports:

  • IPv4 => IP Address of 32 bits.
  • IPv6 => IP Address of 128 bits.
  • Multi Thread => Make several resolutions at “the same time”.
  • EMA => Extract more than 1 IP in servers with HA, Network Load Balance, etc, (like: www.yahoo.com, www.microsoft.com).
How do I compile it?
To compile it, do:
gcc -o WS-DNS-BFX WS-DNS-BFX.c -lpthread -D_REENTRANT -D_THREAD_SAFE

To best performance do:
gcc -o WS-DNS-BFX WS-DNS-BFX.c -lpthread -D_REENTRANT -D_THREAD_SAFE -O3

If u don’t have a compiler (gcc), libs, etc, i added at the .tgz file this program compiled static, called “WS-DNS-BFX-Static”.

How do I use it?
It is easy to use this program. Supose that you want extract valid hosts from
“yahoo.com”, using dict-file.txt (Brute Force File) and open 4 threads,
to do it the command is:

root@Debian:/tmp/WS-DNS# ./WS-DNS-BFX yahoo.com dict-file.txt 4
Progress ..............................
When it finish, will be generated a file called “hosts-yahoo.com.txt” with the extracted hosts.

You can download it here: DNS Brute Force eXtract

0 comments

March 14, 2007

And let the password be unmask!!!

If you ever come across a page like below, then this is for you!

You might have heard about Sandboy's Revelation who unmask password fields like this!
But Revelation works with only windows based application and fails with Firefox! Once again thanks to open-source for Firefox!

Now lets do it in Geekish way so it will work with all kinda browsers and of course independent of platform!

Here comes javascript which is tested on Firefox & IE!



Just copy above code and paste it in ur browsers address bar (navigation bar or url bar).


They press enter and you will see a prompt like this!Of course your password may be different!

There is one more similar script! This will change HTMLs <input> tags "type" attribute from "password" to "text"!



On hitting enter you will see a prompt, just ignore it and look at screen... The password field will be unmasked any now and look like this!The above script may fail on hotmail when opened in firefox! But don't worry.

Try following code in the same way! This does not work with antique IE 6.0 and with release of firefox 2.0, I did not bothered to give IE 7.0 a try!

This will again prompt password like above!



And this will unmask password filed like above!



Above scripts successfully tested on gmail, yahoo, hotmail, rediff login pages! In fireox you can also right-click on any frame and can open that frame separately in different window or tab and then can use any of above script!

Also any password field can be unmasked using DOM Inspector in firefox! Please don't make false assumption that firefox is insecure! There is a feature called "master password" in firefox! That will protect your passwords against all javascript, DOM Inspectors, etc!

Enjoy!!!


0 comments

Another .gov.ph Defacements

Very cool hack. This site is Mambo based. I've seen a lot or should I say soooo many Mambo site that got hacked. So I advised, migrate to Joomla! :)

0 comments

February 13, 2007

Hacking with Javascript

This hack simply make the images of the website to rover the page. This is how it's done.
1.) Go to any website with images like http://www.microsoft.com
2.) Now you're in the home page, delete the URL in the address bar of your browser and replace it with this script: javascript:R=0; x1=.1; y1=.05; x2=.25; y2=.24; x3=1.6; y3=.24; x4=300; y4=200; x5=300; y5=200; DI=document.images; DIL=DI.length; function A(){for(i=0; i-DIL; i++){DIS=DI[ i ].style; DIS.position='absolute '; DIS.left=Math.sin(R*x1+i*x2+x3)*x4+x5; DIS.top=Math.cos(R*y1+i*y2+y3)*y4+y5}R++}setInterval('A()',5); void(0);
3.) And of course, press enter.
4.) Thadah!!!

Is that Google in the URL bar? Did I really owned google? This is how it's done:
1.) Go to http://www.google.com
2.) Delete and replace the url with this script: javascript:document.write("0wn3d by chr1x2");

Simple but cool!

0 comments

February 5, 2007

Another .gov.ph Defacements

Energy Regulatory Commission
http://www.erc.gov.ph/sina.html
National Power Corporation
http://www.napocor.gov.ph/webnpc/main.htm

0 comments

Subscribe to: Posts (Atom)