DES ENCRYPTION IMPLEMENTATION IN C++ WITH TRACE

DES Encryption Implementation IN C++ with Trace

Core Features

  • Encrypt a specified 64-bit (16 hex digit) data value with a 64-bit (16 hex digit) key using DES.
  • Show Trace

Trace

    • plain text and key in binary format
    • subkeys generation process (subkeys in binary and hex format)
    • DES encryption process
      • value after IP permutation
      • value after each iteration
      • value after IP-1 permutation

Please view the output-example.txt for more information about the output.

Usage

g++ des.cpp -o des  
./des

XSS Vulnerabilities on Joomla v3.3.3

Sent a report to the joomla! strike tream but have never received a response.
Seems like the vuln is not critical.
To trigger these xss(es) vuln you will need access to the administrative panel. Since the vuln(s) are basically the same but are in different parameters I’ll be showing an example to just one.
1) Go to the Global Configuration page:
http://localhost/joomla/administrator/index.php?option=com_config
2) Type in the following payload in “Site Name”

" onclick=alert(1) test="

3) Save
4)  On the admin page, if you click on the site logo or the site name, or on your main public page when you click on the site name, javascript will be executed.

<header class="header">
		<div class="container-logo">
			<img src="/joomla/administrator/templates/isis/images/logo.png" class="logo" alt="" onclick="alert(1)" test="">
	<span class="site-title" title="" onclick="alert(1)" test="">" onclick=alert(1) test="</span> 
		</div>
<a class="brand pull-left" href="/joomla">
						<span class="site-title" title="" onclick="alert(1)" test="">" onclick=alert(1) test="</span>											</a>
					<div class="header-search pull-right">

There are many other parameters in the admin panel that is vulnerable. Another example would be the “Banner” page. Entering the exact same payload as the one above in “Alternative Text” input box will also trigger js when the banner is clicked. Web admins that allow staffs to edit banners should be aware of this vuln as this could lead to an account takeover or something more serious.
Screen Shot 2557-07-02 at 11.07.31 PM
Screen Shot 2557-07-02 at 11.10.09 PM

Screen Shot 2557-07-14 at 4.17.37 PM

Quote of the Day Geeklets for GeekTool

I was messing up with the GeekTool on Mac OSX and decided to write some bash commands to grab the quote of the day from brainyquote.com. I did a google search afterwards, sadly someone already did it. Well, here’s mine grabbing from quotebr.js instead of the actual html.
Command:

curl -s www.brainyquote.com/link/quotebr.js | sed -n '3p' | sed -e 's/br.writeln("//g' -e 's/<br>");//g'|tr '\n' ' ' && printf " -" &&curl -s www.brainyquote.com/link/quotebr.js | sed -n '4p' | grep -o  "\\\">.*" | sed -e 's/">//g' -e 's/<\/a>");//g'

Screen Shot 2557-08-11 at 4.06.00 PM

Here’s the link to the other one:
http://www.macosxtips.co.uk/geeklets/internet/brainyquote-of-the-day/

Attacking DTAC’s MMS System Via Cross Site Scripting

DTAC is the second largest GSM mobile phone provider in Thailand. It’s pretty sad that the company itself doesn’t really care much about its security.  There are multiple cross-site scripting vulnerabilities and poor authentications.  There’s one vulnerability I would like to talk about and that is the stored xss vulnerability located in the MMS system.

What can you do with this vulnerability?
You can simply send a normal MMS and wait until the victim views it. Once viewed, the malicious javascript injected will be executed. Due to the poor coding, the “login-ed” user’s phone number and password will be hidden in the html source. You can basically grab the user’s info via basic javascript like GetElementsByName. This vulnerability will basically allow you to view other people’s MMS if exploited correctly.

How to attack?
After some testings, I found out that the name of the multimedia attached in the MMS is not sanitized properly. This makes attacking via XSS possible.
Simply rename the multimedia file with the xss payload. For example, if it’s an image file rename it to
<img src=x onerror=alert(1)>. Then just send it normally just like how you would send a normal MMS. Your payload will be executed once the message is viewed.
dtacmms1 dtacmms2 Screen Shot 2014-02-01 at 8.57.02 pm
Screen Shot 2014-02-01 at 10.58.02 pmScreen Shot 2014-02-01 at 10.53.26 pm
THAI version of this article may be found here: https://www.facebook.com/groups/2600Thailand/permalink/256269531199749/