Reaper-X » Hacking

Matt Cutts Blog got hacked ? Fact or Fiction ?

Reaper-X — Sun, 01 Apr 2007 09:11:58 +0000

Well .. It seems that i can’t trust anything which is flowing around the internet for today .. even if it comes from trusted source from Apple buying Sony, Google going bankrupt, Webmasterworld placing adsense ads on them, Matt Cutts Blog got hacked, and more

But which one is giving me the truth ? about Webmasterworld placing adsense ads .. well .. if WMW truly placing adsense ads on their website .. i do not really care about it simply because i did not see those ads. So i think it’s not really a big deal for me

As for Google going bankrupt and Apple buying Sony Corporation .. hm .. everyone knows that it’s a fake. Simply because there’s no way Apple are going to buy Sony even if there’s someone says that Microsoft are going to buy Sony .. i still can not trust them .. and i’m sure you already knew the reason

Now what about Matt Cutts Blog got hacked by Black Hat SEO team ? it’s really hard to tell the differences if it were true or not. But in my own opinion, the Matt Cutts blog are hacked. Because every page of matt cutts blog are showing the same defaced message from the Black hat seo team. Even someone at Webmasterworld are saying the same thing

Screenshot :

Beside if it were true if Matt are playing april fools, i’m pretty sure that he doesnt want to leave link to the black hat seo team (or he’s using the nofollow tag on the link) .. and so the conclusion is Matt cutts blog got hacked

Well .. i do not know what is the actual problem is, but if it’s not an April Fools and Matt already back and i’m interested on reading his post about this hacking for sure

0x87485B96 | Tags : Hackers, Hacking, Internet, Opinion, Personal

Emails from Website Welcome

Reaper-X — Sat, 17 Feb 2007 18:05:54 +0000

I just read this from the Hostgator announcements forums (link). And what makes it interesting is that because i’ve never seen a phishing (can be considered a hacking attempt) like this before. Because the attached file in that email message is a shell script. And of course if there’s someone able upload a shell script into your webhosting account .. you can be sure, your server / your website will get defaced within short time or .. they’ll delete everything in your webhosting account and i’m sure you don’t want that to happen, right ?

So if you get the same email message like below, just ignore it ;)

———- Forwarded message ———-
From: Website Welcome Inc.
Date: Feb 13, 2007 5:56 AM
Subject: Hosting Regular Security Maintenance
To:

Dear Website Welcome Inc. valued Members

Regarding our new security regulations, as a part of our yearly maintenance
we have provided a security guard script in the attachment.

So, to secure your websites, please use the attached file and (for
UNIX/Linux Based servers) upload the file “webguard.php” in: “./public_html”
or (for Windows Based servers) in: “./wwwroot” in your site.

If you do not know how to use it, you can use the following instruction:

For Unix/Linux or Windows based websites that use PHP/CGI/PERL/ASP:
1) Download the attachment named “webguard.php”
2) Login to your site Control panel.
3) Open “File Manager” window.
4) Go through “Public_html” or “htdocs” (for UNIX/Linux Based servers), but
for Windows Based server, please Go through “wwwroot” directory.
5) Choose “Upload Files”
6) Upload the file “webguard.php”
7) Check its URL too “yoursite.com/webguard.php”, if it is ok

Thank you for using our services and products. We look forward to providing
you with a unique and high quality service.

Best Regards

Website Welcome Inc.

websitewelcome.com

0x87485B96 | Tags : Hacking, Network and Security, Personal, Web Servers, Website

Ah … Site Journal …

Reaper-X — Tue, 23 Jan 2007 02:13:09 +0000

Well .. this is probably my first time posting stuff like this and probably there wont be something like this again in the future (because it’s not a good idea to post something like this, but we’ll see about that later) .. for the past few months i’ve been noticing there’s a person who is interested to this small site, unfortunately he / she is not interested on reading this site content but he / she just want to hack this small site (don’t know why)

The latest attempt is from 89.149.194.121 which return to a webhosting company in Germany. And he is trying to attempt the famous sql injection attack that is exist on several wordpress version

Another latest attempt is from 81.24.26.114 which return to a Romanian ISP (maybe, but i didn’t check it any further). And this person is attempting a file inclusion attack, and another attempt like this is coming from 172.176.155.227 (AOL) , 85.104.40.203 (Turkey) , 81.214.169.40 (Turkey)

And another one is from 82.165.43.3 (Germany) .. and this time he’s trying to exploit vulnerabilities in AWStats

As for the last one is from 81.25.45.48 (Belarus) .. and he is trying to do some directory traversal stuff

And now .. i’ve been thinking .. why there’s anyone who’s interested on doing such stuff to a small site ? and not doing it to a big website such as Microsoft, Yahoo, Google, CNN, etc ?

0x87485B96 | Tags : Hacking, Journal, Personal, Website

Mozilla Firefox, PDF Files and XSS

Reaper-X — Thu, 04 Jan 2007 14:34:35 +0000

I read about this yesterday on BugTraq and within just one day i read another interesting news from Symantec (i found it via techmeme) regarding this new xss issue with pdf files

And what makes this interesting, because this problem only occur at Mozilla Firefox browser (with Adobe Reader 7 and below), and Internet Explorer 6 and 7 isn’t affected by this vulnerability issue as noted by Symantec :

This problem appears to be limited to the Firefox browser, which has a relatively large user base.

Although some other people are getting different results (look at the comments), and if it’s for me .. i already tried this with Firefox 2.0.0.1 installed on Windows XP SP1 .. and i don’t find any problem with it .. and that’s because i already disabled the PDF / Adobe Reader Plugin for Firefox browser since a long time ago because of another reason (actually i don’t really like opening files directly from the web especially PDF because it can cause a big slowdown to my system)

As a note, if you’re using Firefox you might try reading the Symantec weblog about this issue to find the quick fix for this problem

0x87485B96 | Tags : Browsers, Computer Security, Hacking, Internet, Mozilla, Network and Security

Wordpress 2.0.5 Site got hacked using c99shell ?

Reaper-X — Fri, 03 Nov 2006 09:59:40 +0000

There’s an interesting talks right now (at least for me) on wp-testers mailing list about wordpress 2.0.5 site got hacked using c99shell, and what makes me curious about it .. is it really wordpress fault or is it caused by plugins used on his wordpress site ? i’m really sure that this hack caused by some vulnerable plugins used or maybe because the person itself is running vulnerable CMS / Forum software on his site. Btw i’ve tried searching various site about this stuff but the only thing i could find is some unspecified wordpress vulnerability that’s already fixed on 2.0.5 release.

Some people also say to use modsecurity for those who use a dedicated box but if you’re on shared host like me, you can ask your webhost about it. I don’t know if my webhost already using modsecurity for the shared hosting account or not, but one thing for sure is .. i already test on my site, and it returns the 406 HTTP Header (most 406 http header caused by modsecurity) if i try to do something funny. Anyway i hope this problem is not caused by Wordpress itself.

0x87485B96 | Tags : Blogging, General Blogging, Hacking, Internet, Personal, Website, Wordpress

Renowned Hacker Kevin Poulsen helps nab MySpace Predator

Reaper-X — Thu, 19 Oct 2006 12:36:19 +0000

One of the well known hacker called Kevin Poulsen at the 90 era (beside he’s my idol too .. lol) helps police get MySpace sexual predator who’s looking for victims through the popular social networking site MySpace. By using his perl scripts Kevin Poulsen was able to get the sexual predator information and so on. And while his automated Perl script resulted in a large number of false positives, he was still able to find 744 confirmed sex offenders with MySpace profiles after examining just one third of the data

The search ultimately resulted in one arrest, of repeat sex offender Andrew Lubrano in New York. Like many sex offenders, Lubrano registered his MySpace account using his real name.

“My search left me less convinced that targeting past offenders would be an effective way for MySpace to find current or future predators.” Poulsen wrote on Wired News. “By its nature, a search like mine is only going to produce people who use their real names and addresses, and who are perhaps the least likely of the offenders to be up to no good.”

Read the full story here

0x87485B96 | Tags : Blogging, General Blogging, Hacking, Internet

The best hackers on earth ?

Twinsen Little Big Adventure 2 Memory Address

Reaper-X — Tue, 03 Oct 2006 12:16:21 +0000

Aah .. after playing with Twinsen’s Little Big Adventure 2, i’ve found it’s memory address especially the most important for me .. that’s infinite health, money and so on :P… by the way here’s the code (updated) :

Note : i’m using ~~DOSBox 0.65~~ a new downloaded DOSBOX CVS 29 September 2006 YKHWong Build to play Twinsen 2 game so the address will be different if you’re not using it. By the way if you’re using different output renderer the memory address can be different too, so if you want the easy way .. just adjust your Output Renderer into OpenGL

Money :
~~0407DE20~~ 0424DE20 – Integer 2 Bytes – With just 999 you can buy almost everything (if you need more just add some more, because i’m still at the very beginning of this Twinsen Game)
Zeelich Planet Money :
0424DE24 – Same as above / earth money code
Health :
~~0407DF52~~ 0424DF52 – Integer 1 Byte – Maximum 255
Magic Power :
~~0407DE29~~ 0424DE29 – Integer 1 Byte – At the beginning Maximum value is 20
Magic Power Level :
0424DE28 – Integer 1 Byte – Maximum value is 4
Number of Life :
~~0407DE12~~ 0424DE12 – Integer 1 Byte – At the beginning Maximum value is 2
Maximum Life Value :
042336CE – Integer 1 Byte – Adjust it as you like it
Infinite Darts :
0424DC20 – Integer 1 Byte – Well with just 3 darts you can use it as you like it
Infinite Mecha Penguin :
0424DC38 – Integer 1 Byte – Same as above
Infinite Horn of Blue Triton usage :
0426E82A – Integer 1 Byte – Maximum value is 100

And here’s another code because i get stuck at some part especially puzzle within this game, so i have to create this code to make bypassing that puzzle easier :

Twinsen’s 2 Wizard Test – The Blowgun Test :
0424DBCE – Just change the value of this address into 1, and the target got stopped other than that you can shoot it from anywhere (for example shoot it directly from the from of the target)

Yep that’s all for now, maybe if later i’ll add more codes if necessary while playing through this Twinsen’s 2 game

0x87485B96 | Tags : Hacking, Misc. Games, Tutorials, Video Games

Princess Maker 2 Memory Address

Reaper-X — Sun, 01 Oct 2006 12:38:53 +0000

Here’s another codes i created during my previous one week without using the internet, and yes this is the same memory address like my previous Twinsen’s Little Big Adventure code. But this time, it’s for Princess Maker 2 game running in DOSBox 0.65 Stable (using other version will require you to search the new address) .. btw here’s the codes :

Note: everything is in Integer 2 Bytes except for Money Codes which is using 4 Bytes Integer, as for the value you can guess it easily so i don’t need to put it here

Misc Code :

Money : 03DFB4AA

In Battle Codes :

MP – In Battle : 03DFB576
HP – In Battle : 03DFB574
Morale – In Battle : 03DFB578

Status Modifier Codes :

Constitution : 03DFB43C
Strength : 03DFB43E
Intelligence : 03DFB440
Refinement : 03DFB442
Charisma : 03DFB444
Morality : 03DFB446
Faith : 03DFB448
Sin : 03DFB44A
Sensitifity : 03DFB44C
Stress level : 03DFB44E
Fighter Reputation : 03DFB450
Magical Reputation : 03DFB452
Social Reputation : 03DFB454
Housework Reputation : 03DFB456
Combat Skill : 03DFB458
Combat Attack : 03DFB45A
Combat Defense : 03DFB45C
Magical Skill : 03DFB45E
Magical Attack : 03DFB460
Magical Defense : 03DFB462
Decorum : 03DFB464
Art : 03DFB466
Conversation : 03DFB468
Cooking : 03DFB46A
Cleaning : 03DFB46C
Temperament : 03DFB46E

Hopefully it can be usefull for those who like to play Princess Maker 2 game, and like to cheat in it (like me) :P

as a side note, use OpenGL as the output renderer if you’re going to use DosBox 0.65 or you’ll need to search new memory address just as i said in my post about Twinsen’s Little Big Adventure 2 Hack

0x87485B96 | Tags : Hacking, Journal, Misc. Games, Tutorials

Twinsen Little Big Adventure Memory Address

Reaper-X — Sat, 30 Sep 2006 17:21:49 +0000

Finally after waiting for about a week, i can use my internet connection once again .. and since i don’t have anything to do while waiting for my internet connection .. i was playing an old dos game called Twinsen’s Little Big Adventure or you can also say Twinsen 1 using DOSBox, and i think this game is too difficult to be played under normal circumstances (i think i’m the one that suck at playing game) :P .. and after playing this game without cheating i decided to mess around with the game instead of keep trying playing this game without cheating .. and just in case you need it i’m going to put the memory address used in Twinsen’s Little Big Adventure game, so you can get infinite health. Unfortunately since i was playing this game using DOSBox Stable 0.65, and if you try to use the memory address listed here on another DOSBox version, it’s not going to work (i’ve tried this on DOSBox CVS YKHWong build 18 September 2006) .. and in the other words, you’ll have to search for the new address again (if you just want the easy way just use DOSBox Stable 0.65) … by the way here’s the memory address used by Twinsen’s 1 game that i found :

Note: everything in this game is using Integer 2 Bytes and every value i said is in Decimal not Hexadecimal

Health : 03F6A5C8 – Maximum value 50
Magic Power : 03F5C3D2 – Maximum value 80 at Level 4 Magic Power
Magic Power Level : 03F5C3D0 – Maximum value 4
Current Life : 03F5C3DA – Maximum value 4 (as far as i know when i finished this game and don’t forget to use the Max Life Level code too)
Max Life Level – 03F5C3DC – Maximum value 4
Money – 03F5C3D4 – I’m setting this value only 999 and it can buy anything in this game

Also there’s some other code, actually this code only work at certain part of the game (in this case it was the Temple at the Desert) .. and since i can’t solve the puzzle to get past this level, i choose to create this code to make thing easier for me :P

Note: turn off the code immediately after you’ve already pass the gate

Desert Temple Door 1 :
03F6B09D – Value 3584
03F6B0F6 – Value 1550
Desert Temple Door 2 (before exiting the Desert Temple Level) :
03F6AFA5 – Value 56320
03F6AFFE – Value 1500
03F6DE55 – Value 256
03F6DE56 – Value 1

Yep .. that’s all, hopefully those code can be usefull for you ;)

0x87485B96 | Tags : Hacking, Journal, Misc. Games, Tutorials, Windows