Skip to content

Use cuda-gdb on OS X Mountain Lion

Last week I was using cuda and after an hour trying to debug my code I decided to see if cuda had something similar to gdb  and I came across cuda-gdb Happy,  I opened my terminal and typed in a simple command to debug my small cuda application, unfortunately, I directly received an error message similar to this :

After a minute staring at my screen, I recalled a skype-talk with a friend telling me that  last time  created a certificate to allow cuda-gdb !  and there I was, wondering how to create a certificate. The reason for this is that the Darwin kernel do not allow gdb or cuda-gdb to debug other processes if it does not have special rights, since debugging a process might allow a hacker to take control over it.  So I used this method :

Step 1:

Open “Keychain Access”  via

Or via spotlight

Step2:

  • Click on the “Keychain Access” menu  in the left corner of your screen  :
  • Select “Certificate Assistant“.
  • Click on “Create a Certificate“.

Step 3:

  • Set the “Identity Type” to “Self Signed Root”.
  • Set “Certificate Type” to “Code Signing”.
  • Finally select “Let me override defaults”
  • Click on “Create”.

Step 4:

  • Click on “Continue” a few times until you seing the following window :

  • Change the “Keychain” to “System”.
  • Click on “Create

Step 5:

  • Find the certificate and right click on it .
  • Select “Get Info”.
  • Open the “Trust” item and modify “Code Signing” to “Always Trust”.
Close everything, and you should now be able to use cuda-gdb in your terminal without any problems.
Tagged , , ,

XSS in the iOS Facebook App

A few months ago, I found an XSS on the iOS mobile Facebook app, and contacted facebook about the flaw via their white hat page, unfortunately for me, I wasn’t eligible for anything because the flaw had already been reported (guys, even t-shirt would have been fun). Since the iOS mobile app had to be updated, I decided to wait before writing a blog post about it, but a few days ago, there it was, a new, fresh, and faster mobile app ! So here is my blog post !

How to Become a White Hat on Facebook :

Test accounts are available and can be created on the fly via the white hat page. Only those accounts should be used to test vulnerabilities on Facebook.

How to Report a Vulnerability on Facebook :

There is a dedicated page for that too. Try to include as many detail as possible on the discovered flaw, and stay clear in the explanations. ! (even if sometimes it’s difficult). If the problem as never been discovered before you might be eligible for a bounty.

To qualify for a bounty, you must:
  • Adhere to our Responsible Disclosure Policy:

    … give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research …
  • Be the first person to responsibly disclose the bug
  • Report a bug that could compromise the integrity of Facebook user data, circumvent the privacy protections of Facebook user data, or enable access to a system within Facebook’s infrastructure, such as:

    • Cross-Site Scripting (XSS)
    • Cross-Site Request Forgery (CSRF/XSRF)
    • Broken Authentication (including Facebook OAuth bugs)
    • Circumvention of our Platform/Privacy permission models
    • Remote Code Execution
    • Privilege Escalation
    • Provisioning Errors
  • Please use a test account instead of a real account when investigating bugs. When you are unable to reproduce a bug with a test account, it is acceptable to use a real account, except for automated testing. Do not interact with other accounts without the consent of their owners.
  • Reside in a country not under any current U.S. Sanctions (e.g., North Korea, Libya, Cuba, etc.)
Our security team will assess each bug to determine if it qualifies.
Rewards
  • Our minimum reward is $500 USD
  • We will increase the reward for severe or creative bugs
  • Only 1 bounty per security bug will be awarded
Exclusions
The following bugs aren’t eligible for a bounty (and we don’t recommend testing for these):
  • Security bugs in third-party applications (e.g., http://apps.facebook.com/[app_name])
  • Security bugs in third-party websites that integrate with Facebook
  • Denial of Service Vulnerabilities
  • Spam or Social Engineering techniques

So, now, let’s have a look at the XSS discovered.

An Old XSS, Step by Step :

  • You had to create a “note” via a computer

  • Once that part was done you could connect via the Facebook app on your iPhone and select that note
  • You had to click on the edit button and simply re-write your Javascript code.
  • Once Saved you could see your XSS in action

 

And that was it.

 

 

Tagged , , , ,

GCC in OSX Mountain Lion

A few days ago I reinstalled OSX Mountain Lion on my MacBook Pro, and each time I do, one of the first things I re-install is “xcode“,  because it  installs GCC  on the mac. As a programmer and ethical hacker I use mainly C, but yesterday I needed C++  so as it was my first time using C++ on my mac, i decided to use xcode and it worked fine. However this morning I had to use gcc to compile some CUDA snippet, and to do so I simply opened my terminal, and tried to use gcc as a command line tool, unfortunately it didn’t worked.

I began to investigate and after a few minutes, I found out what was the problem, and here is the solution :

 

Install GCC in OSX Mountain Lion After Having Installed xcode :

  • Open Xcode
  • Press “command” + ‘,’  to access the options
  • Click on “Download”
  • You should now see this :

  • Now simply click on “install Command Line Tool”

and in a few minutes you will be able to use gcc in your terminal.

Tagged , , , ,

Forensic : Disable Pattern Locks on Android

This morning I came across this new method to “Disable Pattern Locks on Android” and I believe that it’s an awesome news for the forensic world. From a mobile forensic point of view, the news will help forensic examiners to recover data, however the forensic examiner will have to delete files and the phone and will alter / tamper the original data, which might be a problem in front of a court. As known, the first rule in digital forensic is : “Do not alter the original data”.

To be able to perform the “hack”,  ADB will have to be installed on your computer and USB debugging  will have to be enabled on the phone. Despite this small set back, the method is working with rooted phones as wells as non-rooted phones, and this is a good news, because every users do not have a rooted phone.

  • The first step is thus to install ADB on your computer multiple tutorials can be found around the web such as these one (Install ADB),(Install ADB), etc.
  • The second step is to use one of the two methods proposed by m.sabra (The XDA forum member).

 Method 1:

  • Open your terminal / shell / command prompt and type in the following commands :

  • reboot the Android device.

 Method 2:

  • Open your terminal / shell / command prompt and type in the following commands :

This method as for effect to delete the pattern from the phone, and thus unlock the phone for you.

Have fun playing with it.

[Source]

Tagged , ,

PlainText Passwords at HMV

Today I received a mail from HMV telling me that my two years old points where going to expire, and that’s how I decided to log in on the website and spend them. Unfortunately I did not remember my password and clicked directly on the button “password reminder”.  A few minutes later, I received an e-mail containing my old password in Plain Text 

Obviously HMV does not followed the security industry’s best practices, and that scared me.  Recently, everybody has become aware of the multiple leak of passwords from multiple big companies, and how important it was to manage your passwords in the best way possible (Read my previous article on the subject  “password leaks and passwords managers“).

And this reminded me of multiple articles on the same problem, involving tesco. Read the articles here, on the register, or Troy Hunt‘s blog.  As well said in the article, written by  Jem,  usually (andfollowing  the security industry’s best practices) passwords are hashed, and a salt is added to the hash, and when you need to recover your password, you receive a new one, but at HMV it’s not the case !!

I use different passwords for every website I use, but thousands of other people do not follow this difficult rule, or do not use any password management softwares.

Hashing + Salt, is a good solution, but not unbreakable, using some rainbow tables or dictionaries  will help crackers and “hackers” to find your passwords but it’s a good start and I hope my e-mail to HMV will resolve the problem, because I’m pretty sure that HMV stores their passwords in the same “secure” way tesco did.

 

 

 

 

 

 

Tagged , , ,

Learn Software Exploitation

Since a few years I have seen many questions on forums pretty similar to that one “how to learn hacking ?“, and usually the answer is “you have to try“. Usually the answers are not very helpful nor redirect the new ethical hackers to good ressources.

To answer that question myself, I would begin with “what do you know about hacking ?” and “what is hacking for you ?“. There are many different types of “hacking”, for example : modifying an object to make it more useful, but I believe that all the hacking types have something in common, “the way hackers think”. Hacking is all about knowledge and thinking, and has one of my professor always said :

” The only limit to everything is your brain”

That said, I came across this website this morning and thought it was well organised if someone wanted to learn software exploitation. The website allows you to download virtual machines , and use the codes inside to make you learn exploitation from the beginning.  The exercises given in the multiple virtual machines are somehow “real” and will help to increase considerably your knowledge in ethical hacking.

“Welcome

exploit-exercises.com provides a variety of virtual machines, documentation and challenges that can be used to learn about a variety of computer security issues such as privilege escalation, vulnerability analysis, exploit development, debugging, reverse engineering.”

And here you go (link), have fun  and remember hacking has to be legal.

 

Flaws in The USA

Lately, I was traveling across the United States, I went from Miami to the big apple stopping here in there when there was something to visit, anyway during the trip I saw a fair amount of security issues that are well know, but I thought they would all be fixed by now, but nope ! so I decided that it would be a good idea to describe them again here. This post does not describe something new, and most of the issues have been there for ages but considering the fact that I was staying  ‘nice’ hotels, I was impressed that those flaws were still out there.

Security Issue Nº1

The first security issue I came across were the plethora of open WiFis in hotels and all over the country. As a Security aficionado and Ethical Hacker I always have a script  running to check for Man In The Middle (MITM) on the network I’m using, (basically I’m also using a VPN) but I’m a very curious person as well, and in two of the hotels I was staying I got a MITM alert. This means that twice my data could have been stolen by someone.

Security Issue Nº2

The second WiFi security issue happened in an hotel as well. To log in, the user had to enter his registration name and his corresponding room number, this was a good start, unfortunately everybody could connect to the hotspot and send the data of the form handled by a GET method.

The data sent where the following :

As you can see, the name was included in the GET method as well as the room number, the time unit requested, the total in dollars and finally, if a discount had been given to the user. I found it appalling since the software used by the hotel came from a company advertising as well for security services.

Security Issue Nº3

The third issue discovered was more based on social engineering and biometry. If you guys have ever been to Universal Studios in Orlando, and that you tried the biggest attraction of the parc (the wizzarding world  of Harry Potter) you should remember the following.

In the middle of the queue you are ask to put your bags in a locker (for safety during the ride), to open and close the locker you have to  use a finger print, and I did it as well, unfortunately for me, at the end of the ride, with the 90ºF, and the greasiness of the fingers of all the people using the biometric finger reader, I wasn’t able to open my locker.

I then asked myself how to open it, and wondered if, when asking the agent responsible for the lockers he would ask me some “security” questions such as :

  • What does the locker contains ?
  • Do you have an ID ?
  • Can you try to open the locker again ?
Unfortunately, when I told him that my locker was blocked, he just opened it for me in less than a second, without asking any questions, nor asking me for the content of the locket (mine contained my DSLR Camera, my laptop and two passeports).  Surprised by the easiness of the thing, I asked a second guard to open the same locker after closing mine again,  this time the process was a bit different, the guard asked me to try my finger again, saw that I was denied to open the locker, and finally opened it for me.
If someone from Universal Studio read this issue, please, train your personal to ask at least  the content of the locker ! This was way much too easy !

Security Issue Nº4

The last issue I found, has been covered via multiple youtube video and almost all the hotels i was staying in had that problem.

Each hotel room usually contains a SAFE   and usually  every customer is able to reset the password by pressing a key such as ‘*’ then enter a new code (4 to 6-8 digits) and press another key to lock such as ‘#’, unfortunatelly what the manual and the hotel does not tell you, is that the default code to open the safe is usually one of these :

  1. 1111
  2. 0000
  3. 1234
  4. 123456
This trick worked almost in every hotel I stayed during my trip ! Only two of them had changed the default security code.
Below an example video of the trick :

 

So, now I just have to hope that next time, things will have changed  (Mouhahaha)

 

Password Leaks and Password Managers

These last months have been very busy in password leaks, LinkedIn, Last FM, Yahoo, Le Figaro, PhAndroid, and finally today, I received an e-mail from Nvidia. After the Sony PS3 Network leak, I thought that I should use a secure password manager online, first because I ran out of passwords, then because I couldn’t memorize them all and I had to reset all the passwords all the time (which was not too bad for security), but I decided to give a shot at the different password vaults softwares.

Why should we care about passwords ?

As everyone knows our passwords usually protect our personal data and all our sensitive information. Unfortunately many among us understand that ‘personal’ concept but do not play with the rules and use the same password for all their services such as Facebook, Hotmail, Gmail, Online Banking, E-Bay, etc. and one day, a malicious (crack)(h)acker / ‘script kiddie’ decides that he should show the world that services that millions of people are using are not secure, and releases all the passwords he can find.

(Crack)(H)ackers / ‘script kiddies’ / do not always have bad intention (but this is another debate), but releases passwords on pastebin, secure pastebin or eventually on their own websites, and a few days later everybody receives spam, or malicious softwares on their e-mail address, because other ‘script kiddies’ found them, and want you to give them your credit card number, or other sensitive information and that’s why we should care about the data we put on the Internet, and about the data we try to protect via passwords.

What type of password should we use ?

Password rules  have never changed, this is a small summary of what type of password you should use !

  • Use a long password
  • Use special chars
  • Use numbers
  • Use Caps
xhEDiu&$8   will never be as secure as IL0V3H0rS3s&IP0ss3sses20OfTh3m$ as you can see you can use sentences and replace some letters by numbers to make it easier for you to remember those passwords !  for example  O can be replaced by Zero, or E  by 3   and S by 5  etc.
(Please Remember this rule if at the end of this blog post you end up installing the password vault I describe next)

The password vault I am using : Dashlane ?

For the last couple of months since the leak of the PSN  I have been using dashlane, as personal data assistant and  secure vault.  Dashlane  comes under the form of a plug-in for Google Chrome, available for Windows and OS X, sorry for all the other (Unix Users).

A bit more about Dashlane :

To get started you can download the application from their website and  install the the plug-in for google chrome . During the installation of the software dashlane is going to ask you a Master Password, this password has to be as long and difficult as possible, remember the rules we defined previously !

Once dashlane installed you will be able to see the following options in the menu :

  • Contacts
  • IDs
  • Payements
  • Notes
  • Logins and Passwords
  • Security Dashboard
  • Purchases

Contacts :  contains all your identities and addresses, for example if two persons (+ you ) are using your computer you should find 3 identities  and eventually 3 different addresses (but this wouldn’t make sense).

 

IDs  : Contains all your IDs, Passeport, Driving License informations.

Payements : Contains all your debit / credit cards information as well as your bank and paypal information.

Note :  Contains all your secure notes.

Logins and Passwords :  Shows up all the passwords generated via dashlane.

Security Dashboard :  Shows up all the passwords that you are using, and that dashlane possesses, these screens contains the also  a ‘security’ level for each password.

 

Purchases : Contains all the internet purchases that you did, you can also classify them following the amount of the purchase you did.

 

Finally each time you register on a website, you will be able to use dashlane to fill in all the information you registered in the plug-in or simply use dashlane to generate a strong password and remember it for you, this will allow you to have multiple different and secure passwords for all your websites without having to remember them all. 

 

How are this password stored and synchronized between my devices ?

Dashlane encrypt all the data in AES-256 before storing them on their server for sync on all your devices, and theses data can ONLY be unencrypted with the master password you used at the beginning, which means that if you used an ultra secure password (around 16 to 26 chars ) nobody will “ever” be able to decrypt them without your consent.

Keep your data secure and private

-All data is AES-256 encrypted locally on your computer

– The only way to access your data is with your master password, which only you have – Not even Dashlane can touch your data!

– You can remotely deactivate any device you’ve synced to your account in case of loss or theft Multi-platform and synced to the cloud –

Access your data wherever you are – Use it on Macs, PCs, at home, on your favorite browser, and your preferred smart phone and tablet

– Dashlane goes everywhere you go, and nowhere else

And that’s it,

I truly recommend you yo use dashlane as  password manager and password vault.

 

Tagged , , , , , ,

OS X Version of LDD

If you need to use the ldd command on OS X you will face an error.

However, there is a “similar” command called otool  on OS X that you can use :

For the one who never used it,  the ldd  command is used to show the dynamic libraries a executable is linked to, or what libraries the executable needs to run.  If the otool command is not recognized on your mac, you probably need to install xcode. You can find the documentation about otool here.

 

Tagged , ,

Digital Forensic Examination 101 — Part 1

Digital Forensic Examination also known as Forensic Science is used to recover digital data, this science is often used to find evidence on computers, usb keys, and mobiles but forensic examination can
also be used to recover data after a computer crash.  This tutorial will try to help you understand the basics of forensic examination on computers – mobiles and the different problems faced by forensic examiners.

To make it easier, I will set a few questions and I will try to develop the answer, then I will go on with an example of forensic examination, and finally I will develop a small Android Forensic Application. binaryThe project will be stored on GitHub (here) and finally the entire tutorial will be available on SecITs (here).

  • What is a computer crime, and is forensic examination always related to computer crimes ?
  • What are forensic examiners doing ?
  • How to become a forensic examiner ?
  • How strict should a forensic examiner be ?
  • Forensic examiners VS the law ?
  • Differences between forensic examination on computers and mobile devices ?
I will now try to answer the questions as precisely as possible, do not hesitate to comment the answers if you have any doubt.
What is a computer crime, and is forensic examination always related to computer crimes ?
Forensic examination is not always related to computer crimes, or to crimes in general. Forensic examination can be used to retrieve data on a broken computer, or can be used by hackers to retrieve data on your computer. Forensic examination also helps to fight crime in general, i.e. In an accounting fraud case, the crime has not been committed via a computer, however, the computer might contain some evidence, as well as the mobile phone, or the iPod device etc. This leads us to the first part of the question, defining a computer crime.
A computer crime can be interpreted in multiple ways, in this case we will assume that computer crimes are all of the following :
  1. A crime committed with a computer.
  2. A crime committed against a computer (target).
  3. A crime committed on via/on or with  a digital media/device.

What are forensic examiners doing ?

There is a hierarchy of forensic examiners, I will divide them in multiple categories :

  1. First Respond Patrols
  2. Investigators
  3. Specialists
  4. High Tech Examiners
  5. Researchers
First Respond Patrols, Investigators are usually the one on first lines, the bottom of the pyramid. They use tools to find evidence, recover data and write reports. They also might have to go with police on crime scenes to make on site investigations.
Specialists and high tech examiners, are usually holding a master degree, they usually read the reports back, however they also might be involved in research, tool creation, and might still have hands on the tools for practice.
Researchers usually hold a PhD in Computer Science, and are exploring new techniques, and new technologies related to forensic examination, however, some of the researchers also investigate crime scenes too.
Note: It is important to understand that investigation conducted at tome levels described above might involve pedophile crimes as well, and that being a forensic examiner is not an easy job every day.

How to become a forensic examiner ?
Becoming a forensic examiner depends on what you want to do, as explained before there are different level of forensic examiners the first way I would advertise is to go to universities such as the University of Abertay Dundee and follow courses such as this or this as an undergrad, or this, this and this as a postgraduate. However, it is also possible to become a forensic examiner by following a Computer Science cursus and having forensic examinations as hobby. There are multiple communities of ethical hackers and white hat on the web which are advertising for challenges. Doing a PhD might also help you to reach the top of the pyramid and become a digital forensic researcher in a University.

How strict should a forensic examiner be ?  

A forensic examination is a very strict job, all the action performed during the investigation should be recorded on a notebook, each of the action should also be performed on a duplicated image of the original support.

The investigation performed by the forensic examiner will determine if the suspect is guilty or not, at the end of the investigation the forensic examiner will have to hand a partial report back to the court including all the findings, actions, notes. Each of the actions performed during the investigation should be able to be reproduced by another forensic examiner during another forensic examination.

The job of a forensic examiner is very stressful,for example, data should never be altered,data should not be compromised, the written report should be partial, and should not include feelings. The forensic examiner should always stay aware that he is cannot judge, and that its report will help the court to take the right decision in favor or in disfavor of a suspect.

The forensic examiner might also be obliged to testify in a court, on his actions on the device, or on the case. This may add pressure on the shoulders of a forensic examiner.

Key words : Partial, Strict, Organized, Structure, Reports.

Forensic examiners VS the law ? 

As said in the previous question, each action performed on a device will have consequences, and the law is strict. Forensic examiners cannot make errors, they have to write a detailed report about their findings, the data gathered, the pictures encountered and the commands they were running on the image or on the hard drive / mobile device / usb key etc they received. Forensic examiners will always be the one responsible if something goes wrong during an investigation and forensic examiners might have to testify in front of a court, they  might also have to face the suspect. A forensic examiner has a lot of responsibilities, being partial organized and strict as explained before.

A forensic examiner has to follow standards during an investigation, such as the ACPO guide lines. These standards will be described in the second part of this tutorial.

Differences between forensic examination on computers and mobile devices ?

Forensic examination is a tricky field.

i.e. computers can be accessed at any time, they can also be dissembled, hard drives can be taken away and investigated in another place, while mobile devices are running on battery, do not possesses hard drives, but flash drives and do not follow the same architecture. Below some problems occurring with mobile devices :

Mobile devices can run closed operating systems such as iOS, or Android, some “parts” might not be accessible,  be encrypted, be protected via a code or a pattern, can run out of battery, and data might not be accessed easily.

Some proprietary / open source softwares exist,and are updated following the multiple devices on the market, but as we know, mobile devices are following an exponential growth at the moment, and it can make the life of a forensic examiner a nightmare. In the last tutorial we will explore a way of doing a “small forensic examination” on an Android Device, and develop a small forensic framework in Java. This application will try to overcome the problems described above and will help forensic examiners to retrieve data from smartphones.

This was the first part of  “Digital Forensic Examination 101”, in part2 we will see how to conduct a forensic examination on a fake computer case.

Note: These series of articles / tutorials are meant to be as exhaustive as possible, I would therefore appreciate your comments and I will edit / correct / update  the articles accordingly. If you have any questions feel free to ask in the comments, or contact me via the contact form [here

Tagged , , , ,