Nulcon Jailbreak 2013 PPT

March 8, 2013

It was really awesome experience for me. Working under pressure is dam hard that i came to know :)

Download Slides:

https://dl.dropbox.com/u/18007092/Jailbreak.pptx

We Provide Penetration Testing

Project F9pix

February 10, 2013

Every day one thing is grooming in my mind which is not so important huh , dam NO it is IMP! 7 Month before I have started a project called as F9pix.com with help of my friend Kishor,Jitu.

F9pix is big platform for the photographers, where on single button photographers can showcase their awesome photographs to the world. First time i have started serious coding & development which is really opposite work for me as i’m in Info security domain.

3 Months later from the start Date, F9pix was up ! I was really happy to see F9pix online many of the my friends appreciated work. Project started building confidence in my mind as well as my mates mind. Finally We got office in Pune , Chinchwad.

It was really amazing for to have own office. Vishal & ER Sumeet joined us for development of F9pix modules.
Every one is working profoundly on each task of development of product. we are trying to finish the coding in next few days. I am worried about next release of the F9pix. F9pix Team carrier is completely depend on the next release of F9pix.

I am confident everything will be good :)

We Provide Penetration Testing

vulnerability report activities gift

December 28, 2012

Commitment to security issues and fixing them seriously i tribute all of them ..
I will updates my all gifts here :)

Google T-shirt

DropBox T-shirt

We Provide Penetration Testing

Aw ! Wanna Increase Youtube views ?

December 25, 2012

Hi , yes ! you can increase Youtube view upto 300 or 1000( Google ) May be using this bug . Why 300 to 1000 Views , because youtube algorithm monitor videos response and adjust accordingly !

Oh yes ! I have submitted this bug to Google Security Team and bug is not selected as critical one(due to Youtube Algorithm). It can be useful to many people to increase the YouTube views.

I have tested on latest browsers(Tested Browser : FF / Chrome) & OS (Tested OS : Win7 / Ubuntu).
This bug will work only on Newly uploaded Video & you must be Login youtube account from where you uploaded the video.

When user Upload new video. Google provided option to change title of the video on the fly as show following image
For example :

Youtube view Increase

When User click save and refresh the browser window youtube video… w00t !! view count is increased ..
All views will be considered from the User IP so possibly youtube algo considered video as suspicious.

In this way I have increased my unlisted video view count to 193.

Youtube View increase Example

Video Link :

To automate this manual process, we can use Jquery Function. Which is as followed.


Special Thanks to Vishal Khobare...
$(function(){

setTimeout(function(){
setTimeout(function(){
$("#eow-title").trigger('click');

setTimeout(function(){
if($(".yt-uix-button-primary").length==0)
return;
$(".yt-uix-button-primary, .yt-uix-button ,.yt-uix-button-hh-primary").trigger('click');

setTimeout(function(){
window.location.href=window.location.href;

},100);
},5000);
},100);
$("body").css('background','red');

},100);
});

I am using Charles Proxy (DEMO version) application to map Youtube JS(//s.ytimg.com/yts/jsbin/www-help-vflQWQdGY.js) & appending my above code to the youtube JS code on my local machine.

Its get starting view count increasing automatically !
Bug Fixed :)
Special thanks to Google Security Team & My Garage4Hackers Team.

We Provide Penetration Testing

Got Listed into Facebook White Hat

July 31, 2012

GDay ! Got listed into Facebook security white hat page & got paid ! I have submitted Vulnerability which allow attacker to install the any 3rd party application using UI Readdressing attack. The Strange part was it was page already having protection to the Clickjacking vulnerability but protection was not working on the FF 3.2.6(issue is fixed) .

POC :

< y a w n>Feel Sleepy, Will update complete POC after some time{Got slow internet connection :/ } < / y a w n>

Thanks to Facebook for quick response and quick Fix… Special thanks to Garage 4 Hackers Members

We Provide Penetration Testing

500Px.com Vulnerabilities Reported

July 17, 2012

I have reported some bugs to 500px.com. Thanks for sending me some Goodies as well as 500Px Developer team to fix in very short time .

500px vulnerability

By the way i am not photographer , still i have Premium account on 500px.com to sell photos :)

We Provide Penetration Testing

Wanna Pentest ?

June 26, 2012

If you want to pentest your application drop me mail at

We Provide Penetration Testing

Google Wallet CSRF

June 13, 2012

Summery

I recently reported CSRF vulnerability to Google.  Vulnerable domain is wallet.google.com , Normally it forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated.

Vulnerable URL:

https://wallet.google.com/buyerSignup?continue=https://wallet.google.com/manage/bootstrap.html?u%3Dhttps%253A%252F%252Fwallet.google.com%252Fmanage%26pli%3D1&hsk=1&pli=1&s7e=creditcard.cardNumber:n;creditcard.cvv:n&coc=IN

It was missing XSRF protection Token.
Id
Email
Passwd
PasswdAgain
address.phone
address_cmenu
address_ecmenu
address_name
address_state
address_state_menu
address_street1
address_street2
address_town
address_town_menu
address_zip
creditcard.CreditCardCvvTextField
creditcard.CreditCardNumberTextField
creditcard.cardBrand
creditcard.ccExpMonth
creditcard.ccExpYear
creditcard.ccIssueId
creditcard.ccStartMonth
creditcard.ccStartYear
creditcard.lastDigits
creditcard.phone
creditcard.type
creditcard_cmenu
creditcard_ecmenu
creditcard_name
creditcard_state
creditcard_state_menu
creditcard_street1
creditcard_street2
creditcard_town
creditcard_town_menu
creditcard_zip
i18nToSUrl
keyfields
keylog
shippingRadioA
shippingRadioB
submitbutton
submitbutton

POC I will upload after some time Thanks Google For listing me In Google Hall of fame and for quick Fix

We Provide Penetration Testing

Google Account Password Reset Vulnerability using Mobile Sec Token [ClickJacking]

June 1, 2012

#Title: Google Account Password Reset Vulnerability using Mobile Sec Token [ClickJacking]
#Author: Sandeep Kamble
#Business Risk : High Risk
#Attack Type: Click jacking
#Tested Browser: Firefox 3.6
#OS: Win 7 / Linux
#Reported Date: OCT 21 , 2011

Summery

I recently reported click jacking vulnerability to Google, involving Google Account Recovery Options Prompt Page where users save mobile number.
Normally if user Losing access can mean not being able to send mail to friends, not being able to access photos or documents you’ve created online, and not being able to access any of the information stored on your Google Account. Google provided one unique option to submit mobile number into Google account. In that user recover password by verifying Mobile Sec Token.
Google says “A mobile phone is one of the easiest and quickest ways to help protect your account. It’s more secure than your recovery email address or your security question because you usually have your phone with you.” Oh yeah fast way to get hacked also

How did it work?

Google provided mobile number update page, where users can update their mobile number. I noticed on this Google Mobile update page there was missing X-Frame-Options. This is smell of Clickjacking vulnerability.

 

Vulnerable URL:

https://accounts.google.com/b/0/AccountRecoveryOptionsPrompt?continue=https%3A%2F%2Faccounts.google.com%2Fb%2F0%2FEditPasswd&sarp=1&level=WITHOUT_PHONE

In short Clickjacking vulnerabilities involves attacker to craft one webpage to initiate request to a web site (Google). This will interact with UI elements on that site and victim will think, he is interacting with another site which is of attacker.

Proof Of concept

Example of ClickJacking Crafted Site (Iframe Opacity 0):

Iframe Opacity visible (Here you will get Clear picture):

When victim will drag the Old crap computer into the trash, he is actually dragging attacker number into the Google Account page. When victim click on the Save or Go button, he is actually click on “Add Phone “on Google Page. After successfully execution the above step, then automatically attacker mobile number is added into the Google Account.

Now attacker turns, to change the password of victim attacker will use Google Password Recover service where attacker needs to choose the Mobile Option to recover the password.

The following is the attacker screen.
Code:

URL: https://www.google.com/accounts/recovery/recoveryoptions

When attacker click Continue, Attacker will receive the verification code is a 6-digit number on his mobile number.
Which is needed to be while reset the password.

After successfully submission of the password, finally you will see a heaven window which will allow attacker to change the password!

W00t Finally attacker has changed the password using Click jacking vulnerability in Google Account.

Reference: https://www.owasp.org/index.php/Clickjacking

Orignal POC Link :

 

http://f9pix.com/Google%20hy5xoe/click-D22JJJSFSB23KMH3874KNM1HJ.html

More Description in Video :

http://f9pix.com/Google hy5xoe/Google.flv

Special Thanks To Amol Naik And G4h Team

Thanks for Google Security Team to Patch vulnerability in very fast manner

Sign Out !
[S]

We Provide Penetration Testing

I am Listed in Twitter Security Page

February 7, 2012

Thank you twitter and specially BOB from twitter who was always in touch for solving twitter vulnerability which was reported by me.
Thank you twitter to start this kind of program to encourage Information Security Researcher ./.

Here Link :

https://twitter.com/about/security

 

PIC :

We Provide Penetration Testing


We Provide Penetration Testing