Saturday, August 23, 2014

SCAPS static code analyser for php

hey guys , its been a really long time im in my 5 th semester and i have started an awesome project called SCAP it is  really early stages of development but still i'd like some suggestions, there's only one project RIPS , like this is available and it is really good. they also have a research paper on it. but the main difference between my project is that i will create rule based system while their system is behavior based, rule based systems are fast but they might not be accurate but it will be fast
check out the github repo here https://github.com/rjcrystal/scaps
have fun 
Update
scaps is now complete and operational you can check out at scaps.me/analyser.php

Monday, April 28, 2014

simple file analyzer in java

hi guys its been a long time ...
so i have made a simple java based file analyzer which reads file headers and determines file type,  i have added some file formats you can download here  https://mega.co.nz/#!w5ZEhITK

Saturday, April 6, 2013

Hcon STF v5 prime released

hi folks its a long time after i had posted something but what to do life is life, well well so yesterday Hcon stf which is made by ashish mistry v5 prime was released and i must say its awesome. these are its features

Hacker Friendly

Picture
Fully Customizable, Versatile in Usage can be used in many Web related hacking needs, Simple and easy to use interface, small in size and light on resources. contains hundreds of features for :
  • Web Penetration Testing
  • Web Exploits Development
  • Web Malware Analysis
  • OSINT & Cyber spying

Exploitation ready

Picture
Very comprehensive and plenty of tools for exploitation and supports verbose debugging features for Web Exploit Development.

WebUI

Picture
HconSTF contains blend of online and offline tools for Pentesting called 'WebUI'.
includes scanners, encoders, and much more

IDB

Picture
IDB is Integrated database with huge amount of Web payloads like :
  • Xss
  • Sqli
  • LDAP
  • Command execution

Osint Ready

Picture
Helps in many Open source intelligence based tasks like
  • Passive Web & Network Reconnaissance
  • Doxing 
  • Cyber Spying
  • Hash cracking
Huge amount of Plugins more than 165

Obfuscation Ready

Picture
Encoding / Decoding & hashing Features and tools, supports wide variety of formats, character set and algorithms for making payloads undetectable.

Decoy Ready

Picture
Darknets and proxies integrated, Spoofing tools. supports integration with many decoy options, includes many tools for proxies and anonymizing networks
readily configured for :
  • Tor
  • AdvOR
  • I2P
  • Https, Socks 4 / 5

Enhanced Reporting

Picture
Contains many integrated useful reporting features like :
  • Screenshots
  • Note taking
  • Session saving & exporting
  • Custom Url Logging
  • Automated Request logging

Hacker Helper

Picture
Includes Hackery-Hybrid, collection of huge amount of learning bookmarks for learning any techniques, tools.

More Features :
  • Easy to use & collaborative Operating System like interface
  • Includes Custom scripts for doing many pentesting tasks
  • Includes Cleaner for running HconSTF smoothly
  • Light on Hardware Resources & Small in size
  • Portable - no need to install, can work from any USB storage device
  • Multi-Language support (Partial)
  • Works side-by-side with your normal web browser without any conflict issues
  • Works on both architectures x86 & x64 on windows XP, Vista, 7 and on Linux with Wine
  • Netbook compatible - User interface is designed for using framework on small screen sizes
  • Free & Open source and always will be

Categories of tools :
  • Recon / Mapping
  • Editors / Debuggers
  • Exploitation / Audit
  • Anonymity
  • Passwords
  • Cryptography
  • Database
  • Scripting / Automation
  • Network Utilities
  • Reporting
download from here

Sunday, November 18, 2012

Android custom roms basics

hey guys wassup whoa such a long time sorry i couldn't post anything awesome as i was busy with my life and some major up downs. ok so now i got a galaxy Y for testing purposes and i was just messing with the phone and the best way of messing is installing different roms and etc.
So i start with the basics, the kernel is the basic part of every working computer or handheld device on earth. It is the bridge between hardware and software and its installed on rom that can be changed or erased but with some proper procedure. Android truely shares the same kernel as of what we have in linux for desktop but with some modifications So if you see this diagram you will know how critical a kernel is....
























Ok how does a kernel looks like a general question comes to our mind its in .img format and contains main kernel file and boot kernel image and other drivers. So there are lots of kernel available in market which have different types of specialities some are stable, some are exprimental etc. So now comes the system apps and lots and lots of configuration files like audio bluetooth,wifi, camera, etc do not mess with these files until u are sure what are you doing. Remember all mods or custom roms do not come with custom kernel, it depends on the developer that he wants to use stock (company default) rom or a custom rom for his own. Now there are 2 ways to flash your phone to use a custom rom either with PC that is odin mode or either with clockworkmod commonly called as cwm. the basic difference between odin flashes and cwm is that, that odin uses a pc for flashing while. cwm method uses a zip file and only phone in recovery mode
the main differences are as follows.

Odin flashes are safer compared to CWM flashes in so much as they are a raw device dump with no intervention in between. Its just a basic read/write operation. CWM operations must call the current kernel in order to perform the tasks (which is why the brick bug emerges not by flashing an affected kernel, but using CWM with it afterwards). So although a CWM flash is still fundamentally an I/O process, the currently installed kernel plays its part in order to do so.

Only real danger with Odin flashes is power supply, so if you have a power cut in the middle of a flash, there is a good chance you might not ever get your device back up and running, especially if it was during a flash of the boot loader).
the firmwares is in .zip for CWM only. and for Odin/Mobile Odin  files are in
.tar or .md5 (or .smd) format (other formats for other types of flash eg. .bin, .pit, .xml).
xda-developers is the best forum ever for android hacks,mods custom roms, etc

So this is pretty much for now
for more information you can read this article on android forums


Friday, August 10, 2012

Difference between integer based and string based SQL injection

Hi friends  this one i had posted a question on hackforums about difference between string based and integer based SQL injection it can be explained as follows
integer
SELECT * FROM pages WHERE page_id=10 [inject] order by title limit 1,
so the injection would be
?id=10 union select 1,2,3--
finallly you get
SELECT * FROM pages WHERE page_id=10 union select 1,2,3-- order by title limit 1,1

string

SELECT FROM pages WHERE page_id="10" [injectorder by title limit 1,
so the injection would be
?id=10' union select 1,2,3--+
final:
select * from pages where page_id="10"' union select 1,2,3--+ order by title limit 1,1


so in integer based SQL injection you dont have to put a ' and in string based SQL injection you have to put a ' and a + sign at the end
the original post here
enjoy

Monday, August 6, 2012

Will ultrabooks eliminate DVDs and Blue ray dics

Hi guys wassup how are you doing? yesterday my brother bought a lenovo ultrabook it was almost copy of a macbook with the hardware but the its slim, keyboard is easy to type and fast. but the fact that it had SSD and no DVD drive only some USB ports, HDMI ports and ethernet port etc and some touch pad changes. so the question is due to new emerging race of ultrabooks will CDs and DVDs will become outdated. maybe not coz still most of the games, blue-ray movies,etc come in DVDs. they are cheap but still they can't just get outdated and what i expect to be that new ultrabooks will have a dvd drive or they wont get apropriate market in india. i am still happy with my old laptop. and i am going to college this month for studies of computer engineering the thing i had loved to do the most.

Saturday, August 4, 2012

Call For Papers for the first edition of Hzine(Hacking Magazine)

Hcon has decided to release hacking magazine for you guys. it will be an online magazine free for all but for now it needs contributions. Contributions in the sense, Articles. For releasing anything you need good fleshy information which is not possible for one man. So here by i ask you all to contribute to this great effort made by Ashish Mistry and also if you cannot for any reasons atleast share it on your blog like me or on your facebook homepage.
Hcon, Information security Training and Tools provider, launched their own PenTesting Magazine ‘Hzine’. We are inviting unique and interesting articles for our First Edition of Hzine.

Theme for the articles : Operating Systems (OS)
Articles can be on Topics :
1. Penetration testing / Hacking
2. Forensics
3. Malware
4. Exploit Development
5. Embedded, Mobile OS
6. OS Configs and Defenses
7. Offensive or Defensive Programming
8. About OS Tools, any specific OS articles
9. Troubleshooting any security issue
10. Any other OS related quality articles are also welcome
Things to consider for article submission :
1. It will be a free Magazine
2. It has to be your own work, research
3. It has to be in ENGLISH only
4. As we are not gaining any money from it, so don’t expect from us to give you
5. Send articles in document format only (doc, docx, odt)
6. articles has to be with if any needed reference
More info: http://www.hcon.in/hzine.html
Contact:  https://www.facebook.com/Root.Hcon
www.hcon.in/contact-us.html
if you feel you have it in you !!

Monday, July 30, 2012

computer knowledge megacollection

hi guys i have got an awesome collection of computer books on internet its like 19 GB of books of all types have a look here
  https://fbcdn-sphotos-a.akamaihd.net/hphotos-ak-snc7/s720x720/376937_444943348871919_124568779_n.jpg
have fun dont forget to add trackers 

udp://tracker.publicbt.com:80/announce

udp://tracker.openbittorrent.com:80/announce

http://fr33dom.h33t.com:3310/announce

http://cpleft.com:2710/announce

http://tracker.ex.ua/announce

http://exodus.desync.com:6969/announce

http://tracker.torrentbay.to:6969/announce

udp://tracker.1337x.org:80/announce

udp://fr33domtracker.h33t.com:3310/announce

udp://tracker.ccc.de:80

udp://11.rarbg.com/announce

udp://9.rarbg.com:2710/announce

udp://10.rarbg.com/announce







Thursday, July 12, 2012

python based Shell analyser

hi guys wassup how you doing? this time i have got an awesome idea and i have started working on it. we already have a python based script called neopi.py to scan and analyse encoded and obfuscated. i am writing my own php and python code in such a way that when a file is uploaded it is checked for both unencoded signatures and encoded things. the first thing i have to find is a common signature for all shells and then combine code of mine and neopi and a php upload page that will initialize a scan after files uploaded and  change its perms to obviously to not let execute. and i think the php one is the most hard part for me as i am totally not familiar with php but i have some good friends to help me out, and guess what last month this blog has completed its 2 years thanks for all yours support and your subscriptions Rjcrystal if u have any suggestions then comment here

Friday, July 6, 2012

Update your facebook status via your own name


hi guys wassup sorry for not bringing any post So you might have seen that there are many apps that post on your wall and it has a small link at the bottom right corner telling VIA (app name). so how did they do that its very easy you need API(application programming interface) key of any app to do that.
we will make a app of our name so that we can use our apps` api and update facebook status via it
STEPS
  1. goto facebook developers then create an app by selecting app tab on the upper side
  2. then there will be a small box asking for app names in app display name you can fill out any name which is 3 words long and then click i agree facebook platform policies (even if you dont lol )
  3. then fill the security check(captcha) and then you will be taken to app settings then save changes and then you will see a many numbers in that our useful one is App ID/API Key save it
  4. then goto https://www.facebook.com/connect/prompt_feed.php?preview=true&api_key=xxxxxxxx (here xxx is your api key) copy your apps api key in place of xxxxxx and then hit the big enter button and you will see that ther will be a update status button just write what ever you want and bravo you have updated your status VIA your own name
here is big list of some good APPS API KEY with which you can update your status same as mentioned before
*. Skynet (249284985083592)
*. iPhone (6628568379)
*. Blackberry (2254487659)
*. Palm (7081486362)
*. Sidekick (21810043296)
*. Sony Ericsson (38125372145)
*. Xbox LIVE (5747726667)
*. iPad (112930718741625)
*. Foursquare (86734274142)
*. Telegram (140881489259157)
*. Carrier Pigeon (130263630347328)
*. Morse Code (134929696530963)
*. Message in a Bottle (123903037653697)
*. Commodore 64 (138114659547999)
*. Your moms computer (132386310127809)
*. TRS-80 (134998549862981)
*. K.I.T.T. (129904140378622)
*. Mind Computer Interface (121111184600360)
*. eyePhone (110455835670222)
*. toaster (203192803063920)
*. microwave (0a5266c8844a1b09211e7eb38242ac2f)
*. Super Nintendo Entertainment System (235703126457431)
*. Gameboy Color (180700501993189)
*. GoD (256591344357588)
*. Glade Air Freshner (4aeb4db2e8df1cdb7f952b2269afb560)
*. Strawberry (a4c9fb1708a848c2241674531176209b)
*. The moon (221826277855257)
*. Dr. Pepper (eea90d40e1d12565695dbbbdbd5e965b)
*. Nintendo wii (243870508973644)
*. Alcohol (250335888312118)
*. Cheese (218791271497130)
*. iPod Nano (142039005875499)
*. Nintendo 64 (236264753062118)
*. Microsoft Excel (242740155751069)
*. Linux Ubuntu (220593361311050)
*. iPhone 5g (211333348912523)
*. My Bedroom (174811032586879)
*. Your Mums Bedroom (5f64bbc9ac2f12b983200925da461322)
*. Lamp (230755826955133)
*. Refrigerator (250828364944350)
*. A potato (127926427295267)
*. Nasa Satellite (31d608d30292175bf7703149699ccb39)
*. Pogo Stick (185103391549701)
*. Banana Phone (1477a4cd29ec724a3de19be5d26e0389)
*. Google+ (4d8243dbb7064f88351fe6c809582320)
*. The Future (108372819220732)
*. Smoke Signal (134138923334682)
*. tin cans connected by string (242191299125647)
*. Pokedex (de3da265cf6976745bb1d60a8c198151)
*. Telepathy (ea01a57edb26cf1de143f09d45cfa913)
*. Typewriter (d3d554bf60297cb2c384e3d7cf5a066d)
*. Harry Potter (b8ebeb983f45eaa0bd5f4f66cad97654)
*. TARDIS (200439256674396)
*. Pip Boy (142806259133078)
*. Mind Control (1dc633368924b3b0b4d08e3f83230760)
*. Jedi Mind Control (240597869302110)
*. Telekinesis (224139600960217)
*. Post-It Note (115227201900831)
*. GLaDOS (246126362083515)
*. Ansible (185474028180003)
*. W.O.P.R (228373497202865)
*. Airwolf (123944137696757)
*. HMCS Belafonte (222345601140304)
*. HAPPY BIRTHDAY (60280877509)

Twitter Delicious Facebook Digg Stumbleupon Favorites More