Archive for October, 2009

 

Google owns the world…

Oct 19, 2009 in Security

Everyone is talking about Google Voice these days, as its the new cool thing.  But as we know we every new toy, comes some problems.  If you go do a google search on:

site:https://www.google.com/voice/fm/*

What do you get?

gvoice

Hmmm…. looks like Google is indexing your voicemails and making it visible on the web.

Google says it’s changed how shared messages are indexed and made available to public searches, so we’re hoping this was just a one-time thing. [http://www.engadget.com/2009/10/19/google-voice-voicemails-appearing-in-public-search-results/]

Funny Voicemails that you can find:

Voicemail 1

Voicemail 2

As you can see they even list the users name and phone number!!! Joy!!!!!

gmail2!!!

Trust No One!
-Cheetz

Searching the Internets

Oct 11, 2009 in Security

[SecurePlanet Wiki][SecurePlanet RSS Feed][SecurePlanet RSS Vulnerabilities]

Whether you are a black or white hat, I’m sure you have heard about the recent leak of over 20-30,000 compromised Gmail, Yahoo, Hotmail [http://www.networkworld.com/news/2009/100709-gmail-hotmail-yahoo-scam.html] posted at pastebin.com.  For those that don’t know what pastebin is, it is a “Collaborative debugging tool allowing you to share and modify code snippets while chatting on IRC, IM or a message board”.  You should check it out.  Go to pastebin.com and look at some of the postings people put up there.

I had been monitoring these types of sites for a while now and with all these noise from the passwords, I thought I’d share.  These types of sites are gold mines, because they supposedly are an anonymous way to post up any type of code.  So, the best thing to do in this case is to script a way to pull all this data down.  I just picked up python a couple days ago, so the code is pretty raw and made for windows.  I might clean it and port it for Linux later.

[SCRIPT
#!/usr/loca/bin/python
# Pastebin Scraper 1.0
# Author: cheetz
# Description: This tools grabs the top 10 newest Pastebin files, checks to see if any of
# the files contain hacker associated words and downloads.
# Files must exist under C:\py\
# This code was made for eduactional purposes.  Please do not abuse it.
from urllib import urlopen
import os, sys, linecache, string, urllib, re, time
var = 1
List = []
create_dir_saved = “mkdir C:\py\saved”
os.popen(create_dir_saved)
create_dir_data = “mkdir C:\py\data”
os.popen(create_dir_data)

while(True):
doc = urlopen(“http://pastebin.com”).readlines()
for line in doc:
if ‘<li><a href=”http://pastebin.com/’ in line:
temp = line.strip()
temp = re.findall(r”\m\/(.*)\””,temp)
temp1 = “”.join(temp) #convert list to string
List.append(temp1)

for line1 in List:
link_download = “http://pastebin.com/pastebin.php?dl=”
link_download += line1
wget = “wget -c -q ” + link_download + ” –user-agent=\”Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.3) Gecko/2008092416 Firefox/3.0.3\”” + ” -O ” + “C:\py\data\\” + line1
print wget
os.popen(wget)
fileloc = “C:\py\data\\” + line1
scanning_file = open(fileloc, ‘r’)
printering = scanning_file.read()
passwd = [“hacking”, “password”, “passwd”, “hack”, “exploit”, “zero day”]
close_var = 0
for index, item in enumerate(passwd):
print item
if item in printering:
print “contained”
scanning_file.close()
movefile = “move C:\py\data\\” + line1 + ” c:\py\saved\\”
os.popen(movefile)
close_var = 1
break
else:
print “not contained”
close_var = 0
if close_var == 1:
print “file was moved to saved”
else:
print “file was deleted”
scanning_file.close()
delete_file = “del C:\py\data\\” + line1
os.popen(delete_file)
time.sleep(500)]

So what this script does is grab the front page of pastebin.com and finds the newest articles.  It then downloads the newest ones and keeps the relevant topics (such as passwords).  The issue I ran with pastebin’s site, is that they will block your IP if they find you constantly grabbing from their site.  So what I did was download Tor, Privoxy and Vidalia and proxy all the connections to pastebin.  After every connection you can force tor to create a new identity with python (found here: http://ubuntuforums.org/archive/index.php/t-558051.html & For wget Windows:
set http_proxy=http://proxy.example.com:8080 For Linux/Unix:
export http_proxy=”http://proxy.example.com:8080″).

So, what have I found grepping though these sites?  Well I was able to grab all the passwords listed from Hotmail and that just confirmed how weak people still have for passwords.  There are many other different type of code sample uploading sites such as pastie.org, dpaste.com, or pastebin.ca.  For example, just from a quick search, I found code for an IRC bot (http://pastie.org/pastes/650079), similar to my article [https://www.securepla.net/?p=48].  All the information is out there, you just got to make sure your looking for it.

-Cheetz