[13 Apr 2014 | No Comment | ]
The blog’s heart’s beating is normal now

So yeah the ZOMGWTFAPOCALYPTIC bug affected this blog too.

I had a very busy couple of weeks and traveled to Cairo to attend OWASP cairo chapter launch meeting. so i had no time or brains to fix it that time but i disabled SSL.
Today i updated the openssl and libssl to the latest version in the repo and BAZINGA! i am no longer affected.

Reissued the (self-signed) certificates and put the VirtualHost back to apache’s config and restarted. and no more leaking (I hope)

Read the full story »

Featured, Headline »

[13 Apr 2014 | No Comment | ]
The blog’s heart’s beating is normal now

So yeah the ZOMGWTFAPOCALYPTIC bug affected this blog too.

I had a very busy couple of weeks and traveled to Cairo to attend OWASP cairo chapter launch meeting. so i had no time or brains to fix it that time but i disabled SSL.
Today i updated the openssl and libssl to the latest version in the repo and BAZINGA! i am no longer affected.

Reissued the (self-signed) certificates and put the VirtualHost back to apache’s config and restarted. and no more leaking (I hope)

Featured, Headline »

[4 Apr 2014 | No Comment | ]
How to compile xHydra (Hydra GUI) on windows

Hello Internet.
Skip intro
I received several comments saying that i am distributing Malware because some antivirus engines are detecting hydra/pw-inspector as Hacktool.Hydra and that’s not a false positive it is a hack tool, i never did or will harm anyone.. and i even got a take down notice (the exe for some reason was detected by them as PHP) but my provider heard my side of the story and no further actions were taken.

For that and because i will be compiling the newer versions just occasionally but not very often so …

Miscellaneous »

[11 Mar 2014 | No Comment | ]

In the first part i established that the 180,000 bitcoin moving is actually coming from addresses belonging to MtGox/MagicalTux.
Upon further inspection turned out it’s 200K actually not just 180K (1KecDYadohxk8MCDqKF8SBEMhCUNveAsCj)
Like i said the coins kept breaking till it was spreading (unevenly) across hundreds of addresses and the average balance was ~10 bitcoin each.
Yesterday the coins were reforming again, they are combining and reaching new addresses, holding balance 50 bitcoins each.
Here is the list of 50 addresses of those http://pastebin.com/GrFL6RRf
Here is a list of 209 other addresses http://pastebin.com/tQdFk6jS
The money can and …

Featured, Headline »

[8 Mar 2014 | No Comment | ]
Tracing the huge amount of bitcoin moving around

As the Internet (Specially Reddit) knows; Someone moved 180,000 Bitcoin (Which is currently equivalent to 110 million USD) to the address 1KecDYadohxk8MCDqKF8SBEMhCUNveAsCj (lets call that Address #X)
The money came from 4 addresses:
12HddUDLhRP2F8JjpKYeKaDxxt5wUvx5nq 50,000
16Ls6azc76ixc9Ny7AB5ZPPq6oiEL9XwXy 40,000
1P3S1grZYmcqYDuaEDVDYobJ5Fx85E9fE9 50,000
1cXNTyXj4xPGopfYZNY5xfSM1EPJJvBZV 40,000
Lets track 16Ls6azc76ixc9Ny7AB5ZPPq6oiEL9XwXy and lets call that Address #A
Address #A received 40K from 1U5EGSHJeyZd4AHjcSCVZmcgepgKzB72V in 2011-11-16 05:38:46 and has been there since. lets call that Address #B
In 2011-09-11 Address #B received 100K
50K from 1C4BcavzUshEGv7G6CERikD3ccWe2iWyD9
And 50K from 158jzBkJFZJz8soep4RR1WALnVgvMD1STr
In 2011-11-16 it sent 40K to Address #A
Sent 10K to 1HGoGebkz9Cb66PVEKzofxiifSGU7GZhWb
And with 9 other …

Miscellaneous »

[4 Mar 2014 | 4 Comments | ]

I was playing with PHP (As usual) and i was thinking about date()
It’s a PHP function that displays date in different formats.
According to the documentation: “Unrecognized characters in the format string will be printed as-is.”
So what if i try to insert HTML there as well?
I tried <?php echo date(‘<img src=x onerror=alert(\’XSS\’)>’; ?>
But all characters are accepted in the format so the output was:
<59033 32Tue, 04 Mar 2014 15:59:32 +00002014-03-04T15:59:32+00:00=x 20143UTCTue, 04 Mar 2014 15:59:32 +0000Tue, 04 Mar 2014 15:59:32 +00002014Tue, 04 Mar 2014 15:59:32 +0000=pmTuesdayUTCTue, 04 Mar 2014 15:59:32 +000031(‘Xthth’)>
Obviously …