| RWANDAN | HACKERS |: January 2012

Monday, January 23, 2012

Wikileaks.org hacked By Rwandan Hackers

Wikileaks official website Hacked by Rwandan Hackers.
And as expected they have found a Cross-site request forgery (CSRF) vulnerability in wikileaks website. Rwandan Hackers also submitted the vulnerable link. To know that link click
DEFACE PAGE:http://wikileaks.org/w/index.php?title=hacked by Rwandan hackers&fulltext=HACKED

Saturday, January 21, 2012

HOPE MAGAZINE HACKED BY RWANDAN HACKERS

http://www.hope-mag.com/index.php HACKED BY RWANDAN HACKERS .

ADMIN INFO

Nigeria Gov Website Hacked by Rwandan Hackers

Multiple vulnerability found on www.nphcda.gov.ng and other nigeria gov website,By Rwandan Hackers.there are multiple SQLi vulnerability.
Using the vulnerability an attacker can exploit the entire database and gain illegal access

Other 5 website hacked http://pastebin.com/YqHvCpLx

deface page :http://nphcda.gov.ng/index2.php?s_id=2&page_id=2

Friday, January 20, 2012

Replace Megaupload?

Well girls, we'll stop crying 5 minutes ... There's not that Megaupload in life :-) For us to exchange files (not pirated it, of course ^ ^), we have lots of solutions available. Here is a little review (although opportunistic, I confess ^ ^) Megaupload replacements.

Clones Megaupload

Megaupload is now gone, many of you wrote me to say: "I am perduuuuuuuu". Well, there are really lots of sites that do exactly the same thing as Megaupload. Probably less, sometimes more, and also limit limit if you put the files "eration." Rather than recommend a replacement for Megaupload, I propose a short list of Meta engines that use Google for most allowing you to find what you want on all these strange sites. Oh and while I think your best friend will be in direct download JDownloader.

http://ddlsearch.free.fr/
http://dlseek.free.fr/
http://www.keotag.com/ (very original one)
http://dscargalo.com/
http://www.filestube.com/
http://search.axiomcafe.fr/
http://uprius.com/
http://www.5fox.org/
http://www.buskka.com/
http://www.rsdown.org/
http://www.leechaa.com/
http://www.bioscience.ws/search/sharedfiles/
http://sharedigger.com/
http://rapidsearch.infobind.com/
http://www.daleya.com/

Non-exhaustive list of course, knowing that the largest meta-Engine for direct download is Google. Simply enter quotes part of the download url + keywords. For example, to fire Megaupload, it was:

The newsgroups

Newsgroups, it's fast, it's secure (SSL) but against it is the same as the centralized direct download. In addition, good Usenet are not free. It also requires the installation of software consulting and newsgroups dedicated to downloading files as Sanbzd. The best known service is undoubtedly Giganews newsgroups.

The P2P

Well, you know it all ... This is the best of the best because it's free, it's peer to peer so it is not likely to be cut and it goes fast if there's the seed.

For bittorrent, there is one side software like uTorrent or Transmission and the other sites (very unpopular) as The Pirate Bay or Clear Bits (100% legal). For the network eDonkey, eMule always there but since the arrival of the direct download and shit like Hadopi, the quality of legal content as well as illegal although largely decreased.

After there are lots of different p2p software, tailored to your needs, whether for sharing with family or exchange with max world. And for those who are afraid of being knocked down by the Hadopi nazes home, you have the margin with the first two warnings, then there are always fallback VPN and Proxy that exploded in France with the Hadopi and now relate to their major designers.

USB drives

A former ... what with friends :-)

Conlusion

When I see the dosh that was done Megaupload, I wonder why boxes as Universal and co, do not associate to a legal-like Megaupload with subscription? A kind of direct download from spotify. So they combined the money earned in a traditional way (CD, MP3, Concerts ... etc..) And puffed a big part of the part of the beneficiary that these boxes are all playing on the boundary between file storage and illegal downloading. Same with VOD example.

In short, the ways of the beneficiaries are impenetrable.

Thursday, January 19, 2012

Megaupload inaccessible?

Big surprises tonight, Megaupload, the 13th most visited site in the world has been shut down by the FBI and Kim Dotcom, its founder was accused of violating copyright laws. Megaupload would be accused of causing a loss of over $ 500 million to the beneficiaries due to hosting films and other content made available illegally by clients of Megaupload.

How Megaupload has been closed?

I thought that was not Megaupload hosted in the United States, yet it would seem that some of the staff were there. For info, Megaupload is a company based in Hong Kong. According Erebuss (via Twitter) is Carpathia Hosting company that hosts some of the infrastructure Megaupload and this company is located in Virginia. This is also from Virginia came the complaint. Therefore relatively easy for the FBI to shut down the site (or at least, make it inaccessible temporarily) through Carpathia.

The FBI also seized 18 domain names belonging to the Galaxy Mega.

Who was arrested?

They are seven people and two companies (Megaupload Limited and Limited Vestor) who have been indicted in the United States. In the announcement of the FBI, Megaupload is designated as an international criminal enterprise. All these people risk 20 years in prison. Charged are:

Kim Kim Schmitz aka Dotcom or Jim Kim Tim Vestor, CEO of Megaupload, a resident of Hong Kong which I had reported the interview here.
Batato Finn, director of marketing, based in Germany
Julius Bencko, designer living in Slovakia
Sven Echternach, technical director, living between Germany and Hong Kong
Andrus appointed, a Estionien resident in Turkey and Estonia, which is the lead developer of the Galaxy Mega products.
Bram van der Kolk, alias Bramos, a Dutch living between the Netherlands and New Zealand, which manages all the infrastructure network
They were all arrested in New Zealand today, except Bencko Echternach and who are appointed at large.

What is wrong with Megaupload one?

The charges relate mainly to the failure of U.S. law against piracy. For full details, I recommend reading the pavement of the FBI.

Stats Megaupload

According to the FBI, Megaupload, 150 million was recorded (and me and me and me ...) and 50 million visitors per day.

Is Megaupload return?

I doubt it ... saw that Kim was arrested, it seems over ... You can write off your premium subscription.

Do we go to jail because we made a premium account with Megaupload?

Frankly, I do not think ... Unless they start to build a prison for 150 million people of that side, I think we all will be quiet. So do not worry, I'll keep you posted.

Does it have to be sad?

No ... There are still thousands of sites that do exactly the same thing as Megaupload. Some will be afraid and close in the coming days, but others will take the place of Megaupload fairly quickly.

What would replace Megaupload?

I'll let you look ;-) I have published what is on this site.

Wednesday, January 18, 2012

100 Kenya government websites breached by Indonesian hacker

An Indonesian hacker on Tuesday attacked and defaced more than 100 Kenya government websites Among the ministries affected include the Ministries of Local Government, Livestock, Environment, Fisheries, Housing, and Industrialisation in a major cyber security breach. A Kenyan expert aware of the incident said an Indonesian hacker known as direxer was responsible for the hacking.

The hacker, referred to as Direxer, broke into the sites and defaced them to show that he had managed to access them. Others hacked sites are ministries of Finance, Education, Public Health, Youth Affairs, National Heritage and Roads; as well as sensitive departments such as Administration Police, Immigration, Prisons and various city, municipal and county councils. Check List here.

A Cyber Incidence Response Team (CIRT) based at the Communications Commission of Kenya (CCK) has moved into action and was making efforts to restore the affected websites.The CIRT was formed to handle such situations and ensures Kenya's security in cyber space. Officials at the commission said the experts had located the hacker who appears to have a website at http://www.direxer.com/

According to a post on Hacker's Website,He is part of an online Indonesian security forum known as Forum Code Security and says he took down the websites following tutorials from the forum.Such tutorials usually exploit programming errors in code, known as bugs, which have not been fixed.

On his site the hacker said, "and I will carry out attacks on other servers if the Government is still neglecting security. My Security Code on behalf of Indonesia, Security is a necessity."

Saturday, January 14, 2012

Multiple vulnerability found in University of Ghana's website

Multiple vulnerability found in University of Ghana's website By Rwandan Hackers. According to him there are non-persistence XSS vulnerability and also SQL-i vulnerability.

Vulnerable Website:-
http://www.ug.edu.gh/

Vulnerable link xss :CLICK HERE

Rwandan hackers are also exposed the Database including Admin credentials (User Name & Password Hash) and other users login details.

Database :-
http://pastebin.com/Guqefc4j

URL redirection Vulnerability in Google & Facebook

An open redirect is a vulnerability that exists when a script allows redirectionto an external site by directly calling a specific URL in an unfiltered,unmanaged fashion, which could be used to redirect victims to unintended,malicious web sites. A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect.

A similar vulnerability is reported in Google by "Ucha Gobejishvili ( longrifle0x )". This problem may assist an attacker to conduct phishing attacks, trojan distribution, spammers.
Url: https://accounts.google.com/o/oauth2/auth?redirect_uri=http://rwandan-hackers.blogspot.com
Same vulnerability in Facebook, Discovered by ZeRtOx from Devitel group:
http://www.facebook.com/l.php?h=5AQH8ROsPAQEOTSTw7sgoW1LhviRUBr6iFCcj4C8YmUcC8A&u=http://rwandan-hackers.blogspot.com

Impact of Vulnerability :
The user may be redirected to an untrusted page that contains malware which may then compromise the user's machine. This will expose the user to extensive risk and the user's interaction with the web server may also be compromised if the malware conducts keylogging or other attacks that steal credentials, personally identifiable information (PII), or other important data.
The user may be subjected to phishing attacks by being redirected to an untrusted page. The phishing attack may point to an attacker controlled web page that appears to be a trusted web site. The phishers may then steal the user's credentials and then use these credentials to access the legitimate web site.

Sunday, January 8, 2012

SQL Vulnerability Found on Facebook Application

Rwandan hacker found SQL-i vulnerability on Facebook applications
Details of hacking:

Database : adminclt_testsite

Database User : adminclt_13@209.68.2.10

MySQL Version : 5.0.67-log

1) AdCode

2) AdTrack

3) Admin_DataStore

4) Admin_User

5) Challenges

6) ChallengesCompleted

7) Comments

8) ContactEmails

9) Content

10) ContentImages

11) FeaturedTemplate

12) FeaturedWidgets

13) Feeds

14) FolderLinks

15) Folders

16) ForumTopics

17) Log

18) LogDumps

19) Newswire

20) NotificationMessages

21) Notifications

22) Orders

23) OutboundMessages

24) Photos

25) Prizes

26) RawExtLinks

27) RawSessions

28) SessionLengths

29) Sites

30) Subscriptions

31) SurveyMonkeys

32) SystemStatus

33) Templates

34) User

35) UserBlogs

36) UserCollectives

37) UserInfo

38) UserInvites

39) Videos

40) WeeklyScores

41) Widgets

42) cronJobs

43) fbSessions

Admin_User

1) id

2) name

3) email

4) password

5) userid

6) ncUid

7) level

User

1) userid

2) ncUid

3) name

4) email

5) isAdmin

6) isBlocked

7) votePower

8) remoteStatus

9) isMember

10) isModerator

11) isSponsor

12) isEmailVerified

13) isResearcher

14) acceptRules

15) optInStudy

16) optInEmail

17) optInProfile

18) optInFeed

19) optInSMS

20) dateRegistered

21) eligibility

22) cachedPointTotal

23) cachedPointsEarned

24) cachedPointsEarnedThisWeek

25) cachedPointsEarnedLastWeek

26) cachedStoriesPosted

27) cachedCommentsPosted

28) userLevel

Sunday, January 1, 2012

www.izuba.org.rw database compromised by Rwandan Hackers

Rwandan Hackers found multiple vulnerability on izuba.org.rw.The database has been hacked and exposed by Rwandan hackers
on pastebin.
Database link: http://pastebin.com/xKrumw7z

ABOUT ME

Name : Cyuzuzo A.

Sex : Male

Relationship Status : Single

Age:16 years old

Nationality: Rwandese

Languages : PHP, Asp, SQL, HTML, Java, perl, HTML/kinyarwanda/Francais/English/

Activities : Information technology, Twitter, Hacker,Facebooking, Blogging

Some less known facts About me:
• Single Digit Addition and subtraction
• Knowledge of alphabets from A- Z
Both In Caps And Smalls
• If you provoke me..I could probably count upto Ten
• Special knowledge of the "F" word.
• Can also sing the national anthem
• I m Allergic 2 Studies of all kinds.
• I hate Flirty Girls.
• I drink equal quantity of pepsi and water in a day