July | 2006 | Talha Bin Tariq

July 2006
M	T	W	T	F	S	S
« Jun		Aug »
	1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30
31

Archive for July, 2006

file hunting with Google

Posted: July 31, 2006 in Google, Random Writings, Security, Web Security

Im my last weeks blog i mentioned about google indexing binary files and some tricks for searching malware. Playing around with different queries on google i realized how large the count is for open directory browsing enabled servers. By default on apache based servers if the Option directive in directory tag is not set to none or index the webserver is completely browsable. Many free hosting services and pernonal site servers also keep it enabled by default.

I started of with searching for some not-publicly-available softwares and encouraged by the results modified the searches for some mp3′s as well.

A simple query:

intitle:”index of” +”last modified” +”parent directory” +description +size +(wma | mp3) ArtistName SongName

got me to numerous sites that hosted the songs i needed. You can also modify the file extensions to any kind of files you want and precise your search by adding more extensions in the OR list in brackets.

For more adventerous the same trick works for IIS as well :).

Blogged with Flock.

Malware hunting with Google

Posted: July 30, 2006 in Google, Malware, Security, Web Security

There have been a few blogs out there on the subject of Google indexing not only PDFs and Docs, but executable files as well. A simple query for “Signature: 00004550” results in 192,000 (if Google’s count is accurate) links to executable files. The reason this search works is because when Google indexes the executable file, it parses the Portabe Executable (PE) file format of the windows executable. One of the things that is extracted from the PE file is the signature “4550″, the NT signature, present in all valid win32 PE files. if you look at the cache, you’ll see something like this:

WINDOWS EXECUTABLE
32bit for Windows 95 and Windows NT
Technical File Information:
Image File Header
Signature: 00004550
Machine: Intel 386
Number of Sections: 0003
Time Date Stamp: 3b7dc821
Symbols Pointer: 00000000

You can even many find innocent-looking sites that redirect to EXE files with spyware.

What’s interesting is that the results have addresses that make you think there’s nothing wrong with them (like for instance : http://www.crcdatatech.com/help/), they don’t have an EXE extension and when you go to the site you’re prompted to download the file. And if you click “run” instead of “save” or “cancel”, ahh, be prepare for the worst.

HDM (Metasploit) went on his own and developed a Malware search engine and he’s generous enough to release the code as well. You just have to type the name of a virus and you can find the queries that produce malware as search results. Some examples: MyDoom, Klez, BadTrans and other worms and trojans. He used some very well written Ruby scripts and Google API to search for almost 300 malware signatures. More info on his tool can be found here.

Blogged with Flock

Vista Screenshots

Posted: July 26, 2006 in My Grafix, Random Writings

I’ve uploaded some more screenshots at flickr. You can check them out here:

eEye Security Research Tools

Posted: July 26, 2006 in Codes & Utilities, Malware, Reverse Engineering, Security, Web Security

An excellent resource for security research tools:

http://research.eeye.com/html/tools/

Blogged with Flock

Vista Login Screenshot

Posted: July 25, 2006 in My Grafix

I installed the Vista Community Technlogy Preview today. Wanted to share my first looks at vista. Below is the login screen. A larger version can be found here:

Why Me ?

Posted: July 24, 2006 in Random Writings

Arthur Ashe, the legendary Wimbledon tennis player was dying of AIDS which he got due to infected blood he received during a heart surgery in 1983. From world over, he received letters from his fans, one of which conveyed: “Why does GOD have to select you for such a bad disease”?

To this Arthur Ashe replied: The world over — 50 million children start playing tennis, 5 million learn to play tennis, 500,000 learn professional tennis, 50,000 come to the circuit, 5000 reach the grand slam, 50 reach Wimbledon, 4 to semi final, 2 to the finals. When I was holding the trophy I never asked GOD: “Why me?”. So today in pain, I should not be asking GOD: “Why me?”