WhatsApp XSS

I thought of adding this app to my blackberry when I came through this . Similar XSS were reported early by some hackers but I dont think they were taken into account. Hope it gets fixed soon.

Update : They patched it the very next day of the date of publish of this post, i.e April 16, 2013

Recovering Browser stored credentials from Hard Drive Backup

If you use “Remember password” facility provided by your browser then this post is seriously going to disturb you. Suppose we have a compressed backup of a hard drive :


gr00ve_hack3r@Magnum-Opus:/tmp/exp# file userpart.gz.dd
userpart.gz.dd: gzip compressed data, from Unix, last modified: Thu Oct 7 09:11:26 2010

gr00ve_hack3r@Magnum-Opus:/tmp/exp# mv userpart.gz.dd userpart.dd.gz
gr00ve_hack3r@Magnum-Opus:/tmp/exp# gunzip userpart.dd.gz
gr00ve_hack3r@Magnum-Opus:/tmp/exp# ls -l
total 48129
-rwxrw-rw- 1 root root 49283072 2013-03-28 10:39 userpart.dd

gr00ve_hack3r@Magnum-Opus:/tmp/exp# file userpart.dd
userpart.dd: Linux rev 1.0 ext3 filesystem data, UUID=4a6b1170-0250-4b03-96b7-22dd7b432002 (needs journal recovery)

gr00ve_hack3r@Magnum-Opus:/tmp/exp# mount -o loop userpart.dd mount_here/
gr00ve_hack3r@Magnum-Opus:/tmp/exp# ls -l mount_here/
total 13
drwxr-xr-x 26 postgres postgres 1024 2010-10-07 09:01 hacker
drwx------ 2 root root 12288 2010-10-07 05:03 lost+found

gr00ve_hack3r@Magnum-Opus:/tmp/exp# cd mount_here/hacker/
gr00ve_hack3r@Magnum-Opus:/tmp/exp/mount_here/hacker# ls
Desktop Documents Downloads examples.desktop Music Pictures Public Templates Videos

gr00ve_hack3r@Magnum-Opus:/tmp/exp/mount_here/hacker# ls -la
total 66

.                 .gconf           Public
..                .gconfd          .pulse
.bash_history     .gnome2          .pulse-cookie
.bash_logout      .gnome2_private  .sudo_as_admin_successful
.bashrc           .gtk-bookmarks   Templates
.cache            .gvfs            .themes
.config           .ICEauthority    .thumbnails
.dbus             .icons           .update-notifier
Desktop           .local           .vboxclient-clipboard.pid
.dmrc             .mozilla         .vboxclient-display.pid
Documents         Music            .vboxclient-seamless.pid
Downloads         .nautilus        Videos
.esd_auth         Pictures         .xsession-errors
examples.desktop  .profile         .xsession-errors.old

gr00ve_hack3r@Magnum-Opus:/tmp/exp/mount_here/hacker# cd .mozilla/

gr00ve_hack3r@Magnum-Opus:/tmp/exp/mount_here/hacker/.mozilla# ls
extensions firefox

gr00ve_hack3r@Magnum-Opus:/tmp/exp/mount_here/hacker/.mozilla# cd firefox/
gr00ve_hack3r@Magnum-Opus:/tmp/exp/mount_here/hacker/.mozilla/firefox# ls
42zgnxx7.default profiles.ini

gr00ve_hack3r@Magnum-Opus:/tmp/exp/mount_here/hacker/.mozilla/firefox# cd 42zgnxx7.default/
gr00ve_hack3r@Magnum-Opus:/tmp/exp/mount_here/hacker/.mozilla/firefox/42zgnxx7.default# ls

bookmarkbackups         extensions.cache       pluginreg.dat
bookmarks.html          extensions.ini         prefs.js
Cache                   extensions.rdf         search.json
cert8.db                formhistory.sqlite     search.sqlite
chrome                  key3.db                secmod.db
compatibility.ini       localstore.rdf         signons.sqlite
compreg.dat             lock                   urlclassifier3.sqlite
content-prefs.sqlite    mimeTypes.rdf          urlclassifierkey3.txt
cookies.sqlite          OfflineCache           webappsstore.sqlite
cookies.sqlite-journal  permissions.sqlite     XPC.mfasl
downloads.sqlite        places.sqlite          xpti.dat
extensions              places.sqlite-journal  XUL.mfasl

signons.sqlite and key3.db are two files that we need specifically for this purpose. Now you can easily crack the encrypted information as you have your hands on Cipher Text and Key .