Search This Blog

Friday, July 06, 2012

Google Chrome Your profile cannot be opened correctly

There had been a recent error affecting quite some users on Chrome, after a upgrade. It seems that the user web data is corrupted or not readable by the new Chrome. While its ok to just click ok and go on, each time you relaunch this, it will happen. I finally found the solution and its nothing more than just deleting a file away.

Solution:
1. Close Chrome
2. Go to %LOCALAPPDATA%\Google\Chrome\User Data\Default
3. Delete the file "Web Data"

That's all. Just relaunch Chrome and its solved.

Wednesday, June 06, 2012

A little update about myself

I know I had not been updating my blog much and probably quite disappointing to my loyal followers as a results. Most of my updated had been placed on Facebook, but that I notice is only for limited amount of people I know. So I will actively try to come back to Blogger and post my articles here.

Recently I had gotten several hardware and had immerse myself deeping in the world of Android (hacking). I have a few phones on GB, ICS from WildFire S to Galaxy S2, several tablets from Nook Tablet to Gemei G9. In short, plenty of room to play with experimental Android stuff. I had also gotten myself lots of chance to try out patching and flashing with Odin, Zerg rush etc and custom ROM had really open my eyes to many things. I will find some chance to post some steps on some of the steps I took. Probably fun.

I also went deeper into Android hacking about masking IMEI, IMSI etc All these I probably will be talking about it in the near future about using specific software and even rom patching to archive. All these can have many uses in term of gaming, overcoming software limitations or maybe it's just simply privacy.

In any case, I wanted to say is that, Thanks for not giving up on my blog yet. I'll back!

Wednesday, March 21, 2012

Empty Recycle Bin at Logoff and Shutdown on Windows XP

I had been looking for a simple solution for legacy systems (Windows XP) to perform a simply empty recycle bin during a shutdown and even better if it can be integrated into a logoff. To my surprise there were tons of requests for years and nobody gave a solution properly which does not require any 3rd party tools.

Most of the users suggest to turn off Recycle bin totally, but it can save lives sometimes, so that not what we want. Secondly, if we need to install a tool, we are just expanding our exposure to risk since the tool may have vulnerability and who knows what it can do when run as SYSTEM during a shutdown.

I found the simplest solution is to make use of Microsoft's built in shutdown and logoff script function:

Shutdown scripts:
https://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/gptext_assigncomputershutdownscripts.mspx?mfr=true
Logoff scripts:
https://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/gptext_logoffscripts.mspx?mfr=true

However, do take note that Shutdown scripts are run as SYSTEM and logoff scripts are run as the user logging off.

A simple "Empty the Recycle Bin" scripts using just batch file:

ATTRIB %systemdrive%\RECYCLER\* -R -S -H /S /D
DEL %systemdrive%\RECYCLER\* /F /S /Q
RD %systemdrive%\RECYCLER /S /Q

It's 3 lines to make sure it deletes and finish the job. Just copy and paste into a batch file which is your logoff / shutdown script.

There we have it. A simple and do-no-need-3rd-party solution. I hope you will find it useful.

Tuesday, March 20, 2012

Reverse Bruteforcing of Accounts

I may had talked about this in the past somewhere, not sure if its here, but in any case, this still works even today and there is no harm mentioning it again.

Given a black box system for pentest, you know there are some minimum security set in:

  • There is a lockout for X retries (usually not 65535...)
  • There are a large amount of user (easily deduced from company size)
  • The users are lazy and like to choose easy passwords (always a given. Even if there is password limit, it will still be simple passwords like P@ssword123 or qwerty12345 which passed the password requirement)

Point 3 is where we would base this attack on. In order to show them how bad their passwords are, we probably need to crack some majority of it and bruteforcing is required unless we can dump the hashes (in Windows) or offline crack their salted password (from Linux). Traditionally, bruteforce will choose a useraname (example admin) and try to guess the password (admin, password, admin123, iamgod...) and before you know it, the account is locked (Shit! damn...). See point 1 above.

So, lets think out of the box. How many user would use lets say the password "password" (if its allowed by the password policy). Probably a lot. That's why I am going to introduce another to bruteforce such a system. This is what I call Reverse Bruteforcing. Instead of using a username and bruteforcing the password, we choose a password and bruteforce the username instead. Of course, in some case, we might even have the username (from the emails servers, or client contact list etc). But in the worst case, this will work.

So, we would go:

"password" - user1, user2, user3 etc...

This will not lock out the accounts as quickly as traditional bruteforcing, but it will eventually depending on how they set it up. If its time based (x attempts in x mins), then by spacing out the bruteforce, we might actually overcome it totally. Go online and get a list of commonly used password and mix in some variation with the company's name, slogan etc and you have a good list to start with.

Actually in some of my previous pentests, this methods proves to be quite effective and can be easily automated and while it run, you can proceed with your Metasploit or other attacks. Its a quick win any day! (P.S. My best win is root, root without locking the account up :P)


Sunday, March 18, 2012

CM9 for Nook Tablet First Alpha

The first Alpha for Nook Tablet CM9 is out. However as stated being an alpha, not everything works and the hardware video decoding is of course still unfixed. However, if you feel that you want to have a shot at how CM9 looks like, go ahead and grab the binaries from xda-developers:
http://forum.xda-developers.com/showthread.php?t=1534192


Saturday, March 10, 2012

Download Adobe Photoshop Lightroom 4

Since Lightroom 4 had been out there are many good reviews all over the net, so I will not repeat them. But I found out that I actually have a problem downloading the trial version to see for myself. After some minutes of debugging, I realized that the Coldfusion download server used by Adobe does not seems to be Chrome friendly.

The links are here:
http://trials2.adobe.com/AdobeProducts/LTRM/4/win32/Lightroom_4_LS11.exe
http://trials3.adobe.com/AdobeProducts/LTRM/4/win32/Lightroom_4_LS11.exe

So, I have to fire up the trusty IE (its not bad, just not my choice of browser). And all a sudden it starts to download the 718MB trial happily.

Well this is just an update for anyone who has similar issue with the download.
Do drop a comment here (for encouragement) if this post helps you!

Tuesday, February 28, 2012

Attended World Premiere of John Carter

I do not usually blog about movies nowadays much because I hardly attended any. However, recently, I was somehow lucky enough to get hold of tickets to the World Premiere of John Carter, based on novels which was written say, yes exactly 1 century ago by Edgar Rice Burroughs. When I first viewed the trailer, I was amazed and I thought avatar kinda ripped it off this movie since it was created 100 years ago. However, I must say I was kind of disappointed when I saw the Disney label on it because basically it would say : "No blood, no  extreme violence and definitely no sex!" Well I can't say I was totally disappointed with the Pirates of the Caribbeans, so maybe I should give it a chance.

To be honest, this was not the first movie based on the first book "A Princess from Mars". In fact in 2009, there was a STV movie made with the same title, which obviously flopped, gaining a 3.2 / 10 on IMdb. I was fortunate enough not to have watched that. I had not read any of the books too, so this movie is a fresh start for me.

Firstly, I must say, I am impressed with the 3D. It had came so far and in this movie, its not just cosmetics. The 3D effects actually tries to put the user into the world by feeling it. The story line is kinda old, but what would you expect from a 100 years old tale. However, you can see how this old story could had brought about others like Narnia, Stars Wars and Avatar. The creature created are not anything we had not seen before, but there are believable and some more cute than others. But I guess in the end, the leads had put in good effort into their characters and it eventually plays out well in the whole.

I really enjoyed the show and look forward to a sequel soon.


Thursday, February 23, 2012

Goodbye Bullguard, Hello Bitdefender

One of the main Internet Security Suite I had been using is Bullguard Internet Security ( www.bullguard.com ). It may not had been the BEST and most accurate detector in the market, but it certainly had done its job protecting me when I somehow miss a click and allowed something to run. Bullguard is backed with Outpost's firewall and Bitdefender's AV engine, which in my opinion is one of the BEST in the market. Bullguard had its glory, claiming VB100 awards (http://www.bullguard.com/news/latest-press-releases/press-release-archive/24-06-2011.aspx) and what is most important is that it is user friendly. There aren't millions of click allows like some other AV suite such as Kaspersky or Qihun 360 which basically made the product totally unusable since I will be spending most of my time clicking "Yes, Allow, Remember (PLEASE!)".

But sad to say, my subscription is coming to an end soon and I am in the process to reacquire another AV product for my mainstream machines. I do not mind going again with Bullguard, but since the Windows Home Server 2011 issue, it had basically crippled all my PC Backups.


After some research, I decided to go with Bitdefender for a while since it was the same engine. just directly from the original AV company now. Moreover, the 2011 version had gotten really lots of good review. However, since I will be using the latest version, I will be using the 2012. Well, I will be posting some review of my own soon.

Wednesday, January 04, 2012

Where is my shell - Ubuntu 11.10

I know this is late, but I had been real busy in the past month over things which matters and does not matters. Eventually, I even missed to download and install Ubuntu 11.10 when it was out in Oct... But its better late than never since 12.04 is in alpha1 only and will only be available in April 2012.

The first thing I saw after a reboot as a culture shock.


The familiar top menu is gone and how do I start a shell? I tried right clicking and look for it on the top right, but its not there...

Well thats the good part about installing this late, but other people had done it and had wrote up documents on how-to do this and that. It seems that the terminal is not hidden inside the DASH icon.

http://complete-concrete-concise.com/ubuntu-2/ubuntu-11-10-how-to-get-a-command-line-shell-or-terminal

Anyway, this is the new desktop interface call Unity. At the first look, I like the new Ubuntu 11.10. Its about time Linux gets it right.

Amazon Gift Cards!

Thanks for viewing!

Copyright © 2008 nemesisv.blogspot.com, All rights reserved.