In Easter holidays I made a small trip to “Neumarkt in der Oberpfalz” to visit my friends there. We are playing an online game together and I would like to meet them to chat about our lives or something about this game. They are working in small asia restaurant there. Neumarkt in der Oberpfalz is the capital of the Neumarkt district in the administrative region of the Upper Palatinate, in Bavaria, Germany. With a population of about 40,000, Neumarkt is the seat of various projects, and acts as the economic and cultural center of the western Upper Palatinate, along with Nürnberg, Ingolstadt, and Regensburg (Wikipedia).
My friends warned me that Neumarkt is pretty small but I didn’t believe them. There must be something to see. Therefore I took an early train to have more time to visit this town. They picked me up at the train station, we made a small talk, took some photos and I started my trip around Neumarkt. However it’s a pretty small town, it takes me only about an hour and little more to take a look of all sightseeings of this town. Nothing special there, some churchs, museum… At the day when I came to this town, the museum was not opened therefore I could not enter and see what there are in this museum. Below is the map of Neumarkt with some important locations, you can see there is a “spine” street goes through Neumarkt. Go along this street, then turn left or right, you can visit all of sightseeings.
It was a beautiful sunny day therefore I decided to buy Döner Kebap ( an art of turkish bread with lamb meat), one beer and enjoyed my lunch at a garden. Go green and relax myself. After lunch I finished my round trip, see my friends again, chatted for a little time and I left Neumarkt with a hot fried Peking duck as a gift from them. ^_^ . It’s delicious.
It’s pity that Neumarkt is not big enough to stay longer. However at least I go out of Munich, go green and relax myself. There some photos I would like to share in slide show below. Hope you’ll like it.
Some days ago, I heard about a Root CA was attacked and some CAs was faked up which leads to a serious security vulnerabilities that internet users lose their sensible data although they used https:// for communicating to web server. This issue made me think about a case study that “What would happen if a Root CA was controlled by a government ? Will I be attacked by Man-In-The-Middle in https:// ? Can I protect myself from being attacked like that ? Is SSL really secure at all ?”. So I try myself to find the answers for these questions and think that it can be interesting for you.
A normal user may be does not know anything about https:// or HTTP Secure, for example my wife says simply there is one more “s” in compare to http:// and that’s all. My friend says it’s address of website. We must enter correctly with the “s” at the end otherwise we’ll be prompted for wrong URL. They are perfect, innocent answers, aren’t they? As advanced users, we all know that there is a term of “Man-In-The-Middle” attack in which an attacker acts as a repeater and sniffs all transferred data between user and web server. So if we send and receive data in clear text, he can read our sensible data (username, password) and what he would do with this data, only God knows. Therefore a requirement as well as a solution for encrypting data before sending out of internet world was born, that is HTTP Secure.
Continue reading Hacking – Is SSL really secure with Root CA ?
Hacking WEP Password is not a new topic anymore since aircrack was first released in 2006. This software suite consists of many tools for detecting, analyzing, monitoring network, sniffing packing and hacking WEP / WPA (Dictionary attack) password. It only supports protocol 802.11x Wireless and network adapter with allows raw monitoring mode (a example list of this type of adapter you can find at following link http://www.aircrack-ng.org/doku.php?id=compatibility_drivers#list_of_compatible_adapters).
Monitor mode is one of 6 modes which a 802.11 wireless card can operate in: Ad-hoc, Master (acting as access point) , Mesh, Monitor, Repeater. Unlike promiscuous mode, which is also used for packet sniffing and can be used on both wired and wireless networks, monitor mode allows packets to be captured without having to associate with an access point or ad-hoc network first and only applies to wireless networks. Therefore be careful when choosing network adapter, you must choose the correct one which stands on the support list otherwise you can not sniff packet from victim network. When I mean “correct”, I mean that it must be exactly same as stated in list. In my demo, I’ll use the USB Wireless Network Adapter “Netgear Wg111v2” which costs about 6 Euro on Ebay. You can find the version of this series on the side of USB stick like the image below.
Continue reading Hacking – How to hack WEP Password with BackTrack ?
When I was wandering on HVA, I found a thread introducing a guessing game which I discussed on this blog Rx and permutation. If you want to play, you can try it here http://jotto.ciphertechs.com/ . From my side, after 14 times trying to brute force the characters of password, I found out they are “a”, “j”, “m”, “o”, “r” as image below
After calculating all permutations, I found the meaningful permutation is “major” and was greeted with message “Congratulations – you guessed major in 15 attempts” . I look accidentally on the URL of this page http://jotto.ciphertechs.com/cgi-bin/jotto2.pl and saw that the game was written in Perl and a bad thought passed through my head to hack this game to get a better result.
Continue reading Hacking – How to hack Jotto Ciphertechs game?