Monday 30 September 2013

Convert Batch file to Exe and Make it Hidden when Executed

Ever wonder how to hide the executable once it has been double clicked? 


One of the naughty things that i like to do upon creating a batch file is to convert it to a dot exe as i dont want people to easily see the script i created simply by right clicking on the .bat file and open with notepad. No No! I need to find a way to convert it to something that normal users even some IT professional will have a hard time reverse engineering the exe application to see the script within. 

I found a great application called "Advance BAT to EXE Converter Pro" that did the neat trick for me.


But hold on, there are two more awesome things you can do with this application. One of it is the ability to change the icon of the exe to your desired icon!!!


Another ability which is also my fave is the ability to be invisible once executed! But here's the catch. In order for you to have this option, you need to purchase the license first. Sounds fair. 


Overall i think its worth the money you spent on this application. There are many more abilities this application can do. You just have to explore it to believe it....




Friday 27 September 2013

Breaking the Schneier's 'Code'

Well its not exactly a code but if one thinks too much, they will never solve this so-called 'equation'... So here's the 'code'


OHOE
OEYN
KBTJ

i have no idea what i was looking at until someone posted a hint: 'The answer is staring right in front of you' and with that little movement of the page or my eyes, i solved it.... Can you?

Friday 20 September 2013

Symantec Cyber Readiness Challenge - First in Asia (Singapore)

BT got second place in the Symantec Cyber Readiness Challenge- CTF Hacking Competition!



The CTF competition was not something we expected. Before that day, we spent countless nights familiarizing ourselves with Kali and BackTrack and focusing solely on the Network hacking. Of course, we performed our recon in finding out more about similar CTFs by other organizers in the past such as from DEFCon, HITB, Black Hat and read what sort of challenges await us.

So when we arrived, we were quite shocked to see players from big named companies and also from the Big Four joining which made us humble seeing their presence but then again... hackers constantly challenge one another and thats when the fun started!

As a rule of thumb, we cant expose the content of the competition but for those who are joining the Symantec CRC competition, better get yourselves prepared with Web, Network and Database pentest. Be good with the tools used such as Metasploit and NMAP.

It was a full 4 hrs competition that made us exhausted at the end of the hour. Unfortunately, there were also hiccups during the competition and as a personal advice: better use your own dongle rather than using the available made Wifi or LAN network.

We also experienced unethical hackers during capturing the flag. One of the rules is to NOT CHANGE anything that will not allow other players to compete and one of the teams were literally changing the passwords of the accounts they cracked which if reported could be disqualified. There were some tug of war to control the system each one kicking a session from one another.

It was tough but eventually we nailed it. We got second spot and the winner got a Flag more than us! Damn it! But all in all, this was indeed a fun competition that allowed us to hack/crack/pentest a real world scenario...


The BT Team


The Banner

Another huge Banner 

WE ARE THE second placed WINNER! 

The Trophy 

The Team-Up 

Saturday 14 September 2013

Compiling Word Lists in Linux

In this post, i will share with you how to compile all the text documents into one huge big list.

Say you have downloaded many txt files from the internet/torrent. And you have something like this >



Before we perform the compilation, make sure you place all the text files into a single directory and remove the empty folders.

Once done, copy the folder (which contained all the txt files) to a Linux.

Apply the following commands:

1) #cd /root/Desktop/Wordlist          --------> Cd into your folder that contains the text files
2) #cat *.* > /root/Desktop/Wordlist/Biglist.txt   -------> This will compile all the txt files into one huge list
3)#cat Biglist.txt | sort | uniq > Biglist2.txt      ----------> This will sort it and remove duplicates

Thursday 12 September 2013

After 5 years: Finally Graduated!

After 5 years of studying part time while working during the day, the reward is finally here!!! What a journey it has been!




Tuesday 3 September 2013

SANS542 GWAPT CTF - WON!!!

So after an intensive theory/practical classes, the 6th day is where the knowledge starts to apply! CTF! The reward: a limited edition SANS medal coin! The medal is only given to those who managed to win the Capture the Flag competition and yes, it is a big deal to bring back a glory for the team and company after spending so much for the training in Bangkok, Thailand.

It wasn't an easy competition. The flags were to Social Security Numbers, Addresses, Bank Accounts and its balances. We had to think outside of the box to capture a flag like for example, after using Nikto, we found ourselves staring blank at the result until one of us viewed the source code of the results and PING! we found a flag!

It wasn't easy to be honest, and while i tried to use commercial tools to cheat my way to win, eventually, it couldn't find anything. Tools that were used during the CTF were

1) NMAP
2) CEWL
3) Burpsuite (lots and lots of it)
4) Nikto
5) Your creativity

It was a great team effort and we finally pulled it off! Got all 3 flags. And well, here it is:

SANS Thailand 2013
Web App Penetration Testing and Ethical Hacking (SEC542)
August 26-31.2013
Bangkok

My team mate and my laptop...


This is my first time winning a Capture the Flag event and looking forward to more such competitions in the future.