Saturday, December 21, 2013

Adding Custom Contact Form to WordPress


First of everything I am very sorry that I didn't update the website for a long time. I was really busy with my academic researches. Now  I am more free and try to update the website more regularly.

Today post is regarding adding a custom contact form to wordpress blog script. Sooner one of my customers ask me that we need a website on core of wordpress and moreover we need a custom form which should email the details of the form, when the submit button pressed.

For adding a custom form which be able to email the form data to a specific recipient (webmaster), we have to do the following steps:


  1. First I suggest to do this experiment in your local host, after a successful result you can apply it to your host. 
  2. Go to your current template path. In my case it is : "\wp-content\themes\twentythirteen".
  3. Make a new PHP file and rename it to "custom-form.php".
  4. Create a folder and rename it to "form-files".

Monday, August 26, 2013

root25.com 1st Birthday


Today 26. August is the first birthday of root25.com website. Even during this past year I was busy with my studies , but I try my best to maintain the website with good content and answer visitors.
I would like to say THANK YOU to all fans which support root25 during this past year.
Lately I start a new track in the website and its "free online information security classes" which already started on 5th of August. These classes started from beginner level and will continue to professional security and penetration classes. I try to post valuable and unique content which help us improve the traffic of website as well.  I hope you will be happy with the site and support us by sharing and spreading the name of "root25.com".
Now I would like to share some statistic related to root25 for our dear fans and followers. 

root25 Google + profile got 1,186 followers.
root25 Twitter profile got 1,185 followers.
root25 Facebook profile got 774 fans.
root25 Stumbleupon profile got 129 followers.

root25.com visitors
root25.com Visitors
root25.com visitors map overlay
root25.com Visitors map overlay.
root25.com visitors countries
root25.com Visitors countries
root25.com visitors browser technology
root25.com Visitors browser technology


Saturday, August 10, 2013

Wednesday, August 7, 2013

Sunday, July 21, 2013

HackInTheBox 2013 Security Conference

HITBSecConf2013 - Kuala Lumpur, Malaysia

14-17 October 2013, InterContinental, Kuala Lumpur
HITBSecConf2013 – Malaysia takes place from the 14th till the 17th of October 2013 at the InterContinental Hotel, Kuala Lumpur

The conference itself is in two days on 16th and 17th including lab sessions. However there are some hands on training on 14th and 15th. Until now the keynote speakers for the conference are Andy Ellis (Chief Security Officer, Akamai) and Joe Sullivan (Chief Security Officer, Facebook) and other speakers will be announced soon by HITB.
Actually I found this as a good chance to meet other people in the same field (Security). I'm pretty sure that this conference will be beneficial for expanding my knowledge in security. The price for student is also affordable. The ticket price for STUDENTS for two day conference (Early bird - before 25 July) is only 229RM . for more information about ticketing and other fees please refer to their official website: http://conference.hitb.org/hitbsecconf2013kul/

Hope to see you there.

Tuesday, June 11, 2013

How Hackers steal your usernames/passwords by Phishing attack?

Beware of "facebookmail.com" domain. Its a phishing site.

Be careful with emails that you receive from "FacebookMail.com", these mails probably are Phishing attack and they trying to steal your passwords and credentials. However this domain is belong to FACEBOOK company but people rarely use it for inviting their friends. If you try to invite your friend from this section https://www.facebook.com/invite.php it will send an email to your friend from FacebookMail.com. But the point is this service rarely use by users, However Hackers use this address to send Phishing email to victims.
Phishing is refer to a type of cyber attack which attacker try to steal username,passwords and credit card information by masquerading as a trustworthy entity in  the communication. The most common technique for Phishing is the use of FAKE PAGES. For example the attacker open facebook.com and download the login page and change the path that login form is pointing to, to their own address. Afterward they will upload this fake page on a their own host with a domain name similar to the legitimate site domain. The last step is to convince the victim to come to this fake website and enter his user/pass/cc details and all these information will send to the attacker.
Here are some examples of similar domains (They are not real-Just for Example):
facebook.com (Legit) ->  faceb00k.com (malicious)
twitter.com(Legit) -> tvviter.com(malicious)
&...
Most of the time attacker will use email for inviting the victim to the fake page. For example they send an email to the victim that contains a message from twitter and its saying "Hey you hear about the gossip your mentioned in? it started some serious drama, it fired up a lot of people on here http://bit.ly/.... "  This will raise the curiosity of the victim and make him/her to click on the malicious link, next he/she will see a page look a like twitter login and will not pay enough attention to the address bar. However this is a fake page, and after he/she enter his/her user/pass will redirect to legitimate site (But his/her user/pass will be send to the attacker).

It is few days that I'm receiving a phishing email from "blahblahblah@facebookmail.com". This is a similar domain to facebook.com and attacker by using this domain try to fool the victim that user think this mail is one of sub services of Facebook.com however this email is coming from hacker and her just change the From address to Facebook email address.
Facebook Phishing email request example


The funny fact is that I don't have any Facebook account using this email , And this make me suspicious that this might be a phishing attack. Another important

Tuesday, May 28, 2013

How to Reset Windows Password

Windows login screen

If you forgot your Windows log on password , Do Not worry anymore! There is no need to re install windows. Today I'm gonna introduce a tool which easily can reset the login password of your windows and you can get in to your windows without any trouble.

Basically this tools is an ISO image that you have to write it on a CD/DVD  which is contains a Linux bootloader and a Linux tools that allow you to have access to the windows SAM file. Windows store all login username password in the SAM file.

This tool is very powerful here are some of its abilities:
  • This tool will show you the list of available users in the windows and their privileges  (Administrator / Normal User)
  • Disable / Reset any specific user, password.
  • Change the password to a new password without knowing the previous one.
  • Change the privilege level of a user to administrator.


"ALL MATERIAL IN THIS TUTORIAL ARE ONLY FOR LEARNING PURPOSE, WE ARE NOT RESPONSIBLE FOR ANY MISUSE "

"PLEASE USE THIS SOFTWARE AT YOUR OWN RISK, AND BE CAREFUL IN RUNNING EACH COMMAND." 



For using this tool you need to have access to a secondary PC for downloading and writing the tool on a DISK (Setp 1-2).
  1. First download the tool from this link: Download
  2. Next write the ISO file using any image burner into a blank CD or DVD. 
  3. Change the setting of your PC Bios to boot from Disk Drive , Save and Exit.

Thursday, May 23, 2013

How to Install Android on Virtual Machine

How to install Android on VMWare

In this video i showed how to install Android on Virtual Machine . For this example i used VMware as my virtual machine.


Monday, April 22, 2013

F-Secure #Hackathon 2013

AmirMohammad Sadeghian, one of the competitor at F-secure #Hackathon2013

Last week F-secure Hackathon took place at F-Secure HQ located at Bangsar , Kuala Lumpur.

They ask us to design an application with use of their API's in 24 hours. During the brainstorming i decided to design a chrome extension that check the safety of URL's that user browse by using the URL Reputation API of F-secure. everything was good but unfortunately i was alone and didn't have any team member so i had to put more time on the project and the final outcome was not that much good that i expected But for F-secure innovation in using API's was really important.

Group picture of competitor at F-secure #Hackathon2013

My Google Chrome extension project abilities:

  • Checking the safety of result of Google web search link (and showing the safety level by a green/orange/red) icon in front of each link.
  • Showing the level of safety of current webpage by a small number between 1 to 5 on the icon of the extension.

Sunday, April 21, 2013

Matlab Program to Watermark/ Extract/ Calc PSNR / Salt Attack (Steganography)




X. Write a Matlab program that received a host image (512x512). Embed an watermark image into host image by using;
i. Embed at 8th bit then check PSNR
ii. Embed at 7th bit then check PSNR
iii. Embed at 6th bit then check PSNR
iv. Embed at 5th bit then check PSNR

Test robustness by using salt and pepper with level 0.01 to 0.09.
Write another program to extract the watermark after the watermarked image has been attacked. Display the all the images produced.

For getting the best result PLEASE TRY ON GRAYSCALE BITMAP IMAGES !!!


Water Marking Program
clc;
bit=input('Please enter which bit you want to use for watermarking? (8 | 7 | 6 | 5)');
[filename1,pathname]=uigetfile('*.*','Please select the cover image');
'www.root25.com developed by Amir
img1=imread(num2str(filename1));
figure(1);
imshow(img1);  
[row,col]=size(img1)
area=row*col;
i=1;

Tuesday, February 5, 2013

Be Careful Download.Com Distribute Adware & Viruses Through Downloads


Be Careful Download.Com Distribute Adware & Viruses Through Downloads, I strongly recommend if you planned to download a software and the source of download is from download.com just stop it and look for another mirror of direct download of that software!

About one month ago i download a file from Download.com and few days ago i found out that my Facebook account start showing strange advertises on right top and left of Facebook page. that sounds suspicious so I double checked with my friend if Facebook add new advertise or not? after i understood these adds are not from Facebook , i got these advertises are injected to my browser pages. after Googling i found out it seems the files i downloaded 1 month ago was contain a virus.
DOWNLOAD.COM use its own downloader for downloading all files on your computer.The problem start from here that you can not download without Download.com downloader and the Downloader itself contain  a silent virus that later will install these Ad-wares to your computer. I believe they activate these after one month that user don't become suspicious to download.com .
These Ad-wares was in form of browser Add-ons that already was installed on my Google Chrome, Firefox , Internet Explorer. In my case the Ad-ware was installed with this name: "Deals Plugin Extension". and in some cases it was saw with this name : "Coupon Companion Plugin".

for cleaning this adware from Chrome:

  1. Go to Extension section of Chrome and write the "extention ID" then navigate to following path and remove the directory with that specific ID.

    Windows XP:
    %USERPROFILE%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions

    Windows Vista/ Windows 7/ Windows 8:
     %LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions
  2. Remove "updater21804.exe" from following paths:
    C:/windows/system32/tasks
    C:/users/[username]/appdata/local/updater21804/updater21804.exe


for cleaning from the Firefox & Internet Explorer also you can goto the extension section and disable this extension.


Download.Com is part of CNET.

related posts:
http://forums.cnet.com/7723-7598_102-568380/coupon-companion-adware/
https://productforums.google.com/forum/?fromgroups=#!topic/chrome/0Ityy2YXKJY%5B1-25-true%5D

ModSecurity Log Auditing System in PHP (MSLA Project)


Light MSLA is a "Light Mod Security Log Auditing" tools that i wrote in PHP , it will import the log of Mod Security to a MySQL database and then using Google API's draw charts from the log file.
This project was part of Mod_Security Project that i did before.
The heart of this script is the "patterns.php" that include few regular expressions command , it will find parts that we need inside the log file and extract them.

You can download the Project from this link : DOWNLOAD (Inside the Google Drive Press Ctrl+S to download)


SETUP:

  • Copy all the files inside the zip package into your server path.
  • Create a database and import the "modsec_db.sql" file into your database.
  • open config.php in a text editor and change the Database name,username,password,host and the Mod_security log path.
  • run the Parser.php from your browser ( it might take some times it depends on how big is your log file)
  • after the parser.php fully loaded and page become Done , open the index.php
  • input the username and password as following for going into the dashboard.
    username:root25.com
    password:ssap25
  • For drawing the graphs it need some times. 

""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
IMPORTANT: This script need internet access for drawing the charts because i use Google API's for the charts.
""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
As i mentioned before this was a student project , so you can change any parts based on your own need.
the hardest part and heart of this script are the patterns inside the "patterns.php" that will help to
find and extract specific parts from the log.
"useragent.php" will extract the details of os and browser from the user-agent information in the log.

This video is also show you how to install and an example of the project.
http://youtu.be/bzWIi1W3rkY

This is the post about the "How to install Mod Security on Apache Step by Step for Beginners"
This is the post about the "How to implement Reverse Proxy & Mod Security"

Social Networks Sharing