Running Multiple Instances of Google Talk

Users of Google Talk (GTalk) can also let GTalk go to polygamy, that's running multiple instances of Google Talk and login to multiple Google accounts on Google Talk. The polygamy trick can be done without any crack, patch or hack, with just a simple command line parameter or switch /nomutex appended to the Google Talk shortcut.

Ability to polygamy running multiple Google Talk is useful if users have multiple Google Talk accounts (or Google or Gmail accounts that used to login to GTalk) or multiple profiles or personalities, and don't want to log on and off from one account to another account every time when want to switch, or want to log in to all accounts at the same time on the same computer.

You can add the /nomutex switch or parameter to existing Google Talk shortcut, or create a new shortcut with the /nomutex command line parameter.

To edit existing Google Talk shortcut:

1) Right click on the Google Talk shortcut.
2) On the right click contextual menu, click on Properties.
3) Go to Shortcut tab on Google Talk Properties window.
4) On the Target textbox, add in the /nomutex to the end of the line so that it looks like below (or you can simply copy and paste the below syntax and replace the original).

Target: "C:\Program Files\Google\Google Talk\googletalk.exe" /nomutex

5) Click on OK.


To create a new shortcut for Google Talk:

1) Right-click on the desktop or anywhere you want to place the GTalk shortcut.
2) Select New on the right click context menu.
3) Then select Shortcut.
4) Copy and paste the following line to the text box when prompted to type the location of the item:

"C:\Program Files\Google\Google Talk\googletalk.exe\" /nomutex

5) Click on Next.
6) Give the shortcut a proper name such as Google Talk or Google Talk Multiple or Google Talk Polygamy.
7) Click OK until you are done.

If you have hex editor, you can act like a hacker and modify the bits in Google Talk program so that it will always allow multiple instances of GTalk to be launched whether the /nomutex switch is specified or not.

Launch hex editor and open googletalk.exe, then search for the following patterns in the hex editor:

004536FD . 3BC6 CMP EAX,ESI
004536FF . 75 05 JNZ SHORT googleta.00453706

Modify the string to look like the following:

004536FD . 8BC1 MOV EAX,ECX
004536FF . EB 05 JMP SHORT googleta.00453706


How this Works?
The mutex is short for mutual exclusion object.
A mutex is a program object that allows multiple program threads to share the same resource, but not simultaneously.

So, in the hack above, we used nomutex (no-mutex) to use the same resources simultaneously....!

Enjoy and keep smiling,

Smile is a language that everybody understands. (",)..!!!

SYN flooding

Recently I unknowingly made a small configuration change in my PC at work, which caused the entire network of my office to go down for one whole day, all without my knowledge. This small mistake that led to such a huge disaster got me interested in how entire networks can become flooded and hence rendered useless, just because of a small packet. I came across one such type of network flooding attack, SYN flooding. 

SYN flooding is a method that the user of a hostile client program can use to conduct a denial-of-service (DoS) attack on a computer server. The hostile client repeatedly sends SYN (synchronization) packets to every port on the server, using fake IP addresses.

Normally when a client attempts to start a TCP connection to a server, the client and server exchange a series of messages which normally runs like this:

1. The client requests a connection by sending a SYN (synchronize) message to the server.
2. The server acknowledges this request by sending SYN-ACK back to the client.
3. The client responds with an ACK, and the connection is established.

This is called the TCP three-way handshake, and is the foundation for every connection established using the TCP protocol.

But when an attacker starts a SYN flood attack, the following sequence takes place

1.      Attacker creates a random source address for each packet

2.      SYN flag set in each packet is a request to open a new connection to the server from the spoofed IP address

3.      Victim server responds to spoofed IP address, then waits for confirmation that never arrives (waits about 3 minutes)

4.      Victim's connection table fills up waiting for replies

5.      After table fills up, all new connections are ignored

6.      Legitimate users are ignored as well, and cannot access the server

7.      Once attacker stops flooding server, it usually goes back to normal state (SYN floods rarely crash servers)

8.      Newer operating systems manage resources better, making it more difficult to overflow tables, but still are vulnerable .

The hostile client makes the SYN requests all appear valid, but because the IP addresses are fake ones, it is impossible for the server to close down the connection by sending RST packets back to the hostile client. Instead, the connection stays open. Before time-out can occur, another SYN packet arrives from the hostile client. A connection of this type is called a half-open connection. Under these conditions, the server becomes completely or almost completely busy with the hostile client. Communications with legitimate clients is difficult or impossible.
A hostile client can exploit half-open connections and possibly get access to server files. The transmission by a hostile client of SYN packets for the purpose of finding open ports and hacking into one or more of them, is called SYN scanning. A hostile client always knows a port is open when the server responds with a SYN/ACK packet.

- Joohi Sinha
Stay tuned for more...

HackTricks := SQL Injection Continue...

Hello everyone,

I am back with SQL Inection, sorry for late...

 

Example of a SQLInjection Attack

Here is a sample basic HTML form with two inputs, login and password.

<form method="post" action="http://testasp.vulnweb.com/login.asp">
<input name="tfUName" type="text" id="tfUName">
<input name="tfUPass" type="password" id="tfUPass">
</form>

The easiest way for the login.asp to work is by building a database query that looks like this:

SELECT id
FROM logins
WHERE username = '$username'
AND password = '$password’

If the variables $username and $password are requested directly from the user's input, this can easily be compromised. Suppose that we gave "Joe" as a username and that the following string was provided as a password: anything' OR 'x'='x

SELECT id
FROM logins
WHERE username = 'Joe'
AND password = 'anything' OR 'x'='x'

As the inputs of the web application are not properly sanitised, the use of the single quotes has turned the WHERE SQL command into a two-component clause.

The 'x'='x' part guarantees to be true regardless of what the first part contains.

This will allow the attacker to bypass the login form without actually knowing a valid username / password combination!

Preventing SQL injection

To protect against SQL injection, user input must not directly be embedded in SQL statements. Instead, parameterized statements must be used (preferred), or user input must be carefully escaped or filtered.

Parameterized statements

With most development platforms, parameterized statements can be used that work with parameters (sometimes called placeholders or bind variables) instead of embedding user input in the statement.

In many cases, the SQL statement is fixed. The user input is then assigned (bound) to a parameter.

This is an example using Java and the JDBC API:

PreparedStatement prep = conn.prepareStatement("SELECT * FROM

USERS WHERE USERNAME=? AND PASSWORD=?");

prep.setString(1, username);

prep.setString(2, password);

prep.executeQuery();

Similarly, in C#:

using (SqlCommand myCommand = new SqlCommand("SELECT * FROM

USERS WHERE USERNAME=@username AND

PASSWORD=HASHBYTES('SHA1',

@password)", myConnection))

{

myCommand.Parameters.AddWithValue("@username", user);

myCommand.Parameters.AddWithValue("@password", pass);

myConnection.Open();

SqlDataReader myReader = myCommand.ExecuteReader())

...................

}

In PHP :

$db = new PDO('pgsql:dbname=database');

$stmt = $db->prepare("SELECT priv FROM testUsers WHERE

username=:username AND password=:password");

$stmt->bindParam(':username', $user);

$stmt->bindParam(':password', $pass);

$stmt->execute();

There are also vendor-specific methods; for instance, using the mysqli[6] extension for MySQL 4.1 and above to create parameterized statements:

$db = new mysqli("localhost", "user", "pass", "database");

$stmt = $db -> prepare("SELECT priv FROM testUsers WHERE

username=? AND password=?");

$stmt -> bind_param("ss", $user, $pass);

$stmt -> execute();

Escaping

A straight-forward, though error-prone, way to prevent injections is to escape dangerous characters.

One of the reasons for it being error prone is that it is a type of blacklist which is less robust than a whitelist.

For instance, every occurrence of a single quote (') in a parameter must be replaced by two single quotes ('') to form a valid SQL string literal.

In PHP, for example, it is usual to escape parameters using the function mysql_real_escape_string before

sending the SQL query:

$query = sprintf("SELECT * FROM Users where UserName='%s' and

Password='%s'",

mysql_real_escape_string($Username),

mysql_real_escape_string($Password));

mysql_query($query);

By,

Shweta Jogi

Enjoy every moment of you life...