Unlocked Computers | A Security Risk

In Security Fundamentals at Microsoft Virtual Academy, Instructors stressed on a phrase "Do NOT leave your computer Unlocked". And I have capitalize NOT to stress on it, and to get your attention that how dangerous it can be in different ways.

I thought to write up a short note to overview the simple danger that one can face if he/she leaves his/her computer unlocked, and this applies to those who trust others enough to share their computer.

This short article might be enough to inform what actually you are trusting on along with just permitting to use your computer for a while. And most of people have setup an easy password or have written their login password somewhere around keyboard or their desk etc.

I will be demonstrating some examples from Windows 8.1, but this will also apply to Windows 8, 7 and older versions.

Let's start from silly wifi password:
One can simply get Wi-Fi Password from Security Tab in Wireless Properties under WiFi Status Window. This also applies if you are providing your Wi-Fi Password to Guests. Therefore, it is also recommended to have Guest-WiFi enabled for providing Passwords to Guest or non-family members. Network Hacking and Security is another story, which later meets the same results.
Wi-Fi Status

Wireless Properties | Security Tab >> Network Security key

Passwords from Browser:
FireFox >> Options >> Security >> Saved Passwords
It is recommended to use a Master Password on FireFox.
FireFox Options | Security Tab >> Saved Passwords...
Chrome >> Settings >> Show advanced Settings... >> Manage saved passwords
Chrome Settings | Advanced Settings >> Manage saved passwords

Windows Credential Manager:
Control Panel >> All Control Panel Items >> Credential Manager >> Web Credentials | Windows Credentials
At this point, this is all!
Control Panel | Credential Manager >> Web Credentials / Windows Credentials
Here you can see all the usernames / passwords, but the good thing is that it will first ask about your password, now it's your decision to share your password or set it easy enough to remember or guess, or to safe your personal information.

*Images are not my property, and would like to thanks to those who shared on the web.

Thursday, June 12, 2014
Posted by Saqib Kamran

USB Network Gate for Windows

Recently, got a query to share a USB Scanner over a network, so network users can use that local scanner for scanning their documents. While searching for the solution, I found a software called USB Network Gate. It is very easy to setup and use.

After finishing installation, you will get 2 tabs (Share Local USB Devices and Remote USB Devices). In 'Share Local USB Devices' you will have all the USB devices locally installed on your computer and you can share them with the network. To share any locally installed USB Device, you need to click on 'Share' button. Meanwhile, the USB Devices which are installed on other (network) computers can be seen in 'Remote USB Devices' tab.

As you can see a simple USB Scanner that was enabled on a network computer can be seen in 'Remote USB Devices' tab, and all you need to do is to click 'Connect' and it will be connected as it is connected with local USB port.

For More details: http://www.eltima.com/products/usb-over-ethernet/
Thursday, May 22, 2014
Posted by Saqib Kamran
Tag :

on{X} for Android by Microsoft

Usually, I keep looking for new Apps in Play Store. Recently, my younger brother suggested me really outstanding application for Android, on{X} by Microsoft. This is really amazing Application that is part of my daily life routines now. on{X} (pronounced 'on-ex') lets you control and extend the capabilities of your Android phone using a JavaScript API to remotely program it.

I have setup lots of Rules at https://www.onx.ms/ and it’s like a ‘set it and forget it’ product, now most of things are automatic on my Android device which I used to do manually. For example Turning off WiFi / Data connections or enabling ‘Do Not Disturb’ mode before I sleep, so notifications should be disabled while I am sleeping. Now these all tasks are automated with the help of on{X}.
Reminder at a Specified Time.
"Reminder me everyday to Time to Go back at 4:38 PM"
The one that I would love to mention here as my first experience and the Rule that I loved is 'Start Playback when a wired headset is connected', because I love music and I wanted Music to be auto play whenever I connect the headphones/ headset while I go somewhere. And it does exactly I was expecting, and stops when I disconnects the headphones. 

Another that I liked is 'Set ringer mode to silent between 11:00PM and 6:00AM after the phone hasn't been unlocked for 1 hour." that really help me by keeping notifications off while I am sleeping. There are many more rules developed by onX team and other developers that can be found in community. 


There are many more rules that one can define, and the best part is Kitchen (The Kitchen is where for on{X} users create their own recipes and share them with the community.) 

More details on: https://www.onx.ms/

Monday, April 28, 2014
Posted by Saqib Kamran
Tag :

Reflective Cross Site Scripting (XSS) Bug in Apple iCloud.com/#Mail

Apple is one of biggest companies in IT, and personally because of Steve Jobs, Apple was one of my favorite companies to be acknowledged by. As Apple is a very big organization and it has many products, therefore it wasn't very hard to find a bug in Apple Products to be enlisted on Apple HOF.

Steps to reproduce the Non-Persistent XSS Vulnerability:
1: Login to http://icloud.com
2: Navigate to mail [https://www.icloud.com/#mail]
3: Create a folder with a payload as name
4: Create another Folder with same payload name.
4.1 When two folders with same name will be created, there will be an error message to alert about existing folder with same name. However that part wasn't properly sanitized. So, in error it showed something like

"A folder with the name "> already exists" and a pop-up message executes as well.
Non-Persistent Cross Site Scripting in iCloud #Mail #Apple
And Apple fixed the bug by properly sanitizing the part, so now results for the same inputs are as following:
XSS Fixed by Apple for iCloud #Mail


Reported: June  17, 2013
Confirmation for Bug Fixed: September 06, 2013
HOF Date: August 14, 2013 (Though the HOF wasn't updated till mid of December, when I last checked)
I checked HOF: January 06, 2014

Tuesday, January 7, 2014
Posted by Saqib Kamran
Tag :

P-XSS Vulnerability in Freelancer

Recently, Freelancer has announced a Bug Bounty Program. Details are available here: Freelancer Vulnerability Submission. Well, as Freelancer has newly announced the program to reward Security Researchers for Responsible Disclosure of Security Vulnerability in Freelancer.com, so I am damn sure that it would be vulnerable to many attacks as Security Researchers haven't headed towards it yet.

However, simple and fastest vulnerability to find is Cross site Scripting aka XSS vulnerability in Freelancer. So I just did the following steps to successfully discover the hidden pop-up message. 
1: I created a new project with my Account (as employer).
1-1:  I used payload in Project Description and details, but nothing happened and the worst that my project was declined by Freelancer, as it goes for approval first.
1-2:  I upgraded my account to Plus, where I had option of priority project, which could be posted immediately without any review first. So I created Test Project to find XSS Vulnerability in Freelancer. 
2: I created another Freelancer Account for the testing as a freelancer to submit proposals/ bids.
3: I submitted a bid from freelancer account(second account) using payload in description and message as well.

4: I checked freelancer's message, who recently bid on the project. In Employer's inbox, when I opened the message, I got the pop-up.
To re-test the vulnerability, I refreshed/reloaded that webpage. when I reloaded the page, the pop-up didn't appear. So, I realized that the message field wasn't vulnerable to Cross Site Scripting aka XSS in Freelancer, but then why my first message was successful to get the pop-up?
You got it! That's Description Field, which was vulnerable to XSS in Freelancer.
Well, to find out this, I retracted/ cancelled my bid (as freelancer) from the project. And again submitted bid on same project, but this time, I slightly modified the payload in description, and a different one in message field while submission.

Then from employer Account, I moved mouse pointer to message box as shown in above image. A drop down messages list were appeared. I moved pointer to most recent message (That contained payload in Description). Another side box appeared that loaded the Bid Details (Description too, were in details). And Guess what happened next?
The Payload (that I used) is visible in Message field. Same payload was used in Description, and when the preview Bid Details loads the description field, the payload was executed, hence the pop-up appeared as described in payload.

Rewards: 300$ Reward, HOF, "The Hacker" Badge on Freelancer Profile and a T-Shirt from Freelancer.
Wednesday, July 24, 2013
Posted by Saqib Kamran
Tag :

Persistent XSS Vulnerabilities in Yahoo

I received some gadgets and T-shirts from Yahoo. Why? Here is what I did. I found Persistent XSS (Cross Site Scripting) Vulnerabilities in Yahoo Calender. 

Steps to Reproduce XSS Vulnerability in Yahoo Calender

1: I Logged into Yahoo Account and Navigated to Calender.
2: Created two Calenders.
-On left hand side, (you will find option to Create new Calender)I named them as Calender 1 and Calender 2.
3: Created a new event and filled the rest of things, but Location Field was the vulnerable one, so I used a payload for that field.
And clicked SAVE the event.
4: Then I  re-opened the event, nothing happened :(
I edited it, moved it to different calender. And re-opened the event. That's it! I got T-Shirt  in pop-up :D. It was stored one, so whenever I opened the event, the results were pop-up, the same.

Steps to Reproduce XSS Vulnerability on Yahoo Site via Yahoo Mail
For this I used two email accounts. One should be Yahoo Account and other can be from any other or Yahoo as well.
1: I sent an email to my Yahoo Account and in subject field I used a payload to execute the alert message.
2: Logged into Yahoo Account, and then navigate to any local site of yahoo. For example: http://au.yahoo.com/
-- The alert was executed on Yahoo site in which it allowed Latest emails preview.
3: Once the site is loaded, it will also load emails, and so the alert message will be executed as soon as it will load the email which was sent with the payload in subject field. To verify, I rechecked the subject field from the main site (not in mail.yahoo.com) and it was just "> and rest of code wasn't shown that means it took the payload as an injection.

I reported the vulnerabilities in time to Yahoo Security team, and they were very quick at fixing it.

This is first time that I am writing an Article about my findings on XSS (Cross Site Scripting). I hope this will be helpful, especially for the beginners like me into the field of Web Application Security Researching. As I said the XSS Vulnerability has been reported to Security team, so fixed well in time.

Updated-- Recently Yahoo has started Bug Bounty program, and now they are rewarding monetary rewards as well as HOF. As my findings were before the bug bounty program started by yahoo, so I think to get listed in HOF, I need to get back to Yahoo once again :)
Tuesday, July 9, 2013
Posted by Saqib Kamran
Tag :

What this Blog is all about?

Everyone's life is combination of experiences, happiness, sadness, learning, memorable moments and lots of practical, so mine. Normally, a person starts learning from home, then he goes through the school and universities process, then he enters into a practical life and learning still continuous unless he stops struggling. At each step of life, everybody is learning something new, they might not aware of before and that's the process of learning.

There are different categories and sub-categories for our educational system, which redirects a person to a specific type of learning and to get expertise in that particular part or section, like some people become scientist, some doctors, engineers, professors etc. My field or category is Information Technology, that means I have been redirected to get expertise only in this category, now there are many sub-categories again that I had to choose from, like Software Engineering, Website Developer, Hardware, Networking, Security etc. I chose all for basic understanding and Network & Security as my expertise.

This blog is about my researches, findings, experiences and learning that I got from those experiences, findings or researches about something. This blog is related to Information Technology (IT) stuff. It not only includes my own words, but it also includes the posts from those who I follow, which I would like to share with others and also as part saved copy of those resourceful articles, however, I'll surely be adding original links and writer's name with it as per my best knowledge.

I hope it will be a resourceful place for people like me, who are curious to learn about stuff related to IT specifically Web Development, WordPress, Web Application Security, Networking and Operating Systems. Purpose of this blog is not only to keep these articles save online, but to help other n00bs to be a g33k who love to follow IT and loves to learn more about related stuff.
Tuesday, January 1, 2013
Posted by Saqib Kamran
Tag :

About Me

- Copyright © 2014 Saqib Kamran