FLIXEY.COM

(preview)

This is another one of the scripts I wrote quite a while ago. It just wrote it out of pure boredom and actually got somewhere. Korean social securyity numbers have a pattern, consisting of 13 digits segmented into 2 parts of 6 and 7 digits. The first part is like this.

The second part is a bit complicated. It hold information on your gender and which region of Korea you were registered from. The gender codes are 9 for male 0 for female if you were born in the 1800s, 1 and 2 for the 1900s and 3 and 4 for the 2000s. The regional codes are complicated so I’ll pass on that.

The check number is generated by a pattern. The following PHP code calculates it.

function get_check_no($s_no){
　unset($total);
　　
　for($i=0; $i<13; $i++){
　　$s_no[$i] = intval($s_no[$i]); // convert to integer
　}
　
　// calculate social security number
　$total = $s_no[0]*2 + $s_no[1]*3 + $s_no[2]*4 + $s_no[3]*5 + $s_no[4]*6 + $s_no[5]*7 + $s_no[6]*8 + $s_no[7]*9 + $s_no[8]*2 + $s_no[9]*3 + $s_no[10]*4 + $s_no[11]*5;
　$total = $total%11;
　$check_no = 11-$total;
　
　// if the value of the check number exceeds 9, divide by 10 and return remainder
　if($check_no>9){
　　$check_no = $check_no % 10;
　}
　
　return $check_no; // return result
}

So I created the bruteforcer by simply letting someone enter a hash, birthdate, and gender to get a general idea of what the SSN will look like. Then I simply incremented the leftover digits and calcultated the check numbers. I then hashed them and checked them with the entered hash value.

<?php
$b_year = $_POST['b_year'];
$b_month = $_POST['b_month'];
$b_day = $_POST['b_day'];
$gender = $_POST['gender'];
$s_no_hash_str = $_POST['s_no_hash_str'];
$hash_type = $_POST['hash_type'];
// error messages
if(!$b_year){
　echo “* Enter birth year<br />”;
}
if(!$b_month){
　echo “* Enter birth month<br />”;
}
if(!$b_day){
　echo “* Enter birth day<br />”;
}
if(!$gender){
　echo “* Select gender<br />”;
}
if(!$s_no_hash_str){
　echo “* Enter hashed SSN.<br />”;
}
if(!$hash_type){
　echo “* Select hash type<br />”;
}
// if everything is entered, start processing.
if($b_year && $b_month && $b_day && $gender && $hash_type && $s_no_hash_str){
// pad valued with 0
$b_year = str_pad($b_year, 4, ‘19′, STR_PAD_LEFT);
$b_month = str_pad($b_month, 2, ‘0′, STR_PAD_LEFT);
$b_day = str_pad($b_day, 2, ‘0′, STR_PAD_LEFT);
$b_year_det = substr($b_year,0,2);
$b_year = substr($b_year,2,2);
if($b_year_det == “18″){
　if($gender == “1″){
　　$gender = “9″;
　}
　else{
　　$gender = “0″;
　}
}
else if($b_year_det == “19″){
　if($gender == “1″){
　　$gender = “1″;
　}
　else{
　　$gender = “2″;
　}
}
else if($b_year_det == “20″){
　if($gender == “1″){
　　$gender = “3″;
　}
　else{
　　$gender = “4″;
　}
}
// loop misc
for($misc=0;$misc<=99999;$misc++){
　// pad misc
　$misc = str_pad($misc, 5, ‘0′, STR_PAD_LEFT); // pad left with 0’s
　
　// merge valued to form actual s s no
　$s_no_1 = $b_year.$b_month.$b_day;
　$s_no_2 = $gender.$misc;
　
　// get full number including check number
　$s_no_string = $s_no_1.$s_no_2.get_check_no($s_no_1.$s_no_2);
　
　// select hash type and convert
　if($hash_type == “md5″){
　　$s_no_hash = md5($s_no_string);
　}
　else if($hash_type == “sha1″){
　　$s_no_hash = sha1($s_no_string);
　}
　// if the hash matches the processed, return the value and break loop
　if($s_no_hash == $s_no_hash_str){
　　echo ”
　　Done: “.$s_no_string.”(”.$s_no_hash.”)
　　<script type=\”text/javascript\”>
　
　　<!–
　　document.getElementById(’result’).innerHTML = ‘”.$s_no_string.”‘;
　　//–>
　　</script>
　　”;
　　break;
　}
　// if not… just print current value and continue
　else{
　　echo “Processing: “.$s_no_string.”(”.$s_no_hash.”)<br />”;
　}
}
}
?>

After about a weeks planning, I have finally bought the Samsung Syncmaster 245B. It is a 24 inch TN TFT LCD monitor with VGA and DVI input. Its maximum resolution is 1920 x 1200 which gives quite a bit of workspace. Somereviews say the vewing angles aren’t too good, but I couldn’t really tell the difference. Because I hooked it up to a Dell D410 Latitude laptop which uses a graphics accelerator rather than a real graphics card, the pictures might be a bit lower in quality. But since I don’t really game or to any graphics intensive working, it hasn’t been a problem so far.
When I first saw the box, my reaction was “whoa.” The monitor was bigger than I really expected and I had to move alot of things around in my room to make it fit properly. After strugglings with tons of cabling , I finally got to hook the monitor up and turn it on. But there was a problem! My computer was OS-less… The night before I had messed up the OS so I had to reinstall windows before I could check out the monitor. I waited whilst doing some homework and drinking some nice green tea.
After waiting for ever, windows was ready, I installed all the drivers and programs and went through the basic routine when you format a computer. When finally everything was back to normal, I turned on the monitor, and voila, the screen appeared. I had to do adjust the resolution first to 1920 x 1200. The resolution and quality was just awesome. My laptop monitor wasn’t something you could even compare it with. I tried setting the brightness to maximum, but unlike my laptop, the thing got blinding so I had to set it down a bit.
Overall, I am very satisfied with my monitor and am hoping I can get a computer with a proper graphics card so I can use it to its fullest potential.

[Show as slideshow]

I made another program under my friend’s request for it. It’s a RapidShare.com link checker. It checks if links are dead or not then adds up the filesizes. It’s a very simple PHP script. It basically works by opening each HTML document, searching for the string with the memory, storing them into an array, then adding them up. If a filesize is not found, it classified the link as DEAD. It’s a very simple and could use more security like checking if the link is a rapidshare link before opening it and so forth.

Source Code:

<?php
$links = $_POST['links']; // get links from POST
$links = explode(”\n”,$_POST['links']); // explode links
$z = 0;
$filesize = array(); // define array
while($z <= count($links) -1){ // while $z is smaller than the number of links
　$html = $links[$z]; // store link into var
　$html = @file_get_contents($html); // get contents of link
　preg_match(”/\(<b>(.*)<\/b> KB\)/i”,$html,$matches); // pregmatch to get the filesize
　$filesize[$z] = $matches[1]; // store filesize in array
　if(!$filesize[$z]){ // if filesize doesn’t exist
　　$filesize[$z] = 0; // define as zero
　　$links[$z] = $links[$z].” DEAD”; // define as DEAD
　}
　$z++;
}
$filesize[total] = array_sum($filesize); // add all filesized
$filesize[unit] = “KB”; // default unit is KB
if($filesize[total] >= 1024){ // If is more than 1024 KB
　$filesize[total] /= 1024; // divide value with 1024
　$filesize[unit] = “MB”; // define as MB
　if($filesize[total] >= 1024){ // if value it bigger than 1024 again
　　$filesize[total] /= 1024; // divide by 1024 again
　　$filesize[unit] = “GB”; // and define as GB
　}
}
?>
…
<?php
$i = 0;
while($i <= count($links) -1){ // while $i is smaller than the number of links
　 echo $links[$i].” (<b>”.$filesize[$i].”</b>)<br />”; // print them
　 $i++;
}
echo “<b>Total</b>: “.round($filesize[total],2).$filesize[unit]; // print total filesize
?>

SQL injection is a fun thing to do when you’re bored. Just try submitting a typical injection query into a login form, it’ll work some of the time. I was aware if this, but I am still surprised by the stupidity of many institutions and organization that leave their security compromised by simply not escaping meta characters.

The screen-shot on the left is the login form of an administrator panel of a school. I’ve entered a typical SQL injection expression. Let’s see what happens. (Simple SQL injection is explained here)

It actually let me login as admin! I mean, I know programmers can make mistakes and school don’t always hire good programmers, but they should at least try to keep their students’ private data safe. Their whole school data could be erased by a malicious kid who just happened to try SQL injection on their site. A student of that school could even edit his or her own grades, change their own attendance, and lower the grades of someone they don’t like.

I’ve tried this with many other sites and a large portion of them failed to escape characters and allowed me to trick the script into logging me in, usually as an administrator. If you run a site with a custom-built script, you should check for this very simple but critical vulnerability. Who knows, maybe your own school’s administrator panel has this vulnerability.

Although this can turn out to be very chaotic, it actually takes less than a line of code to remedy it. In PHP, the addslashes() function can be used to escape all characters. One function, that’s all it takes to prevent people from viewing your administrative data and mess around with your site. Check some admin panel logins and try this method, a surprising number of them will fall for this trick and you’ll be granted administrator power and be granted to do whatever you want with that site (of course, if you’re caught you’d be sentenced to cyber crime and thus be screwed).

Go around and check. Tell your friend about a security hole in his site (or possible pull a prank first). Tell your school, organization, and just see their reaction. Just be careful not to bug the school administrator too much or you might get in trouble.

A related and funny comic strip (for those of you who know SQL)