Backdooring Windows Media Files
I am planning to keep this post short and sweet. So, here is the deal. Meta Files are dangerous. Today I am going to cover some of my Security findings that concern files with extensions .wax, .wvx, .asx and .wmx.
Before we continue with the fun stuff, you must understand the purpose of the file formats listed above. First of all, they are meta files just like Apple’s QTL. Second, they are standard for the Windows operating system and supported by default. Finally, the meta files are often used to stack together various media content into playlists.
if you start researching the Media Player meta files (this is a good resource to start), you will see that they all have the same structure, which is XML. The XML document (starting with root node <ASX>) provides the basic characteristics of how the media streams need to be played, what sequence they follow and how the user can interact with them. Digging deeper into the XML, I found several tags which can be abused for malicious purposes. I am going to cover only one of them since the post has to be short as I said earlier.
More: http://www.gnucitizen.org/blog/backdooring-Windows-media-filesÂ
Backlink and Link Exchange
BACKLINK AND LINK EXCHANGE
Â
There are different opinions about backlink. And i decided to write an article about backlink.
Â
First of all, backlink means the links of your site on different sites. I mean when your link is on more sites, you have more backlinks. But you must be careful about a thing.
Â
Specified total of backlink is not important so much. For example you have a didectory. If you have backlinks from a imitative site, it doesn’t make any changes to your site. But you have backlinks from another directory, it’s useful to your directory.
Â
If you have backlinks that was had making linx exchange with imitative sites, it isn’t useful for you. Because search engines understand that these link exchanges must be corsswisely. I’ll explain corsswise link exchange.
Â
I can explain crosswise link exchange like this;
Â
I have a site named A, and my friend has a site named B. I’ll givelink to site B from my site A. But my friend will give me link from site C. And search engines will thing that these links are without agreement.
Â
And another important thing about backlink is the sites that are making link exchange must be on different IPs. Because Google looks to thelinks with their IPs. It’s better to take links from different IPs than to take links from 1000 same IP. So it’s important to make crosswise link exchange from different IPs.
website: webmasterz.ws
Installing WordPress on your own Windows computer
We generally become WordPress users to create a blog for everyone to see. This can involve the purchasing of a domain name and web hosting. These we treat as black boxes on which the WordPress software is installed, and everything magically works. This is exactly how it should be.
Although WordPress provides a comprehensive management interface, there are times when it would be better to have our own local copy, running on our own machine. There are several reasons we would want to do this:
- A working backup of our online site
- A development site to develop plugins and themes without affecting our online site
- A testing area to try out hacks and new versions of WordPress without fear of corrupting the live site
- A staging area to create and verify posts, before releasing them live
Just like in a commercial environment, it helps separate our blog into two parts: production and development, or live and test. Our production blog is the one that is visible to everyone. It might not contain the latest information or the most up-to-date software, but it is fully working and error free. Contrast this to a development blog where we have the very latest software and information, but possibly not fully working.
Separating our site gives us the freedom to experiment without fear of destroying the working version. At the very worse, if the development blog is corrupted we simply re-install the software, and the only loss is our own time. If we corrupt the production site then no one can access our information and we lose visitors.
In writing a set of articles dissecting a WordPress theme, I realised that a lot of people are directly editing their live site. There are many reasons for this, but a good one is probably due to the difficulty in setting up a local system. This is a short guide to try and explain how to do just that.
Installing the server software
WordPress requires several pieces of software:
- A webserver
- Php configured to work through the webserver
- A MySQL database
None of these are particularly simple pieces of software, and all require configuration to work together. Fortunately there is a lovely software suite called WAMP that packages these together and adds a nice front-end. This is definitely the fastest and easiest way to get it working.
Consequently, the first task here is to Download the latest WAMP. Note that this only works on Windows 2000/XP, so I’m afraid you are out of luck if you have anything earlier.
Installing WAMP
Once the software is downloaded we can begin to install it:
The installation process is very straightforward. First we choose a destination directory. The default is ideal.
Next we choose whether to automatically start WAMP. You can tick this if you want, but Apache and MySQL make heavy use of system resources and we don’t always need them running. It is much better to start the software on demand, and so leave this option unchecked.
The software will now install.
After all the files are extracted we are asked for the DocumentRoot directory. This is the root directory for your website and will contain WordPress and any other files you want accessible through the webserver. Unless you have a specific reason, go with the default.
Next we are asked for the default browser. Your choice here is not really important, so pick whichever browser you prefer.
And that’s it! We now have a fully working webserver on our computer. This same software is used in hundreds of thousands of websites across the world. We also have MySQL to provide our database, and Php to run WordPress.
Remote DLL Injection Application
The tool is to inject or remove the DLL into or from the remote process. It will not only help in removing the spyware programs from the system but also aid in testing individual library components of products.
Target Platform: Windows 2000, Windows Xp, Windows 2003.
Screenshot of RemoteDLL:
RemoteDLL is the tool which allows you to inject the DLL or free the DLL from the remote process. This tool is based on the popular DLL Injection technique which has already been used in antivirus and antispyware applications. This is the common technique used by virus and spyware programs to hide their presence on the system. These programs inject themselves to a legitimate Windows process such as explorer.exe and operate from that process so the that normal user will not suspect its presence. RemoteDLL makes it easy to find and remove such programs from the victim process using same technique.
In addition to this, it can also be used as aid in testing various library components in the product. One such use is explained below.
How to use RemoteDLL in testing the Nldapaut.dll (component of SecureLogin)
Nldapaut.dll is the LDAP Authentication component of Novell SecureLogin product. When SecureLogin is installed as GINA in LDAP mode, Nldapaut.dll is loaded into winlogon.exe process. Since this DLL is loaded into the winlogon.exe process, it cannot be replaced or deleted from the disk. During unit testing or development testing if you want to test this DLL, you have to reboot the system and then replace the new DLL. But with RemoteDLL you can do this without restarting the system. Here are the steps.
- Launch this tool and select “Free DLL” option.
- Click on select process button and choose winlogon.exe from the process list.
- Click on select DLL and then choose “Nldapaut.dll” from the DLL list.
- Now click on “Free DLL” button. This will remove the Nldapaut.dll from winlogon.exe process.
- Now you can replace the existing Nldapaut.dll and continue testing secure login.
Note: Removing certain DLLs from a process can cause adverse effect on that process. So use this tool only if you know what you are doing.
