Credit cards are everywhere, almost everyone around us has one or more than one. This post will show you how to crack the 16-digit code on your credit card.
4417 1234 5678 9113
4 - the first digit is the Major Industry Identifier.It designates the category of the entity which issued the card.
1 and 2 are airlines
3 is Travel and Entertainment
4 and 5 are Banking and Financial
6 is Merchandizing and Baking
7 is Petroleum
8 is Telecommunications
9 is National assignment
The first 6 digits are the Issuer Identification Number. It will identify the institution that issued the card.
Visa: 4xxxxx
Mastercard: 51xxxx - 55xxxx
Discover:6011xx, 644xxx, 65xxxx
Amex: 34xxxx, 37xxxx
Cards can be looked up by their IIN (Issuer Identification Number).
A card that starts with 376211 is a Singapore Airlines Krisflyer
American Express Gold Card.
529962 designates a pre-paid Much-Music MasterCard.
The 7th and following digits, excluding the final digit, are the
person`s account number. This leaves a trillion possible combinations if
the maximum of 12 digits is used. Many cards only use 9 digits.
3 The final digit is the check digit or checksum. It is used to validate the credit card number using the Luhn algorithm.
How to validate a credit card with your mind
Take the above number (or any credit card number)
4417 1234 5678 9113 (And double every other digit from the left)
* * * * * * * *
2 2 2 2 2 2 2 2
=
8 2 2 6 10 14 18 2
Add these new digits to undoubled ones
4 7 2 4 6 8 1 3
All double digit numbers are added as a sum of their digits,so 14 becomes 1 + 4
8+4+2+7 + 2+2+6+4 + 1+0+6+1+4+8 + 1+8+1+2+3
=70
If the final sum is divisible by 10,then the credit card number is valid.
If it`s not divisible by 10, the number is invalid or fake.
Monday, November 28, 2011
Tuesday, November 15, 2011
Wargames.my July 2011
Well, I was supposed to have this posted in July, but I was
From the official website: "WarGames.MY is Malaysia’s first ever online CTF, by Malaysians, for Malaysians. It’s basically a 24 hours hack game featuring 18 challenges scattered across 6 categories. We do know that there are CTFs and other security games in Malaysia but they all require the team/person to be physically there. So figured what the heck, let’s do an online CTF."
So yeah, it was (and still is) Malaysia's first online CTF. Even cooler, this CTF was supported by Hack In The Box and HackerspaceKL. Prizes for the winner were RM2000 cash prize + Seeduino starter kit + HITB training and conference passes.
There were several categories of challenges in wargames.my, ranging from the usual binary reversing, vulnerability hunting, cryptography, web challenges, forensic, to network challenges.
Also, wargames.my was the first collaboration ever between HITB.MY CTF crews 2.0 and crew 3.0. Anyway, here is the result (been long overdue!):
| Place | Player | Score |
|---|---|---|
| 1st | kuehtiow | 1350 |
| 2nd | p03p0wn | 1300 |
| 3rd | pukkimacs | 1200 |
 |
| Nomz for the crews. |
 |
| Graph and scoreboard. |
Monday, November 14, 2011
Reversing, exploits, malware analysis and other stuff
A mix of everything
Sticky:
InfoSec conferences calendar: http://www.google.com/calendar/embed?src=pe2ikdbe6b841od6e26ato0asc%40group.calendar.google.com
Crackmes
http://www.woodmann.com/RCE-CD-SITES/Quantico/crackme%27.htm
http://f0dder.reteam.org/crackmes.htm
http://www.reversing.be/index.php?topic=crackmes
https://malwarereversing.wordpress.com/2011/05/13/crackmes-de-mirror/
http://my.opera.com/taviso/blog/show.dml/241047
http://forum.cheatengine.org/viewforum.php?f=39
http://lkubaski.free.fr/reverse/reverse.html
CrackMe Practices: http://www.reteam.org/ID-RIP/crackmes.htm
Defcon mystery challenge
http://1o57.wikispaces.com/
Emulator
http://www.dosbox.com/download.php?main=1
InfoSec conferences calendar: http://www.google.com/calendar/embed?src=pe2ikdbe6b841od6e26ato0asc%40group.calendar.google.com
Crackmes
http://www.woodmann.com/RCE-CD-SITES/Quantico/crackme%27.htm
http://f0dder.reteam.org/crackmes.htm
http://www.reversing.be/index.php?topic=crackmes
https://malwarereversing.wordpress.com/2011/05/13/crackmes-de-mirror/
http://my.opera.com/taviso/blog/show.dml/241047
http://forum.cheatengine.org/viewforum.php?f=39
http://lkubaski.free.fr/reverse/reverse.html
CrackMe Practices: http://www.reteam.org/ID-RIP/crackmes.htm
Defcon mystery challenge
http://1o57.wikispaces.com/
Emulator
http://www.dosbox.com/download.php?main=1
Pentesting stuffs
Vulnerable OS/daemons
damn vulnerable linux: http://www.damnvulnerablelinux.org/
damn vulnerable web application: http://www.dvwa.co.uk/
damn vulnerable web services: http://dvws.secureideas.net/
metasploitable: http://blog.metasploit.com/2010/05/introducing-metasploitable.html
ultimate LAMP: http://www.vmware.com/appliances/directory/189
Recon phase
Secrets of Network Cartography: http://www.networkuptime.com/nmap/index.shtml
Exploits
http://www.exploit-db.com/
http://1337day.com/
http://www.vulnerability-lab.com/
http://www.securityaegis.com/the-big-fat-metasploit-post/
Vasto: Virtualization ASsesment TOolkit - http://vasto.nibblesec.org/
http://www.darkoperator.com/tools-and-scripts/
Breaking FDE: http://theinvisiblethings.blogspot.com/2009/10/evil-maid-goes-after-truecrypt.html
Framework
http://www.felipemartins.info/2011/05/pentesting-vulnerable-study-frameworks-complete-list/
http://sourceforge.net/projects/virtualhacking/
http://bailey.st/blog/2010/09/14/pentest-lab-vulnerable-servers-applications-list/
Post-exploitation
http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
http://www.room362.com/blog/2011/9/6/post-exploitation-command-lists.html
Physical Security
Lockpicking course by Schuyler Towne http://www.youtube.com/watch?v=VVSL0liiWoc&list=PL66CD42F86F3A1F85&feature=plpp
Information Gathering
Maltego
Shodan
Google Dorks
Metadata
http://sourceforge.net/projects/virtualhacking/
Web app testing
http://michaelhendrickx.com/lilith
http://www.kenahack.com/2011/07/hth-sql-injection.html
Rainbow table
http://www.freerainbowtables.com
Password Lists
http://www.securityaegis.com/a-whole-lotta-passwords/
damn vulnerable linux: http://www.damnvulnerablelinux.org/
damn vulnerable web application: http://www.dvwa.co.uk/
damn vulnerable web services: http://dvws.secureideas.net/
metasploitable: http://blog.metasploit.com/2010/05/introducing-metasploitable.html
ultimate LAMP: http://www.vmware.com/appliances/directory/189
Recon phase
Secrets of Network Cartography: http://www.networkuptime.com/nmap/index.shtml
Exploits
http://www.exploit-db.com/
http://1337day.com/
http://www.vulnerability-lab.com/
http://www.securityaegis.com/the-big-fat-metasploit-post/
Vasto: Virtualization ASsesment TOolkit - http://vasto.nibblesec.org/
http://www.darkoperator.com/tools-and-scripts/
Breaking FDE: http://theinvisiblethings.blogspot.com/2009/10/evil-maid-goes-after-truecrypt.html
Framework
http://www.felipemartins.info/2011/05/pentesting-vulnerable-study-frameworks-complete-list/
http://sourceforge.net/projects/virtualhacking/
http://bailey.st/blog/2010/09/14/pentest-lab-vulnerable-servers-applications-list/
Post-exploitation
http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
http://www.room362.com/blog/2011/9/6/post-exploitation-command-lists.html
Physical Security
Lockpicking course by Schuyler Towne http://www.youtube.com/watch?v=VVSL0liiWoc&list=PL66CD42F86F3A1F85&feature=plpp
Information Gathering
Maltego
Shodan
Google Dorks
Metadata
http://sourceforge.net/projects/virtualhacking/
Web app testing
http://michaelhendrickx.com/lilith
http://www.kenahack.com/2011/07/hth-sql-injection.html
Rainbow table
http://www.freerainbowtables.com
Password Lists
http://www.securityaegis.com/a-whole-lotta-passwords/
(my) CTF archive
Sticky:
http://pentest.cryptocity.net/capture-the-flag/
http://capture.thefl.ag/calendar/
http://www.pimenidis.org/research/papers/hosting-a-hacking-challenge-22c3.pdf
http://ctfcentral.org/defcon/CTFList.html
write ups:
http://www.defcon.org/html/links/dc-ctf.html
http://www.vnsecurity.net/2010/05/defcon-18-quals-writeups-collection/
http://barok.foi.hr/~tkisason/
http://nopsr.us/
http://shallweplayaga.me/
http://rogunix.com/defconquals19.html
http://daxnitro.com/quals/index.html
Hack.lu CTF http://esec-lab.sogeti.com/post/Hack.lu-CTF-2011-Write-up-:-FluxScience
CSAW 2011 Python Reversing 200 http://esec-lab.sogeti.com/post/Hack.lu-CTF-2011-Write-up-:-FluxScience
http://localh0t.blogspot.com/2011/09/ekoparty-2011-ctf-httpd-daemon-buffer.html
http://pentest.cryptocity.net/capture-the-flag/
http://capture.thefl.ag/calendar/
http://www.pimenidis.org/research/papers/hosting-a-hacking-challenge-22c3.pdf
http://ctfcentral.org/defcon/CTFList.html
write ups:
http://www.defcon.org/html/links/dc-ctf.html
http://www.vnsecurity.net/2010/05/defcon-18-quals-writeups-collection/
http://barok.foi.hr/~tkisason/
http://nopsr.us/
http://shallweplayaga.me/
http://rogunix.com/defconquals19.html
http://daxnitro.com/quals/index.html
Hack.lu CTF http://esec-lab.sogeti.com/post/Hack.lu-CTF-2011-Write-up-:-FluxScience
CSAW 2011 Python Reversing 200 http://esec-lab.sogeti.com/post/Hack.lu-CTF-2011-Write-up-:-FluxScience
http://localh0t.blogspot.com/2011/09/ekoparty-2011-ctf-httpd-daemon-buffer.html
Forensic stuff
Cheat sheets
http://acme-labs.org.uk/galleries/47/0000/2345/forensic_cheatsheet.pdf
Digital Forensic War Game
http://real-forensic.com
Forensics workstation
http://computer-forensics.sans.org/community/downloads
HD Forensics
http://osforensics.com/tools/create-disk-images.html
Memory analysis
https://www.volatilesystems.com/default/volatility
http://mnin.blogspot.com/2011/06/examining-stuxnets-footprint-in-memory.html
Packet analysis
http://security.crudtastic.com/
sources:
http://windowsir.blogspot.com/
https://www.volatilesystems.com/default/volatility
http://centralops.net/co/
http://all.net/
timeline creation from images
http://computer-forensics.sans.org/blog/2009/02/24/digital-forensic-sifting-registry-and-filesystem-timel
https://5thsentinel.wordpress.com/2009/06/07/sans-sift-using-regtime-pl/
http://www.sleuthkit.org/sleuthkit/man/mactime.html
Windows analysis
https://bitbucket.org/Elie/owade/wiki/Home
http://acme-labs.org.uk/galleries/47/0000/2345/forensic_cheatsheet.pdf
Digital Forensic War Game
http://real-forensic.com
Forensics workstation
http://computer-forensics.sans.org/community/downloads
HD Forensics
http://osforensics.com/tools/create-disk-images.html
Memory analysis
https://www.volatilesystems.com/default/volatility
http://mnin.blogspot.com/2011/06/examining-stuxnets-footprint-in-memory.html
Packet analysis
http://security.crudtastic.com/
sources:
http://windowsir.blogspot.com/
https://www.volatilesystems.com/default/volatility
http://centralops.net/co/
http://all.net/
timeline creation from images
http://computer-forensics.sans.org/blog/2009/02/24/digital-forensic-sifting-registry-and-filesystem-timel
https://5thsentinel.wordpress.com/2009/06/07/sans-sift-using-regtime-pl/
http://www.sleuthkit.org/sleuthkit/man/mactime.html
Windows analysis
https://bitbucket.org/Elie/owade/wiki/Home
15 incredibly useful (and free) Microsoft tools for IT pros
Source: https://www.networkworld.com/slideshows/2011/071911-microsoft-tools.html
Summary of the tools: (also from the link above)
Summary of the tools: (also from the link above)
- WSCC – Windows System Control Center - Windows System Control Center is a one-stop downloader for almost 300 maintenance tools from Microsoft's Sysinternals and the ever-popular NirSoft suites.
- RichCopy 4.0 - This little Microsoft TechNet invention spares you the headache of learning, checking and retyping command lines.
- Microsoft Attack Surface Scanner - Microsoft's Attack Surface Scanner is a sort of checklist that helps you analyze security issues and plug possible vulnerabilities fast.
- Microsoft Standalone System Sweeper Tool - In case of a (deep) infection of boot files by viruses or rootkits, there's not much a real-time scanner can do. In that case, MSSSST (yes, that's Microsoft's naming convention at its best) creates a bootable CD, DVD or USB key that hosts an offline copy of Microsoft Security Essentials -– including all the latest signatures downloaded from MS servers beforehand.
- NoReplyAll add-in for Outlook 2007 and 2010 - "NoReplyAll" (a Microsoft Research Project) prevents e-mail recipients from forwarding or using "Reply All" to spread your e-mail to other co-workers.
Subscribe to:
Posts (Atom)