Thursday, June 7, 2012

Linked in password breach. How to check if you are effected?

Just heard the new of linked account breach.  Quickly came up with this shell command to check if your password is compromised. Just replace the mypassword with your password.


$ wget -qO- http://www.leakedin.org/?check=`echo -n "mypassword" | openssl sha1` | grep 'class="danger-zone"' | grep -Po ">.*?<" | head -n1

If your password hash is in the compromised list then the command will echo following message 
>Your password was leaked and cracked. <

Credits: Due credit goes to  http://www.leakedin.org , whose back end this command uses.


Posted by at No comments:

Thursday, May 10, 2012

Spoofing Speedtest results for your ISP



Finally after a good 4 hours I was finally able to crack speedtest.net results. Pic above is the report generated by speedtest for my broadband speed and hosted at their portal at http://www.speedtest.net/result/1939485616.png.

I wont be detailing on the path I took to crack speedtest results as that would be a long post in itself. But I can share a single linux command that will let you generate speedtest results of your choice. Below is the syntax of the command. 

DOWNLOAD=<downloadspeed-kbits>; UPLOAD=<uploadspeed-kbits&gt; PING=<pinglatency-ms>SERVER=<server-id>; wget --referer=http://c.speedtest.net/flash/speedtest.swf -qO-  --post-data="download=$DOWNLOAD&ping=$PING&upload=$UPLOAD&promo=90&startmode=flyok&recommendedserverid=$SERVER&accuracy=1&serverid=$SERVER&hash=`echo -n \"$PING-$UPLOAD-$DOWNLOAD-297aae72\" | openssl md5`" http://www.speedtest.net/api/api.php  | grep -Po "resultid=\d+?&" | sed "s#resultid=#http://www.speedtest.net/result/##" | sed "s/\&/\.png/"

Before issuing the command just replace the <pinglatency-ms> , <downloadspeed-kbits> , <uploadspeed-kbits>  and <server-id> with the values you want. For example if I want to report download speed of 100Kbps , upload speed of 200Kbps ,ping latency of 10 milli seconds against speedtest server id=1718 (this is sever located at mumbai) then the command I give on shell prompt will be: 


$  DOWNLOAD=100;UPLOAD=200;PING=10;SERVER=1718; wget --referer=http://c.speedtest.net/flash/speedtest.swf -qO-  --post-data="download=$DOWNLOAD&ping=$PING&upload=$UPLOAD&promo=90&startmode=flyok&recommendedserverid=$SERVER&accuracy=1&serverid=$SERVER&hash=`echo -n \"$PING-$UPLOAD-$DOWNLOAD-297aae72\" | openssl md5`" http://www.speedtest.net/api/api.php  | grep -Po "resultid=\d+?&" | sed "s#resultid=#http://www.speedtest.net/result/##" | sed "s/\&/\.png/"

Output:


http://www.speedtest.net/result/1943250367.png

Output of this command will be a url over which you can see your results. For example the result of the above command was:

http://www.speedtest.net/result/1943250367.png



ServerID

To change the server in the above results you can need to send a server id which uniquely identifies a speedtest server across the globe. To get the list of these servers and there corresponding id's run the command below from you shell prompt;

$ wget -qO- http://www.speedtest.net/speedtest-servers.php | grep -Po "name=.*\sid=\"\d+\"" | sed "s/sponsor.*id/id/"

Output:
..
name="Anantapur" country="India" countrycode="IN" id="2579"
name="Chennai" country="India" countrycode="IN" id="2583"
name="Chennai" country="India" countrycode="IN" id="1826"
name="Bangalore" country="India" countrycode="IN" id="2564"
...


History


This small project started with a post by a friend on Facebook "To my friends in third world countries". Attached was a result image from speedtest.net mentioning his broadband speed. The results were impressive and I instantly felt that feeling of envy cropping up somewhere as I am stuck with a shared airtel dsl *broadband* which unfortunately I have to share with 25 other residents :-( . 

Any ways , that result instantly made me curious about how speedtest measures speeds that you experience and most importantly if its possible to spoof it. I was sure of one thing though that most of the speed measurement logic would be performed at the client side by download/uploading some data to speedtest server. Unfortunately life being Life, I got busy with some stuff and lost my focus on the problem. This status quo was broken after a long time when three days back two more of my friends posted there speedtest results. 




This immediately brought the problem back into my focus and set out to find a solution to it. Fortunately it took only 4 hours to crack the speedtest results. Its much longer than I had expected which I attribute to some measures taken by speedtest to protect the integrity of the results results being posted. 



Hope this info helps

~Vaibhav

Posted by at 4 comments:

Wednesday, April 20, 2011

How not to loose your phone

A background first. This is coming from a person who has lost 4 cell phones in last 3 years , all in different circumstances. This makes me unique among the people that I know who have achieved a steady rate of losing a phone which is in excess of 1 Mobile/year. Statistically speaking I will loose my new phone by March, 2012.

Each time I have lost a phone, I have gone into a post traumatic syndrome for atleast a week and spend some good time rebuilding my lost phone book on my old & faithful Nokia 6610. My Nokia 6610 is the only phone i have managed to save for long time of 6 years .

My 6610, because of its current condition gives me the surety that any cunning mobile thief will have to spend some good amount of bucks to get it into enough good shape so that it can be sold, which makes this phone a very bad option to steal in financial perspective. Using this phone, though is terrible experience for me but still gives me enough peace of mind that I can use it while I am at public places. After all I have nothing to loose but a small plastic box that can barely make calls and has to be hooked to ventilator (read vintage charger) for most of the day. So loosing this phone will be me having revenge from the thief rather than vice versa :-)

I have lost so many phone that I may seem like a last person to take advice from, but believe me that having so many diverse experiences in this field make me as good as honorable Mr. A. Raja who can give you perfect advice as to what not to do while taking a bribe. I learn mostly by doing mistakes and learning from other people mistakes. Each of these incidents have taught me some valuable lessons on how to take care of your mobile phone and look out for .

To be continued...

Posted by at No comments:

Saturday, January 23, 2010

Hello Teleca

I am joining Teleca, Bangalore on Monday 25 Jan. Teleca is a core mobile focused organization having expertise on all major mobile platforms including Symbian, Android , WinMo etc. 

Looking forwards to great work there.




Posted by at No comments:

Farewell to Impetus


My journey here at impetus ends after exactly 3 Years , 1 Month and 12 Days . 

 

Exactly 1139 Days ago I embarked on this wonderful jounrney and the experience of the very first day is still vivid in my memory . All those fear ,uncertainties and anxieties attributed to a fresher were all swayed away , once I began working with you guys. These three years have been a great learning experience for me in both professional as well as personal way and I am thankful to you all for making them so special . I pride myself to be in the company of such a wonderful group of talented colleagues and friends like you. Impetus is my very first professional experience and thanks to you guys for making it one of the best personal experience of my life so far.

 

Some things that I take as being permanently imprinted on the canvas of my memory.

...

·         Suthrarji’s Carrom performance

·         Teatime meeting at Terrace

·         Guruji’s Diksha Everyday

·         Aditya’s Jokes and Cartoons

·         Abhijit’s Supervision

...

The list goes on with no visible ends in both directions.

 

I wish all of you success in each of your endeavors and a great life ahead. I sincerely hope that we will meet again at some point in the future.  It was a honor and great pleasure working with you all.

 

Goodbye :-) 

Posted by at No comments:

Sunday, August 10, 2008

Lifeblog post


Lifeblog post, originally uploaded by vaibhavj02.

Sun 10/08/2008 20:42 10082008462 Back to indore

Posted by at No comments:

Lifeblog post


Lifeblog post, originally uploaded by vaibhavj02.

Sun 10/08/2008 20:42 10082008460 Back to indore

Posted by at No comments:
Subscribe to: Posts (Atom)