SlideShare ist ein Scribd-Unternehmen logo

Null dec 2014

‱Als PPT, PDF herunterladen‱
‱
R
Raghunath G

Presentation from Null HYD December Meet.

Internet
1 von 27
Myself – Self Boasting/ Self D**ba  Authored a book at an age of 21 (2nd edition WIP)  ISO 27001:2013 ISMS LA, CEH, CCNA, ECSA , JNCIP- SEC, JNCIS-SEC etc.  Featured in Deccan Chronicle, The Hindu, The HANS India, Eenadu, Vaartha, Saakshi, AndhraJyothi, Andhrabhoomi etc.  Interviewed by HMTV news channel  Reported vulnerabilities on 100+ popular websites and got lucky with more than 2 dozen of CVE-IDs  Reported BOF on Yahoo Messenger  Trained more than 10,000 people (Corporate + Students)  Currently working with TCS as Security Analyst Enough 


.Just Stop it


!
Where am I taking you now?  Hell, why do I need to listen to this ?  Introduction to barcodes  Breaking down EAN – 13  Your Weapons  Here comes the “heart” of this power-point deck  My experience with Barcode cracking a) XYZ MNC well-known barcode crack b) XYZ shopping mall etc  Brief Introduction on XSS, SQL etc. attacks via Paper, yeah it’s via PAPER
! or NEWS PAPER
! OMG
!
With barcode cracking, you can a) Buy a costly product at the rate of a cheap one b) Free entry to parties – free beers etc c) Free parking d) Bypassing access control - Get free attendance / break your friend’s attendance etc. Disclaimer: I am no way responsible for any mis-use of this technique. I am sharing it just for informational purposes. Why do I need to listen to this ?
 Introduced by Joseph Woodland and Bernard Silver in 1952  First used in ACI but failed and then started commercially on Wrigley company - chewing gum  Optical representation of data to uniquely identify items  Used for tickets, market items, books , parcel tracking, parking etc  Barcodes , Scanners / Verifiers  Barcode verifier standards a)  ISO/IEC 15416 (linear)       b)  ISO/IEC 15426-2 (2D) Introduction to Barcodes
Classification 1. 1D a) EAN – 13 (World-wide) b) UPC (USA, Canada etc) c) Code 128 d) CodeBar e) Plessey etc 2. 2D (More information) a) QR code b) Maxi code c) Aztec code etc 3. 3D (Basing on height) - To withstand high temperature or chemical environments
Slide – Manideep QR code Aztec Code Code 128
Why EAN 13? - Everywhere Book Deodorant Shirt
Moisturizer Shampoo Face wash Powder
Breaking down EAN 13 into pieces Do I need to learn this for doing hacks based on barcode??? - Yes
!
Country Code - 1st two/three digits
Manufacturer – Product code
Verifying check sum digit 1. Numbers at Even position are summed to value A #0+#2+#4+#6+#8+#10 = Value A [7+0+0+4+3+1 = 15 ] 2. Numbers at Odd position are summed and multiplied by 3 3*(#1+#3+#5+#7+#9+#11) = Value B [3* (5+1+5+5+0+0) = 48 ] 3. Value A + Value B = Value C [ 63 ] 4. Remainder of (value C /10) is taken as value D [ 3 ] 5. If check digit = (10 value D), the code read by the machine is correct. [ 7 ]‐
Initial Bit – Part 1 – Part 2 Ever wondered, How are those lines generated? 7 - 501054 - 530107
 Black – 1 and white space – 0  Borders: 101 (left and right) and Center: 01010 (middle) 7 – ABABAB <left border> 101 <part generated from A/B> 0110001 0100111 0011001 0100111 0110001 0011101 +<central > 01010 +< part generated from C > 1001110 1000010 1110010 1100110 1110010 1000100 <right border> 101 Fuzzy Buzzy


Finally
! 101 0110001 0100111 0011001 0100111 0110001 0011101 01010 1001110 1000010 1110010 1100110 1110010 1000100 101
At your own risk
!
Your weapons Barcode generators Online : http://www.terryburton.co.uk/barcodewriter/generator/ Offline : ByteScout barcode generator Barcode decoders http://www.onlinebarcodereader.com/ http://zxing.org/w/decode.jspx http://www.onlinebarcodescan.com/ http://online-barcode-reader.inliteresearch.com/ 1 – stop point for printers, stickers, labels, scanners etc http://www.barcodesinc.com/ http://www.3sindustries.in/
XYZ Shopping Mall Buy a product worth INR Rs 5000/- for INR Rs 1000/- Demo experience (Social Engineering*)
Other scenarios Drink beer at free of cost Access Control Magic’s Free Parking Corporate Asset Management etc
My Journey with “Beeeeeep” – MNC (well known) Demo Experience
XSS, SQL etc via PAPER



..!  QR codes  Below QR code for <script>alert("test")</script> (Demo) http://qrcode.kaywa.com/ More demo and in-details in next talk 
Questions????
Resources: www.barcodeisland.com http://www.phenoelit-us.org/stuff/StrichAufRechnung.pdf http://en.wikipedia.org/wiki/International_Article_Number_%28EAN%29
How can you reach me? https://in.linkedin.com/in/manideepk mani [ dot ] konakandla [at] gmail [dot] com

Empfohlen

Securitynewsbytes
SecuritynewsbytesSecuritynewsbytes
SecuritynewsbytesRaghunath G
 
CSM Storage Debugging
CSM Storage DebuggingCSM Storage Debugging
CSM Storage DebuggingzOSCommserver
 
Newsbytes_NULLHYD_Dec
Newsbytes_NULLHYD_DecNewsbytes_NULLHYD_Dec
Newsbytes_NULLHYD_DecRaghunath G
 
z/OS Through V2R1Communications Server Performance Functions Update
z/OS Through V2R1Communications Server Performance Functions Updatez/OS Through V2R1Communications Server Performance Functions Update
z/OS Through V2R1Communications Server Performance Functions UpdatezOSCommserver
 
Social engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekarSocial engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekarRaghunath G
 
Investor alert—investment scams exploit immigrant investor program
Investor alert—investment scams exploit immigrant investor programInvestor alert—investment scams exploit immigrant investor program
Investor alert—investment scams exploit immigrant investor programJames Lavigne
 
88001174636 Marvella city in haridwar
88001174636 Marvella city in haridwar 88001174636 Marvella city in haridwar
88001174636 Marvella city in haridwar Marvella city
 
So you want to retire in florida 1997 far
So you want to retire in florida 1997 farSo you want to retire in florida 1997 far
So you want to retire in florida 1997 farJames Lavigne
 

Empfohlen

Securitynewsbytes
SecuritynewsbytesSecuritynewsbytes
SecuritynewsbytesRaghunath G
 
CSM Storage Debugging
CSM Storage DebuggingCSM Storage Debugging
CSM Storage DebuggingzOSCommserver
 
Newsbytes_NULLHYD_Dec
Newsbytes_NULLHYD_DecNewsbytes_NULLHYD_Dec
Newsbytes_NULLHYD_DecRaghunath G
 
z/OS Through V2R1Communications Server Performance Functions Update
z/OS Through V2R1Communications Server Performance Functions Updatez/OS Through V2R1Communications Server Performance Functions Update
z/OS Through V2R1Communications Server Performance Functions UpdatezOSCommserver
 
Social engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekarSocial engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekarRaghunath G
 
Investor alert—investment scams exploit immigrant investor program
Investor alert—investment scams exploit immigrant investor programInvestor alert—investment scams exploit immigrant investor program
Investor alert—investment scams exploit immigrant investor programJames Lavigne
 
88001174636 Marvella city in haridwar
88001174636 Marvella city in haridwar 88001174636 Marvella city in haridwar
88001174636 Marvella city in haridwar Marvella city
 
So you want to retire in florida 1997 far
So you want to retire in florida 1997 farSo you want to retire in florida 1997 far
So you want to retire in florida 1997 farJames Lavigne
 
FunciĂłn BUSCARV
FunciĂłn BUSCARVFunciĂłn BUSCARV
FunciĂłn BUSCARVFrancisco Monteverde
 
Nomadic Display Instand Instructions
Nomadic Display Instand InstructionsNomadic Display Instand Instructions
Nomadic Display Instand InstructionsNomadic Display
 
Xss 101 by-sai-shanthan
Xss 101 by-sai-shanthanXss 101 by-sai-shanthan
Xss 101 by-sai-shanthanRaghunath G
 
Marvella city a complete township in haridwar
Marvella city a complete township in haridwarMarvella city a complete township in haridwar
Marvella city a complete township in haridwarMarvella city
 
Seh based exploitation
Seh based exploitationSeh based exploitation
Seh based exploitationRaghunath G
 
So you want to retire in florida 1997 far
So you want to retire in florida 1997 farSo you want to retire in florida 1997 far
So you want to retire in florida 1997 farJames Lavigne
 
Securitynewsbytes april2015-150418153901-conversion-gate01
Securitynewsbytes april2015-150418153901-conversion-gate01Securitynewsbytes april2015-150418153901-conversion-gate01
Securitynewsbytes april2015-150418153901-conversion-gate01Raghunath G
 
Heartbleed by-danish amber
Heartbleed by-danish amberHeartbleed by-danish amber
Heartbleed by-danish amberRaghunath G
 
Uga Webinar Series: building credibility as a young professional
Uga Webinar Series: building credibility as a young professionalUga Webinar Series: building credibility as a young professional
Uga Webinar Series: building credibility as a young professionalsteffan
 
Raspberry pi 2
Raspberry pi 2Raspberry pi 2
Raspberry pi 2Raghunath G
 
Buying a business in florida
Buying a business in floridaBuying a business in florida
Buying a business in floridaJames Lavigne
 
8800117436 Projects in Haridwar in MARVELLA CITY
8800117436 Projects in Haridwar in MARVELLA CITY8800117436 Projects in Haridwar in MARVELLA CITY
8800117436 Projects in Haridwar in MARVELLA CITYMarvella city
 
The art of_firewalking-by-sujay
The art of_firewalking-by-sujayThe art of_firewalking-by-sujay
The art of_firewalking-by-sujayRaghunath G
 
World Cup! Young Germany Guest Blogging
World Cup! Young Germany Guest BloggingWorld Cup! Young Germany Guest Blogging
World Cup! Young Germany Guest Bloggingsteffan
 
Binary Hash Tree based Certificate Access Management for Connected Vehicles (...
Binary Hash Tree based Certificate Access Management for Connected Vehicles (...Binary Hash Tree based Certificate Access Management for Connected Vehicles (...
Binary Hash Tree based Certificate Access Management for Connected Vehicles (...OnBoard Security, Inc. - a Qualcomm Company
 
Barcode invention &amp; evolution
Barcode invention &amp; evolutionBarcode invention &amp; evolution
Barcode invention &amp; evolutionFACTS Computer Software L.L.C
 
Barcode invention & evolution
Barcode invention & evolutionBarcode invention & evolution
Barcode invention & evolutionFACTS Computer Software L.L.C
 
Barcode invention & evolution
Barcode invention & evolutionBarcode invention & evolution
Barcode invention & evolutionFACTS Computer Software L.L.C
 
The (Io)Things you don't even need to hack. Should we worry?
The (Io)Things you don't even need to hack. Should we worry?The (Io)Things you don't even need to hack. Should we worry?
The (Io)Things you don't even need to hack. Should we worry?SecuRing
 
BARCODE TECHNOLOGY
BARCODE TECHNOLOGY BARCODE TECHNOLOGY
BARCODE TECHNOLOGY054JaiganeshM
 
Hyperchem Ma, badbarcode en_1109_nocomment-final
Hyperchem Ma, badbarcode en_1109_nocomment-finalHyperchem Ma, badbarcode en_1109_nocomment-final
Hyperchem Ma, badbarcode en_1109_nocomment-finalPacSecJP
 
Just Mouse Jack Init
Just Mouse Jack InitJust Mouse Jack Init
Just Mouse Jack Initantitree
 

Weitere Àhnliche Inhalte

Andere mochten auch

Nomadic Display Instand Instructions
Nomadic Display Instand InstructionsNomadic Display Instand Instructions
Nomadic Display Instand InstructionsNomadic Display
 
Xss 101 by-sai-shanthan
Xss 101 by-sai-shanthanXss 101 by-sai-shanthan
Xss 101 by-sai-shanthanRaghunath G
 
Marvella city a complete township in haridwar
Marvella city a complete township in haridwarMarvella city a complete township in haridwar
Marvella city a complete township in haridwarMarvella city
 
Seh based exploitation
Seh based exploitationSeh based exploitation
Seh based exploitationRaghunath G
 
So you want to retire in florida 1997 far
So you want to retire in florida 1997 farSo you want to retire in florida 1997 far
So you want to retire in florida 1997 farJames Lavigne
 
Securitynewsbytes april2015-150418153901-conversion-gate01
Securitynewsbytes april2015-150418153901-conversion-gate01Securitynewsbytes april2015-150418153901-conversion-gate01
Securitynewsbytes april2015-150418153901-conversion-gate01Raghunath G
 
Heartbleed by-danish amber
Heartbleed by-danish amberHeartbleed by-danish amber
Heartbleed by-danish amberRaghunath G
 
Uga Webinar Series: building credibility as a young professional
Uga Webinar Series: building credibility as a young professionalUga Webinar Series: building credibility as a young professional
Uga Webinar Series: building credibility as a young professionalsteffan
 
Raspberry pi 2
Raspberry pi 2Raspberry pi 2
Raspberry pi 2Raghunath G
 
Buying a business in florida
Buying a business in floridaBuying a business in florida
Buying a business in floridaJames Lavigne
 
8800117436 Projects in Haridwar in MARVELLA CITY
8800117436 Projects in Haridwar in MARVELLA CITY8800117436 Projects in Haridwar in MARVELLA CITY
8800117436 Projects in Haridwar in MARVELLA CITYMarvella city
 
The art of_firewalking-by-sujay
The art of_firewalking-by-sujayThe art of_firewalking-by-sujay
The art of_firewalking-by-sujayRaghunath G
 
World Cup! Young Germany Guest Blogging
World Cup! Young Germany Guest BloggingWorld Cup! Young Germany Guest Blogging
World Cup! Young Germany Guest Bloggingsteffan
 

Andere mochten auch (14)

FunciĂłn BUSCARV
FunciĂłn BUSCARVFunciĂłn BUSCARV
FunciĂłn BUSCARV
 
Nomadic Display Instand Instructions
Nomadic Display Instand InstructionsNomadic Display Instand Instructions
Nomadic Display Instand Instructions
 
Xss 101 by-sai-shanthan
Xss 101 by-sai-shanthanXss 101 by-sai-shanthan
Xss 101 by-sai-shanthan
 
Marvella city a complete township in haridwar
Marvella city a complete township in haridwarMarvella city a complete township in haridwar
Marvella city a complete township in haridwar
 
Seh based exploitation
Seh based exploitationSeh based exploitation
Seh based exploitation
 
So you want to retire in florida 1997 far
So you want to retire in florida 1997 farSo you want to retire in florida 1997 far
So you want to retire in florida 1997 far
 
Securitynewsbytes april2015-150418153901-conversion-gate01
Securitynewsbytes april2015-150418153901-conversion-gate01Securitynewsbytes april2015-150418153901-conversion-gate01
Securitynewsbytes april2015-150418153901-conversion-gate01
 
Heartbleed by-danish amber
Heartbleed by-danish amberHeartbleed by-danish amber
Heartbleed by-danish amber
 
Uga Webinar Series: building credibility as a young professional
Uga Webinar Series: building credibility as a young professionalUga Webinar Series: building credibility as a young professional
Uga Webinar Series: building credibility as a young professional
 
Raspberry pi 2
Raspberry pi 2Raspberry pi 2
Raspberry pi 2
 
Buying a business in florida
Buying a business in floridaBuying a business in florida
Buying a business in florida
 
8800117436 Projects in Haridwar in MARVELLA CITY
8800117436 Projects in Haridwar in MARVELLA CITY8800117436 Projects in Haridwar in MARVELLA CITY
8800117436 Projects in Haridwar in MARVELLA CITY
 
The art of_firewalking-by-sujay
The art of_firewalking-by-sujayThe art of_firewalking-by-sujay
The art of_firewalking-by-sujay
 
World Cup! Young Germany Guest Blogging
World Cup! Young Germany Guest BloggingWorld Cup! Young Germany Guest Blogging
World Cup! Young Germany Guest Blogging
 

Ähnlich wie Null dec 2014

Binary Hash Tree based Certificate Access Management for Connected Vehicles (...
Binary Hash Tree based Certificate Access Management for Connected Vehicles (...Binary Hash Tree based Certificate Access Management for Connected Vehicles (...
Binary Hash Tree based Certificate Access Management for Connected Vehicles (...OnBoard Security, Inc. - a Qualcomm Company
 
The (Io)Things you don't even need to hack. Should we worry?
The (Io)Things you don't even need to hack. Should we worry?The (Io)Things you don't even need to hack. Should we worry?
The (Io)Things you don't even need to hack. Should we worry?SecuRing
 
BARCODE TECHNOLOGY
BARCODE TECHNOLOGY BARCODE TECHNOLOGY
BARCODE TECHNOLOGY054JaiganeshM
 
Hyperchem Ma, badbarcode en_1109_nocomment-final
Hyperchem Ma, badbarcode en_1109_nocomment-finalHyperchem Ma, badbarcode en_1109_nocomment-final
Hyperchem Ma, badbarcode en_1109_nocomment-finalPacSecJP
 
Just Mouse Jack Init
Just Mouse Jack InitJust Mouse Jack Init
Just Mouse Jack Initantitree
 
Digipass Instrumentation for Fun and Profit - DefCamp 2012
Digipass Instrumentation for Fun and Profit - DefCamp 2012Digipass Instrumentation for Fun and Profit - DefCamp 2012
Digipass Instrumentation for Fun and Profit - DefCamp 2012DefCamp
 
Cant touch this: cloning any Android HCE contactless card
Cant touch this: cloning any Android HCE contactless cardCant touch this: cloning any Android HCE contactless card
Cant touch this: cloning any Android HCE contactless cardSlawomir Jasek
 
Discussion RubricPage 1 of 8 1. I
Discussion RubricPage 1 of 8 1. IDiscussion RubricPage 1 of 8 1. I
Discussion RubricPage 1 of 8 1. ILyndonPelletier761
 
Project_report_on_Attendance_system
Project_report_on_Attendance_system Project_report_on_Attendance_system
Project_report_on_Attendance_systemAmi Goswami
 
seminar-on-barcodes
seminar-on-barcodesseminar-on-barcodes
seminar-on-barcodesalibefkani
 
Barcode Decoder
Barcode DecoderBarcode Decoder
Barcode DecoderArijitDhali
 
smartcard-120830090352-phpapp02.pdf
smartcard-120830090352-phpapp02.pdfsmartcard-120830090352-phpapp02.pdf
smartcard-120830090352-phpapp02.pdfssuser5b47c8
 
Building of heart beat rate monitor &amp; object detector by md syeduzzaman s...
Building of heart beat rate monitor &amp; object detector by md syeduzzaman s...Building of heart beat rate monitor &amp; object detector by md syeduzzaman s...
Building of heart beat rate monitor &amp; object detector by md syeduzzaman s...Syeduzzaman Sohag
 
How does a barcode scanner work.pdf
How does a barcode scanner work.pdfHow does a barcode scanner work.pdf
How does a barcode scanner work.pdfBarcode Live
 
GDGPH Hack Fair Presentation
GDGPH Hack Fair PresentationGDGPH Hack Fair Presentation
GDGPH Hack Fair PresentationMithi Sevilla
 
Lesson 4 binary numbers
Lesson 4 binary numbersLesson 4 binary numbers
Lesson 4 binary numberstmoncrieff
 

Ähnlich wie Null dec 2014 (20)

Binary Hash Tree based Certificate Access Management for Connected Vehicles (...
Binary Hash Tree based Certificate Access Management for Connected Vehicles (...Binary Hash Tree based Certificate Access Management for Connected Vehicles (...
Binary Hash Tree based Certificate Access Management for Connected Vehicles (...
 
Barcode invention &amp; evolution
Barcode invention &amp; evolutionBarcode invention &amp; evolution
Barcode invention &amp; evolution
 
Barcode invention & evolution
Barcode invention & evolutionBarcode invention & evolution
Barcode invention & evolution
 
Barcode invention & evolution
Barcode invention & evolutionBarcode invention & evolution
Barcode invention & evolution
 
The (Io)Things you don't even need to hack. Should we worry?
The (Io)Things you don't even need to hack. Should we worry?The (Io)Things you don't even need to hack. Should we worry?
The (Io)Things you don't even need to hack. Should we worry?
 
BARCODE TECHNOLOGY
BARCODE TECHNOLOGY BARCODE TECHNOLOGY
BARCODE TECHNOLOGY
 
Hyperchem Ma, badbarcode en_1109_nocomment-final
Hyperchem Ma, badbarcode en_1109_nocomment-finalHyperchem Ma, badbarcode en_1109_nocomment-final
Hyperchem Ma, badbarcode en_1109_nocomment-final
 
Just Mouse Jack Init
Just Mouse Jack InitJust Mouse Jack Init
Just Mouse Jack Init
 
Digipass Instrumentation for Fun and Profit - DefCamp 2012
Digipass Instrumentation for Fun and Profit - DefCamp 2012Digipass Instrumentation for Fun and Profit - DefCamp 2012
Digipass Instrumentation for Fun and Profit - DefCamp 2012
 
Cant touch this: cloning any Android HCE contactless card
Cant touch this: cloning any Android HCE contactless cardCant touch this: cloning any Android HCE contactless card
Cant touch this: cloning any Android HCE contactless card
 
Discussion RubricPage 1 of 8 1. I
Discussion RubricPage 1 of 8 1. IDiscussion RubricPage 1 of 8 1. I
Discussion RubricPage 1 of 8 1. I
 
Project_report_on_Attendance_system
Project_report_on_Attendance_system Project_report_on_Attendance_system
Project_report_on_Attendance_system
 
seminar-on-barcodes
seminar-on-barcodesseminar-on-barcodes
seminar-on-barcodes
 
Barcode Decoder
Barcode DecoderBarcode Decoder
Barcode Decoder
 
smartcard-120830090352-phpapp02.pdf
smartcard-120830090352-phpapp02.pdfsmartcard-120830090352-phpapp02.pdf
smartcard-120830090352-phpapp02.pdf
 
Sprague Ackley, Technologist, Intermec
Sprague Ackley, Technologist, IntermecSprague Ackley, Technologist, Intermec
Sprague Ackley, Technologist, Intermec
 
Building of heart beat rate monitor &amp; object detector by md syeduzzaman s...
Building of heart beat rate monitor &amp; object detector by md syeduzzaman s...Building of heart beat rate monitor &amp; object detector by md syeduzzaman s...
Building of heart beat rate monitor &amp; object detector by md syeduzzaman s...
 
How does a barcode scanner work.pdf
How does a barcode scanner work.pdfHow does a barcode scanner work.pdf
How does a barcode scanner work.pdf
 
GDGPH Hack Fair Presentation
GDGPH Hack Fair PresentationGDGPH Hack Fair Presentation
GDGPH Hack Fair Presentation
 
Lesson 4 binary numbers
Lesson 4 binary numbersLesson 4 binary numbers
Lesson 4 binary numbers
 

Mehr von Raghunath G

Whats app forensic
Whats app forensicWhats app forensic
Whats app forensicRaghunath G
 
Analysis of malicious pdf
Analysis of malicious pdfAnalysis of malicious pdf
Analysis of malicious pdfRaghunath G
 
Mobile application security 101
Mobile application security 101Mobile application security 101
Mobile application security 101Raghunath G
 
Security News Bytes
Security News BytesSecurity News Bytes
Security News BytesRaghunath G
 
Is iso 27001, an answer to security
Is iso 27001, an answer to securityIs iso 27001, an answer to security
Is iso 27001, an answer to securityRaghunath G
 
Null HYD Playing with shodan null
Null HYD Playing with shodan nullNull HYD Playing with shodan null
Null HYD Playing with shodan nullRaghunath G
 
Null HYD VRTDOS
Null HYD VRTDOSNull HYD VRTDOS
Null HYD VRTDOSRaghunath G
 
Metasploit
MetasploitMetasploit
MetasploitRaghunath G
 
Null July - OWTF - Bharadwaj Machiraju
Null July - OWTF - Bharadwaj MachirajuNull July - OWTF - Bharadwaj Machiraju
Null July - OWTF - Bharadwaj MachirajuRaghunath G
 
Security News Bytes
Security News BytesSecurity News Bytes
Security News BytesRaghunath G
 
Decoy documents
Decoy documentsDecoy documents
Decoy documentsRaghunath G
 
Spear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishnaSpear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishnaRaghunath G
 
Netcat 101 by-mahesh-beema
Netcat 101 by-mahesh-beemaNetcat 101 by-mahesh-beema
Netcat 101 by-mahesh-beemaRaghunath G
 

Mehr von Raghunath G (13)

Whats app forensic
Whats app forensicWhats app forensic
Whats app forensic
 
Analysis of malicious pdf
Analysis of malicious pdfAnalysis of malicious pdf
Analysis of malicious pdf
 
Mobile application security 101
Mobile application security 101Mobile application security 101
Mobile application security 101
 
Security News Bytes
Security News BytesSecurity News Bytes
Security News Bytes
 
Is iso 27001, an answer to security
Is iso 27001, an answer to securityIs iso 27001, an answer to security
Is iso 27001, an answer to security
 
Null HYD Playing with shodan null
Null HYD Playing with shodan nullNull HYD Playing with shodan null
Null HYD Playing with shodan null
 
Null HYD VRTDOS
Null HYD VRTDOSNull HYD VRTDOS
Null HYD VRTDOS
 
Metasploit
MetasploitMetasploit
Metasploit
 
Null July - OWTF - Bharadwaj Machiraju
Null July - OWTF - Bharadwaj MachirajuNull July - OWTF - Bharadwaj Machiraju
Null July - OWTF - Bharadwaj Machiraju
 
Security News Bytes
Security News BytesSecurity News Bytes
Security News Bytes
 
Decoy documents
Decoy documentsDecoy documents
Decoy documents
 
Spear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishnaSpear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishna
 
Netcat 101 by-mahesh-beema
Netcat 101 by-mahesh-beemaNetcat 101 by-mahesh-beema
Netcat 101 by-mahesh-beema
 

KĂŒrzlich hochgeladen

Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Standkumarajju5765
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 
horny (9316020077 ) Goa Call Girls Service by VIP Call Girls in Goa
horny (9316020077 ) Goa Call Girls Service by VIP Call Girls in Goahorny (9316020077 ) Goa Call Girls Service by VIP Call Girls in Goa
horny (9316020077 ) Goa Call Girls Service by VIP Call Girls in Goasexy call girls service in goa
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)Damian Radcliffe
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Call Girls in Nagpur High Profile
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirtrahman018755
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxellan12
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girladitipandeya
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔☆9289244007✔☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔☆9289244007✔☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔☆9289244007✔☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔☆9289244007✔☆ Female E...SofiyaSharma5
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
 
Call Girls Service Chandigarh Lucky ❀ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❀ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❀ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❀ 7710465962 Independent Call Girls In C...Sheetaleventcompany
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
All Time Service Available Call Girls Mg Road 👌 ⏭ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭ 6378878445ruhi
 
Call Girls in Mayur Vihar ✔ 9711199171 ✔ Delhi ✔ Enjoy Call Girls With Our...
Call Girls in Mayur Vihar ✔ 9711199171 ✔ Delhi ✔ Enjoy Call Girls With Our...Call Girls in Mayur Vihar ✔ 9711199171 ✔ Delhi ✔ Enjoy Call Girls With Our...
Call Girls in Mayur Vihar ✔ 9711199171 ✔ Delhi ✔ Enjoy Call Girls With Our...sonatiwari757
 

KĂŒrzlich hochgeladen (20)

Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
horny (9316020077 ) Goa Call Girls Service by VIP Call Girls in Goa
horny (9316020077 ) Goa Call Girls Service by VIP Call Girls in Goahorny (9316020077 ) Goa Call Girls Service by VIP Call Girls in Goa
horny (9316020077 ) Goa Call Girls Service by VIP Call Girls in Goa
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
 
Call Girls In Noida đŸ“± 9999965857 đŸ€© Delhi đŸ«Š HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In Noida đŸ“± 9999965857 đŸ€© Delhi đŸ«Š HOT AND SEXY VVIP 🍎 SERVICECall Girls In Noida đŸ“± 9999965857 đŸ€© Delhi đŸ«Š HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In Noida đŸ“± 9999965857 đŸ€© Delhi đŸ«Š HOT AND SEXY VVIP 🍎 SERVICE
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔☆9289244007✔☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔☆9289244007✔☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔☆9289244007✔☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔☆9289244007✔☆ Female E...
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Call Girls Service Chandigarh Lucky ❀ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❀ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❀ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❀ 7710465962 Independent Call Girls In C...
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
 
All Time Service Available Call Girls Mg Road 👌 ⏭ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭ 6378878445
 
Call Girls in Mayur Vihar ✔ 9711199171 ✔ Delhi ✔ Enjoy Call Girls With Our...
Call Girls in Mayur Vihar ✔ 9711199171 ✔ Delhi ✔ Enjoy Call Girls With Our...Call Girls in Mayur Vihar ✔ 9711199171 ✔ Delhi ✔ Enjoy Call Girls With Our...
Call Girls in Mayur Vihar ✔ 9711199171 ✔ Delhi ✔ Enjoy Call Girls With Our...
 

Null dec 2014

  • 1.
  • 2. Myself – Self Boasting/ Self D**ba  Authored a book at an age of 21 (2nd edition WIP)  ISO 27001:2013 ISMS LA, CEH, CCNA, ECSA , JNCIP- SEC, JNCIS-SEC etc.  Featured in Deccan Chronicle, The Hindu, The HANS India, Eenadu, Vaartha, Saakshi, AndhraJyothi, Andhrabhoomi etc.  Interviewed by HMTV news channel  Reported vulnerabilities on 100+ popular websites and got lucky with more than 2 dozen of CVE-IDs  Reported BOF on Yahoo Messenger  Trained more than 10,000 people (Corporate + Students)  Currently working with TCS as Security Analyst Enough 


.Just Stop it


!
  • 3. Where am I taking you now?  Hell, why do I need to listen to this ?  Introduction to barcodes  Breaking down EAN – 13  Your Weapons  Here comes the “heart” of this power-point deck  My experience with Barcode cracking a) XYZ MNC well-known barcode crack b) XYZ shopping mall etc  Brief Introduction on XSS, SQL etc. attacks via Paper, yeah it’s via PAPER
! or NEWS PAPER
! OMG
!
  • 4. With barcode cracking, you can a) Buy a costly product at the rate of a cheap one b) Free entry to parties – free beers etc c) Free parking d) Bypassing access control - Get free attendance / break your friend’s attendance etc. Disclaimer: I am no way responsible for any mis-use of this technique. I am sharing it just for informational purposes. Why do I need to listen to this ?
  • 5.  Introduced by Joseph Woodland and Bernard Silver in 1952  First used in ACI but failed and then started commercially on Wrigley company - chewing gum  Optical representation of data to uniquely identify items  Used for tickets, market items, books , parcel tracking, parking etc  Barcodes , Scanners / Verifiers  Barcode verifier standards a)  ISO/IEC 15416 (linear)       b)  ISO/IEC 15426-2 (2D) Introduction to Barcodes
  • 6. Classification 1. 1D a) EAN – 13 (World-wide) b) UPC (USA, Canada etc) c) Code 128 d) CodeBar e) Plessey etc 2. 2D (More information) a) QR code b) Maxi code c) Aztec code etc 3. 3D (Basing on height) - To withstand high temperature or chemical environments
  • 7. Slide – Manideep QR code Aztec Code Code 128
  • 8. Why EAN 13? - Everywhere Book Deodorant Shirt
  • 10. Breaking down EAN 13 into pieces Do I need to learn this for doing hacks based on barcode??? - Yes
!
  • 11. Country Code - 1st two/three digits
  • 13.
  • 14. Verifying check sum digit 1. Numbers at Even position are summed to value A #0+#2+#4+#6+#8+#10 = Value A [7+0+0+4+3+1 = 15 ] 2. Numbers at Odd position are summed and multiplied by 3 3*(#1+#3+#5+#7+#9+#11) = Value B [3* (5+1+5+5+0+0) = 48 ] 3. Value A + Value B = Value C [ 63 ] 4. Remainder of (value C /10) is taken as value D [ 3 ] 5. If check digit = (10 value D), the code read by the machine is correct. [ 7 ]‐
  • 15. Initial Bit – Part 1 – Part 2 Ever wondered, How are those lines generated? 7 - 501054 - 530107
  • 16.  Black – 1 and white space – 0  Borders: 101 (left and right) and Center: 01010 (middle) 7 – ABABAB <left border> 101 <part generated from A/B> 0110001 0100111 0011001 0100111 0110001 0011101 +<central > 01010 +< part generated from C > 1001110 1000010 1110010 1100110 1110010 1000100 <right border> 101 Fuzzy Buzzy


  • 17. Finally
! 101 0110001 0100111 0011001 0100111 0110001 0011101 01010 1001110 1000010 1110010 1100110 1110010 1000100 101
  • 18. At your own risk
!
  • 19. Your weapons Barcode generators Online : http://www.terryburton.co.uk/barcodewriter/generator/ Offline : ByteScout barcode generator Barcode decoders http://www.onlinebarcodereader.com/ http://zxing.org/w/decode.jspx http://www.onlinebarcodescan.com/ http://online-barcode-reader.inliteresearch.com/ 1 – stop point for printers, stickers, labels, scanners etc http://www.barcodesinc.com/ http://www.3sindustries.in/
  • 20. XYZ Shopping Mall Buy a product worth INR Rs 5000/- for INR Rs 1000/- Demo experience (Social Engineering*)
  • 21.
  • 22. Other scenarios Drink beer at free of cost Access Control Magic’s Free Parking Corporate Asset Management etc
  • 23. My Journey with “Beeeeeep” – MNC (well known) Demo Experience
  • 24. XSS, SQL etc via PAPER



..!  QR codes  Below QR code for <script>alert("test")</script> (Demo) http://qrcode.kaywa.com/ More demo and in-details in next talk 
  • 27. How can you reach me? https://in.linkedin.com/in/manideepk mani [ dot ] konakandla [at] gmail [dot] com