The YEHG was established in Jan 2008 by a small group of young but mature people. The initiatives broke out in the hope of united force that can beat any obstacles and accomplish any goals we desire. We are NOT BLACK Hats. We are not concerned with or employed by Myanmar Government or any organizations.

Mission

To become one of the best, respectable, powerful groups in the world who’re ever dedicating their lives in ethical hacking and countermeasures.

Objectives

1. To share each other in learning new skills, researches and developments
2. To help each other’s desired goal all together

Please see our home page for complete services.

Our papers and articles are made pretty easy-to-follow, short and simple but informative for every IT professional. We don't use big jargons.

• An Apache Trick to protect sensitive/backup files
  Nov 2008
  
  
• An Apache Trick to prevent Shell File Attack
  Nov 2008
  
  
• Things to do When you got hacked
  Nov 2008
  
  
• Ongoing Web Application Security Model (OWA-SM)
  May 2008
  
  
• Hunting for Backdoor Scripts
  March 27, 2008
  
  
• Web Browser Plugins Vulnerabilities
  => [Download controller.php]
  Feb 7, 2008
  
  
• Ways to Protect Sensitive Files & Directories
  Jan 29, 2008
  
  
• Why Session Protection Fails
  Jan 29, 2008
  
  
• Security Professional How to
  Jan 28, 2008
  
  
• Directory Bruteforce Attack
  Jan 09, 2008
  
  
• Causes Of Security Flaws 101
  Jan 07, 2008
  
  
• What XSS Can Do
  Jan 02, 2008
  
  
• Defeating X-Rummer Spam Bot
  Feb 19, 2007
  
  
• Disclosure Vulnerability:phpinfo
  Jul 16, 2006
  
  
• Disclosure Vulnerability:robots.txt
  Jul 16, 2006
  
  
• Next-Generation Phishing Attack
  May 13, 2006

• A Nice Approach to IT Certifications
  Jan 07 , 2006
  
  

Our presentations about our thoughts of security:

• Introducing Malware Script Detector   [@SlideShare.net]
• Php5 Built-in String Filter Functions For Security   [@SlideShare.net]
• A Dark Intro To Google Hacking   [@SlideShare.net]
• Better Study Strategies    [@SlideShare.net]
• What a perfect whitehat!    [@SlideShare.net]

For those dedicated stuffs like Joomla!, we write targeted tools. For others, we add new/improve plugins in w3af (Web Application Audit and Attack Framework) for generic web application bugs. We've become a part of w3af team. Submit ideas/tool requests based on your findings/experience via the contact form.

• W3af Plugins
  1. /plugins/discovery/phpinfo.py
     We improved it by adding phpinfo() configuration audit checks feature from our greasemonkey phpinfosechecker.
  2. /plugins/discovery/fingerprint_WAF.py
     We contributed four signatures - F5 Traffic Shield, NetContinuum, TEROS, BinarySec
     
     
  3. /plugins/discovery/findBackdoor.py
     We added a dozen of new shell file names to database.
     
     
  4. /plugins/grep/findComments.py
     We added 'secret','@', 'email','security','captcha' to self._interestingWords
     
     
• Joomla! Security/Vulnerability Scanner
  Description: A regularly-updated scanner that can detect file inclusion, sql injection, command execution vulnerabilities of a target Joomla! web site.

  Requirements: Perl

  Start-Date: Dec 2008

  
  
• Web Firewall Stress Tester
  Description: A tool to be used for newly created OSS web firewall/proxy/servers 'coz I found vulnerability in this way. Submit (GET/POST/HEAD) user-defined packets to web firewall to test its security strength. Tell you at which packet length a firewall will crash. Good for Heap/buffer overflow hunting.
  [REQUEST] <----> | Web Firewall | <----> [WebServer]

  Requirements: Perl

  Date: Nov 2008

  
  
• Web Firewall Detector
  Description: Typical Web Firewalls use a mechanism to classify anomaly traffics. This tool submits an old-school malicious (not dangerous) request, and tells you the type of firewall a particular web site use (if any). Mainly useful for blackbox security assessment. Coded years ago. Ref: Web Hacking Exposed 2nd Edition, ISBN:9780072262995
  [REQUEST] <----> | Web Firewall | <----> [WebServer]

  Requirements: Perl

  Date: Nov 2008

  No longer updated. We've contributed this wafd's signatures to w3af finger_WAF.py plugin.

  
  
• WFuzzFE
  Description: WFuzz FrontEnd (WFuzz UI) is what we just wrap GUI to the all-time famous wfuzz.py by Carlos del ojo & Christian Martorella (Edge-security.com). WFuzz is known as a Web Brute Forcer. It's a tool that got its fame thanks to its multithreading and flexibility to show only desired results based on HTTP Response Code, No. of Lines/Words. When fuzzing is done, firefox will open and show the result.

  Requirements: Python, JRE 1.5 >=

  Date: Oct 2008

  
  
• NiktoFE
  Description: Nikto FrontEnd (Nikto UI) is what we just wrap GUI to the all-time famous nikto.pl by Sullo (CIRT Inc).It usually takes several minutes(even hours) for a complete scan. When it's done, firefox will open and show the result.

  Requirements: Perl, JRE 1.5 >=

  Date: Oct 2008

  
  
• Ultimate Hackerfox Addons
  Description: We've found it impossible to run Portable Firefox with several security addons thanks to our contributing testers (Ko Soe Min, http://soemin.net & Ko Phyo, http://myanmaritpros.com). To work around this problem, we zip-bundle hacking addons with runnable invokers (run.exe in Windows, run.pl in Linux). You must have firefox installed in your system. Make sure you already close any Firefox beforehand. Our Greasemonkey scripts Included .

  Download:  version-1-light MD5: 80AED846164A1AECEB5AFE0759473DF2
                  version-2 MD5: 68C581305E2C16E9D51E41C7D75ED501

  Requirement: Firefox Browser

  Date: Auguest 2008

  
  
• GreaseMonkey:: Web Security Toolkit
  Description: A collection of our Greasemonkey scripts that aim to provide security for yourself and your site. We love to write Greasemonkey scripts than Browser Addons because Greasemonkey is more flexible. Any one can view and edit source codes with ease. They will forever be compatible with any versions of Gecko browsers while most security addons are no longer compatible with new versions unless their authors take pains to modify codes for compatibility.
  Requirement: Gecko (Firefox, Flock, Netscape) Browser, GreaseMonkey Addon
  Last added Scripts Date: July 18 2008
  
  
• JHijackv.02 beta
  Description: A simple Java Fuzzer mainly used for numeric session hijacking and parameter enumeration.
  Requirement: JRE/JDK 1.4 or above
  Demonstrations:    Session Hijacking      BlindSQLInjection      HTTP Form Brute Forcing
  Date: April 2008
  
  
• HackerFirefox
  Description: Portable Firefox With Web Hacking Tools Bundled
  Started: Dec 2007
  Featured @ at OWASP
  
  
• GoogleHacker
  Description: A lightweight Windows HTA Application useful as your regular google hacking tool on Windows platform.A comprehensive search form bundled with sensitive keywords. It's capable of saving searches on disk and directly modifying keyword files.
  Started: Sept 2007

We don't intentionally hunt for vulnerabilities. The following ones are some of what we came across. [more...]Surely enough, we are not the only ones who found such holes. Many security professionals may have found the same holes at the same time or so. According to hacker code of ethics, we never do any harm or damage to our tested target (Yes, to do damage is one further step that exploits found weakenesses). and make disclosure only after vendor has been reported. But some vendors don't even response;hence we assume that they ignore our reports. There is no patch for ignorance.

We always find it difficult to explain security-knowlege-lack-and-stubborn-to-fix developers about security risks, threats and vulnerabilities. There are always many common myths of security which provoke Today secure and Tomorrow hacked. That's why we can't tell you something like “ Hey, guy  This is a protection code - Use this and your life will be forever secure! ” Here, we feature high-risk vulnerabilities info about web applications. The numerous number of vulnerablities in today's web sites are featured in our WSSAd project.

• Multiple vulnerabilities in PhpMyAdmin <= 2.11.7
     - XSS in setup |  Cross-site Framing
     - XSRF:ConvertCharset |  XSRF:CreateDatabase  
  July, 2008
  
  
• Ning.Com Captcha Protection Bypass Vulnerability  
  April, 2008
  
  
• XSS-Warning Addon Filtering Bypass Vulnerability  [demo]
  March, 2008
  
  
• Gmail-Lite Shell Code Execution Vulnerability
  March, 2008
  
  
• Gmail-Lite XSS Hole
  Jan, 2008
  
  
• Apache Security Bypass Vulnerability in DOMPDF
  Dec, 2007
  
  
• XSS Archive Screenshots
  Jan 03, 2008
  
  
• CodeIgniter Global XSS Filtering Bypass Vulnerability
  December, 2007
  
  
• Input Flood Vulnerability in burglish chat
  Feb 23, 2006
  

This is our ongoing project to maintain the most live ever-updated comprehensive links repository. We take pains to make the HWD sure for quality links resources. Click the logo below to enter into hwd:

Our videos illustrations of various hacking/security processes and tools were tested on our hacking lab environments and intended only for security hardening purpose. Please don't complain if those don't work for you. Watch and forget'em! Submit your desired training requests via the contact form.

Requirement: No more than a web browser with Flash player plugin.

• Exploiting Gmail Weak Password Recovery
  Description: Password reset/recovery questions shouldn't be too much simplistic. They shouldn't be any kinds that ask users to answer very security-weak answers such as 0-9,red-green-yellow-orange,etc.
  Date: June 2009
  
  
• Why JS Malwares are still prevelent and bypassing AV Scanners
  Description: Even up to now due to today's AV Scanner's Poor Defense against web worms, we'll never be secure. This movie shows you how JS malwares can easily bypass AV Scanners using stupid string manipulation techniques.
  Date: May 2009
  
  
• HTTP Form Brute Forcing With JHijack
  Description: The Initial reason for JHijack is to use it in numeric Session Hijacking but its uses depend only on who use it. We've given yet another example in Blind SQL Injection. This time, it can also be used as HTTP Form Cracker like an old school - Brutus.
  Date: Nov 2008
  
  
• Attack Log Analysis with Scalp!
  Description: Scalp is a very great apache log attacker analyzer using php-ids IDS pattern file. If you scan your web site logs weekly or daily, you will see attacks are coming to your site on a regular basis. People tend to check their logs only after compromise is accomplished. It is too late. Attackers have 0wned their sites and manipulated log files!
  Date: Sept 2008
  
  
• Passive Vulnerability Scanning with RatProxy
  Description: See how a google security guy's RatProxy is good at Web Application Security Assessment.
  Date: August 2008
  
  
• WebScarab Demonstration Series
  Description: See how WebScarab is useful in web application security assessment. - Spidering - Finding Hidden Clues - Session Analysis - XSS Hunting - Dir Enumeration - Backups Enumeration
  Date: August 2008
  
  
• Greasemonkey Script: WebPageFingerprint Series
  Description: Six nice video series of how a very little Greasemonkey Script can do - Web Page fingerprinting, JS fingerprinting, Vulnerability/Backup file scanning, XSS/SQL/Command Injection fuzzing ...etc.
  Date: July 2008
  
  
• XSS in phpMyAdmin 2.11.7
  Description: A recorded XSS hunting movie in phpMyAdmin 2.11.7.
  Date: June 2008
  
  
• Owning the box via Web Browser Flaw
  Description: You'll never think of how dangerous a link you've clicked! Generally exploiting browser vulnerabilities to gain remote access may bypass firewalls that are protecting your workstation. Firewalls typically block new, inbound connection attempts but allow users behind the firewall to create outbound connections, which allow both parties of that established connection to communicate freely in both directions over that channel. If an attacker wants to attack your firewall-protected computer, he will normally be blocked by your firewall. However, if the attacker instead hosts the domain evil.com and entices you to browse to www.evil.com, he now has a communication channel to interact with your computer. Ref: GHHB.
  Size: 11.3 MB
  Date: May 2008
  
  
• Discovering Browser Plugin Vulnerabilities
  Description: See how attacker find flaws in web browser plugins to install malware to your computer. For example, if a plugin has vulnerable readFile/loadFile function, then he can read/load any files from your computer and then send them to his sever. Similarly, for saveFile function, he can overwrite any files on your disk with malicious content.
  Size: 9.38 MB
  Date: May 2008
  
  
• Checking Weak SSL Ciphers With THCSSLCheck
  Description: If any weak or obsolete SSL ciphers are being used in particular web sites, then a suitably positioned attacker may be able to perform an attack to downgrade or decipher the SSL communications gaining access to user sensitive data. Ref: WAHH.
  Size: 2.05 MB
  Date: May 2008
  
  
• Session Strength Analysis With Stompy
  Description: Stompy performs NIST FIPS statistical tests on session generation and checks for correlations between arbitrary bits. A truly random token never exhibits correlation between the stage of one bit and the state of another. In this movie, I'll show you how to download, extract, compile, and run Stompy and analyze session tests for failure or pass. Ref: WAHH.
  Size: 10 MB
  Date: May 2008
  
  
• Owning the box Via Web Application Flaw
  Description: See how an attacker can use our recent discovery of File-Upload vulnerability in Gmail-Lite to 0wn the entire box. This is to teach developers how a flaw in web application is evil.In this movie, you should learn: 1) Attacker bypasses Firewall by making victim machine connecting back to him via port 80 2) He bypasses WebServer level restrictions on dangerous APIs such as system, exec ...etc by using backtick operator (`) to execute any commands he wants.
  Size: 6.39 MB
  Date: April 2008
  
  
• Trusting The Vulnerability Scanner: Danger of False Negative Sign
  Description: This movie is to educate developers who put their entire trust on security/vulnerability scanners. False Negative means "Scanner says it doesn't find any X vulnerability". But there actually exists X vulnerability. Be sure to read "About Movie.txt" file.
  Size: 2.05 MB
  Date: April 2008
  
  
• OWASP WebGoat Web Hacking Simulation Series [over 40 Movies]
  Description: A Series of Full-Featured Web Hacking WalkThrough Simulations played in OWASP WebGoat v5.1 environment. General - Code Quality - Concurrency - Unvalidated Parameters - Access Control Flaws - Authentication Flaws - Session Management Flaws - Cross-Site Scripting (XSS) - Buffer Overflows - Injection Flaws - Improper Error Handling - Insecure Storage - Denial of Service - Insecure Configuration - Web Services - AJAX Security - Challenge. New movies will be added whenever WebGoat is updated.
  Size: N/A
  Date: April 2008
  
  
• Attacking The Spammers with yehg.org's PhpMySpamFighter
  Description: Spammers use email collectors programs to grap our site visitors' emails. See our phpMySpamFighter Dos-attacks their programs. We hope there will be less spammers if this technique is used widely. In fact, it fights not only spammers but also your attackers who use the similar tools to probe your web sites.
  Size: 3.65 MB
  Date: March 2008
  
  
• Evading Firefox XSS-Warning Addon Filter
  Description: Just one example of how attackers can easily bypass today's security controls. We shouldn't too much reply on security products which have their own weaknesses.
  Size: 169 KB
  Date: March 2008
  
  
• Performing Directory Brute-Force Attack
  Description: There are dozens of tools that let us brute-forcing directories names for sensitive information digging. In this movie, we illustrated Directory Brute-Forcing with the tool called 'JBroFuzz'. The reason why we like it is that it can brute force a large number of directories. As of this writing,the latest version JBroFuzz 0.8 has 58658 directories names that are commonly used by today's web sites. The only defense is you must not place/protect sensitive information in server-side (.htaccess). Just wanna show you - Security Through Obscurity is broken.
  Size: 3.51 MB
  Date: March 2008
  
  
• Exploiting Logic Flaw
  Description: This demonstration shows you on how a flaw in coding reveals sensitive information!
  Size: 2.75 MB
  Date: Feb 15, 2008
  
  
• Desirable Input Validation Baseline Check
  Description: This demonstration shows you on how you should implement baseline acceptable input filtering on visitors' inputs. Filtering inputs are the most important because 100% injection attacks (XSS,SQL,XPATH,OS CMD ...etc) come from inputs where filtering is weak or none. Developers should always be aware of inputs as well as outputs! You know Garbage In Garbage Out but for attackers, Garbage In Gold Out!
  Size: 4.09 MB
  Date: Jan 15, 2008
  
  
• How Bad Guys Steal your Login Info Smartly
  Description: This demonstration shows you how bad guys or malicious web sites steal your login accounts info of your daily visited sites by exploiting via web browser's autoComplete feature .
  Size: 886.98 KB
  Date: Jan 11, 2008
  
  
• Finding XSS with Automated Tool
  Description: This training shows you how to automate finding xss holes with fuzzers in quick and easy manner.
  Size: 1.18 MB
  Date: Jan 04, 2008
  
  

Interactive Training

• Finding XSS with Automated Tool
  Description: This training is an interactive version of the above training. It simulates you how to automate finding xss holes with fuzzers in quick and easy manner yourself.
  Size: 150 KB
  Date: Feb 6, 2008
  
  

               Quick Menu

• Home
• Projects
• Directory
• Training
• Papers
• Advisories
• Tools
• FAQs
• Ethics
• WA-SARG
• Partners

Subscribe for Updates -