The YEHG was established in Jan 2008 by a small group of young but mature people. The initiatives broke out in the hope of united force that can beat any obstacles and accomplish any goals we desire. We are NOT BLACK Hats. We are not concerned with or employed by Myanmar Government or any organizations.

Mission

To become one of the best, respectable, powerful groups in the world who’re ever dedicating their lives in ethical hacking and countermeasures.

Objectives

1. To share each other in learning new skills, researches and developments
2. To help each other’s desired goal all together

Please see our home page for complete services.

Our papers/rticles are made pretty easy-to-follow, short and simple but informative for every IT professional. We don't use big jargons.

• An Apache Trick to protect sensitive/backup files
  Nov 2008
  
  
• An Apache Trick to prevent Shell File Attack
  Nov 2008
  
  
• Things to do When you got hacked
  Nov 2008
  
  
• Ongoing Web Application Security Model (OWA-SM)
  May 2008
  
  
• Hunting for Backdoor Scripts
  March 27, 2008
  
  
• Web Browser Plugins Vulnerabilities
  => [Download controller.php]
  Feb 7, 2008
  
  
• Ways to Protect Sensitive Files & Directories
  Jan 29, 2008
  
  
• Why Session Protection Fails
  Jan 29, 2008
  
  
• Security Professional How to
  Jan 28, 2008
  
  
• Directory Bruteforce Attack
  Jan 09, 2008
  
  
• Causes Of Security Flaws 101
  Jan 07, 2008
  
  
• What XSS Can Do
  Jan 02, 2008
  
  
• Defeating X-Rummer Spam Bot
  Feb 19, 2007
  
  
• Disclosure Vulnerability:phpinfo
  Jul 16, 2006
  
  
• Disclosure Vulnerability:robots.txt
  Jul 16, 2006
  
  
• Next-Generation Phishing Attack
  May 13, 2006

• A Nice Approach to IT Certifications
  Jan 07 , 2006
  
  

Our presentations about our thoughts of security:

• Introducing Malware Script Detector   [@SlideShare.net]
• Php5 Built-in String Filter Functions For Security   [@SlideShare.net]
• A Dark Intro To Google Hacking   [@SlideShare.net]
• Better Study Strategies    [@SlideShare.net]
• What a perfect whitehat!    [@SlideShare.net]

For those dedicated stuffs like Joomla!, we write targeted tools. For others, we add new/improve plugins in w3af (Web Application Audit and Attack Framework) for generic web application bugs. We've become a part of w3af team. Submit ideas/tool requests based on your findings/experience via the contact form.

• W3af Plugins
  1. /plugins/discovery/phpinfo.py
     We improved it by adding phpinfo() configuration audit checks feature from our greasemonkey phpinfosechecker.
     
     
  2. /plugins/discovery/fingerprint_WAF.py
     We contributed four signatures - F5 Traffic Shield, NetContinuum, TEROS, BinarySec
     
     
  3. /plugins/discovery/findBackdoor.py
     We added a dozen of new shell file names to database.
     
     
  4. /plugins/grep/findComments.py
     We added 'secret','@', 'email','security','captcha' to self._interestingWords
     
     
• Joomla! Security/Vulnerability Scanner
  Description: A regularly-updated scanner that can detect file inclusion, sql injection, command execution vulnerabilities of a target Joomla! web site.

  Requirements: Perl

  Start-Date: Dec 2008

  
  
• Web Firewall Stress Tester
  Description: A tool to be used for newly created OSS web firewall/proxy/servers 'coz I found vulnerability in this way. Submit (GET/POST/HEAD) user-defined packets to web firewall to test its security strength. Tell you at which packet length a firewall will crash. Good for Heap/buffer overflow hunting.
  [REQUEST] <----> | Web Firewall | <----> [WebServer]

  Requirements: Perl

  Date: Nov 2008

  
  
• Web Firewall Detector
  Description: Typical Web Firewalls use a mechanism to classify anomaly traffics. This tool submits an old-school malicious (not dangerous) request, and tells you the type of firewall a particular web site use (if any). Mainly useful for blackbox security assessment. Coded years ago. Ref: Web Hacking Exposed 2nd Edition, ISBN:9780072262995
  [REQUEST] <----> | Web Firewall | <----> [WebServer]

  Requirements: Perl

  Date: Nov 2008

  No longer updated. We've contributed this wafd's signatures to w3af finger_WAF.py plugin.

  
  
• WFuzzFE
  Description: WFuzz FrontEnd (WFuzz UI) is what we just wrap GUI to the all-time famous wfuzz.py by Carlos del ojo & Christian Martorella (Edge-security.com). WFuzz is known as a Web Brute Forcer. It's a tool that got its fame thanks to its multithreading and flexibility to show only desired results based on HTTP Response Code, No. of Lines/Words. When fuzzing is done, firefox will open and show the result.

  Requirements: Python, JRE 1.5 >=

  Date: Oct 2008

  
  
• NiktoFE
  Description: Nikto FrontEnd (Nikto UI) is what we just wrap GUI to the all-time famous nikto.pl by Sullo (CIRT Inc).It usually takes several minutes(even hours) for a complete scan. When it's done, firefox will open and show the result.

  Requirements: Perl, JRE 1.5 >=

  Date: Oct 2008

  
  
• Ultimate Hackerfox Addons
  Description: We've found it impossible to run Portable Firefox with several security addons thanks to our contributing testers (Ko Soe Min, http://soemin.net & Ko Phyo, http://myanmaritpros.com). To work around this problem, we zip-bundle hacking addons with runnable invokers (run.exe in Windows, run.pl in Linux). You must have firefox installed in your system. Make sure you already close any Firefox beforehand. Our Greasemonkey scripts Included .

  Download:  version-1-light MD5: 80AED846164A1AECEB5AFE0759473DF2
                  version-2 MD5: 68C581305E2C16E9D51E41C7D75ED501

  Requirement: Firefox Browser

  Date: Auguest 2008

  
  
• GreaseMonkey:: Web Security Toolkit
  Description: A collection of our Greasemonkey scripts that aim to provide security for yourself and your site. We love to write Greasemonkey scripts than Browser Addons because Greasemonkey is more flexible. Any one can view and edit source codes with ease. They will forever be compatible with any versions of Gecko browsers while most security addons are no longer compatible with new versions unless their authors take pains to modify codes for compatibility.
  Requirement: Gecko (Firefox, Flock, Netscape) Browser, GreaseMonkey Addon
  Last added Scripts Date: July 18 2008
  
  
• JHijackv.02 beta
  Description: A simple Java Fuzzer mainly used for numeric session hijacking and parameter enumeration.
  Requirement: JRE/JDK 1.4 or above
  Demonstrations:    Session Hijacking      BlindSQLInjection      HTTP Form Brute Forcing
  Documentation: aldeid.com

  Date: April 2008

  
  
• HackerFirefox
  Description: Portable Firefox With Web Hacking Tools Bundled
  Started: Dec 2007
  Featured @ at OWASP
  
  
• GoogleHacker
  Description: A lightweight Windows HTA Application useful as your regular google hacking tool on Windows platform.A comprehensive search form bundled with sensitive keywords. It's capable of saving searches on disk and directly modifying keyword files.
  Started: Sept 2007

We don't intentionally hunt for vulnerabilities. The following ones are some of what we came across. [more...]Surely enough, we are not the only ones who found such holes. Many security professionals may have found the same holes at the same time or so. According to hacker code of ethics, we never do any harm or damage to our tested target (Yes, to do damage is one further step that exploits found weakenesses). and make disclosure only after vendor has been reported. But some vendors don't even response;hence we assume that they ignore our reports. There is no patch for ignorance.

We always find it difficult to explain security-knowlege-lack-and-stubborn-to-fix developers about security risks, threats and vulnerabilities. There are always many common myths of security which provoke Today secure and Tomorrow hacked. That's why we can't tell you something like “ Hey, guy  This is a protection code - Use this and your life will be forever secure! ” Since July '09, we've now believed in FD (=full disclosure) after reporting numerous vulnerabilities to various vendors.Only a few ones take interest in fixing their security holes. Only FD will be a better force towards them to fix. It is the only way to harden or worsen the world.

• TinyBrowser (TinyMCE Editor Plugin) 1.41.6 <= Multiple Vulnerabilities
  Feature: OSVDB ID 56602, 56603, Secunia Advisory ID: 36031 , PacketStorm , milw0rm , SecurityReason
  July, 2009
  
  
• Google Mail (Gmail) | Fail to do Security Check Vulnerability
  July, 2009
  
  
• Rapidshare | Login Credential Leakage Vulnerability
  July, 2009
  
  
• Multiple vulnerabilities in PHP Support Tickets (PHP Help System) 2.2 <=
  July, 2009
  
  
• Multiple vulnerabilities in PhpMyAdmin <= 2.11.7
     - XSS in setup |  Cross-site Framing
     - XSRF:ConvertCharset |  XSRF:CreateDatabase
     - Incomplete HTTP Caching Directive |  XSRF:Font-size,Lang  
  Feature: CVE-2008-3457 | PMASA-2008-6
  July, 2008
  
  
• Ning.Com (Massive Social Network) | Captcha Protection Bypass Vulnerability  
  => We later found they haven't fixed it till now (= Mar-11-2010 ).
  Thus we release a sample exploit.
  Sample Exploit Code: ningspamexploitdefeating.user.js
  April, 2008
  
  
• XSS-Warning (Gecko Browser XSS Prevention Addon) | XSS Bypass Vulnerability
    [demo]
  March, 2008
  
  
• Multiple vulnerabilities in Gmail-lite (Gmail Mobile Interface/Gmail Lighter Interface)
     - Mass-mailing |   Cross-site Scripting
     - Shell Code Execution/Arbitrary File Upload
  March, 2008
  
  
• DOMPDF (PHP PDF Creator) | Apache Security Bypass/Arbitrary File Read Vulnerability
  => We have noticed the author found this page and learnt his DOMPDF vulnerability. He promised to give a patch in his web site but has not done it till now (= Mar-11-2010 ).
  Dec, 2007
  
  
• XSS Archive Screenshots
  Jan 03, 2008
  
  
• CodeIgniter PHP Framework | Global XSS Filtering Bypass Vulnerability
  Feature: SecReason
  December, 2007
  
  
• Burglish Chat | Input Flood Vulnerability
  Feb 23, 2006
  

This is our ongoing project to maintain the most live ever-updated comprehensive links repository. We take pains to make the HWD sure for quality links resources. Click the logo below to enter into hwd:

Our videos illustrations of various hacking/security processes and tools were tested on our hacking lab environments and intended only for security hardening purpose. Please don't complain if those don't work for you. Watch and forget'em! Submit your desired training requests via the contact form.
Requirement: No more than a web browser with Flash player plugin.

Announcement: We have mirrored our training files at Rapidshare.Since Oct 2009, we no longer host files at sourceforge.net and we rather stick to our site. In case you experience impatient down time, please do let us know by mailing to down [at] yehg.net.

• Hacking Rapidshare Account With XSS  [View Online | Download]
  Description: This movie shows how an attacker exploits an XSS vulnerability in Rapidshare.com and steals current logged in Rapidshare user's cookie which is then sent to his mailbox. Demonstrating with sample vulnerable XSS page seldom enlightens people with the real danger of XSS.We hope using the real site may make people(developers) greater awareness on the XSS threat. No doubt, we have reported this vulnerability to the Rapidshare team and they have fixed it.
  Date: August 2009
  
  
• Exploiting Gmail Weak Password Recovery   [View Online | Download]
  Description: Password reset/recovery questions shouldn't be too much simplistic. They shouldn't be any kinds that ask users to answer very security-weak answers such as 0-9,red-green-yellow-orange,etc.
  Date: June 2009
  
  
• Why JS Malwares are still prevelent and bypassing AV Scanners [View Online | Download]
  Description: Even up to now due to today's AV Scanner's Poor Defense against web worms, we'll never be secure. This movie shows you how JS malwares can easily bypass AV Scanners using stupid string manipulation techniques.
  Date: May 2009
  
  
• HTTP Form Brute Forcing With JHijack [View Online | Download]
  Description: The Initial reason for JHijack is to use it in numeric Session Hijacking but its uses depend only on who use it. We've given yet another example in Blind SQL Injection. This time, it can also be used as HTTP Form Cracker like an old school - Brutus.
  Date: Nov 2008
  
  
• Attack Log Analysis with Scalp! [View Online | Download]
  Description: Scalp is a very great apache log attacker analyzer using php-ids IDS pattern file. If you scan your web site logs weekly or daily, you will see attacks are coming to your site on a regular basis. People tend to check their logs only after compromise is accomplished. It is too late. Attackers have 0wned their sites and manipulated log files!
  Date: Sept 2008
  
  
• Passive Vulnerability Scanning with RatProxy [View Online | Download]
  Description: See how a google security guy's RatProxy is good at Web Application Security Assessment.
  Date: August 2008
  
  
• WebScarab Demonstration Series
  Description: See how WebScarab is useful in web application security assessment. - Spidering - Finding Hidden Clues - Session Analysis - XSS Hunting - Dir Enumeration - Backups Enumeration
  Date: August 2008
  
  
• Greasemonkey Script: WebPageFingerprint Series
  Description: Six nice video series of how a very little Greasemonkey Script can do - Web Page fingerprinting, JS fingerprinting, Vulnerability/Backup file scanning, XSS/SQL/Command Injection fuzzing ...etc.
  Date: July 2008
  
  
• XSS in phpMyAdmin 2.11.7 [View Online | Download]
  Description: A recorded XSS hunting movie in phpMyAdmin 2.11.7.
  Date: June 2008
  
  
• Owning the box via Web Browser Flaw [View Online | Download]
  Description: You'll never think of how dangerous a link you've clicked! Generally exploiting browser vulnerabilities to gain remote access may bypass firewalls that are protecting your workstation. Firewalls typically block new, inbound connection attempts but allow users behind the firewall to create outbound connections, which allow both parties of that established connection to communicate freely in both directions over that channel. If an attacker wants to attack your firewall-protected computer, he will normally be blocked by your firewall. However, if the attacker instead hosts the domain evil.com and entices you to browse to www.evil.com, he now has a communication channel to interact with your computer. Ref: GHHB.
  Size: 11.3 MB
  Date: May 2008
  
  
• Discovering Browser Plugin Vulnerabilities [View Online | Download]
  Description: See how attacker find flaws in web browser plugins to install malware to your computer. For example, if a plugin has vulnerable readFile/loadFile function, then he can read/load any files from your computer and then send them to his sever. Similarly, for saveFile function, he can overwrite any files on your disk with malicious content.
  Size: 9.38 MB
  Date: May 2008
  
  
• Checking Weak SSL Ciphers With THCSSLCheck [View Online | Download]
  Description: If any weak or obsolete SSL ciphers are being used in particular web sites, then a suitably positioned attacker may be able to perform an attack to downgrade or decipher the SSL communications gaining access to user sensitive data. Ref: WAHH.
  Size: 2.05 MB
  Date: May 2008
  
  
• Session Strength Analysis With Stompy [View Online | Download]
  Description: Stompy performs NIST FIPS statistical tests on session generation and checks for correlations between arbitrary bits. A truly random token never exhibits correlation between the stage of one bit and the state of another. In this movie, I'll show you how to download, extract, compile, and run Stompy and analyze session tests for failure or pass. Ref: WAHH.
  Size: 10 MB
  Date: May 2008
  
  
• Owning the box Via Web Application Flaw [View Online | Download]
  Description: See how an attacker can use our recent discovery of File-Upload vulnerability in Gmail-Lite to 0wn the entire box. This is to teach developers how a flaw in web application is evil.In this movie, you should learn: 1) Attacker bypasses Firewall by making victim machine connecting back to him via port 80 2).
  Size: 6.39 MB
  Date: April 2008
  
  
• Trusting The Vulnerability Scanner: Danger of False Negative Sign [View Online | Download]
  Description: This movie is to educate developers who put their entire trust on security/vulnerability scanners. False Negative means "Scanner says it doesn't find any X vulnerability". But there actually exists X vulnerability. Be sure to read "About Movie.txt" file.
  Size: 2.05 MB
  Date: April 2008
  
  
• OWASP WebGoat Web Hacking Simulation Series [over 40 Movies]
  Description: A Series of Full-Featured Web Hacking WalkThrough Simulations played in OWASP WebGoat v5.1 environment. General - Code Quality - Concurrency - Unvalidated Parameters - Access Control Flaws - Authentication Flaws - Session Management Flaws - Cross-Site Scripting (XSS) - Buffer Overflows - Injection Flaws - Improper Error Handling - Insecure Storage - Denial of Service - Insecure Configuration - Web Services - AJAX Security - Challenge. New movies will be added whenever WebGoat is updated.
  Size: N/A
  Date: April 2008
  
  
• Attacking The Spammers with PhpMySpamFighter [View Online | Download]
  Description: Spammers use email collectors programs to grap our site visitors' emails. See our phpMySpamFighter Dos-attacks their programs. We hope there will be less spammers if this technique is used widely. In fact, it fights not only spammers but also your attackers who use the similar tools to probe your web sites.
  Size: 3.65 MB
  Date: March 2008
  
  
• Evading Firefox XSS-Warning Addon Filter [View Online | Download]
  Description: Just one example of how attackers can easily bypass today's security controls. We shouldn't too much reply on security products which have their own weaknesses.
  Size: 169 KB
  Date: March 2008
  
  
• Performing Directory Brute-Force Attack [View Online | Download]
  Description: There are dozens of tools that let us brute-forcing directories names for sensitive information digging. In this movie, we illustrated Directory Brute-Forcing with the tool called 'JBroFuzz'. The reason why we like it is that it can brute force a large number of directories. As of this writing,the latest version JBroFuzz 0.8 has 58658 directories names that are commonly used by today's web sites. The only defense is you must not place/protect sensitive information in server-side (.htaccess). Just wanna show you - Security Through Obscurity is broken.
  Size: 3.51 MB
  Date: March 2008
  
  
• Exploiting Logic Flaw [View Online | Download]
  Description: This demonstration shows you on how a flaw in coding reveals sensitive information!
  Size: 2.75 MB
  Date: Feb 15, 2008
  
  
• Desirable Input Validation Baseline Check [View Online | Download]
  Description: This demonstration shows you on how you should implement baseline acceptable input filtering on visitors' inputs. Filtering inputs are the most important because 100% injection attacks (XSS,SQL,XPATH,OS CMD ...etc) come from inputs where filtering is weak or none. Developers should always be aware of inputs as well as outputs! You know Garbage In Garbage Out but for attackers, Garbage In Gold Out!
  Size: 4.09 MB
  Date: Jan 15, 2008
  
  
• How Bad Guys Steal your Login Info Smartly [View Online | Download]
  Description: This demonstration shows you how bad guys or malicious web sites steal your login accounts info of your daily visited sites by exploiting via web browser's autoComplete feature .
  Size: 886.98 KB
  Date: Jan 11, 2008
  
  
• Finding XSS with Automated Tool [View Online | Download]
  Description: This training shows you how to automate finding xss holes with fuzzers in quick and easy manner.
  Size: 1.18 MB
  Date: Jan 04, 2008
  
  

Interactive Training

• Finding XSS with Automated Tool
  Description: This training is an interactive version of the above training. It simulates you how to automate finding xss holes with fuzzers in quick and easy manner yourself.
  Size: 150 KB
  Date: Feb 6, 2008
  
  

               Navigate

• Home
• Projects
• Directory
• Training
• Papers
• Advisories
• Tools
• FAQs
• Blog
• Ethics
• WA-SARG
• Media
• Donations

Subscribe for Updates -