IP

Saturday, May 28, 2011

How They Hack Your Website: Overview of Common Techniques


We hear the same terms bandied about whenever a popular site gets hacked. You know… SQL Injection, cross site scripting, that kind of thing. But what do these things mean? Is hacking really as inaccessible as many of us imagine — a nefarious, impossibly technical twilight world forever beyond our ken?
Not really.
When you consider that you can go to Google right now and enter a search string which will return you thousands of usernames and passwords to websites, you realize that this dark science is really no mystery at all. You'll react similarly when you see just how simple a concept SQL Injection is, and how it can be automated with simple tools. Read on, to learn the basics of how sites and web content management systems are most often hacked, and what you can do to reduce the risk of it happening to you.

SQL Injection

SQL Injection involves entering SQL code into web forms, eg. login fields, or into the browser address field, to access and manipulate the database behind the site, system or application.
When you enter text in the Username and Password fields of a login screen, the data you input is typically inserted into an SQL command. This command checks the data you've entered against the relevant table in the database. If your input matches table/row data, you're granted access (in the case of a login screen). If not, you're knocked back out.
The Simple SQL Injection Hack
In its simplest form, this is how the SQLInjection works. It's impossible to explain this without reverting to code for just a moment. Don't worry, it will all be over soon.
Suppose we enter the following string in a Username field:

' OR 1=1 double-dash-txt.png
The authorization SQL query that is run by the server, the command which must be satisfied to allow access, will be something along the lines of:
SELECT FROM users WHERE username = ?USRTEXT '
AND password = ?PASSTEXT?
…where USRTEXT and PASSTEXT are what the user enters in the login fields of the web form.
So entering `OR 1=1 — as your username, could result in the following actually being run:
SELECT FROM users WHERE username = ?' OR 1=1 — 'AND password = '?
Two things you need to know about this:
['] closes the [username] text field.
'double-dash-txt.png' is the SQL convention for Commenting code, and everything after Comment is ignored. So the actual routine now becomes:
SELECT FROM users WHERE username = '' OR 1=1
1 is always equal to 1, last time I checked. So the authorization routine is now validated, and we are ushered in the front door to wreck havoc.
Let's hope you got the gist of that, and move briskly on.
Brilliant! I'm gonna go hack me a Bank!
Slow down, cowboy. This half-cooked method won't beat the systems they have in place up at Citibank, evidently.
But the process does serve to illustrate just what SQL Injection is all about — injecting code to manipulate a routine via a form, or indeed via the URL. In terms of login bypass via Injection, the hoary old ' OR 1=1 is just one option. If a hacker thinks a site is vulnerable, there are cheat-sheets all over the web for login strings which can gain access to weak systems. Here are a couple more common strings which are used to dupe SQL validation routines:
username field examples:
  • admin'—
  • ') or ('a'='a
  • ”) or (“a”=”a
  • hi” or “a”=”a
… and so on.
Backdoor Injection- Modules, Forums, Search etc.
Hacking web forms is by no means limited exclusively to login screens. A humble search form, for instance, is necessarily tied to a database, and can potentially be used to amend database details. Using SQL commands in search forms can potentially do some extremely powerful things, like calling up usernames and passwords, searching the database field set and field names, and amending same. Do people really get hacked through their search forms? You better believe it. And through forums, and anywhere else a user can input text into a field which interacts with the database. If security is low enough, the hacker can probe the database to get names of fields, then use commands like INSERT INTOUNION, and so forth to get user information, change product prices, change account settings/balances, and just about anything else… depending on the security measures in place, database architecture and so on.
So you can have security locked down at the login, but poor security on other forms can still be exploited. Unfortunately this is a real worry regarding 3rd party modules for Web CMS products which incorporate forms, and for CMS products these 3rd party modules are often the weakest links which allows hackers access to your database.
Automated Injection
There are tools to automate the process of SQL Injection into login and other fields. One hacker process, using a specific tool, will be to seek out a number of weak targets using Google (searching for login.asp, for instance), then insert a range of possible injection strings (like those listed above, culled from innumerable Injection cheat-sheets on the Web), add a list of proxies to cover his movements, and go play XBox while the program automates the whole injection process.
Remote Injection
This involves uploading malicious files to inject SQL and exploit other vulnerabilities. It's a topic which was deemed beyond the scope of this report, but you can view thisPDF if you'd like to learn more.
SQL Injection in the Browser Address Bar
Injections can also be performed via the browser address bar. I don't mean to have a pop at Microsoft, but when it comes to such vulnerabilities, HTTP GET requests withURLs of the following form are most often held to be vulnerable:
http://somesite.com/index.asp?id=10
Try adding an SQL command to the end of a URL string like this, just for kicks:
http://somesite.com/index.asp?id=10 AND id=11
See if both articles come up. Don't shoot your webmaster just yet if it's your own site and you get two articles popping up: this is real low-level access to the database. But some such sites will be vulnerable. Try adding some other simple SQL commands to the end of URLs from your own site, to see what happens.

Thursday, May 26, 2011

CEH v6 Module 5 from QuickCert: Scanning

CEH v6 Module 4 from QuickCert: Google Hacking

CEH Module 3: Footprinting

CEH v6 Module 2 from QuickCert: Hacking Law

CEH v6 Module 1: Intro to Ethical Hacking

Bluetooth Security – The Tools,the Rules and stuff


Everybody is having a Bluetooth phone nowadays,and we are merely concerned about the safety of these vulnerable and penetrable devices. BE it Nokia,Sony or any other brand,the technology remains same and provides whackers (wireless malicious hackers) new playground for their experiments.In this article,I will be listing some Bluetooth tools for security – both breaking and making.


Bluediving
It is a security and Bluetooth penetration testing suite and implements attacks like BlueSnarf,BlueSnarf++ and BlueSmack.Bluediving running on Linux - rdhacker.blogspot.comIt features Bluetooth address spoofing,socket shells like AT and RFCOMM and also implements tools like L2CAP packet generator and connection resetter and RSCOMM scanner which are a must for any Bluetooth security enthusiastic.

Download BlueDiving


Blooover
Blooover (and Blooover 2) is a tool that is intended to run on J2ME enabled cell phones that appear to be comparably seamless.It serves as an audit tool that people use to check if their phones and phones of friends :P are vulnerable or not.
Bloover running on S40 - rdhacker.blogspot.com Bloover running on S40 - rdhacker.blogspot.com
Also there is also a tool “Super Bluetooth Hack” which is quite popular nowadays to hack into Bluetooth devices.

Download Blooover

Medieval Bluetooth Network Scanner
This program can analyze and scan your Bluetooth network, giving detailed information about local and remote devices found. You can also browse supported services of each device in a clear and straightforward user-interface. If you have a Bluetooth dongle installed on your PC, download "Medieval Bluetooth Network Scanner" now, it's totally free of charge and very handy!
Bluetooth Network Scanner running on Win Vista - rdhacker.blogspot.comBluetooth Network Scanner running on Win Vista - rdhacker.blogspot.comIt can deep scan all services of your Bluetooth device using this software.

Download Medieval Bluetooth Network Scanner

These software are free to use and quite handy to audit.However you,you ought to follow some basic rules of Bluetooth security for maximum protection-
  • Switch off Bluetooth when not in use.
  • Purchase only devices having long PIN codes.
  • Refrain from entering the PIN into Bluetooth device for pairing.
  • Limit the electric power itself to keep range of network within physical area (for Bluetooth enabled routers and devices other than cell phones).
  • Always generate initialization keys when 2 Bluetooth devices meet for the first time.
  • Never allow auto connection (Big loophole in Cell phone devices,easily exploited by a bit of social engineering).

Wednesday, May 25, 2011

Ethical Hacking” Case Studies




Download “Ethical Hacking” Case Studies from www.orsoc.org.uk



Click Here to Download the presentation

Download Major Hacking Case Studies from www.isaca.org.hk


Download Bluetooth Hacking Case Study from www.garykessler.net


Download Anti-Hacking Case Studies



Friday, May 20, 2011

10 Reasons to Protect Your Home Wireless Network





Internet security is a major concern for anyone who relies upon a computer network to conduct their business. From large corporations and government agencies to the casual user on her PC, protecting your computer network has never been more important, and the stakes have never been higher. For the home user, here are 10 reasons to protect your home wireless network:

  1. Malware – Malicious software that can wreak havoc on your network is a threat to any unprotected network. Viruses, trojan horses, worms, etc. are forms of malware.
  2. Identity Theft – Hackers who gain access to your network can obtain personal information stored there which they can use to steal or clone your identity for later use – at your expense, as in …
  3. Financial Loss – The most common purpose of identity theft. Unprotected networks are vulnerable to access by intruders who can get passwords, account numbers and thereby access your money as well.
  4. Sensitive Data – Apart from financial information, there is much that can leave you vulnerable stored on your computer, such as names and addresses of contacts who may then also be at risk by compromising this information.
  5. Social Networking – There is a plethora of personal information that can be collected at common social networking sites such as Facebook and Twitter which could be subject to access by hackers on an unprotected network.
  6. Adware – This is a more mainstream version of malware, with the exception that, although it is still done without the user’s express permission in many instances as with malware, it is done so by advertisers and merchants for the purpose of compiling consumer habits in order to more effectively market their goods or services.
  7. Bandwidth – Not every instance of accessing your network by unwanted parties is with the intent of harming your network. There are also those who can “piggyback” on your network, in order to gain internet access at the cost of bandwidth that you’re paying for.
  8. Liability – If you’re using your network for business purposes, you could be held liable for any financial or data losses resulting from unlawful access to your network.
  9. Power Surges – Not all threats to your network are human or nefarious by nature. Lightning strikes and surges in  -(or loss of ) your power source can be just as damaging to your hardware as other external threats can be to your software. Surge protection and/or a UPS (uninterruptible power supply) is advised.
  10. Spam – Unwanted email is more than just a nuisance. It’s also another means by which a virus or malware can be introduced into your system.
Protecting your home wireless network may require investing in some security software like a strong firewall, anti-virus and anti-malware and spam filter; but the cost of not doing so can be far greater.
Author : Melanie Slaugh

Thursday, May 12, 2011

Phone Call Spoofing



Earlier there was a call spoofing method but its not working now, But I have come across a new method fully working. Use it to call anyone using anybode else's number. You can also change your voice pitch so that the other person can't recognize you.

Warning-Only for educational purposes.


  • 1. Open http://www.crazycall.net
  • 2. Select your country and wait for the page to load.
  • 3. Enter the number you want to display in the first big box (Dont change the contents of small box if the fake number is of same country).
  • 4. Enter the number you wish to call in
    second big box.
  • 5. Choose voice pitch as normal (for same
    voice) or high or low pitch to change your
    voice.
  • 6. Click Get me a code.
  • 7. Dial the number shown on right and
    enter the shown code when asked.
  • ###################

Sunday, May 8, 2011

SpyEye Trojan Latest Version Attacks Google Chrome and Opera Web browsers



SpyEye Trojan Latest Version Attacks Google Chrome and Opera Web browsers

The latest version of the SpyEye trojan includes new capability specifically designed to steal sensitive data from Windows users surfing the Internet with the Google Chromeand Opera Web browsers.


The author of the SpyEye trojan formerly sold the crimeware-building kit on a number of online cybercrime forums, but has recently limited his showroom displays to a handful of highly vetted underground communities. We Recently chatted with a member of one of these communities who has purchased a new version of SpyEye. Screenshots from the package show that the latest rendition comes with the option for new “form grabbing” capabilities targeting Chrome and Opera users.
 SpyEye Trojan Latest Version Attacks Google Chrome and Opera Web browsers
SpyEye component in version 1.3.34 shows form grabbing options for Chrome and Opera
Trojans like ZeuS and SpyEye have the built-in ability to keep logs of every keystroke a victim types on his or her keyboard, but this kind of tracking usually creates too much extraneous data for the attackers, who mainly are interested in financial information such as credit card numbers and online banking credentials. Form grabbers accomplish this by stripping out any data that victims enter in specific Web site form fields, snarfing and recording that data before it can be encrypted and sent to the Web site requesting the information.


Both SpyEye and ZeuS have had the capability to do form grabbing against Internet Explorer and Firefox for some time, but this is the first time I’ve seen any major banking trojans claim the ability to target Chrome and Opera users with this feature.


Aviv Raff, CTO and co-founder of security alert service Seculert, said that both SpyEye and ZeuS work by “hooking” the “dynamic link library” or DLL files used by IE and Firefox. However, Chrome and Opera appear to use different DLLs, Raff said.


This strikes me as an incremental yet noteworthy development. Many people feel more secure using browsers like Chrome and Opera because they believe the browsers’ smaller market share makes them less of a target for cyber crooks. This latest SpyEye innovation is a good reminder that computer crooks are constantly looking for new ways to better monetize the resources they’ve already stolen. Security-by-obscurity is no substitute for good security practices and common sense: If you’ve installed a program, update it regularly; if you didn’t go looking for a program, add-on or download, don’t install it; if you no longer need a program, remove it.




UPDATE: As per Wladimir Palant - As far as Firefox goes, I noticed a bogus extension called “z” mentioned in many Adblock Plus issue reports. It uses a random extension identifier which is a pretty good indication that it is malicious (makes sure that blacklisting by extension identifier won’t work). From the name I guess that it might be related to ZBot (Zeus) but that’s only a guess. I wouldn’t be surprised if that extension also does something to prevent showing up in the usual add-ons user interface. The data for these issue reports is collected automatically (list of installed extensions is optional), the users are most likely not aware of having this extension


SOURCE: http://krebsonsecurity.com

Friday, May 6, 2011

NETBIOS HACKING

NETBIOS HACKING - BREAKING INTO SYSTEM

-What is it?-

NetBIOS Hacking is the art of hacking into someone else's computer through your computer. NetBIOS stands for "Network Basic Input Output System." It is a way for a LAN or WAN to share folders, files, drives, and printers.

-How can this be of use to me?-
Most people don't even know, but when they're on a LAN or WAN they could possibly have their entire hard drive shared and not even know. So if we can find a way into the network, their computer is at our disposal.

-What do I need?-
Windows OS
Cain and Abel - get it from here - http://www.oxid.it/

++++++++++++++++++++++++++++++++++++++++++++++++++
-[Step 1, Finding the target.]-++++++++++++++++++++++++++++++++++++++++++++++++++
So first off we need to find a computer or the computer to hack into. So if your plugged in to the LAN, or connected to the WAN, you can begin. Open up Cain and Abel. This program has a built in sniffer feature. A sniffer looks for all IP addresses in the local subnet. Once you have opened up the program click on the sniffer tab, click the Start/Stop sniffer, and then click the blue cross




-What is it?-
NetBIOS Hacking is the art of hacking into someone else's computer through your computer. NetBIOS stands for "Network Basic Input Output System." It is a way for a LAN or WAN to share folders, files, drives, and printers.

-How can this be of use to me?-
Most people don't even know, but when they're on a LAN or WAN they could possibly have their entire hard drive shared and not even know. So if we can find a way into the network, their computer is at our disposal.

-What do I need?-
Windows OS
Cain and Abel - get it from here

CODE
http://www.oxid.it/
++++++++++++++++++++++++++++++++++++++++++++++++++
-[Step 1, Finding the target.]-++++++++++++++++++++++++++++++++++++++++++++++++++

So first off we need to find a computer or the computer to hack into. So if your plugged
in to the LAN, or connected to the WAN, you can begin.
Open up Cain and Abel. This program has a built in sniffer feature. A sniffer looks for
all IP addresses in the local subnet. Once you have opened up the program click on the
sniffer tab, click the Start/Stop sniffer, and then click the blue cross




Another window will pop up, make sure "All host in my subnet" is selected, and then click ok.



It should begin to scan.



Then IP's, computer names, and mac addresses will show up.
Now remember the IP address of the computer you are going to be breaking into.
If you can't tell whether the IP address is a computer, router, modem, etc, that's ok.
During the next step we will begin our trial and error.





++++++++++++++++++++++++++++++++++++++++++++++++++
-[Part 2, Trial and Error]-
++++++++++++++++++++++++++++++++++++++++++++++++++

Now, we don't know if we have our designated target, or if we have a computer or printer, or whatever else is on the LAN or WAN.
If you did get the IP of the target though, I still recommend reading through this section, for it could be helpful later on.
Click on the start menu and go to run, type in cmd, and click ok.
This should bring up the command prompt.
From here we will do most of the hacking.
Now I will be referring to certain commands that need to be inputted into the command prompt.
I will put these commands in quotes, but do not put the quotes in the code when you type it into the prompt.
I am only doing this to avoid confusion.
Let's get back to the hacking.
Type in "ping (IP address of the target)." For example in this tutorial, "ping 192.168.1.103."
This will tell us if the target is online.
If it worked, it will look something like this (note, I have colored out private information):





IF it didn't work, meaning that the target is not online, it will look something like this:





If the target is not online, either switch to a different target, or try another time. If the target is online, then we can proceed.


++++++++++++++++++++++++++++++++++++++++++++++++++
-[Part 3, Gathering the Information.]-
++++++++++++++++++++++++++++++++++++++++++++++++++

Now, input this command "nbtstat –a (IP address of target)." An example would be "nbtstat –a 192.168.1.103."
This will show us if there is file sharing enabled, and if there is, it will give us the: currently logged on user, workgroup, and computer name.




Ok, you're probably wondering, "What does all this mean to me?" Well, this is actually very important, without this, the hack would not work. So, let me break it down from the top to bottom. I will just give the first line of information, and then explain the paragraph that follows it.

The information right below the original command says: "Local Area Connection," this information tells us about our connection through the LAN, and in my case, I am not connected through LAN, so the host is not found, and there is no IP.

The information right below the "Local Area Connection," is "Wireless Network Connection 2:" It gives us information about the connection to the target through WAN. In my case I am connected through the WAN, so it was able to find the Node IpAddress. The Node IpAddress is the local area IP of the computer you are going to break into.

The NetBIOS Remote Machine Name Table, give us the workgroup of our computer, tells us if it is shared, and gives us the computer name. Sometimes it will even give us the currently logged on user, but in my case, it didn't. BATGIRL is the name of the computer I am trying to connect to. If you look to the right you should see a <20>. This means that file sharing is enabled on BATGIRL. If there was not a <20> to the right of the Name, then you have reached a dead end and need to go find another IP, or quit for now. Below BATGIRL is the computers workgroup, SUPERHEROES. If you are confused about which one is the workgroup, and the computer, look under the Type category to the right of the < > for every Name. If it says UNIQUE, it is one system, such as a printer or computer. If it is GROUP, then it is the workgroup


++++++++++++++++++++++++++++++++++++++++++++++++++
-[Step 4, Breaking In]-
++++++++++++++++++++++++++++++++++++++++++++++++++

Finally it's time.
By now we know: that our target is online, our target has file sharing, and our target's computer name.
So it's time to break in.
We will now locate the shared drives, folders, files, or printers. Type in "net view \\(IP Address of Target)"
An example for this tutorial would be: "net view \\192.168.1.103




We have our just found our share name. In this case, under the share name is "C," meaning that the only shared thing on the computer is C. Then to the right, under Type, it says "Disk." Thismeans that it is the actual C DISK of the computer. The C DISK can sometimes be an entire person's hard drive.

All's that is left to do is "map" the shared drive onto our computer. This means that we will make a drive on our computer, and all the contents of the targets computer can be accessed through our created network drive. Type in "net use K: \\(IP Address of Target)\(Shared Drive). For my example in this tutorial, "net use K: \\192.168.1.103\C." Ok, let's say that you plan on doing this again to a different person, do u see the "K after "net use?" This is the letter of the drive that you are making on your computer. It can be any letter you wish, as long as the same letter is not in use by your computer. So it could be "net use G...," for a different target.



As you can see, for my hack I have already used "K," so I used "G" instead.

You may also do the same for multiple hacks.
If it worked, it will say "The command completed successfully."
If not, you will have to go retrace you steps.
Now open up "my computer" under the start menu, and your newly created network drive should be there.



Now, if you disconnect from the WAN or LAN, you will not be able to access this drive, hence the name Network Drive.

The drive will not be deleted after you disconnect though, but you won't be able to access it until you reconnect to the network.
So if you are doing this for the content of the drive, I recommend dragging the files and folders inside of the drive onto your computer,
because you never know if the target changes the sharing setting.


If you are just doing this to hack something, then go explore it and have some well deserved fun!