Friday, October 22, 2010

Hackthissite realistic mission 3

Open the page source.  Down the bottom of the source you will see that the hacker just renamed index.html to oldindex.html.

Then you just have to type in the url http://www.hackthissite.org/missions/realistic/3/oldindex.html to view the old page. View the source, and copy it all. Then you will have to Submit a poem, and this is the important part. If you simply type in the name of your poem,it will be saved in the current directory.You need to submit the source of the oldindex.html as index.html and also in the correct place.For that you need to go up one directory.This is accomplished by '../' , which is prefixed to the name of our file 'index.html'

Name of poem has to be "../index.html" for this to work. Then paste the code you copied into the textarea you are supposed to write a poem.



$4900.00The Cadaver Calculator - Find out how much your body is worth.

Created by OnePlusYou - Free Dating Site

Hackthissite Realistic mission 2

Analyse the source code of each page.You will se update.php there. It's at the very end of the page. Click on it, or just type the http://www.blogger.com/"%20http://www.hackthissite.org/missions/realistic/2/update.%20php".

View the page source again. This time you will see a form, with the action update2.php. You will try clicking without passwords, and you get "Invalid username/password".

Then click back, so you can type your username and password again. We use SQL injection.Use the username:" ' or 1=1 - " and the same password  and you are done!. SQL injection is a very outdated vulnerability and you will hardly find a web application vulnerable to it.

Hackthissite realistic mission 7

You will need to use John the ripper to crack the password.Let's start with the mission.The first thing to do is analyse the source code and also keep an eye on the URL.The URL in your browser will show you something like " showimages.php?file= " and then a filename.The php file is displaying the file whose name is being given as parameter.If you analysed the source carefully you must have found the admin folder.If you click on it you will get the opportunity to log in to the admin part of the page. Writing the wrong password will not help you though.

You will notice that the server is using HTTP authentication(used by apache servers).The folder in apache are secured by two files namely .htpasswd and .htconf - the password and configuration file.You need to get the hash in the password file which will then be cracked by JTR.Enough clue..eh?

Type this in the addressbar :" http://www.hackthissite.org/missions/realistic/7/showimages.php?file=images/admin/.htpasswd " and you will se a little square with to vertical lines. Right click on the left vertical line and then copy the link. In firefox, you can just click on properties, but I don't know about other browsers.

You will then have to paste this into a txt file. Time to bruteforce it using John The Ripper.

Save what you copied in the run directory of the john the ripper program. Lets say we save this file as pass.txt. You then have to open the command promt and direct yourself into the run directory. You will have to use the command:" john-386 --show pass.txt ". It will look something like this:


This was on a windows computer.

Thursday, October 21, 2010

Trojan attack demo - Remote control your victim's PC

You must be familiar with what a trojan is.A Trojan is similar to a virus but it can be more lethal in the way it gives the attacker complete control over the victim's PC.Usually trojans come in two parts - the client and the server.The server resides on the victim's PC and the client is used to connect to it and play mischief,create havoc and much more.The attacker can take snapshots of the victim's screen,install a keylogger which will send you all the keystrokes,reboot the system,crash the system,eject the cd-rom and much more.This tutorial will show you how the hacker accomplishes his task and how to protect yourself from it.

The first thing a hacker does is to install the server on the victim's pc.The hacker does this very cleverly.The server part of the trojan is bind with a small program with like a chess game for example.The victims is deluded into thinking that the game is harmless.He installs it,not knowing that a trojan is being installed along with it in the background.The next thing the hacker needs to know is the IP address of the victim which he will use to connect the client to server.

The following demo is for educational purposes only.

We take the example of a trojan named Aladino.Its available for free over.The hacker binds the server part of this trojan with say a game of chess,using a program called binder.The victim is deluded into thinking that it is a harmless program.He install it on his hard-disk.Once it is executed,it will wait for commands to be sent by the hacker.There are many commands available,for example

SCREEN_CAPTURE C:\\snapshot.bmp

This command will take a snapshot if the victims screen and store it in c:\\snapshot.Other commands can be seen after typing help at the command prompt.They are simple and self explanatory.

Tuesday, October 19, 2010

Stuxnet - The Marvellous Malware

Computerworld - The Stuxnet worm is a "groundbreaking" piece of malware so devious in its use of unpatched vulnerabilities, so sophisticated in its multipronged approach, that the security researchers who tore it apart believe it may be the work of state-backed professionals.

It's amazing, really, the resources that went into this worm," said Liam O Murchu, manager of operations with Symantec's security response team.

“With the forensics we now have it is evident and provable that Stuxnet is a directed sabotage attack involving heavy insider knowledge,” wrote Ralph Langner, the CEO of Langner Communications, on the company website.

“The attack combines an awful lot of skills - just think about the multiple 0day vulnerabilities, the stolen certificates etc. This was assembled by a highly qualified team of experts, involving some with specific control system expertise.”

“Based on a conditional check, original code for OB 35 is manipulated during the transmission. If the condition matches, Stuxnet injects Step7 code into OB 35 that is executed on the PLC every time that OB 35 is called,” Langner explained in a brief report.

Yet, the really interesting aspect to Langner’s research is the conclusion that the attack was designed to have a short shelf life.

“Therefore, the whole attack only makes sense within a very limited timeframe…So we can conclude that the planned time of attack isn't somewhen next year. I must assume that the attack did already take place. I am also assuming that it was successful,” Langner commented.






35%

Created by OnePlusYou - Free Dating Sites

Saturday, October 16, 2010

Friday, October 15, 2010

Brute force attack

In simple terms,Brute force attack is used to crack a password and/or login name of say an ftp website.Here you use a brute force attacker program (the one we are going to use is called Hydra),to carry out the attack.This program uses a wordlist which contains hundreds or maybe thousands of words which this program sends as password to the server.If it matches with the correct password,you get logged in,else you gota add more words to the list.Remember that hacking requires a lot of patience.

So first of all you need to download and install hydra-5.4.Google it.Its free and it doesn't have a graphical interface.You 'll have to use the command line.After you have downloaded it,you need to search for a wordlist.Search for 'wordlist.txt' on Google.It 'll be text file.Save it in your harddisk.Add more words or phone numbers to it if you want to.

The next thing to do is search for a vulnerable site.A site that allows anonymous login through ftp,can be vulnerable.Or if you know the admin login name you can brutefoce the site as demonstrated below.Lets say the admin login name is 'admin'.You can use a wordlist for admin names even.Open the command prompt and change to the directory where you downloaded hydra.Type the following

Hydra -l admin -P wordlist.txt -e ns -vV [ip address] ftp

where [ip address] is the IP address of the site.To know the ip address you can ping the site by typing the following at the cmd prompt

ping sitetobehacked.com

sitetobehacked is the name of the vulnerable site.You will see the ip address of the site.The wordlist should be in the same directory and if you wanna use a wordlist for username also,replace admin by a text file where you have saved the names.Back to our hydra program,after you type the above command,and hit enter,hydra will start bruteforcing the site and it will take few minutes depending on the length of your wordlist.As soon as the password matches with the correct password,the program will stop and you will see the real password.Use it to login to the site using ftp and then you can download and upload files to the server and view all confidential documents!