Tuesday, 27 November 2012

XSS(Cross Site Scripting) Part 1:

Standard

Hello Everyone,
Today I am going to share with you some basic methods of XSS attack.


XSS or Cross Site Scripting is a vulnerability found in web application. It is method by which malicious script is injected into the the websites .These type of attacks is made by injecting some code written in client side scripting code like Javascript or VBscript .And once the code is executed in the browser side it can be used to perform attacks like generating popups , cookie stealing and as well as website defacement.

XSS can be divided into 3 different category 

  • Non Persistent 
  • Persistent
  • DOM Based

In this tutorial I am going to discuss mainly on Non Persistent XSS attacks. The other techniques will be presented in separate tutorial.

CAUTION
"This tutorial should be used for educational purpose only. I won't be responsible if you misuse this techniques and get yourself in trouble.Performing such attacks without the permission of the owner can lead to serious trouble.Most of the websites uses IDS to check the input sent by the user.Any malicious script if detected by these IDS coming from your IP then your IP will be logged and henceforth  blocked"



Prerequisites of this Tutorial:
  • Knowledge on PHP .
  • Knowledge on HTML & JavaScript.
  • Knowledge on Form Processing in HTML.

Non Persistent XSS
Non Persistent XSS attacks are caused due to improper filtering / no filtering of the input sent by the user.They generally does not cause much harm but they can be used to extract information stored in cookies and can be also used for many other purposes.


Scenario
This a simple web application that is developed using PHP and HTML. The working mechanism is simple. It asks for a user input and then displays the input  .

Now lets have a look at the HTML code.


Here we are using POST method to send the input information to the target page display.[hp which is written in PHP .Lets analyze the PHP code of display.php



Now we can see that there is no filtering of the input and and input is directly displayed.
Now I are going to inject some malicious code into the input

Here is my malicious code which I am going to inject in the input field.
                 <script language="javascript">alert("You are hacked");</script>

And here is what I get in the browser.



Now we see a popup. 
The reason why this popup executes is simple . When the injected code is passed ,the browser have no idea if its malicious or not,it just executes it just like a normal javascript code. Now when this code is executed we see this popup. Now you might have a question in your mind how this can be harmful . Well I will explain you it in later posts after I cover the remaining 2 types of XSS.
---------------------------------------------------------------------------------------------

Friday, 9 November 2012

C++ Code Hacking 1: Pointer Exploitation

Standard
C++ Code Hacking 1: Pointer Exploitation

                 Today I am going to show you how you can access the values of private member variables directly inside main() without the use of any member function.
                  We know that we can access private member variables with the help of public member functions only. It is impossible to access it directly inside main() through objects.But I am going to prove you wrong . Note: This is the final code


 
     Output: Password Extracted !!! 





                                        Now I will explain what I exactly did here. We know we can access public member variables directly. So I extracted the memory address of of the public variable 'id'. Now because all variable are stored in memory in a continuous manner it is possible to get the address of other variable by knowing the address of one variable.Here I knew the address of the variable  'id'. So I managed to get the password variable address  by trial and error method . Once I got the address of the password variable then I managed to retrieve the value of password (a private member variable) inside main() without any public member functions.

 Few thing you should note here:
  • To exploit in this manner you should have at least one variable in public section of same data type. I haven't tried with other data type so can't tell you about it.
  • To find the address of the variables you need to try out various combinations . 
------------------------------------------------------------------------------------------------------------

Sunday, 28 October 2012

Hacking WebServer : Brute Forcing

Standard
Hello Friends.
                      Today I am going to show you how to develop a word list and use brute force the login authentication to access certain directory in web server.

Basic Things Required
1.Java SDK and JRE [this will be required to develop the word list. ]
2.Any IDE like BlueJ or NetBeans or Eclipse . You can use notepad but you need to compile that manually.It is not necessary you need to create word list using Java only.You can use any programming language you feel comfortable. 
3.Brutus or THC Hydra [Brute Force tools]

CAUTION
"This tutorial should be used for educational purpose only. I won't be responsible if you misuse this techniques and get yourself in trouble.Sometimes (rarely although) performing Brute Force attacks can lead do DOS attacks. To prevent this sometimes system admin keeps tracks of the incoming connections . If they find that too many requests are being sent from a particular IP then they block that IP for sometime, sometimes even Bans them. Some web servers also deploy IDS in their web server to prevent brute force attacks . Performing this technique is completely illegal."


Word List Generator Source Code
Here is a small code written in Java that can be used to create a simple 2 lettered word list.

*******************Code Starts Below This Line************************

public class WordList{
    public static void main(String args[]){
        for(int i=0;i<26;i++){
            for(int j=0;j<26;j++){
                char c1=(char)('a'+i);
                char c2=(char)('a'+j);
                 System.out.println(c1+""+c2);
            }
        }
    }
}
**************************Code Ends Above This Line*******************
  • You can manually compile the code by saving it in a file having  same name as the class name and having  extension an extension .java. Compile it by using the command
          javac WordList.java

         And execute it by 

          java WordList.class

  • Find the directory that requires the login username and password.



  • Now that You have got the directory that requires credentials, try to access it and you will find a prompt asking for credentials.



  • Now here 2 different cases can arise. Sometimes username is already provided and you need to provide password only and sometimes neither are provided. If you don't find the username then you need to create different word list for username.Now its time for Brutus to play his role.
  • Perform the details I provided in this image. Sometimes you need to customize  the settings it in a different way.


After Brutus provides a positive result you can enter the username and password at the login prompt and access the directory.

#################################################################################

Sunday, 7 October 2012

Web Server Hacking using Local File Inclusion Attack

Standard
                     Hey Friends I am back with a new tutorials on how to hack a web server using LFI attack or Local File Inclusion Attack.
                     LFI is an attack by which a attacker can access files in directory by including them in the web pages . This happens due to flaws in coding and careless ways of coding.Here I will demonstrate how you can hack a website and get root level access to a server
                     Now some word of caution. You should never perform such activity without the permission of the site owner. This is completely illegal. I am showing you this demo for educational purpose only. I won't be be responsible if you get in trouble after misusing these techniques.  Here I will be showing a demo on a training website of enigmagroup for demo purpose only.

What do u need to know ?

  • Linux Directory Architecture.
  • About the location of passwd files and its encryption files.
  • Techniques of file traversal in Linux ( use forward slash /).
  • Working with Command Line in linux or windows.
  • Knowledge on using port scanner and password crackers.
  • GET methods.
  • Idea about various ports 
What tools are required ?
  • John The Ripper(password Cracker)-for password scanning
  • Nmap - For searching and scanning open ports
Note: This type of attack is only possible in websites vulnerable to LFI attack and not necessarily every site is vulnerable to this type pf attack.
They usually have this type of url or something like below: 
http://www.site.com/dir/?page=intro  

                                  

Step 1 
Use port scan and determine which OS the server is using. You need to know this because the directory architecture is different in different OS.

Now browse the website and modify the URL in such ways
http://www.site.com/dir/?page=../etc/passwd
http://www.site.com/dir/?page=../../etc/passwd
http://www.site.com/dir/?page=../../../etc/passwd

Keep doing till you find something like this

Step 2.Now examine the contents that appears on the screen

You can see all the list of valid users and their encrypted passwords in the text above.It is in DES   encryption.Now I need to decrypt the encrypted codes.

Step 3. Open Command Prompt and  Access John the Ripper Folder.
Make a file in the run directory inside John The Ripper Folder and paste the encrpted text.
Like I will use password of the user so the text I will decrypt is    4doxGUy8UpD0o


  Save the file and now from command line  type 
  john passwordfile.txt and wait for some time .You will see the decrypted password 

Now we have the password n00bs

Step 4.Now we need to find open ports in the server .We need to perform a port scan to find open ports.

Now that we find that the ports are open for http is 8080 and 8008.
Now go the address bar and type www.vunerablesite.com:8080 or  www.vunerablesite.com:8008 and will enter the username and password  at the login panel and we have an access now :) :) .

Tuesday, 2 October 2012

Hide your shadow and bypass the security

Standard
Hey Friends,
Today I am going to share with you some cool ways how you bypass and  access blocked sites.
Few important thing you should keep in mind while executing these methods.
1.Never send any secured information . Example your ATM or credit card number.
2.Keep a check on the open ports of your computer.It may happen that you can be a victim of DDOS (Distributed Denial of Service Attack) attack .

1.Modify host file
 Modifying host file allows you bypass local DNS filtering.
  • Open command prompt and write this in the terminal          ping  anyblockedsite.com 




  • Now Go to windows/system32/drivers/etc folder
  • Open host file with any text editor like notepad and add a line like this from the output
  • 10.0.2.16  kiit.ac.in
  • Save the file.
  • This has only some disadvantage. This is good if the page is a single page. If u need to do for a whole site then u need to map other ip address also. Other disadvantage is that technique cannot be used if the administrator is using Website Blockers like Juniper Website Blocker.


2.TOR BROWSER BUNDLE



3.ULTRASURF

In my next blog I will explain how TOR and Host Modification Works. Till then have a good day. 

Saturday, 1 September 2012

UltraBook

Standard

LAPTOPS? NAH.. BUY ME AN ULTRABOOK!!!

Remember those good old days when laptops were huge, bulky and non-performers? It was unthinkable that a laptop can replace a desktop. But as time passed laptops became lighter, faster and smarter  Gradually laptops came into the mainstream. They started performing. Now the new buzzword in the market is "ULTRABOOK", a new form of laptops. As the name suggest it is ultra, ultralight, ultra-thin and ultra performing. Ultrabook is defined by Intel. Ultrabooks are designed to be ultrathin(less than 2.1 cm), ultra lightweight(less than 1.5kg), but without compromising on performance and battery life.They use low-power Intel processors with integrated graphics and unibody chassis to fit larger batteries into smaller cases.

In 2011, Intel set aside a $300 million fund to be spent over the next three to four years in areas related to Ultrabooks. Intel announced the Ultrabook concept at Computex in 2011. The Ultrabook would be a thin (less than 0.8 inches) notebook that utilized Intel processors and could also incorporate tablet features such as a touch screen and long battery life. Intel requires manufacturers to meet certain specifications in order to market a laptop as an Ultrabook.

Processors:
They are powered by intel processors. The first series ultrabooks came with SandyBridge processors and the recent ones will come with the new IvyBridge processors featuring Tri-Gate transistors.
The integrated graphics will take care of the graphics part.

Dimensions:
The max thickness of small Ultrabooks can have is 18mm. The larger ultreabooks will have a max thickness of 21mm. The Ultrabooks which can act as a tablet and laptop can be max 23mm thick.

Battery Life:
Ultrabooks can run 5-8 hrs on a single charge. That is really impressive!

UltraFast:
Ultrabooks will feature fast connectivity options like USB 3.0, Thunderbolt etc fopr fast data transfers between devices. They can feature SSDs for fast datas storage and retrieval

Performance:
Ultrabooks will be at par with mainstream laptops. You can play demanding games, do resource hungry applications, watch HD movies, listen to great music and many more....

All this in an ultralight, ultrafast, ultraslim "ULTRABOOK" !!!

Contributed by: Anshuman (https://www.facebook.com/anshuman.pati)

Two Cool Linux Distribution

Standard
Tired of using same Linux distribution ?
Want some change ? Well Today I am going to share with you some cool Linux Distribution that you will surely like.
1.Tiny Core Linux
An extremely small distribution. It's size is around 11 MB only. A Linux distribution that can work on even old machines.Support GUI and easy to use.

2.Ubuntu Studio
This distribution is perfect for you if you are looking for a distribution that offers a huge multimedia support.A good collection of audio,video,graphic software comes inbuilt with this distribution. Must try I will say !