Sunday, 28 October 2012

Hacking WebServer : Brute Forcing

Hello Friends.
                      Today I am going to show you how to develop a word list and use brute force the login authentication to access certain directory in web server.

Basic Things Required
1.Java SDK and JRE [this will be required to develop the word list. ]
2.Any IDE like BlueJ or NetBeans or Eclipse . You can use notepad but you need to compile that manually.It is not necessary you need to create word list using Java only.You can use any programming language you feel comfortable. 
3.Brutus or THC Hydra [Brute Force tools]

CAUTION
"This tutorial should be used for educational purpose only. I won't be responsible if you misuse this techniques and get yourself in trouble.Sometimes (rarely although) performing Brute Force attacks can lead do DOS attacks. To prevent this sometimes system admin keeps tracks of the incoming connections . If they find that too many requests are being sent from a particular IP then they block that IP for sometime, sometimes even Bans them. Some web servers also deploy IDS in their web server to prevent brute force attacks . Performing this technique is completely illegal."


Word List Generator Source Code
Here is a small code written in Java that can be used to create a simple 2 lettered word list.

*******************Code Starts Below This Line************************

public class WordList{
    public static void main(String args[]){
        for(int i=0;i<26;i++){
            for(int j=0;j<26;j++){
                char c1=(char)('a'+i);
                char c2=(char)('a'+j);
                 System.out.println(c1+""+c2);
            }
        }
    }
}
**************************Code Ends Above This Line*******************
  • You can manually compile the code by saving it in a file having  same name as the class name and having  extension an extension .java. Compile it by using the command
          javac WordList.java

         And execute it by 

          java WordList.class

  • Find the directory that requires the login username and password.



  • Now that You have got the directory that requires credentials, try to access it and you will find a prompt asking for credentials.



  • Now here 2 different cases can arise. Sometimes username is already provided and you need to provide password only and sometimes neither are provided. If you don't find the username then you need to create different word list for username.Now its time for Brutus to play his role.
  • Perform the details I provided in this image. Sometimes you need to customize  the settings it in a different way.


After Brutus provides a positive result you can enter the username and password at the login prompt and access the directory.

#################################################################################

Sunday, 7 October 2012

Web Server Hacking using Local File Inclusion Attack

                     Hey Friends I am back with a new tutorials on how to hack a web server using LFI attack or Local File Inclusion Attack.
                     LFI is an attack by which a attacker can access files in directory by including them in the web pages . This happens due to flaws in coding and careless ways of coding.Here I will demonstrate how you can hack a website and get root level access to a server
                     Now some word of caution. You should never perform such activity without the permission of the site owner. This is completely illegal. I am showing you this demo for educational purpose only. I won't be be responsible if you get in trouble after misusing these techniques.  Here I will be showing a demo on a training website of enigmagroup for demo purpose only.

What do u need to know ?

  • Linux Directory Architecture.
  • About the location of passwd files and its encryption files.
  • Techniques of file traversal in Linux ( use forward slash /).
  • Working with Command Line in linux or windows.
  • Knowledge on using port scanner and password crackers.
  • GET methods.
  • Idea about various ports 
What tools are required ?
  • John The Ripper(password Cracker)-for password scanning
  • Nmap - For searching and scanning open ports
Note: This type of attack is only possible in websites vulnerable to LFI attack and not necessarily every site is vulnerable to this type pf attack.
They usually have this type of url or something like below: 
http://www.site.com/dir/?page=intro  

                                  

Step 1 
Use port scan and determine which OS the server is using. You need to know this because the directory architecture is different in different OS.

Now browse the website and modify the URL in such ways
http://www.site.com/dir/?page=../etc/passwd
http://www.site.com/dir/?page=../../etc/passwd
http://www.site.com/dir/?page=../../../etc/passwd

Keep doing till you find something like this

Step 2.Now examine the contents that appears on the screen

You can see all the list of valid users and their encrypted passwords in the text above.It is in DES   encryption.Now I need to decrypt the encrypted codes.

Step 3. Open Command Prompt and  Access John the Ripper Folder.
Make a file in the run directory inside John The Ripper Folder and paste the encrpted text.
Like I will use password of the user so the text I will decrypt is    4doxGUy8UpD0o


  Save the file and now from command line  type 
  john passwordfile.txt and wait for some time .You will see the decrypted password 

Now we have the password n00bs

Step 4.Now we need to find open ports in the server .We need to perform a port scan to find open ports.

Now that we find that the ports are open for http is 8080 and 8008.
Now go the address bar and type www.vunerablesite.com:8080 or  www.vunerablesite.com:8008 and will enter the username and password  at the login panel and we have an access now :) :) .

Tuesday, 2 October 2012

Hide your shadow and bypass the security

Hey Friends,
Today I am going to share with you some cool ways how you bypass and  access blocked sites.
Few important thing you should keep in mind while executing these methods.
1.Never send any secured information . Example your ATM or credit card number.
2.Keep a check on the open ports of your computer.It may happen that you can be a victim of DDOS (Distributed Denial of Service Attack) attack .

1.Modify host file
 Modifying host file allows you bypass local DNS filtering.
  • Open command prompt and write this in the terminal          ping  anyblockedsite.com 




  • Now Go to windows/system32/drivers/etc folder
  • Open host file with any text editor like notepad and add a line like this from the output
  • 10.0.2.16  kiit.ac.in
  • Save the file.
  • This has only some disadvantage. This is good if the page is a single page. If u need to do for a whole site then u need to map other ip address also. Other disadvantage is that technique cannot be used if the administrator is using Website Blockers like Juniper Website Blocker.


2.TOR BROWSER BUNDLE



3.ULTRASURF

In my next blog I will explain how TOR and Host Modification Works. Till then have a good day.