Showing posts with label hacking. Show all posts
Showing posts with label hacking. Show all posts

Possibility to hack a website/server

I am gonna discuss about web hack . What it is and what method we use to pawn a website There are hell of method .
I'm gonna explain most common method which are being used by an attacker .

1# Sql Injection 70%
2# Lfi
30% for both
3# RFI
Before I begin I would like to explain some thing which is very important all skilled person know what I'm gonna talk about. ah.. ok its enumeration .

Most of the noob just visit php site and look for fuckin sqli if failed they move back . A good skill person will surely find an other way to pawn it.
For that he/she will dig the information about that target webserver/website. Our target will be abc.com

Step-1# What we need:
This is what we start our journey , visiting out target website to have an idea. We have found get basic info site based on php ok fine. Now what ..?

Bare in mind in this tutorial I am not gonna use any automate tool or any thing it will be fully manual finding.

Step-2# Information Gathering:
What information do we need to gather for attack on our target?? Obviously loophole in a website , try to make your habit to review the website source code.
That will help a lot and make things easier for attack. In my case of abc.com is a wordpress 3.2.1 and full patched . We assume is it on shared hosting.

Step-2.1# Looking for other vuln website on same host:
Now we will look for an other target (vuln website) that hosted on same server where our target is hosted . We will look for I.E SQLi , RFI , LFI these are
most common attacking approach.

Step-2.2# IP information/Reverse Domain Lookup:
We will use nslookup or dig to find out IP address of abc.com .

I.E : nslookup abc.com
Code:
Server:        x.x.x.x
Address:    x.x.x.x#53

Non-authoritative answer:
Name:    abc.com
Address: 1.2.3.4

dig abc.com
Code:
;; ANSWER SECTION:
abc.com.        300    IN    A    1.2.3.4

We are sure that our abc.com is point to 1.2.3.4 , how to get other domain information which are hosted on same server ? There are online tool available for
this purpose following are two websites :

Code:

Why I recommended domaintz.com because it will bring up apropirate results. Ive test abc.com on yougetsingal.com it gave me only 73 but with
domaintz.com gave a perfect one 400 wow .

Step-3# Attacking:
We have found a website vuln to sqli , Im skiping how to sqli work this is behind the scope of this tutz. Hint will be you will have to check those website
for vuln either for sqli , rfi , lfi even some website having default user/pass like . admin:admin or admin:123456 .

Now reset of things you know what to do ;). uploading shell then launching symlink attack to pawn actual target on same host .

The main purpose of this tutz is to think out of the box , think about many possibility to hack a website/server. Hope you enjoy it ;) .
Most Important thing in this tutorial is from Step#2 - 2.2 and review source code of your target that will help you a lot really. Mostly website open to directory triversal or discloser ;)
Hope you enjoy reading this .
======================================================
"For more information about NetworkzPeritus, you may visit our website at http://www.NetworkzPeritus.com/ & blog at http://networkzperitus.blogspot.in/
Posted by Viviek
Posted by No comments:
Labels: ,

Cyber Warriors


For students seeking to become Cyber Warriors, the US government has a sweet deal.

Full tuition, expenses and a stipend will be paid at any of dozens of universities for students to get specialized cyber security training, in exchange for an equal number of years working for a federal agency.

The CyberCorps programme launched in 2000 highlights how desperate the US government is to get people with the special skills to keep computer networks secure.

Backers of the programme say it is having a modest impact in meeting the country's growing cyber security needs.

"We have a large number of people who are students of cyber security, report writers, analysts," Alan Paller, research director at the SANS Institute and head of a task force advising the Department of Homeland Security on cyber skills.

The programme funded through the National Science Foundation currently provides graduates around 150 students each year. But that is small compared with China which trains "a thousand times more" people, according to Piotrowski.

It is difficult to find people with science and technology background, but cyber security adds more requirements -- those working for US government agencies must be US citizens, without any criminal records.

Piotrowski said each year some 40 to 60 federal agencies compete for about 150 graduates, virtually ensuring a job for each.

"I can't think of any other profession which attracts so many agencies," he said.

Highlighting the shortage, Piotrowski said some graduates -- who are required to work in government for the same number of years for which they receive a scholarship -- sometimes get job offers from the private sector which allow them to bypass that requirement by paying back the government.

He said a large number of graduates go to top-secret jobs at places like the National Security Agency, but that all organizations need cyber security, from the Federal Reserve to utility companies.

The programme offers aid similar to that of Reserve Officer Training Corps, which offers student aid for those going into the military.

Andreae Pohlman, a recent graduate of the programme at George Washington University who is set to begin a government job, said the training included real-life attack and defense simulations which included some surprises.

Mischel Kwon, another George Washington cyber security graduate who went on to head the US Computer Emergency Readiness Team before starting her own consulting firm, said awareness is a major issue.

"A lot of the problem is understanding we have a problem," she said.

"The workforce needs to grow and I think CyberCorps is a great way of doing that. We need to educate executives and company boards and help heads of agencies understand this is a priority that needs to be funded."

Patrick Kelly graduated from the GWU program and now teaches there in addition to his work at a federal agency.

Kelly said he tries to get students to learn about a range of possible threats like "phishing" e-mails, physical attacks and data thefts from portable thumb drives.

But he said the bad guys are constantly changing tactics.

"It's getting more severe," he said. "There is now an ability to automate attacks. The number of attacks and successful ones are going up exponentially, you're always playing catch-up."

Paller said there is a growing concern that "the next war will be in cyberspace" and that the US is ill prepared.


"For more information about NetworkzPeritus, you may visit our website at http://www.NetworkzPeritus.com/ & blog at http://networkzperitus.blogspot.in/

Posted by Viviek

www.NetworkzPeritus.com
Posted by No comments:
Labels: ,

SQLi attacks prevention







Idea about SQLi attacks & how to prevent



SQL injection is the technique to bypass the security of website.
Its very common vulnerability found in websites, SQL injection
vulnerability caused due to poor coding of the developers.
With the SQLi loophole an attacker can easily hack your site that will lead to data loss or many other social issues.

Now we are going to develop a simple login system where PHP is used
for database connectivity and server side processing and MySQL is used
as database storage.
======================================================
PHP CODE

<title>
SQLi – Attacks
</title>
<from action="”verify.php”" method="”POST”"></from>
Username :<input type="”text”" name="”user”"></input>
Password :<input type="”password”" name="pass”"></input>
<input type="“submit”" value="”Login”"></input>
======================================================
//Now verify.php for verifying the login by user

PHP CODE

/// For Database Connectivity ///
$count = 0;
$host=”localhost”;               //Host name
$username=”root”;              //Mysql usermane
$passqord=””;                                   //Mysql password
$db_name=”SQL”;   //Database name
$tbl_name=”user”;   //Table name
// connect to server and select database.
Mysql_connect(“$host”, “$username”, “$password”)or die(“cannot connect”);
Mysql_select_db(“$db_name”)or die(“cannot select DB”);
======================================================
//checking login essentials
$user =$_POST[‘user’];
$pass =$_POST[‘pass’];
$sql=”SELECT *FROM $tbl_name WHERE usern=’$user’ AND pass=’$pass””;
$result=mysql_query($sql);
$count=mysql_nu,_rows($result);
If($count) {
Echo “
Welcome Usser
”;
}
Else
{
Echo “Bed Username or Password”;
}

?>

In the above code, we used the query
“SELSCT *FROME $tbl_name WHERE usern=’$user’ AND pass=’$pass’”;

An attacker can easily bypass this by making the whole expression
true. It can be done, if the user passes the value 1’ or’1’=’1 in
username and password. Then the above expression becomes like this :
“SELECT *FROM $tbl_name WHERE usern=’$user’ AND pass=’$pass’”;
Now the value of user and password is 1’ or’1’=’1.
“SELECT *FROM $tbl_name WHERE usern=’1’ or’1’=’1’ AND pass=’1’ or’1’=’1’”;
Now the whole expression become TRUE you can try it yourself.
======================================================
SQLi Prevention:-

Now to avoid SQL injection we well escape the data before passing it
to the MySQL query string. In PHP, we take the help of the function
mysql_real_escape_string();, which escapes the string. It will convert
‘into \’by escaping it.
Now I am going to writing secure code.

PHP CODE

/// FOR Database connectivity ///
$count =0;
$host=”localhost”;               //Host name
$username=”root”;              //Mysql username
$password=””;                                  //Mysql password
$db_name=”SQLi”;              //Database name
$tbl_name=”user”;               //Table name

// Connect to server and select database.
mysql_connect(“$host”,”$username”, “$password”)or die(“cannot connect”);
mysql_select_db(“$db_name”)or die(“cannot selectDB”);
// Checking login essentials
$user =mysql_real_escape_string($_POST[‘user]);
$pass =mysql_real_escapr_string($_POST[‘pass’]);
$sql=”SELSCT * FROM $tbl_name WHERE usern=’$user’ AND pass=’$pass’”;
$result=mysql_query($sql);
$count=mysql_num_rows($result);
If($ccount){
Echo “
Welcome User
”;
}
Else
{
Echo ‘Bed Username or Password”;
}

?>
This code is more secure than the previous one. It can be made more securing by considering Brute Force prevention,
 Now we have the knowledge of SQLi attack and its prevention, and we are able to write more secure code
======================================================

"For more information about NetworkzPeritus, you may visit our website at http://www.NetworkzPeritus.com/ & blog at http://networkzperitus.blogspot.in/

Posted by Viviek
Posted by No comments:
Labels: ,

How to Hack Website


Here I am going to share some real hacking techniques, using which one can hack any server or website.

This post is for educational purpose only.

The best vulnerability scanner software and assessment tool: Nessus & Exploitation Tool: Metasploit Framework

Used Tools are freely available on internet:Tool

  • 1. NESSUS
  • 2. OpenVAS Server
  • 3. OpenVAS Client
  • 4. Nmap
  • 5. Nikto
  • 6. SQLMap
  • 7. Metasploit

Steps need to be followed to hack a server is as cited below:

 1. Fist port scanning, Scan target server open ports with N-Map or Angry-IP

2. Second step is Service enumeration. Here you have to use N-Map to determine what services are open and available.
To know how to perform Enumeration and foot printing attack, please Google it :)

3. The third step is Scanning target to find the vulnerabilities. For this you have to use NESSUS or OPEN VAS. These tools will scan all open ports, regardless of common and defaulted settings. This will confirm listening services and check those against a database of exploitable services. To see if you are running any services that are mis-configured or vulnerable to exploits.

Note:If you want to working of NESSUS...OR How to use NESSUS video tutorials available on YouTube.com

4. You can also use Nikto. It will used to check the web server(s) for mis-configurations and exploitable web applications.

5. After all these scanning, play with SQL. Use Sqlmap for this. You can also use few more SQL tools, softwares and techniques.

6. The next step is to get access on system using the vulnerabilities found. Gaining Access on remote system. This you can achieve using Metasploit software. To know how to use metasploit search in http://www.securitytube.net

7. The next step is to maintain you access on the compromised system.
Upload shell like c99,b374k,r57_kartal or upload any backdoors like sshdoor and also any perl,python backdoors.

8. Now you are able to anything like deface or root server (rooting server pritty much interesting but for that need good command in Linux)

10. After uploading shell check kernel version with this command "uname -a" it show like this "Linux shell99 2.6.35-28-generic #50-Ubuntu SMP Fri Mar 18 19:00:26 UTC 2011 i686 GNU/Linux"

11. Now u have kernel version now search Local kernel exploit and upload into server and run (exploit upload in Temp folder coz temp folder always writable) don't forget to change the permission of the exploit to using this command "chmod 777"

12. Run exploit and you will get root, check with this command "whoami"

9. THIS IS THE MOST IMPORTANT STEP Covering Tracks. After you activities, you must remove all your track records....;)
Remove all Log files using Log Cleaner

Posted by Viviek
www.NetworkzPeritus.com

Posted by No comments:
Labels: , ,
Subscribe to: Posts (Atom)