Hacker

Wednesday, 12 October 2011


Hacking Techniques
A typical hacker attack is not a simple, one-step procedure. It is rare that a hacker can get online or dial up on a remote computer and use only one method to gain full access. It is more likely that the attacker will need several techniques used in combination to bypass the many layers of protection standing between them and root administrative access. Therefore, as a security consultant or network administrator, you should be well versed in these occult techniques in order to thwart them. This chapter, which will be a review for advanced users, will introduce the main types of hacker attacks. Expert users will want to skip ahead to the next chapter (, "Wireless Attacks") and go straight for the goodies. 
The following techniques are not specific to wireless networks. Each of these attacks can take multiple forms, and many can be targeted against both wired and wireless networks. When viewed holistically, your wireless network is just another potential hole for a hacker. Therefore, this chapter will review hacking techniques from a generic perspective. 

Diverse Hacker Attack Methods 
The stereotyped image conjured up by most people when they hear the term "hacker" is that of a pallid, atrophied recluse cloistered in a dank bedroom, whose spotted complexion is revealed only by the unearthly glare of a Linux box used for port scanning with Perl. This mirage might be set off by other imagined features, such as dusty stacks of Dungeons and Dragons lore from the 1980s, empty Jolt Cola cans, and Japanese techno music streaming from the Net. 

However, although computer skill is central to a hacker's profession, there are many additional facets that he must master. In fact, if all you can do is point and click, you are a script kiddie, not a hacker. A real hacker must also rely on physical and interpersonal skills such as social engineering and other "wet work" that involves human interaction. However, because most people have a false stereotype of hackers, they fail to realize that the person they are chatting with or talking to on the phone might in fact be a hacker in disguise. In fact, this common misunderstanding is one of the hackers' greatest assets. 


Social Engineering 

Social engineering is not unique to hacking. In fact, many people use this type of trickery every day, both criminally and professionally. Whether it be haggling for a lower price on a lawn mower at a garage sale, or convincing your spouse you really need that new toy or outfit, you are manipulating the "target." Although your motives might be benign, you are guilty of socially engineering the other party. 

The Virtual Probe 

One example of social engineering that information technology managers face on a weekly basis is solicitation from vendors. An inimical form of sales takes the form of thinly disguised telemarketing. Straying far from ethical standards of sales technique, such vendors will attempt to trick you into giving them information so they can put your company's name on a mailing list. 
Here is one such attempt that we get regularly: 
"Hi, this is the copier repair company. We need to get the model of your copier for our service records. Can you get that for us?" 

Now, this sounds innocent enough, and there are probably many that fall for this tactic. However, they are simply trying to trick you into providing sensitive information-information that they really have no business knowing. 

Like the scam artist, a hacker often uses similar techniques. A popular method that hackers use is pretending to be a survey company. A hacker can call and ask all kinds of questions about the network operating systems, intrusion detection systems (IDSs), firewalls, and more in the guise of a researcher. If the hacker was really malicious, she could even offer a cash reward for the time it took for the network administrator to answer the questions. Unfortunately, most people fall for the bait and reveal sensitive network information. 


Lost Password 

One of the most common goals of a hacker is to obtain a valid user account and password. In fact, sometimes this is the only way a hacker can bypass security measures. If a company uses firewalls, intrusion detection systems, and more, a hacker will need to borrow a real account until he can obtain root access and set up a new account for himself. However, how can a hacker get this information? One of the easiest ways is to trick someone into giving it to them. 

For example, many organizations use a virtual private network (VPN) that enables remote employees to connect to the network from home and essentially become a part of the local network. This is a very popular method of enabling people to work from home, but is also a potential weak spot in any security perimeter. As VPNs are set up and maintained by the IT department, hackers will often impersonate an actual employee and ask one of the IT staff for the password by pretending to have lost the settings. If the IT employee believes the person, he willingly and often gladly hands over the keys. Voila! The hacker now can connect from anywhere on the Internet and use an authorized account to work his way deeper into the network. Imagine if you were the lowly IT staff person on call and the CEO rang you up at 10:30 p.m. irate about a lost password. Would you want to deny her access, risking the loss of your job? Probably not, which makes this type of fear a hacker's best friend. 

Thursday, 4 August 2011

Latest Hacking news|| latest vulnerability

Android app turns smartphones into hacking machines

Sometimes back, we had seen neopwn for Nokia n900 which was full fledged penetration testing suite for mobile phones. Its support for other platform was a big issue. A good news for all android dominated security nerds out there! At DefCon, Itzhak Zuk Avraham, also known by the handle @ihackbanme showed off the new hacking tool. The tool is called “The Android Network Toolkit,” named Anti for short. It will soon be available for free in the Android Market. It is is designed for penetration testing, searching out and demonstrating vulnerabilities in computer systems so that they can be patched.
  This tool kit offers a wi-fi-scanning tool for finding open networks and showing all potential target devices on those networks, as well as traceroute software that can reveal the IP addresses of faraway servers. When a target is identified, the app offers up a simple menu with commands like ‘Man-In-The-Middle’ to eavesdrop on local devices, or even ‘Attack;’ The app is designed to run exploits collected in platforms like Metasploit or ExploitDB, using vulnerabilities in out-of-date software to compromise targets. It can also target default SSH passwords in jailbroken iPhones. Soon the application will be ported for iOS. The application is expected to launch in android market by next week.

 --------------------------------------------------------------
Today, i m publishing an issue in DRDO’s site :
But Before reading this content, read the Disclaimer specified, into the description of this category, or, you can use this link to jump over their :  Disclaimer
the DRDO’s site is developed in a nice web scripting language ie. JSP, and off course, i like it… i love each and every java technology, although i m not proficient with JSP.. :-(
DRDO’s details are :
drdo_logo_name
DEFENCE RESEARCH & DEVELOPMENT ORGANISATION
Ministry of Defence, Govt. of India
you can check their official site and find more, information about them at :
  1. http://drdo.org
  2. http://drdo.gov.in
But, their is a vulnerability, in their site as well, they make use of GET method for propagating data between, different web pages very extensively….
you can exploit it, and play with their website:
Issue 1:
If you would like, then you can just hang up, their web site (on your system, as well as server also), by sending the thread, by which you are connected to their server in infinite looping state, question arises how to do that, check out the following url:
http://drdo.gov.in/drdo/English/index.jsp?pg=homebody.jsp
Concept:
in this url , they are passing a variable pg  by get method, to a page index.jsp , for fetching up some other page up from the server and displaying it, over their, in an area meant for it, since they had made a structure or backbone page, for their website and display most of the pages into that area.
What if we open index.jsp , by passing pg‘s value as index.jsp, in index.jsp
i think, if you are intelligent enough to read this document, then you understand the consequences..
       

                                                        

Wednesday, 20 July 2011

All about SAM
Warning and disclaimer:
***********************
This article is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this article or the information presented within it.

In this article, I will detail the various ways of obtaining and cracking the Windows XP SAM file. The applications of the SAM file are quite limitless. Getting past a nosy parents blocks, investigating colleagues in a workplace or school, or even recovering forgotten passwords.

Table of Contents
1 – General Information
2 – Obtaining the SAM file
3 – Cracking the SAM file

some trick of safe your Password.

1- Don’t use same passwords on multiple sites
2- Avoid registrations when you can do things without it
3- Scan the website before visiting
4- Use strong passwords
5- Don’t trust anybody you don’t know
6- Always use a secure browser    

Exploiting buggy/weak Firewall's

In this tutorial we'll be looking at a new way(at least for me) to bypass weak firewalls...
A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass. In basic language.. Firewall contains a list of some basic rules/signatures like packet filters etc etc.. It basically checks the network traffic for content that can be malicious or can be potentially harmful for the machine..
Firewalls are implemented for securing parts of the network from Hackers or any malicious users but , However if a Firewall is poorly written/implemented it will make the exploitation easier rather.. for demonstrating how these can be exploited I'll take up a Scenario..

Scenario

Most of the buggy firewalls out there carry out packet filtering by relying on the packet data..(Which indeed not to be trusted upon)..

Lets take an example that there is a System with one of these buggy firewalls and is protecting SSH , SMB etc.. But still other services like ftp and http are not filtered as they are readily used by their clients..
Now our job is to carry out requests with 22 as port number (FTP) and Destination Port No set to the service we want to access(SMB Port 445)..This would bypass the firewall leading to easy exploitation..

/*
 * kev proxy
 * it's not big, but then, it's not that clever either.
 *
 * compile with cc -o kp kp.c -lpthread
 * tested on Red Hat 8, should work on most Linux
 *
 * kp listen_port target_ip target_port <source_port> <v>
 *
 * kp will listen on the listen_port and relay bi-directional data
 * between this port and the target_port on the target_ip.
 * The optional source_port is to set the source port on the outbound
 * connection to the target_ip.  Useful for getting around ACLs in
 * routers and firewalls.
 * 'v' indicates verbose mode for extra info.
 *
 * Note: it does not operate as a 'real' HTTP proxy, although it can
 * proxy HTTP as well as any other TCP protocol; just don't let your
 * browser know it's talking to a proxy ;) (unless, of course, you're
 * proxying for an HTTP proxy!)
*/


#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <string.h>
#include <stdio.h>
#include <ctype.h>
#include <unistd.h>
#include <fcntl.h>
#include <pthread.h>
#include <signal.h>


int listen_port, target_port, source_port, verbose;
char target_ip[1024];

void * kp(void *);

void die(int sig)
{
    pthread_exit(NULL);
}

void usage()
{
    printf("kp listen_port target_ip target_port <source_port> <v>\n");
}

int getMax(int q1, int q2)
{
    if (q1 > q2) return q1; else return q2;
}

int main(int argc, char **argv)
{
    int fd, fd1;
    const int on = 1;
    struct sockaddr_in fd_sock, fd_sock1;
    socklen_t listenlen;
    pthread_t ptConnection;

    (void) signal (SIGINT, die);

    verbose = 0;
    source_port = 0;

    if ((argc < 4) || (argc > 6))
    {
        usage();
        exit(1);
    }

    printf("kevproxy\n");

    listen_port = atoi(argv[1]);
    target_port = atoi(argv[3]);
    if (argc > 4) {
        if (strcmp(argv[4], "v") == 0)
        {
            if (argc > 5)
            {
                usage();
                exit(1);
            }
            verbose = 1;
            source_port = 0;
        } else {
            source_port = atoi(argv[4]);
            if (argc > 5)
            {
                if (strcmp(argv[5], "v") == 0)
                {
                    verbose = 1;
                } else {
                    usage();
                    exit(1);
                }
            }
        }
    } else {
        source_port = 0;
    }

    strcpy(target_ip, argv[2]);

    printf("Listening on %d, sending to %s:%d", listen_port, target_ip, target_port);
    if (source_port != 0) {
        printf(", source port %d\n", source_port);
    } else {
        printf("\n");
    }

    // fd_sock is listener
    fd_sock.sin_family = AF_INET;
    fd_sock.sin_port = htons(listen_port);
    fd_sock.sin_addr.s_addr = INADDR_ANY;

    fd = socket(AF_INET, SOCK_STREAM, 0);
    if (fd <0) {
        perror("fd: opening stream socket");
        return -1;
    }
    if (verbose) printf("socket fd made\n");

    if (setsockopt (fd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof (on)) != 0)
    {
        perror("fd: setsockopt failed");
    }
    if (verbose) printf("socket fd option set\n");

    if (bind(fd, (struct sockaddr *)&fd_sock, sizeof fd_sock) <0)
    {
        return 0;
    }
    if (verbose) printf("Bound fd!\n");

    if (listen(fd, 1024) < 0)
    {
        return 0;
    }
    if (verbose) printf("fd: listening!\n");

    for (;;)
    {
        // fd_sock1 is the accepted conx
        fd_sock1.sin_family = AF_INET;
        fd_sock1.sin_port = INADDR_ANY;
        fd_sock1.sin_addr.s_addr = INADDR_ANY;
    
        listenlen = sizeof fd_sock1;
        fd1 = accept(fd, (struct sockaddr *)&fd_sock1, &listenlen);

        if (fd1 < 0)
        {
            return 0;
        }
        if (verbose) printf("fd1: accepted!\n");

        if (pthread_create (&ptConnection, NULL, kp, &fd1) != 0)
        {
            perror("could not create thread");
            return 0;
        }
        if (verbose) printf("thread created\n");

        if ( (pthread_detach(ptConnection)) != 0)
        {
            perror("could not detach thread");
        }
        if (verbose) printf("thread detached\n");
    }
}

void closesocks(int sock1, int sock2)
{
    while (close(sock1) != 0);
    if (verbose) printf("sock1 closed\n");
    while (close(sock2) != 0);
    if (verbose) printf("sock2 closed\n");
}

void * kp(void *fd_in)
{
    fd_set socks;
    int selectret;
    int maxsock;
    int accfd, fd2;
    int num;
    char buff[65100];
    struct sockaddr_in fd_sock2, fd_sock3;

    accfd = * (int *) fd_in;

    if (verbose) printf("accfd = %d\n", accfd);

        // fd_sock2 is local port of outbound conx
    fd_sock2.sin_family = AF_INET;
    fd_sock2.sin_port = htons(source_port);
    fd_sock2.sin_addr.s_addr = INADDR_ANY;

    // fd_sock3 is outbound conx
    fd_sock3.sin_addr.s_addr=inet_addr(target_ip);
    fd_sock3.sin_port = htons(target_port);
    fd_sock3.sin_family = AF_INET;

    fd2 = socket(AF_INET, SOCK_STREAM, 0);
    if (fd2 <0) {
        perror("fd2: opening stream socket");
        return NULL;
    }
    if (verbose) printf("socket fd2 made\n");