Session ID Analysis

In this tutorial we focus on session ID analysis. If you are not familiar with session ID’s I’ll do a quick explanation. HTTP is a stateless protocol, so it’s equivalent to walkie talkies or CB radios. You’ll send a request and wait for a reply, you don’t have a constantly open communication line as you would with a phone. So in order to emulate this open communication the HTTP protocol uses session ID’s, commonly known as cookies. These cookies are simply agreements between you and the web application that you are who you claim to be....

Read More

Speaking Leet : Language of Hackers

To speak leet, you more or less need to un-learn proper english. The history of leet goes back to the early days of online message boards, or forums, where users can post messages to carry on a threaded conversation. In an attempt to “Clean-Up” the language that users would sometimes post, admins added a filtering system to the message board which would replace restricted words with some type of alternative. For example, the word “crap” might become “crud.” It didn’t take people long to figure out that you could get around this filter simply...

Read More

How to find or remove the Virus ?

How to find or remove the Virus ? If you’ve let your guard down–or even if you haven’t–it can be hard to tell if your PC is infected. Here’s what to do if you suspect the worst. Heard this one before? You must run antivirus software and keep it up to date or else your PC will get infected, you’ll lose all your data, and you’ll incur the wrath of every e-mail buddy you unknowingly infect because of your carelessness. You know they’re right. Yet for one reason or another, you’re not running antivirus software, or you are but it’s not up...

Read More

Resetting Ubuntu 11.10 Password

Hey Guys, If you’ve forgotten your Ubuntu 11.10 Password you can reset it within minutes. I will tell you two methods to reset your Ubuntu Password. The first one is by booting it in recovery mode and second one is by using any Live OS. Let’s start with the recovery mode first as it takes less time and easy to do in comparison to the second one method: Boot up your Ubuntu. Press and Hold ‘Shift’ Key while the machine is booting. You...

Read More

Internet Access In Backtrack Virtual Machine

Hey Guys, I’ve found that some people are struggling hard to access internet in there backtrack virtual machine from their USB Modem, so today I am going to tell you how you can access internet in your virtual machine by your datacard. Open Network Adapter Settings ( Run -> ncpa.cpl ) Right Click on your USB Modem Adapter and go to properties. ...

Read More

Cracking Linux Password when Grub cannot be changed

in the previous post we learnt about cracking Linux Password using the Grub – Dropping to Single User Mode. However, if the Grub is password protected, then this method will not work. So in such cases, we can use the Linux Live CD to crack the Linux Password. Follow the below given steps to change the Linux Password, using the Linux Live CD. Boot your computer from your Linux Live CD, choosing “Try Linux without any change to your computer” from the boot me...

Read More

BackTrack 5 Released – The Most Advanced Linux Security Distribution & LiveCD

We have of course been following BackTrack since the very early days, way back in 2006 when it was just known as BackTrack – A merger between WHAX and Auditor.  They’ve come a long way and BackTrack is now a very polished and well rounded security distro, most of the others have dropped off the map leaving BackTrack as the giant in the security LiveCD space. The last major release was BackTrack Final 4 Released – Linux Security Distribution – back in January 2010. The BackTrack Dev team has worked furiously in the past months on...

Read More

How To Hack Facebook Account Using Wireshark

In this tutorial we will have out look on how you can hack facebook account using wireshark. First of all I must clear you even though you'll get access to victim's account you'll not get his/her password, next this trick will work only on LAN with hub. It will also work on LAN with switch but you'll have to perform ARP poisoning, click on link to know more. Here surely I 'll not discus how to use wireshark please read our previous tutorials...

Read More

What Is Phishing

Here in this post we will discus a little about what is phishing. Please note what we are covering here is just basics and not a phishing tutorial. In phishing attack, an attacker creates a fake login page of a legitimate website and lures victim to login using it. The site under attack is known as phished site and the fake login page used for capturing or stealing information is known as phished page. To perform phishing attack an attacker...

Read More

How To Hack Facebook Account | Phishing

In this tutorial we will discus how you can hack Facbook account password by phishing. Phishing is act of creating a replica of legitimate website for stealing passwords and credit card numbers etc. Here I will show you how you can create replica of facebook log-in page and then fool your victim to put his username and password in it so that you can get his account password . First of all open www.facebook.com in your web browser,...

Read More

JSON XSRF Attacks

Welcome to another episode of Cross Site Request Forgery Attacks on DEVILS BLOG ON SECURITY. In this post we will discus a little about JSON hacking. Now you might have question why we haven't covered JSON XSRF attacks along with other XSRF attacks. This question is little difficult to answer but here's my explanation. All other XSRF attacks usually depend on session management attacks in one or another way, directly or indirectly...

Read More

JSON XSRF Attacks

In our last post on JSON XSRF attacks we saw some basics about XSRF attacks. So now in this section we will have our look on how to find and exploit JSON vulnerability for attack. As told in previous post JSON vulnerability exists when JSON data transfer format is used instead of standard XML data transfer format and that happens only in AJAX based web applications so following are your steps to find out whether a site is vulnerable or...

Read More

SSL And TLS Attacks | SSL Man In The Middle

In our last post we discussed a little about attacking weak ciphers in this post we will have our look on how a Man In The Middle (MITM) attacks can be performed over SSL and TSL encrypted data transfer. The attack uses SSL strip developed by Moxie Marlin Spike with a ARP spoofing tool and a packet sniffer. The attack can be exclusively performed from UNIX and Linux based platforms hence I suggest you to use Dsniff. Practically SSL strip was developed to demonstrate how an attacker can lead visitors to visit his/her site from legitimate...

Read More

Cross Site Scripting (XSS) | The Basics

In this following post we will have some basic look over Cross Site Scripting. Cross site scripting is also known as XSS and many times people also abbreviate it as CSS (by the way CSS means Cascading Style Sheets). Commonly XSS is web application attack and not web server attack, it occurs in web application which accepts input without validation and sanitization resulting giving an attacker chance to run a malicious script. XSS vulnerability...

Read More

Making your own trojan in a .bat file

Open a dos prompt we will only need a dos prompt , and windows xp… -Basics- Opening a dos prompt -> Go to start and then execute and write cmd and press ok Now insert this command: net And you will get something like this NET [ ACCOUNTS | COMPUTER | CONFIG | CONTINUE | FILE | GROUP | HELP | HELPMSG | LOCALGROUP | NAME | PAUSE | PRINT | SEND | SESSION | SHARE | START | STATISTICS | STOP | TIME | USE | USER | VIEW ] Ok in this tutorial we well use 3 of the commands listed here they are: net user , net share and net send We will select some...

Read More

Hack a Website Using Remote File Inclusion

Remote file inclusion is basically a one of the most common vulnerability found in web application. This type of vulnerability allows the Hacker or attacker to add a remote file on the web server. If the attacker gets successful in performing the attack he/she will gain access to the web server and hence can execute any command on i...

Read More