Sqlmap 0.9 Available For Download Now

Sqlmap is a very popular tool used which automates the method of discovering a Sql injection flaw in a web application and exploitation part as well. Sqlmap team has just released the newest version of Sqlmap, Sql map comes in with lots of changes including a fully re-written SQL Injection flaw detecting engine.

Features

Here are some of the newset features in Sqlmap 0.9:

• Rewritten SQL injection detection engine (Bernardo and Miroslav).
• Support to directly connect to the database without passing via a SQL injection, -d switch (Bernardo and Miroslav).
• Added full support for both time-based blind SQL injection and error-based SQL injection techniques (Bernardo and Miroslav).
• Implemented support for SQLite 2 and 3 (Bernardo and Miroslav).
• Implemented support for Firebird (Bernardo and Miroslav).
• Implemented support for Microsoft Access, Sybase and SAP MaxDB (Miroslav).
• Added support to tamper injection data with –tamper switch (Bernardo and Miroslav).
• Added automatic recognition of password hashes format and support to crack them with a dictionary-based attack (Miroslav).
• Added support to fetch unicode data (Bernardo and Miroslav).
• Added support to use persistent HTTP(s) connection for speed improvement, –keep-alive switch (Miroslav).
• Implemented several optimization switches to speed up the exploitation of SQL injections (Bernardo and Miroslav).
• Support to parse and test forms on target url, –forms switch (Bernardo and Miroslav).
• Added switches to brute-force tables names and columns names with a dictionary attack, –common-tables and –common-columns.

You can download Sqlmap 0.9 here

Read More

How To Find Lost Microsoft Office 2010 Product Key

In my previous post Free Microsoft office 2010 Product key I posted free Microsoft office product key download, However if you are one who have already installed Microsoft office 2010 and have lost the product key for any reason and looking to recover Microsoft Office 2010 Product key then you are in the right place.


Produkey

Produkey is an excellent software which can be used to extract your Microsoft 2010 product key within few seconds, and the best part is that you don't even need to install the program and it can be carried out anywhere in USB or CD.

Product Key Finder

Product key is another great small program which can help you recover your microsoft office 2010 product, it  does not only support Microsoft Office 2010 Product key but it can be used to extract other programs as well.

Read More

RafayHackingArticles Finally On A Custom Domain Now !

Well it has been almost 2 years since I have started rafayhackingarticles and for 2 years it has happened to me countless times that i have thought of moving to a custom domain(.com,.net,.org) but every time i tried to do it there was some thing which always holding me back and one of the major things which was holding me back was my SEO Standing I was afraid that I might loose my traffic, but yesterday one of my friend David suggested me to move to custom domain as blogspot is Google's property and google can delete it any time they want and Google is very less likely to delete blogs on custom domains.

So i said to my self that "Some day will never come" So I acted immediately and registered rafayhackingarticles.net, Now some of you might ask questions that whyI did not go for a .com domain, The answer is that it was not available.

Yesterday when I was searching godaddy for domains my first priority was to go after a .com domain but since it was not available .net was the second best option.

What Topics Will I cover?

1. Hacking And Security Related News.

2. Ethical Hacking Techniques.

3. Computer Tricks.

4. Windows hacks.

5. Security flaws.

And much more.

Advice for those on blogspot:

During my experience of more than 2 years with blogging the biggest mistake i made was that I blogged on a blogspot domain(And never will), If are still on blogspot I suggest you to move to custom domain, Their are countless advantages of a custom domain over a sub domain, If you are looking forward to make serious money from blog i suggest you to move to custom domain.

Read More

Cain And Abel 4.9.40 Is Available For Download

Cain and abel is a very popular windows password recovery program, It allows you to recover almost all kinds of passwords, It also supports wide variety of password cracking methods such as a brute force attack, Dictionary attack, Rainbow Tables, Cryptanalysis attack etc, Cain is mostly used for the purpose of sniffing and also used to carry out wide variety of Man In the middle attacks.

Features

The Oxid team has just released the newest version of cain and abel software i.e. Cain and abel 4.9.40, Here are some of the added features in cain and abel 4.9.40:

• Added Proxy support for Cain's Certificate Collector.
• Added the ability to specify custom proxy authentication credentials for Certificate Collector.
• Added ProxyHTTPS Man-in-the-Middle Sniffer (TCP port 8080).
• HTTP, APR-HTTPS and APR-ProxyHTTPS sniffer filters are now separated.
• Added progress bar indicator in the off-line capture file function.
• Bug fixed in ProxyHTTPS Man-in-the-Middle Sniffer parsing "Connection Established" string.
• Bug fixed in VoIP Sniffer creating MP3 Mono files.
• Bug fixed in RTP Sniffer processing off-line capture files.
• WinRTGen recompiled with OpenSSL library version 0.9.8q.
• OpenSSL library upgrade to version 0.9.8q.
• Winpcap library upgrade to version 4.1.2.

You can download Cain and Abel 4.9.40 here

Read More

How To Sniff VOIP Session Using Cain

According to wikipedia:


Voice over Internet Protocol (Voice over IP, VoIP) is one of a family of internet technologies, communication protocols, and transmission technologies for delivery of voice communications and multimedia sessions over Internet Protocol (IP) networks, such as the Internet. Other terms frequently encountered and often used synonymously with VoIP are IP telephony, Internet telephony, voice over broadband (VoBB), broadband telephony, and broadband phone.

Cain is an excellent software which can be used for sniffing a VOIP, There are couple of methods to sniff a VOIP session but in this tutorial I will explain you how you can use a Man in the Middle Attack with Cain and Abel to sniff a VOIP conversation.

Sniff VOIP Session With Cain

So here is how you can capture a VOIP session on your network:

Step 1 - First of all download Cain  and install it.

Step 2 - Once cain is successfully installed go ahead and launch it, Now launch the sniffer by clicking on a small green button just below the file option

Step 3 - Next click on the blue "+" at the top, choose "All hosts in my subnet" and click ok

Step 4 - This will show you all the active hosts on your network.

Step 5 - Next goto ARP tab at the bottom and press the blue "+" sign, select the hosts on which you want to you want to perform a man in the middle attack and click ok

Step 6 - Now just click on the little yellow "Microtoxic" button at the top to launch the ARP Poisoning attack which is the real name for Man in the middle attack..

Step 7 -  Next click VOIP tab at the bottom and if cain has captured a VOIP session, you will get similar results.

I hope you have enjoyed reading the post, I will write also write an article on protecting your VOIP sessions in the upcoming posts.

Read More

HITB 2011 Amsterdam Round Two Quals Binary

The provided binary is a ELF file designed to be run by inetd and accepts several character based commands followed by their parameters. The main loop reads a character from STDIN (in inetd a socket is duplicated into standard I/O descriptors) and based on the value picks a handler from an array of function pointers. The following commands exist:

• 'f' - return meta data for a given file name
• 'l' - list filenames from the home directory
• 'q' - terminate the process
• 's' - return symbolic link's path name
• 'v' - verify input with a key file's data

After mapping out all the available handlers and reviewing how they work there were no obvious vulnerabilities (e.g. buffer overflow). The handler functions that expect additional input first allocate some heap-based memory to store this input and care is taken to make sure it's not overflowed. After the handler completes its work the memory is freed. However, there's a design flaw in the way allocated memory is used when the key text is verified. Specifically, the key data is read into a allocated buffer and compared to the string supplied by a user. Once this is done the memory is simply freed, which returns the memory block to the free pool still containing the key data.

As a result, we can use another handler, which allocates memory for its operation and returns the results to the user. One such command is the 's' character, which accepts a symbolic link as a parameter. Additionally, after listing the contents of the home directory using the 'l' command we find few symbolic links that can be used for the 's' command. Thus, when requesting to view a symbolic link the real path will be copied to a allocated buffer. Since the buffer will come from the free pool and the contents were not cleared then whatever data was there will also be displayed. If the resulting path is shorter in length than the data size of the "KeyFile" we can disclose part of the secret key string.

Looking at the handler for the 'v' command it was identified that a string comparison is performed only on the last 14 bytes of the key file. This tells us how much of the disclosed key file's data we need to grab. Thus, to reproduce we need to submit the 'v' command with any key, which stores the key data into a buffer, but does not clear it after the comparison. Then, submit the 's' command to display the path of the "t1" link, which is short enough to disclose more than 14 bytes of the key file. Finally, take the last 14 bytes and submit them via the 'v' command again and this time the comparison succeeds and gives us the solution key.

The solution string is (w/o quotes): "DwightIzK00l"

Read More

40 Ways to Make Money on the Internet

I did a little bookmark scrub this morning and thought I would share the remaining content of my "Online Money" folder. To warn you, there are certain things that I don't like and never bookmark so:

What's NOT included: Taking Paid Surveys, Getting Paid to Surf the Internet, MLM, Contest Sites, "Buy my DVD, CD, Audiobook", etc.

What IS included: Things you can use to legitimately make money online - Everything from Getting Paid to review software to good ole' Adsense.

• Infolinks - Infolinks is probably the highest paying option for your in-text advertising. On DLM, you will see underlined links scattered throughout articles. Those are a function of Infolinks and without disclosing too much, it's been a great source of income. Best is that they accept all sizes of websites and blogs. Just sign up and begin.
• Build a Niche Store - This is a simple store development platform which enables you to create content based sites that generate income through the eBay affiliate programs. Pretty darn simple and increasingly popular.
• Adbrite - Sell space on your site for text ads. This would work like the DLM Marketplace you see on the right of my pages although I chose to manage it myself.
• Amazon Affiliate Program - Easily create a store or shopping section on your site instead of sending your visitors to Amazon. Amazon handles the shopping cart and fulfillment.
• Amazon Seller - Sell your stuff on Amazon
• Associated Content - If you write a story, how-to, rant, how-to cut grass, etc., you can submit it to them and they will pay you $3-$20 per article if they like it.
• Yahoo! Merchant Solutions - This is a pretty simple and cheap way to create an online store.
• Azoogleads - Another ad program. They do have some decent companies lined up as advertisers. You provide space, they'll provide an ad.
• BidVertiser - PPC (pay per click) program with a low $10 payout amount.
• Blog - Start a blog and consistently write excellent content. With good ad placement, you may make some money. I detail my process here: Simply Said, How to Blog.
• Cafepress - You provide a design, they'll toss it on a T-Shirt, Hat, etc. No upfront costs. Get a free online shop and promote your products on your website.
• Chitika - Their eMiniMalls service has shown great results for many Bloggers and site owners. You choose a keyword and they show relevant products on your site using a pretty unique interface.
• Clickbank - Quickly becoming my favorite affiliate program. They have thousands of things for you to advertise on your site.
• ClicknWork - Get paid $5-$150 per hour for basically doing freelance work on a per-assignment basis. You have to pass a pretty tough test to get in.
• Clicksor - These are the guys that generate contextual ads on sites that show up when you hover over a double-underlined word.
• Commission Junction - If you have a site, you can join Commission Junction. Once enrolled for free, you can choose companies whose ads are pertinent to your site. Companies have the ultimate say on working with you. There are easily over 1,000 companies to choose from here.
• CreamAid - For blogs only, advertisers provide you with a topic and you write about it on your site. To do this, you have to install a flash widget into your blog post. The more people you bring into the conversation through the widget, the more you get paid. It's difficult to explain.
• eefoof - Think of it as YouTube + Flickr + Music. You add original content and they pay you based on the visitors you attract.
• Ether - If you are an expert on something, Ether provides a way for people to pay you to talk about it in a one-on-one setting. If you want to charge $250/hr, that's fine. You have to do all the advertising so you should have a blog or site already established.
• eBay- Come on, you know what this is. Gather your junk and sell it!
• eBay Stores - If you have a real store and want to sell your stuff online, this is a decent option to get you started.
• ELance - Name gives it away. Programmers, Codes, Web Designers, Writers, Editors, can look for freelance opportunities.
• Feedvertising - This is an arm of Text Link Ads and is currently only good for Wordpress users. This does me no good currently, but as you can guess, they place ads in your feed(s).
• Feedburner / Google - Not only are they the best place to house your feeds, they will also add ads to your feed and website. You get paid per impression and if you implement Google Adsense to your feed, you are paid per click.
• Google Adsense - Come on, you don't need an explanation; these ads are all over the place. Google displays relevant ads based on your site's content
• Google Adwords - Create simple text ads and choose keywords that determine when they are displayed. This is where the Adsense Content comes from. You do not need a site for this.
• H3.com - Get paid to fill jobs. Commissions range from $50-$5,000. It all depends on how tough the job is to fill and how desperate the hiring company is. This is another one that's tough to explain.
• Indeed.com - Add their job board to your site. They then post jobs based on the geographic location of visitors and the position types you pre-select. I tried it and I they continually report that I sent 0 visitors and I know that's not right. Nevertheless, I may have an isolated problem so they make the list.
• InnerSell - If you have a customer that wants to buy something you cannot sell, you can sell the lead here.
• Jigsaw - It's a pretty flaky model but if you have a Rolodex full of good contacts, you can sell them here. I can't make sense of it but it looks like you get $0.10 per profile.
• LinkShare.com - If you have a site, you can join Linkshare. Once enrolled for free, you can choose companies whose ads are pertinent to your site. Companies have the ultimate say on working with you. Like Commission Junction, there are a ton of companies waiting to evaluate your site.
• Microsoft Adcenter - Bid on keywords and Microsoft places your created ads then they are searched for. This is similar to Google Adwords. You do not need a site for this.
• Overstock.com - Sell your stuff on Overstock.com
• Pay Per Post - I don't agree with this model entirely but they have advertisers that will pay you to write about their products on your blog.
• Pheedo - If you have an RSS feed, run it through Pheedo. Like Feedburner, they can include ads into your feed and if you really become large, advertisers will pay a premium for you to show their ads.
• Shareasale.com - I've used them for a couple years for some banner advertising. They are similar to Commission Junction and Linkshare however they seem to have lower tiered companies with advertising offers.
• Shoemoney - This is a blog that can teach you a ton on making money online. I've spent hours reading his old stuff.
• Software Judge - They will pay you up to $50 to review software.
• Text Link Ads - I have never made a dime here but I know people that have. You can earn by sending advertisers to them or by selling spots on your site. You must have a real site or blog to do this - nothing on a shared domain (i.e. /blogspot).
• Vibrant Media - Don't bother unless your site has 500,000 page views of text based content a month. If you have that readership, these are the guys that display bubble box ads to underlined words on your site.
• West Work At Home Agent - Not entirely online but this is worth a mention because it's won awards and is very legitimate. If you are an at-home Mom or free-lancer without work, you should check this out.

Read More

Cyber Crime

 

Cyber ​​crime or crimes committed in the virtual world is a criminal offense committed on Internet technology (Cyberspace), whether that attack public facilities or private property in cyberspace, retrieving information from individuals or companies without permission from the owner who used to commit fraud, dissemination and embezzlement. Technically, these offenses can be divided into off-line crime, semi on-line crime and cybercrime. Each has its own characteristics, the main difference between the three types of crimes are connected to the network of public information (read: internet). Cybercrime is the development of a crime by using computer technology and its development along with the development of information technology. Cybercrime tidak mengenal batasan territorial, sehingga kebanyakan korban dari cybercrime umumnya tidak mengetahui dan terlibat interaksi langsung dengan pelakunya. Cybercrime does not recognize territorial boundaries, so that most victims of cybercrime are generally not aware of and involved direct interaction with the perpetrator.

Internet crime is divided into two motifs, namely:

1. Intellectual motif. Crimes committed just to satisfy themselves the perpetrators aim is to prove proficiency in computer or information systems, especially proficiency in computer network defenses and usually actors involved in the hacker communities.
2. The motive of economic, political and criminal. Crimes committed for personal interests or the interests of certain groups that will impact on economic and political losses on the other side.

Computer crime can also be viewed within the scope as follows:

1. First, the computer as an instrument to perform a traditional crime,
2. Second, computers and devices as objects of abuse, where the data in the computer that became the object of crime can be changed, modified, deleted or duplicated illegally.
3. Third, the abuse related to computers or data,
4. Fourth, is the unauthorized acquisition, disclosure or use of information and data, relating to the problem of abuse of access rights in a manner that is illegal.

CRYME PREVENTION CYBER CRYME

There is no guarantee of security in cyberspace, and no computer security system that can continuously protect data in it.  The hackers will continue to try to conquer the most sophisticated security system, and is a pleasure for hackers if they can break into other people's computer security system. A good step is to always update your computer security systems and protect data sent with cutting edge technology as well.

At issue cyberporn or cyber sex (see page. 171-195), the issue of prevention and mitigation is not enough just to do the criminalization of terumus in sound art. The experience of some countries shows that cooperation between government, law enforcement officials, NGOs / NGOs and communities can reduce crime. Berikut pengalaman beberapa Negara itu : Here are some experiences that State:

In Sweden, Internet security company, NetClean Technology in cooperation with the Swedish National Criminal Police Department and the NGO ECPAT, developed a software program to facilitate the reporting of child pornography. When a person doubts whether the existing material on the internet is legal or not, that person can use the software directly and will soon receive an answer from ECPAT Sweden.

Norway followed Britain steps in cooperation between Telenor and the Norwegian National Police, Kripos. Kripos provides a list of sites to block child pornography, and Telenor there any person accessing it. Telenor every day blocks of about 10,000 to 12,000 people who tried to visit it there. Swedish National Police and Norway cooperate in updating the list of child pornography sites with the help of an ISP in Sweden. These sites can be accessed if they received approval from the police.
Following the steps of Norway and Sweden, the Danish ISPs to block child pornography sites since October 2005. ISP is also working with the NGO Save the Children Denmark. During the first month, the ISP has blocked 1200 access of every day.

Another determining factor in the prevention and combating cybercrime by means of non-penal is the question of ethics. In interacting with other people using the internet, covered by a specific rule called Nettiquette or ethics on the Internet. Although no standardized assessment of how to interact on the internet ethics, ethics in interacting in the real world (real life) can be used as a reference.

Read More

Learn Website Hacking And Security With DVWA Tools

Lots of readers often ask me How can I be good at website hacking and web application security, The thing is that even if you have an idea of how some popular website application attack work but still you need a safe environment to practice what you have learned because you are not allowed to access any website even for testing purposes unless and until you are not authorized to do that, This is where Damn vulnerable web app(DVWA) comes into play
Basically Damn vulnerable web app(DVWA) PHP/MySQL web app which is Damn vulnerable, DVWA web app allows you to learn and practice web application attacks in a safe environment, It's latest version is DVWA 1.7.

Web Hacking and Security related articles on RHA

• Flood a website with denial of service attack
• Common methods to hack a website
• Website Hacking with Directory Transversal attacks

Vulnerabilities

• SQL Injection
• XSS (Cross Site Scripting)
• LFI (Local File Inclusion)
• RFI (Remote File Inclusion)
• Command Execution
• Upload Script
• Login Brute Force
• Blind SQL Injection 

And much more.

Official warning

It should come as no shock..but this application is damn vulnerable! Do not upload it to your hosting provider’s public html folder or any working web server as it will be hacked. It’s recommend that you download and install XAMP onto a local machine inside your LAN which is used solely for testing.

Installation Guide

You can download DVWA 1.0.4 here, below I am posting a video which will tell you step by step how to install DVWA tools on your computer and practice website Hacking

Read More

Network Security Audit – The Benefits

Network security audit, also known as network security assessment, refers to the process of determining the security shortcomings on your network. The process is critical for a business because sensitive or critical information on a network cannot be adequately protected if you do not know what type of vulnerabilities or security holes exist on the network.

Security auditing and assessing of your network is not a one-time event. Security assessments should be ongoing because networks are constantly changing as new devices are added, configurations are changed, and software is updated. With any type of security assessment, the network layout must first be determined. The network security audit must accurately determine the extent or topology of your business network. This is includes the type of devices, the operating system in use on the devices, and what updates that have been applied. Also, you must determine what the critical information assets are and where they are located on the network.

Without this information, a network security audit is of little value because you cannot be sure to have completed a security assessment of the whole network or that you have evaluated the most critical components of the network where the most sensitive information is stored and accessed. Of course, there is much more to performing a network security audit, but these few elements are essential to make a proper evaluation of your corporate network’s security.

Benefits of Network Security Audits

Network security audits help identify vulnerabilities on your network and network devices including:

• Running services – Any service that is running on a network device can be used to attack a system. A solid network security audit would help you identify all services and turn off any unnecessary services.

• Open ports – A network security audit will help you identify all open ports on network devices and, just like running services, all unneeded ports should be closed to eliminate the possibility of being used to attack a network device.

• Open Shares – Any open share can be exploited and should not be used unless there is some essential business purpose for it.

• Passwords – Assessments/audits should evaluate the enterprise password policy and ensure that the passwords used on the network devices meet the business password policy of password strength, frequent change, and other requirements.

• User Accounts – During the audit, you must determine which user accounts are no longer being used so they can be removed or disabled. Unused user accounts allow for someone from inside or outside the network to attack and take over the account or may be an indication of a successful attack of the network.

• Unapproved Devices – Unapproved or unknown devices such as iPods, Smart Phones and Wireless Access Points installed on your network must be detected in an audit. Any or all of these, as well as other devices, can be used to attack the network or steal data off the network.

• Applications – The type of applications being used on a system should be identified during this process. If any dangerous applications are found running on a system, they should be removed. Also look for software programs that run automatically because they can be an indicator of a malware infection.

Security audits should be done on an ongoing basis. Without recurring security audits or assessments, these new vulnerabilities may not be discovered and patched to keep the computer system secure. Also, such audits should not be done manually because if administrators fail to apply certain scans, vulnerabilities in the operating systems or in installed applications can be exploited.

Using vulnerability scanners makes the task of a security audits or assessments much easier and safer. These tools automate part of the process and allow administrators to analyze the results and determine what issues should be addressed first and in which priority the other security issues should be handled.

By identifying these types of vulnerabilities on an ongoing basis, you will be adding an extra layer of protection to your network. Because network security applications and services are constantly being updated, it is of great importance to apply one of the latest security scanners and use it on an ongoing basis, together with the expertise of knowledgeable security staff to evaluate the status of your network security.

About The Author

This guest post was provided by Sean McCreary on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. More information: GFI network auditing software

Read More

An Introduction To Keyloggers, RATS And Malware

If you are one of our facebook fans than the chances you might have heard for several weeks that I will be launching my newset book very soon, So the wait is finally over, Today I have decided to launch my new book "An Introduction To Keyloggers, RATS And Malware", The book is completly dedicated to newbies who are looking forward to play with keyloggers, Rats and various other forms of malware or are curious to know how they can protect their PC's from getting infected with Trojan, worms and other forms of viruses.

The book takes you right from the beginning from basics to some advanced types of attacks too, In this book I have also reviewed various types of best keyloggers out there so you can find it easier to to choose the best one according to your needs.

How Much Does it cost?

Well here is the best part , unlike my other products such as "A Beginners Guide To Ethical hacking" and "Facebook Hacking Course" i have decided to give this e-book for free, The reason why I am giving this e-book for free is because lots of people cannot afford the costs of my products, so I don't want any one to miss the chance of getting hands on it.

My aim is to create awareness among the individual related to Ethical Hacking and Security, This is probably the reason why I am running this blog in the first place. Every single day thousands of people fall for these types of attacks and end up loosing their sensitive data such as their username and passwords and in the worse case some of them end up loosing their credit card numbers too.

By reading this e-book I am very confident that you will be able to protect your computer from most of these types of attacks.

You can download the book here

Read More

Top 5 Security Tips To Protect Your Computer From USB Viruses

With increasing anti-virus security in place against email-aware viruses and malware, hackers are turning their attention to less well-defended routes such as USB drives. This is the latest method that’s used by hackers to torment innocent users. However, there are ways you can protect your computer from USB and Pen drive viruses.

1.Block USB Viruses

Invest in an excellent anti-virus program that has built in USB virus scan and remover. These anti-USB virus scan programs not only protect your computer from USB Autorun viruses but can also clean worms, Trojans and viruses in your USB memory sticks.You can try anti-virus programs for USB virus such as USB Virus Scan, USB Drive Antivirus and so on.

2.Disable Your Computer’s Autorun Feature

When you plug in a USB drive stick into your system, the Autorun feature initiates automatically. If your USB contains any virus programs, it’ll use the Autorun feature to infect your computer. To protect your computer, disable the Autorun feature.You can disable the Autorun feature via the Control Panel.
Alternatively, you can use antivirus software to disable and enable the Autorun feature whenever you want. Additionally, these USB blocking softwares allowsystem administrators to specify which removable storage drives users can access.

3.Update Your Device Driver

Keeping your USB device driver updated is a good way to ensure greater stability for your USB drives. While this won’t help eradicate USB viruses, USB device drivers are constantly updated to block viruses and deliver timely warnings. You can update your USB device drive from your Windows Computer Management feature in the Control Panel.

4.Use USB Firewall Software

USB firewalls prevent Windows OS from processing malicious programs when a virus infected portable USB device is opened. USB firewalls monitor only your USB devices, and not your CD and DVD drives. By using USB firewalls, you’ll be enabling a basic level of protection from the autorun.inf viruses that spread from portable USB devices.

5.Always Safely Remove USB Devices

Viruses are sometimes created via damaged documents. If you are transferring a set of files to your USB drive, make sure the transfer is complete before you eject the device. Always use the Safely Remove Hardware feature of Windows OS. This is because partially transferred or damaged files can in turn corrupt other files on your USB drive.

About The Author

Montey likes to write for coupon websites where he shares some useful coupons. He blogs at many coupon blogs where he shares norton coupon codes and godaddy codes.

Read More

Stuxnet Worm Installation, Injection, Mitigation And Prevention [Video]

Stuxnet is one of the most popular windows worm, It was discovered back in July 2010 and it has attracted lots of media attention. It was also claimed that Stuxnet worm was originally devloped to target Iranian nuclear plants. Some security experts claim that Stuxnet worm is the most dangerous malware ever created.
While searching on internet related to stuxnet I came across two videos on infosecinstitute.com by Joel langill which probably explains every part of stuxnet, From it's introduction, Installation, and Injection to it's mitigation and prevention.

Part 1: Introduction, Installation, and Injection

Part 2: Mitigation & Prevention

Read More

How To Protect Your Webserver From Getting Hacked?

It has been a while since I haven't posted on RHA, that's because I was extremely busy with my university stuff and had absolutely no time for blogging, However today I finally managed to get some time for posting on RHA, In my previous article related to webserver security section I told you some ways which hackers can use to compromise your webserver, However in this article I will tell you how to protect your webserver from getting hacked or being compromised.

Well there are variety of methods you can implement to protect your webserver, but  I will not be covering all of those method because it will take alot of time explaining the concepts.

WebApplication Security

Most of the webservers get compromised due to the vulnerability in their webapplication, some of the most common existing webapplication vulnerabilities are SQL Injection, Cross site scripting, Local file inclusion etc, These vulnerabilities usually due to improper or poor coding of web applications.

How do I find if these types of vulnerabilities really exist in my webapplications?

Well unless you are a penetration tester or have proper information related to these types of vulnerabilities, it is really difficult for you to find these types of vulnerabilities, A better option is to use a vulnerability scanner like Nessus or Acunetix.

Read More About finding a vulnerability in your website - How To Find A Vulnerable Website?

SSL(Secure Socket Layer)

SSL is not really necessary until you are running an ecommerce website or a website where you want the communication to be secure, If you are wondering what is SSL(Secure Socket Layer), Kindly read my article on What is SSL(Secure Socket Layer)

Password Cracking Attacks

As I told you in my previous article that some of the popular password cracking methods include:

1. Brute Force Attacks

2. Dictionary Attacks

3. Rainbow Tables

Here is a simple tip on how you can avoid these types of attacks - Keep Strong passwords, Now what do I mean by a strong password, read my post on How to create a strong password

Use Of Firewalls

Firewalls are usually designed from stopping attackers from evading a website, A firewall is basically a gateway used to allow or deny access, but are firewalls enough to protect your webserver?
The answer is "no", The administrator need to open ports like 80, 21, 25 etc to allow the firewall to give the users access to services like website, email, ftp etc, which leaves these services vulnerable to attackers.

What if some one sends a virus attached with an email through a mail server behind a firewall, The firewall will not be able to block these types of attacks, Hopefully I will explain this stuff related to firewall security in my upcoming articles.


Update Your Webserver Regularly

Vulnerabilities are created and pathed every day, so you need to make sure that you update your webserver and install latest patches and fixes.

Intrusion Detection System

An intrusion detection system (IDS) is used to monitor the entire network, it detects intruders; that is, unexpected, unwanted or unauthorized people or programs on network, If you want to know more about Intrusion detection system kindly read the following post, It will give you a better understanding of IDS

• An Overview Of Intrusion Detection System

Certainly these methods aren't enough too for a total security, however I will continue the series of articles related to webserver security, Moreover I have also finished writing my newset book "An Introduction To Keyloggers, RATS And Malware" which I will be releasing very soon and the best part is that it will be free for all.

What methods do you use to secure your webserver?

Read More

Codegate 2011 Quals - Binary 300

The question is:

Find a malicious ID!!

The binary is a Browser Helper Object (BHO) DLL with a static XOR key "securecodegate", which is used to decrypt few arrays with statically assigned characters to each index. The "sub_1000233E" function is called with the array and a XOR key as input to perform the decryption. This occurs three times within a handler function "sub_1000270A".

The first two calls are irrelevant as they result in decryption of "google_ads_frame" (key "secure") and "client" (key "code"). However, the third call produces the answer string using the "gate" key.

This was identified by looking for various interesting strings in the binary and locating their use references. The XOR decryption routine is fairly simple and can be performed via a IDC script.

We used a lazy/simple option. Register the DLL ("regsvr32 b300.dll"). Launch Internet Explorer, attach a debugger, locate the handler function ("sub_1000270A"). Modify EIP to jump to the buffer initialization sequence, which is right before the decryption function call (e.g. @ 0x10002C96 for the "gate" key).

The answer is:

ca-pub-0123456789012345

Read More

Codegate 2011 Quals - Binary 200

The question is:

Reverse Me!!

The binary is a console based PE file. Running the file produces no output due to a certain routine terminating the process before the "main()" function starts. Looking around the code the "sub_401130" function stands out due to initialization of a local array with various bytes. At the end of this function a decryption routine is called ("sub_401070") with the array as input. The decryption loop performs an XOR operation using the string's length as the key.

To obtain the answer a breakpoint was placed @ 0x00401494, which calls the "ExitProcess()" library function prior to "main()". Next, modify EIP to point to the start of the array initialization routine and execute until the decryption function is called. Let it do its XOR job and look at a local buffer once complete to get the answer string.

The answer is:

http://forensic-proof.com/archives/552

Read More

Codegate 2011 Quals - Forensics 300

The question is:

we are investigating the military secret's leaking. we found traffic with leaking secrets while monitoring the network. Security team was sent to investigate, immediately. But, there was no one present. It was found by forensics team that all the leaked secrets were completely deleted by wiping tool. And the team has found a leaked trace using potable device. Before long, the suspect was detained. But he denies allegations.

Now, the investigation is focused on potable device. The given files are acquired registry files from system. The estimated time of the incident is Mon, 21 February 2011 15:24:28(KST). Find a trace of portable device used for the incident.

The Key : "Vendor name" + "volume name" + "serial number" (please write in capitals)

Enumerate a timeline of USB activity from the backup system hive

...
Disk&Ven_Corsair&Prod_UFD&Rev_0.00,Thu Feb 17 04:41:02 2011,ddf08fb7a86075&0,Thu Feb 17 04:41:03 2011,Corsair UFD USB Device,
Disk&Ven_FM&Prod_Memorette_Swing&Rev_1.00,Thu Feb 17 06:38:21 2011,2008090256000000000000BE&0,Thu Feb 17 06:38:22 2011,FM Memorette Swing USB Device,
...

The enumeration shows all of the USB devices ever connected to the system. The registry last modified times are written the first time the device is connected, but are not updated when a device is subsequently connected.

Running a timeline on the registry (via "regripper"), we see that only one USB device is connected on Feb 21:

Mon Feb 21 06:24:21 2011Z HKLM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_CORSAIR&PROD_UFD&REV_0.00#DDF08FB7A86075&0#\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}

From there, we know that the suspect device vendor is "CORSAIR" and the serial number of the device is "DDF08FB7A86075". Inspection of this registry path reveals that the default name of the device has been changed. The registry key "FriendlyName" has a value of "PR0N33R", which is the displayed volume name when the device is connected.

The answer is:

CORSAIRPR0N33RDDF08FB7A86075

Thanks to our team member tina for the solution.

Read More

Codegate 2011 Quals - Network 100

The question is:

This data is related to any attack.
calculate the md5sum of the intended file.

(calc md5 uppercase)

The provided binary is a PCAP file containing bunch of HTTP traffic and some SMB chatter. The question mentions an attack. Since it's heavy on HTTP usage then it made sense to get a list of all requests. Two strange requests stand out:

GET /H1A1.html HTTP/1.1
GET /H1A1.exe HTTP/1.1

Carving out (using Wireshark's "Follow TCP Stream" -> "Save As") the "H1A1.exe" response and removing the HTTP response header we end up with a regular PE file. Next, calculate its MD5 checksum and convert to upper case.

The answer is:

7A5807A5144369965223903CB643C60E

Read More

Man In The Middle Attack - SSL Hacking

One of the most successful way of gaining information such as passwords,user ids etc in LAN (local area network) is through man in the middle attacks . I will not be going to deep into Man in the middle attacks, but in simple words it can be explained as attacker or a hacker listening to all the information sent in between the client and the server .To prevent these kind of attacks Email providers started using Hypertext Transfer Protocol Secure (HTTPS) It is a combination of the Hypertext Transfer Protocol(HTTP) with SSL (Secure socket layer )protocol to provide encrypted communication between the client and the server .So when a hacker caries out a Mimt attack the victim is cautioned with a invalid SSL Certificate



In this tutorial I will teach how to carry out a successful Mitm attack

Concept :-

We Know that HTTP (Hypertext Transfer Protocol )simply sends all the information through plain text .So if we make the victim use HTTP instead of HTTPS to connect sites like Gmail , Pay pal. we will be able to carry out a successful Mitm attack with out causing any suspicion To do this we are going to use a tool called SSL strip

Read More: What is SSL(Secure Socket Layer)

Thing we Need

1. SSL strip: You can search Google for SSL strip it comes both in windows and Linux versions . I will be using the windows version in this tutorial

2. Ettercap to carry out mitm attacks

Demonstration :-

1. Open SSL strip and fill in all the required information for arpsoof, network ,ssl strip, change data .If you don’t know what to enter simply click auto check . remember to check if HTTPS to HTTP is included in Change data , finally click ok

2. Now select the victim’s IP and click open

3. Now open ettercap go to sniff -unsniffed sniffing and select your network interface and click ok 

4. Now select hosts-scan hosts .Once scanning is completed .Open host list from hosts tab .Now select the IP address of the router as target 1 and the victims IP as target 2

5. Now select mitm-arp poisoning and click ok as shown

6. Finally select start-start sniffing .Now when the victim logs into gmail he will be using HTTP and not HTTPS Hence we are able to get the User id ,passwords as shown below

Counter measures:

1. whenever you perform an online transaction such as Credit card payment, Bank login or Email login always ensure that you Use HTTPS

2. Always check the SSL certificate before doing an online transaction

About The Author

This article is writen by John Jeffery, He is the owner of Hackholic where he writes security related stuffs, If you are interested in writting a guest post on RHA, Kindly read the guidelines here

Read More

How to Crack Windows Administrator Passwords

Some times it necessary to know admin passwords in schools ,collages to log in with admin privileges to do various things

There are many way to crack passwords. But in this tutorial I will explain a very basic method using a single tool to crack windows password . This might come handy in places like schools ,collages where you cant use your live Linux cds , usb ..etc because your being watched

Things we need :

1. Pwdump or Fgdump to extract password hashes

In this tutorial I will be using Pwdump

Extracting Password hashes :-

1. Open My computer and go to C:\Windows\system32 . now place the Pwdump file which we download earlier

2. Now open command prompt and navigate to C:\Windows\system32 \Pwdump

Using cd command and click enter

Example :-

Cd C:\Windows\system32 \Pwdump


3. Now you can see a list of Pwdump commands as shown

4. Now enter pwdump - localhost >>“ destination of output file “ (for 32 computers) and pwdump -x localhost >> “destination out put file “(for 64 bit computers )


Example :-

Cd C:\Windows\system32 \Pwdump localhost >> C:\hashes.txt

Cd C:\Windows\system32 \Pwdump -x localhost >> C:\hashes.txt

5. Now open  the Out put  file  you can see the names of the different  users with password hashes Now copy the hashes  corresponding to the admin account

Cracking The Hashes

Considering that we are in school/collage were we cant use tools to crack passwords so as an alternative we are using online password cracking sites

1. Go to online password cracking sites like www.cracker.offensive-security.com , www.onlinehashcrack.com and paste the hash select hash type as LM and click decode

2.By this way we are able to crack windows password using a single tool

Note:- If your not able to crack password hashes online use tools like john the ripper to crack password hashes . You can even copy the hashes and decoded it in your house

About The Author

This article is writen by John Jeffery, He is the owner of Hackholic where he writes security related stuffs, If you are interested in writting a guest post on RHA, Kindly read the guidelines here

Read More

SQL Injection Tutorial With Havij

According to a survey the most common technique of hacking a website is SQL Injection. SQL Injection is a technique in which hacker insert SQL codes into web Forum to get Sensitive information like (User Name , Passwords) to access the site and Deface it. The traditional SQL injection method is quite difficult, but now a days there are many tools available online through which any script kiddie can use SQL Injection to deface a webite, because of these tools websites have became more vulnerable to these types of attacks.

One of the popular tools is Havij, Havij is an advanced SQL injection tool which makes SQL Injection very easy for you, Along with SQL injection it has a built in admin page finder which makes it very effective.

Warning - This article is only for education purposes, By reading this article you agree that RHA is not responsible in any way for any kind of damage caused by the information provided in this article.

Supported Databases With Havij

• MsSQL 2000/2005 with error.

• MsSQL 2000/2005 no error union based

• MySQL union based

• MySQL Blind

• MySQL error based

• MySQL time based

• Oracle union based

• MsAccess union based

• Sybase (ASE)

Demonstration

Now i will Show you step by step the process of SQL injection.

Step1: Find SQL injection Vulnerability in tour site and insert the string (like http://www.target.com/index.asp?id=123) of it in Havij as show below.

Step3: Now click on the Analyse button as shown below.

Now if the your Server is Vulnerable the information about the target will appear and the columns will appear like shown in picture below:

Step4: Now click on the Tables button and then click Get Tables button from below column as shown below:

Step5: Now select the Tables with sensitive information and click Get Columns button.After that select the Username and Password Column to get the Username and Password and click on the Get Table button.

Countermeasures: 

Here are some of the countermeasures you can take to reduce the risk of SQL Injection

1.Renaming the admin page will make it difficult for a hacker to locate it

3.Use a Intrusion detection system and compose the signatures for popular SQL injection strings

4. One of the best method to protect your website against SQL Injection attacks is to disallow special characters in the admin form, though this will make your passwords more vulnerable to bruteforce attacks but you can implement a capcha to prevent these types of attack.

About Author: 

This article was written by Muhammad Haseeb Javed. He blogs at his blog http://www.hackthepc.blogspot.com/ , If you are are also looking forward to write a guest post on RHA, read the guidelines here

Read More

Types Of Server Sides Risks?

People require high security for internet. Most of people find it convenient to manage their bank accounts and business with the help of the internet. In such situation, the web security becomes the most important field in the network security. The interactive forms are written in HTML. Users type the information and send the request to the server to store the information by the user. 

The request launches a script on the server that processes the data supplied by the user but the result may be much unexpected which raises the need for server side security. URL Manipulation, unexpected user input, cross site scripting, buffer overflows and heap overruns are all famous known server side risks. All of these risks will be explained in this article. 

1. Conventional security

Conventionally, a firewall is placed between the web server and the internet so all the HTTP traffic reaching the web server will be secured. The firewall will allow only that traffic to the web server which fulfills all the requirements of the firewall. In this way, the web server can be saved from attacks to a great extent. 

2. URL Manipulation

In URL manipulation, some parameters of URL are changed to get different results. The user id present in the URL can be manipulated to get the access of the account of any other user. If * is placed at the place of user id, one can get the list of all the members listed in the data base. Input of any user can be accessed and manipulated present on the page which is the great threat to security and privacy. If there’s a site about Medifast and Nutrisystem coupons containing personal details of different users, then you can manipulate the URL to access personal details of other users.

3.  Unexpected User Input

When the server gets the unexpected user input, crashing of the server is the best reaction. Otherwise it will provide the control of the server to the attacker. The attacker may then use the server for whatever he wants to do. He can corrupt your database, download complete database and delete your database. If you don’t have a backup, what are you going to do?

4. Cross site scripting

In cross site scripting, attackers place malicious script on the trusted host’s end. The user may download that malicious script from the trusted host without realizing that this code is dangerous for the security. Sometimes, the server displays error page but due to malicious code, it may appear as a normal login page to the user. The user will enter the required information which can be misused as it will be sent to the attacker.

5. Buffer Overflow

The attackers may launch the attacks which results in access violation, instability and code injection. It may destruct the data stored in the database, causes the malfunctioning of software and many other destructive actions could be performed.

But what’s the solution then? You need to consider a few points to overcome the server side risks. Cryptography should be used to send the whole data in the query string. On the server side, the user input should be filtered and all the characters which are used in the scripting language should be removed.

About The Author

This article is written by Saksham, he loves loves to write on health and related topics. He writes a blog on diet and weight loss program sites that offer coupon code for Medfast and coupons for Nutrisystem meals.

Read More

Auditing Weak User Accounts On UNIX System

Whenever we talk about auditing weak user accounts on UNIX or UNIX like systems the very first thought that comes to mind is using John The Ripper or L0phtCrack to audit weak passwords.
This is very big misconception among most of the people that weak user accounts only means accounts with weak passwords.
A normal user account isn't that normal if you haven't edited any of the permissions for it. So lets see how many abnormal tasks a normal user can perform if his account is not properly audited. Lets start with creation of user account.
Usually we type following command to create a normal user in UNIX or UNIX like systems.

[root@localhost~]#useradd newuser
[root@localhost~]#passwd newuser

Now what's the problem with this user creation method.

Problem number 1: This user is not member of any group.
Problem number 2: This user will have his own folder in /home directory.

If a user is in shared network environment then it is mandatory that user must be a member of some group and he/she must not have primary group of his own. By creating user by above method you have given him two powers, power to own his own group and next power of having a separate folder. Here's how you should add a user to avoid above problems.

[root@localhost~]# useradd -d /home/group_name -g group_name newuser
[root@localhost~]#passwd newuser

-d: will set default folder for user to /home/group_name
-g: will add user to group_name as primary group member

Now what might be the scope of the user we created about using and accessing disk space and memory? The answer is unlimited. That means newuser can create as many files and folders he/she wants ultimately covering up all disk-space or alternatively he/she can write or run a program that consumes lot of memory, that means if he writes and executes a program which recursively increases its stack or just able to smash its own stack then a normal user can make complete system to crash down and stand still.
And his rights to access any folder can help him hide a script or program that he/she can use to escalate privileges later to become super user without anyone noticing it.

Above problems can be solved by activating disk quota on system. According to the UNIX or Linux system you are using refer its manual to see how to activate disk quota. Once activated you can set disk quota by typing following commands,

[root@localhost~]#set quota -u newuser abc / 8000 10000 400 500

The above command will set 10000 bytes for newuser in ' / ' partition and he/she will be warned if his/her disk usage goes above 8000 bytes. At maximum he/she can create 500 files with warning on 400th file. You can replace ' / ' with directory name where you want to restrict the user.
The next problem is how to restrict user's power to use unlimited memory access? To set restrictions open “/etc/security/limits.conf” file in VI editor or any familiar editor to you. The syntax of file is quite explanatory and will differ according to the version and base kernel of your system.

Last thing that is problematic is life of account. To check it out type following command,

[root@localhost~]#chage -l newuser

Now have a look on output you'll find account expires never, password expires never, days to change password 99999. Believe it or not this is default user account setting in every UNIX and Linux system. If you are smart enough then you can easily figure out how fatal this kind of account can prove to your system if this information is not changed. To change account permissions type

[root@localhost~]change newuser


and set permissions.

There are several steps involved in auditing a UNIX or UNIX like system depending for what system is configured but auditing weak user accounts for their permissions and passwords is common task in all no matter what your motive is. I know an experienced UNIX administrator will find this article is of little help whereas new administrators will find it useful. Anyways I hope RHA readers like this post, thanks for reading, happy hacking.

About The Author

This Article is written by Nrupen Masram, Nrupen is admin of DEVIL'S BLOG ON SECURITY and this is his very first guest post on RHA. If you are are also looking forward to write a guest post on RHA, Read the guidelines here

Read More