Hacking Articles

Hack a Website using Directory Transversal Attack

shehab3451 — Tue, 13 Dec 2011 13:41:52 GMT

What is root directory of web server ?

It is a specific directory on server in which the web contents are placed and can be seen by website visitors. The directories other that root may contain any sensitive data which administrator do not want visitors to see. Everything accessible by visitor on a website is placed in root directory. The visitor can not step out of root directory.

what does ../ or ..\ (dot dot slash) mean ?

The ..\ instructs the system to go one directory up. For example, we are at this location C:\xx\yy\zz. On typing ..\ , we would reach at C:\xx\yy.

Again on typing ..\ , we would rech at C:\xx .

Lets again go at location C:\xx\yy\zz. Now suppose we want to access a text file abc.txt placed in folder xx. We can type ..\..\abc.txt . Typing ..\ two times would take us two directories up (that is to directory xx) where abc.txt is placed.

Note : Its ..\ on windows and ../ on UNIX like operating syatem.

What is Directory Transversel attack?

Directory Traversal is an HTTP exploit which allows attackers to access restricted directories and execute commands outside of the web server's root directory.

The goal of this attack is to access sensitive files placed on web server by stepping out of the root directory using dot dot slash .

The following example will make clear everything

Visit this website vulnerable to directory transversal attack

http://www.chitkara.edu.in/chitkara/chitkarauniversity.php?page=notification.php

This webserver is running on UNIX like operating system. There is a directory 'etc' on unix/linux which contains configration files of programs that run on system. Some of the files are passwd,shadow,profile,sbin placed in 'etc' directory.

The file etc/passwd contain the login names of users and even passwords too.

Lets try to access this file on webserver by stepping out of the root directory. Carefully See the position of directories placed on the webserver.

We do not know the actual names and contents of directories except 'etc' which is default name , So I have
marked them as A,B,C,E or whatever.

We are in directory in F accessing the webpages of website.

Lets type this in URL field and press enter

http://www.chitkara.edu.in/chitkara/chitkarauniversity.php?page=etc/passwd

This will search the directory 'etc' in F. But obviously, there is nothing like this in F, so it will return nothing

Now type

http://www.chitkara.edu.in/chitkara/chitkarauniversity.php?page=../etc/passwd

Now this will step up one directory (to directory E ) and look for 'etc' but again it will return nothing.

Now type

http://www.chitkara.edu.in/chitkara/chitkarauniversity.php?page=../../etc/passwd

Now this will step up two directories (to directory D ) and look for 'etc' but again it will return nothing.

So by proceeding like this, we we go for this URL

http://www.chitkara.edu.in/chitkara/chitkarauniversity.php?page=../../../../../etc/passwd

It takes us 5 directories up to the main drive and then to 'etc' directory and show us contents of 'passwd' file.
To understand the contents of 'passwd' file, visit http://www.cyberciti.biz/faq/understanding-etcpasswd-file-format

You can also view etc/profile ,etc/services and many others files like backup files which may contain sensitive data. Some files like etc/shadow may be not be accessible because they are accesible only by privileged users.

Note- If proc/self/environ would be accessible, you might upload a shell on server which is called as Local File Inclusion.

For twitter users: How to Put the New New Twitter Content Pane Back on the Left

kzshantonu — Mon, 12 Dec 2011 18:39:18 GMT

If you’ve managed to get access to the newest version of the Twitter web site, also known as #NewNewTwitter, you might have noticed that the content is now on the right-hand side, which just feels unnatural. Here’s how to fix it in Chrome or Firefox.

It’s pretty simple—all you need to do is install a quick user script. Chrome users can simply click the link, but Firefox users will need to install the Greasemonkey extension first. Internet Explorer users… well, you’re out of luck.

Disclaimer: This is a simple script and shouldn’t break your browser, but if it does, it’s not my fault. If you want to uninstall the user script, you’ll want to open up Tools –> Extensions and you can disable it from there. Note: user scripts break all the time when the original site is updated. This one is pretty simple, but if you are reading this next year, it probably won’t work.

Install the Fix Twitter: Move Content Pane Left user script (view source)

Hackers hate ads, don't they?

kzshantonu — Mon, 12 Dec 2011 18:34:13 GMT

Ads are annoying and sometimes flashy animations and images that provide publicity for a product, service, or company. Many users find ads annoying on websites. Some ads even harm your computer by installing small programs that monitor your computer. To prevent this some users choose to block ads. With Mozilla Firefox and an add-on named Adblock Plus you can do it easily. Adblock Plus even blocks the occasional pop-up ad that gets past the Firefox built in blocker.

Adblock Plus for chrome, firefox, thunderbird can be downloaded from here

Enjoy an ad-free 'hacker-type' web browsing experience!

Find Vulnerabilities in PHP Applications --> PHP Vulnerability Hunter

shehab3451 — Fri, 25 Nov 2011 09:01:00 GMT

PHP Vulnerability Hunter is an advanced automated whitebox fuzz testing tool that can elicit a wide range of exploitable faults in PHP web applications. Since most of the webapplications now a days are on PHP, therefore PHP applications have been one of the major target of hackers, PHP Vulnerability scanner is the same tool that helped detect most of the web application vulnerabilities listed on the advisories page.

Like all the best tools in the world, this also needs little or no configuration at all, and doesn't require a user specified starting URI. So, you can begin scanning as soon as you download and install this software.

The tool itself runs on a pretty basic mechanism. At the core of the PHP Vulnerability Hunter scan algorithm is dynamic program analysis. It analyzes the program as it’s running to get a clear view of all input vectors ergo better code coverage leading to greater confidence in code security.

This new version brings to us many improvements such as:

Added code coverage report
Updated GUI validation
Several instrumentation fixes
Fixed lingering connection issue
Fixed GUI and report viewer crashes related to working directory

And its key features include:

Automated input vector discovery
Integrate fault detection
Minimal configuration
Proven effective.

Download PHP Vulnerability v1.1.4.6

Wireless Hacking

shehab3451 — Mon, 17 Oct 2011 13:36:51 GMT

Wireless networks broadcast their packets using radio frequency or optical wavelengths. A modern laptop computer can listen in. Worse, an attacker can manufacture new packets on the fly and persuade wireless stations to accept his packets as legitimate.
The step by step procerdure in wireless hacking can be explained with help of different topics as follows:-

1) Stations and Access Points :- A wireless network interface card (adapter) is a device, called a station, providing the network physical layer over a radio link to another station.
An access point (AP) is a station that provides frame distribution service to stations associated with it.
The AP itself is typically connected by wire to a LAN. Each AP has a 0 to 32 byte long Service Set Identifier (SSID) that is also commonly called a network name. The SSID is used to segment the airwaves for usage.

2) Channels :- The stations communicate with each other using radio frequencies between 2.4 GHz and 2.5 GHz. Neighboring channels are only 5 MHz apart. Two wireless networks using neighboring channels may interfere with each other.

3) Wired Equivalent Privacy (WEP) :- It is a shared-secret key encryption system used to encrypt packets transmitted between a station and an AP. The WEP algorithm is intended to protect wireless communication from eavesdropping. A secondary function of WEP is to prevent unauthorized access to a wireless network. WEP encrypts the payload of data packets. Management and control frames are always transmitted in the clear. WEP uses the RC4 encryption algorithm.

4) Wireless Network Sniffing :- Sniffing is eavesdropping on the network. A (packet) sniffer is a program that intercepts and decodes network traffic broadcast through a medium. It is easier to sniff wireless networks than wired ones. Sniffing can also help find the easy kill as in scanning for open access points that allow anyone to connect, or capturing the passwords used in a connection session that does not even use WEP, or in telnet, rlogin and ftp connections.

5 ) Passive Scanning :- Scanning is the act of sniffing by tuning to various radio channels of the devices. A passive network scanner instructs the wireless card to listen to each channel for a few messages. This does not reveal the presence of the scanner. An attacker can passively scan without transmitting at all.

6) Detection of SSID :- The attacker can discover the SSID of a network usually by passive scanning because the SSID occurs in the following frame types: Beacon, Probe Requests, Probe Responses, Association Requests, and Reassociation Requests. Recall that management frames are always in the clear, even when WEP is enabled.
When the above methods fail, SSID discovery is done by active scanning

7) Collecting the MAC Addresses :- The attacker gathers legitimate MAC addresses for use later in constructing spoofed frames. The source and destination MAC addresses are always in the clear in all the frames.

8) Collecting the Frames for Cracking WEP :- The goal of an attacker is to discover the WEP shared-secret key. The attacker sniffs a large number of frames An example of a WEP cracking tool is AirSnort ( http://airsnort.shmoo.com ).

9) Detection of the Sniffers :- Detecting the presence of a wireless sniffer, who remains radio-silent, through network security measures is virtually impossible. Once the attacker begins probing (i.e., by injecting packets), the presence and the coordinates of the wireless device can be detected.

10) Wireless Spoofing :- There are well-known attack techniques known as spoofing in both wired and wireless networks. The attacker constructs frames by filling selected fields that contain addresses or identifiers with legitimate looking but non-existent values, or with values that belong to others. The attacker would have collected these legitimate values through sniffing.

11) MAC Address Spoofing :- The attacker generally desires to be hidden. But the probing activity injects frames that are observable by system administrators. The attacker fills the Sender MAC Address field of the injected frames with a spoofed value so that his equipment is not identified.

12) IP spoofing :- Replacing the true IP address of the sender (or, in rare cases, the destination) with a different address is known as IP spoofing. This is a necessary operation in many attacks.

13) Frame Spoofing :- The attacker will inject frames that are valid but whose content is carefully spoofed.

14) Wireless Network Probing :- The attacker then sends artificially constructed packets to a target that trigger useful responses. This activity is known as probing or active scanning.

15) AP Weaknesses :- APs have weaknesses that are both due to design mistakes and user interfaces

16) Trojan AP :- An attacker sets up an AP so that the targeted station receives a stronger signal from it than what it receives from a legitimate AP.

17) Denial of Service :- A denial of service (DoS) occurs when a system is not providing services to authorized clients because of resource exhaustion by unauthorized clients. In wireless networks, DoS attacks are difficult to prevent, difficult to stop. An on-going attack and the victim and its clients may not even detect the attacks. The duration of such DoS may range from milliseconds to hours. A DoS attack against an individual station enables session hijacking.

18) Jamming the Air Waves :- A number of consumer appliances such as microwave ovens, baby monitors, and cordless phones operate on the unregulated 2.4GHz radio frequency. An attacker can unleash large amounts of noise using these devices and jam the airwaves so that the signal to noise drops so low, that the wireless LAN ceases to function.

19) War Driving :- Equipped with wireless devices and related tools, and driving around in a vehicle or parking at interesting places with a goal of discovering easy-to-get-into wireless networks is known as war driving. War-drivers (http://www.wardrive.net) define war driving as "The benign act of locating and logging wireless access points while in motion.” This benign act is of course useful to the attackers.
Regardless of the protocols, wireless networks will remain potentially insecure because an attacker can listen in without gaining physical access.

Tips for Wireless Home Network Security

1) Change Default Administrator Passwords (and Usernames)
2) Turn on (Compatible) WPA / WEP Encryption
3) Change the Default SSID
4) Disable SSID Broadcast
5) Assign Static IP Addresses to Devices
6) Enable MAC Address Filtering
7) Turn Off the Network During Extended Periods of Non-Use
8) Position the Router or Access Point Safely

Doxing : The Other name For Password Hacking

shehab3451 — Tue, 20 Sep 2011 13:24:34 GMT

Doxing is the process of getting information about a person by using the resources on the Internet using other skills. Doxing derived from the word "document" which in the brief that is making "Documents" on a person or company.

There are several ways to obtain personal information online. The most popular method is through a website called Pipl. Pipl allows you to search the full name, email, user name and even a phone number though. So that makes Pipl become a very useful tool for hackers.

Another source hackers can be used is through social networking site Facebook. But most hackers do not use Facebook to search for the name, they just use it to search their email address, since names are often in short or fake.

Doxing main objective is to find the email address of the target. Because, Email basically serves as a passport when registering at a website. There is personal information in it, and if someone has access to the email, they can pretend to be the owner of an online email.

If a hacker can see the accounts up, or he may find a few other bits of personal information using Pipl, he can do what is called the recovery account username and password that is returned by answering some questions that the proposed e-mail provider.

This method is more effective than we imagine, especially for those who rarely update the username and password. Doxers tend to spend a few moments of time on the web for information they can use.

This method can work effectively Doxing purely based on the ability of hackers to recognize the valuable information about the target and use this information to his interests. It is also based on the idea that, "The more you know about your target, the easier it will find shortcomings." Then how do you ensure that you will not be in Doxed?

Nokia Cable Drivers

shehab3451 — Tue, 20 Sep 2011 13:01:23 GMT

When installing USB Nokia cable driver, some users have trouble finding the right driver for cell phone type. Various output drivers in the trial, but to no avail and the phone still can not connect to the computer.

Driver Nokia Connectivity Cable Rel 6824 is perhaps appropriate to the type of your Nokia mobile phone USB. In several trials, the drive type is always compatible with any mobile phone type.

To Install are:
1. Unplug your phone and remove the cable driver and PC Suite Nokia phones are already installed on your computer through the Uninstall or also via the Control Panel -> Add Remove Programs.

2. Once the process is complete, download drivers Nokia here.

3. Install Driver has been downloaded earlier, and then re-install PC Suite.

4. Mobile Cable Install. Finish!

Make Flash Drive Virus Immune

shehab3451 — Tue, 20 Sep 2011 12:59:06 GMT

lash drive is currently a manual storage media are most effective. So do not be surprised if the flash drive is also a most effective medium for distributing viruses as well. Here's how to flash drives become immune to the virus.

1. Format the flash drive.

2. Create a folder in your flash drive, and give "autorun.inf" Name (without the quotes).

3. Go into the folder you just created and make a notepad document therein. Right click, select NEW> TEXT DOCUMENT. Give any name for the file you just created. This name will we replace with some special characters.

4. Then, we will open Character Map program that is in START> ALL PROGRAMS> ACCESORIES> SYSTEM TOOLS> CHARACTER MAP.

5. Select an existing font like Arial unicode, Unicode or Lucida Sans Unicode. Scroll down until you see the letters of the Japanese, Korean, Chinese, or other strange characters.

6. Select 4 or 5 characters that you want, then click copy.

7. Rename the text file that you created in step 2 above. Right-click on the file, select rename, then press [CTRL] + [V]. The file name was changed. Do not be surprised if later on you will see characters such as boxes or other signs.

8. Change the attributes of a super hidden autorun.inf folder. Open a command prompt, then enter the drive where you saved the flash drive. After that, type attrib + s + h autorun.inf.

The steps above is in the logic underlying that Windows can not read the two files with the same name. Because in our existing flash drive autorun.inf name, another file can not enter, so the virus could not use the name autorun.inf

How Hackers Hack

shehab3451 — Tue, 20 Sep 2011 12:16:06 GMT

With the click of a mouse on one computer, the screen of the laptop a few feet away flashes wildly as a flood of data flies silently across a private network cable connecting the two machines. Within a minute the laptop's file sharing password is compromised.

"The computer is having a bad day," says a reporter as he watches the effect of the attack on his machine. "Packets are coming at it so fast, the firewall doesn't know what to do."

Some hackers claim they can teach a monkey how to hack in a couple of hours. We asked two hackers, Syke and Optyx (at their request, we are using their hacking pseudonyms rather than their real names), to give us non-simian reporters a demonstration.

What we got was a sometimes-frightening view of how easily nearly anyone's computer--at home or at work, protected or not--can be cracked by a determined hacker. But we also found out that computer users can make a hacker's job much harder by avoiding a few common mistakes.

Syke, a 23-year-old a white Hat Hacker, and Optyx, a 19-year-old self-proclaimed Black HAt, both work in computer security (Syke, until recently, for a well-known security software vendor; Optyx for an application service provider).

They launch their attack on our notebook from desktop computers located in the windowless basement that is New Hack City, a sort of hacker research-and-development lab (and part-time party lounge).

The lab's rooms are filled with over a dozen Sun SPARC servers, assorted network hubs and mountains of ethernet cable, an arcade-size Ms. Pac Man game, and a DJ tower stocked with music-mixing equipment for all-night hacker jams.

The methods hackers use to attack your machine or network are fairly simple. A hacker scans for vulnerable systems by using a demon dialer (which will redial a number repeatedly until a connection is made) or a wardialer (an application that uses a modem to dial thousands of random phone numbers to find another modem connected to a computer).

Another approach used to target computers with persistent connections, such as DSL or cable connections, employs a scanner program that sequentially "pings" IP addresses of networked systems to see if the system is up and running.

Where can a hacker find such tools? On the Internet, of course.

Sites containing dozens of free, relatively easy-to-use hacking tools available for download are easy to find on the Net. While understanding how these tools work is not always easy, many files include homegrown documentation written in hacker shoptalk.

Among the programs available are scanning utilities that reveal the vulnerabilities on a computer or network and sniffing programs that let hackers spy on data passing between machines.

Hackers also use the Net to share lists of vulnerable IP addresses--the unique location of Internet-connected computers with unpatched security holes. Addresses of computers that have already been loaded with a Trojan horse are available for anyone to exploit (in many cases without the owner of the computer knowing).

Once the hacker finds a machine, he uses a hacker tool such as Whisker to identify in less than a second what operating system the machine is using and whether any unpatched holes exist in it. Whisker, one of a handful of legitimate tools used by system administrators to test the security of their systems, also provides a list of exploits the hacker can use to take advantage of these holes.

WAIT FOR THE NEXT PART

theregister.co.uk hacked by T.G

shehab3451 — Mon, 05 Sep 2011 08:34:10 GMT

Here is one of the most shocking news of today, One of the biggest News website Theregister.co.uk has been hacked few minutes before from Now, The website was not hacked by any traditional web application attacks like SQL Injection, Remote File Inclusion or local file inclusion, However DNS Hijacking or DNS redirection attack was used. The website was hacked by Turkguvenligi who is also known as TG hacker and is also responsible for the major website defacements in the pasts including Microsoft, Dell and other big websites.

If you would check the hackers zone-h record , You will find that this hacker only goes after major websites, It's quite sad to see that even major websites don't pay proper attention to their website security.

From the above screenshot, you can clearly see that the hacker has redirected the name servers of register.co.uk to his own name server.