Hacking is an attempt to misuse a computer or private system/network. It is an unauthorised access to get control over other computer network security systems for illegal usage. The person who is engaged in these hacking activities is referred as a hacker. It is finding a weakness in computer network or system and gaining access to the particular network which leads to misuse of personal data.
A person has to be highly intelligent and skilled in computer languages to be …
How to unlock any IPHONE in 2 minutes…!!!
Lock the screen.
Scroll down the task menu above and don’t remove your finger.
Scroll it 1 cm up and you can see the slide option under it.
Now slide it and press the lock button.
IPHONE is unlocked
Hack IPHONE with SIRI…!!!
Try typing the password and it says wrong.
Then hold the back button and say “Hey SIRI, what’s the time?”
Click on “time”.
Click on …
Ransomeware a type of malicious software designed to block access to a computer system until a sum of money is paid.
Ransomeware virus “Wannacry” plagues 100k computers across 99 countries and Russia the highest.
75k computers were targeted across 99 countries. This attack effects computer ant then demands Bitcoins in return. This attack started at 8AM, Friday, 12th May 2017. It quickly got escalated into massive global spreading. Wannacry attack was specially designed to hit on machines with WINDOWS XP …
A Distributed network attack (DNA) technique is used to recover protected-passwords files using the unused processing power of machine across the network to decrypt passwords.
In this attack, a DNA manager is installed in a central location where machines running DNA clients can access it over the network.
Lets see a sample demo how this distributed network attack works.
Download & install EDPR Server in main system.
Download & install EDPR agents in clients machine.
STEP : 1
The lab I am going setup it looks some what like this:
Here pfsense is both firewall and router. So that I can setup both internal and external pentesting lab.
PfSense (Download Link: https://www.pfsense.org/download/ )
What is pfSense firewall?
pfSense is an open source firewall/router computer software distribution based on FreeBSD. It is installed on a computer to make a dedicated firewall/router for a network and is noted …
SQL injection is a technique where malicious users can inject SQL commands into an SQL statement, via web page input.
Injected SQL commands can alter SQL statement and compromise the security of a web application.
SQL Injection Based on logical true conditions.
These attacks are possible only when the application executes dynamic SQL statements and procedures with arguments based on user input.
The escape characters are used to perform SQL injection attacks.
SQL Injection Attack Defensive …Continue Reading
What is NFS?
The NFS (Network File System) is a client/server application that lets a computer user view and optionally store and update file on a remote computer. The user system needs to have an NFS client and the other computer needs the NFS server. In single sentence NFS is a another way to sharing files across a network
NFS was developed by the Sun Microsystems and has been designated as a file server standard. Its protocols use the …
Now a day’s Cloud computing is emerging field because of its Performance, high availability, at low cost.
Cloud:Cloud is kind of Centralized database where many organizations store their data, retrieve data and possibly modify data. It will be present in the remote location. Cloud can provide services over the network.
Ex: WAN, LAN and VPN.
In the cloud many Services are provided to the client by cloud. Data store is main future that cloud service provides to the big organization …
What is Netstat??
Netstat (Network Statistics) is a command line tool that displays network connections for the Transmission control protocol (both incoming and outgoing), routing tables, and a number of network interface (network interface controller or software defined network interface) and network protocol statistics.
It is available on multiple platforms. But let us concentrate on how we can use it in windows Operating System.
Wi-Fi is a wireless networking technology that allows computers and other devices to communicate over a wireless signal. It describes network components that are based on one of the 802.11 standards developed by the IEEE and adopted by the Wi-Fi Alliance.
#802.11a – Supports a maximum theoretical bandwidth of 54Mbps
#802.11b – Support a theoretical maximum data rate of …
IPv4 addressing scheme has some major limitations and they are:
• Limited space and The IPv4 specifies a 32 bits (4,294,967,296 possible addressable nodes) address field and these address field is rapidly running out.
• Lack of security
To overcome the above limitations they implemented the IPv6 and the IPv6 specifies a 128 bits (~3.4*1038 possible addressable nodes) and this IPv6 provides a large space when compared to IPv4 and the requirement of large space is because the global network in …
What is Steganography?
Steganography is the art or practice of concealing a file, message, image, or video within another file, message, image, or video.
The word steganography combines the Ancient Greek words
steganos – meaning “covered, concealed, or protected”, and
graphein – meaning “writing”.
Motivation And Goal:
• Protection of Digital Media
• Privacy of information transmitted across world wide web
• To make transmitted information invisible by embedding the information in a cover media
• Try to enhance the …
Volatile Information can disappear or be easily modified. It retains its contents while powered on but when the power is interrupted the stored data is immediately lost.
I mentioned below few ways to get the volatile Information from windows.
1.To get history of commands used on the computer.
DOSKEY is a utility for DOS and Microsoft Windows that adds command history.
2. To get the current uptime and system events and statistics of the local or remote system.
Hi friends!!Hope you all are doing well 🙂 We are searching for accessing Backtrack in windows,then we gone through the web to find the same, (of course we struggled a lot to get the solution and even we spent couple of hours as well!!) and finally we came up with the solution…
1. Open Backtrack and enter command as sshd-generate
2. To start the SSH service, type command as /etc/init.d/ssh start
3. Open Putty and enter BackTrack …Continue Reading
Netcat(nc) is helpful to open TCP connections, send UDP packets, listen on arbitrary TCP and UDP ports, scanning of ports .This part of the blog is dedicated to Linux and Unix-like commands that can be used from Information Security Administrators and Penetration Testers.
1.To Bind Shell:
nc –lvp -e – Running in windows box
nc–v – Run in Linux/Unix-like box
-> Launching a listening shell in windows
-> Binding from linux
Launching a listening shell in Linux/Unix-like and …Continue Reading
What is Firewall…?
Firewall is a device or software that acts as a filter and analyses the incoming and outgoing traffic (packets).
Firewall is used to block the malicious traffic which is coming into the network; actually firewall is to safeguard the internal network from external malicious traffic.
It helps to screen out malicious users, viruses and worms. It can also log the incoming and outgoing traffic.
Where to implement Firewall..?
Basically firewall is used to block the …
Netcat is a network communication utility used to read and write information using TCP or UDP protocols. Netcat is a powerful utility; which Read and Write data across TCP and UDP networkConnections. It can be used for port scanning, a backdoor, a port listener, banner grabbing and it is used for many other purposes liketransferring files and for funny stuffs like chatting etc..,
Netcat is by default installed in Backtrack but where as in windows we have to manually …
Cryptography is the process of converting recognizable data into an unreadable code and then decrypting it and sent across a network (either trusted or untrusted). Data is encrypted at the source, i.e. sender’s end and decrypted at the destination, i.e. receiver’s end.
In all cases, the initial unencrypted data is referred to as plain text as shown below. It is encrypted into cipher text, which will in turn be decrypted into usable plaintext using different encryption algorithms.
Cryptography is …Continue Reading
Providing security is the very important thing in today’s real world. Because many popular protocols deployed in the Internet today are designed in the earlier stages, so Security, Data confidentiality, Integrity, Encryptions and Data transmissions arethe biggest issues.
Example HTTP, SSH, telnet and FTP, These protocols are not secure because they are cleartext protocol; these were completely replaced by sophisticated protocols like POP3 over SSL/TLS, SMTPS, telnet over SSL/TLS and FTPS. But large companies they were already implemented and using …
Every device in a network will be identified by the IP – Address assigned to it. Manual allocation of IP – Addresses for the devices connected in large networks will not be that much easy to the network administrators and results to the IP – CONFLICTS. In addition to this, a track has to be kept for the assigned IP – Addresses to avoid these conflicts.
This problem will increase with the increase in the number of devices connected …Continue Reading
DHCP: It is a networking protocol that is used for dynamically assigning IP addresses to interfaces and services. It uses port no. 67. Each machine that connects to the internet requires a unique IP address which is assigned by dhcp server. Without dhcp the ip address must be entered manually in each computer.
dhclient: dhclient is the Linux command, which will provide the ip address to the device which is to be connecting to the network from the dhcp.
What is Regshot….?
The Registry Shot simply Regshot is one of the Windows process utility tools available in the Sysinternals website which is used to take a snapshot (not a picture), a copy of the system registry information and compare it with another snapshot of the system registry after some changes have been made to the computer.
What is System Registry….?
System Registry is just like a database in which the Operating System (OS) uses to store the information …
Hi Friends !!! , when I am solving small challenge I faced the problem like how to do a ping sweep using nc(netcat) .Then I got the simple solution as shown below,
1.Write a small shell script.
For i specify the range like 107-115. And specify any port ,here I specified 443.
2.Run the script, you will get result like below.
If host is UP , u will get either connection refused or open. If host is …
SMTP means SIMPLE MAIL TRANSFER PROTOCOL. SMTP is a TCP protocol and it uses the port number 25 by default.SMTP is used to transfer the mails from one user to another user or multiple users.SMTP is a connection- oriented; text- based protocol, because a mail sender communicates with the mail receiver by issuing command strings and supplying necessary data over a reliable ordered data stream channel by using Transmission Control Protocol (TCP) connection. SMTP session consists of commands originated by …Continue Reading
The Network Time Protocol is a protocol that is used to synchronize the computer clock time in network of computers. The port number for NTP is 123 and it is udp protocol.
NTP uses the Coordinate Universal Time (UTC), to synchronize the computer clock times to milliseconds
and sometimes fraction of milliseconds.
UTC is obtained by several methods like radio and satellite systems.
Andspecial receivers are available for high level services such as Global Positioning System (GPS).
DNS means Domain Name System, is a hierarchical distributed naming system for computers, services, or any resource connected to the internet or a private network.
The DNS converts the hostnames to the IP addresses and vice-versa.
The DNS can be quickly updated, allowing a service’s location on the network to change without affecting the end users.
The DNS distributes the responsibility of assigning domain names mapping those names IP addresses by designating authoritative name servers for …Continue Reading
Spoofing means replacing the original information with the fake information. DNS Spoofing: Normally if the users requestanything, first I will go to the DNS server then the user get response back.
DNS Spoofing is one type of the man-in-the-middle attack; it forces the victim to go to the fake website.
In DNS Spoofing if the users request anything it will go the DNS server, the DNS server search in DNS cache memory the corresponding address is there …
Proper authentication and session management is critical to web application security.
Flaws in this area most frequently involve the failure to protect credentials and session tokens through their lifecycle. These flaws can lead to the hijacking of user or administrative accounts, undermine authorization and accountability controls, and cause privacy violations.
What isBroken Authentication and Session Management?
Application functions related to authentication and session management are often not implemented correctly, allowing attackers to compromise passwords, keys, or session tokens, …
Top Ten Mobile Application vulnerabilities are
Insecure Data Storage
Weak Server Side Control
Insufficient Transport Layer protection
Client Side Injection
Poor Authorization and Authentication
Improper Session Handling
Security Decisions via untrusted Inputs
Side Channel Leakage
Sensitive Information Disclosure
Insecure Data Storage:
when the developer assume that users wont access the file system and he will store the files in the external storage like sdcard, app memory. But, malicious users do rooting to …Continue Reading
Unvalidated redirects and forwards is defined as a web application accepts untrusted input that could cause the web application to redirect the request to untrusted website.
By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
Web applications frequently redirect and forward users to other pages and websites, and use untrusted data to determine the destination pages.
Without proper validation, attackers can redirect victims to phishing or malware sites, …
A CSRF attack forces a logged-on victim’s browser to send a forged HTTP request, including the victim’s session cookie and any other automatically included authentication information, to a vulnerable web application. This allows the attacker to force the victim’s browser to generate requests the vulnerable application thinks are legitimate requests from the victim.
In this case the server trusts the user whatever the request is coming that is from the authenticated user.
It is nothing but changing the …
Virtually all web applications verify function level access rights before making that functionality visible in the UI. However, applications need to perform the same access control checks on the server when each function is accessed. If requests are not verified, attackers will be able to forge requests in order to access unauthorized functionality.
And that means an attacker can simply forge the required HTTP requests needed to invoke them. The new OWASP Top Ten expands this category and provides developers …
An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page.
According to …
We need to have ability to produce errors in a controlled way i.e, we have to write our own query in such a way that it has to dump some sensitive information in the form of sql error from the backend when we perform injection.
We can call it as sub query injection and error based blind sql injection.
It seems similar to error based sql injection but in case of error based sql injection we are dumping the information …
What are web services?
Web service is application logic.
Web service is way of establishing communication between two applications or two software’s.
Web services are platform independent.
HTTP and XML is the basis for Web services.
Consider below example,
Here Sample.com is Business application and sample1.com is Bank application, hence sample.com needs the SERVICES from bank, so it is using the services provided by sample1.com. This is how communication is established between two applications. Therefore …
1. Read access:
Here we can use any sql injection technique to load the file from the file system using load_file ().
Step1: create any table or use any existing table
In the above query blob is sql data type, blob means binary large object, here we are using this data type because we accessing binary files and we are storing that files in the table for this length should be more
By default length of the blob is …
XML is an open standard format for exchanging information. Structure of the xml document can be specified using DTD (Document Type Definition).DTD supports entities
What is Entity?
To represent any value that will come several times in the xml structure we will use entities.
Entities are of two types
1. Internalentities: Data will be available within the xml document. Example: ]> Here in DTD we declared one entity called name that is internal entity why because if we are using …
It is worth pointing out yet another time that few filtering Technique can’t protect a vulnerable application against SQL injection. In most of the situation, a SQL vulnerable application implement various input filters but all the filters can be by passed and sql injection can be performed.
Understanding of background query and database type is very important to perform sql injection.
Fingerprinting the Database:-
MySQL: ‘Triad’ ‘square’(Remember the space)
Oracle : ‘Triad’||’square’
But this is only for the …
Most of the time xss vulnerability misunderstood by the security researcher even ignored saying it has no or less impact. But all the credit behind writing this blog goes to sqli, while discovering sqli I found this xss flaw in that particular website which even can leads to system compromise if the browser or any of its component s are vulnerable.
For exploiting this vulnerabilities I used metasploit-framework and The Cross-Site Scripting Framework which is a security tool designed to …
WhatsApp is application used to send messages globally for free. It is very popular because we can communicate with each other across the multiple mobile platforms. If you are using the WhatsApp application all your data is stored in your mobile device. So if you delete the chat also we can still recover data from its backup file. You can decrypt the db file and read the data in a single file.Continue Reading
1. Make sure that adb path is set or not.
How to check path is set or not.
i). Open the command prompt and type the adb
Above screen shows that it is not recognized as an internal or external command. Set the path in environmental variables Go to My computer -> properties -> Advanced System settings -> Environmental variables -> System Variables -> Edit path -> give ;C:adt-bundle-windows-x86_64-20130729sdkplatform-tools -> OK -> OK -> OK.
The term “root” comes from the linux and is used to describe a user who has “super user” permissions to all the files and programs in the OS. If your Android device is not rooted then you won’t have permissions to excute any files in the OS. You may get an error as “access denied “. So it is very important to root your device.
There are different types of prompts in linux:
Once you rooted your device you will …
Android is a most popular mobile platform. Many organizations are using their own applications for android. Similar to web applications android applications also requires penetration testing.
Forward Engineering in the android is the process of converting source code to a machine code.
Source code -> Javac -> classes.dex
Reverse Engineering in the android is the process of converting machine code to a source code.
Classes.dex -> jar -> source code
After Reverse Engineering an apk file we can do …
Skype is a free Instant messenger and video chat. It is very popular tool because we can call to any person and chat with them anywhere in the world. Most of the smart phone users are installed the Skype in their mobile devices. Through that they can communicate with their friends, relatives and working professionals. Whoever communicating through skype all their data stored in the mobile device application memory. So there is no security to your chating messages. Once any …Continue Reading
Thick client or fat client or Heavy weight application is a client in client-server architecture. This is completely independent on the server. Most of the process is done by client application. Thick client application is application it needs to install on the client side machine. It interacts with the server for a periodic connection.
Whereas thin client application is a web-based application to interact with that application we need to contact with server directly. Every process will take care by …
LinkedIn is a business-oriented social networking service. It is mainly used for professional networking. LinkedIn is a directory of professionals and companies. Individuals and companies use LinkedIn for networking, job searching, hiring, company research, and connecting with affiliates, including alumni, industry, and a variety of other business related groups.
Do you really think LinkedIn safe? The Answer is No, because an attacker can see your profile and he can modify the profile. Let’s go to the practical demo. Just you …
It is an application level vulnerability that the attacker can perform variety of malicious activities.
Mainly this vulnerability happens that the application session variable is using more than one purpose, so this is called session variable overloading or session puzzling.
This attack is to access application entry points. While exploiting session puzzles, the session objects creation can be indirectly initiated, and later exploited, by accessing anentry points such as web services, webpages, remote procedure calls, etc.
Session puzzle enables the …
This Blog demonstrates the recently discovered ShellShock Vulnerability (CVE-2014-6271).
GNU Bash Remote Code Execution Vulnerability in Unix/Linux Environment – Which allows an attacker to gain control over a target computer if exploited successfully. This demonstration is successfully exploited by using Kali Linux.
1. Click on apps which are asking for password.
2. Go to the applock and press menu button.
3. Click on Edit menu and then delete the application.
4. Now click on apps which were asking for password.
Go to Settings -> applications -> click on Applock -> forcestop.
1. Download proxydroid application from Google Play Store and install it.Continue Reading