Today i was reading interesting post by Zone-h.org Which says 1.5 million websites were defaced and reported on Zong-h. Most of the attacks were SQL Injections, LFI, RFI, Web Dav and misconfiguration of the web server or application itself.
The report further says, large number of attacks happened on Linux Operating System. We talk too much about Linux kernel but the first thing is code which need to be written in efficient way.
Some interesting numbers in chart is mentioned on this page too, Up to date stats
MySQL.com was compromised via amazing blind SQL injection. You can see the database, tables & users informations on full disclosure website.
Vulnerable Target : http://mysql.com/customers/view/index.html?id=1170
Host IP : 213.136.52.29
Web Server : Apache/2.2.15 (Fedora)
Powered-by : PHP/5.2.13
Injection Type : MySQL Blind
Current DB : web
The worse is they posted passwords dump and hundreds of people have already cracked it. We recommend you to change your password on urgent basis as it is the normal bad practice people use same password for all online portals e.g web mail, paypal and so on.
Nmap is open source security scanner used for network exploration. We have been using it widely on Linux and windows operating system. And now we have finally got Nmap for android. This is really great to see.
NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows. NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/reassemble transmitted files and certificates from PCAP files.
Network Miner is for those who are not much familiar with using WireShark. Network Miner made easy to sniff packets from the network and categories and sort it in different tabs so you can interesting sniffed stuff. You can also analyze pcap files which are dumped using WireShark.
Some cool features can be found :
Fully GUI application run on Windows platform.
Open source application.
Sniff User names of any mailing or social website e.g facebook,twitter,gmail and paypal so on…
All sort of cookies can be sniffed with one click.
Extraction of Facebook, Twitter, Yahoo, Windows Live(Hotmail) messages. (You don’t need password of someone to see his emails 😉 )
Network miner has recently launched payware Professional version which provide some extra features e.g reporting, geo localization, command line script support.
Although the free version is so powerful, you will love it. We have been using it for long time.
All web application security scanners report false-positives, which means they report vulnerabilities that don’t exist.
Netsparker will try lots of different things to confirm identified issues. If it can’t confirm it and if it requires manual inspection, it’ll inform you about a potential issue generally prefixed as [Possible], but if it’s confirmed, that’s it. It’s a vulnerability. You can trust it.
Netsparker confirms vulnerabilities by exploiting them in a safe manner. If a vulnerability is successfully exploited it can’t be a false-positive. Exploitation is carried out in a non-destructive way.
Technical Details
When Netsparker identifies an SQL Injection, it can identify how to exploit it automatically and extract the version information from the application. When the version is successfully extracted Netsparker will report the issue as confirmed so that you can make sure that the issue is not a false-positive.
Same applies to other vulnerabilities such as XSS (Cross-site Scripting) where Netsparker loads the injection in an actual browser and observes the execution of JavaScript to confirm that the injection will actually get executed in the browser.
Some of great features supported by Netsparker
JavaScript / AJAX / Web 2.0 Support
Detailed Issue Reporting
Automation
Logging
Reporting
XML
RTF / Word
PDF
Integrated Exploitation Engine
Exploitation of SQL Injection Vulnerabilities
Getting a reverse shell from SQL Injection vulnerabilities
Exploitation of LFI (Local File Inclusion) Vulnerabilities
Downloading source code of all crawled pages via LFI (Local File Inclusion)
Downloading known OS files via LFI (Local File Inclusion)
Post-Exploitation
Authentication
Basic Authentication
Form Authentication
Custom 404 Detection
Heuristic URL Rewrite Detection
List of Vulnerability Checks
List of issues Netsparker is looking for.
SQL Injection
XSS (Cross-site Scripting)
XSS (Cross-site Scripting) via Remote File Injection
XSS (Cross-site Scripting) in URLs
Local File Inclusions & Arbitrary File Reading
Remote File Inclusions
Remote Code Injection / Evaluation
OS Level Command Injection
CRLF / HTTP Header Injection / Response Splitting
Find Backup Files
Crossdomain.xml Analysis
Finds and Analyse Potential Issues in Robots.txt
Finds and Analyse Google Sitemap Files
Detect TRACE / TRACK Method Support
Detect ASP.NET Debugging
Netsparker identifies if ASP.NET Debugging is enabled.
Detect ASP.NET Trace
Netsparker detects if ASP.NET Tracing is enabled and accessible.
Checks for CVS, GIT and SVN Information and Source Code Disclosure Issues
Finds PHPInfo() pages and PHPInfo() disclosure in other pages
Finds Apache Server-Status and Apache Server-Info pages
Find Hidden Resources
Basic Authentication over HTTP
Source Code Disclosure
Auto Complete Enabled
ASP.NET ViewState Analysis
ViewState is not Signed
ViewState is not Encrypted
E-mail Address Disclosure
Internal IP Disclosure
Cookies are not marked as Secure
Cookies are not marked as HTTPOnly
Directory Listing
Stack Trace Disclosure
Version Disclosure
Access Denied Resources
Internal Path Disclosure
Programming Error Messages
Database Error Messages
For more detailed features screen shots & demo click here
It is a technique of modification in computer software and hardware to achieve the concerning goal outside of the creator’s original purpose.
In common usage, a hacker is a person who breaks into computers, usually by gaining access to administrative controls. The subculture that has evolved around hackers is often referred to as the computer underground.
Unauthorized attempts to bypass the security mechanisms of an information system or network.
via Wiktionary
Hacking or getting unauthorized access to a system is not a hot cake. A good hacker must be an outstanding programmer and he must be aware with the systematic working of computing. Or a good scripts kidy can be a good hacker if and until he knows the process of penetrating into a system.
What is Social Engineering?
Social engineering is the act of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical cracking techniques. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim.
“Social engineering” as an act of psychological manipulation was popularized by hacker-turned-consultant Kevin Mitnick. The term had previously been associated with the social sciences, but its usage has caught on among computer professionals.
Social Engineering is God gifted skill. For this you don’t need to be expertise in computing or in hacking.
Simply it helps you in controlling your nerves system against social threats in your daily activities or in your professional life.
Recommended book from BackTrack Community. Following is the title image taken from book title page.
Author starts with a story,
I set at an empty table wearing a business suite. I placed my briefcase on the table and waited for a suitable victim. In a few moments, just such a victim arrived with a friend and sat at the table next to mine, placing her bag on the seat beside her. As was probably her habit, she pulled the seat close and kept her hand on the bag at all times.
I needed to steal the entire bag, but, with her hand resting on it and her friend sitting opposite, she was beginning to look like bad news. But, after a few minutes, her friend left to find a restroom. The mark was alone so i gave Alex and Jess the signal.
Playing the part of a couple, Alex and Jess asked the mark if she would take a picture of them both. She was happy to do so. She removed her hand from her bag to take the camera and snap a picture of the “Happy couple” and, while distracted, i casually reached over, took her bag, and calmly locked it inside my briefcase. My victim was yet to notice the empty chair as Alex and Jess left the cafe. Once out of sight, Alex headed quickly for the parking garage.
It didn’t take long for her to realize her bag was gone. Instantly, she began to panic. She tood up and looked around, frantically. This was exactly what we were hoping for so, i asked her if she needed help.
She started to ask if i had seen anything. I told her i hadn’t but convinced her to sit down and think abuot what was in the bag. A phone, Make-up. A little cash. And her credit cards. Bingo!! I asked who she banked with and then told her that i worked for that bank. What a stroke of luck! I reasurred her that everything would be fine but she would need to cancel her credit card right away. I called the “Help desk” number, which was actually
Alex, and handed my phone to her. She was hooked and it was now up to Alex to reel her in. Alex was downstairs in the van. On the dashboard, a CD player was playing office noises we had downloaded from the Internet. He kept the mark calm, strung her along, and then assured her that her card could easily be canceled but, to verify her identity, she needed to enter her PIN on the keypad of the phone she was using.
My phone and my keypad. You can guess the rest. Once we had her PIN, i left her with her friend and headed for the door. If we were real thiieves, we would have had access to her account via ATM withdrawals and chip and PIN purchases.
Fortunately for her, it was just a TV show and she was so happy when i came back to return her bag and tell her it was all a fake scam. She even thanked me for giving her bag back to which i replied. “Don’t thank me. I’m the one who stole it.”
No matter how secure a system is, there’s always a way to break through. Often, the human elements of the system are the easiest to manipulate and deceive. Creating a state of panic, using influence, manipulation tactics, or causing feelings of trust are all method use to put a victim at ease.”