Thứ Năm, 17 tháng 12, 2015

How to Randomly Hack a Home Routers


 
 
In this tutorial “How to Randomly Hack a Home Routers”, we are going to show you how to use port scanner to identify home routers (and even office routers :p) and after that we will try to log in to those routers.
In the world most of users doesn’t change there router’s default password because most of them only know how to use without know how to configure the router itself. So that’s the point. We can use that vulnerability to hack the routers.
Requirements:
  • Port Scanner (I use zenmap in this tutorial)
  • Web Browser (I use Google Chrome)
  • Internet Connection
First of all I want to tell you why I use Zenmap because Nmap is the best friend of hackers and Zenmap is the graphical user interface of nmap.
How to Randomly Hack a Home Routers

Step by Step How to Randomly Hack a Home Routers

1. We should select an IP range. I have selected IP range that includes my public IP address.
XXX.XXX.30.0-XXX.XXX.30.255
2. Now let’s scan for home routers.
When you finished your scan, You can find IP addresses which has open ports such as http port(80), ftp port(21) and telnet port(23).
I have found many IP addesses with port 80 is opened.
How to Randomly Hack a Home Routers
So I stopped my scan.
3. Now you can access these addesses using your web browser because http port is opened and we need to find whether the web page is router log in page.
How to Randomly Hack a Home Routers
4. If you see the alert error messages, it says TD-8817. So we can Google for it
search “TD-8817 default username and password


How to Randomly Hack a Home Routers

 5. Now let’s try to access these IP addresses using default logins we just got on step 4.
Default username and passwords are not same for every routers.
With username : admin and password : admin, we can log in to the router administration page
How to Randomly Hack a Home Routers
Attacker can do several harmful things when they can access router page, such as:
  • Redirecting DNS to malicious websites
  • Phishing Attacks
  • etc
Conclusion:
Because most of users doesn’t change their router passwords. It’s a very bad habit because hackers can access your router form anyplace through internet when you are online and It is very harmful to you. So you must change your home router’s password. Keep it on you mind.
hacoder

How to exploit robots.txt?


First method

Now this method is very rare & the web-master would have to be stupid to do this, but you’ll be surprised how many stupid people there are in the world.
This one is simple, go to one of the disallowed directories & look in the source. Sometimes web-master leave comments there to give hints like passwords/ or user-names.
You never know you might find something juicy. :]

With this info you could possibly guess his password by entering some of the most infamous/best football teams.
You can also check for disallowed directory which may be allowed or weak permission.Click here for python script to audit robots.txt file automatically.

How to exploit robots.txt?

What is robots.txt?

Robots.txt is a file that contain path which cannot crawled by bot most of time search-engine bots like google bot or etc. It tells search-engine that this directory is private & can not be crawled by them.
If yo are site owner & want to make robots.txt file , then go following link , it will create robots.txt file for you.
http://www.mcanerin.com/EN/search-engine/robots-txt.asp
so just for now , robots.txt is pretty much what websites use to block certain pages from search engines.
Here is a sample : http://www.whitehouse.gov/robots.txt

First method

Now this method is very rare & the web-master would have to be stupid to do this, but you’ll be surprised how many stupid people there are in the world.
This one is simple, go to one of the disallowed directories & look in the source. Sometimes web-master leave comments there to give hints like passwords/ or user-names.
You never know you might find something juicy. :]
With this info you could possibly guess his password by entering some of the most infamous/best football teams.
You can also check for disallowed directory which may be allowed or weak permission.Click here for python script to audit robots.txt file automatically.
 Exploit-robots.txt

Second method

Directory Traversal
Ok, you use directory traversal when you get denied from a web-page. For example if you go to a disallowed directory & you get denied [404 page]
You can easily bypass that if there insecure with directory traversal. Also, getting denied from a page shows that there must be some sexy info inside of it. :]

So lets get started.
1. Go to the directory you got denied from. I will be using an example.
www.slave.com/users/
2. Once you get denied you need to add a not found directory.
www.slave.com/users/randomwords&numbers
3. Now for the directory traversal part you need to add a /../
This will bring it back one directory, which can get you access to the disallowed directory.
www.slave.com/users/randomwords&numbers/../
Keep it mind that you can also use the first method if you get access to the directory.
hacoder

Chủ Nhật, 13 tháng 12, 2015

Deep Packet Inspection on MCDEAN-ASN - M.C. Dean AS23168 Network

Less than half of the world's service providers have a detailed understanding of the traffic flowing across their networks, and even fewer are aware of the usage patterns of their subscribers. These providers have little understanding of the cost components of their networks, let alone the revenue potential that may be exploited.
Service providers need to track how subscribers are using their broadband connection so as to clearly understand the value of the service they are offering as well as the natural segmentation of their subscriber base. By gaining intimate knowledge of their subscribers, service providers can introduce compelling new service bundles designed to increase customer loyalty and service penetration.
Deep packet inspection (DPI) provides the ability to look into the packet past the basic header information. DPI intelligently determines the contents of a particular packet, and then either records that information for statistical purposes or performs an action on the packet.
Deep Packet Inspection on MCDEAN-ASN - M.C. Dean Network
The goal of usage analysis or network profiling is simple: to identify how network resources are being used in order to generate revenue streams commensurate with the business model. Our solution gives service providers an effective way to gain true visibility into subscriber activity and usage patterns of even the most complex network environments.

Applications enabled by DPI include the following:

• AS23168 Traffic Management, or the ability to control end-user applications such as peer-to-peer applications
• MCDEAN-ASN - M.C. Dean Security, resource, and admission control
• Policy enforcement and service enhancements such as personalization of content or US content filtering
Benefits include increased visibility into the network traffic, which enables network operators to understand usage patterns and to correlate network performance information along with providing usage base billing or even acceptable usage monitoring.
Application Protocol Inspection on MCDEAN-ASN - M.C. Dean Configuration Flow Diagram
DPI can also reduce the overall costs on the network by reducing operation expenses (OpEx) and capital expenses (CapEx) by providing a more thorough understanding of what is happening with the network, and by providing the ability to direct traffic or to prioritize traffic more intelligently.

The need for Network Visibility

Regardless of network size or complexity, geography, or services offered, providers of broadband services need to go beyond raw network statistics and obtain a clear understanding of the type of applications and activities in their network. This includes detailed, ongoing monitoring of the following:
• Bandwidth use by application - A growing challenge in managing a successful broadband network is efficiently reducing operating and capital expenses. Service providers need a clear understanding of what type of applications, services, and network activities are consuming network resources, at what times, and in what percentages. By understanding usage in peak and off-peak hours, popular applications, and popular destinations, operators can develop ways to optimize network traffic, reduce cost, and improve network performance.
• Subscriber usage demographics - With the growth in broadband subscribers, the types of usage and requirements of the broadband community have grown more diverse. Whereas some subscribers are heavy bandwidth consumers, others are more casual and require less network capacity and bandwidth. Some use a wide range of applications such as gaming, voice, video, and file-sharing, whereas others use the network only for occasional browsing and e-mail. Some subscribers use their broadband connection for business, others for leisure and entertainment. Service providers need to categorize their subscriber base according to the actual use of their network in order to analyze ongoing trends and devise new service bundles.
• Peer-to-peer traffic - Peer-to-peer traffic now accounts for between 65 and 80 percent of the world's service provider traffic. Managing this traffic is a significant issue for operators, manifesting itself in poor overall broadband service and in increased costs due to increased help-desk calls, subscriber turnover, and skyrocketing peering costs for international traffic. Although U.S. service providers struggle with peer-to-peer traffic, they rarely face the financial issues encountered by providers outside of the U.S. that are mass "importers" of content. When most of the peer-to-peer content resides outside of their network boundaries, service providers quickly find themselves losing money when their subscribers download content across international lines.
• The presence of malicious traffic - There are now approximately 180,000 digital attacks worldwide each year, causing both service disruptions and financial outlays. Attacks have increased in number-by an order of magnitude over the past three years-and in speed of proliferation. It now takes less than 10 percent of the time to infect 1 million machines than it did only two years ago. Along with worms and viruses, e-mail spam has become a significant component of malicious traffic, now accounting for between 65 and 75 percent of all e-mail traffic. As with viruses and worms, spam carries with it a significant financial cost. According to the Gartner Group, spam is directly responsible for 7 percent of service provider turnover.
• Lack of visibility into services and revenue opportunities - Without visibility into subscriber traffic patterns, estimating the potential demand for new services becomes a challenge. For example, broadband voice may be an appealing service for subscribers, but how can you accurately gauge demand, and growth in this demand, if you have no insight into existing broadband voice service usage? Existing broadband voice activity data on your network could not only provide insight into the growth in demand for these services over time, but could also open the door to new revenue-sharing opportunities for these types of services. Having no visibility into network traffic makes it difficult to understand existing subscribers, let alone decide which new services to launch.

DPI in MCDEAN-ASN - M.C. Dean`s ACCESS POINTS

When the DPI engine is used, an access point operator can gain a deeper understanding of what application traffic is truly passing through the AS23168 network. Even though application traffic is constantly changing, the DPI engine provides customers with up to date and accurate data. Real-time application information also enables access point operator to use this data to work with their customers to identify business critical applications that need precedence, implement policy enforcement, and optimize their networks. All of these things then contribute to the overall quality of experience for end-users.
As access point operators now have an established and effective alternative to developing application identification and DPI capabilities in-house, they can focus resources on core functionalities while reducing their time to market. This ultimately leads to a more robust end user solution and more satisfied customers.
 deepacketinspection

Attacking MPLS VPNs

Loki’s MPLS module is designed to relabel specified MPLS traffic with a given label. It can be used to manipulate the transport label and change the destination of the packet, or to redirect traffic into another MPLS-VPN. The module automatically detects all MPLS labeled traffic on the wire and let the user easily set up relabeling rules. It is possible to add a tcpdump filter to the relabeling rule, if the module should only redirect some special kind of traffic. Last but not least one can define which label in the label stack should be modified.

It should be noted that this attack requires that the attacker has access to the traffic path of the respective packets. The setup for this example looks like this:


Bi-Directional MPLS-VPN
The attacker is in a Man-in-the-Middle situation inside the data path between Provider Edge 1 and Provider Edge 2 in the MPLS backbone.

On PE1 the label association for the both MPLS-VPNs looks like this:

Cisco 3750 Label Overview
Cisco 3750 Label Overview

Which means outgoing traffic for customer RED’s location 2 is tagged with the MPLS label 18. In the other direction, traffic tagged with MPLS label 20 is sent out to customers RED’s location 1. The same for customer GREEN, outgoing traffic for location 2 is tagged with label 19, incoming traffic with label 21 is sent out to location 1. Both customers use the same IP address space for the two locations, which is possible, as we got a logical separation in the routing of each customer.

Let’s further assume we got a client with the IP address 192.168.113.100 connected to customer GREEN’s location 2. So it’s possible to ping this client from PE1 in the context of customer GREEN. We need to specify the virtual routing and forwarding context of customer GREEN to use the customer’s specific routing table. If we run the same command in the context of customer RED, no response will be visible:

Cisco 3750 test of MPLS-VPN Connection






Next the attacker starts to redirect traffic from PE1 to PE2 in the backbone from customer RED’s MPLSVPN to customer GREEN’s MPLS-VPN and redirect traffic from PE2 to PE1 in the backbone from customer GREEN’s MPLS-VPN to customer RED’s MPLS-VPN by loki like this:

Redirecting MPLS-VPN Traffic with Loki
Once the redirection is in place it is possible to ping our assumed host from both, customer RED’s and customer GREEN’s context:

Cisco 3750 Test of MPLS-VPN Connection after using Loki


So this actually means that with right position in the traffic path and the right tool (e.g. Loki) an attacker can easily redirect a given site’s traffic of a given customer to a different destination (provided the IP addresses are the same which presumably is a valid assumption when it comes to addresses like 10.1.1.1 or 192.168.10.1).
showmpls

Thứ Bảy, 12 tháng 12, 2015

Top 10 Web Application Vulnerabilities

he process of exploiting vulnerabilities in web applications has become very easy, especially for seasoned malicious hacker. When a hacker successfully identifies a security flaw in a web application it puts the business and its developers at risk. There have been many cases where users sensitive data is compromised as a result of a successfully exploited vulnerabilities in web applications.

Nowadays hackers rely mostly on automated tools to exploit vulnerabilities in web applications, hence why hack attacks become a more common occurrence. There are many different type of web application vulnerabilities, but here are the 10 most critical and most exploited ones of 2015. These web application vulnerabilities can be found with automated scanners and rated according to their severity. The web application vulnerabilities that are mentioned below are worth fixing, not only because of their severity but also because of the risks it cases to a business.

1.    Injection

You must be aware of this common type of vulnerability, which is the common. Hackers, even script kiddies can easily exploit this vulnerability using automated tools. Injection flaws are not limited to SQL injection only. There are several others such as OS, LDAP and even HTML injection where unstructured data is sent as a query or command. 

This is one of the most severe web application vulnerabilities all over the internet in 2015. In a “XSS File Injection” attack, hackers injected a remote file into the website. So, they can execute java script on current web page. Researchers analyzed this as a particular technique of these hackers to execute their XSS (Cross-site Scripting) attacks.

2.    XSS (Cross- site scripting)


Cross-site scripting issue is not a new vulnerability for any researcher. When an attacker exploits this vulnerability he can inject a malicious script in a website. This weakness affects a user, where the session can be hijacked and the user can be redirected to some malicious website instead of the intended web page. We have seen these attacks happening in numbers on different websites, some of which were quite serious, such as when attackers managed to gain access to the Apache foundation servers through a XSS. Hence it is not a surprise that XSS web vulnerability is listed on the top section of our list.

3.    Using Components with Known Vulnerabilities

This happens when the developer does not take security seriously, or out of neglecting. All the components of the web application should be selected carefully and they should not carry any known vulnerability. Here components means every module that the developer use while he is creating the web application; for example, the framework, libraries and etc.    
 

4.    HTTP – Insecure Authentication Scheme

When a web application is using Digest, NTLM and Basic authentication on HTTP instead of HTTPS, it leaves application vulnerable to hacking attacks. The most common issues we have seen in recent past are:

i) Information leakage, it occurs when a password transmitted over HTTP. This happens when the hackers intercept the user’s password, before it delivers to the website. The hackers who conduct these attacks are dubbed as (man in the middle), because they are between the user and website all the time.

ii) Transmission of users data (DOB,Name, social security number etc.) on a clear-text form. This enables an hacker to intercept the network traffic and steals users data.

Iii) The possibility to lock or brute force user accounts.
 

5.    Hidden Files accessible

Another major vulnerability in web application is when a hacker attacks a website and gains access to directories and files which are hidden. Some major vulnerabilities in a websites, which may result in a breach like this are:Crossdomain.xml File, Robots.txt, Google Sitemap and clientaccesspolicy.xml.
 

6.    Sensitive Data accessibility

Sensitive data accessibility occurs when an attacker gains access to sensitive data or even to any backup of sensitive data through a vulnerability in your site. Sensitive data may include the credit card information of your users, private information and other type of important data that is not supposed to go public.
 

7.      Weak or common credentials

When a user uses a commonly used password or even username (in some cases) he becomes vulnerable to attackers. If an attacker breaks or accesses your weak password he not only can access your sites admin panels but also have full control of your web application.
 

8.    Programming errors& Misconfiguration

Misconfiguration is when the entire web application depends on the poorly configured software and may be the programming errors that could allow an attacker to get unauthorized access. Proper analysis of web server and other network based service configuration is important as analyzing the security of the web application itself.

9.    Directory Listing

The hacker can see all the files of the system if directory listing is enabled on a web server. This may result in serious data theft, depending on the confidentiality of the data, because a hacker can also download the data from the files if he wants to.
 

10.    Unvalidated Redirects and Forwards

This may be caused by a user submitting his data online in shape of an survey form or anything else. The motive behind the hacker is to make a user click on the page, which allows them to break weak passwords or even bypass mediocre ones. The users in some cases installed malware in their system, which in some cases took the user’s computer ransom.

Automated tools have already made the job easier for penetration tester to find the vulnerabilities in web application. But, the ultimate goal is to find the vulnerabilities no matter what tool or set of tools are you using. Check for vulnerabilities in a web application before the hacker do this.

ehacking

Thứ Ba, 8 tháng 12, 2015

Microsoft mở mã nguồn JavaScript Engine của trình duyệt Edge

Microsoft chính thức công bố kế hoạch mở mã nguồn Chakra – JavaScript engine xây dựng trình duyệt web Edge mới của hãng. Mã nguồn sẽ được đăng tải lên GitHub trong tháng tới.
Chakra được phát triển từ năm 2008, là một máy ảo JavaScript mà Microsoft dùng cho lập trình viên của mình triển khai sản phẩm và ứng dụng của hãng. Dù Chakra mới chỉ được sử dụng trong bộ nhân của Microsoft Edge, nhưng nó có mặt trong hầu hết các Universal Apps dành cho hệ điều hành Windows 10.
chakra
Microsoft gọi tên mã nguồn mở của mình là ChakraCore – đăng tải trên GitHub với giấy phép mã nguồn mở MIT vào tháng 1 năm 2016 và được hỗ trợ từ  Intel, AMD, và NodeSource. Đây có thể xem là một điều rất thú vị – một động thái ấn tượng của Microsoft – một công ty có lịch sự về việc bảo mật và giữ kín mã nguồn. Và đặc biệt là quan điểm của Microsoft khá kỳ thị các dự án mã nguồn mở từ thời Bill Gates và đặc biệt là Steve Ballmer.
Google đã mở mã nguồn engine V8 nhiều năm trước đây và thu được kết rất tuyệt vời thông qua việc đóng góp của cộng đồng với dự án này cũng như việc các nhà phát triển đã ứng dụng engine này vào các trình duyệt và ứng dụng khác.
Microsoft hi vọng ChakraCore sẽ được sử dụng rộng rãi trong các ứng dụng trong tương lai, từ các dịch vụ Điện toán đám mây cho tới  Internet of Things.
THN

Xóa tệp an toàn với phần mềm Eraser

Phần mềm Eraser được sử dụng để xóa triệt để hay quét sạch thông tin dữ liệu nhạy cảm trên máy tính của bạn. Điều này được thực hiện bằng cách ghi đè lên thông tin dữ liệu cần xóa. Bạn có thể chọn các tệp và thư mục muốn xóa an toàn. Eraser cũng sẽ xóa các bản sao của dữ liệu đang tồn tại trên máy tính mà bạn không hề biết. Bao gồm những tệp bạn đã xóa trước đây sử dụng lệnh xóa thông thường của Windows cũng như những bản sao của các tài liệu bạn từng sử dụng trong quá khứ.
Bài viết này sẽ hướng dẫn bạn cách cài đặt và sử dụng Eraser.
Lưu ý Cài đặt: Trược khi bạn thực hiện việc cài đặt, hãy kiểm tra chắc chắn bạn có cài đặt phiên bản mới nhất của Microsoft Windows Installer và Microsoft.NET Framework.
Việc cài đặt Eraser khá nhanh chóng và dễ dàng. Bạn chỉ cần mở tệp setup của Eraser, sau đó nhấn Next cho đến khi hoàn tất là xong.
Khi khởi động, giao diện của Eraser sẽ như thế này:
Xóa tệp an toàn với phần mềm Eraser
Bạn nên thiết đặt việc ghi đè lên dữ liệu xóa tổi thiểu ba lần. Mỗi lần ghi đè (hay pass) đều mất thời gian nên càng thực hiện nhiều lần việc ghi đè sẽ càng mất nhiều thời gian thực hiện quá trình xóa. Điều này sẽ đáng chú ý khi xóa một lượng lớn tệp hay quét sạch không gian trống trên ổ đĩa. Số lần ghi đè có thể được thiết đặt tại trình đơn Preferences: Erasing.
Bước 1Chọn > Edit > Preferences > Erasing… như sau:
07
Cửa sổ Preferences: Erasing xuất hiện như sau:
08
Khung Preferences: Erasing hiển thị phương thức ghi đè lên dữ liệu cần xóa.
Cột Description: Chứa danh sách tên các phương pháp xóa.
Cột Passes: Chứa số lần ghi đè lên dữ liệu xóa.
Trong ví dụ này chúng tôi sẽ sử dụng phương pháp ghi đè Pseudorandom Data. Mặc định, chỉ một lần ghi đè được thực hiện. Tuy nhiên, để tăng thêm mức độ an toàn, chúng ta sẽ tăng số lần ghi đè.
Bước 2Chọn tùy chọn # 4 Pseudorandom Data
Bước 3. Nhấn Edit để mở cửa sổ Passes:
10
Bước 4. Đặt số lần ghi đè từ ba đến bảy lần (hãy ghi nhớ về sự cân bằng giữa thời gian/bảo mật).
Bước 5. Nhấn OK để quay về cửa sổ Passes.
# 4 Pseudorandom Data sẽ thay đổi như dưới đây:
12
Gợi ý: Hãy chắc chắn các ô Cluster Tip Area và Alternate Data Streams được nhấn chọn như sau (chúng được chọn theo mặc định):
13
Bước 6. Nhấn OK.
Bạn vừa thiết đặt phương pháp ghi đè cho Eraser khi xóa tệp. Bạn cũng cần đặt các tùy chọn tương tự cho tính năng Unused Disk Space xuất hiện trong khung kế tiếp trong cửa sổ Preferences: Erasing . Tuy nhiên, bạn có thể đặt số lần ghi đè hợp lý — do việc quét sạch vùng đĩa trống có thể mất khoảng hai giờ đồng hồ cho một lần ghi đè.
Người dùng thường sử dụng Eraser qua cửa số chương trình My Computer Windows Explorer hơn là qua việc mở chương trình Eraser.
Bước 1Mở thư mục chứa tệp bạn muốn xóa an toàn.
Bước 2. Nhấn chuột phải vào tệp cần xóa. Hai tính năng mới nằm trong danh sách các lệnh là Erase và Eraser Secure Movenhư sau:
14
Chúng ta sẽ sử dụng lệnh Erase để xóa tệp này một cách triệt để.
Bước 3Chọn lệnh Erase từ trình đơn như trong Hình 1 phía trên.
Hộp thoại Erasing xuất hiện:
15
Bước 4. Nhấn Yes để xóa vĩnh viễn hay xóa an toàn tệp đã chọn khỏi máy tính của bạn.
Cảnh báo: Bất kỳ tệp này được xóa theo phương pháp này sẽ không thể khôi phục lại và bị xóa vính viễn. Vì vậy bạn phải hoàn toàn chắc chắn về môt hay một nhóm tệp mình định xóa.
securitydaily