Support The Ethical Hacker !! - Click Here If You Like My Contents !!!

Wednesday, December 9, 2009

Create Files And Folders With No Name and Icons

Ok! in the last few posts we have been dealing with the internet related hacks and vulnerabilities.So its time for some windows related Tweaks or Hack( whatever you call it !! )
I guess most of the people know about this thing.But some days back, while I was chatting with some of my friends I found that this is a new thing for them.They wanted to know more on this topic.So now I am blogging it here.

So what is our topic...? Well, Yeah How to create a no name folder or file..?

In the final parts I will tell you all about how to make a  folder or a file invisible.OK then, Lets get back to the topic...

So here is the scenario



I have created a folder named " swaroop's " on my desktop.Within that folder there is another folder with the name " make me invisible" . So this is our test folder.On the first part I will tell you how to save the folder with no name ( not really though!!).
There are two methods to create a no name folder :
Both are somewhat similar

Select the folder  " make me invisible" press F2( function key 2) to rename the folder.Hey, Instead, you can also right click on the folder and select to rename.



Now press and hold Alt key and type the following numbers in the same sequence "0160" from the NUMPAD without quotes. and press enter.So what are we doing here..?

We are inserting a "Non Breaking Space" as the name of the folder.
Alternatively :
You can hold Alt Key and type " 255" from the NUMPAD without quotes and press enter.This will also yield you the same results.

Then you will get a folder similar to the one shown below.



NB:
You can try to create a no name folder with the space bar on your key board.You will be surprised to see that it will not work.
The most important thing is that, if you use the number keys on the the top of the character keys this trick is not going to work.You must use NUMPAD.
To create more no name folders or files on the same folder  you can press and hold Alt key and type 0160 or 255 one more time you entered comparing last time.Every time you press the key combination one Non Breaking Space is added to the name.(ie, ALT+255 release ALT (for 1 blank character) press and hold ALT +255 and release ALT(for 2 spaces)  and so on) 

Ok,  now time to make this folder invisible from sight.

Follow  these steps:
1) right click on the folder
2) select properties

3) select the customize tab
4) click on the change icon button
5)select a blank icon  from the list
6)click Ok
7) Click OK in the properties window


The result will be as shown below



To find out the hidden folder you can press the key combination "Alt + a" at the same time ( without the + sign and quotes)
you will see a similar view to the one shown below



Monday, December 7, 2009

Catch Invisible Friends On An Instant Messenger !!


So now I will tell you about something which will be very fun to try out.
So why are we here?  What is the fun thing...?
Hey I am just there....Many of us stay invisible in Yahoo Messenger, Gtalk etc to avoid unnecessary chat requests and spam. Yeah, I know you have many more reasons to stay invisible. But being in the ETHICAL side let us not discuss it here!! .
Here we will learn how I used to detect the status of my friends in IM's.I will be concentrating mainly on detecting the status in Yahoo and Google IM's.

Yahoo Messenger

Here I will give you some links and their uses. Using this method you cannot find out the invisible mode of the person. But it is easy to know the ONLINE or OFFLINE status of your friends. The main advantage of this method is that you never have to login to your account to know the status of your target.


http://mail.opi.yahoo.com/online?u=[Target's username]&m=g&t=0 
You will get a yellow smiley if the person is online and gray if the person is offline or invisible

http://mail.opi.yahoo.com/online?u=[Target's username]&m=g&t=1
This will fetch you a button with “Online Now” or “Not Online”

http://mail.opi.yahoo.com/online?u=[Target's username]&m=g&t=2
We will get an image with “I am Online send me a message” or “Not Online right now”

http://mail.opi.yahoo.com/online?u=[Target's username]&m=g&t=[number from 0 to 24]

Similarly you can change the [number from 0 to 24] to any number from 0 to 24 to get different icons displaying the status of the target.

http://mail.opi.yahoo.com/online?u=[Target's username]&m=a&t=0
Shows a text with “[Target’s username] is ONLINE or NOT ONLINE”

http://mail.opi.yahoo.com/online?u=[Target's username]&m=a&t=1
This will show a value “00” if person is offline and value “01” if he is online

NB: You will have to change the [Target's username] in the above shown URL’s to the yahoo ID you want to detect.  

For Eg: If my Email ID is “hackingwithswar”
So http://mail.opi.yahoo.com/online?u=[Target's username]&m=a&t=1
Will have to be in the form

NB:
We can use these links discussed above to set or hide your status on your blog or site.Think How..?   


We cannot find out the real status of person who is in the “invisible “mode. It will be shown as  he is “Offline”. So in order to solve this problem we can use the method discussed below.

Yahoo Invisibility detection sites

While surfing the net I came across many sites which help us to get the real status of the person of our choice.

Feel free to click on the links to try it out yourself and have fun





Gtalk 
There is a simple trick to know if a Gtalk Friend is online or not
First login to the Gtalk application with your Gmail ID
Then activate the chat window of the profile you need to check the status in the Gtalk.

The Next step is to activate "off the record" function in the chat window of the Victim






Here you can see that you do not receive an  alert when you send your chat


Now we get two kind of responses depending on the status of the Victim.They are :
1) When the Victim is in invisible mode

  In the image displayed below ,you can see that no alerts are generated.So we can be sure that ,the Victim is Online,but in the Invisible Mode!!



2)When the Victim is really Offline






Wednesday, December 2, 2009

Password Cracking Attacks -Common Known Methods

Password cracking is considered as the most common attack in the internet.Have you thought why...?
The answer is simple "Man needs security everywhere but he hates complexity".. Hey its my observation.. So, I say the best method to be secure online for a layman is to use passwords rather going for signing in using Biometrics and similar stuffs.The sense of security one gets by password protecting his accounts is enormous.And evidently the methods for storing and processing of password protected security is relatively simple. Hey but here you will realize that its not that simple to break a password as you read more.

So now its time to discuss different common methods used by a hacker or a cracker to bypass password securities.

Password Guessing:
This is mostly anyone's first attempt to crack a password.The attacker conducts a background check on the victim.This in most cases allows him to come up intelligent guesses and allow the breach.But not all passwords can be broken using this method.It needs a lot of hard work and patience to do this and in many cases its a failure.

Dictionary Based Attacks:
Attackers use automatic tools that tries out all words found in the dictionary as the password.Here we may include any dictionaries,even the local language dictionaries.But everything depends on how powerful is your selected tool.This method can only be used efficiently in case when the victim uses a word from dictionary as the password.Yeah !! I know that you are thinking  that even your password is not a dictionary based one.So now you are saved !!!

This is the main problem with this method.Not many people uses passwords from dictionary.So we can conclude that this method of password cracking is slow and inefficient .

Default Passwords :
Many softwares and networks have default passwords.These are configured by the developers for facilitating easier development.These passwords may even give us access to critical functionality of the software or the network.Lazy programming habits is the main cause of these type of vulnerabilities.Many admins are lazy to check for the default password secured accounts.

NB:
  • You may be surprised to know that a big known military hacking revealed many accounts which gave the hacker full access to critical missions where saved with default passwords.
  • If you are an Admin do check your user accounts for default passwords regularly and delete those immediately
Brute Force Password Cracking :
This is the most successful method of password cracking.You are assured with 100% success rate in this type of attacks.But the time taken by this method is the main drawback.It may take several days for breaking a good password.
The attacker uses an automatic tool that tries out all permutations and combination of the provided character set .For 100% success rate we must provide a character set which will contain all the keys found on the keyboard.But this efficiency is provided with a trade off with the time taken for the process.In most of the cases the correct password gets displayed after a long time.
The speed of password cracking is very much dependent on the speed of the machine,speed of the network,character set provided etc.So in my personal opinion this method is very slow and inefficient.

NB:
  • I know that I started this topic by depicting this as the most successful method but now you know whyI had to say that it is very slow and inefficient.
DO's And DON'T's

DO NOT
  • use relatives names as passwords
  • use words from dictionary
  • use any important dates in your life as your password.
  • use short passwords
  • disclose passwords even to spouse 
  • login to your password protected accounts from public systems if possible
  • fall for social engineering
  • use same password for both critical and non critical accounts
  • write your passwords anywhere.Memory is the best place to store critical data.
DO
  • Try to use a combination of letters form alphabet digits and special characters.
  • Try to use both upper and lower case characters in password
  • Use different passwords for different accounts.
  • Be aware that you are the only person who can stop one from hacking your passwords.
  • A regular security check for the presence of default passwords

NB:
All these are some countermeasures or guidelines on how to prevent password theft.But still it can be stolen !!!

Tools

Cain and abel
John the Ripper

Tuesday, December 1, 2009

Mobile Hacks #1-Call A Friend From His Own Number

Hey !! yes you read it right... Anyone can play pranks on you or your friends by calling them from the target mobile itself.I thought many people know about this.But when I discussed about it among some of my friends, I found out that its a new thing for them.Most of the people are not aware of the possibilities of such a thing.In my other post we talked about Email spoofing.But what if mobile phone number spoofing is also possible...
Ok enough of the introduction.. let us start finding out how this can be done..

There is a site with the name of MOBIVOX - hey don't start googling it now I'll tell you when its time.

You have to register in that site to get started. The main highlight is ,as always I say " Its Free"
 
Click here to get to the registration page

Then you will get a page like this :



Register there and login to your account after Email verification.You will get some free time( and guess what it is more than enough to play pranks on your friends by calling to their number using their number itself.)

After login you will get a screen similar to the one below



Now click on "My Profile" link on the Left hand side of the same page and you will get the page similar to the one showed below.



Now click on the edit button to change the attacker's mobile number.Provide the space with the target's mobile number and save it.

so let us assume that the target's mobile number is "1234567890" give the same as your mobile number before initiating the call.

Now click on the DirectWeb call Button (right hand side top, near "My MOBIVOX" tab)

This will fetch you a page similar to the one displayed below




 When you click on the call now button.The target mobile,here its "1234567890" will receive a call from "1234567890" itself.

Ok so now you are done.Now you can play pranks on your friends.But be sure to educate them at the end of the play.Remember sharing is caring.

So what are you waiting for click on this link to try it out Register Me

NB:
  • This is a clear exploitation of the Input validation vulnerability on that site.
  • The main countermeasure they can take is to send a confirmation code every time the user's mobile number is changed and ask him to enter it in the site to activate the new number.
  • You can call to any phone in this world for free and talk with your mobile itself.
  • My case studies proved that this can be further exploited when you use a disposable email ID to login to this site.Correct me if I am wrong
  • The prank quotient of this hack is high and security quotient is medium.

DDOS-Distributed DOS Attacks

DDOS attacks are very effective as well as dangerous when compared to the simple DOS attacks.
Now You might have a question.. A Big WHY...?
So let me come to the point....
DDOS attacks are multiple leveled attacks.We will discuss more on this in later parts.This makes them very dangerous.Due to the same reason these type of attacks are very difficult to counter.
Know what is different in DDOS Attacks...
In DDOS attacks an attacker breaches in to a lesser secure network say consisting of some 150 systems.He takes control of all systems in that network.Then in the later steps he'll install tools in those systems which can do a DOS attack or even Worse a DDOS attack.Then he will initialize the systems to attack.This makes it difficult to counter or prevent .

One common method of attack is to saturate the target by initializing many external connection requests and there by ceasing even the legitimate connection requests from reaching the target.This may prove to be very hazardous to the companies and firms which rely the internet or their network for income generation.For Eg: A DDOS attack on Yahoo or Google servers may lose them Billions of dollars in income even in several minutes. 



Courtesy: Wikepedia

Countermeasures :
  • Separate or compartmentalize critical services.Do not use the same server to give many services.
  • Buy more Bandwidth than normally required to counter the sudden attacks
  • Filter out usless or malicious traffic as early as possible
  • Disable publicly accessible services
  • Portscan the system regularly and make sure that no DDOS attacking tool is installed in the system
  • Balance traffic load on a set of servers
  • Regular  monitoring and working closely with the ISP will always help.
  • Patch the systems regularly
  • IPSec provides proper verification and authentication in the IP protocol
TOOLS:
  • Tribal Flood Network (TFN)
  • Trin00
  • Stacheldraht
  • shaft
  • Mstream
  • WinTrin00


Wednesday, November 25, 2009

Bypassing Email Antivirus

Many of the Email domains available to us, say, Gmail,Yahoo mail etc, do not allow us to send .exe files or zip files as attachments.When you try to send an application setup the Gmail will notify that "something  .exe is an executable file. For security reasons, Gmail does not allow you to send this type of file." Sometimes it is found that we cannot send compressed files in .zip also via Gmail.



Gmail email account has a virus scanner that scans email attachments and block them appropriately. Gmail email account also blocks .exe files. So, you can't send exe files via Gmail. Yes of course I mean that you cannot sent them directly
So How can you Bypass Gmail security..?
 Mainly 3 ways can be employed to do this .Now let us discuss them here.


Rename The Extension of the compressed file.
For this method you will have to compress to .zip format if you do not have any other softwares like WinRar to do that.This method is found to work completely for the .zip files. All you have to do is to change the extension to something which cannot be recognized by Gmail. For Eg : you can change the setup.zip to setup.<your name>.Then you can attach it to your mail and send it to the target.

NB:
  • Make sure you tell the person you're mailing to rename it to .zip on the other end so that they can extract it.
  • Here Gmail is depending on the extension to recognize the file types.
  • A simple method by which Gmail can avoid this hack is by making use of the fact that  "All zip files start with the bytes 'PK' "
 Bingo now that is an idea to make a patch..


Use WinRar software for compressing
Download the WinRar application and compress the .exe file using this application.The file you get will be in the .rar format.This can be easily sent via Gmail.In some occasions this may not work well.So you will have to encrypt the file names also before sending. 


Use Online file storage services for sharing.

 There are many file storage services in the web which will allow you to store the files online.We can make use of these to share the files with our friends.All you have to do is to send the link to the file to the target.So when the target clicks on the link it will allow him to download the file.

You can avail the service of Ziddushare for such things.A simple registration process will allow us to upload files to our account.Also we are getting paid for the uploads.The main highlight of this service is that the registration is free.Ziddu.com has no wait times.


Tuesday, November 24, 2009

DoS- Denial Of Service Attacks

This a common form of attack any admin should protect his networks from.DoS attacks are used to compromise or bring down systems and networks.Each System connected to internet has a limited bandwidth and memory available for it.In the DoS attacks an attacker tries to choke or clog up all the available bandwidth on the target.As a result even the legitimate customers or clients are no longer be able to connect to the target.Some kind of data traffic is used by the attacker as the weapon for this attack.

Main Steps in DoS attacks:
  1. Attacker sends technically infinite amount of malicious data to the network.
  2. Target network gets choked or clogged up and cannot handle the inflow of the malicious data.This results in the crashing of the network as well as the target system.
  3. Even real people or clients cannot connect to the target network.
  4. This  results in loss of revenue,disrupt services,inconvenience,customer dissatisfaction and many other problems.
  In most of the cases a server may have a T1 or T3 connections that serves all the clients.A simple DoS attack can easily generate a traffic up to 20 to 30 Mbps clogging up the entire network bandwidth.Now this may be fatal for the services offered.A DoS attack is usually an attack of last resort. It’s considered an unsophisticated attack because it doesn’t gain the hacker access to any information but rather annoys the target and interrupts their service.

Different types of Dos attacks :
Some type of main DoS attacks are briefed in this section.

Ping of Death :
TCP/IP protocol is working based on many rules and limitations.One of such limitations is that the maximum size of a data packet that can be sent through a network is 65536 bytes.In the Ping of Death attack a packet having the size greater than the maximum allowable size is send to the target system.As soon as the target receives such packet it crashes or hangs or reboots.This is because the protocol can handle only legitimate data packets.The main problem with this attack is that any one can do such an attack with the help of a slightly advanced ping tool or command in Linux .
 command in Linux to perform this attack :
ping -l
Eg: ping -l 65545

NB:This attack only affects  the systems up to Win 95/98.All the upper versions are patched to this type of attack.

Tear Drop Attacks:
These kind of attack can affect many systems on the internet.Now let me explain the concept behind this attack.Normally the data sent from the source to destination is broken down in to smaller chunks and later combined together in to a larger file at the destination.
For Eg:
Say,a  5000 part ( just a quantity) data which is in single chunk has to be sent in a network.So we can assume that the data is to be broken in to 3 smaller parts for the process.
Chunk A contains data from the 1 to   1500 parts
Chunk B contains data from the 1501 to   3500 parts
Chunk C contains data from the 3501 to   5000 parts
It is important to note that the different chunks does not have any  overlapping ranges.

In the Tear Drop attack the data chunks of overlapping ranges is sent to the target.As the target does not know how to manage or process or combine the data, it will get confused and the system may crash or hang or even reboot.
The data send for attack will be of this way :
(This is not the real data or methodology.I am giving this Eg: to enhance your understanding only)
Chunk A contains data from the 1 to   1500 parts
Chunk B contains data from the 1499 to   3500 parts
Chunk C contains data from the 3499 to   5000 parts
Here you can see the data ranges of the data packets overlap.

Fragmentation Attacks:
This is a variation of the Tear Drop Attacks.Here the attacker sends streams of data packets with identical fragments to the target system.Since the target does not know how to put back the data together it crashes or hangs or reboots.

Chunk A contains data from the 1 to  1500 parts
Chunk A contains data from the 1 to  1500 parts
Chunk C contains data from the 3501 to 5000 parts
Here we are not sending chunk B,instead we are sending only the chunk A twice.

Smurf Attacks :
This is another type of DoS attack.Here in this attack attacker sends infinite number of ping requests to the broadcast address of the target.
A few words on the Broadcast address : This is a IP address which are used by the network admins to sent a data to the entire network.Every node connected to the network will receive the message directed towards the broadcast address.
 So what happens in this attack..?
Each system receiving the ping must reply to it using ICMP replies.Due to the infinite loops thus generated and due to the large number of pings, the target network will crash or restart or hang up.

NB: IRC servers are considered as the primary victim of smurf attacks on the Internet.

Countermeasures against Smurf attacks:
  1. Block all data packets with source address same as any internal system,having the source address as the broadcast address.
  2. Disable the broadcast address.
  3. Always remember that there is no reason why an external system needs to send some data to the broadcast address.
Land Attacks :
In a Land attack, attacker sends a packet to a system where the source IP is set to match the target system’s
IP address. As a result, the system attempts to reply to itself, causing the system to create a loop
which will tie up system resources and eventually may crash the OS.Here the source and the destination IPs are same in the packet sent When the attacker sends infinite malicious packets to the victim the case becomes even worse.
Countermeasures for Land attack :
Filter all data packets having the same source and destination IP's.
NB: Make sure that we do not block the packets having the same source and destination ports by mistake .

SYN Flooding :
The main principle behind this kind of attack lies in the  way each TCP/IP connection is established.Each connection is established in a 3 way handshake process.This is  explained in other posts.

Let us discuss how SYN Flooding exploits this classic 3 way handshake process.
   In the attack , the attacker sends infinite number of connection requests in such a way that the packet orginates from a spoofed IP address.This creates infinite threads in the half open states.

Spoofed IP => SYN packet => Host
Host => SYN/ACK Packet => spoofed address

During this process the host will allocate certain amount of memory for each connection.Here the attacker sends infinite packets.When the whole memory of the target is used up the target may hang or crash or reboot.

3 important scenarios in SYN Flooding.
  1. The spoofed IP address does not Exist :
The data reply packet will travel in the internet until the TTL value reduces to 0 or dropped at the router.But until this time target waits for the ACK from the source IP and space allocated for the connection remains used up.
     2.The spoofed IP address Exists :
When the SYN/ACK reaches the IP it sends an error message and the target on receiving this message will free the allocated memory.
     3.The spoofed IP is inside the target network :
This makes the job very easy for the attacker.This allows the attacker to increase the strain on the network and uses up  all the available network resources.
Loop Back Flooding:
This is one of the oldest examples of the DoS attacks.


The attacker exploits two services in the OS to carry out this attack.He sends infinite data to the "Chargen" service of a victim UNIX system such that the packets are originated from the "echo" service of the same system.

A small Overview about the Chargen and Echo daemons :
These are designed in a way that , what data  received is sent back to the source. They loop it back or reply or send same data to the source.
The echo service sends data to chargen , and chargen in turn sends it back and so on.Thus an infinite loop is created in the target and is eventually DoS attacked.

NB:This type of attack does not affect modern syatems.Almost all systems are patched to this type of attacks.

Tools:


TIPS:
If the the spoofed IP address exists , make sure you DoS attack it before SYN Flooding any network.

Session hijacking:
This is a hacking method that creates a temporary DoS for an end user and the attacker takes over the current session.This is done after the user has established an authenticated session. Session hijacking can also be used to perform a man-in-the-middle attack when the hacker steps between the server and client and sniffs all traffic.