Essential e-book for those with a wireless network!
Learn how to protect your system from hackers.
pdf. format You will need Adobe to read this file!
Download Link
Monday, July 30, 2007
Hack Proofing Wireless Networks E-Book
Essential e-book for those with a wireless network!
Learn how to protect your system from hackers.
pdf. format You will need Adobe to read this file!
Download Link
Myspace Hacking
There are over 90 million profiles on MySpace. How do you make yours stand out? You use these programming tricks and techniques to tweak the look, feel, and content of your profile. You get the inside scoop on hot design and photography. You maximize the effects of HTML and CSS. And, if you happen to be a musician, you check out Chapter 30 to see how MySpace can launch your career. It's all in here. What are you waiting for? Make it all about you.
Complete code and instructions for these and more MySpace hacks:
* Embedding graphics
* Creating animated images
* Developing your own background
* Building custom cursors
* Changing profile text styles
* Getting kinky with links
* Adding a comments box
* Altering your contact table
* Redesigning the navigation bar
* Making DIV overlays
A companion Web site provides even more tricks and techniques.
Visit www.myspaceismyplace.com to find all code from this book, links to software and featured profiles, a reader forum, and more.
DownLoad Link.
Super BlueTooth Hack
Once connected to a another phone via bluetooth you can:
- read his messages
- read his contacts
- change profile
- play his ringtone even if phone is on silent
- play his songs(in his phone)
- restart the phone
- switch off the phone
- restore factory settings
- change ringing volume
- And here comes the best
Call from his phone" it includes all call functions like hold etc.
Notes:
1.) When connecting devices use a code 0000
2.) At start of programm on smartphones do not forget to turn on bluetooth before start of the application
Password : gOzz
DownloadLink
- read his messages
- read his contacts
- change profile
- play his ringtone even if phone is on silent
- play his songs(in his phone)
- restart the phone
- switch off the phone
- restore factory settings
- change ringing volume
- And here comes the best
Call from his phone" it includes all call functions like hold etc.
Notes:
1.) When connecting devices use a code 0000
2.) At start of programm on smartphones do not forget to turn on bluetooth before start of the application
Password : gOzz
DownloadLink
Hack It v2.0
ArcaVir 1.0.4 Clean 2.69267 secs
avast! 3.0.0 Clean 0.0109391 secs
AVG Anti Virus 7.5.45 Protected File 2.43151 secs
BitDefender 7.1 Clean 10.6369 secs
CAT QuickHeal 9.00 Clean 4.90087 secs
ClamAV 0.90/3192 Clean 2.33094 secs
Dr. Web 4.33.0 Clean 8.27769 secs
F-PROT 4.6.7 Unknown 0.824592 secs
F-Secure 1.02 Protected File 0.206139 secs
H+BEDV AntiVir 2.1.10-37 Clean 5.54858 secs
McAfee Virusscan 5.10.0 Clean 1.63879 secs
NOD32 2.51.1 Protected File 2.66968 secs
Norman Virus Control 5.70.01 Clean 6.81692 secs
Panda 9.00.00 Clean 1.36092 secs
Sophos Sweep 4.16.0 Protected File 3.93723 secs
Trend Micro 8.310-1002 Clean 0.0504251 secs
VBA32 3.11.4 Clean 2.80036 secs
VirusBuster 1.3.3 Clean 2.0923 secs
So the file is clean.
From the creator:
What it does is:
-checks the database of exploits
-checks if the site has any XSS bugs
-checks if the site has any SQL Injection bugs
DownLoad Link
avast! 3.0.0 Clean 0.0109391 secs
AVG Anti Virus 7.5.45 Protected File 2.43151 secs
BitDefender 7.1 Clean 10.6369 secs
CAT QuickHeal 9.00 Clean 4.90087 secs
ClamAV 0.90/3192 Clean 2.33094 secs
Dr. Web 4.33.0 Clean 8.27769 secs
F-PROT 4.6.7 Unknown 0.824592 secs
F-Secure 1.02 Protected File 0.206139 secs
H+BEDV AntiVir 2.1.10-37 Clean 5.54858 secs
McAfee Virusscan 5.10.0 Clean 1.63879 secs
NOD32 2.51.1 Protected File 2.66968 secs
Norman Virus Control 5.70.01 Clean 6.81692 secs
Panda 9.00.00 Clean 1.36092 secs
Sophos Sweep 4.16.0 Protected File 3.93723 secs
Trend Micro 8.310-1002 Clean 0.0504251 secs
VBA32 3.11.4 Clean 2.80036 secs
VirusBuster 1.3.3 Clean 2.0923 secs
So the file is clean.
From the creator:
What it does is:
-checks the database of exploits
-checks if the site has any XSS bugs
-checks if the site has any SQL Injection bugs
DownLoad Link
I.P. Hider
Hide Your i.p. address from all. Selction of proxy servers and setup wizard.
Remember to re-connect to ur Service Provider after selecting proxy server.
Download Link
Saturday, July 28, 2007
IPSentry Network Monitoring Suite Version 5
IPSentry Network Monitoring Software is a centralized Windows based network monitoring software package used by thousands of Information System specialists, system administrators, and IT solution providers around the world for over 10 years.
IPSentry performs constant monitoring of many aspects of your network infrastructure and provides notification alerts should there be a detected failure, threshold exceeded, or other defined problem, ensuring that when a problem exists, you are made aware of the issue for immediate correction thereby substantially reducing down time.
When you buy IPSentry Network Monitor software, you are purchasing a powerful network administration tool which will continuously monitor your internet and intranet servers, routers, modems, databases, services, event logs, performance data and more, 24 hours per day; insuring that your network and devices are functioning properly. If a problem is detected, various alerts and notifications can be triggered to make sure you are aware of the problem as soon as possible.
With IPSentry, you can choose from various alert and notification options, such as pager, cell phone, email, audible alerts, external power control for lights and sirens, system reboots, service restarts, and more.
Whether you are monitoring one server or five hundred, performing simple ping tests or complex network tests based on database query thresholds, SNMP value delta changes and performance counter values, IPSentry is designed to provide a simple interface with the power and complexities sitting behind the scenes allowing you to concentrate on what you do best - keep your networks up and running because the alternative is unacceptable.
IPSentry Network Monitoring Suite Version 5.1.02 DOWNLOAD
IPSentry performs constant monitoring of many aspects of your network infrastructure and provides notification alerts should there be a detected failure, threshold exceeded, or other defined problem, ensuring that when a problem exists, you are made aware of the issue for immediate correction thereby substantially reducing down time.
When you buy IPSentry Network Monitor software, you are purchasing a powerful network administration tool which will continuously monitor your internet and intranet servers, routers, modems, databases, services, event logs, performance data and more, 24 hours per day; insuring that your network and devices are functioning properly. If a problem is detected, various alerts and notifications can be triggered to make sure you are aware of the problem as soon as possible.
With IPSentry, you can choose from various alert and notification options, such as pager, cell phone, email, audible alerts, external power control for lights and sirens, system reboots, service restarts, and more.
Whether you are monitoring one server or five hundred, performing simple ping tests or complex network tests based on database query thresholds, SNMP value delta changes and performance counter values, IPSentry is designed to provide a simple interface with the power and complexities sitting behind the scenes allowing you to concentrate on what you do best - keep your networks up and running because the alternative is unacceptable.
IPSentry Network Monitoring Suite Version 5.1.02 DOWNLOAD
Thursday, July 26, 2007
Security Configuration Wizard in Windows Server 2003 Service Pack 1
Microsoft has developed an almost ideal tool to help you configure security on computers in your organization. The tool is the Security Configuration Wizard, which is available in Windows Server 2003 service pack 1. The tool can help you configure services, network security, auditing, registry settings, and more. The wizard accomplishes these goals by producing security policies, which can be used in conjunction with security templates and specific server roles
Introduction
It is no secret that Microsoft needs to work on security for their operating systems. It is also no secret that many of their attempts to date have not worked as seamlessly as they have originally intended. However, Microsoft is finally onto something with the introduction of the new Security Configuration Wizard, which is bundled with Windows Server 2003 service pack 1.
The Wizard works in conjunction with security policies. The resulting security policies can be applied to any server on your network, allowing for consistency and stability of the security settings on all servers. The security policies are created based on a baseline server. Once the security policy is created, it can be applied to the baseline server, or any other server in the organization.
In this article, we will go over the options that you have as you maneuver through the Security Configuration Wizard, starting with the options of how to manipulate the security policies. We will also cover key areas that are targeted by the Wizard, including services, network security, registry settings, administration and other server responsibilities.
Getting to the Security Configuration Wizard
The Security Configuration Wizard is not installed by default after you install Windows Server 2003 service pack 1. You will need to go through the Add/Remove Windows Components applet in Control Panel to install the Wizard.
After the Wizard is installed, you can access it easily by going to the Administrative Tools menu off of the Start Menu. Once you start the Wizard, you will be presented with the screen shown in Figure 1.
Figure 1: Security Configuration Wizard welcome screen
You should note the message that is highlighted with the yellow yield sign. The message indicates that the wizard will detect inbound ports that are being used by this server. This requires that all applications that use inbound ports be running before you run the Wizard and create the security policy.
Working With Security Policies
Once you launch the Wizard, you will first be prompted to make a decision about the security policy you are going to be working with. You can create a new policy, edit an existing policy, apply an existing policy, or rollback the last applied policy. All of these options can be seen in Figure 2.
Figure 2: You need to make an initial decision as to what you need to do with the security policy
Security policies are created as XML files, using the XML file extension. The default security policy storage location is C:\Windows\Security\msscw\policies. You can provide a description with each security policy, which is extremely useful if you have a multitude of policies.
When you work with the security policy XML file, you won’t be working with the file as a whole; you will be working with the file in different sections. These sections are organized and referenced within the Security Configuration Wizard interface using a security configuration database structure. You can view the security configuration database using the SCW Viewer, which can be seen in Figure 3.
Figure 3: The SCW Viewer allows you to see all of the settings that are configured in the security policy, without viewing the native XML code or using an XML viewer
Configuring the Security Policy
Once the security configuration database is generated, you will work within the Security Configuration Wizard to make the security settings desired for a server or group of servers. The Wizard will gently walk you through an assortment of sections related to the roles and functions that the server is responsible for. The following is a summary of the different sections that you will encounter as you configure the security policy.
Role-Based Service Configuration – This section provides a way to configure the services that are installed and available based on the server’s role and other features. The Wizard is not designed to install components or setup a server to perform specific roles. Instead, it is designed to enable services and open ports based on a list of server roles and client features.
Note:
To install components or setup a server for a role, run the Configure Your Server Wizard.
This section is broken down into subsections, which allow you to select server roles, client functions, services, etc. Here is a list of the subsections that you will encounter for the Role-Based service configuration section:
* Select Server Roles
* Select Client Features
* Select Administration and Other Options
* Select Additional Services
* Handling Specific Services
* Confirm Service Changes
Network Security – This section is designed to configure inbound ports using Windows Firewall. The configurations will be based on the roles and administration options that were selected in the previous section. You will also be able to restrict access to ports and configure port traffic to be signed or encrypted using IPSec. The selection of the ports are based on ports and applications that use specific ports, as can be seen in Figure 4.
Figure 4: Network Security is controlled by configuring the ports on the server
Registry Settings – This section is designed to configure protocols used to communicate with computers on the network. Security for communication protocols is important due to legacy Windows operating systems requiring protocols that are vulnerable to password cracking and man-in-the-middle attacks. The key areas that are targeted in this section include:
* SMB Security Signatures
* LDAP Signing
* Outbound Authentication Protocols
* Inbound Authentication Protocols
Audit Policy – This section will configure the auditing of the server based on your auditing objectives. The audit policy within the Wizard can be configured to not audit any events, audit only successful events, or audit both successful and unsuccessful events. The audit policy will not only configure the Object Access events, but the entire audit policy list of events. Figure 5 illustrates what the audit policy will be for a server that should be auditing both successful and unsuccessful events.
Figure 5: Audit policy settings.
Internet Information Services – This section will only display if you selected the server to run the Web server role. This section is designed to configure the security aspects of Internet Information Services (IIS). The subsections that you will be shown for this section include:
* Select Web Service Extensions for Dynamic Content
* Select Virtual Directories to Retain
* Prevent Anonymous Users from Accessing Content Files
Summary
Once you have your security policy created, you are empowered to control other computers on the network in a consistent and secure configuration. When you save the security policy you will be given the opportunity to also include one or more security templates within the policy. This added option of including security templates provides a powerful way to centralize the security settings for servers within your organization. An excellent built-in feature of using the security policy is the ability to use the rollback feature. This feature allows you to backout of the most recent security policy application, if applications, service, or other functions fail due to settings that are too secure.
Introduction
It is no secret that Microsoft needs to work on security for their operating systems. It is also no secret that many of their attempts to date have not worked as seamlessly as they have originally intended. However, Microsoft is finally onto something with the introduction of the new Security Configuration Wizard, which is bundled with Windows Server 2003 service pack 1.
The Wizard works in conjunction with security policies. The resulting security policies can be applied to any server on your network, allowing for consistency and stability of the security settings on all servers. The security policies are created based on a baseline server. Once the security policy is created, it can be applied to the baseline server, or any other server in the organization.
In this article, we will go over the options that you have as you maneuver through the Security Configuration Wizard, starting with the options of how to manipulate the security policies. We will also cover key areas that are targeted by the Wizard, including services, network security, registry settings, administration and other server responsibilities.
Getting to the Security Configuration Wizard
The Security Configuration Wizard is not installed by default after you install Windows Server 2003 service pack 1. You will need to go through the Add/Remove Windows Components applet in Control Panel to install the Wizard.
After the Wizard is installed, you can access it easily by going to the Administrative Tools menu off of the Start Menu. Once you start the Wizard, you will be presented with the screen shown in Figure 1.
Figure 1: Security Configuration Wizard welcome screen
You should note the message that is highlighted with the yellow yield sign. The message indicates that the wizard will detect inbound ports that are being used by this server. This requires that all applications that use inbound ports be running before you run the Wizard and create the security policy.
Working With Security Policies
Once you launch the Wizard, you will first be prompted to make a decision about the security policy you are going to be working with. You can create a new policy, edit an existing policy, apply an existing policy, or rollback the last applied policy. All of these options can be seen in Figure 2.
Figure 2: You need to make an initial decision as to what you need to do with the security policy
Security policies are created as XML files, using the XML file extension. The default security policy storage location is C:\Windows\Security\msscw\policies. You can provide a description with each security policy, which is extremely useful if you have a multitude of policies.
When you work with the security policy XML file, you won’t be working with the file as a whole; you will be working with the file in different sections. These sections are organized and referenced within the Security Configuration Wizard interface using a security configuration database structure. You can view the security configuration database using the SCW Viewer, which can be seen in Figure 3.
Figure 3: The SCW Viewer allows you to see all of the settings that are configured in the security policy, without viewing the native XML code or using an XML viewer
Configuring the Security Policy
Once the security configuration database is generated, you will work within the Security Configuration Wizard to make the security settings desired for a server or group of servers. The Wizard will gently walk you through an assortment of sections related to the roles and functions that the server is responsible for. The following is a summary of the different sections that you will encounter as you configure the security policy.
Role-Based Service Configuration – This section provides a way to configure the services that are installed and available based on the server’s role and other features. The Wizard is not designed to install components or setup a server to perform specific roles. Instead, it is designed to enable services and open ports based on a list of server roles and client features.
Note:
To install components or setup a server for a role, run the Configure Your Server Wizard.
This section is broken down into subsections, which allow you to select server roles, client functions, services, etc. Here is a list of the subsections that you will encounter for the Role-Based service configuration section:
* Select Server Roles
* Select Client Features
* Select Administration and Other Options
* Select Additional Services
* Handling Specific Services
* Confirm Service Changes
Network Security – This section is designed to configure inbound ports using Windows Firewall. The configurations will be based on the roles and administration options that were selected in the previous section. You will also be able to restrict access to ports and configure port traffic to be signed or encrypted using IPSec. The selection of the ports are based on ports and applications that use specific ports, as can be seen in Figure 4.
Figure 4: Network Security is controlled by configuring the ports on the server
Registry Settings – This section is designed to configure protocols used to communicate with computers on the network. Security for communication protocols is important due to legacy Windows operating systems requiring protocols that are vulnerable to password cracking and man-in-the-middle attacks. The key areas that are targeted in this section include:
* SMB Security Signatures
* LDAP Signing
* Outbound Authentication Protocols
* Inbound Authentication Protocols
Audit Policy – This section will configure the auditing of the server based on your auditing objectives. The audit policy within the Wizard can be configured to not audit any events, audit only successful events, or audit both successful and unsuccessful events. The audit policy will not only configure the Object Access events, but the entire audit policy list of events. Figure 5 illustrates what the audit policy will be for a server that should be auditing both successful and unsuccessful events.
Figure 5: Audit policy settings.
Internet Information Services – This section will only display if you selected the server to run the Web server role. This section is designed to configure the security aspects of Internet Information Services (IIS). The subsections that you will be shown for this section include:
* Select Web Service Extensions for Dynamic Content
* Select Virtual Directories to Retain
* Prevent Anonymous Users from Accessing Content Files
Summary
Once you have your security policy created, you are empowered to control other computers on the network in a consistent and secure configuration. When you save the security policy you will be given the opportunity to also include one or more security templates within the policy. This added option of including security templates provides a powerful way to centralize the security settings for servers within your organization. An excellent built-in feature of using the security policy is the ability to use the rollback feature. This feature allows you to backout of the most recent security policy application, if applications, service, or other functions fail due to settings that are too secure.
BackTrack v2.0 - Hackers LiveCD Finally Released
BackTrack is the result of the merging of the two innovative penetration testing live linux distributions Auditor security collection and Whax. By combining the best features from both distributions and putting continous development energy, the most complete and finest security testing live distro was born: BackTrack
BackTrack v.2.0 is finally released, it’s been a long wait that’s for sure, it does look good though so perhaps it was worth waiting.
You can find some screenshots here.
BackTrack ranked number one in Darknet’s well regarded list 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery).
It’s taken BackTrack almost 5 months to pull themselves out of the beta stage. Many features have been added and many of the persistent bugs have been fixed.
New exciting features in BackTrack 2, to mention a few:
* Updated Kernel-Running 2.6.20, with several patches.
* Broadcom based wireless card support
* Most wireless drivers are built to support raw packet injection
* Metasploit2 and Metasploit3 framework integration
* Alignment to open standards and frameworks like ISSAF and OSSTMM
* Redesigned menu structure to assist the novice as well as the pro
* Japanese input support-reading and writing in Hiragana / Katakana / Kanji.
As usual, Nessus is not included into BackTrack as Tenable forbid redistribution.
The public wiki project is available at http://backtrack.offensive-security.com. Please help us by providing entries in HCL (Hardware compatibility list).
Read more about BackTrack here.
You can download BackTrack here:
BackTrack 2 Stable release Mar 06 2007
BackTrack v.2.0 is finally released, it’s been a long wait that’s for sure, it does look good though so perhaps it was worth waiting.
You can find some screenshots here.
BackTrack ranked number one in Darknet’s well regarded list 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery).
It’s taken BackTrack almost 5 months to pull themselves out of the beta stage. Many features have been added and many of the persistent bugs have been fixed.
New exciting features in BackTrack 2, to mention a few:
* Updated Kernel-Running 2.6.20, with several patches.
* Broadcom based wireless card support
* Most wireless drivers are built to support raw packet injection
* Metasploit2 and Metasploit3 framework integration
* Alignment to open standards and frameworks like ISSAF and OSSTMM
* Redesigned menu structure to assist the novice as well as the pro
* Japanese input support-reading and writing in Hiragana / Katakana / Kanji.
As usual, Nessus is not included into BackTrack as Tenable forbid redistribution.
The public wiki project is available at http://backtrack.offensive-security.com. Please help us by providing entries in HCL (Hardware compatibility list).
Read more about BackTrack here.
You can download BackTrack here:
BackTrack 2 Stable release Mar 06 2007
Hackers Invited to Crack Internet Voting
This is some pretty interesting news, rather than trying to cover things up like normal during July the Philippine government will be soliciting hackers to test the security of their Internet voting system.
I think it’s a great initiative from the International Foundation for Electoral System.
Local and foreign computer hackers will be tapped to try and break into an Internet-based voting system that will be pilot tested by the country’s Commission on Elections (Comelec) starting July 10.
The Internet voting system, developed by Spanish firm Scytl Consortium, is worth $452,000. Comelec will pilot test the system from July 10 to 30 for voters in Singapore, where there are 26,853 registered absentee voters.
The results of the polls, which will use survey questions, will be non-binding, which means it will not affect official elections results.
I think it might work out better if some kind of prize or at least incentive was offered for anyone who could successfully compromise the voting system, things usually work out better that way.
Comelec commissioner Florentino Tuason Jr. told local reporters they have already asked the help of the International Foundation for Electoral System (IFES), a Washington-based IFES non-profit organization, in getting professional hackers to test the security of the Internet voting system.
“When Scytl presented the system, everybody was impressed on the security features. It is covered by international patent and it has been declared secured by no less than Switzerland and everyone in the global community should respect that decision,” Tuason told reporters in a conference Tuesday.
Scytl’s computerized voting system is also being used in countries such as the U.S., Switzerland, and Belgium.
It’ll certainly be interesting to see how the systems ‘impressive security’ stands up against a bunch of random hackers.
I think it’s a great initiative from the International Foundation for Electoral System.
Local and foreign computer hackers will be tapped to try and break into an Internet-based voting system that will be pilot tested by the country’s Commission on Elections (Comelec) starting July 10.
The Internet voting system, developed by Spanish firm Scytl Consortium, is worth $452,000. Comelec will pilot test the system from July 10 to 30 for voters in Singapore, where there are 26,853 registered absentee voters.
The results of the polls, which will use survey questions, will be non-binding, which means it will not affect official elections results.
I think it might work out better if some kind of prize or at least incentive was offered for anyone who could successfully compromise the voting system, things usually work out better that way.
Comelec commissioner Florentino Tuason Jr. told local reporters they have already asked the help of the International Foundation for Electoral System (IFES), a Washington-based IFES non-profit organization, in getting professional hackers to test the security of the Internet voting system.
“When Scytl presented the system, everybody was impressed on the security features. It is covered by international patent and it has been declared secured by no less than Switzerland and everyone in the global community should respect that decision,” Tuason told reporters in a conference Tuesday.
Scytl’s computerized voting system is also being used in countries such as the U.S., Switzerland, and Belgium.
It’ll certainly be interesting to see how the systems ‘impressive security’ stands up against a bunch of random hackers.
Piggy - Download MS-SQL Password Brute Forcing Tool
Piggy is yet another tool for performing online password guessing against Microsoft SQL servers.
It supports scanning multiple servers using a dictionary file or a file with predefined accounts (username and password combinations).
It’s a pretty simple tool and has a Win32 binary verson - it is a command line tool however.
Piggy v1.0.1 by patrik@cqure.net
--------------------------------
usage: piggy [options]
options:
-u [username] - Single username
-p [password] - Single password
-s [server] - Single server
-S [srvfile] - File containing ip/hostnames
-D [dicfile] - File containing passwords
-A [accounts] - File containing username;password combinations
-N - Do not check availability before scan
-v verbose - Verbose logging
You can download it here:
piggy-src-1_0_1.zip (Source code)
piggy-win32-1_0_1.zip (Binary version)
It supports scanning multiple servers using a dictionary file or a file with predefined accounts (username and password combinations).
It’s a pretty simple tool and has a Win32 binary verson - it is a command line tool however.
Piggy v1.0.1 by patrik@cqure.net
--------------------------------
usage: piggy [options]
options:
-u [username] - Single username
-p [password] - Single password
-s [server] - Single server
-S [srvfile] - File containing ip/hostnames
-D [dicfile] - File containing passwords
-A [accounts] - File containing username;password combinations
-N - Do not check availability before scan
-v verbose - Verbose logging
You can download it here:
piggy-src-1_0_1.zip (Source code)
piggy-win32-1_0_1.zip (Binary version)
BiG Hacking Kit
HellLabs Proxy Checker v7.4.18
HostScan v1.6.5.531
Invisible Browsing v4.0
IPScanner v1.86
Ascii Factory 0.6
Cool Beans NFO Creator v2.0.1.3
Dizzy v1.10
NFO File Maker v2.0
Ims NFO&DIZ Maker 1.87
Inserter v1.12
NFO Creator v3.5.2
NFO Maker 1.0
Patchs All In One 2005
SoftIce 4.05 -Win 2000-XP
IP Address Scanner
IP Calculator
IP Converter
Port Listener
Port Scanner April 2005
Ping
NetStat 2005
Cool Trace Route 2005
TCP/IP Configuration
Online - Offline Checker
Resolve Host & IP
Time Sync
Whois & MX Lookup
Connect0r
Connection Analysator and prtotector
Net Sender April 2005
E-mail seeker
Cool Net Pager
Active and Passive port scanner
Spoofer
Hack Trapper
HTTP flooder (DoS)
Mass Website Visiter
Advanced Port Scanner
Trojan Hunter Multi IP April 2005
Port Connecter Tool
Advanced Spoofer
Cool Advanced Anonymous E-mailer April 2005
Simple Anonymous E-mailer
Anonymous E-mailer with Attachment Support
Mass E-mailer
E-mail Bomber
E-mail Spoofer
Simple Port Scanner (fast)
Advanced Netstat Monitoring
X Pinger
Web Page Scanner
Cool Fast Port Scanner
Deep Port Scanner
Fastest Host Scanner (UDP)
Get Header
Open Port Scanner
Multi Port Scanner
HTTP scanner (Open port 80 subnet scanner)
Multi Ping for Cisco Routers
TCP Packet Sniffer
UDP flooder
Cool Resolve and Ping
Multi IP ping
File Dependency Sniffer
EXE-joiner
Encrypter
Advanced Encryption
File Difference Engine
File Comparasion
Mass File Renamer
Add Bytes to EXE
5Cool Cool Variable Encryption
Simple File Encryption
ASCII to Binary
Enigma
Password Unmasker
Credit Card Number Validate and generate
Create Local HTTP Server
eXtreme UDP Flooder
Web Server Scanner
Force Reboot
Cool Webpage Info Seeker
Bouncer
Advanced Packet Sniffer
IRC server creater
Connection Tester
Fake Mail Sender
Bandwidth Monitor
Remote Desktop Protocol Scanner
MX Query
Messenger Packet Sniffer
Cool API Spy
DHCP Restart
File Merger
E-mail Extractor (crawler / harvester bot)
Open FTP Scanner
Fast Patch
Extreme Loader Generator 0.3
Srlzer - Patch generator
Process Patcher
Buddha Patch File Creator 2.2
CodeFusion
Cool Beans NFO Creator 2.0.1 build 3
Patch Creation Wizard v1.2
Patch On The Fly v0.75
Rlzer
RTD - WINpatch v1.0
Patching Engine
Analysis :
OllyDbg 1.10
W32Dasm 8.93 /w patch
PEiD 0.92
Rebuilding :
ImpRec 1.6
Revirgin 1.3
LordPE RoyalITS
Packers :
FSG 2.0
MEW 11 1.2 SE
UPX 1.25
Patchers :
dUP 1.11
CodeFusion 3.0
Universal Patcher Pro 2.0
aPatch 1.07 (*New)
PMaker 1.1.0.0 (*New)
Patch Engine 2.03b (*Nuevo)
ABEL Loader 2.31 (*Nuevo)
HEX Editor :
BView 5.6.2
Decompilers :
DeDe 3.50.04
Flasm
Unpackers :
Alot! ( ASProtect, ACProtect etc )
Others :
FileMon
RegMon
RSATool 2
d*mn HashCalc
Krugers ToolBox
EVACleaner 2.7 (*New)
Process Explorer (*New)
Resource Hacker (*New)
PUPE 2002 (*New)
Download
Download
XP Hacks AIO
.jpg)
Includes:
* Antiwpa versions
* Hacked UX Theme For SP2 BUiLD 2180
* WGA_Working
* Windows Validation Bypass
* Windows Xp Sp2 Keygen with auto key changer
* Windows XP_2003 x64 Edition Activator
* xp validation By pass
* XP-Tips
Download
All-In-One RapidShare Hacks(2007)
.jpg)
makes it the Most Working Rapidshare Hacking Tool.
They are tested and 100% working.Many people have tried this. You just have to do everything like it says and it should. Enjoy !
Download
Passw:TedS
Windows Admin password Hack
This is a utility to (re)set the password of any user that has a valid (local) account on your NT system.
You do not need to know the old password to set a new one.
It works offline, that is, you have to shutdown your computer and boot off a floppydisk or CD. The bootdisk includes stuff to access NTFS and FAT/FAT32 partitions and scripts to glue the whole thing together.
Will detect and offer to unlock locked or disabled out user accounts!
It is also an almost fully functional registry editor!
Windows Admin Hack allows you to reset the administrator password on
Windows 2000/XP.
The ISO must be burned to a CD or Flash drive.
When it is booted, a mini version of linux starts which allows the
administrator password to be reset. useful if you need to work on a
machine the password is unknown.
Download or Download
Hackman Suite Pro v9.01
With Hackman Editor you can edit any type of file in your hard disk, even your hard disk itself. Data are presented in 5 different ways (modes): ASCII, Hex, Binary, Octal, Decimal With Hackman Professional, you can edit in all six modes, while with Hackman Lite, you can edit only in Hex & ASCII (as in the common hex editors).
Here's a partial feature list:
* Edit any binary files
* Disk Editor
* RAM Editor
* Unlimited undo/redo with undo/redo lists
* Clipboard control: cut, copy, paste, paste special, clear clipboard
* Highly sophisticated find and replace
* Unlimited watches and bookmarks
* Numerous conversion modes, including Java, C++, VB, ASCII, text and more
* Patch Maker
* MS-DOS Executable Maker
* Merger/Splitter
* Checksums: CRC16/32, MD5, SHA1 and more
* Cryptographic capabilities (Skipjack, NSA, RCA algorithms)
* Live update to constantly keep your copy up-to-date
* Support for macros and template editing
* Command bar
* Numerous Plugins and External Tools
* Highly customizable: reconfigure toolbar, shortcuts, menus, anything!
* Available in more than 20 languages!
* Unparallel extension capabilities: build your own plugins easily
* Help books online.
Download
What is hacking?
Hacking is unauthorized use of computer and network resources. (The term "hacker" originally meant a very gifted programmer. In recent years though, with easier access to multiple systems, it now has negative implications.)
Hacking is a felony in the United States and most other countries. When it is done by request and under a contract between an ethical hacker and an organization, it's OK. The key difference is that the ethical hacker has authorization to probe the target.
We work with IBM Consulting and its customers to design and execute thorough evaluations of their computer and network security. Depending on the evaluation they request (ranging from Web server probes to all-out attacks), we gather as much information as we can about the target from publicly available sources. As we learn more about the target, its subsidiaries and network connectivity, we begin to probe for weaknesses.
Examples of weaknesses include poor configuration of Web servers, old or unpatched software, disabled security controls, and poorly chosen or default passwords. As we find and exploit vulnerabilities, we document if and how we gained access, as well as if anyone at the organization noticed. (In nearly all the cases, the Information Syhstems department is not informed of these planned attacks.) Then we work with the customer to address the issues we've discovered.
The number of really gifted hackers in the world is very small, but there are lots of wannabes.... When we do an ethical hack, we could be holding the keys to that company once we gain access. It's too great a risk for our customers to be put in a compromising position. With access to so many systems and so much information, the temptation for a former hacker could be too great -- like a kid in an unattended candy store.
From the interview with Dr. Charles C. Palmer, IBM.
Hacking is a felony in the United States and most other countries. When it is done by request and under a contract between an ethical hacker and an organization, it's OK. The key difference is that the ethical hacker has authorization to probe the target.
We work with IBM Consulting and its customers to design and execute thorough evaluations of their computer and network security. Depending on the evaluation they request (ranging from Web server probes to all-out attacks), we gather as much information as we can about the target from publicly available sources. As we learn more about the target, its subsidiaries and network connectivity, we begin to probe for weaknesses.
Examples of weaknesses include poor configuration of Web servers, old or unpatched software, disabled security controls, and poorly chosen or default passwords. As we find and exploit vulnerabilities, we document if and how we gained access, as well as if anyone at the organization noticed. (In nearly all the cases, the Information Syhstems department is not informed of these planned attacks.) Then we work with the customer to address the issues we've discovered.
The number of really gifted hackers in the world is very small, but there are lots of wannabes.... When we do an ethical hack, we could be holding the keys to that company once we gain access. It's too great a risk for our customers to be put in a compromising position. With access to so many systems and so much information, the temptation for a former hacker could be too great -- like a kid in an unattended candy store.
From the interview with Dr. Charles C. Palmer, IBM.
How to create a remote Xterm Session on your audrey
hanks to Zooloo and the linux-hacker.net bbs
This is a quick how-to on running remote xterms on the audrey. Why would you want to do this? Well with the ability to run an xterm on the audrey you can run ksh on any desktop computer to edit config files, run photon apps (they run/display on the audrey itself) or even run x-windows applications on audrey that display on your xserver. It beats using the LCD & tiny keyboard. First off, you need an xserver on your desktop and a net connection to the audrey. If you are running QNX6.1 you need to install the xphoton package. This will give you the ability to run xterms, etc. under native qnx6.1. If you are running windows you need to find an xserver (I personally use exceed but any will work). If you've got linux your all set, just make sure you do an 'xhost +' to allow remote clients.
You then need the ability to run QNX 6.1 binaries on the audrey. Suicidal discussed this in another thread. The key to getting 6.1 binaries running is you need to copy /proc/boot/libc.so.2 from a qnx 6.1 distribution to your audrey under /nto/lib and then on your audrey create a symbolic link to it:
ln -sP /nto/lib/libc.so.2 /usr/lib/ldqnx.so.2
by the way I think this link disappears when you reboot...
Now the annoying part. You need a slew of libraries from the QNX 6.1 distribution, and you have to install the xphoton package to get the /usr/X11R6 directory on qnx 6.1. I didn't even bother trying to figure out which specific libs are needed, instead I just nfs-mounted a mirror of a qnx 6.1 distro on my audrey. Basically I did a fs-nfs2 host:/opt/qnx61 /mnt/qnx61. This gives me the entire qnx 6.1 mounted on /mnt/qnx61 on the audrey. You can do this using cifs (windows) also and it should work. Having the entire 6.1 distro mounted is nice as you have instant access to all kinds of utils not on the audrey.
What you really need from qnx 6.1 to run xterm is some of the libs from /usr/X11R6/lib, and of course 'xterm' from /usr/X11R6/bin. You will also need some libs from /lib on qnx 6.1 (libsocket.so.2, etc.) Once you have these by whatever means you need to do the following in pterm on the audrey, these assume you have the QNX 6.1 distro mounted to /qnx61.
export LD_LIBRARY_PATH=/qnx61/lib:/qnx61/usr/X11R6/lib:$LD_LIBRARY_PATH
export PATH=$PATH:/qnx61/usr/X11R6/bin
You only need xterm from X11R6/bin, so you can just copy it somewhere if you wan.
Now, after you have the above enviornment vars setup, run xterm on the audrey with the -display param set to the ip address of the computer you are running the xserver on:
xterm -display 192.168.0.19:0.0 -ls
In this case my desktop IP address is 192.168.0.19.
If your xserver is running and the authorizations are setup to allow remote x clients, an xterm should pop up and you are now running audrey-ksh on your desktop. You can run vim, photon apps, etc. from here just as you would from pterm. Even resizing vim works fine.
I think this is all that is needed, let me know if you have any problems. This may also work with the 6.0 files, however I've had problems getting xterm to start with 6.0 stuff.
Disclaimer: Remember you are screwing with a flash-based filesystem and if you delete, move, edit, etc. a file the system needs to boot you could render your audrey useless. Be careful when editing system files, or putting files into system directories as not to overwrite anything. I've actually gotton into the habit of remounting key directories via nfs (like /etc, /kojak, /nto) so I can hack without screwing things up.
-zooloo
Retrieved from "http://www.audreyhacking.com/wiki/index.php/Remote_xTerm"
This page has been accessed 2,135 times. This page was last modified 04:19, 11 July 2006.
This is a quick how-to on running remote xterms on the audrey. Why would you want to do this? Well with the ability to run an xterm on the audrey you can run ksh on any desktop computer to edit config files, run photon apps (they run/display on the audrey itself) or even run x-windows applications on audrey that display on your xserver. It beats using the LCD & tiny keyboard. First off, you need an xserver on your desktop and a net connection to the audrey. If you are running QNX6.1 you need to install the xphoton package. This will give you the ability to run xterms, etc. under native qnx6.1. If you are running windows you need to find an xserver (I personally use exceed but any will work). If you've got linux your all set, just make sure you do an 'xhost +' to allow remote clients.
You then need the ability to run QNX 6.1 binaries on the audrey. Suicidal discussed this in another thread. The key to getting 6.1 binaries running is you need to copy /proc/boot/libc.so.2 from a qnx 6.1 distribution to your audrey under /nto/lib and then on your audrey create a symbolic link to it:
ln -sP /nto/lib/libc.so.2 /usr/lib/ldqnx.so.2
by the way I think this link disappears when you reboot...
Now the annoying part. You need a slew of libraries from the QNX 6.1 distribution, and you have to install the xphoton package to get the /usr/X11R6 directory on qnx 6.1. I didn't even bother trying to figure out which specific libs are needed, instead I just nfs-mounted a mirror of a qnx 6.1 distro on my audrey. Basically I did a fs-nfs2 host:/opt/qnx61 /mnt/qnx61. This gives me the entire qnx 6.1 mounted on /mnt/qnx61 on the audrey. You can do this using cifs (windows) also and it should work. Having the entire 6.1 distro mounted is nice as you have instant access to all kinds of utils not on the audrey.
What you really need from qnx 6.1 to run xterm is some of the libs from /usr/X11R6/lib, and of course 'xterm' from /usr/X11R6/bin. You will also need some libs from /lib on qnx 6.1 (libsocket.so.2, etc.) Once you have these by whatever means you need to do the following in pterm on the audrey, these assume you have the QNX 6.1 distro mounted to /qnx61.
export LD_LIBRARY_PATH=/qnx61/lib:/qnx61/usr/X11R6/lib:$LD_LIBRARY_PATH
export PATH=$PATH:/qnx61/usr/X11R6/bin
You only need xterm from X11R6/bin, so you can just copy it somewhere if you wan.
Now, after you have the above enviornment vars setup, run xterm on the audrey with the -display param set to the ip address of the computer you are running the xserver on:
xterm -display 192.168.0.19:0.0 -ls
In this case my desktop IP address is 192.168.0.19.
If your xserver is running and the authorizations are setup to allow remote x clients, an xterm should pop up and you are now running audrey-ksh on your desktop. You can run vim, photon apps, etc. from here just as you would from pterm. Even resizing vim works fine.
I think this is all that is needed, let me know if you have any problems. This may also work with the 6.0 files, however I've had problems getting xterm to start with 6.0 stuff.
Disclaimer: Remember you are screwing with a flash-based filesystem and if you delete, move, edit, etc. a file the system needs to boot you could render your audrey useless. Be careful when editing system files, or putting files into system directories as not to overwrite anything. I've actually gotton into the habit of remounting key directories via nfs (like /etc, /kojak, /nto) so I can hack without screwing things up.
-zooloo
Retrieved from "http://www.audreyhacking.com/wiki/index.php/Remote_xTerm"
This page has been accessed 2,135 times. This page was last modified 04:19, 11 July 2006.
Cyberspace Samurai's Art of Hacking
"If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle." - Sun Tzu, The Art of War.
Take the immortal words of Sun Tzu, know yourself. Or here, know your code. Do you know how your code will react to an attack? Do you know if your application or data is secure, or if there are huge security holes? If your application were under attack, would you even know it?
And what about know the enemy? Do you know how a hacker will attack your application? Do you know what early warning signs to look for, to detect when your applications are being hacked? Have you ever looked at your application as a hacker would, and thought about how you would attack it? As a professional hacker, in this article, I will guide you through the process hackers take to exploit applications and systems.
I'm often asked, "What should I worry about in my code that hackers could exploit?" This is easy enough to answer for risks we know about today, but it doesn't address the real problem. I can tell you about the most popular attack vectors for today's applications, but that will only help you today. To truly help you become more secure, I need to teach you what to look for. I want to enable you to do the analysis. This follows the old proverb, "Give a man a fish and he will be able to eat today; teach a man to fish and he will never go hungry." This is true for security and your applications — well, not the whole fishing part, but the teaching part. You get the idea.
Our Mark
Okay, enough proverbs — let's get down to it. For the purpose of this article, we focus on Web applications. Take any application you can find on the Web. It could be written in ASP.Net, PHP, JSP, ASP, etc. This article is to help free your mind (couldn't resist the reference) to look at your applications as a hacker would, no matter how the applications were written or what language they were written in.
Take any application on the Internet. Perhaps its amazon.com, that allows users to login, make purchases, and search for items to buy. Maybe we are looking at ebay.com, which also allows users to login, search, and list items and descriptions to be shown to potential bidders. Or consider a site like http://forums.station.sony.com/swg, a forums site for online gaming that allows users to post text and potentially pictures.
Enter the Hacker
There are many reasons people are attracted to hacking. The three reasons that seem to always bubble to the top of the list are personal gain, revenge, or power. Some hackers hack to get services or products for free or to steal money. Others hack to get back at the hosting provider or at the employer who spurned them. Most hackers, however, just love the power: the feeling of ultimate control once you manipulate the system, bend the rules of the matrix if you will, allowing you to assert control over a system that seemed otherwise impervious to attack.
As a professional hacker, I can say that there is nothing random about the way a hack is crafted. The beginning of every hack starts with information. For the rest of this section, I would like you to think like a hacker. Picture an application in your head, or visit one on the Web, and look at that application with the full intention of hacking it.
LEGAL DISCLAIMER: Please do not go hacking sites because "Duane told me to do it." I said, just look at the site, don't hack the site.
What's the first thing you do? This is the question that stumps most beginning hackers. People say "Sure, it's easy to hack," but saying it's easy and actually knowing the steps in the dance are two very different things. Let's look at them.
To hack an application, you must know all there is to know about that application.
The first thing most hackers do is use a combination of automated tools, such as retina or nikto. They also enumerate your site manually, to understand as much as possible about your application.
Hackers look for:
* Places data can be submitted to the server, including search fields, data entry, registration pages, and forum posts.
* Format of the URL. Your standard URL format sometimes gives away hints about the underpinnings of what data is being sent back to the server. As a result, it can give the hacker an easy way to manipulate the data stream.
For example, if you had a URL, http://my.website.com/TestPage.asp?User=jsmith, I could try to change jsmith to something else.
* Hidden fields in the pages, such as viewstate, input fields containing important information about security or pricing, etc. These fields, although they say they are hidden, really are accessed easily by the hacker. A program called Achilles allows a hacker to manipulate all data sent from the server to the client and all data sent back. Achilles allows all hidden fields to be seen, and their values to be changed.
* Client-side validation. Sometimes, client-side validation gives the hacker insights into the method you're using to ensure your fields are safe from hackers: what checks you are doing, and in what order.
Armed with this information, the hacker can plan an attack suited for your site and application
Anytime your application allows a user to submit data, you should worry. I know what you are thinking. "Duane, we validate all information the user types in our application to make sure it's not malicious. We don't need to worry about this... do we?" It's great that you check all input fields that users can type data into for malicious code. But what about fields they can't type into?
Most people only worry about data that is submitted to the server in a textbox. There are many places data is submitted back to the server, such as via a drop down list. It's easy for a hacker to change the values in the list on the client side, and submit to the server. You need to validate on the server side each and every field that has data the user could have manipulated on the client.
What do you do, once you find out someone has attempted to inject SQL code or other bad things into your input fields? The tendency in our industry is to be helpful. We try to clean up the input, so it's safe enough to put in the database or execute. However, this is a fundamentally flawed mentality.
If someone enters "SELECT * FROM tblCreditCard" as his username for the login of a site, you probably don't want to try to clean that up and then submit it to the database. If any fields are not what you expected, then don't allow the page to execute.
Each and every time your application gets input that was unexpected, it should be logged somewhere! I know what you are thinking: "I have tons of logs already that I don't get a chance to read. Why, oh why, would I want another?" Logs are the only way you can tell what's going on with your application. It's like buying stuff and not keeping the receipt. If, next month, you get a bill from a vendor charging you double what you were told the cost would be, you wouldn't have any proof because you didn't keep a log of the original charge.
Understand the Entire Attack Surface
Keep in mind that most hackers aren't trying just one way of getting into your site. They try hundreds or thousands. The ones who hack by hand (not using automated tools) systematically test each link in the security chain to see which is the weakest. In hacking sites, I've noticed that I usually get access through the systems or sites people didn't know were there or didn't care about. ("We don't really care what happens to that server. We're really concerned with our credit card processing server that sits next to it.") As a hacker, I just need one entry point, one way into your network — and from there, I will set up my base of operations and start moving inside your defenses.
For example, let's say we have a Web server with twenty different Web sites hosted on it; we're an ISP. Now does it seem weird, if we look at our logs and see a random IP address hitting one of those sites? The answer is usually No. We expect people to use the Web site, and we don't block access by IP address. Would it be odd for all the sites on that box to be hit by one IP address? Usually, the answer to this question is Yes. That would be weird, because the audience of each site is different; it would be highly unlikely for one person to hit them all. Could this be a hacker testing the electric fence, surveying the terrain to see where the weakest entry point is? Could be — yet most people don't think of looking for this type of anomaly.
One last point. Trying to track a hacker on the Internet is like trying to track the wild Yeti in Nepal (I'm not sure there are any tamed Yeti...). But in any case, if the Yeti left no tracks, was silent, and hid where you weren't looking or in a place you didn't know existed... would you find him? If hackers can poke and prod your application and potentially get access to sections of your code or data that you weren't expecting them to, will you know they are there?
Neo: "What? Are you trying to tell me that I can dodge bullets?"
Morpheus: "No Neo, I'm trying to tell you that when you're ready, you won't have to."
I could tell you about all the latest exploits and exactly what to look for today to fix your specific application and make sure it's secure. We would talk about buffer-overflows, SQL injection, Cross-Site Script hacking, the list goes on and on. We would be essentially attempting to dodge the bullets; trying to worry about each and every little incoming attack.
Once you are ready, once you start thinking about your applications and the environment in a holistic manner, and once you control your applications to react the way you want them to or log the activity when they don't, then you will be able to protect against attacks that haven't even been dreamt up yet. I'm not saying your application will be 100% secure, just that your application will always be under your control. You will always be aware of what's going on and what your threats are. That is the true nature of security. It's all about control. You want to be in control. Logs, coupled with a strong understanding of how you may be attacked, is a huge step in the right direction.
Take the immortal words of Sun Tzu, know yourself. Or here, know your code. Do you know how your code will react to an attack? Do you know if your application or data is secure, or if there are huge security holes? If your application were under attack, would you even know it?
And what about know the enemy? Do you know how a hacker will attack your application? Do you know what early warning signs to look for, to detect when your applications are being hacked? Have you ever looked at your application as a hacker would, and thought about how you would attack it? As a professional hacker, in this article, I will guide you through the process hackers take to exploit applications and systems.
I'm often asked, "What should I worry about in my code that hackers could exploit?" This is easy enough to answer for risks we know about today, but it doesn't address the real problem. I can tell you about the most popular attack vectors for today's applications, but that will only help you today. To truly help you become more secure, I need to teach you what to look for. I want to enable you to do the analysis. This follows the old proverb, "Give a man a fish and he will be able to eat today; teach a man to fish and he will never go hungry." This is true for security and your applications — well, not the whole fishing part, but the teaching part. You get the idea.
Our Mark
Okay, enough proverbs — let's get down to it. For the purpose of this article, we focus on Web applications. Take any application you can find on the Web. It could be written in ASP.Net, PHP, JSP, ASP, etc. This article is to help free your mind (couldn't resist the reference) to look at your applications as a hacker would, no matter how the applications were written or what language they were written in.
Take any application on the Internet. Perhaps its amazon.com, that allows users to login, make purchases, and search for items to buy. Maybe we are looking at ebay.com, which also allows users to login, search, and list items and descriptions to be shown to potential bidders. Or consider a site like http://forums.station.sony.com/swg, a forums site for online gaming that allows users to post text and potentially pictures.
Enter the Hacker
There are many reasons people are attracted to hacking. The three reasons that seem to always bubble to the top of the list are personal gain, revenge, or power. Some hackers hack to get services or products for free or to steal money. Others hack to get back at the hosting provider or at the employer who spurned them. Most hackers, however, just love the power: the feeling of ultimate control once you manipulate the system, bend the rules of the matrix if you will, allowing you to assert control over a system that seemed otherwise impervious to attack.
As a professional hacker, I can say that there is nothing random about the way a hack is crafted. The beginning of every hack starts with information. For the rest of this section, I would like you to think like a hacker. Picture an application in your head, or visit one on the Web, and look at that application with the full intention of hacking it.
LEGAL DISCLAIMER: Please do not go hacking sites because "Duane told me to do it." I said, just look at the site, don't hack the site.
What's the first thing you do? This is the question that stumps most beginning hackers. People say "Sure, it's easy to hack," but saying it's easy and actually knowing the steps in the dance are two very different things. Let's look at them.
To hack an application, you must know all there is to know about that application.
The first thing most hackers do is use a combination of automated tools, such as retina or nikto. They also enumerate your site manually, to understand as much as possible about your application.
Hackers look for:
* Places data can be submitted to the server, including search fields, data entry, registration pages, and forum posts.
* Format of the URL. Your standard URL format sometimes gives away hints about the underpinnings of what data is being sent back to the server. As a result, it can give the hacker an easy way to manipulate the data stream.
For example, if you had a URL, http://my.website.com/TestPage.asp?User=jsmith, I could try to change jsmith to something else.
* Hidden fields in the pages, such as viewstate, input fields containing important information about security or pricing, etc. These fields, although they say they are hidden, really are accessed easily by the hacker. A program called Achilles allows a hacker to manipulate all data sent from the server to the client and all data sent back. Achilles allows all hidden fields to be seen, and their values to be changed.
* Client-side validation. Sometimes, client-side validation gives the hacker insights into the method you're using to ensure your fields are safe from hackers: what checks you are doing, and in what order.
Armed with this information, the hacker can plan an attack suited for your site and application
Anytime your application allows a user to submit data, you should worry. I know what you are thinking. "Duane, we validate all information the user types in our application to make sure it's not malicious. We don't need to worry about this... do we?" It's great that you check all input fields that users can type data into for malicious code. But what about fields they can't type into?
Most people only worry about data that is submitted to the server in a textbox. There are many places data is submitted back to the server, such as via a drop down list. It's easy for a hacker to change the values in the list on the client side, and submit to the server. You need to validate on the server side each and every field that has data the user could have manipulated on the client.
What do you do, once you find out someone has attempted to inject SQL code or other bad things into your input fields? The tendency in our industry is to be helpful. We try to clean up the input, so it's safe enough to put in the database or execute. However, this is a fundamentally flawed mentality.
If someone enters "SELECT * FROM tblCreditCard" as his username for the login of a site, you probably don't want to try to clean that up and then submit it to the database. If any fields are not what you expected, then don't allow the page to execute.
Each and every time your application gets input that was unexpected, it should be logged somewhere! I know what you are thinking: "I have tons of logs already that I don't get a chance to read. Why, oh why, would I want another?" Logs are the only way you can tell what's going on with your application. It's like buying stuff and not keeping the receipt. If, next month, you get a bill from a vendor charging you double what you were told the cost would be, you wouldn't have any proof because you didn't keep a log of the original charge.
Understand the Entire Attack Surface
Keep in mind that most hackers aren't trying just one way of getting into your site. They try hundreds or thousands. The ones who hack by hand (not using automated tools) systematically test each link in the security chain to see which is the weakest. In hacking sites, I've noticed that I usually get access through the systems or sites people didn't know were there or didn't care about. ("We don't really care what happens to that server. We're really concerned with our credit card processing server that sits next to it.") As a hacker, I just need one entry point, one way into your network — and from there, I will set up my base of operations and start moving inside your defenses.
For example, let's say we have a Web server with twenty different Web sites hosted on it; we're an ISP. Now does it seem weird, if we look at our logs and see a random IP address hitting one of those sites? The answer is usually No. We expect people to use the Web site, and we don't block access by IP address. Would it be odd for all the sites on that box to be hit by one IP address? Usually, the answer to this question is Yes. That would be weird, because the audience of each site is different; it would be highly unlikely for one person to hit them all. Could this be a hacker testing the electric fence, surveying the terrain to see where the weakest entry point is? Could be — yet most people don't think of looking for this type of anomaly.
One last point. Trying to track a hacker on the Internet is like trying to track the wild Yeti in Nepal (I'm not sure there are any tamed Yeti...). But in any case, if the Yeti left no tracks, was silent, and hid where you weren't looking or in a place you didn't know existed... would you find him? If hackers can poke and prod your application and potentially get access to sections of your code or data that you weren't expecting them to, will you know they are there?
Neo: "What? Are you trying to tell me that I can dodge bullets?"
Morpheus: "No Neo, I'm trying to tell you that when you're ready, you won't have to."
I could tell you about all the latest exploits and exactly what to look for today to fix your specific application and make sure it's secure. We would talk about buffer-overflows, SQL injection, Cross-Site Script hacking, the list goes on and on. We would be essentially attempting to dodge the bullets; trying to worry about each and every little incoming attack.
Once you are ready, once you start thinking about your applications and the environment in a holistic manner, and once you control your applications to react the way you want them to or log the activity when they don't, then you will be able to protect against attacks that haven't even been dreamt up yet. I'm not saying your application will be 100% secure, just that your application will always be under your control. You will always be aware of what's going on and what your threats are. That is the true nature of security. It's all about control. You want to be in control. Logs, coupled with a strong understanding of how you may be attacked, is a huge step in the right direction.
Subscribe to:
Posts (Atom)