Disqus for Cyber Fort

Showing posts with label e hacking. Show all posts
Showing posts with label e hacking. Show all posts

Monday, 17 March 2014

Google Public DNS Server Traffic Hijacked

Be The First To Comment
The Internet is becoming a dangerous place day-by-day and especially for those innocent web users who rely on 3rd party services. The latest bad news is that the World's largest and most widely used Google's free public DNS (Domain name system) resolvers raised security red flags yesterday.
DNS is the master address list for the Internet, which translates IP addresses into human readable form and vice versa. According to Internet monitoring firm BGPmon, Google's DNS server 8.8.8.8/32 was hijacked yesterday for 22 minutes.

The Google's DNS server handles around 150 billion queries a day and during the 22 minutes of hijacking, millions of Internet users, including Financial institutions, Governments were redirected to BT’s (British multinational telecommunications services company) Latin America division in Venezuela and Brazil.Hackers exploited a well-known vulnerability in the so-called Border Gateway Protocol (BGP), which is used to exchange data between large service providers, and hijacking could allow the attackers to simply re-route the traffic to a router they controlled. 
BGP attack is the man-in-the-middle attack at large scale and harder to detect, as the traffic still reaches its legitimate destination and which was first demonstrated in 2008 by two security researchers - Tony Kapela and Alex Pilosov.

It's not the first time when Google Public DNS service has been hijacked. In 2010, DNS server traffic was hijacked and redirected to Romania and Austria.

Read More

Tuesday, 4 March 2014

Change Your IP in Less Then 1 Minute

1 Comment


1. Click on “Start” in the bottom left hand corner of screen
2. Click on “Run”
3. Type in “command” and hit OK
 You should now be at an MSDOS prompt screen.
4. Type “ipconfig /release” just like that, and hit “enter”
5. Type “exit” and leave the prompt
6. Right-click on “Network Places” or “My Network Places” on your desktop.
7. Click on “properties”
You should now be on a screen with something titled “Local Area Connection”, or something close to that, and, if you have a network hooked up, all of your other networks.
8. Right click on “Local Area Connection” and click “properties”
9. Double-click on the “Internet Protocol (TCP/IP)” from the list under the “General” tab.
10. Click on “Use the following IP address” under the “General” tab.
11. Create an IP address (It doesn’t matter what it is. I just type 1 and 2 until i fill the area up).
12. Press “Tab” and it should automatically fill in the “Subnet Mask” section with default numbers.
13. Hit the “Ok” button here.
14. Hit the “Ok” button again.
You should now be back to the “Local Area Connection” screen.
15. Right-click back on “Local Area Connection” and go to properties again.

16. Go back to the “TCP/IP” settings.
17. This time, select “Obtain an IP address automatically” tongue.gif
18. Hit “Ok”
19. Hit “Ok” again
20. You now have a new IP address
With a little practice, you can easily get this process down to 15 seconds.

NOTE:- This only changes your dynamic IP address, not your ISP/IP address. If you plan on hacking a website with this trick be extremely careful, because if they try a little, they can trace it back.

more info- Ezivera 
Read More

Thursday, 13 February 2014

J.A.R.V.I.S : Artificial Intelligence Assistant Operating System for Hackers

Be The First To Comment

A group of Indian Hackers has designed Artificial Intelligence Assistant Operating System called 'J.A.R.V.I.S' , who recognizes them, answer questions, tweet for them and Collect information, scan targets for them.

Chiragh Dewan, a 18 year old student who is currently pursuing his BCA has taken the initiative to be the first Indian to complete this project J.A.R.V.I.S , which is inspired by Iron Man’s (movie) artificial intelligence assistant Jarvis.
With his team of 7 including Himanshu Vaishnav, Mayur Singh, Krishanu Kashyap, Vikas Kumar, Vinmay Nair and Sravan Kumar, they are about to finish the 3rd level of the project.
Their long term goal is to create an OS which could adapt itself according to the user's needs. Like if a doctor is using the OS, it will adapt itself so as it is capable of helping him out in his field like searching for new techniques, medicines, help in their research, etc. Add for architects, other professions. 
Project Task Completed: In the current version of Jarvis v1.0, it is capable of:
  • Answering questions asked by the administrator
  • Compile reports on any topic asked by the user.
  • Control lights by voice.
  • Basic interaction with the user.
  • Handling Facebook, Email and Social profiles of users
  • Using Twitter Account with voice control
  • Basic OS kernel is ready.
  • Can Scan targets for Hackers
  • Gathering Basic information about the target
All the above functionalities are completely controlled by voice. It has only been four months since they have started this project and have achieved a lot in this short period of time.

The team will announce the OS publicly soon after completion of phase 3, but for now Chiragh proudly shows off his creation on the J.A.R.V.I.S project website.

Read More

Top 7 Best Operating System For Hacking

Be The First To Comment


Hacking is not an art than can be mastered overnight, it requires dedication and off-course time. Have you ever thing why Hacking is possible because of “unaware developers and inappropriate programming techniques” . As a Ethical hacker i personally realize that You can never stop hackers to hack something, you can just make his task harder by putting some extra security. if you are really interested in Hacking, You need to be know Which Operating systems are used Hackers.

Today i want to say u that which is the best operating system for hacking a/c hackers .
1.  Kali Linux :-



Kali Linux is an advanced penetration testing tool that should be a part of every security professional’s toolbox. Penetration testing involves using a variety of tools and techniques to test the limits of security policies and procedures. What Kali has done is collect just about everything you’ll need in a single CD. It includes more than 300 different tools, all of which are open source and available on GitHub.
2. BackTrack 5r3 :-

The evolution of BackTrack spans many years of development, penetration tests, and unprecedented help from the security community. BackTrack originally started with earlier versions of live Linux distributions called Whoppix, IWHAX, and Auditor. When BackTrack was developed, it was designed to be an all in one live cd used on security audits and was specifically crafted to not leave any remnants of itself on the laptop. It has since expanded to being the most widely adopted penetration testing framework in existence and is used by the security community all over the world.
3. BackBox Linux :-

BackBox is a Linux distribution based on Ubuntu. It has been developed to perform penetration tests and security assessments. Designed to be fast, easy to use and provide a minimal yet complete desktop environment, thanks to its own software repositories, always being updated to the latest stable version of the most used and best known ethical hacking tools.
4. Samurai Web Testing Framework :-

The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.
5. NodeZero Linux :- 
Best-operating-system-used-for-Hacking1
Penetration testing and security auditing requires specialist tools.The natural path leads us to collecting them all in one handy place. However how that collection is implemented can be critical to how you deploy effective and robust testing.
All though NodeZero Linux can be used as a “Live System” for occasional testing, its real strength comes from the understanding that a tester requires a strong and efficient system. This is achieved in our belief by working at a distribution that is a permanent installation, that benefits from a strong selection of tools, integrated with a stable linux environment.
6.  Knoppix STD :-
STD is a Linux-based Security Tool. Actually, it is a collection of hundreds if not thousands of open source security tools. It’s a Live Linux Distro, which means it runs from a bootable CD in memory without changing the native operating system of the host computer. Its sole purpose in life is to put as many security tools at your disposal with as slick an interface as it can.



7.  CAINE :-
Best-operating-system-used-for-Hacking1
CAINE (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a project of Digital Forensics
CAINE offers a complete forensic environment that is organized to integrate existing software tools as software modules and to provide a friendly graphical interface.



Read More

Sunday, 26 January 2014

Common Methods to Hack a Website

2 Comments
Gone are the days when website hacking was a sophisticated art. Today any body can access through the Internet and start hacking your website. All that is needed is doing a search on google with keywords like “how to hack website”, “hack into a website”, “Hacking a website” etc. The following article is not an effort to teach you website hacking, but it has more to do with raising awareness on some common website hacking methods.


The Simple SQL Injection Hack

SQL Injection involves entering SQL code into web forms, eg. login fields, or into the browser address field, to access and manipulate the database behind the site, system or application. 
When you enter text in the Username and Password fields of a login screen, the data you input is typically inserted into an SQL command. This command checks the data you've entered against the relevant table in the database. If your input matches table/row data, you're granted access (in the case of a login screen). If not, you're knocked back out.


In its simplest form, this is how the SQL Injection works. It's impossible to explain this without reverting to code for just a moment. Don't worry, it will all be over soon.
Suppose we enter the following string in a User name field:

' OR 1=1 double-dash-txt.png 

The authorization SQL query that is run by the server, the command which must be satisfied to allow access, will be something along the lines of:
SELECT * FROM users WHERE username =USRTEXT ' 
AND password = ‘PASSTEXT
…where USRTEXT and PASSTEXT are what the user enters in the login fields of the web form.
So entering `OR 1=1 — as your username, could result in the following actually being run:
SELECT * FROM users WHERE username = ‘' OR 1=1 — 'AND password = '
Two things you need to know about this:
['] closes the [user-name] text field.
'double-dash-txt.png' is the SQL convention for Commenting code, and everything after Comment is ignored. So the actual routine now becomes:
SELECT * FROM users WHERE user name = '' OR 1=1
1 is always equal to 1, last time I checked. So the authorization routine is now validated, and we are ushered in the front door to wreck havoc. 
Let's hope you got the gist of that, and move briskly on.

Brilliant! I'm gonna go to hack a Bank! 

Slow down, cowboy. This half-cooked method won't beat the systems they have in place up at Citibank,
evidentlyBut the process does serve to illustrate just what SQL Injection is all about — injecting code to manipulate a routine via a form, or indeed via the URL. In terms of login bypass via Injection, the hoary old ' OR 1=1 is just one option. If a hacker thinks a site is vulnerable, there are cheat-sheets all over the web for login strings which can gain access to weak systems. Here are a couple more common strings which are used to dupe SQL validation routines:
username field examples:
  • admin'—
  • ') or ('a'='a
  • ”) or (“a”=”a
  • hi” or “a”=”a
… and so on.

Cross site scripting ( XSS ):
Cross-site scripting or XSS is a threat to a website's security. It is the most common and popular hacking a website to gain access information from a user on a website. There are hackers with malicious objectives that utilize this to attack certain websites on the Internet. But mostly good hackers do this to find security holes for websites and help them find solutions. Cross-site scripting is a security loophole on a website that is hard to detect and stop, making the site vulnerable to attacks from malicious hackers. This security threat leaves the site and its users open to identity theft, financial theft and data theft. It would be advantageous for website owners to understand how cross-site scripting works and how it can affect them and their users so they could place the necessary security systems to block cross-site scripting on their website.

Denial of service ( Ddos attack )


A denial of service attack (DOS) is an attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the resources, so that no one can access it.this is not actually hacking a webite but it is used to take down a website.

If an attacker is unable to gain access to a machine, the attacker most probably will just crash the machine to accomplish a denial of service attack,this one of the most used method for website hacking




Cookie Poisoning:



Well, for a starters i can begin with saying that Cookie Poisoning is alot like SQL Injection

Both have 'OR'1'='1 or maybe '1'='1'

But in cookie poisoning you begin with alerting your cookies

Javascript:alert(document.cookie)

Then you will perharps see "username=JohnDoe" and "password=iloveJaneDoe"

in this case the cookie poisoning could be:

Javascript:void(document.cookie="username='OR'1'='1"); void(document.cookie="password='OR'1'='1");


It is also many versions of this kind... like for example

'

'1'='1'

'OR'1'='1

'OR'1'='1'OR'


and so on...

You may have to try 13 things before you get it completely right...

Password Cracking


Hashed strings can often be deciphered through 'brute forcing'. Bad news, eh? Yes, and particularly if your encrypted passwords/usernames are floating around in an unprotected file somewhere, and some Google hacker comes across it. 
You might think that just because your password now looks something like XWE42GH64223JHTF6533H in one of those files, it means that it can't be cracked? Wrong. Tools are freely available which will decipher a certain proportion of hashed and similarly encoded passwords.

Know more about Brute force attack

A Few Defensive Measures

* If you utilize a web content management system, subscribe to the development blog. Update to new versions soon as possible.
* Update all 3rd party modules as a matter of course — any modules incorporating web forms or enabling member file uploads are a potential threat. Module vulnerabilities can offer access to your full database.
* Harden your Web CMS or publishing platform. For example, if you use WordPress, use this guide as a reference.
* If you have an admin login page for your custom built CMS, why not call it 'Flowers.php' or something, instead of “AdminLogin.php” etc.?
* Enter some confusing data into your login fields like the sample Injection strings shown above, and any else which you think might confuse the server. If you get an unusual error message disclosing server-generated code then this may betray vulnerability.
* Do a few Google hacks on your name and your website. Just in case…
* When in doubt, pull the yellow cable out! It won't do you any good, but hey, it rhymes. 

hope u like this article...
Read More

Monday, 13 January 2014

MIT University website defaced by Anonymous hackers in honor of Aaron Swartz

1 Comment

Today is January 11, 2014 and the last year on the same day a 26-year-old, young hacker, Reddit cofounder and the digital Activist, Aaron H. Swartz committed suicide. He found dead in his Brooklyn, New York apartment, where he had hanged himself.
Swartz was indicted by a federal grand jury in July 2011, accused of hacking the MIT JSTOR database and stealing over four million documents with the intent to distribute them.

He could have prison for 50 years and $4 million in fines by the Court, but before that he committed suicide in fear. Swartz's father, Robert, later blamed the MIT and the judiciary system for his son's death.

On the first Anniversary of Aaron Swartz, today the Anonymous group of hackers defaced the sub-domain of the Massachusetts Institute of Technology (MIT) website (http://cogen.mit.edu/) for about an hour as part of #OPLASTRESORT.

Defacement page was titled 'THE DAY WE FIGHT BACK'. The message posted on it, “Remember The Day We Fight Back, Remember. We Never Forget, We Never Surrender, Expect Us.”
At the time of writing, the domain was down. The attack on the website of MIT is a part of the tragic suicide of hacker Aaron Swartz to give him tribute.

It was the MIT's role in the federal prosecution against an activist, which ultimately led to him committing suicide, but the U.S Government has not learned anything and they are planning to make laws stricter against hackers. Recently, The Senate Judiciary Committee Chairman 'Patrick Leahy' reintroduced a revamped version of the "Personal Data Privacy and Security Act" for tough criminal penalties for hackers. The new bill suggests 20 years in prison, rather than 10 years (currently) and also recommending to give same penalties for the hackers who even attempt to hack the systems, but doesn't succeed.
Read More

Thursday, 2 January 2014

Top 10 Threat Predictions for 2014

1 Comment
During the past few years, security threats and actual breaches have grown exponentially. Malware has gone mainstream, social engineering has become far more sophisticated, high-profile database hacks have become disturbingly common, and distributed denial-of-service (DDoS) attacks have rocked businesses across a wide range of industries. These attacks have rendered countinue ...

Android Malware Will Expand

As the Android OS takes root in game consoles, wearable devices, home automation equipment and industrial control systems, malware will appear on these devices.

Use of Encryption Will Increase


Fears that critical data and intellectual property could be compromised or stolen through malware or government eavesdropping will lead to an uptick in the use of encryption.



Shutting Down Botnet Operators

Law enforcement will broaden its scope and focus on a broader set of global cyber-targets, including botnet operators and individuals selling cyber-crime services.

Battling for the Deep Web


Improved versions of anonymous services and file-sharing  applications will grow, and it will become more difficult to infiltrate and take down these systems.


Targetig Off-Net Devices
Cyber-crooks will target infrastructure over desktops. The first generic exploitation frameworks and mass malware agents for home devices will appear.



Becoming More Transparent

On the heels of an FTC crackdown in 2013, network security vendors will face increased scrutiny and accountability.



Botnets Will Migrate


Cyber crooks will transition from a traditional client-server botnet approach to a P2P strategy that makes it more difficult to dismantle and disrupt their activities.


Botnets Will Cross-Breed

Increasingly sophisticated botnets will seek out other botnets and cross-infect with them to more effectively increase their base of machines.


More Attacks on Windows XP

When Microsoft stops supporting Windows XP on April 8, newly discovered vulnerabilities will not be patched, and systems will become vulnerable.

Biometrics Will Increase

The use of two-factor authentication and biometric methods—including tattoos, iris scanning and facial recognition—will grow.
Read More

Wednesday, 1 January 2014

Snapchat Got Hacked 4.6million Users Phone Numbers Leaked Online

Be The First To Comment
Snapchat Got Hacked 4.6million Users Phone numbers Leaked Online. First biggest hack starting with this New Year 2014. ZDnet has reported earlier that, "The Australian hackers announced its publication of Snapchat's API and the two exploits on the GibSec Twitter account on Christmas Eve ".
After this report hackers  use this trick and create a Video to access Snapchat hacks.

video



 Snapchat is a photo messaging application developed by Evan Spiegel and Robert Murphy, then Stanford University students. Using the app, users can take photos, record videos, add text and drawings, and send them to a controlled list of recipients. These sent photographs and videos are known as "Snaps".

When cyber security researcher submits website exploit report to companies, they didn't take it seriously. If Snapchat took action on these exploits before, then this was not happened.

As before True caller database was also hacked in July 2013. we hope other social network website will learn from these hacks and will more secure their servers.

Now SnapchatDB.info has been suspended after this leaked.

Read More