tutorial on Session hijacking attack
Session hijacking attack
When a user log in to the acccount, it starts a session with that account and this session ends up with logout. In a running session, user is given a session id which is unique identifier of the user for that session and is only valid for that session. Session hijacking is the type of attack in which hacker gain access to the session id to gain unauthorized access to information or services.
Session hijacking can be done at 2 levels:
- Network level (TCP and UDP session hijacking)
- Application level (HTTP session hijacking)
TCP session hijacking
TCP session hijacking is when a hacker takes over a TCP session between two machines. Since most authentication only occurs at the start of a TCP session, this allows the hacker to gain access to a machine. It can be done by following ways.
- IP Spoofing: Assuming the identity
- Man in the Middle attack using Packet Sniffers
- Blind attacks which involves bruteforcing of session id.
UDP session hijacking
It is similar to TCP session hijacking but easier than that because UDP does not use packet sequencing and synchronizing.
Hijacking Application Levels
In HTTP session hijacking hacker tries to get access to the session ID used in the session to identify the user. HTTP is state less so it need session ID with each request. If hacker get the session id, he can hijack the victim's session.
- XSS
- Man in the middle attack
- Bruteforcing session id
- Man in the browser attack
Session hijacking is widely used for hacking into website accounts. In websites, session id is stored in the form of cookies in the client browser. If you want to hijack some one's session, you have to steal the session informations of that user.
Session hijacking has been an ongoing problem for web browser developers and security experts for at least 5 years.
Prevention:
- Use of ArpON which is used to prevent Man In The Middle Attack through ARP Spoofing.
- Use of HTTPS protocol for secure sessions. It uses an encrypted sessions.
- Set the expiry time of cookies as less as possible.
Captcha Cracked | IT experts developed a software that beat captcha
Captcha Cracked | IT experts developed a software that beat captcha
IT experts developed software that beat Captcha on eBay 82% of the time, Microsoft 48.9%, and Yahoo 45.5%
We all know that captcha is used on many website to protect spams. This is an attempt to ensure that the servie is being used by a human. But Now IT experts have developed a software that can beat captcha. Thi software beat captcha of various website upto a great success. It can also break captcha up to 89%.
This program is named as decaptcha. The Decaptcha programme is able to defeat even the toughest schemes with just 20 minutes of ‘listening’ time to some 200 Captchas.
Reasearchers warned the website owners to upgrade their captcha security. Because it can cause a great harm to web masters if this software is used against their websites.
Download Apache Log Extractor
Download Apache Log Extractor
Apache Log Extractor is a quick script to export URL information from Apache access logs. The thought behind this script was to provide a list of known URL’s on a remote server by analysing the logs. This list could then be used as the input for further testing tools (e.g Burp Suite – Intruder)
The script accepts an Apache access file as the input and creates an output file containing one URL per line. The list is unique and should only contain the URL without parameters (incomplete directory names are not extracted). It also takes these URLs and creates a wordlist output of all valid directoy names for use with brute-forcing ec.
Download Here:
https://sites.google.com/a/c22.cc/storage/poc_scripts/apache_log_extractor.py?attredirects=0&d=1
sslyze – SSL Configuration Scanner
Have you ever notice the URL of Gmail, twitter or other popular website. You will notice https instead of http. It is TLS(Transport Layer Security, commonly called SSL). This is used for secure website connection to protect user data from being theft. As hackers are highly active these days, it is important to secure website against most common attacks.
Only implementation of SSL is not the thing which will make your website secure. There are some configurations which can be done properly. Misconfiguration always lead to a big security hole which can be harmful.
How to know if your server is properly configured?
sslyze is a free software which is used for analyzing the configuration of SSL servers and for identifying misconfiguration such as the use of outdated protocol versions, weak hash algorithms in trust chains, insecure renegotiation, and session resumption settings.
It is an python script which scans for simple SSL misconfiguration, but using it with some available plugins improves its performance.
Features:
Only implementation of SSL is not the thing which will make your website secure. There are some configurations which can be done properly. Misconfiguration always lead to a big security hole which can be harmful.
How to know if your server is properly configured?
sslyze is a free software which is used for analyzing the configuration of SSL servers and for identifying misconfiguration such as the use of outdated protocol versions, weak hash algorithms in trust chains, insecure renegotiation, and session resumption settings.
It is an python script which scans for simple SSL misconfiguration, but using it with some available plugins improves its performance.
Features:
- Insecure renegotiation testing
- Scanning for weak strength ciphers
- Checking for SSLv2, SSLv3 and TLSv1 versions
- Server certificate information dump and basic validation
- Session resumption capabilities and actual resumption rate measurement
- Support for client certificate authentication
- Simultaneous scanning of multiple servers, versions and ciphers
FatCal - Automatic SQL Injection tool
FatCat is an automatic SQL injection tool. This tool is useful for testing SQLI vulnerabilities of a web application. This tool can extract whole database data. FatCat Features that help you to extract the Database information, Table information, and Column information from web application. Only If it is vulnerable to SQL Injection Vulnerability.
Features:
1) Normal SQL Injection
2) Double Query SQL Injection
In Next Version:
1) WAF bypass
2) Cookie Header passing
3) Load File 3) Generating XSS from SQL
Requirement:
1) PHP Verison 5.3.0
2) Enable file_get_function
Download:
http://code.google.com/p/fatcat-sql-injector/downloads/list
Features:
1) Normal SQL Injection
2) Double Query SQL Injection
In Next Version:
1) WAF bypass
2) Cookie Header passing
3) Load File 3) Generating XSS from SQL
Requirement:
1) PHP Verison 5.3.0
2) Enable file_get_function
Download:
http://code.google.com/p/fatcat-sql-injector/downloads/list
List of Online Websites SQL Injection Scanner
What will you do if you need your hacking tools but you are not with your system. This is really frustrating. You want to hack a website you know is vulnerable but you do not have you tools. You can do it with your skills and by injecting manual sql queries. But most of the kiddies can not. So all those kiddies can use these online SQL injection scanner.
http://www.be007.gigfa.com/scanner/scanner.php
http://www.sunmagazin.com/tools/hack/SQLI-Scan
http://scanner.drie88.tk
http://localvn.biz/Tools/tools/Hack-Shop/SQLI-Scan
http://wolfscps.com/gscanner.php
:) enjoy hacking from any where
Pangolin - SQL Injection Test Tool
Pangolin - SQL Injection Test Tool
Pangolin is a nice SQL injectiong testing tool. It has the ability to show all SQL injection vulnerabilities that may exploit by hackers.
It Support Most Types of Database such as Access, DB2, Informix, MySQL, Oracle, Microsoft SQL Server, DB2, Sybase, etc.
Features
- Here is parts of features:
- HTTPS support
- Pre-Login
- Proxy
- Specify any HTTP headers(User-agent, Cookie, Referer and so on)
- Bypass firewall setting
- Auto-analyzing keyword
- Detailed check options
- Injection-points management
- Injection Digger
- Data dumper
Download Here:
http://www.nosec-inc.com/en/help/2011/0423/56.html
SQLninja v.0.2.6 "bunga bunga edition" released
SQLninja v.0.2.6 "bunga bunga edition" released
One of the most used SQL injection tool for Microsoft SQL server has released its latest update with some bug fixes and new features.
It has following features:
- Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, DB Server authentication mode)
- Bruteforce of the 'sa' password
- Privilege escalation to 'sa'
- Creation of a custom xp_cmdshell if the original one has been disabled
- Upload of executables
- Reverse scan in order to look for a port that can be used for a reverse shell
- Direct and reverse shell, both TCP and UDP
- DNS tunneled pseudoshell, when no ports are available for a bindshell
- ICMP tunneled shell, if the target DBMS can communicate via ICMP Echo with the attacking machine
- Metasploit wrapping, when you want to use Meterpreter or even want to get GUI access on the remote DB server
- OS privilege escalation on the remote DB server using token kidnapping or through CVE-2010-0232
- All of the above can be done with obfuscated SQL code, in order to confuse IDS/IPS systems
Download here:
http://sqlninja.sourceforge.net/download.html
Subscribe to:
Posts (Atom)
