Session Management Attacks Countermeasure

From last few posts we are discussing session hacking or we can say attacks against session management. So after having a small look over session hacking and some of its regular types its time to have a look on its countermeasures. Same as any other web application countermeasures session hacking countermeasures also depend upon type of application and its implementation or you can say type of vulnerability a web application can suffer from. In this following post we will discuss some preventive measures which can be practically implemented over any web application against session hacking.

Generating Strong Tokens:

Following are some tips to generate strong tokens for protecting sessions against predictable token vulnerability.

• Use large value for token.
• Check each value for randomness before implementing in session management.
• Make sure token's complexity can't be broken using brute force, so use real large values with possible random characters.
• Never use weak hashes, hexadecimal values, octal values or something like that which generates predictable values for token generation.
• Don't use time dependent variables to generate token.
• Tokens should consist of nothing more than an identifier used by the server to locate the relevant session object to be used for processing the user’s request and make sure there should be enough number of tokens so that it should not be easy for anyone to attack.
• Token generation method should be different for each token.

Now information that can be used to generate tokens,

• IP address of user.
• Port number from which user sent request.
• User's browser protocol or User Agent details.
• Absolute time of request in milliseconds.

Now why above things can be used for generating tokens though they can be predictable. The reason is we are not actually advising you to use any one of them we are advising you to use each of them, by doing so you'll be able to generate a token which will be highly unpredictable and due to time of request you can manage to terminate session after some specific interval of time.

Protecting Tokens From Mishandling:

Following are some measures that should be taken on behalf of developer against mishandling of tokens.

• All tokens should be passed from HTTPS and not from HTTP.
• A page must not use HTTPS and HTTP simultaneously.
• If possible all pages should be implemented using HTTPS including static and help pages. Use HTTPS for all pages rather than switching from HTTP to HTTPS for specific pages since it can act as vulnerability which can help attacker to steal session.
• Session log should never be transmitted in URL.
• Session token should die after some specific interval of time (10 min - 1 hour not more).
• If remember me function is enabled a user must be notified about with how many computers he/she has stored session and whether he/she wants to remove it or not. To get an idea implementation visit http://shetoldme.com.
• A user can't be allowed to login from two computers at the same time.
• The domain and path scope of an application’s session cookies should be set as restrictively as possible.
• A site should be checked for XSS and CSRF attacks which can help an attacker attack session.

To protect users in LAN environment the Network admin should implement SniffJoke. SniffJoke is Linux based anti-sniffing technology developed by Delirandom, for download and more information visit http://www.delirandom.net . You can implement any anti-sniffing technology but we are recommending SniffJoke because its free and open so you can not only download and use it but can also modify according to your needs.

So here we end countermeasure against session management attacks. Thanks for reading, have a nice time and keep visiting.

Read More

Hacked Session XSRF Attack

In our last post we discussed countermeasures against session hacking. Here we gonna discus one more attack that can be done if session is not protected. Hacked session XSRF attack is combination of session hacking and cross site request forgery(XSRF). Hacked session XSRF vulnerabilities arise where HTTP cookies are used to transmit session tokens. That means once HTTP cookie is set in browser it'll automatically submit that cookie back to application for every request.

This purely states that if application does not take precautions against misuse of tokens it will be not be only vulnerable to session management attack but also to XSRF attack and when both will be combined a more stronger attack can be performed. Exploiting this vulnerability is easy, have a look on following steps.

• Find vulnerable website.
• Find application which performs action without user's knowledge.
• Now create a HTML page that will perform desired action by application without interacting with user to set cookie. Use PHP or Java script to perform desired action.
• When user is logged on, anyhow make him/her load your HTML page. You can select email or link on social network to vector your page.

The very first step countermeasure to this attack is same as countermeasures against session management attacks. If you are reading this post for very first time you are requested to read our previous posts on session hacking and XSRF to understand attack thoroughly. In next post to this we will have our look on preventive measures against XSRF attacks. Till then thanks for reading, have a nice time and keep visiting.

Read More

List Of Best Spywares For You

Yes world's best spyware tools list for all readers of THE HACKER CLUB. Please note that all views mentioned here are my personal views about those tools and has nothing to do with anyone's review. Views mentioned here are 100% my personal view about those spywares.

Spy Tech Spy Agent:

A complete spyware package. As per my view is concerned no other spyware matches power of Spy Tech agent in functionality. It compromises all types of spyware monitoring tools in single pack. It can log keystrokes, list of windows opened, web-pages visited, logs internet traffic, can upload and download files, remains undetected from anti-virus, avoids detection from spyware removers, can send picture log as well as video log in DVD quality, can block unwanted sites providing flexible parental control, very low on resources o figure out it's really running or not, runs in complete stealth mode etc. The feature list is so big to discuss here. If you are in need of a spyware, my personal recommendation with full marks goes to Spy Tech Spy Agent.

Sniper Spy:

Next in list is Sniper Spy. Honestly speaking I think Sniper Spy and Spy Agent have tie for first place. They almost have same features and easy user interface inspite of several tools packed in a single bundle. Along with Spy Agent Sniper Spy is my personal choice to go for no matter which kind of spy monitoring I need. If you want to buy a spyware I give Sniper Spy my full marks.

Win Spy:

Holding second position on my list is Win Spy. With strong monitoring and anti-detection mechanism it have several modes of installation that can be used to fool victim to install it. Can capture screen shots, record desktop, email keylogs, download upload delete file option, anti-detection mechanism, remote desktop connection, remote file browser and ftp support and much more. This is also must buy from my side.

Sentry PC:

Next on my list is parental control spy software Sentry PC. It does not only allow parents to keep an eye on their children but also allows them to schedule. As general feature it includes all basic features of good keylogger along with parental controls. As a parent if you are in need of a spyware this would be my recommendation if you don't want to opt any of above.

Remote Spy:

A hacker's choice Spy software. All basic features of good keylogger along with remote installation option.

Other Notable Spywares:

Real Time Spy

Spy Anywhere

Ace Spy

007 Spy

Spector Soft

Again I want to make it clear the views about above spy software are my personal views I am not a software tester I am just another guy who loves hacking and have marked spywares according to their features.

Read More

The RAT (Remote Administration Tool)

In this post we will learn how to create Remote Administration Tool(RAT). But before we proceed let's discus some basic terminologies.

Trojan: Trojan horse or Trojan is a malware that appears to perform a desirable function for the user prior to run or install but instead facilitates unauthorized access of the user's computer system. It is harmful software/code that appears legitimate. They come packed with some other piece of code or software and hence users get tricked to run them. The term Trojan has been derived from the Trojan Horse from Greek Mythology.

Types Of Trojan:

1.Remote Access Tool (RAT)

2.Proxy

3.File Sending Trojan

4.Security Disable rs

5.Denial Of Service (DOS)

6.File Sending Trojans(FTP Trojan)

7.Destructive Trojans

Remote Access Tool(RAT): Remote Administration Tool also known as RAT is used to remotely connect and manage single or multiple computers. RAT is one of the most dangerous Trojan because it compromises features of all types of Trojans. It provides an attacker with nearly unlimited access to host computer along with Screen Capture, File management, shell control and device drivers control. RATs uses reverse connections to connect remote system and hence are more likely to remain undetected. They can hide themselves in process space of legitimate program and hence never appear in task manager or system monitors.

A Trojan generally has two parts Client and Server or Master and Slave. We can say Server is Slave and Client is Master. So a server side is installed on a remote host and the attacker manipulates it with client software. In olden days making a Trojan was a job of master programmer but now a days several Trojan building tools are available. Most of them usually have same kinda interface so its quite easy to use any Trojan client once you have used any one of them . Following is list of some well known Trojans and Trojan Building Tools,

1.Casa RAT

2.Back Orifice

3.Bandook RAT

4.Dark Comet Rat

5.Cerberus

6.Cybergate

7.Blackshades

8.Poison Ivy

9.Schwarze Sonne RAT

10.Syndrome RAT

11.Team Viewer

12.Y3k RAT

13Snoopy

15.5p00f3r.N$ RAT

16.NetBus

17.SpyNet

18.P. Storrie RAT

19.Turkojan Gold

20.Bifrost

21.Lost Door

22.Beast

23.Shark

24.Sub7

25.Pain RAT

26.xHacker Pro RAT

27.Seed RAT

28.Optix Pro RAT

29.Dark Moon

30.NetDevil

31.Deeper RAT

32.MiniMo RAT

If you think the list is very big then I must tell you it's not complete nor it covered 25% of RAT building tools.

Demonstration: How to create a RAT:Since there are several tools available and most of them have same kinda interface we can select any RAT building tool for demonstration. So here we select Cerberus Client to demonstrate working of RAT. Please note that using RAT for hacking is crime please take this demonstration for educational purpose only.

Type “Download Cerberus RAT” in Google search and download Cerberus RAT. Execute Cerberus file and launch program. Accept EULA and following interface will be launched in front of you.

To create server press new button.

As you can see there are several options are available in settings but for our demonstration we will use most common settings. In “Basic Option” type your IP address and then press “+”. In identification name of the server from which your client will identify to which server it's listening, this name is given for your client to identify connection. No need to specify what to put in connection password. Specify the port on which you'll like to listen. Please keep note of this port since you'll have to configure client settings to receive information on this port.

The next option is “Server Installation”. From “Directory Installation” you can select where and in which name folder your RAT server will be installed. In “File Name” option you have to specify name and extension of your server. Boot Methods gives you option to start your server as “System Service” or “User Application” take your pick or leave them untouched. “Anti-Debugging” function allows your RAT to bypass Virtualisation and Sandboxing.

From “Misc Options” you can activate key logging feature as well as you can select how your RAT can hide itself in another process.

“Display Message” option gives you power to show custom message on victim's computer.

“Black List Item” option allows to set logic for execution of your RAT server with respect to specific process and service. Mostly only advanced users use this feature.

“Overview” allows you look of features of your RAT. Now select an icon and press create server to create server.

Now the add file function allows you to bind your RAT with any legitimate file most probable is an executable installation file. To avoid detection don't use custom message box and UN-check “Run in Visible Mode” option while creating server. 

Configuring To Listen On Client: To configure Cerberus to listen on specific port select options and put “Connection Password” and “Connection Ports” that were specified in Server. Wait for victim to execute server and then just right click on listening server and play with options.

Following is video demonstration to above procedures and methods described to create RAT using Cerberus Client.

Download Cerberus Rat Client

Now when next time we will discus RAT we will take a look on how you can counter and prevent yourself from RAT attack. Please give us your comments it'll help us improve. Have a nice time and keep visiting.

Read More

DarkComet RAT | Tutorial

DarkComet RAT | Tutorial

In following tutorial we will cover how to use DarkComet Remote Administration Tool. If you regular reader to Devil's Blog then you might be knowing we have already covered Cerberus RAT client in The RAT Remote Administration Tool then why we are covering another RAT client.
Following are 4 good reasons for that.

1.Many people think that DarkComet is best RAT client and they don't prefer any other RAT client than DarkComet.(not my personal view)

2.Few days ago we covered Denial Of Service and Types Of DoS Attacks soon we will cover tools that can be used for DoS attack and DarkComet is one of those tools that can be used for launching a successful DDoS attack.

3.Search engines are dropping visitors searching for Dark Comet tutorial on Cerberus tutorial, not good na, better give them what they are searching for.

4.Its always better if you know how to handle more than one tool.

Enough talk lets move on to tutorial. Download DarkComet RAT 2.2 from their official website. You might ask why 2.2 when 3.2 is available. 3.2 is unstable and needs some bug fixes better opt 2.2. After download extract zip file and double click on RAT client, accept EULA and you will be presented with following screen.

Main Window

Now click on edit server.

Server Editor

Server Session:

If you have already created any RAT server before then Darkcomet stores an INI file with all settings saved in it. So if you want to create another server with same settings open that file here and create server.

Main Settings

Mutex String:

Our RAT client will run in process space of another process to remain stealthy. This string helps differentiate RAT that some another process is holding our data for hiding. Must be specified for proper functioning of RAT client, you can give it any name you want or just press random to get random name.

Server ID:

This name will appear on server list when your victim will execute your server. Helps in differentiating different servers so better use new name for new server.

Lastly always preserve connection with good user-name and password.

Connection Settings

Specify your IP address in IP address field if you have static IP or use Dynamic DNS if your IP address is not static. To know more about Dynamic DNS IP read Use Dynamic IP As Static IP. Now specify port number you want to listen and press “Add This Range In IP/port list”. For testing purpose you can use 127.0.0.1 that is loop back IP and port 8080 I.e http proxy port.

Server Startup

Here you can specify where your sever will get installed in victim's PC and you can also specify in which process you wish to hide you server. A good choice for process is svchost.exe, melt server option will delete server file as soon as server gets installed. Other options includes adding registry keys, use them if you want but it works fine without any key. Don't forget to enable option of “Start Server ON Startup”.

Server Shield

Server Shield provides server with file attributes and folder attributes for installation and basic fun options to harass victim. I would better advise not to use them because it will alarm user about presence of your RAT server.

Offline Key Logger

Activate offline key-logger so that key-logger should log files even though you are offline. If you want server to send log files to your ftp server rather than accumulating in victim PC, specify credentials required for your ftp server. If you don't have ftp server, you can search for “free ftp service” on Google and you will get heap of them or you can try out http://www.zymic.com/free-web-hosting/ it offers free-web-hosting plus free ftp service. Good for practice.

Anti VirtualBox

Anti Virtual Box settings allow RAT client to disallow server execution in Virtual environment. But since you will be practicing it in Virtual environment don't touch this option. To know how to setup your Virtual lab read Basic Lab Setup For Hacker. Next is icon setting use some good custom icon so that your victim should not feel suspicious about RAT server.

File Binder

Select file you want to bind with RAT server, binding with another file make RAT server remain in stealth mode and get executed with legitimate file thus avoiding detection.

Generate Server

Now select all options and generate server.

Listen

Now close server edit window and press listen, specify port number 8080 and then execute your RAT server.

Listening On Port 8080

Now right click on listening port and select “Open Control Center”, play with available options.

Control Center

Actually you are not in need of any remote PC to practice, if you have set your virtual environment then follow above steps in virtual environment with IP address 127.0.0.1 and port number 8080, if your firewall shouts ask it to allow connection. With this setting you will not even need internet connection to see results while practicing. This will help those who have computers at home but for Internet connection they have to depend on college, schools and cafes. Please ask if you have any difficulty or query. Thanks for reading, keep visiting.

Read More

What is Ethical Hacking: An Introduction

Ethical Hacking: An Introduction

Whenever term hacker comes before many people consider it as a guy sitting inside a room or garage with a bottle or beer and a Laptop or Desktop doing wonders on click of buttons. But the reality check is hacking is not that easy as portrayed in movies and television and term hacker doesn't mean a computer criminal.

So here first of all we'll clear all our misconceptions related to words hackers and hacking.

From Where This Word Came:

The word hacking has history in late 1960's, the time when computers were nothing but mighty pieces of machines and a computer just meant a machine that can compute. Electrical and Electronics geeks used to optimize circuits to make any system/circuit work faster, better and reliably. The job they used to do on circuits was known as hack. With time computer geeks also started finding way out to optimize their system to work better so in fact hacking was nothing but always a kind of reverse engineering. With time in professional world a word hacker got meaning, a person who is highly skilled in hardware, software and networking components. Then movies started portraying hackers do only dirty works and hence today the word hacker has a negative face according to people. No matter how the word met to a dreadful end a hacker always had all qualities that was first put forward in its definition may the be criminal or ethical. Criminal hackers are also known as Crackers.

Types Of Hackers:

White Hats: White hat hackers are good guys who use their hacking skills for defensive purposes. Organizations and industries pay them high salaries to protect their systems and networks from intrusion.

Black Hats: Black hats are actually bad guys in filed. Their main job is to breach security and make money. They make money by using their hacking skills for offensive purposes.

Grey Hats: Gray hats are hackers who work for offensive and defensive purposes depending on situations. They are hired by people to intrude and protect systems.

Hactivist: A hacktivist is kinda hacker who thinks hacking can bring out some social changes and hacks government and organizations to show his discomfort over some trivial issues.

Suicide Hackers: Suicide hackers are those who hack for some purpose and even don't bother to suffer long term jail due to their activities. They can be bad as well as good.

Script Kiddie: A script kiddie is a person who boasts breaking system using scripts and codes written by others though he hardly knows what the code does.

Phreak: It is a person who tries to intrude systems for fun or malicious personal activities. Mostly they are children of age 12-15 who don't even know wrong consequences of hacking.

Types Of Hacking:

Local Hacking: This type of hacking is done when a hacker has full access to the system to implant a virus, keylogger and RATs

Remote Hacking: Remote hacking is done on a remote system using Internet.

Social Engineering: Social Engineering is kinda interacting skill that a hacker uses to manipulate people giving out sensitive information. Its kinda trick done using good verbal, social skills and understanding.

Terminologies Used Under Hacking:

Threat: A threat is an environment or situation that could lead to a potential breach of security. Ethical hackers look for and prioritize threats when performing a security analysis.

An Exploit: An exploit is a piece of software that takes advantage of a bug, glitch, or vulnerability, leading to unauthorized access, privilege escalation, or denial of service on a computer system.

Vulnerability: A vulnerability is an existence of a software flaw, logic design, or implementation error that can lead to an unexpected and undesirable event executing bad or damaging instructions to the system. In easy word vulnerability is weakness in system.

Payload: Payload is agent that helps in taking advantage of vulnerability in remote hacking.

Attack: An attack occurs when a system is compromised based on a vulnerability.

Types Of Attack:

1.Operating System Attack

2.Application level Attack

3.Shrink Wrap Code Attack

4.Misconfiguration Attack

Operating system attack is attack done on specific type of OS. Such attack is done using flaws in programs and services shipped with OS. Application level attack is done over faulty coding practices done over software during its development. Shrink Wrap Code attack are attacks done over UN-refined scripts used for making task simpler. Last is misconfiguration attack, it is kinda attack which is done over mis-configured system or a system with default settings.

Work Of An Ethical Hacker:

Job of an ethical hacker is to use all his skills and tools used by malicious hackers to find vulnerabilities in system and then provide it security against those vulnerabilities.

Conclusion: At last what I want to tell, nothing happens in clicks of buttons. A hacker is highly skilled person in field of computing who usually have ample knowledge about software, hardware, OS, networking and programming. A hacker may it be criminal or ethical has immense patience, determination, organization, discipline and persistence. An attacker may spend months of time planning, analyzing and executing an attack. This shows his level of dedication to achieve whatever goal he/she has set. A person can never become a good hacker unless he have all above qualities.

Note: Now onwards we will cover hacking as our main stream topic on this blog. Real hacking is never done over lamers who hardly knows about security, it is done over a person who is highly skilled as you are. You can never learn hacking until you do some practical and gain knowledge about field so now onwards I urge you to perform practicals that will be now posted on this blog on your own system. Next no tutorial will be taken as a lamer so they will be in possible higher details, so this may happen that you may not understand something. Rather than keeping yourself mum I plea you to please ask whenever you encounter a problem or get bothered by topic. Whenever I 'll post on hacking I 'll try to keep a theoretical and one practical tutorial, you are requested to read both and grasp matter completely. Thanks for visiting and please tell are you clear with all points discussed or need some explanation on your difficulty.

Read More

Facebook Hacking Tools Compared

Facebook Hacking Tools Compared

I don’t know why but people really getting mad behind facebook cracking softwares. Most of those softwares that claim to break into facebook are just fake pieces of code. The day I posted “Facebook Vs Facebooz” it got so many hits that made me write this another part to facebook hacking tool. Here we will cover some other facebook hacking tools other than facebooz, if you want to read about facebooz please visit this article “Facebook Vs Facebooz”. Here we will compare some other tools than facebooz.

1. Hell And High Water Facebook Cracker:

It another dictionary based hacking tool just as Facebook Freezer or Facebooz. All you have to do is just load password list along with User Id and the software tries until it succeeds and if the victim had kept a strong password like this “m2Fw”9a1)) there’s no way this software can crack it with billions of attempts. Next thing is its damn slow, no doubt it works but your list doesn’t contain the word which is password after millions of attempts you will just scratch your hairs. Our verdict its its awesome if victim is fool and junk if you are fool.

2. F-Cracker Or Facebook Cracker:

I tried to download it from several different resources and every time when i opened it it got caught as mal-ware. I disabled my Anti-Virus and then tried once again it appeared and disappeared in fractions of seconds then I checked open ports using “netstat” command and I found its not any facebook cracker its just a malware to lure you. So next time when you see F-Cracker be sure its malware.

3.Facebook Password Decryptor

The thing that actually works is this software but you’ll need physical access to victim’s computer. This software tries to exploit inbuilt password safe of browser installed on victim’s computer to get password. Note that it works only if the password is stored in browser’s password safe or in any password management utility.

So at last what we can say that dictionary based attack may not work on everyone and the next one needs physical access on victim’s computer, by the way if you had got physical access why you need running a cracking software, better install key-loggers. As per my view is concerned currently no attack is better than shoulder surfing to facebook cracking. I hope these reviews solves your facebook cracking mystery. Your comments and criticism both are welcome thanks for visiting.

Read More

Facebook Vs Facebooz

Facebook Vs Facebooz

In year 2008 a tool was released for facebook hacking the tool is known as facebooz(also known as facebook freezer). A lot had been discussed whether the tool is really capable of hacking facebook passwords. Many think its just a joke that a tool can crack facebook passwords. So keeping unnecessary things behind lets try to find out why this works or if it not works they why. The tool is specially targeted to m.facebook.com, yes that’s the mobile version of facebook. By the way facebook claims that the vulnerability is patched but still the tool has been downloaded millions of times from its release that means the claim is just a false excuse. I created a fake facebook account with password “Monkey” and facebooz got no issues cracking it that means the tool works. Then i changed password to “M0n7e1” and the tool failed to guess it that means it failed to work. The thing which can depress you is its speed of operation, by the way it happens due to need of software needing re-authentication grabbing so you need patience.

The final say is that the tool works only on guess-able passwords which can be found on dictionary. So if you are the one who have used facebooz and haven’t found it useful then it might be the case the victim of whom you want to crack password have strong password, the password which can not be found in any dictionary. And for those whose password can be easily guessed are advised to change their passwords to something which can not be guessed easily. So either facebook will win or facebooz just depends on password strength of victim. So keep your passwords strong and be safe. If you don’t know how to create and remember strong passwords following is the tutorial that can help you.

Read More

Hack A Hacker Using Sniffer

Hackers usually use software like RATs and keystroke loggers to hack victim's password. To get logs of victim while being offline, attacker uses a ftp server and if you have read my previous tutorials on sniffing then you might be already knowing that ftp protocol is susceptible to sniffing using this weakness of protocol you can hack a hacker using sniffer. So if anyhow you feel that you have been hacked using a RAT then get a sniffing tool like wireshark(my favorite) or Cain and Abel. Both are really powerful tools to analyze and retrieve information from packets.

So install a sniffer and start analyzing packets that are leaving your system. Please read previous my tutorials on wireshark and ARP poisoning to know how to sniff and analyze packets using wireshark and Cain and Abel. After analyzing packets you will get user-name and password of attacker's ftp server. Use that information to log-in into his/her ftp account do whatever you want and take revenge for planting RAT in your system. Like this you'll hack a hacker and tell him/her this time he/she has messed with a wrong guy.

P

Read More