HACK THIS WAY » Uncategorized

Enable DHCP server also(.. First go through my last post )

hackthisway — Wed, 30 Dec 2009 18:04:47 +0000

One more thing, You need not dial your connection every time for connecting to the internet since we configured our router to have always on connection ( that is PPPoe ) …… Refer my last post.

You get connected to internet as soon as you switch on your router !

Enable DHCP server. Click on LAN and enter the details :

Connect your cell phone to home wi-fi network ( BSNL Broadband)

hackthisway — Wed, 30 Dec 2009 17:54:46 +0000

Requirements :

* Wifi enabled Handset

* Active Internet Connection with wifi router modem

Configure your router modem to use the pppoe connection type

Restore your router to factory settings ( Preferred & recommended). See your router manual.Type in 192.168.1.1 in your url address bar and hit enter. You will be prompted for a username and password which generally is admin and admin respectively unless you have not configured it manually. Also, the default username password could be different if you have a different model. Refer your router manual.

192.168.1.1 is an IP address in the private IP address range 192.168.0.0 – 192.168.255.255. Many network devices, such as LinkSys routers, use 192.168.1.1 as their default IP address.

Now follow these steps :

Configure your Wireless Security :

TCP/IP Settings:

Auto

Now, Configure your phone: ( I AM USING NOKIA 5800 XM )

Here we are ! Now Browse wireless @ great speed without 3G hassle ( at least when you are in wifi hotspots ! )

My operational email ID

hackthisway — Wed, 30 Dec 2009 17:33:00 +0000

Mail me your suggestions, comments, topics you wish to see in future etc…..

hackthisway@live.com

Index

hackthisway — Fri, 18 Dec 2009 14:37:59 +0000

[archives]

Hack With Google

hackthisway — Fri, 18 Dec 2009 14:34:34 +0000

Reference: Google Hacking for Penetration Testers

Google as a hacking tool is generally used by hackers to locate random vulnerable targets and then they hack it for fun etc. There are a lot of webservers that have old unpatched Operating Systems running. Many websites are defaced using very simple techniques. So, it is of utmost importance for the administrators to have their servers properly patched. I am presuming that you know advanced google searching techniques. Even if you don’t know, do a google search.

Search expressions in google can yield a plethora of information. We will now see Google helping us to locate Microsoft IIS ( Internet Information Services ) servers. Query Google for :

intitle:”welcome to IIS 4.0”

Dissecting the search expression :

intitle:”welcome to IIS 4.0”

intitle means that Google will search for whatever words you tell it to in the title of a website. In this case you search for “welcome to IIS 4.0”.

IIS Server Version Query

Many intitle:”welcome to” intitle:internet IIS

Unknown intitle:”Under construction” “does not currently have”

IIS 4.0 intitle:”welcome to IIS 4.0”

IIS 4.0 allintitle:Welcome to Windows NT 4.0 Option Pack

IIS 4.0 allintitle:Welcome to Internet Information Server

IIS 5.0 allintitle:Welcome to Windows 2000 Internet Services

IIS 6.0 allintitle:Welcome to Windows XP Server Internet Services

What attackers do after getting this info :

After locating the web server the attackers search for working exploits for the found version of the webserver and execute the exploits.

This is no rocket engineering.

You can locate different kind of web servers, default programs, network hardware, printers etc. using Google.

Search for Open Webcams:

Query:

inurl:/view.shtml
inurl:ViewerFrame?Mode=Refresh
inurl:axis-cgi/jpg
inurl:axis-cgi/mjpg (motion-JPEG)
inurl:view/indexFrame.shtml
inurl:view/index.shtml
inurl:view/view.shtml
liveapplet
intitle:”live view” intitle:axis
intitle:liveapplet
allintitle:”Network Camera NetworkCamera”
intitle:axis intitle:”video server”
intitle:liveapplet inurl:LvAppl
intitle:”EvoCam” inurl:”webcam.html”
intitle:”Live NetSnap Cam-Server feed”
intitle:”Live View / – AXIS”
intitle:”Live View / – AXIS 206M”
intitle:”Live View / – AXIS 206W”
intitle:”Live View / – AXIS 210″
inurl:indexFrame.shtml Axis
inurl:”MultiCameraFrame?Mode=Motion”
intitle:start inurl:cgistart
intitle:”WJ-NT104 Main Page”
intext:”MOBOTIX M1″ intext:”Open Menu”
intext:”MOBOTIX M10″ intext:”Open Menu”
intext:”MOBOTIX D10″ intext:”Open Menu”
intitle:snc-z20 inurl:home/
intitle:snc-cs3 inurl:home/
intitle:snc-rz30 inurl:home/
intitle:”sony network camera snc-p1″
intitle:”sony network camera snc-m1″
site:.viewnetcam.com -www.viewnetcam.com
intitle:”Toshiba Network Camera” user login
intitle:”netcam live image”
intitle:”i-Catcher Console – Web Monitor”

Queries that Locate password Info:

filetype:netrc password netrc file may contain cleartext passwords

intitle:”Index of” passwords modified “Password” directories

inurl:/db/main.mdb

ASP-Nuke database files often contain passwords

filetype:bak inurl:”htaccess|passwd| shadow|htusers” usernames

BAK files referring to passwords

filetype:log “See `ipsec —copyright”

BARF log files reveal ipsec data

inurl:”calendarscript/users.txt”

CalenderScript passwords

inurl:ccbill filetype:log

CCBill log files may contain authentication Data

inurl:cgi-bin inurl:calendar.cfg

CGI Calendar (Perl) configuration file reveals information including passwords for the program.

inurl:chap-secrets -cvs chap-secrets

file may list usernames and passwords

[WFClient] Password= filetype:ica

Citrix WinFrame-Client may contain login Information

inurl:passlist.txt

Cleartext passwords. No decryption required!

intitle:index.of config.php

Config.php files

inurl:config.php dbuname dbpass

config.php files

inurl:server.cfg rcon password

Counter strike rcon passwords

Coming up : Realizing Google Power as a Hacking Tool

hackthisway — Sun, 13 Dec 2009 04:39:21 +0000

Expect this article on this website within few days. It will be posted in Parts.

Microsoft Internet Explorer 6/7 CSS Handling Code Execution Vulnerability

hackthisway — Wed, 25 Nov 2009 19:11:48 +0000

“This issue is caused due to a memory corruption error in the Microsoft HTML Viewer (mshtml.dll) when retrieving certain CSS/STYLE objects via the “getElementsByTagName()” method, which could allow attackers to crash an affected browser or execute arbitrary code by tricking a user into visiting a malicious web page.”

source: VUPEN

Exploit has been added to metasploit. See a screenshot :

Vulnerable Products :

Microsoft Internet Explorer 6
Microsoft Internet Explorer 7

Microsoft Windows XP Service Pack 2
Microsoft Windows XP Service Pack 3
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Server 2003 SP2 (Itanium)
Microsoft Windows Vista
Microsoft Windows Vista Service Pack 1
Microsoft Windows Vista Service Pack 2
Microsoft Windows Vista x64 Edition
Microsoft Windows Vista x64 Edition Service Pack 1
Microsoft Windows Vista x64 Edition Service Pack 2
Microsoft Windows Server 2008 (32-bit)
Microsoft Windows Server 2008 (32-bit) Service Pack 2
Microsoft Windows Server 2008 (x64)
Microsoft Windows Server 2008 (x64) Service pack 2
Microsoft Windows Server 2008 (Itanium)
Microsoft Windows Server 2008 (Itanium) Service Pack 2

Prevention:

Disable Active Scripting.

Patch:

Not available till date.

If you want to check your browser against CSS vulnerabilities, you may visit :

http://digitaloffense.net/tools/see-ess-ess-die/cssdie.html

Follow the instructions carefully and click on test being sure of the risks.

Indian Govt. Websites are damn hackable

hackthisway — Thu, 19 Nov 2009 18:58:42 +0000

At this time, when India is reaching the heights in Sensex and GDP and aspiring to be in the developed nations’ list, one thing that really pisses me off is India’s unawareness and disinterest in the Information Security dept., atleast the poorly configured govt. websites reflect this. When I encountered the vulnerability in the server at hosting.bsnl.in ( subdomain of bsnl.in, pointing at another server), I out of curiosity, did vulnerability assessment of some of the Indian govt. websites.

The web applications, OS at servers even the SQL servers are untouched since their first installation. Most of the servers run Windows 2003 ( unpatched or sp1) and flaunt their vulnerability like anything.( No surprise why they get hacked !) Most of the time I could carry the port scan without using -PN parameter ( on nmap).

When I first tried to inform the officials at BSNL regarding the vulnerability, I was set aback by their response. They did not even understand what I was talking about ! It took me sometime to make them understand what I meant.

Some of the govt. websites that gave me admin privileges are :

subdomain at easternrailway.gov.in , rajasthan.gov.in and ofcourse, hosting.bsnl.in ( not accessible now though the server exists)

My conversation (on phone) with an officer at eastern railways :

———————————————————————————————————————————————————————————————————————————————————-

Me : Hello Sir, is this the DG ?

Officer : Who is this ?

Me: Sir, I want to report a vulnerability in your website.

Officer: what vulnerability, what website ? (he mispronounced “vulnerability“)

Me: Can I talk to the DG ?

Officer: Sir is out for some official work.

Me: okay, please inform him and ask him to check his email.

( I could listen his chatting with his colleagues in bengali I think, he was saying ” Someone is talking about the website“)

Me: Ok thanks…

————————————————————————————————————————————————————————————————————————————————————————

Anyway, I have informed the web-masters of the respective websites about the vulnerability and as a proof attached the videos of the successful logins. I have preserved the videos demonstrating the hacks and wish to publish them here provided the servers get patched.

It is really annoying when some terrorist organizations hack the websites and leak the confidential data…..

Admins, Wake up Now or get shamelessly hacked every now and then !

Hacked into bsnl.in

hackthisway — Wed, 18 Nov 2009 21:37:21 +0000

I was eagerly waiting for BSNL to patch their system so that I could publish this post which shows the hack in action. I could not record the video of the hack since the screen recorder, Istanbul became unresponsive on my Ubuntu OS.

While preparing for a seminar, I came across this website and out of curiosity Nmapped to find the OS running on the server. The OS detected was Sun Solaris 10. Then, I tried to check if it is vulnerable to Sun Solaris 10 telnet daemon authentication bypass vulnerability. and found it vulnerable.

Exploiting a vulnerability in Sun Solaris version 10/11

This is what happened at console. The exploit worked !!Now, playing a safe game and also being ethical I mailed the description of the vulnerability to the Deputy Director General who also happened to be the webmaster at bsnl.co.in

The email itself contains the information about the vulnerability which saves me the pain of describing it again.

I had to wait for 19 days to publish this post since the upgradation at bsnl.in took the same time.BSNL though late, showed the reaction Now, Nmapping bsnl.in does not show port 23 open.

Note : I am using Nmap version 5 on Ubuntu jaunty, compiled it from source !!!!

The power of Imgination – Rise of Sixth Sense

hackthisway — Tue, 17 Nov 2009 06:13:14 +0000

I could not resist uploading this video, this is one of the most jaw dropping vidoes I have came across.

At TEDIndia, Pranav Mistry demos several tools that help the physical world interact with the world of data — including a deep look at his SixthSense device and a new, paradigm-shifting paper “laptop.” In an onstage Q&A, Mistry says he’ll open-source the software behind SixthSense, to open its possibilities to all.