0 SQL Injection

---

Please Leave A Comment~ Thank You...!!!

---

SQL injection and buffer overflows are hacking techniques used to exploit weaknesses in applications. When programs are written, some parameters used in the creation of the application code can leave weaknesses in the program. SQL injection and buffer overflows are covered in the same chapter because they both are methods used to attack application and are generally caused by programming flaws. Generally, the purpose of SQL injection is to convince the application to run SQL code that was not intended. SQL injection is a hacking method used to attack SQL databases, whereas buffer overflows can exist in many different types of applications. SQL injection and buffer overflows are similar exploits in that they’re both usually delivered via a user input field. The input field is where a user may enter a username and password on a website, add data to a URL, or perform a search for a keyword in another application. The SQL injection vulnerability is caused primarily by unverified or unsanitized user input via these fields. Both SQL Server injection and buffer overflow vulnerabilities are caused by the same issue: invalid parameters that are not verified by the application. If programmers don’t take the time to validate the variables a user can enter into a variable field, the results can be serious and unpredictable. Sophisticated hackers can exploit this vulnerability, causing

an execution fault and shutdown of the system or application, or a command shell to be executed for the hacker. SQL injection and buffer overflow countermeasures are designed to utilize secure programming

methods. By changing the variables used by the application code, weaknesses in applications can be greatly minimized. This chapter will detail how to perform a SQL injection and a buffer overflow attack and explore the best countermeasures to prevent the attack. SQL injection occurs when an application processes user-provided data to create a SQL statement without first validating the input. The user input is then submitted to a web application database server for execution. When successfully exploited, SQL injection can give an attacker access to database content or allow the hacker to remotely execute system commands. In the worst-case scenario, the hacker can take control of the server that is hosting the database. This exploit can give a hacker access to a remote shell into the server file system. The impact of a SQL injection attacks depends on where the vulnerability is in the code, how easy it is to exploit the vulnerability, and what level of access the application has to the database. Theoretically, SQL injection can occur in any type of application, but it is most commonly associated with web applications because they are most often attacked. Web applications are easy targets because by their very nature they are open to being accessed from the Internet. You should have a basic understanding of how databases work and how SQL commands are used to access the information in the databases. During a web application SQL injection attack, malicious code is inserted into a web form field or the website’s code to make a system execute a command shell or other arbitrary commands. Just as a legitimate user enters queries and additions to the SQL database via a web form, the hacker can insert commands to the SQL Server through the same web form field. For example, an arbitrary command from a hacker might open a command prompt or display a table from the database. A database table may contain personal information such as credit card numbers, social security numbers, or passwords. SQL Servers are very common database servers and used by many organizations to store confidential data. This makes a SQL Server a high-value target and therefore a system that is very attractive to hackers.

0 The Purpose of SQL Injection

---

Please Leave A Comment~ Thank You...!!!

---

SQL injection attacks are used by hackers to achieve certain results. Some SQL exploits will produce valuable user data stored in the database, and some are just precursors to other attacks.

 The following are the most common purposes of a SQL injection attack:

Identifying SQL Injection Vulnerability. The purpose is to probe a web application to discover which parameters and user input fields are vulnerable to SQL injection.

Performing Database Finger-Printing. The purpose is to discover the type and version of database that a web application is using and “fingerprint” the database. Knowing the type and version of the database used by a web application allows an attacker to craft databasespecific attacks.

Determining Database Schema To correctly extract data from a database, the attacker often needs to know database schema information, such as table names, column names, and column data types. This information can be used in a follow-on attack.

Extracting Data. These types of attacks employ techniques that will extract data values from the database. Depending on the type of web application, this information could be sensitive and highly desirable to the attacker.

Adding or Modifying Data. The purpose is to add or change information in a database.

Performing Denial of Service. These attacks are performed to shut down access to a web application, thus denying service to other users. Attacks involving locking or dropping database tables also fall under this category.

Evading Detection. This category refers to certain attack techniques that are employed to avoid auditing and detection.

Bypassing Authentication. The purpose is to allow the attacker to bypass database and application authentication mechanisms. Bypassing such mechanisms could allow the attacker to assume the rights and privileges associated with another application user.

Executing Remote Commands. These types of attacks attempt to execute arbitrary commands on the database. These commands can be stored procedures or functions available to database users.

Performing Privilege Escalation. These attacks take advantage of implementation errors or logical flaws in the database in order to escalate the privileges of the attacker.

0 Rogue Access Points

---

Please Leave A Comment~ Thank You...!!!

---

Rogue access points are WLAN access points that aren’t authorized to connect to a network. Rogue APs open a wireless hole into the network. A hacker can plant a rogue AP, or an employee may unknowingly create a security hole by plugging an access point into the network. The resulting rogue AP can be used by anyone who can connect to the AP, including a hacker, giving them access to the wired LAN. This is why it’s critical for organizations to scan for rogue access points. Even organizations that have a “no wireless”

policy need to perform wireless scanning to ensure no rogue APs are connected to the network.

Rogue APs are probably the most dangerous wireless threat that exists because they give a potential hacker direct access to the wired LAN. Clients connecting to rogue access points will usually receive an IP address directly from the network or from the AP and then the traffic is bridged directly on the wired LAN. From there a hacker can perform scanning, enumeration, and system hacking against targets on the wired LAN. Countermeasures to detect and remove rogue access points exist and should be implemented by all organizations. Many enterprise WLAN controller–based management solutions have the ability to perform rogue access point detection. These controller-based solutions include the ability to monitor the air using either access points or sensors/monitors, or both. Access points by nature must remain on a channel while clients are connected in order to service those clients, whereas sensors and monitors are able to continually scan the air on all channels in the frequency band to capture possible rogue access point wireless transmissions. These wireless MAC addresses are compared to addresses received on the wire to determine if the AP is connected to the same LAN as the wireless intrusion detection system (WIDS) or wireless intrusion prevention system (WIPS). Some WIPSs can also keep clients from connecting to rogue access points by sending spoofed deauthentication frames to any client attempting to connect to the rogue AP thus keeping clients from sending data through the rogue AP. Overlay WIDS/WIPS systems can also be helpful in detecting rogue access points by triangulating the position of the rogue AP. Enterprise WLAN WIPS and overlay WIPS are only temporary detection and containment options. The primary goal should be to locate the rogue AP and remove it from the network.

0 Wireless Hacking Techniques

---

Please Leave A Comment~ Thank You...!!!

---

Most wireless hacking attacks can be categorized as follows:

Cracking Encryption and Authentication Mechanisms. These mechanisms include cracking WEP, WPA preshared key authentication passphrases, and Cisco’s Lightweight EAP authentication (LEAP). Hackers can use these mechanisms to connect to the WLAN using stolen credentials or can capture other users’ data and decrypt or encrypt it. A protection against this attack is to implement a stronger type of encryption, such as AES.

Eavesdropping or Sniffing. This type of attack involves capturing passwords or other confidential information from an unencrypted WLAN or hotspot. A protection against this attack is to use SSL application-layer encryption or a VPN to secure user data.

Denial of Service. DoS can be performed at the physical layer by creating a louder RF signature than the AP with an RF transmitter, causing an approved AP to fail so users connect to a rogue AP. DoS can be performed at the Logical Link Control (LLC) layer by generating deauthentication frames (deauth attacks), by continuously generating bogus frames, or by having a wireless NIC send a constant stream of raw RF (Queensland attack). A countermeasure is to enforce a security perimeter around your WLAN and detect and remove sources of DoS attacks using an IDS.

AP Masquerading or Spoofing Rogue. APs pretend to be legitimate APs by using the same configuration SSID settings or network name. A countermeasure to AP masquerading is to use a WIDS to detect and locate spoofed APs.

MAC Spoofing. The hacker pretends to be a legitimate WLAN client and bypasses MAC filters by spoofing another user’s MAC address. WIDSs can detect MAC spoofing, and not using MAC filtering is a way to avoid MAC spoofing attacks.

Planting Rogue Access Points. The most dangerous attack is a rogue AP that has been planted to allow a hacker access to the target LAN. A countermeasure is to use a WIPS to detect and locate rogue APs.

Wireless networks give a hacker an easy way into the network if the AP isn’t secured properly. There are many ways to hack or exploit the vulnerabilities of a WLAN. There are also effective countermeasures to many of these attacks.

0 Securing Home Wireless Networks

---

Please Leave A Comment~ Thank You...!!!

---

Many people setting up wireless home networks rush through the job to get their Internet connectivity working as quickly as possible. The small office, home office (SOHO) networking products on the market make setup quick and easy but not necessarily secure. Configuring additional security features can be time consuming and nonintuitive for some home users, and therefore they may not implement any security mechanism at all. These days wireless networking products are so ubiquitous and inexpensive that just about anyone can set up a WLAN in a matter of minutes with less than $100 worth of equipment. This widespread use of wireless networks means that there may be dozens of potential network intruders within range of your home or office WLAN. Most WLAN hardware has gotten easy enough to set up that many users simply plug it in and start using the network without giving much thought to security. Nevertheless, taking a few extra minutes to configure the security features of your wireless router or access point is time well spent.

The following recommendations will improve the security of your home wireless network:

Change default administrator passwords and usernames. When configuring your home access point, you usually use a web browser to access the configuration interface. Almost all routers and access points have an administrator password that’s needed to log into the device and modify any configuration settings. To set up these pieces of equipment, manufacturers provide a default username and password. Many of the default logins are simple (such as username=admin and password=admin) and very well known to hackers on the Internet. Most devices use a weak default password like “password” or the manufacturer’s name, and some don’t have a default password at all. You should change the default password on your home AP as soon as possible. As soon as you set up a new WLAN router or access point, your first step should be to change the default administrative password to something else.

Use WEP/WPA encryption. Most Wi-Fi equipment supports some form of encryption. Encryption technology scrambles messages sent over wireless networks so that they cannot be easily read by hackers. You should configure the strongest form of encryption that works with your wireless clients. 802.11’s WEP (Wired Equivalency Privacy) encryption has wellknown weaknesses that make it relatively easy for a determined user with the right equipment to crack the encryption and access the wireless network. A better way to protect your WLAN is with WPA (Wi-Fi Protected Access). WPA provides much better protection and is also easier to use, since your password characters aren’t limited to 0–9 and A–F as they are with WEP. (Note: WEP can also use ASCII keys.)

Change the default SSID. Access points use a network name called an SSID to advertise the network to wireless users. Manufacturers normally ship their products with the same SSID set. For example, the SSID for Linksys devices is normally “Linksys.” Just knowing the SSID does not by itself allow your neighbors to break into your network, but it is a start. More importantly, when someone finds a default SSID, it is usually an indication of a poorly configured network. You should change the default SSID immediately when configuring wireless security on your network.

Do not auto-connect to open Wi-Fi networks. Connecting to an open Wi-Fi network such as a free wireless hotspot or an unknown WLAN exposes your computer to security risks. Most computers have a setting available allowing these connections to happen automatically without notifying you. Most versions of Windows will reconnect to a previously connected SSID. This setting should not be enabled except in temporary situations.

Enable firewall settings on your laptop and home access point. Most network routers contain built-in firewall capability, but the option also exists to disable them. Ensure that your router’s firewall is turned on. You should always install and configure personal firewall software on each computer connected to the router.

Reduce your WLAN transmitter power. You won’t find this feature on all wireless routers and access points, but some allow you to lower the power of your WLAN transmitter and thus reduce the range of the signal. (Normally this feature is only available with enterpriseclass access points.) Although it’s usually impossible to fine-tune a signal so precisely that it won’t leak outside your home or business, with some trial and error you can often limit how far outside your premises the signal reaches, minimizing the opportunity for outsiders to access your WLAN. This will also improve your throughput on your access point by limiting the wireless cell to just your premise.

Disable remote administration. Most WLAN routers have the ability to be remotely administered via the Internet. Ideally, you should use this feature only if it lets you define a specific IP address or limited range of addresses that will be able to access the router. Otherwise, almost anyone anywhere could potentially find and access your router. As a rule, unless you absolutely need this capability, it’s best to keep remote administration turned off.

0 Linux System

---

Please Leave A Comment~ Thank You...!!!

---

Linux is a popular operating system with system administrators because of its open source code and its flexibility, which allows anyone to modify it. Because of the open source nature of Linux, there are many different versions, known as distributions (or distros). Several of the Linux distributions have become robust commercial operating systems for use on workstations as well as servers. Popular commercial distributions include Red Hat, Debian, Mandrake, and SUSE; some of the most common free versions are Gentoo and Knoppix. Linux’s flexibility and the fact that it’s open source, together with the increase in Linux applications, have made Linux the operating system of choice for many systems. Although Linux has inherently tighter security than Windows operating systems, it also has vulnerabilities that can be exploited. This chapter covers the basics of getting started using Linux as an operating system and knowing how to harden the system to attacks.

Linux is loosely based on Unix, and anyone familiar with working in a Unix environment should be able to use a Linux system. All standard commands and utilities are included on most distros. Many text editors are available inside a Linux system, including vi, ex, pico, jove, and GNU emacs. Many Unix users prefer “simple” editors like vi. But vi has many limitations due to its age, and most modern editors like emacs have gained popularity in recent years. Most of the basic Linux utilities are GNU software, meaning they are freely distributed to the community. GNU utilities also support advanced features that are not found in the standard versions of BSD and UNIX System. However, GNU utilities are intended to remain compatible with BSD.

A shell is a command-line program interface that allows a user to enter commands, and the system executes commands from the user. In addition, many shells provide features like job control, the ability to manage several processes at once, input and output redirection, and a command language for writing shell scripts. A shell script is a program written in the shell’s command language and is similar to an MS-DOS batch file. Many types of shells are available for Linux. The most important difference among shells is the command language. For example, the C SHell (csh) uses a command language similar to the C programming language. The classic Bourne SHell (sh) uses another command language. The choice of a shell is often based on the command language it provides, and determines which features will be available to the user.

0 How ARP Works

---

Please Leave A Comment~ Thank You...!!!

---

ARP allows the network to translate IP addresses into MAC addresses. When one host using TCP/IP on a LAN tries to contact another, it needs the MAC address or hardware address of the host it’s trying to reach. It first looks in its ARP cache to see if it already has the MAC address; if it doesn’t, it broadcasts an ARP request asking, “Who has the IP address I’m looking for?” If the host that has that IP address hears the ARP query, it responds with its own MAC address, and a conversation can begin using TCP/IP. ARP poisoning is a technique that’s used to attack an Ethernet network and that may let an attacker sniff data frames on a switched LAN or stop the traffic altogether. ARP poisoning utilizes ARP spoofing, where the purpose is to send fake, or spoofed, ARP messages to an Ethernet LAN. These frames contain false MAC addresses that confuse network devices such as network switches. As a result, frames intended for one machine can be mistakenly sent to another (allowing the packets to be sniffed) or to an unreachable host (a denial-ofservice, or DoS, attack). ARP spoofing can also be used in a man-in-the-middle attack, in which all traffic is forwarded through a host by means of ARP spoofing and analyzed for passwords and other information.

0 How a Sniffer Works

---

Please Leave A Comment~ Thank You...!!!

---

Sniffer software works by capturing packets not destined for the sniffer system’s MAC address but rather for a target’s destination MAC address. This is known as promiscuous mode. Normally, a system on the network reads and responds only to traffic sent directly to its MAC address. However, many hacking tools change the system’s NIC to promiscuous mode. In promiscuous mode, a NIC reads all traffic and sends it to the sniffer for processing. Promiscuous mode is enabled on a network card with the installation of special driver software. Many of the hacking tools for sniffing include a promiscuous-mode driver to facilitate this process. Not all Windows drivers support promiscuous mode, so when using hacking tools ensure that the driver will support the necessary mode. Any protocols that don’t encrypt data are susceptible to sniffing. Protocols such as HTTP, POP3, Simple Network Management Protocol (SNMP), and FTP are most commonly captured using a sniffer and viewed by a hacker to gather valuable information such as usernames and passwords. There are two different types of sniffing: passive and active. Passive sniffing involves listening and capturing traffic, and is useful in a network connected by hubs; active sniffing involves launching an Address Resolution Protocol (ARP) spoofing or traffic-flooding attack against a switch in order to capture traffic. As the names indicate, active sniffing is detectable but passive sniffing is not detectable. In networks that use hubs or wireless media to connect systems, all hosts on the network can see all traffic; therefore, a passive packet sniffer can capture traffic going to and from all hosts connected via the hub. A switched network operates differently. The switch looks at the data sent to it and tries to forward packets to their intended recipients based on MAC address. The switch maintains a MAC table of all the systems and the port numbers to which they’re connected. This enables the switch to segment the network traffic and send traffic only to the correct destination MAC addresses. A switch network has greatly improved throughput and is more secure than a shared network connected via hubs. Another way to sniff data through a switch is to use a span port or port mirroring to enable all data sent to a physical switch port to be duplicated to another port. In many cases, span ports are used by network administrators to monitor traffic for legitimate purposes.

0 Gathering Data from Networks: Sniffers

---

Please Leave A Comment~ Thank You...!!!

---

A sniffer is a packet-capturing or frame-capturing tool. It basically captures and displays the data as it is being transmitted from host to host on the network. Generally a sniffer intercepts traffic on the network and displays it in either a command-line or GUI format for a hacker to view. Most sniffers display both the Layer 2 (frame) or Layer 3 (packet) headers and the data payload. Some sophisticated sniffers interpret the packets and can reassemble the packet stream into the original data, such as an email or a document. Sniffers are used to capture traffic sent between two systems, but they can also provide a lot of other information. Depending on how the sniffer is used and the security measures in place, a hacker can use a sniffer to discover usernames, passwords, and other confidential information transmitted on the network. Several hacking attacks and various hacking tools require the use of a sniffer to obtain important information sent from the target system. This chapter will describe how sniffers work and identify the most common sniffer hacking tools.

0 Types Of Computer Virus

---

Please Leave A Comment~ Thank You...!!!

---

Computer viruses can be classified into several different types. The first and most common type is the virus which infects any application program. On IBM PC’s and clones running under PC-DOS or MS-DOS, most programs and data which do not belong to the operating system itself are stored as files. Each file has a file name eight characters long, and an extent which is three characters long. A typical file might be called “TRUE.TXT”, where “TRUE” is the name and “TXT” is the extent. The extent normally gives some information about the nature of a file—in this case “TRUE.TXT” might be a text file. Programs must always have an extent of “COM”, “EXE”, or “SYS”. Under DOS, only files with these extents can be executed by the central processing unit. If the user tries to execute any other type of file, DOS will generate an error and reject the attempt to execute the file.

Since a virus’ goal is to get executed by the computer, it must attach itself to a COM, EXE or SYS file. If it attaches to any other file, it may corrupt some data, but it won’t normally get executed, and it won’t reproduce. Since each of these types of executable files has a different structure, a virus must be designed to attach itself to a particular type of file. A virus designed to attack COM files cannot attack EXE files, and vice versa, and neither can attack SYS files. Of course, one could design a virus that would attack two or even three kinds of files, but it would require a separate reproduction method for each file type.

The next major type of virus seeks to attach itself to a specific file, rather than attacking any file of a given type. Thus, we might call it an application-specific virus. These viruses make use of a detailed knowledge of the files they attack to hide better than would be possible if they were able to infiltrate just any file. For example, they might hide in a data area inside the program rather than lengthening the file. However, in order to do that, the virus must know where the data area is located in the program, and that differs from program to program.

This second type of virus usually concentrates on the files associated to DOS, like COMMAND.COM, since they are on virtually every PC in existence. Regardless of which file such a virus attacks, though, it must be very, very common, or the virus will never be able to find another copy of that file to reproduce in, and so it will not go anywhere. Only with a file like COMMAND.COM would it be possible to begin leaping from machine to machine and travel around the world.

The final type of virus is known as a “boot sector virus.” This virus is a further refinement of the application-specific virus, which attacks a specific location on a computer’s disk drive, known as the boot sector. The boot sector is the first thing a computer loads into memory from disk and executes when it is turned on. By attacking this area of the disk, the virus can gain control of the computer immediately, every time it is turned on, before any other program can execute. In this way, the virus can execute before any other program or person can detect its existence.

0 Land Attacks,Smurf Attacks,UDP Flooding

---

Please Leave A Comment~ Thank You...!!!

---

Land Attacks

A Land attack is similar to a SYN attack, the only difference being that instead of a bad IP Address, the IP address of the target system itself is used. This creates an infinite loop between the target system and the target system itself. However, almost all systems have filters or firewalls against such attacks.

Smurf Attacks

A Smurf attack is a sort of Brute Force DOS Attack, in which a huge number of Ping Requests are sent to a system (normally the router) in the Target Network, using Spoofed IP Addresses from within the target network. As and when the router gets a PING message, it will route it or echo it back, in turn flooding the Network with Packets, and jamming the traffic. If there are a large number of nodes, hosts etc in the Network, then it can easily clog the entire network and prevent any use of the services provided by it.

UDP Flooding

This kind of flooding is done against two target systems and can be used to stop the services offered by any of the two systems. Both of the target systems are connected to each other, one generating a series of characters for each packet received or in other words, requesting UDP character generating service while the other system, echoes all characters it receives. This creates an infinite non-stopping loop between the two systems, making them useless for any data exchange or service provision.

0 Distributed DOS Attacks

---

Please Leave A Comment~ Thank You...!!!

---

DOS attacks are not new; in fact they have been around for a long time. However there has been a recent wave of Distributed Denial of Services attacks which pose a great threat to Security and are on the verge of overtaking Viruses/Trojans to become the deadliest threat to Internet Security. Now you see, in almost all of the above TCP/IP vulnerabilities, which are being exploited by hackers, there is a huge chance of the target's system administrator or the authorities tracing the attacks and getting hold of the attacker.

Now what is commonly being done is, say a group of 5 Hackers join and decide to bring a Fortune 500 company's server down. Now each one of them breaks into a smaller less protected network and takes over it. So now they have 5 networks and supposing there are around 20 systems in each network, it gives these Hackers, around 100 systems in all to attack from. So they sitting on there home computer, connect to the hacked less protected Network, install a Denial of Service Tool on these hacked networks and using these hacked systems in the various networks launch Attacks on the actual Fortune 500 Company. This makes the hackers less easy to detect and helps them to do what they wanted to do without getting caught. As they have full control over the smaller less protected network they can easily remove all traces before the authorities get there.

Not even a single system connected to the Internet is safe from such DDOS attacks. All platforms Including Unix, Windows NT are vulnerable to such attacks. Even MacOS has not been spared, as some of them are being used to conduct such DDOS attacks.

0 SYN Attack

---

Please Leave A Comment~ Thank You...!!!

---

The SYN attack exploits TCP/IP's three-way handshake. Thus in order to understand as to how SYN Attacks work, you need to first know how TCP/IP establishes a connection between two systems. Whenever a client wants to establish a connection with a host, then three steps take place. These three steps are referred to as the three-way handshake. In a normal three way handshake, what happens is that, the client sends a SYN packet to the host, the host replies to this packet with a SYN ACK packet. Then the client responds with a ACK (Acknowledgement) packet. This will be clearer after the following depiction of these steps-:

1. Client --------SYN Packet--------------à Host

In the first step the client sends a SYN packet to the host, with whom it wants to establish a three-way connection. The SYN packet requests the remote system for a connection. It also contains the Initial Sequence Number or ISN of the client, which is needed by the host to put back the fragmented data in the correct sequence.

2. Host -------------SYN/ACK Packet----------à Client

In the second step, the host replies to the client with a SYN/ACK packet. This packet acknowledges the SYN packet sent by the client and sends the client its own ISN.

3. Client --------------ACK-----------------------à Host

In the last step the client acknowledges the SYN/ACK packet sent by the host by replying with a ACK packet. 

These three steps together are known as the 3-way handshake and only when they are completed is a complete TCP/IP connection established. In a SYN attack, several SYN packets are sent to the server but all these SYN packets have a bad source IP Address. When the target system receives these SYN Packets with Bad IP Addresses, it tries to respond to each one of them with a SYN ACK packet. Now the target system waits for an ACK message to come from the bad IP address. However, as the bad IP does not actually exist, the target system never actually receives the ACK packet. It thus queues up all these requests until it receives an ACK message. The requests are not removed unless and until, the remote target system gets an ACK message. Hence these requests take up or occupy valuable resources of the target machine.

To actually affect the target system, a large number of SYN bad IP packets have to be sent. As these packets have a Bad Source IP, they queue up, use up resources and memory or the target system and eventually crash, hang or reboot the system.

0 Teardrop

---

Please Leave A Comment~ Thank You...!!!

---

The Teardrop attack exploits the vulnerability present in the reassembling of data packets. Whenever data is being sent over the Internet, it is broken down into smaller fragments at the source system and put together at the destination system. Say you need to send 4000 bytes of data from one system to the other, then not all of the 4000 bytes is sent at one go. This entire chunk of data is first broken down into smaller parts and divided into a number of The Teardrop attack exploits the vulnerability present in the reassembling of data packets. Whenever data is being sent over the Internet, it is broken down into smaller fragments at the source system and put together at the destination system. Say you need to send 4000 bytes of data from one system to the other, then not all of the 4000 bytes is sent at one go. This entire chunk of data is first broken down into smaller parts and divided into a number of  packets, with each packet carrying a specified range of data. For Example, say 4000 bytes is divided into 3 packets,then:

The first Packet will carry data from 1 byte to 1500 bytes

The second Packet will carry data from 1501 bytes to 3000 bytes

The third packet will carry data from 3001 bytes to 4000 bytes

These packets have an OFFSET field in their TCP header part. This Offset field specifies from which byte to which byte does that particular data packet carries data or the range of data that it is carrying. This along with the sequence numbers helps the destination system to reassemble the data packets in the correct order. Now in this attack, a series of data packets are sent to the target system with overlapping Offset field values. As a result, the target system is not able to reassemble the packets and is forced to crash, hang or reboot. 

For example, consider the following scenario-:

 (Note: _ _ _ = 1 Data Packet) Normally a system receives data packets in the following form, with no overlapping Offset values.

_ _ _ _ _ _ _ _ _

(1 to 1500 bytes) (1501 to 3000 bytes) (3001 to 4500 bytes)

Now in a Teardrop attack, the data packets are sent to the target computer in the following format:

_ _ _ _ _ _ _ _ _

(1 to 1500 bytes) (1500 to 3000 bytes) (1001 to 3600 bytes)

When the target system receives something like the above, it simply cannot handle it and will crash or hang or reboot.

0 Ping Of Death

---

Please Leave A Comment~ Thank You...!!!

---

This vulnerability is quite well known and was earlier commonly used to hang remote systems (or even force them to reboot) so that no users can use its services. This exploit no longer works, as almost all system administrators would have upgraded their systems making them safe from such attacks. In this attack, the target system is pinged with a data packet that exceeds the maximum bytes allowed by TCP/IP, which is 65 536. This would have almost always caused the remote system to hang, reboot or crash. This DOS attack could be carried out even through the command line, in the following manner:

The following Ping command creates a giant datagram of the size 65540 for Ping. It might hang the victim's

computer:

C:\windows>ping -l 65540

0 DOS Attacked

---

Please Leave A Comment~ Thank You...!!!

---

DOS Attacks or Denial Of Services Attack have become very common amongst Hackers who use them as a path to fame and respect in the underground groups of the Internet. Denial of Service Attacks basically means denying valid Internet and Network users from using the services of the target network or server. It basically means, launching an attack, which will temporarily make the services, offered by the Network unusable by legitimate users. In others words one can describe a DOS attack, saying that a DOS attack is one in which you clog up so much memory on the target system that it cannot serve legitimate users. Or you send the target system data packets, which cannot be handled by it and thus causes it to either crash, reboot or more commonly deny services to legitimate users.

DOS Attacks are of the following different types-:

1. Those that exploit vulnerabilities in the TCP/IP protocols suite.

2. Those that exploit vulnerabilities in the Ipv4 implementation.

3 There are also some brute force attacks, which try to use up all resources of the target system and make

the services unusable.

2 Movie Download Site List

---

Please Leave A Comment~ Thank You...!!!

---

ENJOY WATCHING/DOWNLOAD ONLINE

http://www.moviesinfobsyok.net/

http://jieazzmovie.net/ 

http://kerangsedut.net/ 

http://torrent.jiwang.cc/ 

http://jiwang.ws/

http://jiwang.org/

http://jiwang.net/

http://amsmuvee.blogspot.com/

http://www.teamhanna.org

http://720pmkv.com/

http://urgrove.com/ 

http://www.yify-torrents.com/

http://malaysubs.com/ 

http://gudguy.bplaced.net/movies/ 

http://our-debrid.com/ [

http://say-blu-ray.com/ 

http://www.uniquerelease.com/ 

http://fullm0vie.blogspot.com 

http://www.ddmf.biz/ 

http://fullmovietube.net/

http://www.hdbitz.org

http://www.1channel.ch/ 

http://www.myrls.eu/ 

http://www.Xesion-Tube.com 

http://collb9.blogspot.com/

http://www.movies-games-and-music.com/ 

http://divxcrawler.com/

http://www.movie2b.com/

http://www.syok.org/

http://akumuzikhampa.blogspot.com/

http://www.mediafire4u.com/

http://www.teamaryzs.com/

http://www.sedut.org/

http://www.kraetiv.net/

http://www.ohcerita.com/

http://loadedmovies.com/

http://www.youtube.com/movies

http://directdownloadheaven.blogspot.com/

http://tvmoviedownload.net/

http://iwatchfilm.com/

http://www.usharing.blogspot.com/

http://malaysiatvtube.blogspot.com/

http://thepiratebay.org/

http://mediafiremoviez.com/

http://www.moviesubtitles.org/

http://download2movies.com/

http://torrentz.eu/

http://www.ftmovie.com/

http://www.100kmovie.com/

http://www.movie4people.net/

http://www.likecinema.net/

http://www.downloadmoviesforfree.co/

http://www.soulfilms.com/

http://www.movies-tv.com/

http://all-movies.in/

http://movielab.tv/

http://www.torrentreactor.net/

http://www.vertor.com/

http://www.ionlinemovie.com/

http://www.moviemotion.me/

http://full-movie-downloads.net/

http://moviedatalist.com/

http://www.ahashare.com/

http://www.globalmovies.net/

http://downloadmovienow.com/

http://www.mediafire-movie.com/

http://www.torrentshq.com/

http://powerddl.com/

http://okfilm.com/

http://mydownloadtwou.blogspot.com/

http://directdownloadmoviefree.blogspot.com/

http://myasiancinema.com/

http://143movie.blogspot.com/

http://mediafiremalaysia.blogspot.com/

http://lanuninternet.com/

http://www.teambalqis.com/

http://berdesup.com/

http://www.ganool.com/

http://www.loadzoom.com

http://divxcrawler.com/

http://www.movie2b.com/

http://www.moviewatchlist.com/

http://www.kraetiv.net/

http://www.ohcerita.com/

http://loadedmovies.com/

http://directdownloadheaven.blogspot.com/

http://tvmoviedownload.net/

http://iwatchfilm.com/

http://www.usharing.blogspot.com/

http://malaysiatvtube.blogspot.com/

http://thepiratebay.org/

http://mediafiremoviez.com/

http://www.moviesubtitles.org/ 

http://download2movies.com

http://torrentz.eu/

http://www.ftmovie.com/

http://www.100kmovie.com/

http://www.movie4people.net/

http://www.likecinema.net/

http://www.downloadmoviesforfree.co/

http://www.soulfilms.com/

http://www.movies-tv.com/

http://all-movies.in/

http://movielab.tv/

http://www.torrentreactor.net

http://www.vertor.com/

http://www.ionlinemovie.com/

http://www.moviemotion.me/

http://full-movie-downloads.net/

http://moviedatalist.com/

http://www.ahashare.com/

http://www.globalmovies.net/

http://downloadmovienow.com/

http://www.mediafire-movie.com/

http://www.torrentshq.com/

http://powerddl.com/

http://okfilm.com/

http://mydownloadtwou.blogspot.com/

http://directdownloadmoviefree.blogspot.com/

http://myasiancinema.com/

http://143movie.blogspot.com/

http://mediafiremalaysia.blogspot.com/

http://lanuninternet.com/

http://berdesup.com/

http://amoviesz.com/

http://www.shaanig.com/

http://www.deepseamovies.com/

http://gangkakidownload.blogspot.com/

http://hdbitz.org/

http://300mbunited.com/

http://www.vanspablo.com/

http://www.alluc.org/

Credit to - Malaysia Cyber Hacker

0 ShellCode HandBook Download

---

Please Leave A Comment~ Thank You...!!!

---

What is Shellcode?

In computer security, a shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability. It is called "shellcode" because it typically starts a command shell from which the attacker can control the compromised machine, but any piece of code that performs a similar task can be called shellcode. Because the function of a payload is not limited to merely spawning a shell, some have suggested that the name shellcode is insufficient. However, attempts at replacing the term have not gained wide acceptance. Shellcode is commonly written in machine code.

Today i will sharing a ShellCode HandBook

Download 

The Shell Coders Handbook

Password Rar - mrkudau

0 What is Google+ (Google Plus) and do I need it?

---

Please Leave A Comment~ Thank You...!!!

---

If you listen carefully to what Googles are saying you will get some nice insights into what the intentions from Google are. They are going to change the online world with Google Plus and the crux is data, identification, personalization and integration.

"The internet needs and identity server and people have been confused and talked of this many times. But the issue in the internet is not the lack of Facebook and the internet is the lack of identity."

0 White Hats, Black Hats And Gray Hats

---

Please Leave A Comment~ Thank You...!!!

---

White Hats

White hats are the good guys, the ethical hackers who use their hacking skills for defensive purposes. White-hat hackers are usually security professionals with knowledge of hacking and the hacker toolset and who use this knowledge to locate weaknesses and implement countermeasures. White-hat hackers are prime candidates for the exam. White hats are those who hack with permission from the data owner. It is critical to get permission prior to beginning any hacking activity. This is what makes a security professional a white hat versus a malicious hacker who cannot be trusted.

Black Hats

Black hats are the bad guys: the malicious hackers or crackers who use their skills for illegal or malicious purposes. They break into or otherwise violate the system integrity of remote systems, with malicious intent. Having gained unauthorized access, black-hat hackers destroy vital data, deny legitimate users service, and just cause problems for their targets. Black-hat hackers and crackers can easily be differentiated from white-hat hackers because their actions are malicious. This is the traditional definition of a hacker and what most people consider a hacker to be.

Gray Hats

Gray hats are hackers who may work offensively or defensively, depending on the situation. This is the dividing line between hacker and cracker. Gray-hat hackers may just be interested in hacking tools and technologies and are not malicious black hats. Gray hats are self-proclaimed ethical hackers, who are interested in hacker tools mostly from a curiosity standpoint. They may want to highlight security problems in a system or educate victims so they secure their systems properly. These hackers are doing their “victims” a favor. For instance, if a weakness is discovered in a service offered by an investment bank, the hacker is doing the bank a favor by giving the bank a chance to rectify the vulnerability. From a more controversial point of view, some people consider the act of hacking itself to be unethical, like breaking and entering. But the belief that “ethical” hacking excludes destruction at least moderates the behavior of people who see themselves as “benign” hackers. According to this view, it may be one of the highest forms of “hackerly” courtesy to break into a system and then explain to the system operator exactly how it was done and how the hole can be plugged; the hacker is acting as an unpaid—and unsolicited—tiger team (a group that conducts security audits for hire). This approach has gotten many ethical hackers in legal trouble. Make sure you know the law and your legal liabilities when engaging in ethical hacking activity. Many self-proclaimed ethical hackers are trying to break into the security field as consultants. Most companies don’t look favorably on someone who appears on their doorstep with confidential data and offers to “fix” the security holes “for a price.” Responses range from “thank you for this information, we’ll fix the problem” to calling the police to arrest the self-proclaimed ethical hacker.

0 Exclusive Interview with Security Researcher Prakhar Prasad

---

Please Leave A Comment~ Thank You...!!!

---

Today, E Hacking News had a chance to interview one of the Indian Security researcher, prakhar prasad, who recently received $5000 reward from Paypal for a file uploading vulnerability. 

1. Introduce yourself
I'm Prakhar Prasad, 19 years old from Ranchi, Jharkhand.I love playing and breaking Web Applications' Security. I've found critical vulnerabilities in majority of popular websites like Google, Facebook, Twitter, PayPal, Adobe, Apple, Symantec, Nokia-Siemens Networks and etc.

Athough I'm also working on Exploit Writing, Anti-Virus evasion techniques and Malware Analysis.

2. How did you get into Information security field?

I got into Information Security when I was in class 10th, because of an incident. One fine morning I was reading my local newspaper and on the main page of newspaper it was a screenshot of my state government's website showing - "Hacked by Ashiyane Digital Security Team". This incident facinated me completely like - How someone can change the website's homepage with his own message. I started Googling around and then learnt how websites and stuff worked from security point of view.

Then the love for information security took me to a whole new level. Sleepless nights, with a burning desire to learn as much as possible.


3. When did you start Bug hunting?

I started bug hunting back in July 2012.

4. What is your first finding , how did you feel at that time?

My first finding was a clickjacking bug in Google Website Translator Toolkit, that allowed me to add arbitrary "Admin/Editor" on someone's account by redressing page.

5.What is the favorite vulnerability found by you?

Umm.. My favorite one is the Blind SQL Injection bug I found on PayPal's Notifications website. But I also like a permission bug I found in a PayPal acquisition that allowed me to unsubscribe any user of my choice from their mailing list.

6. How much have you earned so far from Bug hunting?

I'd keep it private :) But it's more than enough !

7. You're hunting bugs for fun, for profit, or to make the world a safer place?

I hunt bugs, basically for fun and keeping world a safer place. But now various bug bounty programs have started that allows me to earn alongside with the points I mentioned.

8.What is your future plans?

Can't say anything right now, I'm still learning things. But I want to do something really big for my country, India

9. How did you feel when you received $5000 from Paypal?

It was a huge surprise. When my bug got validated I was expecting some big amount. But when I was paid the exact, it was enormous.

10. What is your advice for new bug hunters?
Just use Google to learn everything from scratch, it is the most powerful tool to gain knowledge of ANY KIND.  Don't opt for some Tom, Dick and Harry Ethical Hacking courses, they teach half-baked concepts and suck your money. Google is the best thing to get things started, don't be like a spoon-feeding child. I'd recommend a book called the Web Application Hacker's Handbook, to start off.

One must watch Nir Goldshlager's HITBAMS2012 talk on Killing a Bug Bounty Program Twice. It's the best video out there regarding bug hunting.

Remember always, hunt bugs for fun, to learn more not just for money. If you are honest with your work, you'll get fame, money and all success. But if you just use automated tools, then you're gonna have a hard time finding bugs and success in InfoSec world.

Automated tools just can't find bugs in big websites, plus it kills the fun of finding bugs manually. Semi-automated/Manual tools are cool to work with like Burp Suite and Zed Attack Proxy.


11. What do you think about E Hacking News?

It's a very good news source, keeps me updated about happenings of InfoSec world. I appreciate the work done by the team.

BreakTheSecurity is also doing a great job, in providing tutorials and similar stuff.

Keep the Good Work Up !


12. Thank you, Is there anything else you want to add?

I'm very thankful to EHackingNews for providing me the platform to share my views and experiences !

If anyone wants to connect with me, then I'm on Twitter - @prakharprasad

My best wishes to all learners and ehackingnews.


SOURCE--->  ehackingnews

                                                                                                                                                       

0 Linux shell command

---

Please Leave A Comment~ Thank You...!!!

---

Privileges 

sudo command – run command as root

sudo -s – open a root shell

sudo -s -u user – open a shell as user 

sudo -k – forget sudo passwords 

gksudo command – visual sudo dialog (GNOME) 

kdesudo command – visual sudo dialog (KDE) 

sudo visudo – edit /etc/sudoers

gksudo nautilus – root file manager (GNOME) 

kdesudo konqueror – root file manager (KDE)

passwd – change your password 

Display 

sudo /etc/init.d/gdm restart – restart X and return to login (GNOME) 

sudo /etc/init.d/kdm restart – restart X and return to login (KDE) (file)

/etc/X11/xorg.conf – display configuration 

sudo dexconf – reset xorg.conf configuration

Ctrl+Alt+Bksp – restart X display if frozen 

Ctrl+Alt+FN – switch to tty N 

Ctrl+Alt+F7 – switch back to X display

System Services

start service – start job service (Upstart) 

stop service – stop job service (Upstart) 

status service – check if service is running (Upstart) 

/etc/init.d/service start – start service (SysV)

/etc/init.d/service stop – stop service (SysV)

/etc/init.d/service status – check service (SysV) 

/etc/init.d/service restart – restart service (SysV) 

runlevel – get current runlevel

Network

ifconfig – show network information 

iwconfig – show wireless information 

sudo iwlist scan – scan for wireless networks sudo 

/etc/init.d/networking restart – reset network for manual configurations (file) 

/etc/network/interfaces – manual configuration 

ifup interface – bring interface online 

ifdown interface – disable interface 

Special Packages 

ubuntu-desktop – standard Ubuntu environment 

kubuntu-desktop – KDE desktop 

xubuntu-desktop – XFCE desktop 

ubuntu-minimal – core Ubuntu utilities 

ubuntu-standard – standard Ubuntu utilities 

ubuntu-restricted-extras – non-free, but useful 

kubuntu-restricted-extras – KDE of the above 

xubuntu-restricted-extras – XFCE of the above 

build-essential – packages used to compile programs 

linux-image-generic – latest generic kernel image 

linux-headers-generic – latest build headers 

Firewall

ufw enable – turn on the firewall 

ufw disable – turn off the firewall 

ufw default allow – allow all connections by default 

ufw default deny – drop all connections by default 

ufw status – current status and rules 

ufw allow port – allow traffic on port 

ufw deny port – block port 

ufw deny from ip – block ip adress

Package Management

apt-get update – refresh available updates 

apt-get upgrade – upgrade all packages 

apt-get dist-upgrade – upgrade with package replacements; upgrade Ubuntu version 

apt-get install pkg – install pkg 

apt-get purge pkg – uninstall pkg 

apt-get autoremove – remove obsolete packages 

apt-get -f install – try to fix broken packages 

dpkg --configure -a – try to fix broken packages 

dpkg -i pkg.deb – install file pkg.deb (file)

/etc/apt/sources.list – APT repository list

Application Names 

nautilus – file manager (GNOME) 

dolphin – file manager (KDE) 

konqueror – web browser (KDE) 

kate – text editor (KDE) 

gedit – text editor (GNOME) 

System 

Recovery - Type the phrase “REISUB” while holding down Alt and SysRq (PrintScrn) with about 1 second between each letter. Your system will reboot. 

lsb_release -a – get Ubuntu version 

uname -r – get kernel version 

uname -a – get all kernel information

0 Who's Using Linux?

---

Please Leave A Comment~ Thank You...!!!

---

 

   Application developers, system administrators, network providers, kernel hackers, students,
and multimedia authors are just a few of the categories of people who find that Linux has a
particular charm.
 
   Unix programmers are increasingly using Linux because of its cost — they can pick up a
complete programming environment for a few dollars and run it on cheap PC hardware — and
because Linux offers a great basis for portable programs. It's a modern operating system that
is POSIX-compliant and looks a lot like System V, so code that works on Linux should work
on other contemporary Unix systems.
 
   Networking is one of Linux's strengths. It has been adopted with gusto by people who run
large networks, due to its simplicity of management, performance, and low cost. Many
Internet sites are making use of Linux to drive large web servers, e-commerce applications,
search engines, and more. Linux supports common networking standards, such as Network
File System (NFS) and Network Information Service (NIS), making it easy to merge a Linux
machine into a corporate or academic network with other Unix machines. It's easy to share
files, support remote logins, and run applications on other systems. Linux also supports the
Samba software suite, which allows a Linux machine to act as a Windows file and print
server. Many people are discovering that the combination of Linux and Samba for this
purpose is faster (and cheaper) than running Windows 2000.
 
   One of the most popular uses of Linux is in driving large enterprise applications, including
web servers, databases, business-to-business systems, and e-commerce sites. A large number
of businesses are discovering that Linux is an inexpensive, efficient, and robust system
capable of driving the most mission-critical applications. The fact that Linux can be readily
customized even down to the guts of the kernel makes the system very attractive for
companies that need to exercise control over the inner workings of the system. Linux supports
RAID, a mechanism which allows an array of disks to be treated as a single logical storage
device, greatly increasing reliability. The combination of Linux, the Apache web server, the
MySQL database engine, and the PHP scripting language is so common that it has its own
acronym LAMP.
 
   Kernel hackers were the first to come to Linux in fact, the developers who helped Linus
Torvalds create Linux are still a formidable community. The Linux kernel mailing lists see a
great deal of activity, and it's the place to be if you want to stay on the bleeding edge of
operating system design. If you're into tuning page replacement algorithms, twiddling
network protocols, or optimizing buffer caches, Linux is a great choice. Linux is also good for
learning about the internals of operating system design, and many universities are making use
of Linux systems in advanced operating system courses.
 
   Finally, Linux is becoming an exciting forum for multimedia. This is because it's compatible
with an enormous variety of hardware, including the majority of modern sound and video
cards. Several programming environments, including the MESA 3D toolkit (a free OpenGL
implementation), have been ported to Linux. The GIMP (a free Adobe Photoshop work-alike)
was originally developed under Linux, and is becoming the graphics manipulation and design
tool of choice for many artists. Many movie production companies regularly use Linux as the
workhorse for advanced special-effects rendering the popular movies Titanic and The
Matrix used "render farms" of Linux machines to do much of the heavy lifting.
 
   Linux also has some real-world applications. Linux systems have traveled the high seas of the
North Pacific, managing telecommunications and data analysis for an oceanographic research
vessel. Linux systems are being used at research stations in Antarctica, and large "clusters" of
Linux machines are used at many research facilities for complex scientific simulations ranging from star formation to earthquakes. On a more basic level, several hospitals are using Linux to maintain patient records. One of the reviewers of this book uses Linux in the U.S. Marine Corps. Linux is proving to be as reliable and useful as other implementations of Unix. So Linux is spreading out in many directions. Even naive end users can enjoy it if they get the support universities and corporations typically provide their computer users. Configuration and maintenance require some dedication. But Linux proves to be cost-effective, powerful, and empowering for people who like having that extra control over their environments.