Monday, April 22, 2013

0 White Hats, Black Hats And Gray Hats


Please Leave A Comment~ Thank You...!!!





White Hats
White hats are the good guys, the ethical hackers who use their hacking skills for defensive purposes. White-hat hackers are usually security professionals with knowledge of hacking and the hacker toolset and who use this knowledge to locate weaknesses and implement countermeasures. White-hat hackers are prime candidates for the exam. White hats are those who hack with permission from the data owner. It is critical to get permission prior to beginning any hacking activity. This is what makes a security professional a white hat versus a malicious hacker who cannot be trusted.

Black Hats
Black hats are the bad guys: the malicious hackers or crackers who use their skills for illegal or malicious purposes. They break into or otherwise violate the system integrity of remote systems, with malicious intent. Having gained unauthorized access, black-hat hackers destroy vital data, deny legitimate users service, and just cause problems for their targets. Black-hat hackers and crackers can easily be differentiated from white-hat hackers because their actions are malicious. This is the traditional definition of a hacker and what most people consider a hacker to be.

Gray Hats
Gray hats are hackers who may work offensively or defensively, depending on the situation. This is the dividing line between hacker and cracker. Gray-hat hackers may just be interested in hacking tools and technologies and are not malicious black hats. Gray hats are self-proclaimed ethical hackers, who are interested in hacker tools mostly from a curiosity standpoint. They may want to highlight security problems in a system or educate victims so they secure their systems properly. These hackers are doing their “victims” a favor. For instance, if a weakness is discovered in a service offered by an investment bank, the hacker is doing the bank a favor by giving the bank a chance to rectify the vulnerability. From a more controversial point of view, some people consider the act of hacking itself to be unethical, like breaking and entering. But the belief that “ethical” hacking excludes destruction at least moderates the behavior of people who see themselves as “benign” hackers. According to this view, it may be one of the highest forms of “hackerly” courtesy to break into a system and then explain to the system operator exactly how it was done and how the hole can be plugged; the hacker is acting as an unpaid—and unsolicited—tiger team (a group that conducts security audits for hire). This approach has gotten many ethical hackers in legal trouble. Make sure you know the law and your legal liabilities when engaging in ethical hacking activity. Many self-proclaimed ethical hackers are trying to break into the security field as consultants. Most companies don’t look favorably on someone who appears on their doorstep with confidential data and offers to “fix” the security holes “for a price.” Responses range from “thank you for this information, we’ll fix the problem” to calling the police to arrest the self-proclaimed ethical hacker.

Wednesday, April 3, 2013

0 Exclusive Interview with Security Researcher Prakhar Prasad


Please Leave A Comment~ Thank You...!!!


Today, E Hacking News had a chance to interview one of the Indian Security researcher, prakhar prasad, who recently received $5000 reward from Paypal for a file uploading vulnerability. 

1. Introduce yourself
I'm Prakhar Prasad, 19 years old from Ranchi, Jharkhand.I love playing and breaking Web Applications' Security. I've found critical vulnerabilities in majority of popular websites like Google, Facebook, Twitter, PayPal, Adobe, Apple, Symantec, Nokia-Siemens Networks and etc.

Athough I'm also working on Exploit Writing, Anti-Virus evasion techniques and Malware Analysis.

2. How did you get into Information security field?

I got into Information Security when I was in class 10th, because of an incident. One fine morning I was reading my local newspaper and on the main page of newspaper it was a screenshot of my state government's website showing - "Hacked by Ashiyane Digital Security Team". This incident facinated me completely like - How someone can change the website's homepage with his own message. I started Googling around and then learnt how websites and stuff worked from security point of view.

Then the love for information security took me to a whole new level. Sleepless nights, with a burning desire to learn as much as possible.


3. When did you start Bug hunting?

I started bug hunting back in July 2012.

4. What is your first finding , how did you feel at that time?

My first finding was a clickjacking bug in Google Website Translator Toolkit, that allowed me to add arbitrary "Admin/Editor" on someone's account by redressing page.

5.What is the favorite vulnerability found by you?

Umm.. My favorite one is the Blind SQL Injection bug I found on PayPal's Notifications website. But I also like a permission bug I found in a PayPal acquisition that allowed me to unsubscribe any user of my choice from their mailing list.

6. How much have you earned so far from Bug hunting?

I'd keep it private :) But it's more than enough !

7. You're hunting bugs for fun, for profit, or to make the world a safer place?

I hunt bugs, basically for fun and keeping world a safer place. But now various bug bounty programs have started that allows me to earn alongside with the points I mentioned.

8.What is your future plans?

Can't say anything right now, I'm still learning things. But I want to do something really big for my country, India

9. How did you feel when you received $5000 from Paypal?

It was a huge surprise. When my bug got validated I was expecting some big amount. But when I was paid the exact, it was enormous.

10. What is your advice for new bug hunters?
Just use Google to learn everything from scratch, it is the most powerful tool to gain knowledge of ANY KIND.  Don't opt for some Tom, Dick and Harry Ethical Hacking courses, they teach half-baked concepts and suck your money. Google is the best thing to get things started, don't be like a spoon-feeding child. I'd recommend a book called the Web Application Hacker's Handbook, to start off.

One must watch Nir Goldshlager's HITBAMS2012 talk on Killing a Bug Bounty Program Twice. It's the best video out there regarding bug hunting.

Remember always, hunt bugs for fun, to learn more not just for money. If you are honest with your work, you'll get fame, money and all success. But if you just use automated tools, then you're gonna have a hard time finding bugs and success in InfoSec world.

Automated tools just can't find bugs in big websites, plus it kills the fun of finding bugs manually. Semi-automated/Manual tools are cool to work with like Burp Suite and Zed Attack Proxy.


11. What do you think about E Hacking News?

It's a very good news source, keeps me updated about happenings of InfoSec world. I appreciate the work done by the team.

BreakTheSecurity is also doing a great job, in providing tutorials and similar stuff.

Keep the Good Work Up !


12. Thank you, Is there anything else you want to add?

I'm very thankful to EHackingNews for providing me the platform to share my views and experiences !

If anyone wants to connect with me, then I'm on Twitter - @prakharprasad

My best wishes to all learners and ehackingnews.


SOURCE--->  ehackingnews
                                                                                                                                                       

Monday, April 1, 2013

0 Linux shell command


Please Leave A Comment~ Thank You...!!!

Privileges 
sudo command – run command as root
sudo -s – open a root shell
sudo -s -u user – open a shell as user 
sudo -k – forget sudo passwords 
gksudo command – visual sudo dialog (GNOME) 
kdesudo command – visual sudo dialog (KDE) 
sudo visudo – edit /etc/sudoers
gksudo nautilus – root file manager (GNOME) 
kdesudo konqueror – root file manager (KDE)
passwd – change your password 

Display 
sudo /etc/init.d/gdm restart – restart X and return to login (GNOME) 
sudo /etc/init.d/kdm restart – restart X and return to login (KDE) (file)
/etc/X11/xorg.conf – display configuration 
sudo dexconf – reset xorg.conf configuration
Ctrl+Alt+Bksp – restart X display if frozen 
Ctrl+Alt+FN – switch to tty N 
Ctrl+Alt+F7 – switch back to X display


System Services
start service – start job service (Upstart) 
stop service – stop job service (Upstart) 
status service – check if service is running (Upstart) 
/etc/init.d/service start – start service (SysV)
/etc/init.d/service stop – stop service (SysV)
/etc/init.d/service status – check service (SysV) 
/etc/init.d/service restart – restart service (SysV) 
runlevel – get current runlevel

Network
ifconfig – show network information 
iwconfig – show wireless information 
sudo iwlist scan – scan for wireless networks sudo 
/etc/init.d/networking restart – reset network for manual configurations (file) 
/etc/network/interfaces – manual configuration 
ifup interface – bring interface online 
ifdown interface – disable interface 

Special Packages 
ubuntu-desktop – standard Ubuntu environment 
kubuntu-desktop – KDE desktop 
xubuntu-desktop – XFCE desktop 
ubuntu-minimal – core Ubuntu utilities 
ubuntu-standard – standard Ubuntu utilities 
ubuntu-restricted-extras – non-free, but useful 
kubuntu-restricted-extras – KDE of the above 
xubuntu-restricted-extras – XFCE of the above 
build-essential – packages used to compile programs 
linux-image-generic – latest generic kernel image 
linux-headers-generic – latest build headers 

Firewall
ufw enable – turn on the firewall 
ufw disable – turn off the firewall 
ufw default allow – allow all connections by default 
ufw default deny – drop all connections by default 
ufw status – current status and rules 
ufw allow port – allow traffic on port 
ufw deny port – block port 
ufw deny from ip – block ip adress

Package Management
apt-get update – refresh available updates 
apt-get upgrade – upgrade all packages 
apt-get dist-upgrade – upgrade with package replacements; upgrade Ubuntu version 
apt-get install pkg – install pkg 
apt-get purge pkg – uninstall pkg 
apt-get autoremove – remove obsolete packages 
apt-get -f install – try to fix broken packages 
dpkg --configure -a – try to fix broken packages 
dpkg -i pkg.deb – install file pkg.deb (file)
/etc/apt/sources.list – APT repository list

Application Names 
nautilus – file manager (GNOME) 
dolphin – file manager (KDE) 
konqueror – web browser (KDE) 
kate – text editor (KDE) 
gedit – text editor (GNOME) 

System 
Recovery - Type the phrase “REISUB” while holding down Alt and SysRq (PrintScrn) with about 1 second between each letter. Your system will reboot. 
lsb_release -a – get Ubuntu version 
uname -r – get kernel version 
uname -a – get all kernel information


0 Who's Using Linux?


Please Leave A Comment~ Thank You...!!!



 
   Application developers, system administrators, network providers, kernel hackers, students,
and multimedia authors are just a few of the categories of people who find that Linux has a
particular charm.
 
   Unix programmers are increasingly using Linux because of its cost — they can pick up a
complete programming environment for a few dollars and run it on cheap PC hardware — and
because Linux offers a great basis for portable programs. It's a modern operating system that
is POSIX-compliant and looks a lot like System V, so code that works on Linux should work
on other contemporary Unix systems.
 
   Networking is one of Linux's strengths. It has been adopted with gusto by people who run
large networks, due to its simplicity of management, performance, and low cost. Many
Internet sites are making use of Linux to drive large web servers, e-commerce applications,
search engines, and more. Linux supports common networking standards, such as Network
File System (NFS) and Network Information Service (NIS), making it easy to merge a Linux
machine into a corporate or academic network with other Unix machines. It's easy to share
files, support remote logins, and run applications on other systems. Linux also supports the
Samba software suite, which allows a Linux machine to act as a Windows file and print
server. Many people are discovering that the combination of Linux and Samba for this
purpose is faster (and cheaper) than running Windows 2000.
 
   One of the most popular uses of Linux is in driving large enterprise applications, including
web servers, databases, business-to-business systems, and e-commerce sites. A large number
of businesses are discovering that Linux is an inexpensive, efficient, and robust system
capable of driving the most mission-critical applications. The fact that Linux can be readily
customized even down to the guts of the kernel makes the system very attractive for
companies that need to exercise control over the inner workings of the system. Linux supports
RAID, a mechanism which allows an array of disks to be treated as a single logical storage
device, greatly increasing reliability. The combination of Linux, the Apache web server, the
MySQL database engine, and the PHP scripting language is so common that it has its own
acronym LAMP.
 
   Kernel hackers were the first to come to Linux in fact, the developers who helped Linus
Torvalds create Linux are still a formidable community. The Linux kernel mailing lists see a
great deal of activity, and it's the place to be if you want to stay on the bleeding edge of
operating system design. If you're into tuning page replacement algorithms, twiddling
network protocols, or optimizing buffer caches, Linux is a great choice. Linux is also good for
learning about the internals of operating system design, and many universities are making use
of Linux systems in advanced operating system courses.
 
   Finally, Linux is becoming an exciting forum for multimedia. This is because it's compatible
with an enormous variety of hardware, including the majority of modern sound and video
cards. Several programming environments, including the MESA 3D toolkit (a free OpenGL
implementation), have been ported to Linux. The GIMP (a free Adobe Photoshop work-alike)
was originally developed under Linux, and is becoming the graphics manipulation and design
tool of choice for many artists. Many movie production companies regularly use Linux as the
workhorse for advanced special-effects rendering the popular movies Titanic and The
Matrix used "render farms" of Linux machines to do much of the heavy lifting.
 
   Linux also has some real-world applications. Linux systems have traveled the high seas of the
North Pacific, managing telecommunications and data analysis for an oceanographic research
vessel. Linux systems are being used at research stations in Antarctica, and large "clusters" of
Linux machines are used at many research facilities for complex scientific simulations ranging from star formation to earthquakes. On a more basic level, several hospitals are using Linux to maintain patient records. One of the reviewers of this book uses Linux in the U.S. Marine Corps. Linux is proving to be as reliable and useful as other implementations of Unix. So Linux is spreading out in many directions. Even naive end users can enjoy it if they get the support universities and corporations typically provide their computer users. Configuration and maintenance require some dedication. But Linux proves to be cost-effective, powerful, and empowering for people who like having that extra control over their environments.