Way to HACK an Operating System using Metasploit

We can gain access to an Operating System, though another operating system. So we can do anything in that machine which we hacked. But there are few conditions which should satisfied. 

• Make sure both the Operating Systems are in same IP range.
• There should be a vulnerability in the OS which we are going to exploit. 

Now let's see it with a simple example

Here my Vulnerable OS is Windows 2000 (you can try this in all the operating systems). 

and I'm going to exploit it with Kali Linux.

To do the process there are some key tools needed. Those are,

• Nmap
• Nessus tool
• Exploit-DB
• Metasploit

Now look in to the process.., 

First set up both the Kali and Windows 2000 to same ip ranges. Because we can't ping each other with different ip ranges.

Here is the Kali's IP

and Windows 2000 IP is this.., 

then ping each other

use ping <other machine's IP address> command to do that

If it happened successfully you'll display it like this..,

Next, using nmap tool, find open ports in of Windows 2000

use nmap <Windows 2000's IP address> command

Then identify vulnerabilities using Nessus tool. It will display vulnerabilities separately group by the criticality.

those are the vulnerabilities found in Windows 2000.We can't exploit all the vulnerabilities. We should find a exploitable vulnerability next.

then, use the command msfconsole 

Next, try to find exploitable vulnerability. to do that first use the command

search  <the code of the vulnerability which was found from Nessus>

here i'm trying with MS03-026: Microsoft RPC Interface Buffer Overrun (823980) vulnerability.

then do as following pictures.., 

This vulnerability allows us to create a meterpreter session with the server by metasploit. And we can access the windows 2000 shell with root privileges.

Now we are in windows 2000’s root.

Now we can access the windows 2000 from Kali. 

As an example we can get System information and Network configurations in Windows, from Kali.

And we can also access the UI of Windows 2000 from kali using a exploitable vulnerability.

Hope you guys understand this post. If it is a doubt feel free to send me a mail.. :)

Let's login to a site using SQL INJECTION

What is SQL Injection?

Simply, SQL injection is a code injection technique that might destroy your database. and it is one of the most common web hacking techniques.

In other terms, SQL injection is a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).

Now we'll see what should we do to login to a Web Site which we didn't signup before..,

A person who is trying to login to a certain site without signing up, he/she can use following command to username and password text boxes. SQL Injection can be performed with following values to bypass authentication

         " or ""="

It's just like this..,

The code at the server will create a valid SQL statement as follows,
  
  SELECT * FROM Users WHERE Name ="" or ""="" AND Pass ="" or ""=""

What should we do to prevent SQL Injection?

To prevent SQL Injection, we need to avoid running dynamic queries and use prepared statements in the code.

Facebook App - OAuth

Nowadays Facebook apps are very popular among the people. There are various types of apps developed by many people. These apps are built most of the time for entertaining purposes.

Today everyone who is using Facebook, they use at least one app. Most of the time when someone sees an app interesting they click on that app. As an example if you click on an app they ask you to login as Facebook. So if you have a Facebook account you can access that app without any issue. But do you know how we able to access an app which developed by unknown person? That’s the point the OAuth word comes to our topic.

Actually what is this OAuth or Open Authorization mean? OAuth is a framework for delegated authorization. It’s a protocol to access an external party. It allows an end user’s account information to be used by third-party services, such as Facebook / Twitter, without exposing the user’s password.

Let’s see what the procedure of this OAuth framework is.

In this blog post I’m going to show you how to create a simple Facebook account using OAuth.

You can visit this URL to download a sample application from my github account.

https://github.com/janitha1st/OAuth---Sample-Facebook-App

Now we move to the creating steps..

First go to the https://developers.facebook.com/ page and create an app.

After that if you’re not logged in to our Facebook account, login to it. If you already logged in just go to “My Apps” which is on the top right corner of the page and simply click “New App”. Then give the required details. 

Then you will display a interface like this… Click the "get started" button in "Audience network"

Then choose a platform

After that you will see a page like this. There you should provide valid redirect URL in valid OAuth direct URLs. In my scenario my Facebook app is hosted in localhost/fb/ folder.

In “Settings” tab give the app domain and the Website URL… You can see the App ID and the App Secret here.

Now we will see how to use this Redirection point URL, App ID and the App Secret to get information from the Facebook.,

We have to prepare the URL for this app. To that first of all we should encode response type, client ID , Redirect uri and scope. You can use online encoding tool for do it. Here is a sample online encoding tool (https://meyerweb.com/eric/tools/dencoder/). Here is my one..,

·         response_type

Before encoding – Code                      

After encoding – Code

·         client_id

Before encoding – 1326621240784654   

After encoding – 1326621240784654

·         redirect_uri

Before encoding – http://localhost/faceb/       

After encoding –  http%3A%2F%2Flocalhost%2Ffaceb%2F

·         scope

Before encoding – public_profile user_friends user_photos user_posts

After encoding – public_profile%20user_friends%20user_photos%20user_posts

Now type https://www.facebook.com/dialog/oauth? and combine all these encoded values and paste it on URL bar. Then, you will redirect to a page like this.
Example - https://www.facebook.com/dialog/oauth?response_type=code&cclient_id=1326621240784654&redirect_uri=http%3A%2F%2Flocalhost%2Ffaceb%2F&scopepublic_profile%20user_friends%20user_photos%20user_posts

   

After that you will display another page simply click on "Continue as <your name>" or you can edit privacy and then click on it.
Then this page will display..,

Why are we getting this type of message? Because we don’t have a project to support http://localhost/faceb

But in URL box we can get the authorization code which sent from the Facebook

http://localhost/faceb/?code=JSCRsjK348Gmy1upjm7vXVWPA5_n3A64gRs43npMFInR7b3H2-ibuf7s9vMaPnx3uqQt_oT2wx7XeICuIUlR2J-xICsHREiV5RmZ_-tqEPxKZYWfbI9qCtUopJBtLPkvC7KkPlWsshukf2siNYG1oAJTI87cYmNPC5_vhFdJeVAG7jqPu-Wbc1ACrLHMkCvMXXiWryWz0hMOGWMiZfgA8kteKuj0Y18fzL8vI156P1UiOiOr9pAz11OXrEPtga

7bZt4UJzzFJ0V8QJ0rof8Kc2HmKvGoaKpOC6oJBpR09fPo2fRs8umhQ5JMa4pHZwpm7j4nI-t4goKumDxpMMnlHG7R#_=_  

In the HTTP Headers, we need to add the Authorization header with the App credentials. 
App_ID                1326621240784654

App_Secret        a1adb0a3904efe17c94fb48474a941c9

APP_ID:APP_Secret 1326621240784654:a1adb0a3904efe17c94fb48474a941c9

Now encode this whole value by using a 64 bit encoder..

MTMyNjYyMTI0MDc4NDY1NDphMWFkYjBhMzkwNGVmZTE3Yzk0ZmI0ODQ3NGE5NDFjOQ

To receive the Access Token we should clearly mention the token endpoint.

Before type this values in URL bar you should install the “RESTClient” plugin to your browser.

Then type https://graph.facebook.com/oauth/access_token and give those values as before to obtain access token.

How to retrieve properties using Access Token?

Method – GET

URL - https://graph.facebook.com/v2.8/me?fields=id

Authorization: Bearer <access token value>
This will give user’s ID in JSON object format. Using this ID you can get any information you want.

Now it’s time to look at the implementation of this app. I implemented this using PHP. To do the implementation you have to get the Facebook SDK v5 for PHP. It’s also available in my github repository.

These are the files which contains in that folder.,

If you are not already logged in to your Facebook account, when you run the app you will display this page. This is the index.php page.

Then you will display the login page of Facebook. After login to your account you will redirect to 1.php (in my app) page. It’s like this..,

You can download source code and Facebook SDK v5 for PHP folder from my github account by clicking above URL..

Try to create your own Facebook App using OAuth.. :)

Thank You! :) :)

Encryption & Decryption

What is Encryption? 

Basically, Encryption is the process transforming data or information into a code, especially to prevent unauthorized access. 
It is generally used to protect sensitive information so that only authorized parties can view it.

Simply,when sending a message without encrypting anyone can read the stuffs which includes that message. 

In this scenario, Scully is the sender and Mulder is the receiver and the Alien is the is the 3rd party who does not have a authorized to read this message. Scully didn't encrypt the message before sending it to the Mulder. So Alien can read the message.

In about scenario Scully encrypted the message before she sends it to Mulder. So Alien can't read the message.   

We can divide Encryption into two main parts.,

1. Symmetric Encryption
2. Asymmetric Encryption

Symmetric Encryption

Symmetric encryption algorithms are best known as shared-secret key algorithms. The cryptography key is using for both encryption of Plain Text and decryption of Ciphertext.

• The usual key length is 80 to 256 bits.
• A sender and receiver must share a secret key.
• They are usually quite fast (wire speed), because these algorithms are based on simple mathematical operations.
• Examples of symmetric encryption algorithms are DES, 3DES, AES, IDEA, RC2/4/5/6, and Blowfish.

Simply we can describe symmetric encryption in this way...

Asymmetric Encryption
Asymmetric encryption algorithms characteristics include:

• Asymmetric encryption algorithms are best known as public key algorithms.
• The usual key length is 512 to 4,096 bits.
• A sender and receiver do not share a secret key.
• These algorithms are relatively slow, because they are based on difficult computational algorithms.
• Examples: RSA, ElGamal, elliptic curves, and DH.

In Asymmetric Encryption both the sender and the receiver has pair of keys call Public Key and the Private Key. Public Key is a key that anyone can get. But the Private Key is a unique key which only known by the owner (Sender or the Receiver). When encrypting a plain text via Sender's Public Key, the receiver can decrypt that message only through by Sender's Private Key. If some message encrypted from Receiver's Public Key, that message can only decrypt by Receiver's Private Key. Likewise when some message encrypted in Sender's or Receiver's Private Key, it can decrypt only by Sender's or Receiver's Public Key. Here is a simple example for Asymmetric Encryption...

I have implemented simple Encryption / Decryption software to hide the content of your "Text (.txt)" files. I used AES 128 bit Algorithm to encrypt data in your text files. And here is the link to download that software..

https://github.com/janitha1st/Encryption-Decryption-Software-Application 

This software is implemented using NetBeans IDE 8.1 and the Language is Java.

• This is the main interface of my Software.

• First you have to give the path to the text file that you need to encrypt. Here "Hello_Cyber" is my text file and it placed in Desktop. 

• This is the content which included in my text file before encrypting.

• After you select the path then click the "Encrypt" button and it'll display a message if it was successful. 

• After encrypting if you go to the same text file you can see the content like above. It means it was successfully encrypted.

• After encrypted select the path as done before and click the "Decrypt" button. Then it'll display a message if it is success. 

• Then you can get the same content which was there before you encrypt the file. 

• Specially you should add org.apache.commons.io.jar JAR file to your project. It is also include in my github repository. 

Visit my GitHub by clicking : https://github.com/janitha1st/Encryption-Decryption-Software-Application

Hope you guys understand my blog blog. If you have any doubt please send me a mail to janitha.bhakthi93@gmail.com.
Thank You! ;)

Phishing

What Phishing is?

Basically, Phishing is just like Fishing. It means in the both scenarios we use baits. As an example in Fishing we are using worms as baits. In Phishing we are using legitimate web pages to get their personal information.

Now we'll come up with a clear definition of Phishing,

Phishing is a term used to describe a malevolent group of individuals or individuals who scam users. They do so by sending e-mails or creating web pages that are designed to collect an individual's online bank, credit card, or other login information. Because these e-mails and web pages look like legitimate companies users trust them and enter their personal information.

How Phishing Web Site looks like?

How the Actual Site looks like?

How to identify a Phishing Attack?

• Check the URL you received which belongs to the original site.
• If an e-mail an urgent action or near deadline.
• Page with lots of pop-up adds.
• By looking for spellings and grammar mistakes. Because Brands are pretty serious about email. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully and report anything that seems suspicious
• If the attacker is not directly targeting a particular person or a organization the e-mail would not contain your name or username. 

How to do a Phishing attack in simple way..

• First go to the page which you want to use as the base of your phishing attack
• Then right click and go to "save as.." and download it

• Then open that file from "Notepad" and find the word "action=" near the "POST method"
• then clear the part which is inside "" and replace it with <filename.php> and save that file as <index.html>

• Then again open a notepad file and enter the below code and save it as the name you provided in index.html file <filename.php> 

• Then host it in a web hosting site. (https://www.000webhost.com/) 

• For better out come you can short your created URL

• Now your Phishing page is completely done. 

• Then someone enters their username and password and click login the page will reload to the original site and you will get the Username and the Password to a text file call "Passwords"  

How to terminate a phishing attack?

• Don’t give up personal information. Legitimate banks and most other companies will never ask for personal credentials via email. Don’t give them up. If you get an e-mail it's better to call and ask from the original organization which you got the e-mail.
• If you have a doubt of an e-mail don't give your original user name and the password first time.
• Don’t click on unknown attachments
  Including malicious attachments which contain viruses and malware is a common phishing tactic. Malware can damage files on your computer, steal your passwords or spy on you without your knowledge. Don’t open any email attachments you weren’t expecting.
• Don’t believe everything you see
  Phishers are extremely good at what they do. Just because an email has convincing brand logos, language, and a seemingly valid email address, does not mean that it’s legitimate. Be skeptical when it comes to your email messages—if it looks even remotely suspicious, don’t open it. 

What should you do if you have faced to a Phishing Attack?

• Login to the original organization website and and immediately change your Username and Password.
• Scan for malware in the case of your PC has been infected by a fake site. 

Specially don't use same Username and Password for all the sites you're using!!!

You can simply download all the source files from here 
 https://github.com/janitha1st/Sample-Phishing-Attack---ikman.lk- 
 https://github.com/janitha1st/Sample-Phishing-Attack---ikman.lk-