Lots of people think that Javascript is an inferior language but Javascript is an extremly powerful language and those people who think the other way they either don't know how to use it or are not familiar with it's capabilities, With javascript you can do lots of cool things such as edit any page, make an image fly etc, but it is a waste of time to spend your time on making images fly with javascripts or editing a page.
Anyways coming to the main topic, did you know that javascript can be used to detect if a page is a spoofed website or phishingwebsite or a legit one, well if you don't know just paste the following code in to the address bar and a pop up will appear telling you whether the website is original or not
Here is the Javascript code:

javascript:alert("The actual URL is:\t\t" + location.protocol + "//" + location.hostname + "/" + "\nThe address URL is:\t\t" + location.href + "\n" + "\nIf the server names do not match, this may be a spoof.");


SQL Injection Tutorial with HAVJI

According to a survey the most common technique of hacking a website is SQL Injection. SQL Injection is a technique in which hacker insert SQL codes into web Forum to get Sensitive information like (User Name , Passwords) to access the site and Deface it. The traditional SQL injection method is quite difficult, but now a days there are many tools available online through which any script kiddie can use SQL Injection to deface a webite, because of these tools websites have became more vulnerable to these types of attacks.

One of the popular tools is Havij, Havij is an advanced SQL injection tool which makes SQL Injection very easy for you, Along with SQL injection it has a built in admin page finder which makes it very effective.


Warning - This article is only for education purposes, By reading this article you agree that HWA is not responsible in any way for any kind of damage caused by the information provided in this article.


Supported Databases With Havij

  • MsSQL 2000/2005 with error.
  • MsSQL 2000/2005 no error union based
  • MySQL union based
  • MySQL Blind
  • MySQL error based
  • MySQL time based
  • Oracle union based
  • MsAccess union based
  • Sybase (ASE)

Demonstration

Now i will Show you
step by step the process of SQL injection.

Step1: Find SQL injection Vulnerability in tour site and insert the string (likehttp://www.target.com/index.asp?id=123) of it in Havij as show below.



Step3: Now click on the Analyse button as shown below.



Now if the your Server is Vulnerable the information about the
target will appear and the columns will appear like shown in picture below:


Step4: Now click on the Tables button and then click Get Tables button from below column as shown below:


Step5: Now select the Tables with sensitive information and click Get Columns button.After that select the Username and Password Column to get the Username and Password and click on the Get Table button.

Countermeasures:

Here are some of the countermeasures you can take to reduce the risk of SQL Injection

1.Renaming the admin page will make it difficult for a hacker to locate it

3.Use a Intrusion detection system and compose the signatures for popular SQL injection strings

4. One of the best method to protect your website against SQL Injection attacks is to disallow special characters in the admin form, though this will make your passwords more vulnerable to bruteforce attacks but you can implement a capcha to prevent these types of attack.

Man In The Middle Attack - SSL Hacking

One of the most successful way of gaining information such as passwords,user ids etc in LAN (local area network) is through man in the middle attacks . I will not be going to deep into Man in the middle attacks, but in simple words it can be explained as attacker or a hacker listening to all the information sent in between the client and the server .To prevent these kind of attacks Email providers started using Hypertext Transfer Protocol Secure (HTTPS) It is a combination of the Hypertext Transfer Protocol(HTTP) with SSL (Secure socket layer )protocol to provide encrypted communication between the client and the server .So when a hacker caries out a Mimt attack the victim is cautioned with a invalid SSL Certificate



In this
tutorial I will teach how to carry out a successful Mitm attack

Concept :-

We Know that HTTP (Hypertext Transfer Protocol )simply sends all the information through plain text .So if we make the victim use HTTP instead of HTTPS to connect sites like Gmail , Pay pal. we will be able to carry out a successful Mitm attack with out causing any suspicion To do this we are going to use a tool called SSL strip

Read More: What is SSL(Secure Socket Layer)

Thing we Need

1. SSL strip: You can search Google for SSL strip it comes both in windows and Linux versions . I will be using the windows version in this tutorial

2. Ettercap to carry out mitm attacks

Demonstration :-

1. Open SSL strip and fill in all the required information for arpsoof, network ,ssl strip, change data .If you don’t know what to enter simply click auto check . remember to check if HTTPS to HTTP is included in Change data , finally click ok



2. Now select the victim’s IP and click open


3. Now open ettercap go to sniff -unsniffed sniffing and select your network interface and click ok



4. Now select hosts-scan hosts .Once scanning is completed .Open host list from hosts tab .Now select the IP address of the router as target 1 and the victims IP as target 2



5. Now select mitm-arp poisoning and click ok as shown



6. Finally select start-start sniffing .Now when the victim logs into gmail he will be using HTTPand not HTTPS Hence we are able to get the User id ,passwords as shown below



Counter measures:

1. whenever you perform an online transaction such as Credit card payment, Bank login or Email login always ensure that you Use HTTPS

2. Always check the SSL certificate before doing an online transaction

How To Secure Your Wordpress Blogs?


Hackers are the person like you and us but the only difference is that they use their skills for the negative and destructive purposes, they use their skills to break awebsite, they normally destroy all the stuff's, so if you are a admin of a website you should care about the security of the website.
As you know that the wordpress is a common and most popular plate form for blogging, but the security of the wordpress is always a hot
discussion and it need more and more concentration because vulnerability discover everyday. Below are some tips to make your blog secure:

Secure WP-Admin By IP

Let suppose if someone can get the ability(username & Password) to enter into your websiteWP section, you can restrict this area by your IP. It prevent brute forcing attack and only you can able to control on your website because of IP restriction.

Order deny,allow
Deny from All
Allow from 123.456.789.0

You can allow and deny IP's from a range use this:
order deny,allow deny from all # allow my home IP address allow from XX.XX.XXX.XXX # allow my work IP address allow from XX.XX.XXX.XXX


Protect WP-Config.php File

WP-Config.php file has a great importance on wordpress plate form, it need more care and usually an attacker get the required information about the
database of your website from WP-Config file. Basically if you use a strong database user-name and password while your WP-Config security is low than an attacker can get your strong user-name and password from wp-config file, because it contain all the information about the security and other things of yourwebsite.

Access .htaccess file is
located at the root your WordPress installation open it and paste the following code.

order allow,deny
deny from all




Hide WordPress Version Number

You must hide the version of your wordpress because an attacker may find the available exploit by
searching it on different exploit database by version number and it may cause a great harm for your blog so be care about it.

This tag is in the header.php file that
displays your current version of wordpress

Copy and paste the code in the functions.php file of your
theme and than you are done.


remove_action('wp_head', 'wp_generator');

Remove Error Message From Login Screen

This is your clever move to remove the error message that an attacker would not able to see if the user-name and password incorrect, update your function.php by this code.

add_filter('login_errors',create_function('$a', \"return null;\"));


Some Other Security Tips

Use your mind because mind is an
essential part to secure yourself on the jungle of web.

  • Create strong passwords that are not easily be guess or crack.
  • Secure your own side(your computer) from different malware.
  • Make regular backup of your blog.
  • Update your wordpress to latest version
  • Use SSH instead of FTP
  • Avoid using your account on public places
  • You must be ware on different attacks to secure yourself.

Auditing Weak User Accounts On UNIX System


Whenever we talk about auditing weak user accounts on UNIX or UNIX like systems the very first thought that comes to mind is using John The Ripper or L0phtCrack to audit weak passwords.
This is very big misconception among most of the people that weak user accounts only means accounts with weak passwords.
A normal user account isn't that normal if you haven't edited any of the permissions for it. So lets see how many abnormal tasks a normal user can perform if his account is not properly audited. Lets start with creation of user account.
Usually we type following
command to create a normal user in UNIX or UNIX like systems.

[root@localhost~]#useradd newuser
[root@localhost~]#passwd newuser


Now what's the problem with this user creation
method.

Problem
number 1: This user is not member of any group.
Problem number 2: This user will have his own folder in /home directory.

If a user is in shared network environment then it is mandatory that user must be a member of some group and he/she must not have primary group of his own. By creating user by abovemethod you have given him two powers, power to own his own group and next power of having a separate folder. Here's how you should add a user to avoid above problems.

[root@localhost~]# useradd -d /home/group_name -g group_name newuser
[root@localhost~]#passwd newuser


-d: will set default folder for user to /home/group_name
-g: will add user to group_name as primary group member

Now what might be the scope of the user we created about using and accessing disk space and memory? The answer is unlimited. That means newuser can create as many
files and folders he/she wants ultimately covering up all disk-space or alternatively he/she can write or run a program that consumes lot of memory, that means if he writes and executes a programwhich recursively increases its stack or just able to smash its own stack then a normal user can make complete system to crash down and stand still.
And his rights to access any folder can help him hide a script or program that he/she can use to escalate privileges later to become super user without anyone noticing it.

Above problems can be solved by activating disk quota on system. According to the UNIX or Linux system you are using refer its
manual to see how to activate disk quota. Once activated you can set disk quota by typing following commands,

[root@localhost~]#set quota -u newuser abc / 8000 10000 400 500

The above command will set 10000 bytes for newuser in ' / '
partition and he/she will be warned if his/her disk usage goes above 8000 bytes. At maximum he/she can create 500 fileswith warning on 400th file. You can replace ' / ' with directory name where you want to restrict the user.
The next problem is how to restrict user's power to use unlimited memory access? To set restrictions open “/etc/security/limits.conf” file in VI editor or any familiar editor to you. The syntax of file is quite explanatory and will differ according to the version and base kernel of your system.

Last thing that is problematic is life of account.
To check it out type following command,

[root@localhost~]#chage -l newuser




Now have a look on output you'll find account expires never, password expires never, days to change password 99999. Believe it or not this is default user account setting in every UNIX and Linux system. If you are smart enough then you can easily figure out how fatal this kind of account can prove to your system if this information is not changed. To change account permissions type

[root@localhost~]change newuser


and set permissions.

There are several steps involved in auditing a UNIX or UNIX like system depending for what system is configured but auditing weak user accounts for their permissions and passwords is common task in all no matter what your motive is. I know an experienced UNIX administrator will find this article is of little help whereas new administrators will find it useful. Anyways I hope RHA readers like this post, thanks for
reading, happy hacking.