Ehacking Tutorial

Source Code Analyzer for PHP Vulnerabilities - RIPS

The World Wide Web grew rapidly during the last decades and is used by millions of people every day for online shopping, banking, networking, and other activities. Many of these websites are developed with PHP, the most popular scripting language on the Web. However, PHP code is prone to different types of critical security vulnerabilities that can lead to data leakage, server compromise, or attacks against an application’s users. This problem can be addressed by analyzing the source code of the application for security vulnerabilities before the application is deployed on a web server. Novel approach is presented for the precise static analysis of PHP code to detect security vulnerabilities in web applications. As dismissed by previous work in this area, a comprehensive configuration and simulation of over 900 PHP built-in features allows us to precisely model the highly dynamic PHP language. By performing an intra- and inter-procedural data flow analysis and by creating block and function summaries, we are able to efficiently perform a backward-directed taint analysis for 20 different types of vulnerabilities. Furthermore, string analysis enables us to validate sanitization in a context-sensitive manner. Our method is the first to perform fine-grained analysis of the interaction between different types of sanitization, encoding, sources, sinks, markup contexts, and PHP settings. We implemented a prototype of our approach in a tool called RIPS. Our evaluation shows that RIPS is capable of finding severe vulnerabilities in popular real world applications: we reported 73 previously unknown vulnerabilities in five well-known PHP applications such as phpBB, osCommerce, and the conference management software HotCRP.

What is RIPS

RIPS is a tool written in PHP to find vulnerabilities in PHP applications using static code analysis. By tokenizing and parsing all source code files RIPS is able to transform PHP source code into a program model and to detect sensitive sinks (potentially vulnerable functions) that can be tainted by userinput (influenced by a malicious user) during the program flow. Besides the structured output of found vulnerabilities RIPS also offers an integrated code audit framework for further manual analysis. 

Dropping Docs on Darknets: How People Got Caught

Uploaded document or any other private file on Internet by using TOR or any other proxy, you just got relaxed but do you ever think that you will be getting caught? No; then you must be thinking that way because people trying to de-anonymize you.

In order to get the insight of your private information, you need to understand the overall functionality of darknet and TOR; Adrian Crenshaw has talked about it at Defcon 22.



iSniff GPS WiFi Sniffing Tool

iSniff GPS passively sniffs for SSID probes, ARPs and MDNS (Bonjour) packets broadcast by nearby iPhones, iPads and other wireless devices. The aim is to collect data which can be used to identify each device and determine previous geographical locations, based solely on information each device discloses about previously joined WiFi networks.

iOS devices transmit ARPs which sometimes contain MAC addresses (BSSIDs) of previously joined WiFi networks. iSniff GPS captures these ARPs and submits MAC addresses to Apple's WiFi location service (masquerading as an iOS device) to obtain GPS coordinates for a given BSSID. If only SSID probes have been captured for a particular device, iSniff GPS can query network names on wigle.net and visualise possible locations.

By geo-locating multiple SSIDs and WiFi router MAC addresses, it is possible to determine where a device (and by implication its owner) is likely to have been.

Below: Visualisation of WiFi router locations in Melbourne, AU returned by Apple Location Services


Unmasking or De-Anonymizing You

The world is full of deception; I, you and everyone has deceived someone, somewhere at any point of life, this is strange but a truth and we have to accept it (but nobody gonna accept it at any cost). You are reading this story on a website created for infosec professional and students so I bet you that sometimes you want to hide your identity while browsing internet; in fact, everyone need to hide their identity for some reason, the bad, the ugly and the good. Whatever the reason is, what if I tell you that "it is possible to de-anonymize you" the process and strategy is know as "unmasking".

You should not take it personally; imagine a reverse case, you are unmasking someone else for the good cause and you will become the hero. So the technique is nothing but a technique and the usage is determine the destiny.

Unmasking is the process to remove mask from the face and to reveal the real identity; at defcon17, Robert “RSnake” Hansen & Joshua “Jabra” Abraham have discussed the concept with demonstration and we bring both for you to understand it.

Hacking WPS - SILICA Wireless Assessments

Understanding the vulnerabilities of your WiFi network can be challenging as users can easily create networks on demand, or even perhaps unintentionally. But as recent events have demonstrated, scanning your WiFi network is an important part of understanding your security posture.

Most vulnerability assessment tools simply take their current network scanners and point them at the wireless infrastructure. This approach does not give you the information that is unique to wireless networks. Immunity has built the first automated, WiFi specific, vulnerability assessment and penetration tool.




Becoming a Hacker - What, How and Why

To be a hacker penetration tester is not a single day process at all, it requires time, effort and skills. The discussed intangible skills (attitude, culture, values, freedom etc) have gathered immense interest of infosec professionals, and I have been asked to write on requiring technical skills, I will share the story soon but the agenda of this story is to share an infographic created by schools.com

What type of hacker do you want to be? What does hacker do? Hacking as a career. How much money could a hacker earn (hacker salary)? The answers of the asked questions are discussed on the following infographic.


How to Become a Hacker? 
Becoming a Hacker – Intangible Skills



How to Become a Hacker ?
How to Become a Hacker