Archive for November 2011

A Quick Guide to Five Crucial iOS Security Applications

The use of mobile broadband has quickly become the primary medium of communication for people as they turn away from using traditional landlines services. Smartphones have grasped a large portion of the cellphone market. More specifically, the iPhone by Apple has become an incredibly popular choice by the typical consumer. Being such a popular device, hackers have begun focusing their efforts on penetrating into people's smartphones. To combat hackers, several services have been created in hopes of preventing hackers from accessing consumers' iPhones.

Password Cracking & Online Casino

Authentication is the first step to measure the security of a website, a computer and a network, different websites are using password based authentication process for the security of their users even you are using password based security for your bank account, poker account, email account and so on. So before deciding and logging in to a site or domain we recommend you to read more of what the site offer and how secure could you be in case you'll be registering.

Buffer Overflow Attack Tutorial - Backtrack 5

Firewall and anti-virus are to protect your computer from hacking attack and from viruses but sometimes an attacker can easily bypass them and can get root access into your computer, there are so many techniques and tools are available to bypass or cheat anti-virus and firewall. Buffer overflow is the most common type of computer security attack that allows a hacker to get the administrator access into a computer or a network. As we have discussed so many tutorial by using Backtrack 5 to hack into windows operating system, however there are many exploits are also available for Linux operating system.

Introduction to Ethical Hacking

I was planning to write a detail article on the basis of ethical hacking and penetration testing that cover the methodology, reporting and other things but some of my friend has shared this wonderful presentation that covers each and everything about ethical hacking and the process. Below is the presentation that covers the beginning of ethical hacking and it will let you know the procedure of hacking and penetration testing.

VoIP Hopper - VoIP VLAN Hopping Tool

VoIP Hopper is a GPLv3 licensed security tool, written in C, that rapidly runs a VLAN Hop into the Voice VLAN on specific ethernet switches. VoIP Hopper does this by mimicking the behavior of an IP Phone, in Cisco, Avaya, and Nortel environments.  This requires two important steps in order for the tool to traverse VLANs for unauthorized access.  First,  discovery of the correct 12 bit Voice VLAN ID (VVID) used by the IP Phones is required.  VoIP Hopper supports multiple protocol discovery methods (CDP, DHCP, LLDP-MED, 802.1q ARP) for this important first step.  Second, the tool creates a virtual VoIP ethernet interface on the OS. 

How To Install Nessus In Backtrack 5 R1 Tutorial

Nessus is one of the best vulnerability scanner that is available in two mode for both home and commercial user's, nessus plug in for home user is free of cost. However we have OpenVAS and Nexpose they both are also a good vulnerability scanner and we have discussed several tutorials for them. Nessus installation in backtrack 5 was an easy work and we discuss it before but Backtrack 5 R1 does not have a default way to install nessus, so how to install Nessus in Backtrack 5 R1? You will get the answer.

OWASP WebGoat- Learn Web Application Security Concepts

WebGoat is a deliberately insecure J2EE web application designed to teach web application security lessons. In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat application. For example, in one of the lessons the user must use SQL injection to steal fake credit card numbers. The application is a realistic teaching environment, providing users with hints and code to further explain the lesson.

GoLISMERO The Web Knife - Web Application Mapping Tool

Web application generally at the hit list of hackers and different hackers use different technique to find the bug (vulnerability) on web application to get the root access or to steal some information. Web application vulnerabilities like SQL-injection and cross site scripting are dangerous for web but as a penetration tester you need to test the security of a web application first step to hack or secure is to map the over all infrastructure, so golismero is wonderful tool that play the role to do this.

Ncrack – High Speed Network Authentication Cracking Tool

Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a modular approach, a command-line syntax similar to Nmap and a dynamic engine that can adapt its behaviour based on network feedback. It allows for rapid, yet reliable large-scale auditing of multiple hosts.

SQLsus - MySql Injection Tutorial

SQL injection is the most common and most dangerous web application hacking technique in SQL injection a hacker take advantages of misconfiguration and poor coding of SQL. SQL injection will take an attacker to the important database that might contain credit card information, administrative information and more. There are so many tools are available for SQL injection, you can use w3af, nikto and others to find the sql vulnerability on a web application. Backtrack 5 also contain so many tools like sqlmap.

How to Use OpenVAS in Metasploit- OpenVAS & Metasploit Integration

Metasploit includes an OpenVAS module, which allow you to interact with an OpenVAS server to create targets, run scans, download reports, and import reports. Recently I had the opportunity to make some updates to the module and wanted to write a blog post to document how to use it. This blog post does not cover how to setup an OpenVAS server but you can find that info here and here

How to Avoid the Most Common and Dangerous Passwords

Passwords is generally the first layer of security and authentication, password cracking techniques are very common the best techniques are guessing, dictionary based attack, brute force attack. There are so many tools are available to implement password cracking attack, backtrack and specially backtrack 5 contain different tools for online and offline password cracking. If your password is easy than a hacker or cracker can easily hack it by using guessing or other attack. Password cracking tutorial by using hydra so by looking at the tutorial you can easily understand about the weak and strong passwords.

How to Install Damn Vulnerable Web App in Linux Backtrack 5 R1

Backtrack is the best Linux distribution for penetration testing and ethical hacking purposes, backtrack 5 R1 is the latest one and as discussed tutorials about backtrack 5 are also applicable on backtrack 5 R1. So in this tutorial I will tell you how to install damn vulnerable web application on backtrack machine, however you can install damn vulnerable web application on windows, MAC and some other Linux distribution like Ubuntu process is approximately same. 

Session Cookie Based Sql Injection Tutorial

SQL injection is most dangerous attack for web application, there are a lot of different websites are vulnerable to SQL injection. There are different variant for SQL injection like a simple SQL injection, blind SQL injection and Cookies based SQL injection. As you know the basic idea about cookies and their importance, cookies are represent some session and normally they count in cross site scripting attack (XSS) but what is cookies based SQL injection. In this article we will discuss cookies or session based SQL injection attack. 

Maltego Tutorial - Mesh Analysis

Maltego is the famous and the best tool that would really helpful in the process of penetration testing and ethical hacking, Maltego is powerful tool that help to gather information from various resources and by using various methods. Information gathering or foot-printing is the first step of hacking so the tools that would help you in this process are generally the important tools. We have discussed maltego before on backtrack 5 and other ways. So in this article we will discuss about Maltego Mesh attack.

Virtual Machine Security - VMware Security Hardening

Virtual machines are very common in the enterprise and even for home user, most common virtual machines are VMware and virtual box in both machines security is an essential part. Security of a virtual machine is also important as the security of host machine. There are different Hardening tips are available for virtual machine (VMware) and in this article we will discuss the basic security tips for VMware.

OWASP DirBuster- Directories & Files Brute Force Tool

Web application servers are now at the hit list of hackers, hackers usually try to find web application vulnerability to deface and to completely hack a website. SQL-Injection and cross site scripting are among the most common web application attack usually web administrator hide the importance files from directory to avoid the information theft because information gathering is the first step of hacking, so how can you find different directories and files on a server. We have a wonderful tool for this purpose. 

How To Find Vulnerability on a Computer- CVEchecker

There are different tools are available to find a vulnerability on an operating system and network, nessus and OpenVAS are among them. We have discussed different sort of tutorials for nessus to find a vulnerability as you have seen that the vulnerability number start with CVE-xxxxx so the question is what is CVE? And the other thing is that if we need to find the vulnerability on our own computer so that whether we need to scan our own computer via nessus or there are some other method?

How a Network Scanner can Save Your Network

Networks are complex systems, there are a lot to them and, as with everything else, something can (and will) go wrong. Staying on top of things is the only way to ensure networks don’t go down.  A network scanner will help you protect your network from an endless list of web threats. There are numerous articles on the advantages of using network scanners but many of these present the theoretical part.

How to Send Anonymous SMS- SMS Spoofing Tutorial

SMS (short message service) is now become a best way to transfer your message as quickly as possible, mobile communication system and mobile devices are now everywhere and every person are using mobile devices and SMS services. SMS spoofing or anonymous SMS was and is always a hot topic, there are numerous tutorials and discussion has been made on SMS spoofing and we also discussed SMS spoofing on social engineering toolkit on backtrack 5 but some people has faced different problem on it.

Can You Crack It? A Challenge

Cyber security and defense is now an important field of interest because of rising hacking attacks on small networks and enterprise networks. Even government organizations are not secure, with hacker groups like Anonymous, Lulzsec and others having been and remaining a threat. So the point of consideration is that an organization should have enough security researchers, penetration testers and the solution to fight against these hacking attacks.

Web Application Firewalls - OWASP

Web applications of all kinds, whether online shops or partner portals, have in recent years increasingly become the target of hacker attacks. The attackers are using methods which are specifically aimed at exploiting potential weak spots in the web application software itself - and this is why they are not detected, or are not detected with sufficient accuracy, by traditional IT security systems such as network firewalls or IDS/IPS systems.

7 Tips For Wordpress Blog Security

WordPress is the most popular blogging platform in the world. It is easy to install and fun to use. Many hosting providers offer one-click installation. Installing updates and plugins also takes no more than 3 clicks or 2 minutes.
Due to its global popularity, the platform frequently becomes the target of hackers and spammers.