Security Flaws Of The Internet Protocol

Today more and more vulnerabilities in computer systems are found each day. Some of them are minor security holes but others affect the whole infrastructure of the internet. Take a look at “Hackers Hacked at Defcon” and you will notice that there is at least one major vulnerability in the TCP/IP implementation. Because TCP/IP is so important for modern network infrastructure the Centre for the Protection of National Infrastructure has written an article about major/potential security flaws in the TCP/IP protocol. Take a look at their security assessment of the TCP/IP protocol it is worth the read.

Advertisements

Hackers Hacked at Defcon

Through a new attack security professionals were able to hijack hackers online activity at Defcon. Tony Kapela and Alex Pilosov, the people who found the vulnerability, were using a man-in-the-middle attack to capture the traffic of the hackers.

The attack itself relies on a global vulnerability in the routing protocol. The networks around the world trust each other and therein lies the vulnerability. A hacker can hijack traffic to and from websites of choice by adding enough numbers to computer addresses to have his or her network automatically deemed the best path for the data.

Here is the whole article.

This is a large scale vulnerability and there is no simple solution to that problem. Tell me what you think about it.


Bookmark and Share

A Hacker’s Live CD

Today penetration testing is becoming an important procedure for companies who want their network to be secure. For this reason more and more security consultants are looking for an operating system made for penetration testing. This is where Backtrack comes in handy.

Gained access to a Windows computer through the metasploit framework

Gained access to a Windows computer through the metasploit framework on Backtrack

Backtrack 3

Backtrack is a Live CD based on Slackware. It is the result of the merger of WHAX and Auditor Security Linux which were both Live CDs made for computer security professionals. Therefore it’s no surprise that Backtrack has a huge collection with more than 300 security and forensics tools. Backtrack was made for security penetration testers and for that reason all the tools are organized according to the workflow of security professionals. The tight integration of these tools into the Live CD make hacking even easier, e.g. by entering one command you will get the latest milw0rm exploits which you could use for an attack. For more information take a look at the official Backtrack homepage.

You can download Backtrack here, it is really worth taking a look at. Tell me what think about it.


Bookmark and Share

Forward DNS Bruteforcing with Python

GlobeDNS is one of the most important protocols on the internet. If you visited a homepage like this one your computer probably used DNS. The domain name system is used to associate ip addresses with certain domains, e.g. Google’s ip address is 64.233.167.99 and it is associated with google.com. So whenever you type google.com in your browser your computer actually looks up the ip address of it and further connects to it.
Forward DNS Bruteforcing
Forward DNS bruteforcing is method which uses DNS to find out about potential services of a domain. The concept is very simple. A lot of domains now a days have subdomains in the case of Google it could be mail.google.com. Here mail is a subdomain of Google thus it needs to have a certain ip address otherwise it wouldn’t be available over the internet. So what Forward DNS bruteforcing actually does is query DNS servers for subdomains and through the response you know whether it exists or not. Let’s take a look at an example.

Example
Let’s say we want to know whether Google has a VPN service available. You could try to forward bruteforce Google by querying a DNS server for vpn.google.com. Now if it exists it has to have an ip address and we would get it through the query.

Python DNS Bruteforcing Script
Now I coded this little script in Python. It actually does the same as stated above. I am not sure whether it works under Windows since it uses the “host” command to query for domains but it should work well under Linux. When you run the script you need to provide a file and a domain. The file should be just a list of subdomain names (e.g. vpn, mail, pop etc.) which you want to forward bruteforce. The domain is obvisiously the domain you want to bruteforce. Here is the source code of the script:

#!/usr/bin/env python

import os, sys, commands

if len(sys.argv) < 3:

    print ” DNS Bruteforce lookup on the domain by”
    print ” adding the names in the file to the domain”
    print “Usage: %s <file> <host>” % sys.argv[0]
    sys.exit(0)

file = sys.argv[1]
fh = open(file, “r”).readlines()
try:

      • val = name[0:len(name)-2]
        val = name[0:len(name)-1]
        print var
        print “Shutting down application …”
        sys.exit(0)
    • if name.endswith(“\r\n”):else:

      var = commands.getoutput(“host %s.%s ” % (val, sys.argv[2]))
      if not “not found” in var:

      except KeyboardInterrupt:

  • for name in fh:


Bookmark and Share

Automated Google Hacking

Using Google To Your Advantage

Google is one of the biggest companies now a days. It provides you with so many services that no one could imagine the internet without it. Google’s search engine is what I am going to focus on in this article since that is what Google Hacking is about. The term actually refers to using Google’s search engine in an advanced way to find sensitive information. If you haven’t done any Google Hacking yet then take a look at this hacking article.

Automated Google Hacking

Since Google Hacking can be quite time consuming people from the Cult of the Dead Cow wrote a program which automates this task. It is a pretty cool tool but the bad part is that you can not send queries that often. So do NOT use the program too often or send to many queries since that may cause Google to ban you!

It is still worth taking a look at especially for administrators to scan whether their websites give away too much information. I’ve used Google Hacking myself several times and found some really really sensitive information so Google Hacking is not something you should underestimate.

Bookmark and Share

Security flaw in Internet Explorer

A Zero-day vulnerability was found in the Internet Explorer and reported to Microsoft. Through the flaw a malicious user is able to hijack cookies and steal credentials. The Internet Explorer 6 on Windows XP SP2 and SP3 are only affected by this security flaw. Secunia rates this a moderately critical issue. Since there is not a patch available for IE users it is recommended to use another browser or upgrade to IE 7.

Here is the full article if you want to read more.

Hacking Web Applications

The internet is growing faster then ever and it will probably will not stop growing in the near future. The same thing applies to web applications. Each day there are thousands of new web applications and they are becoming more and more important. More companies rely heavily on them, for that reason it is a extremely important to secure them properly. By understanding how to hack them you will understand how to secure them.

As with everything, hacking web applications is about experience and knowledge. That is the reason why I want to show you how and where you can learn about it.

Legal Web Hacking sites
There are several good web sites where you can learn about hacking web sites. I do not want to go into detail since I already listed most of them in my first and second part of the learning how to hack article.

Learning Web Hacking Through Programs
If you want to learn to hack web application I recommend you download Webgoat. Webgoat was created by OWASP. You can download it for free on OWASP’s web site. After downloading it you need to extract the zip-file. Then double click on the webgoat.bat file. This makes your computer more vulnerable so I recommend that you unplug your network cable so you do not have access to the internet. Afterwards open up a browser, browse to http://localhost/WebGoat/attack and enter “guest” as username and password. You should now see something similiar to the picture below. On the left side of the page you can select the different things you want to learn. Clicking “Hints”, on the top of the page, will help you with the challenge when you are stuck.

OWASP\'s Webgoat
Have fun 😉 If you have any questions or you are stuck in a challenge, feel free to contact us.