Thursday, September 9, 2010

Media news

Netsoft Technologies's
 Ethical Hacking course in media

The Ethical Hacking course of Netsoft Technologies,Kharagpur had been praised and in news by media specially by one of the largest circulated daily news paper The Thelegraph. You can read it online here...just click the following links

 

One more report... click below link


Web hacking

Hacking Web Applications


                      By Abir Atarthy

This writing  is totally intended for educational purpose and does not in anyway encourage hacking. The real purpose of this site is  prevention from hack attempts. Read the disclaimer section of the site for details.

Web applications are programs that reside on a web server to give the user functionality beyond just a website. Database queries, webmail, discussion groups, and blogs are all examples of web  applications. In a web application the browser you use is basically client and the webserver is basically a server.  Attackers may try to deface the website, steal credit card information, inject malicious codes, exploit server side scriptings, and so on
Now the question is why hackers target web applications. The reason is simple:To get confidential data.
Web applications are  critical to the security of a system because they usually connect to a database that contains
information such as identities with credit card numbers and passwords. Web application vulnerabilities increase the threat that hackers will exploit the operating system and web server . Hacking a webserver means basically hacking a website.
To hack a webserver you can follow five steps.


Web Application Threats

Many web application threats exist on a web server. The following are the most common threats:

Cross-site scripting  :- Cross-site scripting occurs when an attacker uses a web application to send malicious
code; generally JavaScript

SQL injection  : -     SQL Injection is one of the many web attack mechanisms used by 
 hackers to steal data from organizations. It is perhaps one of the most common application layer attack techniques used today. It is the type of attack that takes advantage of improper coding of your web applications that allows hacker to inject SQL commands into say a login form to allow them to gain access to the data held within your database.
Command injection  :- The hacker inserts programming commands into a web form.

Cookie poisoning and snooping  :- The hacker corrupts or steals cookies.
Buffer overflow   :- Huge amounts of data are sent  to a web application through a web form to execute commands. Almost all known web servers, application
servers, and web application  environments are susceptible to attack  (but not Java and J2EE environments

Directory traversal :- The hacker browses through the folders on a system via a web  browser or Windows explorer.
Zero-day attacks  :-take place between the time a vulnerability is discovered by a
h researcher or attacker and the time that the vendor issues a corrective patch

Hacking Tools:-
There are many tools/programmes you can write to hack different web applications, web servers etc. Being an  Ethical hacker  i won't discuss them. but i will mention one tool here
called Brup that   hackers useses for attacking and testing web applications.

Countermeasures:-
Following are the countermeasures for  different of the web application vulnerabilities.
Cross-site scripting :-Validate cookies, query strings, form fields, and hidden fields.
SQL injection  : - 1) Check the user’s input provided to database queries
                   2) Validate and sanitize every user variable passed to
Command injection  :-Use language-specific libraries for the programming language.
Cookie poisoning and snooping  :-1) Do not store plain text or weakly encrypted password in a
cookie
2) Implement cookie’s timeout
3)Cookie’s authentication credentials should be associated with
an IP address.

Buffer overflow   :- Check bounds and maintain extra care when using loops to  copy data

Directory traversal :-  Define access rights to the protected areas of the website

Zero-day attacks  :-1 ) No security solution can claim that they will totally protect
against all zero-day attacks
2)Enforce stringent security policies

Remember that hacking webapplications is basically not easy. Its a vast subject. I have just given an brief idea. You have to work very hard to hack any web applications. 

By the way let me introduce you with one of our hackingheart team member Somenath Singh, has done a nice job in this weebly.com  blog site. There is huge collection of different types of very useful softwares links. A extremly useful site for all. Thanks Somnath for your work.
Click here to visit 




Web hacking

Hacking Web Servers

                          By Ankita Chaterjee



 This article is totally intended for educational purpose and does not in anyway encourage hacking. The real purpose of this writing is to  prevention from hack attempts.  I am no way responsible if you do anything illegal and against the law.

Web servers and web applications have a very high potential to  be compromised. Previous article "Hacking Web Application" discusses how to hack web applications. I will be discussing how to hack webservers.
Understanding how web servers are hacked is an important part  of  an ethical hackers' job. This includes knowing their vulnerabilities, as well as understanding the types of
attacks—including Internet Information Server (IIS) Unicode exploits—a hacker may use.

Types of Web Server Vulnerabilities:-
The following vulnerabilities  are most commonly exploited in web servers:

1) Misconfiguration of the web server software

2) Operating system or application bugs, or flaws in programming code

3) Vulnerable default installation of operating system and web server software, and/or lack
of patch management to update operating system or web server software

4) Lack of or not following proper security policies and procedures
 an exploit of a web server offers a hacker easier access to internal systems or databases.

How webservers are compromised?
1) Misconfigurations, in operating systems, or networks
2)Bugs, OS bugs may allow commands to run on the web
3) Installing the server with defaults, service packs may not be
applied in the process, leaving holes behind
4) Capturing administrator credentials through man-in-the-middle attacks
5)Revealing an administrator password through a brute-force attack
6)Using a DNS attack to redirect users to a different web server
7)Using SQL injection attacks (if the SQL server and web server are the same system
8) Using web server extension or remote service intrusion

Hacking IIS Server:-
There are many webservers available in the market. IIS is one of the most widely used web server platforms on the
Internet. Microsoft's web server has been a frequent target over the years.
Various vulnerabilities have attacked IIS server, Examples include:
• ::$DATA vulnerability
• showcode.asp vulnerability
• Piggy backing vulnerability
• Privilege command execution

IIS hacking tools;-

Metasploit framework is an advanced open-source platform for
developing, testing,different  exploit codes. Its a  tool for penetration testing, exploit development, and vulnerability
research. It runs on any UNIX-like system under its default configuration.A customized Cygwin environment for windows OS users also available.

VB.Net

Refresh yourself  with Tic Tac Toe

                   By Tanaya karmakar

One day i was getting bored with programming...After all i was coding since 3 hours continuously. So i though to play game for a quick refreshment. But i found no game in my PC.
So i thought to make a small game that will need no Graphics card, no loads on ur PC, no clashes with other files of OS...
Here is the game.just download this small tic tac toe  i have made and have fun....




The game is written on VB.Net 3.5..
You will need dotnet framework 2.0 or latter and windows installer 3.1 or latter to be installed in your PC to run this game which you can easily get  at :  site.
www.filehippo.com.

The game had been tested fully working on Windows XP as well as Windows 7.


Alternatively if you have VB.Net 3.5 installed in ur PC, then just download the zip file(source code is included in it),extract the exe file and run it.
 
If you want the source code for this game then click ;


So play and let me know whether you like it. I have a plan to change the rule of the game in next version of it. That will be more interesting. Till then enjoy the game and stay tune with Hackingheart....