[HACK]IN(SIGHT) - VOL 1 NO.21
The ethical hacker is a person who is trained in the art of attacking computer infrastructure for the purposes of testing, auditing, and preemptively securing these infrastructures. The significant difference between the ethical hacker and the criminal hacker is that the ethical hacker is staying within the legal bounds of the region by being under a specific contract with the owner of the computer. The ethical hacker never attacks a system without permission. The ethical hacker follows a very strict code of ethics to maintain credibility.
This release is a Hacking Compendium covering topics included to the CEH V8 area of knowledge. Every article is technical with clear explanation from the author, who will show you how to hack in an effective manner and how to defend your system. But remember...
“If a Cracker wants to get into your system he/she will be there is nothing you can do to stop them, The only thing you can do is to create hurdles for them so that they can’t gain access to your system easily”.
We are grateful for Jim Steele's and Ishan Kumar's great work and engagement with Hack Insight development. Without your effort this magazine would not be the same!
Enjoy the hacking!
Hack Insight Team
This publications is available in Hack Insight annual subscription.
HOW TO HACK ERROR BASED BLIND SQL INJECTION VULNERABLE WEBSITE IN .ASP & .ASPX TECHNOLOGY
KaliPwnPad and Co. Using a Tablet for Penetration (Security) Testing Security Verification
Page 18: There are a lot of Security (hacking) tools out there, some of which cost a considerable amount of money, but if you’re like me, Security Researchers and Hackers are always on a budget (meaning we have none, LOL). So lets just say for a minute that you don’t have 1000$ to spend on PwnieExpress, the question then becomes how can you start off your Ethical Hacking (or Grey Hat continuous learning, etc.) on 300$ or less?
Building security during SDLC: IBM’s Appscan Enterprise
Page 30: We often talk about securing a web application and discuss tools which can help us identify specific vulnerabilities. However, the problem gets interesting if we need to scale the solution and conduct assessment of web applications at an organizational level; where we need to certify applications every single time there is change in the application code.
Introduction to Ethical Hacking
Page 38: Ethical hacking is the process of entering into a hacker's mindset in order to spot system vulnerabilities by performing typical hacks in a controlled environment. This article will help security professionals understand how malicious users think and work, enabling administrators to defend their systems against attacks and to identify security vulnerabilities.
Sniffing: Intercepting Network Traffic
Page 43: Many “n00bs” fire up Wireshark on their own PC expecting to be able to sniff all traffic passing through an Ethernet network. But the 90's are long gone, and all hubs have been replaced by switches, so your NIC nowadays only gets broadcast packets and packets addressed to your NIC. So if you wanna capture traffic from other hosts on the network you somehow need to force that traffic to passes by your NIC. I will here explain some of the most usual ways to achieve this.
Sniffing: Dumping Network Traffic to Disk
Page 46: The first thing I recommend you to do before you start sniffing is to ensure that your sniffer computer stays quiet, so that you don't pollute the sniffed traffic with packets from your sniffer computer. How to do this varies between Windows, Linux and FreeBSD, so I will briefly cover how to silence all three OS's.
BB codes in Kali Linux
Page 49: BB code is a set of tags based on the HTML language that you may already be familiar with. They allow you to add formatting to your messages in the same way as HTML does, but have a simpler syntax and will never break the layout of the pages you are viewing.
HACKING XAMPP WEB SERVERS VIA LOCAL FILE INCLUSION (LFI)
Page 53: So recently I was attempting to hack a friend’s server (with permission!) via a local file inclusion vulnerability and I discovered that nobody had any tutorials on hacking XAMPP servers via LFI. Basically it’s pretty straightforward if they have FileZilla FTP Server enabled and working! In fact it should be trivial to exploit this in any currently running XAMPP server with an LFI vulnerability!
How to launch oneko in Kali Linux?
Page 60: The program oneko creates a cute cat chasing around your mouse cursor. Let's implement it in Kali Linux! :)
The Ethical Hacking Process
Page 63: Like practically any IT or security project, hacking a target needs to be thought of in advance. Strategic and tactical issues need to be determined and agreed upon. To ensure the success of your efforts, spend time up front planning things out. Planning is important for any amount of testing — from a simple password-cracking test to an all-out penetration test on a Web application.
Hacking WPA / WPA2 Encrypted Networks
Page 66: The methods and tools used in this WPA / WPA2 hacking tutorial can be utilized without any previous knowledge, however it is best for the attacker to have an understanding of what is going on behind the scenes.
Remote Exploit Classification
Page 78: Exploit is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized). Such behavior frequently includes things like gaining control of a computer system, allowing privilege escalation, or a denial-of-service attack.
Remote Buffer Overflow Exploits
Page 80: In this article, I will try to explain the concepts of Remote Buffer overflow exploits from a practical perspective. This paper does not explain the concepts of O.S and Processor that are very necessary to understand the exploit development process, doesn't matter that you are messing with a complex application or a simple application. So it is assumed that readers have some background knowledge about exploits.
CSRF and XSS: A Lethal Combination
Page 87: In the second installment of this series, we discussed one of the most prevalent attacks to applications: SQL Injection. The previous discussion introduced the reader to a technical understanding of how SQL Injection attacks inflict the most exposure of sensitive data, and how these vulnerabilities are not unique to just web applications.
From Vulnerability Assessme to PenTest
Page 94: What is the best way to improve our PenTest skills? What is the best way to find vulnerabilities during a PenTest? And the best way to minimize the risk of service disruption? I think the correct answer is the use of a good vulnerability assessment tool. In my opinion the best Vulnerability Assessment (VA) tools are Nessus and Backtrack (has all you need on-board).
Annonymous Hackers Arsenal: How to perform The Ping of Death, XSS, SQL Injection, Blind SQL Injection and Brute Force Attack
Page 105: The principle of ping of death simply involves creating an IP datagram whose total size exceeds the maximum authorized size (65,536 bytes). When such a packet is sent to a system with a vulnerable TCP/IP stack, it will cause the system to crash.The Ping of Death attack relied on a bug in the Berkeley TCP/IP stack which also existed on most systems which copied the Berkeley network code.