How Hackers Are Hacking Into Websites On Shared Hosts - Symlink Bypass Explained

You
might have noticed a tremendous increase number of hack attacks on
wordpress, joomla blogs and other content managing systems. What the
hackers are doing is that instead of targeting the CMS itself meaning
wordpress or joomla. They are targeting a vulnerable website on a
server, Once they gain access to a single vulnerable website on the
server, They upload a shell and with a method called "Symlink Bypass". They
manage to extract the configuration files of another website hosted on
that same server and later on using a simple MySQL interface they
connect to that website.

What Is Symlink Bypass?

Well, I would not like to go into much detail. However for your
understanding all you need to know is that symlink is a method to
refrence other files and folders on linux. Just like a shortcut in
windows. Symlink is necessary in order to make linux work faster.
However symlink bypassing is a method which is used to access folders on
a server which the user isn't permitted. For example the home directory
can only be accessed by a root level user. However with symlink bypass
you can touch files inside home directory.


Step 1 - The hackers searches for a vunerable website on a
server. A hacker can get list of domains on a webserver by doing a
reverse iP lookup.

Step 2 - Next the hacker hacks into any vulnerable website on the server and upload a PHP shell.

Step 3 - The above picture demonstrates two files one named
.htacess and the second named jaugar.izri being uploaded to the server.
Here is what Jaugar.izri looks like when it's made public by adding 0755
permissions.

Step 4 - The hacker connects to the izri script and then gives the following commands

mkdir 1111
cd 1111
ln -s / root
ls -la /etc/valiases/(site.com)


The
first command creates a directory named 1111(Mkdir 1111). The next
command navigates to the directory(cd 1111). The third command creates
the symlink of the root. The fourth command will extract the user name
of the website you put in place of site.com. 


The target website is entered in ls - la /etc/valiases/site.com.

The
above screenshot explains the whole story. The hacker then navigates to
the "1111" directory and the configuration file of the target website
is created there. The hacker downloads the configuration files and uses
the information to access the database and there he can make any
changes.


How To Be Protected?

There is nothing much you can do it on your end, else then renaming your
config and moving it to a safer place. If you are worried about your
website's security, Feel free to contact me.

Read more ...

Learn how to use Armitage in Backtrack 5

Introduction

• Armitage is the GUI based tool for Metasploit , that shows the targets , exploits in the framework.

Features of Armitage 

• With Armitage you can scan all the alive host on the network .


• Armitage recommends exploits and will optionally run active checks to tell you which exploits will work. 


• If these options fail, use the Hail Mary attack to unleash Armitage's smart automatic exploitation against your targets.
  


• When you successfully exploit the target , 
  With the click of a menu you will escalate your privileges, log keystrokes, browse the file system, and use command shells.

Requirements 

• Latest Metasploit framework 4.3 or above 


• Oracle Java 1.7

Step 1 : Open armitage on Backtrack 5.

• Click on Backtrack > Exploitation Tools > Network Exploitation Tools > Metasploit Framework > armitage


• See the below image for more details how to open armitage n Backtrack 5 r2.

                            



Step 2 : Connect Armitage 

• Click on the connect Button .


• See the below image for more details -

                                       

Step 3 : Connecting Armitage 

• It takes few minutes to connect . So have some patience.

                                          

Step 4 :  Armitage Window 

• Here is your armitage window shown below - 

                                            

• Armitage has 3 panels : -

1. TARGET PANEL : It represents the computer ip address and other information .


2. MODULE PANEL: It shows the auxiliary,exploit,payload and post.


3. TABS PANEL : 
   Armitage opens each dialog, console, and table in a tab below the module and target panels. Click the X button to close a tab
                            

Step 5 : Find the alive host on the Network 

• In this step we have to search for the host .


• Under the Nmap Scan, select the  option > Quick Scan (OS detect)


• See the below image for more details .

                                    

• Here you have to enter the scan range . 


• Here 192.168.222.0/24  this is  class C range.


• Example image shown below -

                                    

• Your Scan is complete now .


• If the nmap scan find the alive host , then it will be shown on your Target Panel .(As shown  Below )


• See the below image for more details -

                                   

Step 6 : Finding Attacks 

• Click on the Attacks > Find Attacks .


• It will find the most suitable attack for host shown in the Target Panel.


• See the image shown below -

                                       

• When  attack analysis finished , it informs with a message shown in the image below -

                                        

Step 7 : Set the vulnerebility

• Right click on the host 


• Click on smb 


• Select the ms08_067_netapi  vulnerebility .

                                         

• Click on the checkbox - Use  a reverse connection .


• Now click on the Launch Button .

                                          

Step 8 :

• If the target host is vulnerable then its color changes to red .That means we can attack into the computer system.

                                          

Read more ...

How to monitor or track any Cell Phone

How to monitor or track any cell phone?

There is no denying that cell phones are part and parcel of current
times and smartphones with a whole gamut of features are hot favorites.
Mobile phones are being profusely used for a variety of functions and
have become repositories of so much personal and professional
information.

If and when people can get at a
cell phone’s data, they acquire almost
complete knowledge about the owner! But getting at a mobile’s data is
more easily said than done.

People cannot keep grabbing furtively at a phone and going through the
information stored in it! An invisible and silent way to transmit all
the cell phone related activities and data, including deleted ones is
needed. This is the basic idea behind monitoring or tracking cell phones
using cell phone spy applications.

How to monitor a cell phone most effectively?

Monitoring software for cell phones is available for a variety of mobile
models and operating systems. Such software, like the widely used
Mobile Spy can be quickly installed on any cell phone that has to be
monitored. The apps are thoroughly camouflaged and are designed to run
undetected in the mobile’s backdrop without intruding on the
instrument’s activities.

Setting up cell phone monitoring software

The mobile tracking app installation typically involves a simple
procedure. The user first creates an account for himself or herself on a
server designated by the app at the time of buying. After this, the
user has to physically pick up the cell phone to be monitored and set up
the mobile monitoring software on it.

As part of this step, he is also asked to select the data to be tracked.


Immediately after the installation process is completed, the app becomes
active and runs whenever the cell phone is on. It tracks the required
data, encrypts it for security and then transmits it to the server
account. User can view and use the logs recorded in the server by
accessing his account from anywhere, at anytime through a web browser.

Mobile data that becomes accessible with monitoring apps

Sophisticated monitoring apps for smartphones give many advanced options
apart from the fundamental ones such as call, SMS, email and chat
tracking and access to phone data like address book, video and picture
files and so on.

To encompass a wider scope for mobile tracking, the apps could have
location tracking of mobiles with GPS or cell ID, live overhearing of
calls and the mobile’s environment, live viewing of the phone’s screen,
permissions to block applications and lock device remotely, the ability
to limit phone usage timings, get current SIM details and many more
options.

Who can benefit from tracking mobiles?

Parents interested in watching over their kids, firms that want to
monitor their employee actions, husbands or wives doubtful about their
partner’s faithfulness and any persons who need evidence against someone
are the cases where mobile tracking is called for.

Some people use it as a data backup option on their own mobiles and some
use such apps as a precaution against mobile loss.

With mobile monitoring apps, anyone can acquire the power to track data
and activity related to cell phones and by collecting the necessary
information they can mitigate risks easily before any problems get
precipitated.

About The Author

Lucille J Cronk is a blogger enthusiastic about cell phone technology and other mobile applications.

Read more ...

How To Crack Cpanel Passwords

This article is written by one of my guests

Ok now lets talk about something different today.. many hackers just
deface index pages for fame, many wants to get the hold on the server...
some are genious and some are script kiddies... what if you got access
to the server with limited permissions... and you have targeted a
website on that server... what would you do at that time...!

And the real game STARTS NOW... we will learn how to crack a
Cpanel password for all the websites that are hosted on that server or
the particular one with the help of this method "Cpanel Cracking/Hacking!"...!!

First of all...we need a cpanel cracking shell on that server to crack
the passwords of the websites that are hosted on that server!!

Step 1

First we have to upload cp.php cpanel cracking shell on that server to start our journey...!!

Step 2


Second thing we need, is the mother of this method!! Yes...we need
Usernames of the websites and a Extremely capable password dictionary to
crack!!

Now lets start...

Grab all the usernames of websites hosted on the website with the help these commands

1- "ls /var/mail"
2- "/etc/passwd"

Now you will see all the usersnames of the websites and the password list you have provided! Just press the "Go" button and just wait and watch your success!

If you have supplied strong enough password list then you will the a
good response from the server ;) like this "Cracking success with
username "ABC" with password "XYZ"

else it will show you negative response like this "Please put some good passwords to crack username "ABC" :( "

Inshort... the success of cracking usernames is directly proportional to the password dictionary provided  ;) 
About The Author:


This article is writen by Mirza Burhan baig, He is an Independent Security Researcher & love to Break and Fix Things, 
running his own security firm BlackBitZ!


 

Read more ...