Site Restoration Tutorial

 As all you might already know Independence day is just a few days away.

And we know for a fact that certain people will be attacking and defacing Indian sites .And this tutorial is aimed at helping you in restoring a hacked site.I am not gonna explain everything fully cause it will become TOO BIG ,I will just point you in the right direction :) )

Note: This is NOT a tutorial for webadmins this is for the hackers who are interested in restoring a site (As this TUT considers the reader had 0 permission when they start )

Also some the methods I would be suggesting will be fairly aggressive so if you don't agree with me your free to close this page :D

1. GET BEHIND A FREAKING VPN !!

Yes its true that your just trying to help but that does not mean that you should expose yourself

The site admin is not gonna care who you are ,if they are gonna complain to the cyber police they are gonna give them ALL THE LOGS. And all you know that India's "Cyber Police" are mostly skids and noobs ,and they will put the blame YOU cause you will be easier to arrest than a person from an another country

This is the sad truth ACCEPT it , DO NOT expect fame and glory for what your gonna do

2. Know what you are dealing with 

 Before you start there are a few questions you should ask yourself

Is this site worth my time ?

Always give priority to the major sites first,only go to the smaller sites when your done with the the major ones.
Is it a Index deface or just www.site.com/hackpage.html ?If its the second one then its a low priority hack

Is the site in a dedicated or shared server ?

Knowing which type makes all the difference

Does it look like the hacker rooted it ?

When its shared hosting and mass defacing has been done then its probable that the server has been rooted

 

3. Gain access 

First thing to do is to see if the hacker had left behind any shells

places to look are

/image /admin/ /themes/  /cgi/ etc... If you cant find manually

Here is a good plugin for Uniscanner --> http://uniscan.sourceforge.net/?p=161

Cant Find shell ? its ok ,proceed to next step

Now look into all the application level vulnerabilities

i.e  XSS, RFI , LFI , SQLi --> most common

Figure out how the hacker got in and exploit the site using the same method

Still NOTHING?

If this does not work ,look on all the ports and see if the server is running a outdated/vulnerable service

And gain system privileges through exploiting the service

Somehow get a shell or a backdoor up

Don't forget that if the attacker found a way to get in YOU CAN TOO !! :D

4. Removing Backdoor's 

First before you restore you have to make sure that you remove ALL backdoor's left by the hacker.

Same as last time you can make sure that you remove all the shells using multiple methods

http://uniscan.sourceforge.net/?p=161

http://25yearsofprogramming.com/blog/2010/20100315.htm

http://ketan.lithiumfox.com/doku.php?id=phpshell_scanner

http://25yearsofprogramming.com/php/findmaliciouscode.htm

https://github.com/Neohapsis/NeoPI

Note: some of these need you to install a few dependencies

If you have access to terminal you can use this

 grep -RPl --include=*.{php,txt,asp} "(passthru|shell_exec|system|phpinfo|base64_decode|chmod|mkdir|fopen|fclose|readfile) *\(" /var/www/

The above command says:

1.  Check files with extensions php or txt or asp only. You can add in more.
2. The pattern matching strings would be "passthru", shell_exec and so on. You can add/remove patterns.
3. The directory from where a recursive search has to be started. In this case it is /var/www/

5. The actual Restoring 

See if the hacker has renamed the original index file as index1.php or indexold.php etc

 

Then its just a matter of removing the deface file and renaming the original (also make a backup to be safe)

 

If you cant see the original files then will have to use data recovery methods (need escalated privileges)

http://www.linuxforu.com/2011/09/recover-deleted-files-in-linux/

 

If all these methods fail then replace the index with a blank white page or a "Maintenance" page

 

6.Prevent future attacks on the server

 Now that you know the method the attacker used to gain access you should start to fill up the security holes

A few tips:
If the server was rooted then update kernel and change the root user password and remove all new added accounts 

Firewall:
If it is a shared server and lots of sites are vulnerable to sql injection then I suggest installing an uptodate WAF to keep away the skids (there is still a possibility that it can be bypassed )

Some of recommended WAF's
http://www.modsecurity.org/download/
http://www.aqtronix.com/?PageID=167 --> IIS

Admin Page's:

If the admin page is vulnerable to shell upload then rename the admin login file to something like "randomtextadminpage1231ew8712.php/.html"  to stop the attacker from entering the site again

Trolling the hacker:

Most of the times Index files are like this
IIS: default.asp/.aspx
Apache:Index.php/.html

But this is easily changeable in Apache by editing the .htaccess file
http://www.javascriptkit.com/howto/htaccess6.shtml

So you can make the index file as something like 12d9au.html so when the attacker replaces the index.php/.html file the site will still load our 12d9au.html as the default file :D

99% of attackers will go mad trying to figure it out XD ROFL
Dont forget to leave a .txt file with all the vulnerabilities so that the site admin can read it (he/she is the only one who can fix it permanently)

 And if you ever fail in restoring a site then dont worry it is not a shame to you or your country ... ALL THE BLAME GOES TO THE ADMIN 

------------------------------------------------------------------------------------------------------------

PS: Please point out in the comments if you think something needs to be corrected or added to this tutorial (it would be awesome if you provide exact text) as we should all work together to protect OUT cyber space 

Re FUD using CliSecure and Amuse Crypters

In World of crypting and Encoding & Fud'ing You need to learn new things everyday
Let me give you an Basic Information

There are mainly two type of FUD :-
1) FUD scantime :- Bypass AV while Scanning
2) FUD Runtime :- Bypass AV file at Time of Execution


In Todays Demo there are three Steps
Lets Begin ;)

1. Making an Windows Platform Keylogger/RAT/ Botnet or Malware :P
Tools like Darkcommet, Prorat , Istealer, cybergate etc will help you.. This tutorial is mainly for FUDing so lets skip this part :))

2. Crypt it with some good free crypter like : Amuse Crypter

Sometime ,sandboxie restrict it.You may run without sandboxie,the best way 

(make sure you have system restore such as deepfreeze)

By here now, Your Malware is simply crypted, it wont be FUD so as last step will do the needful.

Download : AmuseCrypter

3. Refud by some Good Re-FUDing tool : CliSecure

Download Clisecure

:Video Tutorial:

AFTER REFUD: Results

Report Date: 07.07.2012 07:07:31
Link To Scan: http://elementscanner.com//?RE=48eba8d1a81a6b19250781fa26af4215
File Name: vv.Exe
File Size: 5574144 bytes
MD5 Hash: 239da3678465ef76efe70a7beb1a4743
SHA1 Hash: e41d94cf7d83f83073ee8f319cb99634c8dcd85b
Status: Infected
Total Results: 1/35 
AVG Free - Clean
ArcaVir - Clean
Avast 5 - Clean
AntiVir (Avira) - TR/Dropper.Gen
BitDefender - Clean
VirusBuster Internet Security - Clean
Clam Antivirus - Clean
COMODO Internet Security - Clean
Dr.Web - Clean
eTrust-Vet - Clean
F-PROT Antivirus - Clean
F-Secure Internet Security - Clean
G Data - Clean
IKARUS Security - Clean
Kaspersky Antivirus - Clean
McAfee - Clean
MS Security Essentials - Clean
ESET NOD32 - Clean
Norman - Clean
Norton Antivirus - Clean
Panda Security - Clean
A-Squared - Clean
Quick Heal Antivirus - Clean
Rising Antivirus - Clean
Solo Antivirus - Clean
Sophos - Clean
Trend Micro Internet Security - Clean
VBA32 Antivirus - Clean
Vexira Antivirus - Clean
Zoner AntiVirus - Clean
Ad-Aware - Clean
BullGuard - Clean
Immunet Antivirus - Clean
K7 Ultimate - Clean
VIPRE - Clean

AFTER REFUD

Report Date: 07.07.2012 07:07:31
Link To Scan: http://elementscanner.com//?RE=48eba8d1a81a6b19250781fa26af4215
File Name: vv.Exe
File Size: 5574144 bytes
MD5 Hash: 239da3678465ef76efe70a7beb1a4743
SHA1 Hash: e41d94cf7d83f83073ee8f319cb99634c8dcd85b
Status: Infected
Total Results: 1/35 
AVG Free - Clean
ArcaVir - Clean
Avast 5 - Clean
AntiVir (Avira) - TR/Dropper.Gen
BitDefender - Clean
VirusBuster Internet Security - Clean
Clam Antivirus - Clean
COMODO Internet Security - Clean
Dr.Web - Clean
eTrust-Vet - Clean
F-PROT Antivirus - Clean
F-Secure Internet Security - Clean
G Data - Clean
IKARUS Security - Clean
Kaspersky Antivirus - Clean
McAfee - Clean
MS Security Essentials - Clean
ESET NOD32 - Clean
Norman - Clean
Norton Antivirus - Clean
Panda Security - Clean
A-Squared - Clean
Quick Heal Antivirus - Clean
Rising Antivirus - Clean
Solo Antivirus - Clean
Sophos - Clean
Trend Micro Internet Security - Clean
VBA32 Antivirus - Clean
Vexira Antivirus - Clean
Zoner AntiVirus - Clean
Ad-Aware - Clean
BullGuard - Clean
Immunet Antivirus - Clean
K7 Ultimate - Clean
VIPRE - Clean

Computer Virus Classified

 No matter how careful you might be, chances are, at one time or another, you will find your computer infected with a virus. If you are a frequent Internet user and you often download videos, music and other files from online, the chances of you picking up a trojan, worm, or other virus are almost assured. Thankfully, there are many great virus protection programs  but that doesn’t mean you shouldn’t have an idea of some of the common computer viruses that are currently going around.

1. Encrypted Viruses – The encrypted virus is probably the most difficult kind of bug to detect and the most difficult to stop. You may accidentally have downloaded one of these bugs and before you know it, your entire computer can be infected. Many top virus protection programs miss encrypted viruses because these bugs use a different form of encryption every time. When the bug wants to run wild, it decrypts itself. In most cases, your virus protection can then identify it and stop it.

2. Secret Viruses – These types of viruses will make changes to files on your computer, or completely replace files, but then try to trick your computer and your anti virus program into thinking that the originals are being used. Most advanced virus protection programs can stop these common computer viruses dead in their tracks.

3. Time Delay Viruses – These types of viruses take a much slower, more disciplined path towards ruining your computer. Instead of instantly trying to take over your computer the moment you download them, they will wait and slowly infect files bit by bit. You may not have been online for days but then suddenly find yourself with an infection. These common computer viruses are the reason why you should run your virus protection every few days, just in case.

4. The Anti-Virus Virus – Believe it or not, there are viruses out there that do nothing more than attack your pre-installed anti virus program in hopes of disabling it so other viruses can then be downloaded. This is why many people have a virus protection program as well as a separate anti-spyware or anti-malware program on their computer.

5. The Multi-Headed Virus – This is one of the most nefarious bugs on the whole Internet. Not only are there parts of this virus that will attach themselves to .exe files on your computer, but it will also affect your computer’s start up so that you begin running the virus every time you turn your computer on automatically.

6. The Misdirection Virus – This type of virus is downright scary. It has a built in subprogram that is made to give false readings to your virus protection software. You think you have a bug in one directory, when, in fact, the virus is busy harming your computer in a whole other area.



7. A Cloning Virus – The cloning virus is an old fashioned type of bug. When you download it, it will quickly create duplicates for .exe files you have on your computer, hoping that you’ll click on it when you really mean to click on a healthy program you already have.

8. The Author Virus – When you download a virus, it usually attaches itself to a program and then runs when you run that program. The Author Virus, on the other hand, finds an .exe file and actually deletes and rewrites code so that the program is changed. Few common computer viruses run this way since the level of virus needs to be so sophisticated.

9. The Bad Penny Virus – The very first computer virus to ever hit the Internet was a Bad Penny virus. This is a bug that automatically passes itself on to everyone on a network or on the Internet unless something stops it. This was the whole reason why firewalls were invented.

10. When most of us think of viruses, we think of PC’s running Windows software. However, there are a handful of bugs out there for the Mac.

11. Rewriting Virus – This bug made a habit out of rewriting some of your most needed files, as well as filling up your hard drive with all sorts of invisible files you couldn’t normally see.

12. The Melissa Virus – This was a bug that hit everyone, both PC users and Mac users. It would automatically email itself to other people without permission. It can be extra harmful if you use a private mail server at your place of employment. The Melissa virus has gone down in history as one of the most common computer viruses of all time.


Thanks to : www.TopChoiseReview.com

How to Disable Error Report In Window

Hey to all friends today i am going to post about how can you disable error report in windows xp and vista.

Microsoft’s Error Reporting in windows sometimes is disturbing, most of us don’t want to send that error report because it’s of no use.
There’s an easy way to disable Microsoft error report in windows.

Disable Microsoft Error report in Windows XP :

 
1) Open Control Panel (Start > Control Panel)
2) Open the Problem Reports & Solutions applet Under advanced options and disable error reporting.

Disable Microsoft Error report in Windows Vista :
1) Right click on my computer (Desktop) and click properties
2) Click the Advanced Tab
3) You’ll see a “Error reporting” button at the bottom, click it
4) Select Disable Error Reporting.

And That's It Now you’re done….!

Stay Updated, Stay Protected :))

Private and Public IP Addresses Explained

Internet Protocol addresses are usually of two types: Public and Private.

If you have ever wondered to know what is the difference between a public and a private IP address, then you are at the right place. In this post I will try to explain the difference between a public and a private IP addres in layman’s terms so that it becomes simple and easy to understand.

What are Public IP Addresses?

A public IP address is assigned to every computer that connects to the Internet where each IP is unique. Hence there cannot exist two computers with the same public IP address all over the Internet. This addressing scheme makes it possible for the computers to “find each other” online and exchange information. User has no control over the IP address (public) that is assigned to the computer. The public IP address is assigned to the computer by the Internet Service Provider as soon as the computer is connected to the Internet gateway.

A public IP address can be either static or dynamic. A static public IP address does not change and is used primarily for hosting webpages or services on the Internet. On the other hand a dynamic public IP address is chosen from a pool of available addresses and changes each time one connects to the Internet. Most Internet users will only have a dynamic IP assigned to their computer which goes off when the computer is disconnected from the Internet. Thus when it is re-connected it gets a new IP.

You can check your public IP address by visiting www.whatismyip.com

What are Private IP Addresses?

An IP address is considered private if the IP number falls within one of the IP address ranges reserved for private networks such as a Local Area Network (LAN). The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private networks (local networks):

10.0.0.0 – 10.255.255.255 (Total Addresses: 16,777,216)
172.16.0.0 – 172.31.255.255 (Total Addresses: 1,048,576)
192.168.0.0 – 192.168.255.255 (Total Addresses: 65,536)

Private IP addresses are used for numbering the computers in a private network including home, school and business LANs in airports and hotels which makes it possible for the computers in the network to communicate with each other. Say for example, if a network X consists of 10 computers each of them can be given an IP starting from 192.168.1.1 to192.168.1.10. Unlike the public IP, the administrator of the private network is free to assign an IP address of his own choice (provided the IP number falls in the private IP address range as mentioned above).

Devices with private IP addresses cannot connect directly to the Internet. Likewise, computers outside the local network cannot connect directly to a device with a private IP. It is possible to interconnect two private networks with the help of a router or a similar device that supports Network Address Translation.

If the private network is connected to the Internet (through an Internet connection via ISP) then each computer will have a private IP as well as a public IP. Private IP is used for communication within the network where as the public IP is used for communication over the Internet. Most Internet users with a DSL/ADSL connection will have both a private as well as a public IP.

You can know your private IP by typing ipconfig command in the command prompt. The number that you see against “IPV4 Address:” is your private IP which in most cases will be 192.168.1.1 or 192.168.1.2. Unlike the public IP, private IP addresses are always static in nature.

Unlike what most people assume, a private IP is neither the one which is impossible to trace (just like the private telephone number) nor the one reserved for stealth Internet usage. In reality there is no public IP address that is impossible to trace since the protocol itself is designed for transparency.

Anonymous & Portable Browser TOR

What is Tor?Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic n analysis

Why Anonymity Matters
Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location. Tor works with many of your existing applications, including web browsers, instant messaging clients, remote login, and other applications based on the TCP protocol.

How TOR works and Its Screenshot:-

Using Tor protects you against a common form of Internet surveillance known as "traffic analysis." Traffic analysis can be used to infer who is talking to whom over a public network. Knowing the source and destination of your Internet traffic allows others to track your behavior and interests. This can impact your checkbook if, for example, an e-commerce site uses price discrimination based on your country or institution of origin. It can even threaten your job and physical safety by revealing who and where you are. For example, if you're travelling abroad and you connect to your employer's computers to check or send mail, you can inadvertently reveal your national origin and professional affiliation to anyone observing the network, even if the connection is encrypted.

To download TOR Click HERE.

1. Click On Your Platform
2. Click on Download which is infront of " TOR Browser Bundle "

Thank you For Your Precious Visit.

how to create strong and secure passwords

At present we need a password or PIN for every almost every online activity and strong password is very important, as every users wants to protect their personal files, information & other data and avoid hackers from getting into their accounts.

However, not everyone can come up with a nice strong password, which is why we have compiled a list of two online tools that help users to create strong and unpredictable passwords

1. Make Password

"Make Password" is a Web application that help users to generate strong password, for Social networks, email ID etc

The PIN or Codes generated by "Make Passwords" is generated on Random basis and are not stored anywhere.

You  can select the “Password Strength” option, which displays the strength of the password generated, in a range of 0 – 100 (with above 75 are Strong).

Once the user can picked out all the options, just click “Make Password(s)” and the passwords will be displayed in "Plain text" "Web page" or in "CSV" file.

2. Password Bird

 "PassWord Bird" is an Best and Recommended Webapp for Creating secure password related with your name, your Special thing, Special Date etc :)

Just as you provide special words, names, dates etc it will instantly create an Secure Combination for you. You can select "make new one: to generate new unique password on random basis.One thing to note is that the website don't use any special symbols (! @ # $ % & * ), But it uses upper and lower case and Numbers in generating 'Secure Password'So now onwards if you want to change your password, or want to keep your data secure. Use these Webapps to create some of the most 'Secure Combinations' :)) Cheers ~~There are plenty of service like Free Password Generator. You can even use them but recommended is to use from given above.

About The Author : This post was written by Mr. Harsh Daftary

Harsh is an Ethical Hacker and Founder on Security Labs 

Cpanel Hacking/Cracking Tutorial

Today we will Learn CPANEL cracking or Hacking  i.e gaining password for port no 2082 on website first of all we need a cpanel cracking shell on the server because we are going to crack those websites cpanels which are hosted on the shelled server. 

so lets start i am using cpanel.php [download it here]shell for cracking :) we need two things in cracking first one is usernames of the websites that are hosted on the server second is a good password dictonery [Get Passwords List Here]

so

 in first step :-
 grab the usernames of the websites using command ls /var/mail
 or use the "Grab the usernames from /etc/passwd" option in the shell

press the go button
  we have done from our side
  lets wait and watch ,if we have supplied good passwords then shell will show a message 
   " [~]# cracking success with username "xyz" with password "xyz"   "
  otherwise it will show 
   "[~] Please put some good passwords to crack username "xyz" :( "

  so chances of success depends on password list that we are using in cracking process 

[GUEST POST]

How to Get Source Files from Website

How to Get Source Files from Website.
Okay, from time to time, we need to get websites source for some reason.
A very easy tutorial. so lets start



Step 1: Download Wget from HERE

And put it on the root of your operating system, most people have "C" So go there and 

make a new folder called wget. Inside only put the DOS command file.

Note: Click on Image to enlarge

Step 2: Open Command Box
In XP go to run and put CMD or command.com
In vista/7 Search for CMD and right click open as Administrator.

Step 3: In Cmd put "cd C:\wget" 

No quotes and if your main drive is not C put it as your main drive.

Post this command "wget -r -A.jpg" See how it says .jpg, you can make it the extension your trying to get. Right now it would take any file with the extension .jpg and download it. If you changed the command to your need

Step4  No certificate Check

Now after that you can space once and put the website or link/server you want to take from. 

It will check for safety and certificates

You Can Put --no-check-certificate 

to Avoide it

Step 5: Now you're set !!

Just press enter and watch the magic happen. You can use multiple wget at a same time.

Step 6:  Get Your Files

Now just go to the wget folder on C and open it. There should be a new folder of the website in there. Click on it and thats the files.

You will get all your downloded files in the same folder

Actual Working Of Code is like this :-

Code:
wget http://www.securitylabs.in

The file will be saved in /home/[user name]

NOTE: It will download just html, javascript etc... stuff like PHP won't be downloaded.

If you want to spider an entire website you can do this: