A warning.
... i didn't check to confirm this a method yet, can't guarantee it's success, for now.
This a post will be rewritten when i have time to include:
- a full confirmation / troubleshooting results,
- edits for a constructive critic i already got (a better ssh parameters & a netcat use as an alternative for the connect.c tool) & perhaps will get still,
- full working shell script that hacks,
- full working shell script that generates a dictionary that contains character combinations for a 'brute-force attack'.
- a formal 'hack' definition,
- edits for a better, more coherent style.
About article's author.
i (Andrzej Wysocki, neomahakala108@gmail.com) am an amateur hacker, but i wish to work in the Cyber Security in the EU NATO Structure, probably in a small Company or a Corporation soon - located in Warsaw, Poland. My main concern is Cyber Terrorism & it's threat to World's Peace, especially when Quantum Computers start to create the Cipher Crisis, resulting probably in Economic Crisis & other threats as well.
Introduction.
'The Onion Routing' is about encrypting message multiple times, sending message through many nodes called 'Onion Routers'.
Each of the 'Onion Nodes' removes a layer of encryption to discover information about further routing, then sends data to a next 'Router'
TOR Network dominates in the use of this a Technology.
An Anonymous SSH Hack.
In this an article i'll try to describe rarely used option of SSH ProxyCommand, that lets to specify program through which the connection can be trasmitted.
First we need to install TOR with all dependencies:
> apt-get install tor
Then we need to prepare a connect.c software piece.
To tunnel SSH Connection we issue a command:
> ssh -o ProxyCommand="/home/nm108/connect -S localhost:9050 %h %p" 108.108.84.84 -p 22
... where /home/nm108/connect is a path to compiled 'connect.c' software piece, localhost:9050 is an address to our TOR server (port 9050 is a standard port for TOR server), and 108.108.84.84 is and IP addres of a server to which we wish to connect through SSH protocol; -p parameter is optional (if ssh works on port 22, it's not neccessary).
We can use sshpass software piece as well.
> sshpass -p '<password>' <ssh/scp command>
Then we can use a script that tries connecting in a loop, performing a 'Dictionary SSH Hack'.
A dictionary can also be 'brutal' - can use brute force character combinations as a part of it's contents.
This has uses in a 'firewall-bypassing hacks'.
Feedbacks to include so far:
'You probably want to pass the following
VerifyHostKeyDNS=no
Don't attempt to do lookups of the host's key fingerprint - those queries
will go out over your local connection
CheckHostIP=no
Don't do a DNS lookup of the host, the Tor exit node's going to do that
anyway, and again, the queries will be observable by your ISP
PubkeyAuthentication=no
Don't present any public keys which you might have configured the SSH
client to look for. They can be logged at the remote end
Instead of running connect, you can also use Netcat to pass traffic to Tor
ProxyCommand="nc -X 5 -x localhost:9050 %h %p"'
... also:
'> > CheckHostIP=no
> >
> > Don't do a DNS lookup of the host, the Tor exit node's going to do that
> > anyway, and again, the queries will be observable by your ISP
>
> I'm thinking that the use of ProxyCommand makes that redundant?
>
Yes, On a second look, I think you're probably right.'
Showing posts with label hack. Show all posts
Showing posts with label hack. Show all posts
Monday, September 12, 2016
Sunday, December 27, 2015
Dictionary SSH Hack.
Disclaimer.
this is technologically advanced article about hacking SSH password by writing SSH Client using Java Library for this.
to understand this article, one has to know a little about programming (preferably in Java), & a little about SSH.
Dangers.
this method can be used to obtain root password of vulnerable systems, thus taking over computers.
... process of obtaining root password & installing a rootkit can be automated as well.
potential vulnerable systems can be found using a web crawler software that scans for open ports, like nmap does, looking for port 22.
not every ssh server allows for root login, but there's still the danger of escalating access privileges with other hacks.
not every ssh server runs on port 22 as well.
C0de.
C0de.
(click to enlarge image).
... this time i did dictionary attack on SSH password.
... c0de is available for download here.
(it requires Jsch library & it's dependencies).
As another way, a standard SSH client can be used ... with a script that performs many hack attempts in a loop, by executing ssh client many times.
Why ip address spoofing does not work with SSH hacks?
... because SSH service requires two-way communication.
Client sends requests, and awaits responses from the server.
Without 'knowing' the source IP address, response can't be sent to a proper computer (ssh client).
It's possible however to attack from a 'proxy' server, or from a different machine with different IP address controlled by a hacker, to bypass IP block or to misdirect.
TOR Anonymity for a SSH Hack.
it's still possible to perform an 'Anonymous SSH Hack' using 'The Onion Router' for example.
Saturday, December 26, 2015
Dictionary Webapp Hack.
Disclaimer.
this is technologically advanced article about hacking 'the Internet Applications' & other Tools.
to understand this article, one has to know a little about programming (preferably in Java), a little about web applications, & a little about HTTP Protocol.
HTTP Request analysis.
i've used Google Chrome's tool called 'HTTP Trace' to look at HTTP Request sent to a sample webapp i was running at my computer.
i've looked at a failed login attempt.
Failed Login Data.
(click on image to enlarge it).
C0de.
then i've downloaded Apache's HTTP Client Library & wrote a little of the code that 'forged' HTTP Requests & tried to login into an app in a loop.
i've looked at results of both failed & succesful login attempts, then came up with a final version of the code as follows:
C0de for a Hack.
(click on image to enlarge it).
it doesn't matter much that a succesful login attempt is with 'bad request' status, we've got the information that the password is correct still.
... presented code is very simple & can be refined in many ways ... but this all would only obscure the main idea that a program can be used to perform a Dictionary or Brute Force attacks on a webapp.
C0de without a 'Bad Request'.
... slightly refined code, without 'Bad Request' status message is available on a screenshot below & can be downloaded here as well.
C0de, slightly refined.
(click on image to enlarge it).
i've 'printed' first server hit (HTTP GET Request) on monitor screen, analyzed it, noticed the 'jsessionid' part & formed code that extracted it.
... a proper use of HTTP POST parameters, including 'jsessionid' was the key for overcoming 'Bad Request' problem & message as well.
then i've did part of the code responsible for extracting & comparing page's title to determine if we succesfully logged in or not.
... further c0de refinements could include loading passwords dictionary from a file, or generating it somehow & an option of performing more or less refined brute force attacks.
Security Measures.
how to protect against attacks as these?
... with captcha & account locking functionality, but this opens webapp to 'Account Lockout' vulnerability - any user might be prevented from logging in to app.
Other Considerations.
this is brutus / hydra software equivalent (hacks done more or less manually instead of using someone's complete tools).
this method can be used to hack tomcat webapp server's password, web services, routers, ssh, ... & other tools.
just download client library for a given service or app & write code that attacks passwords via the given protocol.
captcha won't protect all the time, but delays after failed login as well as use of strong passwords that change with time should.
this is technologically advanced article about hacking 'the Internet Applications' & other Tools.
to understand this article, one has to know a little about programming (preferably in Java), a little about web applications, & a little about HTTP Protocol.
HTTP Request analysis.
i've used Google Chrome's tool called 'HTTP Trace' to look at HTTP Request sent to a sample webapp i was running at my computer.
i've looked at a failed login attempt.
Failed Login Data.
(click on image to enlarge it).
C0de.
then i've downloaded Apache's HTTP Client Library & wrote a little of the code that 'forged' HTTP Requests & tried to login into an app in a loop.
i've looked at results of both failed & succesful login attempts, then came up with a final version of the code as follows:
C0de for a Hack.
(click on image to enlarge it).
it doesn't matter much that a succesful login attempt is with 'bad request' status, we've got the information that the password is correct still.
... presented code is very simple & can be refined in many ways ... but this all would only obscure the main idea that a program can be used to perform a Dictionary or Brute Force attacks on a webapp.
C0de without a 'Bad Request'.
... slightly refined code, without 'Bad Request' status message is available on a screenshot below & can be downloaded here as well.
C0de, slightly refined.
(click on image to enlarge it).
i've 'printed' first server hit (HTTP GET Request) on monitor screen, analyzed it, noticed the 'jsessionid' part & formed code that extracted it.
... a proper use of HTTP POST parameters, including 'jsessionid' was the key for overcoming 'Bad Request' problem & message as well.
then i've did part of the code responsible for extracting & comparing page's title to determine if we succesfully logged in or not.
... further c0de refinements could include loading passwords dictionary from a file, or generating it somehow & an option of performing more or less refined brute force attacks.
Security Measures.
how to protect against attacks as these?
... with captcha & account locking functionality, but this opens webapp to 'Account Lockout' vulnerability - any user might be prevented from logging in to app.
Other Considerations.
this is brutus / hydra software equivalent (hacks done more or less manually instead of using someone's complete tools).
this method can be used to hack tomcat webapp server's password, web services, routers, ssh, ... & other tools.
just download client library for a given service or app & write code that attacks passwords via the given protocol.
captcha won't protect all the time, but delays after failed login as well as use of strong passwords that change with time should.
Tuesday, November 24, 2015
Denial of Service Hack.
Introduction: Infrastructure.
Web Pages & the Internet Applications are services generated by the Hardware-Software infrastructure.
There's a Computer connected to the Internet, that runs a web page server or an application server software, client browsers connect to it.
Hardware-software infrastructure 'serves' or in other words: 'sends' pages to users, where these are displayed in browser windows or tabs.
That's how users communicate with application in the other parts of the Internet.
What if there are too many users for an hardware-software infrastructure to handle the service efficiently ?
There are delays in a service, or even an application crash can occur disabling the service for longer.
In practice it's rare for an application service provider to face too many users challenge, more often delays & crashes are because of an attack, a Denial of Service Hack.
A Web Application Service.
A Web Application Server Software with a Sample Application it runs.
A Web Application Software in itself is not enough, there must be application that it can run,
That is ... a Web App Server + a Web Application + Computer Hardware & the Internet: it's what's needed to run a Internet Application Service.
Denial of Service Hack.
Let's examine a common attack route on the Internet Application, a Denial of Service Hack.
Tor's Hammer & it's usage.
(click on image to enlarge it).
TOR (The Onion Router) is a software tool that increases users' anonymity in the internet.
TOR's Hammer is a software script (a program) that attacks the software parts of the Internet Application Service, by creating a very many of the Internet Connections at once, delaying or preventing connections with legitimate users of the Internet Application Service.
TOR's Hammer can work with or without TOR infrastructure, with increased anonymity or without that an advantage.
... waiting,
... forever ?
an Internet Application Service during a DoS attack.
IP address spoofing.
Every IP datagram sent in the Internet contains a source and destination IP address in its header. The source is the original sender of the datagram and the destination is the intended recipient. So, ignoring the role of NAT, when your computer contacts a server on the Internet, that server knows your IP address as it is included in the source field of the IP datagram. In some cases you may want to change the source IP address included in the IP datagram (without changing your actual computer IP address). For example, this can be useful for network testing and diagnostics, security penetration testing and performing security attacks (for learning purposes only, of course). Setting the IP source address of datagrams to be a fake address is called address spoofing. In Linux it is very easy to do using iptables.
Address spoofing can be performed with a single command using iptables.
For example, to change the source address included in IP datagrams that one's computer sends to 1.1.1.1, one can use a following command:
$ sudo iptables -t nat -A POSTROUTING -j SNAT --to-source 1.1.1.1
Source: Address Spoofing with iptables in Linux.
(i've not tested this part of this hack as of yet).
Web Pages & the Internet Applications are services generated by the Hardware-Software infrastructure.
There's a Computer connected to the Internet, that runs a web page server or an application server software, client browsers connect to it.
Hardware-software infrastructure 'serves' or in other words: 'sends' pages to users, where these are displayed in browser windows or tabs.
That's how users communicate with application in the other parts of the Internet.
What if there are too many users for an hardware-software infrastructure to handle the service efficiently ?
There are delays in a service, or even an application crash can occur disabling the service for longer.
In practice it's rare for an application service provider to face too many users challenge, more often delays & crashes are because of an attack, a Denial of Service Hack.
A Web Application Service.
A Web Application Server Software with a Sample Application it runs.
A Web Application Software in itself is not enough, there must be application that it can run,
That is ... a Web App Server + a Web Application + Computer Hardware & the Internet: it's what's needed to run a Internet Application Service.
Denial of Service Hack.
Let's examine a common attack route on the Internet Application, a Denial of Service Hack.
 |
 |
Tor's Hammer & it's usage.
(click on image to enlarge it).
TOR (The Onion Router) is a software tool that increases users' anonymity in the internet.
TOR's Hammer is a software script (a program) that attacks the software parts of the Internet Application Service, by creating a very many of the Internet Connections at once, delaying or preventing connections with legitimate users of the Internet Application Service.
TOR's Hammer can work with or without TOR infrastructure, with increased anonymity or without that an advantage.
... waiting,
... forever ?
an Internet Application Service during a DoS attack.
IP address spoofing.
Every IP datagram sent in the Internet contains a source and destination IP address in its header. The source is the original sender of the datagram and the destination is the intended recipient. So, ignoring the role of NAT, when your computer contacts a server on the Internet, that server knows your IP address as it is included in the source field of the IP datagram. In some cases you may want to change the source IP address included in the IP datagram (without changing your actual computer IP address). For example, this can be useful for network testing and diagnostics, security penetration testing and performing security attacks (for learning purposes only, of course). Setting the IP source address of datagrams to be a fake address is called address spoofing. In Linux it is very easy to do using iptables.
Address spoofing can be performed with a single command using iptables.
For example, to change the source address included in IP datagrams that one's computer sends to 1.1.1.1, one can use a following command:
$ sudo iptables -t nat -A POSTROUTING -j SNAT --to-source 1.1.1.1
Source: Address Spoofing with iptables in Linux.
(i've not tested this part of this hack as of yet).
Thursday, November 19, 2015
The Ghost Hack.
The 'Ghost in the Shell' film,
The 'Ghost Hack / Puppet Master' scene.
... 'the Ghost Hack', is it possible with the Modern Science ?
... perhaps it is, for an Electromagnetic Field of the Brain & other parts of the Human Nervous System can interact with other Electromagnetic Fields, affecting each other.
in 'Mage: the Ascension' terms, this would be:
- Correspondence Sphere - for affecting Energy at a Distance,
- Mind Sphere - For affecting Mind via Electromagnetic Energy through Brain & Nervous System,
- Forces Sphere - for Electromagnetism,
- Life Sphere - for exact information about Neuroscience of the Human Brain & Nervous System.
is it possible to move a program into Cyborg's Body?
i think it is, for object can be loaded into computer memory, executed there without restarting whole application.
i read articles about 'the Mind / Machine Interface', of interactions between machine & human brain.
... a computer program however could be cloned, copied instead of being moved, i think.
see also, if You wish or need, ... : Hackers could get inside your BRAIN: Experts warn of growing threat from monitoring and controlling neural signals.
Monday, February 16, 2015
2nd kyu a hack.
i think i did advance to 2nd kyu rank in hacking.
---
Simplest form of hack that takes over computer would include:
- nmap port scanning,
- service protocols understanding (HTTP, SMTP, ...),
- brute force / dictionary / similar attacks on username/password combination (via protocol),
- buffer overflow attack or similar,
- it can be done wirelessly after penetrating network that is easy to do, from technical point of view (there can be authentication of a client using access point, more or less advanced).
----
in Karate rank system i'd give myself about 4th dan in programming & about 2nd kyu in hacking, currently.
in many Martial Arts, 2nd kyu belt is Brown as Earth. Brown belts are practical, can beat quite a opponent, but to Mastery there's long way still.
1st dan is a famous Black Belt, True Mastery of Basics... for there are higher levels of Mastery, up to 10th Dan.
my ambitions in programming, hacking & writing secure applications are highest as possible.
this does not exclude nanotechnology highest ambitions.
to advance to 1st kyu in hacking, i need to:
- Read SSL & TLS book of Eric Rescorla,
- Understand at least most basic of service communication protocols (there are few, including HTTP & SMTP).
i am thinking so far about Telnet, HTTP, SMTP, IRC, Kerberos, SMB, Facebook, Google Plus, deviantART, Skype, LinkedIn, BitTorrent, Pinterest, perhaps more.
more advanced protocols often, if not always, consist of simpler protocols such as FTP or Telnet, i think.
to advance to 1st dan in hacking i need much more, including many scripts/programs made by myself, but also
'a proper combat practice'.
----
i'll try to reach 1st kyu in hacking in next 2 years.
SSL/TLS plus as many of protocols & as deeply as i can, rest can be finished later.
then i'll try to reach 1st dan in hacking in 4 years after, totally in about 6 years from now - at beginning of year 2021.
---
Simplest form of hack that takes over computer would include:
- nmap port scanning,
- service protocols understanding (HTTP, SMTP, ...),
- brute force / dictionary / similar attacks on username/password combination (via protocol),
- buffer overflow attack or similar,
- it can be done wirelessly after penetrating network that is easy to do, from technical point of view (there can be authentication of a client using access point, more or less advanced).
----
in Karate rank system i'd give myself about 4th dan in programming & about 2nd kyu in hacking, currently.
in many Martial Arts, 2nd kyu belt is Brown as Earth. Brown belts are practical, can beat quite a opponent, but to Mastery there's long way still.
1st dan is a famous Black Belt, True Mastery of Basics... for there are higher levels of Mastery, up to 10th Dan.
my ambitions in programming, hacking & writing secure applications are highest as possible.
this does not exclude nanotechnology highest ambitions.
to advance to 1st kyu in hacking, i need to:
- Read SSL & TLS book of Eric Rescorla,
- Understand at least most basic of service communication protocols (there are few, including HTTP & SMTP).
i am thinking so far about Telnet, HTTP, SMTP, IRC, Kerberos, SMB, Facebook, Google Plus, deviantART, Skype, LinkedIn, BitTorrent, Pinterest, perhaps more.
more advanced protocols often, if not always, consist of simpler protocols such as FTP or Telnet, i think.
to advance to 1st dan in hacking i need much more, including many scripts/programs made by myself, but also
'a proper combat practice'.
----
i'll try to reach 1st kyu in hacking in next 2 years.
SSL/TLS plus as many of protocols & as deeply as i can, rest can be finished later.
then i'll try to reach 1st dan in hacking in 4 years after, totally in about 6 years from now - at beginning of year 2021.
Subscribe to:
Posts (Atom)