How To Protect Your Webserver From Getting Hacked?

It has been a while since I haven't posted on RHA, that's because I was extremely busy with my university stuff and had absolutely no time for blogging, However today I finally managed to get some time for posting on RHA, In my previous article related to webserver security section I told you some ways which hackers can use to compromise your webserver, However in this article I will tell you how to protect your webserver from getting hacked or being compromised.

Well there are variety of methods you can implement to protect your webserver, but  I will not be covering all of those method because it will take alot of timeexplaining the concepts.


<span class="fullpost">WebApplication Security 

Most of the webservers get compromised due to the vulnerability in their webapplication, some of the most common existing webapplication vulnerabilities are SQL Injection, Cross site scripting, Local file inclusion etc, These vulnerabilities usually due to improper or poor coding of web applications.

How do I find if these types of vulnerabilities really exist in my webapplications?

Well unless you are a penetration tester or have proper information related to these types of vulnerabilities, it is really difficult for you to find these types of vulnerabilities, A better option is to use a vulnerability scanner like Nessus or Acunetix.

Read More About finding a vulnerability in your website - How To Find A Vulnerable Website?

SSL(Secure Socket Layer)

SSL is not really necessary until you are running an ecommerce website or a website where you want the communication to be secure, If you are wondering what is SSL(Secure Socket Layer), Kindly read my article on What is SSL(Secure Socket Layer)

Password Cracking Attacks

As I told you in my previous article that some of the popular password cracking methods include:

1. Brute Force Attacks

2. Dictionary Attacks

3. Rainbow Tables 

Here is a simple tip on how you can avoid these types of attacks - Keep Strong passwords, Now what do I mean by a strong password, read my post on How to create a strong password 

Use Of Firewalls

Firewalls are usually designed from stopping attackers from evading a website, A firewall is basically a gateway used to allow or deny access, but are firewalls enough to protect your webserver?
The answer is "no", The administrator need to open ports like 80, 21, 25 etc to allow the firewall to give the users access to services like website, email, ftp etc, which leaves these services vulnerable to attackers.

What if some one sends a virus attached with an email through a mail server behind a firewall, The firewall will not be able to block these types of attacks, Hopefully I will explain this stuff related tofirewall security in my upcoming articles.


Update Your Webserver Regularly

Vulnerabilities are created and pathed every day, so you need to make sure that you update your webserver and install latest patches and fixes.

Intrusion Detection System

An intrusion detection system (IDS) is used to monitor the entire network, it detects intruders; that is, unexpected, unwanted or unauthorized people or programs on network, If you want to know more about Intrusion detection system kindly read the following post, It will give you a better understanding of IDS

• An Overview Of Intrusion Detection System

Certainly these methods aren't enough too for a total security, however I will continue the series ofarticles related to webserver security, Moreover I have also finished writing my newset book "An Introduction To Keyloggers, RATS And Malware" which I will be releasing very soon and the best part is that it will be free for all.

What methods do you use to secure your webserver?</span>

Read more...

How to Trace Mobile Numbers

With the rapid growth of mobile phone usage in recent years, we have often observed that the mobile phone has become a part of many illegal and criminal activities. So in most cases, tracing the mobile number becomes a vital part of the investigation process. Also sometimes we just want to trace a mobile number for reasons like annoying prank calls, blackmails, unknown number in a missed call list or similar.

Even though it is not possible to trace the number back to the caller, it is possible to trace it to the location of the caller and also find the network operator. Just have a look at this page on tracing Indian mobile numbers from Wikipedia. Using the information provided on this page, it is possible to certainly trace any mobile number from India and find out the location (state/city) and network operator (mobile operator) of the caller. All you need for this is only the first 4-digit of the mobile number. In this Wiki page you will find all the mobile number series listed in a nice tabular column where they are categorized based on mobile operator and the zone (state/city). This Wiki page is updated regularly so as to provide up-to-date information on newly added mobile number series and operators. I have used this page many a time and have never been disappointed.

If you would like to use a simpler interface where in you can just enter the target mobile number and trace the desired details, you can try this link from Numbering Plans. Using this link, you can trace any number in the world.

By using the information in this article, you can only know “where” the call is from and not “who” the caller is. Only the mobile operator is able to tell you ”who” the caller is. So if you’re in an emergency and need to find out the actual person behind the call, I would recommend that you file a complaint and take the help of police. I hope this information has helped you!

Read more...

Learn to Crack any version of WinRAR – An Introduction to cracking

Hi folks,its been a long time since I have posted some thing technical,so I will be writing about the challenge I got at NIT KU, where I cracked WinRAR 3.80 using a disassembler and will tell you the same here. You can crack any version of WinRAR using this method and need not to pay for the registration fee and you can do this all by your self,easily. Furthermore, major software are cracked using the same way,but just get a bit complex in the methodology. This tutorial is intended for those who are new to cracking and disassembling.

Disclaimer – By Reading this tutorial You agree that this tutorial is intended for educational purposes only and the author can not be held liable for any kind of damages done whatsoever to your machine, or damages caused by some other,creative application of this tutorial.
In any case you disagree with the above statement,stop here.

The Tools
To perform this hack you will be needing -

1. Any De-assembler (I use Hackers Disassembler and Hview )
2. Resource Hacker
3. A patch Creator ( Use Universal Patch Creator or Code fusion)

You will be able to get them by googling ..

How to Crack ?
You need to have a bit knowledge of assembly language,and in case you don't have it,just cram the steps and it will work anytime,every time. Download the latest version of WinRAR from their website and install it.
I will be cracking Winrar 3.80 here (cuz I already have it:P ). This is basically a 2 step process ( 4 step ,if you want to do things with a professional touch,period) .

Now copy the WinRAR.exe file to desktop. Make a copy of it there.

Step 1 – Hunting for Memory Address
Now load Hackers Disasembler and load the copy in it.



The Disassembler will disassemble the executable in assembly code. Now you need to search for strings that are used in WinRAR program. Press Ctrl + F and type “evaluation” without quotes and search in the assembly code. Hit enter..



After you have reached this block of code by searching, just look at the block of code above it. There you will find that some assembly values are being compared and then code is jumped to some other function. Now see carefully, the “evaluation copy” function must be invoked after some specific condition is met. We need to look for it at the code and the make certain changes to the condition so that the program doesn't checks for the condition.


In the above code you can see this code -

00444B6A: 803DF4B84B0000 cmp byte ptr [004BB8F4], 00
00444B71: 0F859B000000 JNE 00444C12

This is the code responsible for validating you as a legal user :) . Just note down the memory address that leads to jump (JNE) at some memory location. In this case, note down 00444B71 .
Note : For any WinRAR version, this code and memory address might be different,but the JNE will be same. Just note down the respective memory address that checks.
Now you need to search for the code that brings that ugly nag screen “Please purchase WinRAR license” after your trial period of 40 days is over. For this,look over your toolbar and click on “D” which stands for looking for Dialog references.


Now in the dialog box that opens,search for “please” and you will get the reference as -

ID-REMINDER, “Please purchase WinRAR license”

Double click on it and you will reach the subsequent code.


The code will be something like

* String: “REMINDER”
0048731A: 68EB5E4B00 push 004B5EEB

Just note the memory address that invokes the REMINDER dialog. In this case its0048731A. Note it down.
Note : For any WinRAR version, this code and memory address might be different.But the Reminder Memory address code will always PUSH something. Just note down the respective memory address that PUSH ‘s.


Step 2 – Fixing and Patching
Now in this step we will be patching up values of memory addresses we noted earlier. I will be doing this using HVIEW.
Now load the copy you disassembled in Hacker’s Disassembler in Hview.



After you have loaded it, you will see the code is unreadable. Its just like opening an EXE file in notepad. You need to decode it. To do that, just press F4 and yoiu will get an option to decode it. Hit DECODE and you will be able to see code in the form of assembly code and memory addresses.



After you have done that, you need to search for memory addresses you noted down earlier. Just hit F5 and a search box will be there. Now you need to enter the memory address. To do that, enter a “.” and the type memory address neglecting the earlier “00” . The “.” will suffice for “00”. ie -

Type .444B71 in place of 00444B71

and search in the code.



After you have reached the respective code, you need to make changes to it. Press F3 and you will be able to edit the code.Now make the following changes -



After you have done it, save it by pressing F9.
Now search for next memory location by pressing F5 and entering it. Reach there and make the following changes by pressing F3 -



Save the changes by pressing F9 and exit HVIEW by pressing F10.
Congrats..You have cracked WinRAR :) Replace the original WinRAR.exe with this copyofwinrar.exe by renaming it. It will work 100% fine :P

Step 3 – Spicing up the EXE
Now U have a 100% working version of EXE, you might want to change your registration information in WinRAR. TO do this, you can use Resource hacker.



Launch Resource Hacker, load the copyofwinrar.exe in it



Now go to DIALOG –> Expand tree –> ABOUTRARDLG and click it. Now Find Trial copy line and replace it with your favorite one :P



and click on Compile Script button.



Now save the file with any name on your desktop or any location what so ever.



Now you have a fully patched WinRAR.exe file :)) you can either use it, or also can distribute it like a real cracker. If you want to learn that, move on to next step.

Step 4 – Creating a working Patch (or giving Professional touch :P )
I will be using diablo2oo2's Universal Patcher (UPE) for creating the patch. The patch will work like any authentic one for that WinRAR version. Just like the one U downloaded at anytime of your life from any Crack and Keygen website.
Launch Patch Creator and click on add new project. Enter project Information and click on save.



Click on Add – ; Offset patch




After you have done that, double click on offset patch and then

1. Give path of original winrar.exe
2. Give path of unmodified Winrar.exe (again)
3. Give path for fully patched Winrar.exe (ie Cracked Winrar.exe in this case)
4. Click on compare and it will show difference between both files
5. Click on save.

Now in the next window, click on Create Patch and save it. The Patch will be created. Now copy it in WinRAR installation directory and hit on patch, it WILL work.



Congrats you have created a patch of your own and have learned to crack WinRAR :)



You can crack other software in the same way…just practice,debug and disassemble and you will get the way :)

[PS: The above is the long way to do it, I will be telling you the shortest way to crack WinRAR in just 1 step, the main aim of this tutorial was to introduce you to disassemblers and tools, and do some dirty work with your hand. ]

Read more...

Hack administrator from Guest account.

Ever wanted to hack your college pc with guest account/student account so that you candownload with full speed there ? or just wanted to hack your friend’s pc to make him gawk when you tell your success story ofhacking ? well,there is a great way of hacking an administratoraccount from a guest account by which you can reset the  administrator password and getting all the privilages an administrator enjoys on windows..Interested ? read on…

Concept

Press shift key 5 times and the sticky key dialog shows up.This works even at the logon screen. But If we replace the sethc.exe which is responsible for the sticky key dialog,with cmd.exe, and then call sethc.exe by pressing shift key 5 times at logon screen,we will get a command prompt with administrator privilages because no user has logged on. From there we can hack the administrator password,even from a guest account.

Prerequisites

Guest account with write access to system 32.

Here is how to do that -

• Go to C:/windows/system32
• Copy cmd.exe and paste it on desktop
• rename cmd.exe to sethc.exe
• Copy the new sethc.exe to system 32,when windows asks for overwriting the file,then click yes.

• Now Log out from your guest account and at the user select window,press shift key 5 times.
• Instead of Sticky Key confirmation dialog,command prompt with full administratorprivileges will open.

• Now type “ NET USER ADMINISTRATOR aaa” where “aaa” can be any password you like and press enter.
• You will see “ The Command completed successfully” and then exit the command prompt and login into administrator with your new password.
• Congrats You have hacked admin from guest account.

Further..

Also, you can further create a new user at the command prompt by typing “NET USER XERO /ADD” where “XERO” is the username you would like to add with administratorprivileges. Then hide your newly created admin account by -

Go to registry editor and navigate to this key

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]

Here create a new DWORD value, write its name as the “user name” that u created for your admin account and live with your admin account forever :)

I hope that was informative..

Read more...