Monday, 30 January 2017

Linux Distro - Introduction


Before we start installaton of Linux, we must choose from its different distributions available according to our requirement. So, here I am going to tell you about Linux Distributions.

If you’ve heard anything at all about Linux, you’ve probably heard of Linux distributions – often shortened to “Linux distros.” When deciding to use Linux – on a desktop computer or server – you’ll first need to choose a distro.
For many people, Ubuntu has become synonymous with Linux. But Ubuntu is one of many distros (and not the Linux itself), and you have a lot of choice when it comes to Linux.

What Is a Linux Distro?

A Linux distribution (often abbreviated as distro) is an operating system made from a software collection, which is based upon the Linux kernel and, often, a package management system. Linux users usually obtain their operating system by downloading one of the Linux distributions, which are available for a wide variety of systems.

Linux isn’t like Windows or Mac OS X. Microsoft combines all the bits of Windows internally to produce each new release of Windows and distributes it as a single package. If you want Windows, you’ll need to choose one of the versions Microsoft is offering.

Linux works differently. The Linux operating system isn’t produced by a single organization. Different organizations and people work on different parts. There’s the Linux kernel (the core of the operating system), the GNU shell utilities (the terminal interface and many of the commands you use), the X server (which produces a graphical desktop), the desktop environment (which runs on the X server to provide a graphical desktop), and more. System services, graphical programs, terminal commands – many are developed independently from another. They’re all open-source software distributed in source code form.

If you wanted to, you could grab the source code for the Linux kernel, GNU shell utilities, Xorg X server, and every other program on a Linux system, assembling it all yourself. However, compiling the software would take a lot of time – not to mention the work involved with making all the different programs work properly together.

Linux distributions do the hard work for you, taking all the code from the open-source projects and compiling it for you, combining it into a single operating system you can boot up and install. They also make choices for you, such as choosing the default desktop environment, browser, and other software. Most distributions add their own finishing touches, such as themes and custom software – the Unity desktop environment Ubuntu provides, for example.

When you want to install new software or update to new versions of software with important security updates, your Linux distribution provides them in precompiled, packaged form. These packages are fast and easy to install, saving you from doing the hard work yourself.

In short, Linux Distro is an OS made by combination of group of packages. These packages are not system softwares but are used for a specific purpose. In windows, we have a single package which does all the work but as Linux is developed by different organisations, it is compromised of different packages installed according to the purpose of the developer. Here, they take the source code of a package and complie it, get it installed on the system. A Linux Distro is an OS and every distribution differs from other by the set of packages available and its purpose.

Best uses of Linux (Even when your personal computer runs Windows)


Even if you are a Mac or Windows user, knowing how to install and use Linux is very important to you. Here, you will find out the uses of Linux. Installing it will be taught in my upcoming articles.

Troubleshooting other computers :

You don't even need to install Linux on your machine to make it useful. We can run Linux live i.e. without installing it via a Linux CD or USB drive. This makes Linux important in troubleshooting our PC. In cases like, we forgot our password, we can run Linux live to get access to files on the disk. It is because, login passwords are applied to OS but when the OS changes (though temporarily), the password doesn't bother. Also, you can use Linux to recover the files that you deleted by mistake.

Host a Website or Webapp :

Have you ever wondered the number of websites you visit daily!..Let it be cloud storage site like Dropbox or Google Drive. You can also host your own website on Linux. Also you can convert your PC to a cloud storage that can be accessed from anywhere. Its the most reliable to put your important data on your PC rather than to put them on other hands like Dropbox or Drive.
 

Automate everything in your home

With a little Linux knowledge and a cheap computer—like the Raspberry Pi—you can create all sorts of tiny home automation gadgets. You can control your home with Siri, mount a Google Calendar tablet on your wall, set up a home surveillance system, control your blinds and air conditioner, stream music in your living room, build a digital photo frame, build a sunrise alarm clock, and...pretty much anything else you can think of. With a cheap board like the Raspberry Pi and a free OS like Linux, you're more limited by your imagination than your wallet.

 

Hacking and Security

Some Linux distributions, like BackTrack or Kali, are security-focused distros for testing security systems. That means you can use them to learn how to, say, hack WEP or WPA Wi-Fi passwords, which is a great way to learn a bit more about your own network security and how to protect yourself from similar attacks. Of course, we don't recommend using these powers for evil—but knowing evil's tricks gives you a good path to preventing them.

 

Revive an old or slow PC

And so we come to one of the most obvious and common uses for Linux—and still one of the best. If you have a PC that's seen better days, Windows is far from the ideal OS. install a lightweight Linux distribution on it (like Lubuntu or, if you're a bit more savvy, Archbang) and it'll feel like a new machine again. It may not be able to do everything your powerful Windows machine can do, but it's better than having a non-functional computer, and works perfectly for basic tasks.

 

Learn more about how computers work

If none of the above sound like anything you need, why not just learn a little bit more about how computers work? Tons of things run Linux these days, from TVs to the Android phone in your pocket, and learning about Linux is not only a fun hobby in and of itself, but it'll help you learn a bit more about what makes these machines tick. We recommend getting started with something like Ubuntu or Mint, then when you get a little more familiar, move onto Arch for some serious learning. There are a ton of great distros out there, and even if you're just playing around, you may find that those skills come in pretty handy one day.

Saturday, 28 January 2017

Why use Linux?


This is the one question that most people ask: Why bother learning a completely different computing environment, when the operating system like Windows works fine with most desktops, laptops, and servers? To answer that question, I would ask another question: Does that operating system you’re currently using really work “just fine”? Or are you constantly battling viruses, malware, slow downs, crashes, costly repairs, and licensing fees?

If you struggle with the above, and want to free yourself from the constant fear of losing data or having to take your computer in for the “yearly clean up,” Linux might be the perfect platform for you. Linux has evolved into one of the most reliable computer ecosystems on the planet. Combine that reliability with zero cost of entry (free availability) and you have the perfect solution for a desktop platform.

That’s right, zero cost of entry...as in free. You can install Linux on as many computers as you like without paying a cent for software or server licensing. Using Linux is free and also the softwares that come for Linux environment are free. Unlike windows, you don't have to pay for any software like MS-Office. In fact, Linux is a free and complete server on our desktop.

Comparing other interfaces, Linux has a most secure environment. There will not be a problem of viruses, malware, trojan or computer slowing down. Compared to windows where there is mostly a problem of viruses and slow-downs. We need not to install a single antivirus program on Linux as that on windows (despite of windows defender).

Next problem which occurs mainly in windows is system restarts frequently when installed a new driver, software, updates, etc. Linux does not need system restarts for all these. It only needs a system restart when updating/downgrading kernel as it links hardware with system. It is not out of the ordinary for a Linux server to go years without being rebooted. That’s stability and dependability.

Linux is also distributed under an open source license. Open source follows the following key philosophies:
  • The freedom to run the program, for any purpose.
  • The freedom to study how the program works, and change it to make it do what you wish.
  • The freedom to redistribute copies so you can help your neighbor.
  • The freedom to distribute copies of your modified versions to others.
The above are crucial to understanding the community that comes together to create the Linux platform. It is, without a doubt, an operating system that is “by the people, for the people”. These philosophies are also one of the main reasons a large percentage of people use Linux. It’s about freedom and freedom of choice.

In short, the answer to Why use Linux is - Security, Control and Privacy.

Largest Trading Platform on DarkWeb - AlphaBay got HACKED !



The AlphaBay is considered as the largest trading marketplace on Dark Web. Recently a hacker has identified the existence of two very high-risk bugs and revealed that information on the Reddit’s forum posts.

The hacker, who uses the alias name Cipher0007, has managed to steal 200,000 private messages of AlphaBay. These messages are exchanged between the buyers/users and sellers.

The ZDNet reported that the Cipher0007 has disclosed the vulnerabilities he found earlier on this week and revealed them on Reddit that these flaws can be used to steal many private messages on AlphaBay. He also compromised the website and took first and last names of both the sellers and buyers on the AlphaBay along with their addresses, nicknames and tracking IDs of their orders. The messages were not protected by any PGP keys, which made it even easier for Cipher0007 to steal them in such huge proportions.

The AlphaBay has posted an official statement on the Pastebin in which they have admitted presence of those bugs and also confirmed that the Cipher0007 hacked nearly 218,000 messages. It must also be noted that those hacked messages were not older than 30 days since the website’s system purges messages that are more than 30 days old automatically.
Cipher0007 has posted numerous screenshots in order to prove that he really managed to infiltrate AlphaBay and stole the private messages.


The Cipher0007 has also the opened support tickets on AlphaBay to warn other trading posts on Dark Web about the potentially dangerous security bugs and flaws that can expose their private identities of users.

AlphaBay rewarded Cipher0007 for not selling these flaws or exposing that stolen data to the public. Then Cipher0007 disclosed the methods he used to exploit the AlphaBay to the company and finally the developers at the trading platform managed to fix the flaws.

Facebook's new feature for secure Login

Hacking Password of a facebook account is now not easy, but its IMPOSSIBLE.

 

But, Are SMS-based one-time passwords Secure?
US National Institute of Standards and Technology (NIST) is also no longer recommending SMS-based two-factor authentication systems, and it’s not a reliable solution mainly because of two reasons:
  • Users outside the network coverage can face issues
  • Users might have changed their mobile number due to some reason
  • What if the phone (along with your sim installed) is stolen!
  • Growing number of sophisticated attacks against OTP schemes



  • Go to Security settings of your Facebook account.
  • Open Login Approval and Click "Add Key" shown in front of 'Security Key.'
  • 'Add Key ' and Facebook will ask you to "Insert your security key into a USB port."
Note: Hardware-based Security Key will only work if you're using the Chrome or Opera browser.


Fake Netflix app takes access of users' android devices


Security researchers at Zscaler security have recently found a fake Netflix app that is installing a Remote Access Trojan (RAT) variant onto victims’ devices.

Depending on the popularity of applications is not a new technique, with the fake Super Mario Run games on Android have recently used the same trick to inject the DroidJack and Marcher Trojans in users' android devices. It seems that the attackers now decided to use the same technique and get the control of Netflix users' devices who are looking to stream full movies and TV programs on their mobile devices.

In the place of a video streaming app,  the attackers, however, used a RAT that can take advantage of users device in many ways, like listening to their live conversations by using the microphone, executing random commands, sending files to command and control (C&C) server, viewing contacts, recording screen captures, and reading SMS messages.

This fake Netflix app is supposedly created by using an updated version of  SpyNote RAT builder, which was leaked online last year, Zscaler says.
Once it is installed, the app displays the icon of legitimate Netflix app on Google Play, but it should by no means be mistaken for the real one.When user clicks on icon for the first time it then disappears from the home screen and nothing else seems to be happening, a trick that is commonly used by mobile malware. But in the background, the malware starts its onslaught of attacks.
The SpyNote RAT was found to be using a free DNS service for C&C communication, and also to leverage Services, Activities components and Broadcast Receivers, of Android platform to remain up and running on users’ infected device.

“Services can perform long-running operations in the background and does not need a user interface. Broadcast Receivers are Android components that can register themselves for particular events. Activities are key building blocks, central to an app’s navigation, for example,” Zscaler researchers note.

Friday, 27 January 2017

Introduction to linux



From smartphones to cars, supercomputers and home appliances, and any other gadgets, the Linux operating system is everywhere. It runs most of the Internet, the supercomputers making scientific breakthroughs, and the world\'s stock exchanges. But before Linux became the platform to run desktops, servers, and embedded systems across the globe, it was (and still is) one of the most reliable and secure operating systems available.

For those who doesn't know, worry not – here is all the information you need to get up to speed on the Linux platform.

What is Linux?

Just like Windows XP, Windows 7, Windows 8, Windows 10, Windows Vista and Mac OS X, Linux is an operating system.

An operating system is software that manages all of the hardware resources associated with your desktop or laptop. To put it simply – the operating system manages the communication between your software and your hardware. Without the operating system (often referred to as the “OS”), the software wouldn’t function.
The OS is comprised of a number of pieces:
  • The Bootloader: The software that manages the boot process of your computer. For most users, this will simply be a flash screen that pops up and eventually goes away to boot into the operating system.
  • The kernel: This is the one piece of the whole that is actually called “Linux”. The kernel is the core of the system and manages the CPU, memory, and peripheral devices. The kernel is the “lowest” level of the OS.
  • Daemons: These are background services (printing, sound, scheduling, etc) that either start up during boot, or after you log into the desktop.
  • The Shell: You’ve probably heard mention of the Linux command line. This is the shell – a command process that allows you to control the computer via commands typed into a text interface. This is what, at one time, scared people away from Linux the most (assuming they had to learn hard commands to make Linux work). This is no longer the case. With modern desktop Linux, there is no need to ever touch the command line.
  • Graphical Server: This is the sub-system that displays the graphics on your monitor. It is commonly referred to as the X server or just “X”.
  • Desktop Environment: This is the piece of the puzzle that the users actually interact with. There are many desktop environments to choose from (Unity, GNOME, etc). Each desktop environment includes built-in applications (such as file managers, configuration tools, web browsers, games, audio and video player, etc).
  • Applications: Desktop environments do not offer all the apps. Just like Windows and Mac, Linux offers thousands of high-quality softwares that can be easily installed. Most modern Linux distributions (more on this in a moment) include App Store-like tools that centralize and simplify application installation. For example: Ubuntu Linux has the Ubuntu Software Center which allows you to quickly search among the thousands of apps and install them from one centralized location. The Ubuntu software center is a Linux app store that carries thousands of free and commerical applications for Linux.

Hackers stole E-vouchers and got arrested



The Delhi police has arrested four hackers for digitally shoplifting vouchers worth about Rs 92 lakh of an e-commerce company by hacking its payment gateway through data tampering.

A complaint was registered by Voucha Gram India at the Hauz Khas police station alleging that its website was hacked and vouchers around Rs 1 crore were digitally shoplifted through data tampering of payment gateway “PayU”, on December 30. A case of cheating and relevant provisions of IT Act was registered on the complaint.

A special team including ACP Rajender Pathania and SHO Hauz Khas Sanjay Sharma was formed to crack the complex cyber offence that went through voluminous data procured from various online shopping portals and loss was pegged at Rs 92 lakh.

During investigation, the team went through relevant IP addresses, e-mails and phone numbers, and managed to trace the prime accused, Sunny Nehra (23), a BTech drop-out. He was picked up from a five star hotel in Gurggram and put through sustained interrogation, said Ishwar Singh, DCP (South).
We tracked Sunny through his facebook and putting mobile phones on surveillance that he purchased from redeeming the vouchers of the website,” said a senior police official. Information provided by him led to arrest of his three associates Azad Chaudhary (19), Prakhar Agarwal (19) and Tejveer Sheroran (18). Azad is also a BTech dropout, while Sheoran is a BCA student, he said.
All the four accused, including Nehra, had developed online associations with hackers in the country and abroad and were involved in hacking for money by breaking weakly encrypted e-commerce portals.

Nehra had learnt from one of his hacker friend that PayU, a leading payment gateway, was suffering from vulnerability and could be tested for data tampering. They managed to hack the online systems, including the payment gateway and indulged in manipulating cash backs by enhancing their value, using same gift card again and again, placing online orders without any actual payment and making small payments, said the officer.

The digital money siphoned off by them was used on living a luxurious life and buying sophisticated proxy servers, virtual private networks, high end laptops used by them.
The e-vouchers digitally shoplifted by the accused were spent also in five star hotels, air tickets, and renting expensive cars to go to parties and hotels with their girl friends, he said. “The prepaid mobile phone Sunny was using had balance of Rs 43,000. He was also looking for potential customers to sell out the mobile phones and other gadgets he purchased redeeming vouchers fraudulently,” added the senior police official.
Police has recovered a laptop used for high level programming, with 256 GB RAM and capable of supporting hacking software, and latest I-phones and pads.

Investigation in the case is progressing with analysis of data and logs of recovered equipment to detect and establish other cyber crimes and digital shoplifting committed by the gang, he added.

Source : Latest Hacking News

Thursday, 26 January 2017

Steps to make a keylogger - Software



My last two posts were on What is a Keylogger and The types of Keylogger. As I got suggestions to make a keylogger, I am working on it and will surely post the article for that. This tutorial shows you the steps you need to follow to make a keylogger. But it will not provide you a complete ready made keylogger (because I haven't made a good one till now). So, if you are here to get the source code of keylogger, it is not the right place.

Now lets start with the steps to make a keylogger. Keylogger is generally a software (for this part of article). So, we need to code keylogger following the same steps which we would follow to make a software.

Steps :
  1. The very first step is knowing what the software functions when it gets installed on the system. A keylogger generally follows three functions : Detecting a keystroke, Triggering a function on keystroke, saving the data-key to a log file, transfer the data to server when the pc gets connection to internet.
  2. Detecting a keystroke is essential. We have to create a function which executes on detecting a keystroke. The input parameter to the function will be 'the key pressed' and the function returns 'data' (what to write to the log file). Suppose, we press any alphanumerical key, then the function should return that alphanumeric character. But if we press any special or whitespace character key, the function should return to the value of special character key. For ex : if we press ENTER, the function should return a newline character (for C language its \n), and not the word 'ENTER'.
  3. Now that we have data (values returned by the function), we can save them to a log file (generally txt file).
  4. Now, sending the data depends on the type of keylogger you are using (Refer here to know the types of keyloggers). Suppose, you are creating an email keylogger, then you should configure POP3 protocol (Refer here to know about POP3) in your keylogger.
  5. Last step is most important. Following the above steps, make you keylogger and test it. If it runs correctly, then move on to next step.
  6. The important step is to make your keylogger hidden i.e. when you open task manager, the list of processes should not show you keylogger program process. That is you have to make it run in stealth mode.


The above were the general steps one should follow to make a keylogger. But as you see that all the steps are dependant  on coding and thus programming is most essential. One must know at-least one programming language to make a keylogger. Some of the most important languages are :
  • .net
  • C++
  • C#
  • Python
  • Android

Android is useful only if you want to make an android keylogger. Now-a-days people are using 3rd party apps for their android keyboard. One example is that of swiftkey. So, we can edit the code of the apk to make the task easier. We just need to find the code which manages keystrokes and then insert our code (which saves and transfer logs to server). A swiftkey logger will be posted in next article as I was able to create one.

Types of Keylogger



As mentioned in my previous article, keyloggers are applications that monitor a user's keystrokes and then send this information back to the malicious user. This can happen via email or to a malicious user's server somewhere on the Internet. These logs can then be used to collect email and online banking usernames and passwords from unsuspecting users or even capture source code being developed in software firms. To know more, click here..

Keyloggers are divided into different categories depending upon system layer they run. Here, we will consider two system layers, namely : Application Layer and Internal Layer.

There are in general two types of Keyloggers :
  • Software Keyloggers : It is defined at application level. This type logging is accomplished by using the Windows function SetWindowsHookEx() that monitors all keystrokes. The spyware (keylogger) will typically come packaged as an executable file that initiates the hook function, plus a DLL file to handle the logging functions. An application that calls SetWindowsHookEx() is capable of capturing even autocomplete passwords. Here, it will over-ride the control of SetWindowsHookEx() - The function in windows which controls the keystrokes and also autocomplete actions of system.
  • Hardware Keyloggers : It is defined at internal level. These are small inline devices placed between the keyboard and the computer. Because of their size they can often go undetected for long periods of time -- however, they of course require physical access to the machine. These hardware devices have the power to capture hundreds of keystrokes including banking and email username and passwords.

Software Keyloggers :

A Software Keylogger is further divided into many types depending on the method it uses to save and transfer logs from victims' computer to the attacker.
  • Offline Keylogger : Here, the keylogger stores all the keystrokes offline i.e on the victim's device without his awareness. Obviously, the attacker here needs a physical access to victim's computer to get the log file (The file in which keystrokes are stored). The attacker knows the path at which the log file is located.
  • FTP Keylogger : It is an extended part of Offline Keylogger. The process of saving the keystrokes is same as that of offline keylogger. That means, it stores the log file at a specified location. Now, when the victim's computer gets access to the internet, the keylogger sends the log file with the help of FTP protocol to the attacker's server. Hence, FTP keylogger differs from Offline keylogger in the process of transferring log file.
  • Email Keylogger : An Email keylogger is similar to FTP keylogger (also an extended part of Offline keylogger). It differs from the FTP keylogger in the process of transferring the log file. Here, when the victim's computer gets connected to the internet, the keylogger sends an Email from its in-built Email sender to the attacker's Email. Hence, here log file is transferred via email.
  • PHP Keylogger : PHP keylogger is different from above defined keyloggers. In PHP keylogger, live data is captured. That means, when the victim types something, the keystrokes are captured (but not saved to log file) and are instantly transferred to the attacker's server via internet. The attacker's server contains PHP script which handles the incoming data (keystrokes) and hence keystrokes are saved on the attacker's server. Here, the most important element is internet -- The victim's computer should have internet connection and also the attacker's server should be online all the time. In case where victim's device does not possess internet, the keystrokes are lost or queued (saved temporarily until the device acquires internet).

Kernel Keyloggers :

Kernel Keyloggers are neither hardware nor software keylogger. As we know, kernel is something which operates between hardware and software of the system but is a combination of Hardware (ROM) and Software (HDL - Hardware Definition Language). The same are Kernel Keyloggers.

This type of keylogger is at the kernel level and receives data directly from the input device (typically, a keyboard). It replaces the core software for interpreting keystrokes. It can be programmed to be virtually undetectable by taking advantage of the fact that it is executed on boot, before any user-level applications start. Since the program runs at the kernel level, one disadvantage to this approach it that it fails to capture autocomplete passwords, as this information is passed in the application layer.

NOTE : The most used of the above types is Software - email keylogger,  as it is easy to design and use. Also it can capture the autocomplete keywords stored in device.

Tuesday, 24 January 2017

Essential Concepts - Types of Proxy Server



Before reading this article, I suggest you to read my previous article on What is a proxy and How the proxy works. Here, we will see the different types of proxy used in daily life.

Proxies are defined into different categories based on the level of anonymity and functions it provides.

You may see references to four different types of proxy servers:
  • Transparent Proxy

    This type of proxy server identifies itself as a proxy server and also makes the original IP address available through the http headers. These are generally used for their ability to cache websites and do not provide any anonymity to those who use them. However, the use of a transparent proxy will get you around simple IP bans. They are transparent in the terms that your IP address is exposed, not transparent in the terms that you do not know that you are using it (your system is not specifically configured to use it.)
  • Anonymous Proxy

    This type of proxy server identifies itself as a proxy server, but does not make the original IP address available. This type of proxy server is detectable, but provides reasonable anonymity for most users.
  • Distorting Proxy

    This type of proxy server identifies itself as a proxy server, but make an incorrect original IP address available through the http headers.
  • High Anonymity Proxy

    This type of proxy server does not identify itself as a proxy server and does not make available the original IP address.

Essential Concepts - Proxy Server


The concept of proxy is similar to the concept of firewall but it differs by its use. Both are a part of Network Security. So I recommend you to read my post on Firewall before you start understanding proxy.

In a computer network, a proxy server is any computer system offering a service that acts as an intermediary between the two communicating parties, the client and the server. A proxy server is a computer that offers a computer network service to allow clients to make indirect network connections to other network services.

How Proxy Server works?

In the presence of a proxy server, there is no direct communication between the client and the server. Instead, the client connects to the proxy server and sends requests for resources such as a document, web page or a file that resides on a remote server.

A common proxy application is a caching Web proxy. This provides a nearby cache of Web pages and files available on remote Web servers, allowing local network clients to access them more quickly or reliably.

When it receives a request for a Web resource (specified by a URL), a caching proxy looks for the resulting URL in its local cache. If found, it returns the document immediately. Otherwise it fetches it from the remote server, returns it to the requester and saves a copy in the cache. The cache usually uses an expiry algorithm to remove documents from the cache, according to their age, size, and access history.


As shown in the above example, whenever the client connects to a web proxy server and makes a request for the resources (in this case, “Sample.html”) that reside on a remote server (in this case, xyz.com), the proxy server forwards this request to the target server on behalf of the client so as to fetch the requested resource and deliver it back to the client. An example of client can be a user operated computer that is connected to the Internet.

Functions of a proxy server :

Proxy servers are used for many different purposes depending on its function
  • A proxy server is most widely used to conceal the IP address or the origin of the Internet users during their activity. Since it the proxy server which handles the requests between the client and the target, only the IP address of the proxy server is exposed to the outside world and not the actual one. Therefore, most hackers use a proxy server during the attacks on their target so that it would be hard to trace back to them. 
  • Proxies may also cache web pages. Each time an internal user requests a URL from outside, a temporary copy is stored locally. The next time an internal user requests the same URL, the proxy can serve the local copy instead of retrieving the original across the network, improving performance.
  • Web proxies can also filter the content of Web pages served. Some censorware applications - which attempt to block offensive Web content - are implemented as Web proxies.
  • Web proxies can also reformat web pages for a specific purpose or audience; for example, Opera mini (browser uses its own proxy server) reformats web pages for mobile devices in order to provide faster speed.
  • A special case of web proxies are "CGI proxies." These are web sites which allow a user to access a site through them. CGI proxies are frequently used to gain access to web sites blocked by corporate or school proxies. Since they also hide the user's own IP address from the web sites they access through the proxy, they are sometimes also used to gain a degree of anonymity.

Monday, 23 January 2017

The concept of Keylogger


Keylogger is one of the hacking techniques used to generally get passwords of credit cards, debit cards, gmail accounts and more. So here we are going to study what keylogger basically means and how it is made.

Generally referring, a Keylogger as the name says maintains the logs of keystrokes. So, to understand what is keylogger, we need to understand two technical terms - log and keystroke.
  • Log ; A log, in a computing context, is the automatically produced and time-stamped documentation of events relevant to a particular system. Virtually all software applications and systems produce log files. In simple language, a Log is like a diary in which all the activities are mentioned in a structured manner along with the time at which they were done.
  • Keystroke : A keystroke is a single press of a key on a keyboard. Each key press is a keystroke. Keystrokes can be used for programming purposes to respond to the user pressing a particular key. Taking an example, did you ever thought how did the computer realize to go to next line when we press the 'ENTER' key on the keyboard?!. Here, keystroke is most used. It takes the keystroke as input and based on the input, it produces output on the screen.

Keylogger is the short form of Keystroke Logger. A keylogger is software that tracks or logs the keys struck on your keyboard. It does this task in a covert (hidden) manner, so that you don’t know that your actions are being monitored. This is usually done with malicious intent to collect your account information, credit card numbers, user names, passwords, and other private data.

Despite all these, keylogger is also used for legitimate (legal/good) purposes. Parents can monitor their children’s online activity or law enforcement may use it to analyze and track incidents linked to the use of personal computers, and employers can make sure their employees are working instead of surfing the web all day.

Nevertheless, keyloggers can pose a serious threat to users, as they can be used to intercept passwords and other confidential information entered via the keyboard. As a result, cybercriminals can get PIN codes and account numbers for your financial accounts, passwords to your email and social networking accounts and then use this information to take your money, steal your identity and possibly extort information and money from your friends and family.

Why Keylogger? 

A second most asked question is - why to use keylogger and not other methods. Keylogger is customizable. That means, we know that a keylogger captures every key one has typed. Now we can customize, how we want the data to reach us - via mail, or uploaded to our server, or any other way. Hence, the way the data reaches to us is decided by self. Hence, there would be no security in the way of data and receiver except the device's firewall. Once the keystrokes are recorded and bypassed through device firewall, there is no other barrier in the way i.e. the road is clean.

Hence, keylogger is the simplest method to track victims' passwords, usernames, pins, etc. Also, in the case of social media and chatting apps like messenger, hike or WhatsApp. We know that whatsapp is the most secure server for chatting over internet as it uses 256-bit encryption method. This encryption is applied as soon as the message is typed, but keylogger is faster than that. It captures keystrokes as soon as the key is pressed. Hence, whatsapp chats can be easily tracked from victims' device to us through keylogger.

How do you detect a keylogger?

Keyloggers are tricky to detect. Some signs that you may have a keylogger on your device include: slower performance when web browsing, your mouse or keystrokes pause or don’t show up onscreen as what you are actually typing or if you receive error screens when loading graphics or web pages.

What can you do to protect yourself?

Just as you maintain your own health on a daily basis by eating well-balanced meals, getting plenty of rest and exercising, you must also maintain your computer or mobile device’s health. That means avoiding keyloggers by avoiding actions that could negatively affect your computer, smartphone or tablet, like visiting dangerous websites or downloading infected programs, videos or games. Here are some tips:
  • Use caution when opening attachments – files received via email, P2P networks, chat, social networks, or even text messages (for mobile devices) can be embedded with malicious software that has a keylogger. (This method will be taught later.)
  • Watch your passwords – Consider using one-time passwords and make sure key sites you log into offer two-step verification. You could also use a password manager which will automatically remember your user name and passwords, but also prevent keylogging since you are not typing in any information on the site as the password manager will do that for you.
  • Try an alternative keyboard layout – Most of the keylogger software available is based on the traditional QWERTY layout so if you use a keyboard layout such as DVORAK, the captured keystrokes does not make sense unless converted. (Try to understand on your own. For queries, post comments below.)
  • Use a virtual keyboard – This is the most secure way. Even when keylogger is installed on your system, it can't capture keystrokes. Using on-screen keyboard, you just have to click on the keys you want to type with the help of your mouse. Hence, as you do not press any key on your keyboard (hardware), no keystrokes are recorded. Such a system is used in most of online banking services mainly SBI ONLINE banking service.


Essential Concepts - Firewall


We have covered most of the concepts of networking. But still some of the concepts are left over. They include Firewall and Proxies. Generally, we may face situations where some site is blocked, or sometimes we require authentication (username and password) to use internet. Also sometimes, some of the apps or software installed on our are blocked to use our internet connection. All these things are done via Firewall and its set of rules.

A firewall is a network security system, either hardware- or software-based, that uses rules to control incoming and outgoing network traffic. Firewalls are basically a barrier between your computer (or a network) and the Internet (outside world). A firewall can be simply compared to a security guard who stands at the entrance of your house and filters the visitors coming to your place. He may allow some visitors to enter while deny others whom he suspects of being intruders. Similarly a firewall is a software program or a hardware device that filters the information (packets) coming through the Internet to your personal computer or a computer network.

How a Firewall works?

Firewalls may decide to allow or block network traffic between devices based on the rules that are pre-configured or set by the firewall administrator. Most personal firewalls such as Windows firewall operate on a set of pre-configured rules which are most suitable under normal circumstances, so that the user need not worry much about configuring the firewall.

Personal firewalls are easy to install and use and hence preferred by end-users to secure their personal computers. However, in order to meet customized needs large networks and companies prefer those firewalls that have plenty of options to configure.



For example, a company can set up rules like this for FTP servers, Web servers, Telnet servers and so on. In addition, the company can control how employees connect to Web sites, whether files are allowed to leave the company over the network and so on. Thus, in addition to security, a firewall gives a company tremendous control over how people use the network.

Firewalls use one or more of three methods to control traffic flowing in and out of the network:
  • Packet filtering - Packets (small chunks of data) are analyzed against a set of filters. Packet filters has a set of rules that come with accept and deny actions which are pre-configured or can be configured manually by the firewall administrator. Packets that make it through the filters are sent to the requesting system and all others are discarded.
  • Stateful inspection - A newer method that doesn't examine the contents of each packet. Instead compares certain key parts of the packet to a database of trusted information. Both incoming and outgoing packets are compared against this database. If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded.

Firewall configuration :

Firewalls are customizable. This means that you can add or remove filters based on several conditions. Some of these are:
  • IP addresses - Each machine on the Internet is assigned a unique address called an IP address. In any case, if an IP address outside the network is said to be unfavourable, then it is possible to set filter to block all the traffic to and from that IP address. For example, If a certain IP address outside the company is reading too many files from a server, the firewall can block all traffic to or from that IP address.
  • Domain names - Because it is hard to remember the string of numbers that make up an IP address, and because IP addresses sometimes need to change, all servers on the Internet also have human-readable names, called domain names. For example, it is easier for most of us to remember www.libraryofhacks.blogspot.in than it is to remember 156.17.41.157. Since it is difficult to remember the IP addresses, it is an easier and smarter way to configure the firewalls by adding filters based on domain names. By setting up a domain filter, a company may decide to block all access to certain domain names, or may provide access only to a list of selected domain names.
  • Ports/Protocols - Open ports (which are online - can receive/send data) are like open door of our house which can lead to theft. If the services running on a given port is intended for the public or network users, they are usually kept open. Otherwise they are blocked using the firewall so as to prevent intruders from using the open ports for making unauthorized connections.
  • Specific words and phrases - A firewall can be configured to filter one or more specific words or phrases so that both the incoming and outgoing packets are scanned for the words in the filter. This can be anything. The firewall will sniff (search through) each packet of information for an exact match of the text listed in the filter. For example, you could instruct the firewall to block any packet with the word "X-rated" in it. The key here is that it has to be an exact match. The "X-rated" filter would not catch "X rated" (no hyphen). But you can include as many words, phrases and variations of them as you need.
Real-time examples :
  • IP addresses/Domain names - Torrent websites blocked on our college internet network.
  • Ports/Protocols - Internet connection which supports surfing, but does not support downloading. (Because the FTP port of the system in closed.)
  • Specific words and phrases - Filter any packet that contains an offensive term or a phrase that you may decide to block from entering or leaving your network.

Hardware vs. Software Firewall :

Hardware firewalls provide higher level of security and hence preferred for servers where security has the top most priority. The software firewalls on the other hand are less expensive and hence preferred in home computers and laptops.

Hardware firewalls usually come as an in-built unit of a router and provide maximum security as it filters each packet at the hardware level itself even before it manages to enter your computer. A good example is the Linksys Cable/DSL router.

In hardware firewalls, the firewall system in managed in the router itself. Hence, when any computer with weak/no firewall system connects to the router, it can safely surf the internet. It is because the incoming packets are filtered at the router itself i.e. before entering your computer system.

Sunday, 22 January 2017

Google Maps will soon help you find Parking


Parking is a common problem happening in big cities. Generally at the time when we go to attend any function, any concert show and there are many such situations when the problem of parking happens. Situations like that may become a thing of past because soon you will be able to find the location you are trying to visit and also the detailed directions on where you can find the nearest spot to park your car just by using Google Maps.

This is not a prediction. This is something you are gooing to be able to do on a daily basis with the upcoming beta version of the Google Maps. This upcoming version will be loaded with cool new features and one of happens to be offering the turn-by-turn directions for the safest open areas near you where you can park your vehicle.


Android Police has shared some exclusive new details about the beta version ‘v9.44.0’ of Google Maps that is to come. This runs on devices running on Android 4.3 and above and you can download it through an APK Mirror. The new version will come pre-loaded with driving directions for general parking spots along with the availability status of a certain spot and the distance and time estimates. If the app just shows you a tiny ‘P’ icon, that means you can park your car since the spot is available and open. The upcoming version will also display the likeliness of finding an open parking spot in a particular destination with options to range from Easy, Medium and or Limited.

It is worth noting that Google will be relying on conventional traffic patterns instead of location data, which is why the app may not clearly identify open parking spots as yet. However, the feature is in its evolutionary phases currently and we are sure that pretty soon it will be able to provide accurate guidance to users about open spots to park their vehicles.

Maps v9.44 beta also brings one more change: "Atmosphere" photos when browsing a place's listing. Maps already uses smart photo algorithms to single out photos of the food in "From Menu" and photos taken "By Owner", so "Atmosphere" is one more way to quickly check the ambiance of a location before you head there.


So don't wait, just grab the new update of Google Maps v9.44 now. It is easily available on Apk Mirror.

Saturday, 21 January 2017

Essential Concepts - Domain Name System (DNS)



In my previous tutorials, I have mentioned that each device connected to the internet has its own IP Address so that it can be uniquely identified. For devices connecting to internet, the IP address is provided by the ISPs. But here the question arise is -- Who is providing IP or range of IPs to the ISP?

Also a similar question arise is -- Who is providing specific IP to the Hosted Website? 
Let us take an example of facebook.com. We know that every server is identified by a unique IP. That means that facebook would also have its own IP. Who provided this IP to facebook?

You will get the answers to these questions in this tutorial.

Domain Name System (DNS) 

First, we will understand the term 'Domain Name'. Domain name is the name of the server hosting any number of websites. In example of facebook, facebook.com is a domain name as it is hosting a single website. In my case, i.e. libraryofhacks.blogspot.in , domain name is blogspot.com or blogger.com as it is hosting my website including many other websites too.

Domain names are used to identify one or more IP addresses. For example, the domain name microsoft.com represents about a dozen IP addresses. Domain names are used in URLs to identify particular Web pages.

The Domain Name System is a system which maps (translates) a host name into a particular IP Address.

Why to use DNS?

Since Internet is the mother of millions of computers each having a unique IP address, it becomes impossible for people to remember the IP address of each and every computer they want to access. So, in order to make this process simpler the concept of domain names was introduced. As a result users can easily access any website just by typing their domain names in the browser’s address bas such as “google.com” or “yahoo.com” without having to remember their actual IP addresses. 

However, since the network protocol understands only the IP address and not the domain names, it is necessary to translate the domain name back to its corresponding IP address before establishing a connection with the target server. This is where DNS comes in handy.

Your Internet Service Provider has a DNS server which maintains a huge record of existing domain names and their corresponding IP addresses. Each time you type the URL such as “http://www.google.com” on your browser’s address bar, your computer will use the DNS server from the ISP and translates the domain name “google.com” to its corresponding IP address to make a connection with the Google’s server. All this process will happen in a split second behind the scenes and hence goes unnoticed.

Concept Of Domain Name System (DNS) Server

The internet uses DNS (Domain Name System) records to translate host names into IP addresses (in this case 193.202.110.175) and in some cases vice versa too.

When you type the DNS of a website into your browser (which I would hope is Chrome, Firefox or Opera, and not IE) it begins looking up the host. This can be seen when your internet connection is slow. We know that when we surf on internet using any of the browsers mentioned above, we can see the status of connection at bottom-left/right corner. Now when your internet slows down, you will be able to see each and every status of the connection. The first one of it would be 'looking up the host'. This means that the browser is looking DNS servers for the host (Domain Name) you specified in the URL.

How DNS Works? 


Click to view full size image

Whenever you type a URL such as “https://libraryofhacks.com” (doesn't exist now as I haven't bought my Professional Domain) on your browser’s address bar, your computer will send a request to the local name server (the ISP DNS server) to resolve the domain name to its corresponding IP address. This request is often referred to as a DNS query.

The local name server will receive the query to find out whether it contains the matching name and IP address in its database. If found, the corresponding IP address (response) is returned. If not, the query is automatically passed on to another DNS server that is in the next higher level of DNS hierarchy. This process continues until the query reaches the DNS server that contains the matching name and IP address. The IP address (response) then flows back the chain in the reverse order to your computer.

Friday, 20 January 2017

XSS Vulnerability Found in Acrobat’s Silently Installed Chrome Extension


Researcher Tavis Ormandy who was a part of Google Project Zero has discovered that a Chrome extension installed by Adobe silently last week had been affected by an XSS(cross-site scripting) vulnerability. After learning of its existence, Adobe quickly patched the flaw.

The Adobe released an update to Adobe reader on January 10 and it was to address 29 vulnerabilities in it. However, some users are not pleased that the updates also automatically installed an Adobe Acrobat Chrome extension which was designed to convert web pages into PDF files.

This extension is available only for Windows. This extension requires the permission to access data on the websites that the user visits, communicate with cooperating native apps and manage downloads. This tool also collects information from the system, but still, Adobe claims no personal information is involved and the “anonymous data will not be meaningful to anyone outside of Adobe.”

After thoroughly analysing this extension, which already has like 30 million installs, Ormandy identified that a DOM-based XSS vulnerability which allowed privileged JavaScript code execution. The experts classified this security hole as a “critical severity.”

“I think CSP [Content Security Policy] might make it impossible to jump straight to script execution, but you can iframe non web_accessible_resources, and easily pivot that to code execution, or change privacy options via options.html, etc,” the Google researcher explained in an advisory.

The issue was reported to Adobe back on January 12 and it was patched a few days after that. It is not surprising that the vulnerability was fixed quickly considering that many of the flaws found in Adobe products are reported by Google Project Zero researchers or through the Chromium Vulnerability Rewards Program.

This was not the first time Ormandy identified a vulnerability in a Chrome extension. Roughly one year ago, the expert revealed that an extension automatically installed by AVG AntiVirus exposed user’s personal data and other browsing histories.

Source : Latest Hacking News

Essential Concepts - Network Packets



We have seen the topics that gives us the answers of the below questions :
  • How a server is uniquely identified? -- IP Address
  • What are the services provided between two servers? -- Protocols
  • How to connect for a specific service? -- Ports
There are many other questions, one of which is : How the data is being transferred between two servers?

Consider that you have to transfer a PPT containing 15 slides froam a server to another. But the bandwidth is only of 5 slides. Now you divide the PPT into 3 PPTs each containing 5 slides and transfer them in a sequence. Also these PPTs are received in the same sequence at the receiving end and then combined to form the final PPT. Here, each PPT is called a packet and the final PPT is called data.

Packets and Packet Switching :

It turns out that everything you do on the Internet involves packets. For example, every Web page that you receive comes as a series of packets, and every e-mail you send leaves as a series of packets. Networks that ship data around in small packets are called packet switched networks. Packet is nothing but a part of divided data.

Packet switching is a digital networking communications method that groups all transmitted data into suitably sized blocks, called packets, which are transmitted via a medium that may be shared by multiple simultaneous communication sessions. Packet switching increases network efficiency, robustness and enables technological convergence of many applications operating on the same network.

A network packet (data packet, datagram or simply called as packet) is a basic unit of data sent from one host to another over a network. When data (such as a mail, message or a file) has to be transmitted between two hosts, it is fragmented into small structures called packets and are reassembled at the destination to make the original data chunk.

On the Internet, the network breaks an e-mail message into parts of a certain size in bytes. These are the packets. Each packet carries the information that will help it get to its destination -- the sender's IP address, the intended receiver's IP address, something that tells the network how many packets this e-mail message has been broken into and the number of this particular packet. The packets carry the data in the protocols that the Internet uses: Transmission Control Protocol/Internet Protocol (TCP/IP). Each packet contains part of the body of your message. A typical packet contains perhaps 1,000 or 1,500 bytes.

Each packet is then sent off to its destination by the best available route -- a route that might be taken by all the other packets in the message or by none of the other packets in the message. This makes the network more efficient. In short, all the packets travels through a common route in a sequence.

Parts of a single packet :

Most network packets are split into three parts :-

Header - The header contains instructions about the data carried by the packet. These instructions may include:
  • Length of packet (some networks have fixed-length packets, while others rely on the header to contain this information)
  • Synchronization (a few bits that help the packet match up to the network)
  • Packet number (which packet this is in a sequence of packets)
  • Protocol (on networks that carry multiple types of information, the protocol defines what type of packet is being transmitted: e-mail, Web page, streaming video)
  • Destination address (where the packet is going)
  • Originating address (where the packet came from)
Payload - Also called the body or data of a packet. This is the actual data that the packet is delivering to the destination. If a packet is fixed-length, then the payload may be padded with blank information to make it the right size.
 
Trailer - The trailer, sometimes called the footer, typically contains a couple of bits that tell the receiving device that it has reached the end of the packet. It may also have some type of error checking.

The most common error checking used in packets is Cyclic Redundancy Check (CRC). CRC is pretty neat. Here is how it works in certain computer networks: It takes the sum of all the 1s in the payload and adds them together. The result is stored as a hexadecimal value in the trailer. The receiving device adds up the 1s in the payload and compares the result to the value stored in the trailer. If the values match, the packet is good. But if the values do not match, the receiving device sends a request to the originating device to resend the packet.

­As an example, let's look at how an e-mail message might get broken into packets. Let's say that you send an e-mail to a friend. The e-mail is about 3,500 bits (3.5 kilobits) in size. The network you send it over uses fixed-length packets of 1,024 bits (1 kilobit). Let. The header of each packet is 96 bits long and the trailer is 32 bits long, leaving 896 bits for the payload. To break the 3,500 bits of message into packets, you will need four packets (divide 3,500 by 896). Three packets will contain 896 bits of payload and the fourth will have 812 bits. Here is what one of the four packets would contain:
  • Each packet's header will contain the proper protocols, the originating address (the IP address of your computer), the destination address (the IP address of the computer where you are sending the e-mail) and the packet number (1, 2, 3 or 4 since there are 4 packets).
  • Routers in the network will look at the destination address in the header and compare it to their lookup table to find out where to send the packet.
  • Once the packet arrives at its destination, your friend's computer will strip the header and trailer off each packet and reassemble the e-mail based on the numbered sequence of the packets.

Popular Posts