PHP Web Shell

This shell has a very good reputation due to its huge use in various ways. It claims to be Fully UnDetectable from various web search engine robots and now you can use it for many attacks once uploaded on a web server.

The below Page Not Found condition is automatically displayed like This

Almost people who are surfing over the Internet will think Oh! shit... I' m requesting the page that is no longer or not there. so this is why I'm getting 404 not found Error. That's okay let me get out from here. 

However most people will think that this is an error from a web server, the impression is very much deceiving! this a 404 web shell. The owner have to click somewhere in the center of the page and get this awesome input field and you are required to input your password. on this Shell use '$h4!!' without those single quotes  

Wow! now this is what you will get after entering the password.

So now, everything is in front of the attacker, from where he can lodge loads of malicious attacks without even getting noticed.
This has been released by M0z@r and can be used for various way of  studying or web server pentesting.
Download it from here!: 404 WebShell

Disclaimer: This is for educational purpose and to make you aware of the scenarios of various different security breaches. The administrator  of whitehatrwanda blog  will not be responsible for any misuse of this content.

11 Steps to enhance Social Networking Sites (SNS) Security

1. Make your password complex using numbers, upper case, Lower case, special character for ex. F@c3b00k$3cur!tY

2. Your password shouldn't be same with other SNS's

3. Your E-mail id password must be different from SNS's.

4. Avoid Using Facebook Apps & if you find something like watch this video Obama died never click on the link better google about that video it must be scam to trick you.

5. Never ever reveal your password to anyone including spouse, girlfriend, best friend, parents etc. this is your privacy don't compromise it.

6. Facebook, Twitter, etc. SNS even bank Websites never ask for password through mail so just be careful with these kind of mails its just social engineering attack.

7. Completely avoid using SNS's at public place like cafe, Airport, CCD's there security is often very poor.

8. For Girls you can call it orthodox thinking but be careful while adding any stranger in your friend list avoid adding any stranger change your privacy settings don't let anyone post on your timeline, tag you etc.

9. Do check URL in address bar while signing up is it fake or original even then the URL is correct and you failed singing in or it takes you to other page change the password immediately. Its called as Advance Phishing attack.

10. Worse case URL is correct you are logged in as well and you are hacked as well. Big Problem!! This is called double redirection Phishing attack to verify this either check source code of webpage or carefully check the processing in left bottom corner (in Chrome) of page on which websites it is linking up you will come to know that its fake one if it is.

11. Normally Facebook identifies and block the URL over chat if it is vulnerable like session hijacking etc. but if fb or other SNS's are not blocking then don't open any strange link or if you are willing to open then open it in other browser & an updated version of Antivirus total security must be on your system.

Source RMAR Team

MITM Attack with DNS Spoofing and SET

Hello, to day I wanna share with U how to hack into network users by MITM(Man In The Middle) attack with DNS Spoofing. on this attack I used Ettercap and SET(Social Engineering Toolkit) tools mostly found in Linux OS especially in BackTrack.
System requirent :

• BackTrack OS
• Ettercap
• Physical Network Access

Here is the concept of MITM Attack 

Lets start our attack 

First locate the etter.dns file and change  the address record of a given webstie by typing 

nano /usr/local/share/ettercap/etter.dns

In This tutorials I used facebook.com and gmail.com as websites victim email servers of the victi

Here I redirected those websites to my Backtrack Machine with 192.168.1.234 , the reason will be discussed rater.

Then open Ettercap in GUI mode by typing this command ettercap -G &

And the go on Sniff Menu and Select Unified sniffing 

Then choose the network interface on which DNS Spoof will be performed

Then Scan for hosts in your network by going on Hosts => Scan for hosts

Then go on Target and Select Host list in which you 'll choose a target machine as Target 1 and Default gateway as Target 2

Select The IP of the target machine (Mine is 192.168.1.65) and click on Add to Target 1, then
select The IP of the Default gateway (mine is 192.168.1.1) and click on Add to Target 2

Up to now, we have a target machine and a target gateway set in the system, Next step is to Activate DNS Spoof plugin for sending spoofed dns replays on the target machine. This is done by going in Plugins => Manage Plugins => Double click on   dns_spoof

Then start ARP Poisoning on the network while sniffing. For That go on Mitm Menu => Arp-Poisoning, in the popped  Dialog Box check Sniff Remote Connections

The last step of DNS Spoofing is to start Sniffing the network by clicking on Start Menu and Then Start Sniffing or Ctrl +W

Up to now, DNS Spoofing is running and The next Step is to harvest Credentials from the victim machine based on spoofed websites in etter.dns file we edited at the beginning.

We will use SET(Social Engineering ToolKit) to perform MITM attack.

Now go in terminal and type the following commands to open SET
      cd /pentest/exploits/set
      ./set

the following screen will come to you and type 1 for Social-Engineering Attacks
After type 2 for website Attack Vectors
After type 3 for Credential Harvester Attack Method

Then type 2  for Site Cloner

At this step you will be prompted to specify the address of the server(web Server) at which the victim will be redirected after requesting one of spoofed website. In my case I putted  my IP (192.168.1.234)because I'm going to clone facebook.com to my machine.

Now next is to clone website which will act as a trap for our victim. type in http://facebook.com/ NB: don't use https protocol because you'll finally get  encrypted data. 

Now,facebook Login page is cloned. At next you will get this screen and type "!" without quotes to continue.

Whenever the victim machine try to connect to the website cloned you will be seeing notification containing the Victim IP and http Header response on the live screen. This means that when he/she request facebook page, he/she will get the fake page cloned and stored on your machine.
For me I spoofed  one machine with this IP 192.168.1.95 
Here is a page on which the victim is going to submit its credentials Thinking that is a genuine page!!!! LOL (:>

After submitting, Login form, here is a plain text of user name and victim password line on the hacker's screen 
(Remember that this is a machine spoofed within the same network of the hacker machine).

Now the victim user got Hacked like This!.
Thank U For reading my Tutorial and Next I tell you how to avoid this kind of attack as Network admin or as Network user.

Ethical Hacking main Steps

Hey, I start publishing my articles on this blog by Explaining a little bit about Ethical Hacking because I'll always discuss about tips and Tricks about Information Security and Vulnerabilities.

What is Ethical Hacking ?

Ethical hacking also known as penetration testing or white-hat hacking, is the use of programming skills to determine vulnerabilities in computer systems. While the non-ethical hacker or black hat exploits these vulnerabilities for mischief, personal gain or other reasons, the ethical hacker evaluates them, points them out, and may suggest changes to systems that make them less likely to be penetrated by black hats.

Here are 5 Main steps for performing ethical Hacking.

1. Foot-printing

2. Scanning and Enumeration

3.  System Hacking(Gaining Access)

4. Maintaining Access  (Plant Root-kits and Back-doors)

5. Covering Tracks

Foot-printing is the blueprinting of the security profile of an organization, undertaken in a methodological manner.
Foot-printing is a first step that a penetration tester used to evaluate the security of any IT infrastructure, foot-printing means to gather the maximum information about the computer system or a network and about the devices that are attached to this network. this may include :

• Accessible hosts
• Open ports
• Location of routers
• OS details
• Details of services

Scanning and Enumeration 

• Scanning(Port scanning) is one of the most common reconnaissance techniques used by Pentesters to discover the vulnerabilities in the services listening at given ports.Once the IP address of a target system have been identified through footprinting, Pentester can begin the process of port scanning: looking for holes in the system through which you /or a malicious intruder can gain access. A typical system has 2^16 -1=>65535 port numbers, each with its own TCP and UDP port that can be used to gain access if unprotected.
• Enumeration Basically Enumeration is the next process/steps after scanning and it is the process of gathering and compiling username, machine names, network resources, shares, and services and it also involves in active connections to systems and directed queries. The Main objective of enumeration is to identify user accounts or less protected system account resources for hacking.

System Hacking(Gaining Access) This step comes after scanning and then try to exploit all vulnerabilities found and get the access on the target system. This involves the use of some Operating System like BackTrack and and other specialized tools. Here is Tools that can perform the task.  

Maintaining Access (Plant Root-kits and Back-doors) This is the most important stage of penetration testing in terms of establishing the potential damage to the target systems. Here the Pentester install root-kits and backdors on the target system. But What a hacker could and could not do would primarily depend on four influencing factors:

• Architecture
• Configuration of the target system
• Individual skill of the hacker
• Initial level of access obtained

Covering Tracks The final stage of penetration test or ethical hacking is to check whether the ethical hacker can erase or cover the mark that has been created in earlier stages of the test. This is done by clearing all system logs.