Skip to main content

EthiCaL HacKing 0x01

WHY SECURITY?


  1. Evolution Of Technology
  2. Focus On ease of Use
  3. Increase Complexity of Computer
  4. Decreasing Skill level needed for Exploit
  5. Direct Impact of Security breach on corporate asset base and goodwill
  6. Increased network environment and network based application.

With the advent of new technology the bigger companies are shifting their focus to the ease of use i.e how much easy they can make it for the home user to access and use their product.So as we known if we shift our focus to ease of use then the two paradigm functionality and security will be on stake.
Following figure will show change in type of technology which is making things easier so that we do it on our fingure tips:

Dynamic Data Exchange:
The primary function of DDE is to allow Windows applications to share data. For example, a cell in Microsoft Excel could be linked to a value in another application and when the value changed, it would be automatically updated in the Excel spreadsheet. The data communication was established by a simple, three-segment model. Each program was known to DDE by its "application" name. Each application could further organize information by groups known as "topic" and each topic could serve up individual pieces of data as an "item". For example, if a user wanted to pull a value from Microsoft Excel which was contained in a spreadsheet called "Book1.xls" in the cell in the first row and first column, the application would be "Excel", the topic "Book1.xls" and the item "r1c1"
a custom in-house application might use DDE to open a Microsoft Excel spreadsheet and fill it with data, by opening a DDE conversation with Excel and sending it DDE commands

Object Linking & Embedding:
Object Linking and Embedding (OLE) is a technology developed by Microsoft that allows embedding and linking to documents and other objects. For developers, it brought OLE Control eXtension (OCX), a way to develop and use custom user interface elements. On a technical level, an OLE object is any object that implements the IOleObject interface, possibly along with a wide range of other interfaces, depending on the object's needs.
OLE allows an editing application to export part of a document to another editing application and then import it with additional content. For example, a desktop publishing system might send some text to a word processor or a picture to a bitmap editor using OLE. The main benefit of OLE is to add different kinds of data to a document from different applications, like a text editor and an image editor. This creates a compound document and a master file to which the document references. Changes to data in the master file immediately affect the document that references it. This is called "linking" (instead of "embedding"). Its primary use is for managing compound documents, but it is also used for transferring data between different applications using drag and drop and clipboard operations. The concept of "embedding" is central to the inclusion of multimedia in Web pages, such as video, animation (including Flash animations), and audio files within the hypertext markup language (such as HTML or XHTML) or other structural markup language used (such as XML or SGML). Modern browsers may use different embedding mechanisms than OLE.

ActiveX:(COM):
ActiveX is a Microsoft framework for defining reusable software components in a programming language-independent[disambiguation needed] way (i.e. not tied to a particular programming language). Software applications can then be composed from one or more of these components in order to provide their functionality. It was introduced in 1996 by Microsoft as a development of its Component Object Model (COM) and Object Linking and Embedding (OLE) technologies and is commonly used in its Windows operating system. In principle it is not dependent on Microsoft Windows, but in practice, most ActiveX controls require either Microsoft Windows or a Windows emulator. Most also require the client to be running on Intel x86 hardware, because they contain compiled code.



Distributed Component Object Model(DCOM):
Distributed Component Object Model (DCOM) is a proprietary Microsoft technology for communication among software components distributed across networked computers. DCOM, which originally was called "Network OLE", extends Microsoft's COM, and provides the communication substrate under Microsoft's COM+ application server infrastructure. It has been deprecated in favor of the Microsoft .NET Remoting, a part of their .NET Framework. The addition of the "D" to COM was due to extensive use of DCE/RPC (Distributed Computing Environment/Remote Procedure Calls) – more specifically Microsoft's enhanced version, known as MSRPC. In terms of the extensions it added to COM, DCOM had to solve the problems of 
=>Marshalling – serializing and deserializing the arguments and return values of method calls "over the wire".
=>Distributed garbage collection – ensuring that references held by clients of interfaces are released when, for example, the client process crashed, or the network connection was lost.
=>Aggregating hundreds or potentially tens of thousands of references to objects held by clients of interfaces at a single host, into a single "ping" function, in order to minimise bandwidth utilisation.


CORBA:
CORBA enables separate pieces of software written in different languages and running on different computers to work with each other like a single application or set of services.
The Common Object Request Broker Architecture (CORBA)  is an emerging open distributed object computing infrastructure being standardized by the Object Management Group (OMG). CORBA automates many common network programming tasks such as object registration, location, and activation; request demultiplexing; framing and error-handling; parameter marshalling and demarshalling; and operation dispatching.



.NET:
Programs written for the .NET Framework execute in a software environment (as contrasted to hardware environment), known as the Common Language Runtime (CLR), an application virtual machine that provides services such as security, memory management, and exception handling. The class library and the CLR together constitute the .NET Framework.


Service Oriented Architecture:
In software engineering, a service-oriented architecture (SOA) is a set of principles and methodologies for designing and developing software in the form of interoperable services. These services have well-defined business functionalities that are built as software components (discrete pieces of code and/or data structures) which can be reused for different purposes. SOA design principles are used during the phases of systems development and integration.



Web services can implement a service-oriented architecture. Web services make functional building-blocks accessible over standard Internet protocols independent of platforms and programming languages. These services can represent either new applications or just wrappers around existing legacy systems to make them network-enabled. Each SOA building block can play one or both of two roles: 
Service provider: The service provider creates a web service and possibly publishes its interface and access information to the service registry. Each provider must decide which services to expose, how to make trade-offs between security and easy availability, how to price the services, or (if no charges apply) how/whether to exploit them for other value. The provider also has to decide what category the service should be listed in for a given broker service and what sort of trading partner agreements are required to use the service. It registers what services are available within it, and lists all the potential service recipients. The implementer of the broker then decides the scope of the broker. Public brokers are available through the Internet, while private brokers are only accessible to a limited audience, for example, users of a company intranet. Furthermore, the amount of the offered information has to be decided. Some brokers specialize in many listings. Others offer high levels of trust in the listed services. Some cover a broad landscape of services and others focus within an industry. Some brokers catalog other brokers. Depending on the business model, brokers can attempt to maximize look-up requests, number of listings or accuracy of the listings. The Universal Description Discovery and Integration (UDDI) specification defines a way to publish and discover information about Web services. Other service broker technologies include (for example) ebXML (Electronic Business using eXtensible Markup Language) and those based on the ISO/IEC 11179 Metadata Registry (MDR) standard. 


Service consumer: The service consumer or web service client locates entries in the broker registry using various find operations and then binds to the service provider in order to invoke one of its web services. Whichever service the service-consumers need, they have to take it into the brokers, then bind it with respective service and then use it. They can access multiple services if the service provides multiple services.
example:
if you want to check temperature of patiala,then you will type the area code and a request is send to which webservice reply .suppose it replied back with an xml file then it will be converted to human readable form by client application.

Difference Between Webservice ,Webpage,and Portal??
Portal:Inhouse for many websites.like yahoo page which contain so many different thing at one place,info about stock,weather info,news all different links on a single place.
Webpage:it is a formate to make things easily readable by humans
Webservice: A Web service is a software function provided at a network address.

CAN HACKING BE ETHICAL??
Hacker:Who enjoys learning details of computer systems and stretch their capabilities
Hacking:Rapid Development of new program or the reverse engineering of already existing software to make the code better and efficient.
Cracker:Refers to a person who uses his hacking skills for offensive purposes.
Ethical Hacker:Refers to Security proffessional who apply their hacking skills for defensive purpose.
Threat:An action or event that might prejudices security.A threat is a potential voilation  of security.
Vulnerability:Existence of a weakness design or implementation error that can lead to an unexpected,undesirable event compromising security of the system .
Target Of Evaluation:A product Requiring Security Evaluation
Attack:An Assault on system security that derives from intelligent threat.Attack is any action that violates security.
Exploit:A defined way to breach the security of a system through vulnerability. 

Comments

Popular posts from this blog

Install Virtual Box On Kali Rolling

If you facing problem with virtualbox installation on kali rolling edition because of its outdated kernel 4.3.0-kali1-amd64 then this post is for you only.

Step1: Install latest kernel. First search the cache for list of available ones apt-cache search linux-headers
Depending upon the list choose one from the set and install install it.
you can download kernel file using wget from ubuntu source also.
example:wget kernel.ubuntu.com/~kernel-ppa/mainline/v4.4.3-wily/linux-image-4.4.3-040403-generic_4.4.3-040403.201602251634_amd64.deb
for more refer to this post: link

Step2:
Edit the boot entry /boot/vmlinuz-(New Linux kernel Version) & /boot/initrd.img-(New Linux kernel version) in grub menu.

Before making boot entry changes be sure these files exist in the /boot directory after running install command.
In my case following new file got created in /boot folder:

1)vmlinuz-4.6.0-kali1-amd64
2)initrd.img-4.6.0-kali1-amd64

Thats all you need to do to install any virtual software on kali r…

Hacking Windows 10 UWP App: DLL Injection & common Vulnerabilities

I recently started working on  widows 10 Apps( Apps not Applications) security. Before diving deep in hacking terms lets try to understand what's new in Windows 10 UWP( Universal Platform) as compared to old Apps. Lets begin with how apps actually work on windows 10(desktop/tablet). Now windows 10 comes with a container only for running apps inside the isolated environment. By default, /APPCONTAINER(Linker Flag) is off. This option modifies an executable to indicate whether the app must be run in the appcontainer process-isolation environment. Specify /APPCONTAINER for an app that must run in the appcontainer environment—for example, a Windows Store app. (The option is set automatically in Visual Studio when you create a Windows Store app from a template.) For a desktop app, specify /APPCONTAINER:NO or just omit the option. The /APPCONTAINER option was introduced in Windows 8.
Now there is no registry entry concept for these app in the System HIVE rather they install they own hiv…

Assignment 01(Enroll TO Offensive-Security Course)

Steps 1:download the page.
2:open fc4.js in your favourite editor and add following lines in it or just replace it with vode given below.
3:then open the download html file in browser and fill the form with your email and a garbage value string.
4:thats it? it will show you the real security string??
yeah but  ...theirs another challenge waiting for you ... :D

function fc4me(srvstr) {

   if(!document.pleazfc4me.email.value || !document.pleazfc4me.securitystring.value) {
      alert("Please fill in all the required fields!");
      return false;
   }
   else {
      document.pleazfc4me.submit();
    }
   var t=hexMD5("\x74\x72\x79\x68\x61\x72\x64\x65\x72"+srvstr)
alert(t)
document.write(t)
}



Finally Got In :-)