DevHackersBlog

The concept of session hijacking is an interesting topic among other scenarios. It is basically hijacking of sessions by intercepting the communication between hosts. The attacker usually intercepts the communication to obtain the roles of authenticated user or for the intention of Man-in-the-Middle attack. Session Hijacking In order to understand the session hijacking concept, assume an authenticated TCP session between two hosts. The attacker intercepts the session and takes over the legitimate authenticated session. When a session authentication process is complete, and the user is authorized to use resources such as web services, TCP communication or other, the attacker takes advantage of this authenticated session and places himself in between the authenticated user and the host. Authentication process initiates at the start of TCP session only, once the attacker successfully hijacks the authenticated TCP session, traffic can be monitored, or attacker can get the role of t...

The Metasploit Project is a computer security project that provides information about security vulnerabilites and aids in penetration testing and IDS signature development. Is is owned by Boston, Massachusettes-based security company Rapid7. Is is best-known sub-project is the open-source Metaspoilt Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive and related research. The Metasploit Project includes anti-forensic and evasion tools, some of which are built into the Metasploit Framework. Metasploit Framework. Metasploit is pre-installed in the Kali Linux operating system. History Metasploit was created by H. D. Moore in 2003 as a portable network tool using Perl. By 2007, the Metasploit Framework had been completely rewritten in Ruby. On October 21, 2009, the Metasploit Project announced that it had been acquired by Rapid7, a security company that provides u...

The Dark Web is an area that resides on the Deep Web. Several people confuse the Deep Web and the Dark Web thinking they are the same thing. This is definitely not the case. The Dark Web is mainly accessed via a software client called Tor, which will be discussed in more detail later in this paper. Tor is a special browser that allows you to navigate the Dark Web. One popular use of the Dark Web is in relation to malware. Large amount of malware are using the Dark Web to communicate with their Command & Control (C&C) servers. An example of a piece of malware that does this is SkyNet (Cox, 2015). SkyNet is a trojan that has the capabilities of performing a DDoS attack or mine Bitcoins. It uses Hidden Service provided by Tor to communicate anonymously with its C&C servers. An advantage of using these Hidden Service for C&C communication is that the traffic is encrypted, so it makes the origin, destination, and payload. Another advantage is that the owner ...

Introduction The Internet is like big ocean. The ocean is filled with large continents and islands that people visit. A large continent would be Google, and an island would be the news site for your local newspaper. Every day the average person visits these continents and islands using their web browser, which act as a boat navigating to destinations on the Internet. The reality though is that these continents and islands only make up 4% of the Internet. The rest of the Internet is made up of the Deep Web, which is located under the ocean. The Deep Web or Invisible web is used for both good and bad, while some may assume its use is for illegal purposes. The use of the Internet continues to evolve, and the Deep Web is a big part of that. Internet Usage People all over the world use  the Internet every day. There are currently over 3billion people that use the Internet, more than 1 billion websites, and 3.5 billion Google searches a day. There are also 500 million tweets sent a...

What is VPN? VPN (Virual Private Network) is a generic term used to describe a communication network that uses any combination of technologies to secure a connection tunnelled through an otherwise unsecured or untrusted network. Instead of using a dedicated connection, such as leased line, a "virtual" connection is made between geographically dispersed users and networks over a shared or public network, like the Internet. Data is transmitted as if it were passing through private connections. VPN transmits data by means of tunnelling. Before a packet is transmitted, it is encapsulated (wrapped) in a new packet, with a new header. This header provides routing information so that it can transverse a shared or public network, before it reaches its tunnel endpoint. This logical path that the encapsulated packet travel through is called a tunnel. When each packet reaches the tunnel endpoint, it is "decapsulated" and forwarded to its final destination. Both tun...

Phishing(not fishing🤪), is a very common form of fraud still being used today. What is Phishing? Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, instant messages, or other communication channels. How does it work? The "phisher" or "attacker" falsely claims to be an established legitimate enterprise and uses email to direct the user to visit a website where they are asked to update personal information such as passwords, credit card, social security, and bank account numbers which the real legitimate organization already has. These websites are bogus or fictitious websites, created by "random hackers" but are more likely to be conducted by perpetrators out for financial gain or trade secrets and usually appear to come from a trusted source or from someone in position of authority. Why does it work or continue ...

SQL injection is a high-severity vulnerabiliry. Attackers can exploit SQLi vulnerabilities to access or delete data form the database and do other desirable things. What is SQL injection? A SQL query is one way an application talks to the database. SQL injection occurs when an application fails to sanitize untrusted data(such as data in web form fields) in a database query. An attacker can use specially-crafed SQL commands to trick the application into asking the database to execute unexpected command. One-third of web applications i.e 32% of web applications have at least one SQL injection vulnerability, according to state of Software Security Report. Attackers can Exploit SQL injection vulnerabilities to: Control an application's data-driven behaviour. Alter data in the database without authorization. Access data withour authorization. Anotomy of a SQL injection attack  A SQL query includes an argument , which tell the database to return only the desired recor...

Information Gathering is a phase in which we attempt to gather information regarding the target we are attempting to break into. The information can be open ports, services running, applications like unauthenticated administrative consoles or those with default passwords. I did like to quote Abraham Lincoln - "Give me 6 hours to chop down the tree and I will spend the first four sharpening the axe". In simple words, the more information we gather about the target, the more it will be beneficial to us, as there will be more attack surface available to us. Assume that you want to break into your neighbour's house. You will probably inspect the varied locks they use before breaking-in, this will ensure that you an check the ways to break that lock beforehand. Similarly, when doing a web application assessment, we need to explore all the possibilities of breaking into the web application, because the more information we can gather about the target, the greater chance we...

Wireshark is perhaps the world's most popular network packet analyzer used to troubleshoot and analyze network and application protocols across wide variety of technologies. Wireshark is free, open source, and available for Windows, Mac OS X, Linux, and several Unix-like platforms, and it is continuously being improved and expanded by its original developer, Gerald Combs, and over 500 code contributors.   Wireshark has a rich feature set, including the ability to capture, save, and import packet files in a variety of formats. It provides an extensive filtering capability, detailed protocol information, statistics, and built-in analysis and packet coloring features to help you identify and analyze important events. This powerful analysis capability is available to anyone who is willing to invest a little time to learn Wireshark's basic features and how to interpret a relatively small set of core network and application protocols. Application developers can use Wireshark ...

The actual nutts and bolts of how the internet works is not something a people often stop to consider. The problem with that is the inherent danger of data security breaches and identity theft that come along with the cute dog pictures, 24 hour news updates, and great deals online. But what actually happens when you browse the web? You might be using a proxy server at your office, on a Virtual Private Network (VPN) or you could be one of the more tech-savvy who always use a proxy server of some kind or another. What is Proxy Server? A proxy server acts as a gateway between you and the internet. It’s an intermediary server separating end users from the websites they browse. Proxy servers provide varying levels of functionality, security, and privacy depending on your use case, needs, or company policy. If you’re using a proxy server, internet traffic flows through the proxy server on its way to the address you requested. The request then comes back through that same ...