comics software and other stuff

SESSION HIJACKING

What is Session Hijacking ?

Session hijacking is the act of taking control of a user session after successfully obtaining or generating an authentication session ID. Session hijacking involves an attacker using captured, brute forced or reverse-engineered session IDs to seize control of a legitimate user's Web application session while that session is still in progress.

TCP session hijacking is when a hacker takes over a TCP session between two machines. Since most authentication only occurs at the start of a TCP session, this allows the hacker to gain access to a machine.

Techniques :

There are mainly three methods used to perpetrate a session hijack. These are:

1. Session Fixation:

The session fixation attack is a class of Session Hijacking, which steals the established session between the client and the Web Server after the user logs in. Instead, the Session Fixation attack fixes an established session on the victim's browser, so the attack starts before the user logs in.

For detailed info on How Session Fixation works click here.

2. Session Sidejacking:

where the attacker uses packet sniffing to read network traffic between two parties to steal the session cookie. Many web sites use SSL encryption for login pages to prevent attackers from seeing the password, but do not use encryption for the rest of the site once authenticated. This allows attackers that can read the network traffic to intercept all the data that is submitted to the server or web pages viewed by the client.

1. First the attacker uses a network sniffer to capture a valid token session called Session ID.

2. Now he manipulates the token session to gain unauthorized access to the Web Server or hijack the victim's web session.

For detailed info on How Session Sidejacking works click here.

3. Cross-Site Scripting:

The attacker can compromise the session token by using malicious code or programs running at the client-side. If an attacker sends a crafted link to the victim with the malicious JavaScript, when the victim clicks on the link, the JavaScript will run and complete the instructions made by the attacker. The example shows how the attacker could use an XSS attack to steal the session token.

For detailed info on How XSS works click here.

Protection :

1. Regenerating the session id after a successful login. This prevents session fixation because the attacker does not know the session id of the user after he has logged in.

2. Some services make secondary checks against the identity of the user. For example it will change the value of the cookie with each and every request.

3. Users may also wish to log out of websites whenever they are finished using them.

4. Encryption of the data passed between the parties; in particular the session key. This technique is widely relied-upon by web-based banks and other e-commerce services.

Happy Hacking...Enjoy...

For educational purpose only...Do not misuse it...

NETBIOS HACKING

Now I will show you how to hack a remote computer and gain access to its hard disk and printer...This technique is called NetBIOS Hacking...NetBIOS stands for Network Basic Input Output System...It was originally developed by IBM and Sytek as an Application Programming Interface (API) for client software to access LAN resources...By default it runs on port 139...Ok, let's start NetBIOS :-)

1. Goto "start" and click "Run"...

2. Type "cmd" and click "Ok"...the Command Prompt will appear...

3. First use "nbtstat" command for manually interact with NetBIOS Over TCP/IP...All the attributes (switches) used with nbtstat command and their usage can be viewed...

Syntax: C:\>nbtstat -n

An intruder could use the output from an nbtstat against your machines to begin gathering information about them...Here 192.168.110.29 is an IP address of remote computer and <20> is nothing but the username of that system...

4. Now in the command prompt use "net view" command....It is one of the netbios commands to view the shared resources of the remote computer...

Syntax: C:\>net view \\192.168.110.29

If succeeded a list of HARD-DISK DRIVES and PRINTERS are shown with the massage "The command was completed successfully"...

5. Now use the "net use" command in the command prompt...This command enables a computer to map a share to its local drive...

Syntax: C:\>net use E: \\192.168.110.29\C

Syntax: C:\>net use F: \\192.168.110.29\Myprint

Syntax: C:\>net use G: \\192.168.110.29\SharedDocs

Here E, F AND G are the Network Drive Names that are to be created on your computer to access remote computer’s hard-disk...And C, SharedDocs are the names of remote computer’s hard-disk drives that you want to hack..."Myprint" is the name of remote computer’s printer...

6. After succeeding your computer will give a message that "The command completed successfully"...Now open "My Computer" you will see a new "Hard-Disk drive" (Shared) with the specified name...You can open it and access remote computer’s Hard-Drive...

Note: You can scan your network computers with a network scanner...I personally used Angry IP Scanner...It scans IP addresses and ports as well as has many other features...Download the scanner from HERE and find the live hosts...If you face any problem just post your comment...

Extract the file using WinRAR.
Password: xtrmhack.blogspot.com

Note: If Remote Computer’s Firewall Is Enabled Your Computer Will Not Succeed In Gaining Access To Remote Computer Through Netbios.

Happy Hacking...Enjoy...

For educational purpose only...Do not misuse it...

Wikitude SDK for BlackBerry 10 OS

With the Wikitude SDK for BlackBerry 10 developers can quickly and easily add an Augmented Reality View to their BlackBerry 10 project using standard web technologies.

Content is created with HTML5 and JavaScript for maximum flexibility
Powerful features to handle Augmented Reality content
Cross-platform development of AR content
AR content can be pre-packaged or loaded remotely on demand
Simple and seamless integration with BlackBerry Cascades project

Wikitude hosting Augmented Reality Development for BlackBerry 10 webcast

If you're a developer who is currently making use of the Wikitude augmented reality SDK for BlackBerry 10, you may be interested in tuning into the webcast lined up for tomorrow. Hosted by Wolfgang Damm, Lead Software Architect from Wikitude, the webcast will cover how to integrate augmented reality into BlackBerry 10 games and apps using HTML5/JavaScript/CSS as well as BlackBerry Cascades. Registration for the event is open right now, with things kicking off on November 20th, 2012 at 11:00am EST. If you're looking to take part, use the registration link below.

Register for the Augmented Reality Development on BB10 with Wikitude SDK webcast
Via: BlackBerry Dev Blog

#opIsrael - Hackers hit Israel with mass Cyber Attack over Gaza

Protesting against attacks taking place on Gaza, Anonymous hackers attempts to hack most of the Israel websites in the past few days. "government and private websites are under siege from hackers, who have mounted 44 million cyberattacks in less than a week", the government said.

Today Pakistani Hackers also deface Israeli Bing, MSN, Skype, Live and other big sites and In counter-attack Israeli Hackers Leak Credit Card Data from Palestine ISP website.

Finance Minister Yuval Steinitz said just one hacking attempt was successful on a site he did not want to name, but it was up and running after 10 minutes of downtime.

Israel said that it generally experiences a few hundred hacking attempts per day. The attacks are reportedly coming from around the world.

Defence force sites have been the hardest hit, while the president’s site has been hit 10-million times, the foreign ministry seven-million times and the prime minister three-million times.

Both sides have been active on social media, with the Israeli Defence Force (IDF) going so far as to live blog some of its manoeuvres on Palestine. Combatants and civilians in Palestine meanwhile have been more active on Twitter, receiving support from hacker collective Anonymous.

Among the group's other high-profile targets were the websites of Israel's Kadima Party, which was taken offline shortly after being hacked, and Bank of Jerusalem. Most of the sites that were hacked appeared to be unavailable, but others displayed pro-Palestinian images and messages.