HIJACKING SSL

""SUCCESS IS ONLY OUR M**** F***** OPTION""

Lovers Of Hackersbay.in, How you all Doing Today…Hope you all Doing Good,Today I am Gonna Show You How To Crack SSL Certification Sites, Where U all PAY Bucks To Buy Stuffs..Lemme Take Yoy Through…

Before We Get Into..!! Let Us Know What Is SSL STRIP:
The SSL Strip Works By Watching All the Http Traffic, When a User Try to create Https Connection, SSL Strip replace the http By Https..And Persuade The User He was Connected To a HTTPS Connection..! You May B Posted Some Fuckin Warnings Ba ur Browser..Like “Page appears to be invalid “ Or “Link was Broken” or “404 Timed Out” Or “Server Not Responding” My Niggas Don Mind Keep your Movin ON.


What The Author Of The TOOL Says:è
The author of the tool Moxie Marlinspike says:”” This tool provides a demonstration of the HTTPS stripping attacks that were presented at Black Hat DC 2009. It will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, and then map those links into either look-alike HTTP links or homograph-similar HTTPS links. It also supports modes for supplying a favicon which looks like a lock icon, selective logging, and session denial.””
A https Padlock Will Be Spoofed On the URL Bar, Amd Make The User Believe He/She Fuckin With Secured Website..LOL..!! And a SSL Connection Has Been Created Which Aint Be Pierced..!!

FLAW IN SSL AS PRACTISE:
Researcher Have Used 3 Techniques To Bring This Operation Success..! FAKE LEAF NODE CERTIFICATION . NULL CHARACTER ATTACK , MAN-IN-THE-MIDDLE ATTACK…We aint Gonna Discuss About this Shit..Coz a Person Who Buys a Car Don Need To Kno The Cars Tech Like TURBINE POWER, FUEL INJECTION TECHNIQUES, Enigines CC..Etcetra..!! If He Knows To Drive that’s Hell a Lot Enuf..Like Guys if u Can abl 2 Understand n Deploy..More Than Enuf.. !!
Here Is a Concept, For SSL Connection X509 Certificate is used To Authenticante a Person to Logging in His SECURED SERVER(Lmao).. !! If u are Log in to www.paypal.com.

They don fuckin care whether ur Requesting Into anything.paypal.com OR something.paypal.com..!! Wateva the page in Noob Lang.. X509 Certificates are formatted thro ASN1 Notation..! PASCAL Lang used By ASN1.. Pascal Will Consider the NULL as Character..! this is the Flaw.

So Signing a Request Like www.paypal.com \ 0.paypal.com Will be treated valid by authentication Servers. Coz the prefix can be ignored by servers..!!

If u guys any Doubt in Rejecting “0” Shoot ur Comments I have a real time Example that will Help u Understand Better..! the Blueanarchy.org can create a Fake Cert and use as Paypal.com and Use it..!

PERFORMING THE HIJACK ON WINDOWS:
Using the SSL Strip On Windows iz Similar 2 Using In LINUX..!! But LINUX Has Inbuilt FIREWALL , PORT FORWARDING mean If there is a Traffic On a Port While The Data is Travelling it has been Redirect 2 Another Port..! BUT Ma Man BILL GATES Forgot to Consider Tis Shits While Constructin His OS`s.
So We Make it as Manual .!!
Turn ur Machine Into IP FORWARDING MODE.
Riderct ur HTTP traffic To SSL Strip.
Now Run Ur SSL Strip.
Perform Arp Spoof to Decieve Ur network that all Traffic Has Been Pass Away Ba You.


PREREQUSITE:
Install Python , And SSLStrip is a Python based tool. You need two machines running Windows on same LAN- one for attacker, another for victim

Step 1:
Enable IP forwarding on Attacker’s Machine
Get the hacker machine into acting as a router as it
needs to forward all the traffic coming to it to outside
internet.
• Start Registry Editor (Regedit.exe).
• In Registry Editor, locate the following registry key:
• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
• Set the following registry value:
• Value Name: IPEnableRouter
• Value type: REG_DWORD
• Value Data: 1
• A value of 1 enables TCP/IP forwarding for all
network connections that are installed and used by
this computer.
• Quit Registry Editor. Restart the PC.

Step 2:
Set a firewall rule that forwards HTTP trafc from the victim to hacker’s machine for modification:
It tells all HTTP traffic from victim, coming on port 80 of hacker’s machine to redirect it on port 10000 on the same hacker’s machine. Port 10000 is used by SSLStrip tool by default..if u don find any utility to set a new firewall rule Visit Kenneth Xu (http://
kennethxu.blogspot.com) and fetch it..! Java based TCP/IP port forwarding utility – (Download here http://code.google.com/p/portforward/downloads/list)

C:\>java -classpath commons-logging.jar;portforward.jar org.enterprisepower.net.portforward. Forwarder 80 localhost:10000
This command forwards all HTTP traffic received on port 80 of Hacker’s machine to port 10000 of the same machine. SSLStrip runs on port 10000 by default

GOT INTERSTING..!! If u are a Die Hard Hacker U Must Be, I kno To Be a Hacker, It Takes Years , And Matters Full Of Brain n Passion in Wat He Do.! Lemme Come to Topic..
Step 3:
ARP spoof the target traffic to redirect to hacker’s machine Suppose the Victim machine’s IP is 192.168.1.10 and IP of the gateway is 192.168.1.1. It will poison the victim machine (192.168.1.10) MAC table and instead of sending the traffic to Gateway (192.168.1.1) it will send to the hacker’s machine falsely assuming it as the real gateway.Run the following command on attacker’s machine
arpspoof –t 192.168.1.10 192.168.1.1
It Will Update The Update The ARP Table Of Victim Machine.
Step 4:
Run SSLStrip on hacker’s machine:
Run the following command on Hacker’s machineè
python sslstrip.py -f lock.ico
You can see the log fle in the SSLStrip installation folder for logged credentials.The SSLStrip will log all the traffic coming from Victim’s machine and strips the all the SSL link (https://) to http:// between the Victim and Hacker. Thus the traffic between the Victim to Hacker is transparent and in clear

View page source can also reveal that links are stripped of SSL:
..
Gmail on http: see Figure 7

****IMP Look Up The URL BAR Guys…!! Fuck The SECURITY..! FUCK THE WORLD..!!
An example of Log file of SSLStrip, Passwords logged: see Figure 8.

Guys There We Are…!! Have Spent Some time Get to Know About SSL Stripps Where are Other Guys Was Spendin Time Thinkin About Wen Their GIRL FRIEND STRIPS OFF HER CLOTHES For them..! He he he.. Jus For Kiddin..LOL…!!
GOSH ..!! My Back Hurts !!
Materials Refered, I just gave d cream ,And For Ur Future Reference As Well..If u wanna Kno In Depth Info Fetch the Research Papers Wat I fuckin Gone Thro To Put in ma Own Sentence..! Here They Are…=è
SSLStrip tool:
http://www.thoughtcrime.org/software/sslstrip/
http://www.thoughtcrime.org/papers/null-prefix-attacks.pdf
http://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf


This Contents Are Strictly Belongs To The Property Of (hackersbay.in)-> HACKERS & Also d techie Who Helped To Bring this Paper To Our Readers Nilesh Kumar, A Nerd From HONEYWELL TECHNOLOGY, Bengaluru….!



.

Read More

Analysis of a PDF attack:

Our Research Papers Are ripped and compiled by the way even n00b can understand if u go weird about somethin.y shyin drop comment and share it..!! Yeah Here is thhe Picture """Hacker Found a Loophole In Adobe Reader So He Hided The .exe Files With PDF Book, There s another Hacker Who Found A LoopHole In Playin Vdos In Adobe Reader “These r the News , We Often Hear”, And If You Ask Me Why Its Coz, Almost Every Month Adobe Fixes D Issue Our Guys Start To Find A Exploit,, And it makes Global Noobs To get freakin Scared , There FOXIT READER Understand The Opportunity And Marketed Their New PDF Reader, Guys TRUST ME..!! Foxit has Lotta Mother Fuckin Options Wen Compare to the Adobe…!!!

So How These Hackers Tryina Find Exploits In PDF, over the past twelve months, the following scenario was developed to highlight methods used by attackers to extract corporate secrets from a victim organization. Not every attack follows these steps in this order. However, this scenario illustrates some of the most common and damaging tactics used against commercial and government organizations today.

Here We Goè

Step 1: The attacker begins by using powerful free attack software to create a malicious PDF file that containsexploitation code. If this file is opened on a victim computer with unpatched PDF reader software, this code will execute commands of the attacker’s choosing.

Step 2: The attacker loads the malicious PDF file 2 a third-party website.The attacker then loads the malicious PDF file on a publicly accessible website.

STEP 3 : The attacker now sends e-mail to high-profile individualin the target organization, including corporate officers.This message contains a hyperlink to the attacker’s malicious PDF file on the external Web server. The e-mail message is finely tuned to each target individual with a focused effort to get the recipient to click on the link. some other trusted site. The attacker does not includethe malicious PDF file as an e-mail attachment, because such attacks are more likely to be blocked by e-mail filters, anti-virus software, and other defenses of the target organization.

Step4: The victim inside the targeted organization reads the e-mail, pulling down the attacker’s message with the link to the malicious PDF. The user reads the e-mail and clicks on the link.

Step5: When the user on the victim machine clicks on the link in the e-mail message, the victim’s computer automatically launches a browser to fetch the malicious PDF file. When the file arrives at the victim computer, the browser automatically invokes the PDF reader program to process and display the malicious PDF file.

Step6: When the PDF reader software processes the malicious PDF file for display, exploit code from the file executes on the victim machine. This code causes the system to launch an interactive command shell the attacker can use to control the victim machine. The exploit code also causes the machine to make an outbound connection back to the attacker through the enterprise firewall. Via this reverse shell connection, the attacker uses an outbound connection to gain inbound control of the victim machine.

Step 7 : With shell access of the victim machine, the attacker scours the system looking for sensitive files stored locally. After stealing some files from this first conquered system, the attacker looks for evidence of other nearby machines. In particular, the attacker focuses on identifying mounted file shares the user has connected to on a file server.

Step8: After identifying a file server, the attacker uses the command shell to access the server with the credentials of the victim user who clicked on the link to the malicious PDF. The attacker then analyzes the file server, looking for more files from the targetorganization.

Step9: Finally, with access to the file server, the attacker extracts a significant number of sensitive documents, possibly including the organization’s trade secrets and business plans, Personally Identifiable Information about customers and employees, or other important data the attacker could use or sell.

I Hope Guys You Liked The Scene Behind PDF Exploitation Steps, No Hesitation…!! Lets Share it..!!! This Contents Are Strictly Belongs To The Property Of (hackersbay.in)-> HACKERS

Read More

How to Secure your Wireless NETWORK:

Niggas, Wereva We GO Some Bullshits, Followin us Freq Doin DoS attack against us, But we never gonna back DOWN..We got 20k hits in a matter 0f one week..it shows our Victory..And Unique Content..!! Back to Business
Lemme take yo thro how to keep ur Wireless network secured if u donn wanna mess up or gettin fucked by some b*****…!

Before to Drive a Truck, Lets learn how to drive, and Wats in it..!! Here are the few Terminologies, You shud know About Wireless networked systems..!! if u don understand this underlyin concepts, it lll be a hard time for u to guarding yo Wireless network..

 SSID: (Service Set Identifier) If u having a wireless router or modem or any shits..the Hardware must have SSID(Like Namin a New born Baby, Yo can name ur Router How it wann be called ba others,But If u take any BSNL Connection Wi fi ASDL Modem Comes With SSID name May be second name of yo father) , Router has a

Device Burned With MAC &SSID Found in the Picture(WANADOO-02DB)
functionality that it can broadcast or stealth broadcast Which means if u scan for wireless networks u often find networks in Broadcast mode (I.e Tikona 1800 204 3333)Like that…In stealth Broadcast we cant identify the wireless network.. MODEM Don have this fuckin option, so that’s y weneva u scan any, u find some home networks modem range..but u can proceed only after Given SSID in the prompt box..!!


 WEP: (Wired Equivalence privacy) this Protocol givea Base level security for all wi fi vendors and system Can benefit from OSI Standardization effort..Tha fat ass option is one can Set in “ON” Or
“OFF”To use this…But Mostly all jerks n Geeks Forcibly set this “ON”

 WPA: (Wi Fi Protected Access) A security protocol tat was designed to secure Wireless Technology and To overcome the WEP Limitations..!! (WPA & WPA2 )


 TKIP: (Temporal Key Intergrity protocol) It’s a More secure version of WEP and it utilize the WPA For Network Security, It uses Some Diff kinda Algorithms than WEP, More trusted Encryption tunnels.(But trust me, most admin will not use this, But the Company Security policy wants to maintain diff security scheme for each heirerachy of the employes in the Org…Admins will deploy this feature)

 MAC: (Media Access Control) Its used to get Multiple access in a Networked Environment,But MAC Address is a 12Digit Hexa decimal number that is associated with Network adapter, MAC Address is unique to each IP Address…(00-12-FA-WE-3R-TR) First 6 digits Says 00-12-FA Manufacturer Code Which say Network Adapter belongs to Whom, And next 6 digit Was assigned to unique Persons WE-3R-TR.

 DHCP : (Dynamic Host Configuration Protocol)  its one of the inbuilt features of Router..It services for the User who restarts the system, Generates the fresh IP address to them to frame the Device address in the network

YOU ARE UNDER COVER:
Whether you are in Wired or wireless Environment..Yo are under Scan by some1 eye, TCP Monitor Or Any one Can use Sniffer tools like packetyzer to and can read your communication Coz all the transportations are not encrypted..
POSSIBLE ATTACKS: EAVESDROPPING(Installing Malicious tools and Make ur machine as a listener, And he hacker gets all packet information coz it was redirected by him to server)
DoS Attacks Injecting Noise Or Interfrences in the wireless network Infinitely, Cause inturn Denial for particular service which tey Requested,Remember A Hacker Can Extract the SSID name of the network in Response to His ICMP Packets..This gives u a Glimpse of Dos Attacks
YES NIGGAS..! SECURE IT BY NOW…..
[i] 3 Scenarios about Yo And Ur SSID:
 Yes we can, Set the SSID Manually
 When yo Buy a Router it Burned With MAC Address, And SSID That is always as “default” name
 Manufacturer of Router Provides a methodology to change ur SSID To secure the Network, Follow that,And Change it With Mixed Alphas Like THIS(H4CK07IC)


[ii] WEP Encryption “TURN ON “ For GodSake..
WEP Encrytion is the standard Encryption scheme for all OSI Network Complicance Products, It comes With Encryption, But doesn’t” TURNED ON” Automatically, Do it And Change all the defaults in the Newly purchased Router..So yo have changed SSID, And Turned On WEP…. I Assume.

[iii] MAC Address Filtering Set ur MAC Address Not Broadcast

This can be done by Entering your MAC Address into your Network access point devices.Doin this Ensures Great level of security..

[iv] DUMP THE DEFAULTS  Change all your defaults passwords.And keep this Security checklist With you…! Which also Includes Changing the Default Subnet that is 192.168.1.0

If you don’t experience routine changes in your network,once in a 3 months keep this checklist and review how your network security is Doing ! Such check ups not only help you to check its tampered or not , But help you to have a peace of mind that you all doing well By Showing ur middle finger Who tryina gain acess..!!

Drop yo comments to interact !!

Read More