Sharing a post written on eve of first anniversary of Energy Labs.
src: Energy Labs Blogs
Let us discuss about injection techniques. Injections are small scripts which tamper with the loops in the security implemented by the administrators and take undue advantage of it. Creating injections require extensive knowledge of the scripting language used. Injections are to be supplemented in background of relevant and accepted data. It may be OBFUSCATED or hidden behind links etc. Common injections used today are made in SQL, PHP, JAVA, PYTHON, ORACLE etc. Depending upon the quality of data to be stolen, the impact level, access point, target field, scripting language of the injection is decided. Servers may be hosted on different operating systems. They may support certain protocols, amends, backgrounds, environments. Thus the injection to be made must be carefully developed.
Let us talk about SQL injections since they are the most used ones in the underworld.
SQL is a basically a database monitoring language. In complex websites with multi approach framework, it becomes very important to maintain database in forms of tables and rows and columns. However, it allows you to output values stored in its fields using injection technique. A detailed explanation about this, I have added in the resources.
A Guide to SQL Injections
Talking about securing your codes and their security, I have already started a discussion about obfuscation of codes and will post in related content every now and then.
Here is the link to it.
An Introduction to Obfuscated Coding
“For a long time now, it is often seen that irrespective of an inside source, private data from the organisations have been sold out in black market of marketing agents. Let us understand this. Private information stored on the company servers, whether privately hosted, dedicated hosted or any other way, it gets stolen by hackers, no matter they had any internal help from employees, or not. In the quest to steal data from a server, hackers had some very common weapons in-hand which were very popular by the turn of the century. It was based on an easy concept, send in crawler scripts and extract the data. At that time, around 2001-02, cyber security was not an urgent issue. Companies that stored data on servers were limited due to lack of open technology and that being a costly affair. Such companies hired trained professionals to secure the servers but on the contrary, they neglected that competition in the market would want to steal the data. So the staff appointed basically concentrated on data management rather data security. This made it very easy for the hackers to carry out their missions.
The revolution came in when such stolen data gained an enormous buying rate in the market, where the buyers were marketing and other concerned officials of other companies. This gave birth to Black-Marketing. Data robbery became a fashion or rather a flourishing business. The companies then started working on securing the data. It was the same time when dedicated hosting and isolated servers came into existence.
Isolated servers are those which have a completed cut off hard-wired line from the source. It means the network which is completely isolated from any other type of network in its vicinity. It means this type of server cannot be accessed from any computer outside its network. Such servers need a physical data receptor to be installed in its root source to be hacked. Or in fancy words, the type of hacking you see in Action Movies. This helps a lot in data security since it is quite difficult to gain access to such machines.
The concept of data intercepting was born when hackers found a way to capture the traffic. Let me elaborate. Whenever you send any query from one computer to another, the signal travels in form of data packets. Just like light travels in form of photons, electricity in form of electrons, Data travels in packets. Now think if someone got access to those packets. He might be able to read the data it was carrying. During login authentication, packets carry your password and id to the server for verification. It means the hacker can read it from there. Well how simple it seems, it is not. First of all, the packets are made in a particular framework which cannot be easily read upon. They need decryption, understanding of different protocols, filtering, de-capsulation, but yes, ultimately they can be read. How it is done? And how such captured packets are read? Well these questions borne answers to a lot of things. Let us see how, for this you can download an application called “Wire Shark” or “Network Miner”. Study those applications and I guess that will answer many of your queries. Now how actually it is done is not an information that should be disclosed publicly but it is something you should find out on your own. Once you master the art of packet handling, I can assure you, there is no server in the world you won’t be able to break into. Hackers made this art of security analysis into a deadly weapon. This ruled that era of hacking where the servers and clients were still on hardware mode. Then came the CLOUDS and that completely redefined the techniques of both, Hacking and Security.
Cloud computing does not allow you to detect the physical location of data. With self-constructing features, clouds rule our technology today. Varying from one form to another, clouds are not completely integrated in our lives. May it be extensive data storage, or connectivity, clouds have proved efficient in many ways. None of our day passes off without using any cloud network. Since clouds have the ability to self-construct, destruct, traverse, they have helped in data security a lot. But this on the other hand has also encouraged the hackers to develop a more advanced way of infiltrating the system. Unfortunately the infrastructure required to do so is quite expensive but yet nothing is impossible. On simple scale, cloud networks can be made a 100% safe from virtual infiltration like malicious codes, malware and injections etc. They can be hacked with physical receptors which take us back to medieval era of hacking. However some techniques are still available to hack into such cloud networks almost but that still gives you partial access. Full access is quite difficult since the server cannot be easily located.
Data interception works like intercepting pigeons in olden days. Kill the pigeon in mid-flight and duplicate the data. Interpret it and here it is. Ready to bombard some other place. For a long time, data interception has been a key aspect of hacking clients as well as servers. But the ways change. The use of obfuscated coding, hacking into codes and scripts has reduced to 10-20%, code breaking is not a simple act of fool now. And for then data interception is the way one can think of hacking easy way. Codes cannot be easily broken, the server cannot be easily broken into by injection and data interception thus gains importance and a major issue worth worrying about by security consultants. Where data protection is greatest priority, millions of dollars are being spent on such programs to secure data and thus it has evolved into a major industry.
“First of all, let us understand what actually is meant by safe-browsing. When you install any antivirus like quick heal, it installs an extra feature called safe-browsing. You click on that and a browser window opens with a fancy green border. What actually it is? We have seen in our earlier post that a person trying to harm you will generally target you with a cookie grabbing script or phishing page, or a malware. But what this safe browsing does is, it scans the pages thoroughly before loading. It checks the certificate licences, action links and authentication etc. before loading the page. This involves a series of steps. The target page is first loaded in the temporary mode, access by super user. Then it looks up all the action buttons on the page, all the scripts. The incoming and outgoing data – local as well as terminal. The links are then matched with those in the signature. If any redirections are found, they are scanned too. Then a final cross check is done with the main server of the provider, in this case Quick heal, for any threats reported in that website. Then a malware search is done. This part is tricky where the crawlers scan through all the scripts running on the page, may it be php or Java or any other. The actions are thoroughly scanned. During this complete process if anything unwanted is found, the user is prompted and action is requested otherwise. This is a general functioning of any safe browsing service provider.
But is this really necessary? Do you actually need such tools to stay safe? Of course you cannot manually do all these checks but there are some things you can take care of which can protect you from a lot of threats. The first is all but same: Do not click on unwanted links. This never changes as anyone trying to harm you, just needs one opportunity, one chance to strike. Once you give it, you are at his mercy. Secondly you should use only those add ons for your browser (if you use) if they are taken from a trusted source, like the chrome web store or the Firefox official store. Or other browser portals. This will make sure a lot of things. Some scripts can be made such that they only come in action only when triggered by certain service running on your computer. And this is the foundation of a botnet network which will see in future posts.
Next you should know how to investigate links sent by anyone. How to check if there is actually any embedded script running behind it. For this, I will show you a simple way. If you come across any such link, don’t click it. Instead copy the address and open any advanced text editor like MS Word. Then right-click on that link and there must be a hyperlink option. Click on that and you can see the visible text, background text there. If you see any background text, it means you were in trouble but you just avoided it. Congratulations! If not then it means the link is safe to use LOCALLY. You never know what data is hidden inside the page which will be loaded when you click it.
Next thing you can keep in mind is to avoid as many integrated apps as you can. Integrated apps means those which allow you access using credentials from other websites. Like Facebook browser games, untrusted forums etc. they actually do not get your password from Facebook but there are other ways in which they can harm you. Limit your auto-posting. Means posts made on your name by many applications, games you play on different websites. You never know what actually they are posting. These websites are marketing under your name. In many cases, you surf pictures on other websites/apps and they get posted under your name on all social networking websites you have integrated. This is highly unsafe.
Safe browsing means the art of surfing the internet without disclosing private information that is supposed to be hidden. Technically when you surf, only the RETR and STOR requests should be transmitted. This concept dates back to the days when internet was invented. But the changing user group, market, needs and demands, this has changed a lot overtime. Nowadays, any smart person can retrieve as much information as he wants about you from the internet. This means it is now at the personal level about how to secure yourself. One thing you should always remember, “Anything once stored on internet, remains PERMANENT. It is never lost.” This includes any photos, videos, emails, messages etc. The only difference that it makes is, once must know to look at the right place. Stay hidden and anonymous. It doesn’t mean you should avoid social networking. But it means you should know what you are doing. Nothing which can be used to harm you should ever be put on the internet.
Let us see on the technical side of it.Whenever you put on a query to traverse a webpage, you allow the webpage to get access to certain services on your computer. This includes your network transfer, editor, video/audio plugins etc. All of them can be easily used to damage your system critically. One simple script can induce so many malware into your system that it makes it actually too difficult to restore. Many a times, hackers own bot-net networks. What actually is botnet is will explain in future posts but let me spoiler some information. A botnet is his private collection of systems that he can use anytime as his hosts, clients, victims, or launch pads for other projects. Make sure you don’t become a Launchpad for anybody. A webpage is a combination of a series of embedded applications, working at the command of one server. Your machine is at the server’s mercy when you browse it. Make sure you keep up the “status quo”.
You can use some add-ons in your browser to keep you safe. They are trusted and handy. You can always look them up in your browser web store. You should have an anti-phisher, no-script, http-header, cookie editor (with locking features), master auto fill app, password manager, anti-malware, a good antivirus, anonymous proxy/vpns provider etc. These are some useful add-ons, names might differ from browser to browser but their task is similar. Having them handy can save you from many threats.
Lastly I would like to tell you that when you are surfing on the internet, you are connected to infinite number of people with infinite ideas in their minds. You never know their intentions. And when you surf, you are open to all of their thoughts. 90% hacking is result of unsafe browsing. One mistake is all that is needed.
ALSO if in any case you fall victim to a trouble, pray that the person abusing you is a HACKER with BRAINS. So he knows what he is doing. If it a work of a NOOB SKID, you are literally finished. He never knows what he is doing and he can actually do serious harm unintentionally. And you know that strikes worse.
“On our journey to a secure future, we must first understand the potential threats. We know that we need to be safe but safe from what?? A hacker can have countless approaches. There are almost a hundred techniques to hack someone, maybe his account, website etc. So in this post we will talk about the points of attack and some common basic methods of hacking which the non-potential threats might know about.
Let us think about how any connection occurs.
Starting with a simple example of a Facebook example.
Attack Points: (Personal Level)
These are some common points of attack. Some others are like:
A hacker has to first target as to where she/he is going to strike. Is he somehow going to try extract it from you? Best possible way to get through anyone’s account. Let us elaborate it.
You don’t really think that he is going to ask you your password and you are going to say it straight away. Well that never happens (assuming the person is not totally dumb). He is trying to get your password some way or the other. How??? Phishing Technique is one most common answer. He will modify a login page which looks exactly like the original Facebook page with some tweaks on it. Means the details you enter there instead of going directly to the Facebook server is now in the hands of the hacker. This is a very wide-spread technique since it is easy to make such pages. Of course with coding knowledge. Second most commonly used way is “cookie-grabbing”. Let me explain this. Any website which allows you login needs to know that every query coming from your end is authorized. Now in some extremely important events, they directly ask you to enter your password to authorize it but in rest of the events, they don’t bother you with entering your password again and again. Instead they store a cookie on your system. A cookie is an authentication script which is attached with every query you send to a server which makes it understand that the coming query is authorized and should be given a progressing response. Now a hacker can code a script which can duplicate your cookies and send it to him wherever he wants and later he can use them. Now generally these cookies have a time limit after which they are useless but using that cookies and some tweaking he can keep using it forever or even change your password using it.
Moral of this is: “Never ever click on random links. Unless you are completely sure of it.”
There are a lot more ways to get your login credentials from you. Let us not focus on that for now. I will explain it in next parts.
There are various ways to hack into the transmission way and the point of input targets. I will explain many of them in my upcoming posts about ways to hack and to get secured. Working on it 😛
Ok. So back to topic about Recon on Hackers.
Reconnaissance is an art. It deals with identification of the target, getting all necessary details about the target which includes his IP address, username of the id targeted etc. Now this is something you cannot prevent. A smart hacker always knows his way around. He can later identify you easily, come in contact etc. Then comes the art of social engineering. He will scavenge through all your available pics, friends, identify trusted people, know your real interests etc. In this way he can somehow guess answer to your security question.
A quick tip: If your security question is you mother’s maiden name, put her cell no. instead of real name, or something like that. It will prevent anyone from guessing your answers.
Ok so, after he has gathered information about you, he might start talking to you, eventually slip out a link you might not be able to resist and eventually click it and there you are, one mistake and you are BUSTED!! Manage your information. Avoid sharing too much on websites which you cannot completely trust.
There are ways you can avoid getting scammed like that. The first step being identification of the threat. You should be able to identify people whom you do not trust but you know might come back on you when time permits. A person slipping in too many links and forcing you to see something is a threat. A very important thing is to keep managing your friend list, do not add people you don’t know and this will solve a lot of your problems. Identifying such people who pose a threat to you or others in some other way and you can take another step towards being safe.
“When the world is changing so fast and technical awareness about computers and other advanced stuff being projected now and then, an average person surely has a dream of possessing a ‘Iron Man suit’ for himself or a ‘BatMobile’, but will that suit be really secure with him??? Even if a multi-billion dollar Corporation commercialized it for some punks with nasty pockets, would they be able to handle them. At the current security levels, of course NOT. At present the level of security in reach of common people or so-called “Technically Aware” people is so primitive that it is a matter of about 10-15 mins to get into anybody’s email or Facebook, to hack into his computer using Botnet spyware or even throw him off the records using a simple “Penetration HarMone”. So the question remains, is he really ready, the common man for the next generation of intelligence, automation and technology. Corporations are focusing today on better and better products everyday, increase profits or so-called level of human civilization but they should also think is he ready for this??
Let me introduce you to a series of articles I will be posting here, “A Walk to Secure Future”.It will be based on how to be safe on the Internet.
Leap of faith is actually that momentary transition between logic and belief. The point where you want something so badly and your logic ceases to help you out in that situation or particular that moment and you leave everything to fate based on the beliefs you hold. And such leaps are definitely risky. But then again, what’s the fun in a safe and tidy life. I too was standing at a junction where a lot of pieces needed to fall in place only then it could work out. With zero experience and practically in a group of strangers I had to overcome my own demons and start believing others. Something which I was definitely not good at. Why? Don’t know. Maybe I was too cautious to take risks. Maybe I was too cautious to fail. Maybe I was too obsessive about getting it right the first time. There is nothing wrong in that but sometimes the worst cases fill your mind with so many demons that delegating important stuff becomes very difficult to assimilate.
But with nothing to lose and everything to gain, I took that risk. It took some time but I started blindly trusting my team. Many times I got disappointed, many times got overjoyed. And this hasn’t stopped yet. But what encouraged me to take that leap was the belief I was still holding to. The belief that didn’t allow me to lead a cautious and normal life. The belief that I could do something better than everyone. The belief that I could make a huge difference somewhere. And frankly my leap has been quite exciting. The magical transition where work turned into friendship. I gained a lot, lost too. But my team always sticks around. We are one crazy pack of people who just refuse to give up. And it wasn’t just a leap for myself. It was a leap to everyone around me. A leap to trust some lone wolf from out of the pack to lead it.
Leap of Faith is important since it gives you an opportunity to experiment with yourself. The most basic birth right of man. To experiment. And why is it important to experiment? Because it makes sure that you don’t die. The day we stop experimenting with our lives, we silently creep into nothingness. Our lives start becoming miserable. Who said there is anything wrong with it. But what’s the point of it?
But when do you decide that you have to take that leap of faith? You do it when you see nothing new happening in your life. That your life is becoming like a pool of stagnant water. When you see mosquitoes biting around it. When you see there is nothing to worry about while that transition happens. When you desperately want all the pieces to fall in place. But that doesn’t mean it guarantees anything. It means life just gave you a shot. You just need to land safely. Deploy your parachutes at the right time. And there you are, sitting comfortably on a heap of hay.
And what did we gain out of our leap? One hell of a journey yet. Money, Fame, Respect, Importance, Friends, Rivals, Failures, Success, some hell of achievements, celebrity status in some cases.
And equally important question. What did we lose? We lost a lot. We lost our laziness. We lost our irresponsible behavior. We lost our procrastination. We lost some relationships too. But what the hell. When we look back at these last 11 months. Was it all worth it? HELL YEAH!
Sometimes fate plays a very strange prank on you. Sometimes you have people in your life you are ready to go to any heights for them. Sometimes some people exist in corners of your subconscious life whom you never know will rise to being one of your closest confidante’ in just a matter of 15 minutes. The world that opens up after that is just beyond belief. The world which unfolds before you is something you wanted to create for yourself in just about that exact time. And some people who once meant the world to us diminish in the black hole made of nothing. This transition is something which happens when you take your Leap of Faith. The leap of faith maybe that one small thing called a phone call that can change your life forever. The person on the other end of the call is that who might be the last on your list. Maybe not even on your list.
There was this one particular phone call I received on August 14, 2013. That one small thing changed the entire way of my life. That one phone call gave me the boost I wanted. That was a kind of miracle I was awaiting to happen. And the person on the other side of the line was not even on my list. That person, is one of my dearest and closest friends today, equal partner in good and bad, among the very few I can trust blindly. That guy who started everything with an idea. Who found everyone and who nurtured them. Helped and Supported and Stuck around always. That person on the other line was someone I never spoke over phone, never knew anything about him apart from his name. Didn’t even have his number. So yeah, my first words were, “Who’s this?” when he called. That person was Ahaan Pandit. This person made me understand what exactly “Faith” and “Trust” means.
What happened after that phone call was my Leap of Faith.