1169
We believe IT and Cyber Security training should be free, for everyone, forever.
OWASP Top 10 Vulnerabilities
1. Injection
2. Broken Authentication
3. Sensitive Data Exposure
4. XML External Entities
5. Broken Access Control
6. Security Misconfiguration
7. Cross-Site Scripting
8. Insecure Deserialization
9. Using Components with Known Vulnerabilities
10. Insufficient Logging and Monitoring
How is Spear Phishing used in targeted attacks?
Various methods can be executed. Common techniques contain:
▪️An attacker sends an email to their victim. That email may contain malicious URLs or files that the victim will be asked to click or open, downloading viruses or ransomware to their machine.
▪️An attacker sends an email that demands the victim to an imitated website in which the victim is requested to deliver private data such as bank account details or access codes.
▪️An attacker pretends as a friend, colleague, manager, or other delegated entity requesting usernames and passwords to get data that they will utilize to exfiltrate data elsewhere.
What is a Spear Phishing Attack?
▪️Spear Phishing is a kind of deception in which attackers send tailored emails to particular users within a firm. Spear phishers depict themselves as familiar or entrusted individuals or managers, tricking victims into giving private data, transferring money, or downloading harmful malware.
▪️It is important to note that phishing and Spear Phishing are cyber-attack techniques that try to gain sensitive or personal information online. The difference is that the first is widespread while the second is targeted. In phishing, a trickster can transfer one phishing email to numerous recipients at once, throwing a broad trap in attempting to hook targets. But Spear Phishing tries to target weak users by utilizing specific requests and personal information to show confidence.
4) Keylogging
▪️Keylogging. It’s not something you want to mess with. Keylogging is used in targeted attacks where the hacker knows or is particularly interested in the victim. It’s used to target spouses, colleagues and relatives. It’s also used to target corporations and nation-states.
▪️This is a highly complicated technique that requires access or compromise of the victim’s machine via malware. You can find your favorite off-the-shelf keyloggers and commercial spyware on the internet and dark web.
▪️With keyloggers, it really doesn’t matter how strong your password is. The hacker can see exactly what you type in for your username and password. It’s great for gaining access to bank accounts, websites and especially cryptocurrency exchanges and wallets where fund transfers cannot be reversed.
2) Phishing Attacks
▪️If you thought that credential stuffing was bad, phishing is even worse because you are unknowingly giving bad actors your username and passwords.
▪️It’s estimated that nearly 70% of all cybercrimes begin with phishing attacks. For hackers, they love this technique. It works all too well to steal your information for their own use or to sell it to others on the dark web.
▪️How do phishing attacks work? We’re glad you asked… It’s pretty straightforward. Hackers use a ‘social engineering’ technique to trick users into supplying their credentials to what they believe is a genuine request from a legitimate website, vendor, or employer.
▪️Phishing attacks almost always come through emails that contain a fraudulent link or a malicious attachment. When the user clicks on either, the hacker presents a fake account login page where the user enters in their credentials. Hackers may also use other forms of interception which as a man-in-the-middle attack to steal user credentials.
Top Password Hacking Methods
1) Credential Stuffing
2) Phishing Attacks
3) Password Spraying
4) Keylogging
5) Brute Force Attack
Simply typing :help at this point will show you all the things you're able to try right out of the box.
Weevely has more than 30 modules built in, so there's a lot to work with here. For example, file_lsdoes exactly what you'd think, and file_cp might let you copy a file as long as you have worked out yourfrom and to paths just like on a local system. You might be able to grab a whole lot at once withfile_tar, then use cp to have a lot of reading.
There are ways to elevate your rights from within Weevely, so if you have elevated rights on the server, you can do basically everything with it. You might be able to get a few clues on your target system withaudit_password. Just remember to stay on the down-low here, to both save yourself time and effort if you're messing with your own system, and to remain quiet if on other systems.
./weevely.pyhttp://some.websitename.com/myfilename.phpmypassword
Читать полностью…
Access Your Backdoor
The first thing about Weevely that you may notice is that your backdoor.php file running in the web directory, or on the tail end of some other PHP file, doesn't do or show anything in your web browser. That's good! Were this showing up on a site, it would be discovered right away and patched, or possibly exploited by someone else, and we don't want that.
Most sites like this will block uploads of scripts, but not every site is perfect.
Читать полностью…
My info.php will still work as usual, but the script below will remain quite until called upon.
Читать полностью…
Slip in Your Backdoor
Armed with this new PHP script (backdoor.php, in our case), we can now consider a few ways that we can use it. First, if you have access to a server, you can simply copy/paste the contents of your PHP file into another accessible PHP file on the server. For example, a config.php or settings.php file that might be found there. First, I'll copy the contents of mybackdoor.php script with a text editor.
HOW TOSlip a Backdoor into PHP Websites with Weevely
Backdoors are convenient to leave behind once you've already found a way into a server, and they can come in handy for a variety of reasons. They're good for developers who want a quick way into machines they're working on, or for systems administrators who want similar access. Of course, backdoors are also a hacker's best friend, and can be added in a variety of ways. One good tool for doing this is Weevely, which uses a snippet of PHP code.
Weevely will create a terminal on the target server and allow for remote code actions via a small footprint PHP agent. It includes more than 30 modules for administration and maintenance needs, as well as privilege escalation and even network lateral movement. Think of those hosting accounts you use that lock down your access—this can come in handy there, as well as on other servers you've successfully infiltrated.
In this guide, we'll be taking it for a spin on our localhost. You can follow along, or you can get it running on another server where you can do a lot more with it.
Step 1Download Weevely
Weevely can be found built into some Linux distributions, such as Kali. If it's not installed in your Linux system, you can find version 3 on Epinna's GitHub page. To get it installed on a standard Linux distro, there are a variety of ways you can acquire it, including Git, HTTP, and wget.
Download the Git file:
https://github.com/epinna/weevely3.git
Download via HTTP right now in your browser:
https://github.com/epinna/weevely3/archive/master.zip
Download via wget (in your terminal):
wgethttps://github.com/epinna/weevely3/archive/master.zip
If you're running Kali, you can skip this step, obviously.
Step 2Create the PHP Snippet
No matter how you've grabbed the Weevely download above, make sure you have a terminal or shell window open in the directory containing thatmaster.zip file. Assuming you've downloaded it to your Downloads folder, let's go there, unzip the file, change into that unzipped folder location, and do a quick listing to check out the files.
cd Downloadsunzip master.zipcd weevely3-master/ls
You should run the weevely.py set-up file alone to get an idea what's going on here, because the script requires specific syntax, and you can learn about it here.
./weevely.py
Download via HTTP right now in your browser:
https://github.com/epinna/weevely3/archive/master.zip
Download Weevely
Weevely can be found built into some Linux distributions, such as Kali. If it's not installed in your Linux system, you can find version 3 on Epinna's GitHub page. To get it installed on a standard Linux distro, there are a variety of ways you can acquire it, including Git, HTTP, and wget.
Extra advice to help companies to thwart spear phishing attacks contains:
▪️Remind workers to be mindful of emails with uninvited files and links, and send reminders of spear-phishing threats.
▪️Enforce threat intelligence solutions to trace and thwart phishing and Spear Phishing drive links.
▪️Execute phishing understanding training programs to keep adequate security procedures against spear phishing.
▪️Encourage all the employees to notify doubted phishing emails so that the security team can prevent spear phishing movements presently underway against the company.
What is Spear Phishing attachment?
The Spear Phishing attachment is a precise form of this attack. In other words, it utilizes the help of malware attached to an email. All types are electronically furnished social engineering concentrated on a particular user, firm, or enterprise. In this technique, attackers attach a file to the email and depend on User Execution to complete implementation. It may also include social engineering methods, such as pretending as an entrusted authority.
There are many possibilities for the attachment, such as Microsoft Office files, software files, PDFs. Upon clicking the link or opening the file, the attacker’s payload manipulates a vulnerability or instantly runs on the user’s machine. The email message generally endeavors to provide a convincing reason why the file should be opened or downloaded and may demonstrate how to avoid system security to accomplish so. It may also include directions on decrypting the file, such as a zip file password, to bypass email perimeter protection.
5) Brute Force Attack
▪️When you think about sophisticated hacks, you probably visualize scenes from movies like James Bond, Mission Impossible or Borne Identity. Well, brute force attacks are probably the closest you are going to get to a real word James Bond scene.
▪️It’s a good thing that they are among the least used. Brute force attacks are difficult to pull off, time consulting and expensive. Hackers use tools like Aircrack-ng, John The Ripper, and DaveGrohl to attempt brute force attacks on credentials.
▪️There are two types of attacks. The dictionary attack uses every word in the dictionary as the passwords. The tools mentioned above can run and test the entire dictionary in a matter of seconds. The other type involves using the hash of the plain-text password. The goal is to hash as many plain-text passwords as possible to find a match. Rainbow tables exist which list the hashes of common passphrases to speed up the process.
3) Password Spraying
▪️A hacker may only have a list of usernames. This is pretty common. Password spraying is a technique that tests commonly used passwords against a username or account. Examples include passwords such as 123456, password, password123, admin, and others.
▪️You may be thinking that this is similar to credential stuffing. You’re right… Password spraying is very similar to credential spaying. It’s estimated that this technique is used 16% of the time in hacking passwords and accounts.
▪️Most websites and logins now detect repeated password attempts from the same IP. Hackers use numerous IPs to extend the number of passwords they can try before being detected. It could be the top 5, 10, or 100 commonly used passwords.
1) Credential Stuffing
▪Imagine you’re a hacker buying 100,000 usernames, emails, and passwords on the dark web. By the way, those credentials were probably hacked from a weak website, blog, or e-commerce site and then sold on the dark web.
▪Next, you start testing those credentials against other databases to see if there’s a match. For example, you could get your list and start testing it against banks, merchants, and other websites. Once you find a match, you’re in.
▪Furthermore, all of this can be automated. There are tools that test stolen credentials across multiple sites allowing hackers to quickly breach new accounts even on sites with good security.
▪It’s estimated that tens of millions of accounts are tested each day with the credential stuffing technique.
🔹Six tips for landing an entry-level Cybersecurity Job
▪Side Projects: One of the best ways to get experience in the field is to do side projects. You can take courses that will teach you how to build software tools, write computer scripts, give you experience using security software, and many other things that you can put on your resume as legitimate experience. This will provide employers more confidence that you know what you're doing, increasing your chances of getting a job.
▪Internships/Volunteering: Unpaid experience is just as valuable as paid experience, so take any opportunities you can do to internships or volunteer work to build your resume up. This can be at school, church, non-profits, etc. Also, any tech or cybersecurity experience you can get is valuable, whether sysadmin work, tech support, fixing laptops, etc. Early in your career, you don't want to be picky with the type of work. Something is always better than nothing.
▪Use Referrals: If possible, you don't want to go through the front door when applying for jobs. If you can get a referral from inside or outside the company, you should use that. This can be personal referrals like family, friends, or acquaintances, but you can also leverage things like your school's career support center or your school's professors. They may have connections inside a company and can give you a referral that significantly increases your chances.
▪Apply for post-graduate positions: One of the issues I mentioned earlier is competition for jobs. One way to reduce this is to apply for post-graduate employment, where you can only qualify if you graduate from school within a certain period. This limits the number of people you will compete against and ensures that your competition won't have much experience. In addition, many private companies and government positions offer post-graduate work opportunities, and you should target those as someone with not much work experience.
▪Get your resume professionally written: Your resume is the first thing an employer will see, and you want to make a great first impression. Investing a few hundred dollars in getting a professional resume can make a huge difference in its quality. Also, you want to customize your resume and cover letter (which you should write every time) for each opportunity you are applying for. Do not spam out your resume to multiple offers because that is not likely to get you an interview.
▪Do Interview Prep: When you do get that call or email for a meeting, you want to make sure that you are in an excellent position to get the job. The preparation includes doing things like mock to help you prepare for the question you can expect and ensuring that you are answering in a way that will present you in the best possible light. You can also research the most common information security questions to know what you will be asked beforehand and have good answers prepared.
Either way, use Weevely to call out your file and you might see it answering:
Читать полностью…
Nothing shows at the bottom of my info.php file, which is what we want.
What we want to do is open weevely.py on our system again, only this time we're not going to create a file with it—we're going to use it to target the place we put the script that we already created. On my localhost server, with my file, this means:
./weevely.py http://localhost/info.php pazzWurD
If you're not testing this out with localhost, it'd be something more like:
Any way you do it, you want to get yourbackdoor.php file—or the contents of your PHP file—into some other PHP file, on some local or remote server. Once you've done that, it's time to call on it.
Читать полностью…
Another thing you might try is to find a vulnerable website with upload abilities—the kind that lets you share a file or image. Do that, get the link to your file, and you're in business.
Читать полностью…
Then, I'll paste that entire block of PHP code below all the other PHP code on a file running on my server. Here, I'm pasting it below everything in my server'sinfo.php file. I had to use the Vi editor on my server, but if you're little rusty on Vi/Vim, there's a guide here on Null Byte that can help you out:
Читать полностью…
For our example, we'll be using the "Generate backdoor agent" option. Let's make our passwordpazzWurD, and call our PHP file path backdoor.php. We should end up with a file called backdoor.php in the same directory where we're working.
Please note that backdoor.php is not a good name for your PHP file. This is just an example. You don't want to draw too much attention to what you're doing, so make sure to replace both "mypassword" and "myfilename.php" below with something less obvious.
./weevely.py generate mypassword myfilename.php
Download via wget (in your terminal):
wgethttps://github.com/epinna/weevely3/archive/master.zip
If you're running Kali, you can skip this step, obviously.
Download the Git file:
https://github.com/epinna/weevely3.git
HOW to slipa Backdoor into PHP Websites with Weevely
Backdoors are convenient to leave behind once you've already found a way into a server, and they can come in handy for a variety of reasons. They're good for developers who want a quick way into machines they're working on, or for systems administrators who want similar access. Of course, backdoors are also a hacker's best friend, and can be added in a variety of ways. One good tool for doing this is Weevely, which uses a snippet of PHP code.
Weevely will create a terminal on the target server and allow for remote code actions via a small footprint PHP agent. It includes more than 30 modules for administration and maintenance needs, as well as privilege escalation and even network lateral movement. Think of those hosting accounts you use that lock down your access—this can come in handy there, as well as on other servers you've successfully infiltrated.
In this guide, we'll be taking it for a spin on our localhost. You can follow along, or you can get it running on another server where you can do a lot more with it.