Author: kanishka10

Posted on by

Beginners guide to Bluetooth hacking

Hello, aspiring ethical hackers. In this blogpost, you can learn about Bluetooth hacking. Bluetooth is a short-range wireless technology standard used for exchange of data between devices.

Bluetooth Hacking 1

Bluetooth is mainly used as an alternative to exchange of data using wires. The range of Bluetooth is very short may be over 10 meters.

What is Bluetooth hacking?

Exploitation of vulnerabilities in Bluetooth technology standard to hack Bluetooth enabled devices is known as Bluetooth hacking.

Modes of Bluetooth

A Bluetooth device can be set in two modes. Discoverable and Non-Discoverable.

Bluetooth Hacking 3 1
  1. Discoverable: In discoverable mode, the Bluetooth device is visible to other Bluetooth enables devices.
  2. Non-discoverable: As you should have guessed by now, in this mode, the device is not visible to other Bluetooth enabled devices.

Pairing modes

Similarly, Bluetooth has two pairing modes. They are Pairable mode and Non-pairable mode.

Bluetooth Hacking 4
  1. Pairable mode: In this mode, the Bluetooth device accepts the pairing request upon requested.
  2. Non-pairable mode: In non-pairable mode, the Bluetooth device rejects the pairing attempt.

Various Bluetooth based attacks

Bluetooth Hacking 2

There are various Bluetooth based attacks. Some of them are,

1. Bluejacking:

Bluejacking is the attack in which an attacker can send messages to other users from the victim’s phone using Bluetooth.

2. Blue snarfing:

In this attack, an attacker can exploit Bluetooth to steal sensitive data from the target mobile phone.

3. Bluesmacking:

Similar to Ping of Death DoS attack, in this attack, attacker sends a oversized ping packet using Bluetooth to the victim’s device causing a buffer overflow attack.

4. Bluebugging:

In this attack, the attacker gains access to the target’s device using Bluetooth without target user being aware of it.

5. Blueprinting:

In this attack, the attacker tries to printout the data information of the target user’s mobile phone.

6. MAC spoofing attack:

: In this attack, just like any MAC spoofing attack, the attacker spoofs the MAC address of the target user’s mobile phones.

7. Man in the Middle (MitM) attack:

The attacker places himself between two Bluetooth devices.

Impact of Bluetooth hacking

Bluetooth attacks can lead to various threats. These include,.

  1. Leak of calendars and address book.
  2. Sending spurious SMS messages.
  3. Bugging devices.
  4. Sending premium messages.
  5. Social engineering
  6. Installing malicious code
Posted on by

Complete guide to web server hacking

Hello, aspiring ethical hackers. This blogpost is a complete guide to web server hacking. To understand web server hacking, you need to first understand what is a web server.

What is a web server?

A web server is a server that serves webpages. Every organization nowadays definitely has a website which is important for their business. To serve these websites, web servers are needed.

Structure of a web server

Web Server Hacking 1

A webserver consists of both hardware and software components. Examples of popular web server software are Apache, NGINX, Microsoft IIS, Lighthttpd, node.js, Apache Tomcat and LiteSpeed etc. To store data, web servers use a database. Most popular databases in use are MySQL, Oracle, Microsoft SQL Server, PostgreSQL, MongoDB, Redis, MariaDB, Splunk, SQLite etc.

Web pages on the web server can be accused using web clients which are also called as browsers. You already know about various popular browsers. Typical web server uses various languages to build a website. The basic languages and their purpose are given below.

Web Server Hacking 2

What is web server hacking?

Hacking or compromising of a web server is known as web server hacking. Web servers provide easier access to a company’s network as nobody is blocked from accessing a web server. So, a vulnerability in web server can easily provide hackers access to the company’s network.

Web server Hacking Methodology

The methodology of web server hacking is similar to hacking anything in cybersecurity.

1. Information gathering / Footprinting:

This can be done by whois footprinting, DNS footprinting, website footprinting and banner grabbing.

2. Scanning:

This includes port scanning, service scanning and vulnerability scanning with Nikto and other tools.

3. Exploiting any vulnerabilities and gaining access

Types of web server attacks

There are many attacks that can be used to compromise web servers.

Web Server Hacking 3

1. Website Defacement:

As you have read earlier, website defacement is the changing of the visual elements of a webpage (most probably, index page) to display a message or simply as nuisance.

2. Misconfiguration attack:

Sometimes, hackers can exploit misconfigurations in the configuration of a web server to hack web servers (For example, use of default credentials or using default setting).

3. DNS Server Hijacking:

A DNS server resolves hostnames to its IP addresses. If the DNS server is breached, hackers can lead genuine users or visitors of a website to a fake website.

4. Web Cache poisoning attack:

The temporary web cache can be poisoned with malicious entries to lure victims to a malicious url.

5. FTP brute force attack:

Many web servers use FTP service to upload files to the web server. If hackers can brute force the credentials of the FTP server, he can upload malicious files to by webserver. Learn more about FTP hacking.

5. SSH brute force attack:

Similarly, if the SSH credentials the web server as compromised, attackers can take control of the entire web server.

6. File upload attack

7. Directory traversal / LFI attack

8. Cross-site scripting (XSS) attack

9. CSRF attack

10. Command Injection attack

11. SQL injection attack

12. Phishing attack

13. Password cracking attack

14. Session Hijacking attack

15. Packet sniffing attack

16. Server side request forgery (SSRF) attack

17. Buffer overflow attack

18. DoS / DDoS attack

Impact of a web server hacking

Compromise of a web server can have many affects. Most important of them are,

1. Data breach and Data theft:

Compromise of a website can result in a data breach and data theft.

2. Leak of sensitive information:

Sometimes, a web server compromise can leak sensitive information about a company or organization.

3. Website defacement:

Every website has an index page that is the page that loads when you visit a website. When hackers change the index page and replace it with another page, it is known as website defacement.

4. Secondary attacks:

Once a web server is compromised, it can be used by hackers for other malicious purposes like hosting malware, to perform a DDoS attack or using it as a proxy to perform attacks on other websites.

Posted on by

Complete guide to security technologies

Hello, aspiring Ethical Hackers. In this blogpost, you will learn about different security technologies that are used in an organization to protect the network against cyber-attacks. Various devices and software come into play while protecting the organization from a variety of threats. Let’s learn about each of them.

Types of security technologies

1. Firewall:

A firewall is the most common defensive measure that is used in organizations against cyber attacks. It can be considered the first layer of defense against hackers. Just as its name implies, it works as a wall between two networks thus preventing malicious traffic from entering the network of the organization. Learn more about firewalls here.

2. Anti-Malware:

In one of our previous articles, you learnt about virus and malware. Anti virus protects the computers and other devices in the network from this malicious software. Learn more about Antivirus.

3. Intrusion Detection System (IDS):

An Intrusion Detection System (IDS) monitors the entire traffic of the network and as soon as it sees any traffic that it considers malicious, it raises an alert. Learn more about IDS.

4. Intrusion Prevention System (IPS):

An Intrusion Prevention System (IPS) is one step above IDS. It performs the functions just like an IDS, but whenever it detects malicious traffic, it tries to prevent the connection by dropping the packets. Learn more about Intrusion Prevention System (IPS).

5. Endpoint Detection & Response (EDR):

Endpoint Detection and Response is used to monitor end user devices on the network for malware and acts against them if needed.

6. Honeypot:

Sometimes, organizations need to understand what hackers would be interested in once they are in their network. A honeypot serves this purpose. A honeypot acts as a juicy target and attracts towards thus preventing them from hacking anything in the original network. A honeypot designed with a lot of vulnerabilities that can keep the hackers constantly interested. Learn more about honeypots.

7. Demilitarized Zone (DMZ):

A demilitarized zone is a network used to add an external layer of security to the organization’s network. Usually placed at the perimeter, it has access to the external network. It usually contains an external facing service.

8. Data-Loss Prevention (DLP):

Data Loss Prevention (DLP) ensures that no confidential data is being sent out of the organization’s network. Confidential data refers to data that once exposed to the internet can harm the security of the network.

9. Security Incident & Event manager (SIEM):

A security Incident & Event Manager raises an alert if it detects any malicious activity. That’s all about the various security technologies.

Posted on by

Session Hijacking for beginners

Hello aspiring Ethical Hackers. In this blogpost, you will learn about session hijacking. In March 2023, the YouTube channel of youtuber Linus Sebastian was hacked. Hackers deleted all his videos and uploaded a few videos on crypto currency. It was later discovered that hackers used session hijacking to gain access to Linus Sebastian YouTube channel. With the advent of passkeys, biometric and password less authentication, hackers are finding it difficult to grab credentials using password cracking. So, they are increasingly turning their attention towards session hijacking. What is session hijacking? To understand that you need to first understand what a session is.

What is a Session?

Session Hijacking 1

You login into a number of websites daily. You should have noticed that you don’t have to login again and again into some of the websites. I mean you are kept in logged in state on a website and you don’t have to enter your username and password again and again.

How is this possible? Well, HTTP & HTTPS are itself stateless and hence sessions are used by almost all the webservers to keep the user logged in and track him. A session is assigned as soon as user logs in and it is kept active for a particular period of time or until the user decides to log out.

What is a Session ID?

These active sessions are tracked using piece of text called a Session ID. Usually Session ID is included as part of a cookie.

What is Session Hijacking?

A session hijacking or cookie hijacking is the stealing of a session by whatever means. Once a hacker steals a session, he can perform all actions a legitimate user of that account can perform. No need to crack passwords anymore.

Session Hijacking 2

Types of Session Hijacking

Session Hijacking 3

1. Session Fixation:

In a Session fixation attack, the attacker tries to fix the session ID for another user. This is only possible if the webserver accepts Session ID’s from URL.

2. Session sniffing:

In packet sniffing and password sniffing, you learnt how hackers can sniff the data in transit. Not just these, even session IDs can be sniffed using any packet sniffer like Wireshark, tcpdump, Ettercap, dsniff, kismet and driftnet etc. This is done by sniffing on cookies if they are being transmitted without any encryption as they contain the session IDs.

Session Hijacking 4

3. Cross Site Scripting (XSS):

In our previous article you learnt about Cross Site Scripting. Hackers can also use it to steal a session ID.

4. Malware:

Hackers can install session hijacking malware on the victim’s computer and steal the session ID. Learn more about malware.

5. Brute forcing:

Not just credentials, even session ID’s can be brute forced by hackers. However, they need to have some knowledge about the structure of the session ID before attempting brute force.

Posted on by

Beginners guide to DoS attack

Hello, aspiring ethical hackers. In this blogpost you will learn about DoS attack. In April 2007, the government services, financial institutions and various media outlets of Estonia, a nation in eastern Europe were hit with a massive Denial of service attacks. The attack that almost crippled Estonia (almost all services of Estonia are based only online) coincided with the relocation of “Bronze soldier of Tallinn” a world war II monument which Russia objected to.

What is DoS attack?

DoS or Denial-of-Service attack is an attack that makes a website, service, network or software inaccessible to legitimate users. For example, imagine you are a user of Gmail. When you are trying to access Gmail to check an important mail sent from your office, you are unable to reach the servers of Gmail as there is a DoS attack on Gmail servers.

Types of DoS attacks

DoS attacks can be classified into three types. They are Volumetric attacks, Protocol attacks and Application layer attacks.

DOS Attack 1

Volumetric attacks

In volumetric attacks, the bandwidth of the target network or service is exhausted, thus denying any legitimate users access to bandwidth. The magnitude of the attack is measured in bits-per-second (bps). Examples of these types of attacks are Ping of Death attack, UDP Flood attack, ICMP flood attack and Smurf attack.

1. Ping Of Death attack:

According to RFC791 IP, the maximum size of the packet should not exceed 65,535 bytes. In the Ping of Death attack, an attacker sends an oversized packet of size more than the prescribed limit with a ping request. (For example, a packet of size 65,550 bytes). The target system may crash while trying to reassemble this packet.

DOS Attack 2

2. UDP Flood attack:

In this type of attack, an attacker sends a number of spoofed UDP packets to random ports of the target system. Target server tries to check for these applications (some of which are nonexistent) repeatedly. This causes exhaustion of the bandwidth in use thus replying to legitimate connections with a ICMP destination unreachable message.

3. ICMP Flood attack:

In the ICMP flood attack, the attacker sends a large volume of ICMP request (ping) messages to the target server either from a single IP or multiple IP addresses. The target server is bound to reply to these packets with a ICMP echo reply message thus exhausting the bandwidth.

DOS Attack 3

4. Smurf attack:

In a smurf attack, the attacker sends ICMP echo request message to the broadcast network address spoofing the IP address of the target server. This makes all the devices in the network to reply to this echo request message with a echo reply message. Since the address of the target server is used in the echo request message, all the devices reply with this IP thus, making the target server inaccessible to the legitimate users.

Protocol attacks

In this type of DoS attacks, instead of exhausting the bandwidth, attackers try to exhaust resources available on the target network or website thus making it inaccessible to the legitimate users. Examples of these DoS attacks are SYN Flood attack, ACK Flood attack, TCP connection flood attack, Fragmentation attack and RST attack. This DoS attack is measured in Packets-per-second (pps).

1. SYN Flood attack:

In our blogpost on port scanning techniques, you learnt about the 3-way handshake.

Port Scanning Techniques 2

In this attack, attackers exploit this 3-way handshake. How? The attacker sends multiple TCP SYN requests to the target server. When the target server responds to these SYN requests with a SYN/ACK packet, the attacker never sends a ACK message in response. This creates a partially open connection. By default, the target server or machines should track a partially opened connection for 75 seconds.

DOS Attack 4

This is known as SYN flood. In these 75 seconds, the attacker can send large volume of SYN requests thus overloading the target system which eventually makes it inaccessible to the legitimate users.

2. Fragmentation attack:

Network or IP layer of OSI model allows packet fragmentation in order to overcome the problem of any higher-level protocol creating a packet larger than the size any particular local network supports. Attackers exploit this feature to send a large number (1500+bytes) of fragmented packets to the target server. The size of each fragment is usually reduced and small packet rate is used. This forces the target server to utilize a large number of resources to reassemble these fragmented packets thus causing DoS attack.

Application Layer attacks

In this type of DoS attacks, attackers exploit any vulnerabilities in the target server to prevent its access to the legitimate users. These vulnerabilities include cross site scripting, CSRF, File upload but most probably a Buffer overflow vulnerability. The magnitude of this attack is measured in requests-per-second (rps). Examples of this attacks include HTTP flood attacks and Slowloris attack.

1. HTTP GET/POST attack:

Browsers connect to the web server using HTTP requests. These requests can be either HTTP GET or HTTP POST. In this type of attack, attackers exploit these requests to perform DoS attacks.

In a HTTP GET DoS attack, attackers use time delayed HTTP headers to exhaust resources of webserver whereas in HTTP POST DoS attack the attacker sends HTTP requests with complete headers and without a message body or an incomplete message body.