Proxies used as in Scanning phase

Proxy is a term that we use, when related to computers, to describe using a third party between the user and the internet. Its simply to hide yourself from notifying to any one.

Looking at the reasons to use a proxy

  • To hide your identity or location
  • Speed, web proxies are commonly used to cache web pages from a web server
  • Saving bandwidth for downloads, in cases where more users go through the same proxy to get the same files
  • Usage logs, the proxy server keeps track of who goes where
  • Security, the server scans the content for malware

Proxies used as Scanning phase
Free Proxy Servers
Search on Google so you can use them

Socks Chain
Its a program that works through a chain of Socks or HTTP proxies to conceal the IP-address

Proxy Workbench
It is a small proxy server which resides inside the network and monitor’s connection

Proxy Manager
it connects to internet and to downloads lists of proxy servers from various websites.you will have thousands of proxy server IP address within minutes.

Happy Browser Tool
it is a malfunctional web brower with many integrated tools though this you can dynamically change proxy server while browsing the web.

Multiproxy
it uses different proxies every time you visit the internet,add thousand of proxies to the list and your firewall does not see a pattern in your traffic.

Proxies used as Scanning phase

TOR Proxy Chaining Software
Tor is a network of virtual tunnels connected together and works like a big chained proxy.It mask the identity of the orignating from the Internet.

Anonymizer

Anonymous surfing

Anonymous Surfing browser

Browzar :
With browzar you can search and surf the web without leaving any visible trace on the computer you are using.

Torpark browser
it is free ,portable , zero-install, preconfigured, and encrypted which runs on Windows

Mowser and Phonifier
Surf the web using Mowser and Phonifier, a new service that is free and converts any website into a mobile phone friendly format

There are also some way for using a proxy

  • Analog X proxy
  • NetProxy
  • proxy+
  • JAP
  • Proxy Switcher lite
  • Proxomitron
  • Google Cookies
  • SSL proxy Tool
  • HTTP Port
  • HTTP Tunnel

Hope you enjoying the learning of hacking tutorials

. Keep Visiting !!

Google Hacking

Google Hacking
Many of people are very eager to learn Google hacking. But in reality its nothing related to hacking. Google hacking is simply a using google in smart way.Its a art of finding desire information  from search engine through a specific format.

We refer it terms as  google hacking is just because of we can find very confidential information by a search engine. Using a search engine as an hackig tool which can also be says as Google hacking

Google Hacking

Google Hacking
Google Hacking

 

  • Anonymity using caches of Search engine :

Hackers can get a copy sensitive data even if plug on that pesky Web server is pulled off and they can crawl into entire website without even sending a single packet to server. If the web server does not get so much as a packet, it can not write any thing to log files so through
this there is no chance of leaving any foot print.

  • Using Google as a Proxy Server :

Google some times works as a proxy server which requires a Google translated URL and some minor URL modification

Translation URL is generated through Google’s translation service, located at www.google.com/translate_t

If URL is entered in to “Translate a web page” field, by selecting a language pair and clicking on Translate button, Google will translate contents of Web page and generate a translation URL.

  • Directory Listings :

A directory listing is a type of Web page that lists files and directories that exist on a Webvserver.It is designed such that it is to be navigated by clicking directory links, directory listings typically have a title that describes the current directory, a list of files and directories that
can be clicked.

Since directory listings offer parent directory links and allow browsing through files and folders, attacker can find sensitive data simply by locating listings and browsing through them Locating directory listings with Google is fairly straightforward as they begin with phrase “Index of,” which shows in tittle

An obvious query to find this type of page might be ” ntitle:index.of “, which can find pages with the term “index of” in the title of the document

intitle:index.of “parent directory” or intitle:index.of “namesize”

queries indeed provide directory listings by not only focusing on index.of in title but on keywords often found inside directory listings, such as parent directory, name, and size.

Google Hacking
Google Hacking

To locate “admin” directories that are accessible from directory listings, queries such as “ intitle:index.of.admin “ or ” intitle:index.of inurl:admin “ will work well, as shown in the following figure

  • Site Operator :

The site operator is absolutely invaluable during the information-gathering phase of an assessment Site search can be used to gather information about the servers and hosts that a target hosts. Using simple reduction techniques, you can quickly get an idea about a target’s online presence

Consider the simple example of site:washingtonpost.com – site:www.washingtonpost.com

This query effectively locates pages on the washingtonpost.com domain other than www.washingtonpost.com

  • Error | warning :

Error messages can reveal a great deal of information about a target Oft Often overlooked, error messages can provide insight into the application or operating system software a target is running, the architecture of the network

  • username | userid | employee.ID :

“your username is”
There are many different ways to obtain a username from a target system Even though a username is the less important half of most authentication mechanisms, it should at least be marginally protected from outsiders

Google Hacking
Google Hacking

password | passcode | “your password is”

The word password is so common on the Internet, there are over 73 million results for this one-word query. During an assessment, it is very likely that results for this query combined with a site operator will include pages that provide help to users who have forgotten their passwords
In some cases, this query will locate pages that provide policy information about the creation of a password. This type of information can be used in an intelligent-guessing or even a brute-force campaign against a password field

” inurl:temp | inurl:tmp |
inurl:backup | inurl:bak

The inurl:temp | inurl:tmp | inurl:backup | inurl:bak query, combined with the site operator, searches for temporary or backup files or
directories on a server, Although there are many possible naming conventions for temporary or backup files, this search focuses on the most common terms.Since this search uses the inurl operator, it will also locate files that contain these terms as file extensions, such as index.html.bak

Google Hacking
Google Hacking
  • Log in Page

For using a SQL injection, we have to find the log in page of website, so for this purpose we also use the search engine we giving a specific queries.

There is also  a various tool which have a large collection of specific queries for finding the desired result.And these tool is in GUI form , you can use all quieries with just click the option.And here i am not going to provide any link regarding google hacking tool, you just read about google hacking so do some Googling for the tool.

Keep Visiting

How can I browse anonymously ?? | Anonymous Surf | Web anonymizer |

Anonymous Surf
How can I browse anonymously or stay invisible online ? Is these among those questions which bother you for keeping your privacy online. Anonymizers, proxy servers, VPN and VPS are some options that can help you out. All above services are also offered as paid service but for here we will just have our look on free services. Continue reading “How can I browse anonymously ?? | Anonymous Surf | Web anonymizer |”

How to bye pass Firewall

How to bye pass Firewall

To bye pass the Firewall

you must know the firewall identification means full information about Firewall like type , version , and rules of almost every firewall on a Network.

How to bye pass Firewall
How to bye pass Firewall

These are three technique for Firewall Identification

 

  • Port scanning
  • Firewalking
  • Banner grabbing

Port Scanning (How to bye pass Firewall)

Some firewalls have obvious signatures
  • Check Point’s FireWall-1 listens on TCP ports 256, 257, 258, and 259
  • Check Point NG listens on TCP ports 18210, 18211, 18186, 18190, 18191, and 18192 as well
  • Microsoft’s Proxy Server usually listens on TCP ports 1080 and 1745

Here we are providing you , the ways by which you can conceal your Scanning

  • Randomize target ports
  • Randomize target addresses
  • Randomize source ports
  • Distributed source scans
  • Using multiple computers on the Internet, each taking a small portion of the scanning targets
These techniques will fool most IDS systems with default rules.
And here are the Countermeasure of above
  • Block unneeded ICMP packets at your border router
  • Use an Intrusion Detection System, such as Snort
  • IPPL is a Linux daemon that detects port scans (link Ch 901)
  • Cisco routers have ACL rules to block scans

Firewalking (How to bye pass Firewall)

Firewalking is a method to collect information from remote network that are behind firewalls. Firewalk Looks Through a  Firewall

How to bye pass Firewall
How to bye pass Firewall
 In above figure  , Suppose The target is Router3
We want to know which ports Router3 blocks, and which ports it allows through.
Phase 1: Hopcount Ramping
  1. First Firewalk sends out a series of packets towards the destination with TTL=1, 2, 3, …
  2. When the target (Router3) is reached, that determines the TTL for the next phase
  3. In this example, the Target is at TTL=3, so all future packets will use TTL=4

 

Phase 2: Firewalking

  1. TCP or UDP paclets are sent from the scanning host to the Destination
  2. They all have TTL=4

Firwalking Countermesure

  • You can block “ICMP TTL expired” packets at the gateway
  • But this may negatively affect its performance
  • Because legitimate clients connecting will never know what happened to their connection

Banner Grabbing

Banner are messages sent out by network services while connecting to the service.They announce which service is running on System

Banner grabbing is simple method of OS detection, its also help to find services runs by Firewall. there are three measure services send out through it is TELNET , FTP and Web Server.

Banner Grabbing Countermeasures

  • Eliminate the open port on your firewall
– A management port should not be open externally anyway
  • If you must leave the ports open on the external interface of your firewall
–Change the banner to display a legal warning reminding the offender that all attempts to connect will be logged

How to bye pass Firewall

Breaching  Firewall

Byepassing a firewall using HTTP Tunnel

Placing Backdoors through Firewall

Hiding behind a Covert channel : Loki

The above topic and tools to bye pass firewall cover in next post as How to bye pass Firewall 2