Saturday, 24 May 2014

How to remotely hijack into an account at an open Wi-Fi

Firesheep, the Firefox add-on designed to show the security holes in sites that don't use encryption for all their traffic, works as advertised.
All I had to do was download and install the add-on, open the Firesheep sidebar and click "Start Capturing." When any account appeared on the list, I double-clicked on it. Once I made sure that I wasn't logged into the same site myself with my own account, many accounts appeared in my browser.
Happily, I couldn't change anyone's account information without knowing their password. But I could see all her friends, read her private messages and even issue a status update that went to all her friends,.
I was also alarmed to see my own accounts showing up. I hadn't remembered that I'd left my work laptop logged into my Twitter account, but there was my Twitter profile popping up on the Firesheep sidebar when I surfed to Google to do a search.
So here's what I'm doing about Firesheep. Even though I'm not interested in seizing control of strangers' accounts, I'm keeping Firesheep loaded on my system and firing it up whenever I'm using public Wi-Fi: to make sure none of my own accounts pop up. Firesheep has been downloaded hundreds of thousands of times. I can't count on the fact that I'm the only one on the network who knows about it.

Fixes

  • Force your browser to switch to TLS and SSL whenever available.
  • Always log out.
  • Subscribe to VPN's which will protect you from this sidejacking.



Wednesday, 12 March 2014

How to Hack Your Cable Modem to Increase Download and Upload Speed

Hello, my little hackers! Today we will teach you how to hack Your cable modem to increase speed. So, lets start.
Firstly, this is very, very illegal. Try this if you don't fear prosecution and know that you will be uncaught.

All the cable modems, when they boot up they will search for an "Image" file where-in all configuration such as speed limit and download speed limit is defined. This file is stored in ISP's TFTP server. Modem will be pre-configured with the ISP's TFTP server, IP address and the Image file name to be downloaded. When the modem boots up, it queries the TFTP server and downloads the "Image" file from TFTP server and according to this this our speed limits will be set.

Our Mission:

Get this Image file from ISP`s TFTP server, reconfigure it according to our need and force our modem to download this file from our Computer rather than downloading it from our ISP`s TFTP server.

Steps:

  1. Get cable modem's MAC addressYou can either look at the back of the modem to get this MAC Address or you can logon to your cable modem with your browser, http://192.168.100.1/ . This is internal HTML pages stored within your DOCsis cable modem (SB5100, SB4100 and SB3100) that gives you even more vital information on configuration unless it is turned off by your ISP. This feature might be totally turned off by your ISP. 
  2. Get your ISP's TFTP server IP address.
  3. Get name and path of the configuration file or Image file stored in the ISP's TFTP  serverFor getting this vital information you have to do an SNMP walk over your modem. For doing this you can use any one of the tools below. There's a program called QUERY.EXE from Weird Solutions which is a BOOTP packet request program that will tell you everything you need to know, without all these extra steps. It will display the Image Filename, TFTP server address, which is really all you need to get started. To use this BOOTP QUERY tool, you need the MAC address of your cable modem  You can download this from http://www.weird-solutions.com/_bin/bootpq.exe or Solarwinds SNMP program, http://www3.solarwinds.net/downloads/SolarWinds-EE-V7-Eval.exe or DOCSIS Diagnosis Utility, http://homepage.ntlworld.com/robin.d.h.walker/docsdiag/docsdiag.zip or SNMPWALK Tool from http://www.bradford-sw.com/board/board.cgi?id=BSI_Tools&action=download&gul=13
Use command > snmpwalk 192.168.100.1 public
NOTE: Use modem's IP address as 192.168.100.1 (SB5100, SB4100 and SB3100) when it asked to provide by any of the above tools. SNMP community is Public.
Using the above tools you will get the information of your ISP`s TFTP server IP and the name of your "Image file" stored in that TFTP server.All your vital information is stored in this file, one of which is the MaxRateDown 2621440;MaxRateUp 393216. (This was my ISP settings which you can see is similar to what speed I was getting. 40KB/s up and 250 KB/s down.)
Among these, the ones we need are:Configuration TFTP Server = 194.*.*..90 (replace this with yours throughout in the doc)Configuration filename = isrr.bin (replace this with yours throughout in the doc)andIP fragments created = 0IP address.10.xxx.xxx.xxx = 10.xxx.xxx.xxxIP address.192.168.100.1 = 192.168.100.1 (the IP address of the cable modem, (replace this with yours throughout in the doc)IP-to-If-index.10.xxx.xxx.xxx = 2
Suggestion: You can do this step by sniffing the modem i.e. 192.168.100.1 when modem boots up. I never tried this method. Try your luck.


   4.   Download Image file from ISP`s TFTP server -
To do this go to your command prompt and use below commands with out quotes and bracket.

C:\tftp -i <ISP's TFTP server IP> GET <Image filename> <local filename>
Okay, now you have an "Image" file from your ISP's TFTP server.

  5.   Decrypt the Image file which you downloaded from ISP's TFTP server. 

  6.   Modify the Image file.  
  7.   Encrypt the modified Image file.
Use DOCsis tool which you can download from 
http://sourceforge.net/projects/docsis
using this program you can decrypt image file change the upload speed and download speed, save it and encrypt it back. Rename this newly created file same as your original image file.

 8.   Change your computer's TCP configuration to your ISP's TFTP server (i.e. IP address same as ISP's TFTP server) -
Go to My Network Place (or whatever network panel you have) and 

Right-click > Properties.Select your LAN card. Right-click > Properties > Internet Protocol (TCP/IP). Double click on it and change it to as following valuesConfigure your TPC's TCP settings as below:IP: 194.*.*.90 (replace with the ISP's TFTP server)Netmask: 255.255.255.0Gateway: 192.168.100.1 (replace with your cable modem's IP address)
Note: Gateway should be 192.168.100.1 only then your modem can communicate with computer.
   
9.   Host TFTP server in your computer. 
 10.   Put Image file in the base directory of your TFTP. 
 11.   Restart your modem.
Download TFTP Server software and host TFTP server in your computerYou can download TFTP server from:ftp://ftp.ida.net/pub/wireless/tftpd32.exe
Start TFTPD32 server. Go to "Settings" and set the "Security" to None. Increase the timeout to 20secs and the "Max Retransmit" to 6. Choose to translate UNIX filenames. Make sure it's base directory points to where the isrr.bin is (i.e. the image file which you modified). If you need to replicate a directory pathname along with the image file, then make a directory from root that corresponds to the image file pathname.
Restart your modem, and AS SOON as the SEND light goes solid, you should see a receive on your TFTP server i.e. your PC.

 12.   Change your PC's IP back as given by ISP.

 13.   Done. Start surfing with your new speed. B) Like a cool guy.
Now you change your TCP settings of your PC back to normal as given by ISP (i.e. put your original IP address and gateway).

Note: This speed will remain same until you restart your cable modem. So each time you reboot your modem you have to follow the steps 8, 9, 10, 11 and 12.



Credits - Thanks you, coderman for this hack. Taken from: http://www.governmentsecurity.org/forum/topic/11252-hack-your-modem-and-increase-your-download-speed/

Friday, 7 March 2014

How to Hack a Router Remotely of the same ADSL connection as yours

Every router comes with a default username and password using which it is possible to gain access to the router settings and configure the device. Usually the routers come preconfigured from the Internet Service Provider (ISP) and hence the users do not bother to change the password later.
However this hack will only work for the same ADSL connection as yours.
This makes it possible for the attackers to gain unauthorized access to the router and modify its settings using a common set of default usernames and passwords. 
Things you'll need:
Steps:
  • Step 1: Go to whatismyipaddress.com. And find out your IP address
  • Step 2: Open Angry IP Scanner, here you will see an option called "IP Range" where you need to enter the range of IP address to scan for. Enter the IP of the router you want to take control of or just enter the range so that you can attack any alive host. Make sure that you're within your IP address range as that will ensure that the ADSL connection is the same as yours. For example if your IP is 123.145.156.234, then the range is 123.145.156.0 - 1.123.145.156.255.

  • Step 3: Go to Tools > Preferences and select the Ports tab. Under Port selection enter 80 (Port 80 is the general HTTP port). Now switch to the Display tab, select the option Hosts with open ports only and click on OK.
  • Step 4: Now click "Start". After a few minutes, the IP scanner will show a list of IPs with Port 80 open as shown in the below image:
  • Step 5: Now copy any of the IP from the list, paste it in your browser’s address bar and hit enter. A window will popup asking for username and password. Since most users do not change the passwords, it should most likely work with the default username and password. For most routers, the default Username/Password pair will be admin/admin or admin/passwordIf you do not succeed to gain access, select another IP from the list and repeat the step 5. At least 1 out of 5 IPs will have a default password and hence you will surely be able to gain access.
  • For example, I hacked this D-Link router but I didn't change any setting because I am a White Hat. My own router is a Nokia Siemens one.

The Verdict:

By gaining access to the router settings, it is possible for an attacker to modify any of the router settings which results in the malfunction. As a result the target user’s computer will be disconnected from the Internet. In the worst case the attacker can copy the ISP login details from the router to steal the Internet connection or even hijack the DNS by pointing it at a rogue DNS server. If this happens, the victim will have to reconfigure/reset the router settings in order to bring it back to normal.
If you are using an ADSL router to connect to the Internet, it is highly recommended that you immediately change your password to prevent any such attacks in the future. Who knows, you may be the next victim of such an attack. Since the configuration varies from router to router, you need to contact your ISP for details on how to change the password for your model.