All about Computer & Hacking |
- Wordpress Mass Defacement Tool
- How Hackers Are Hacking Into Websites On Shared Hosts - Symlink Bypass Explained
- How To Secure Your Wordpress Blogs?
| Wordpress Mass Defacement Tool Posted: 13 Dec 2012 12:47 AM PST  Wordpress as being one the widely used CMS platform is one the favorite target of hackers now a days along with WHMCS, Instead of directly targeting wordpress fucntionalities and vulnerable plugins, it has been observed that the hackers are targeting a vulnerable website on the same server and using it they are able to bypass server restrictions in order to get the configuration file and hence hacking in to the wordpress. This method is commonly known as Symlink Bypassing in Black Hat World and server bypassing in White hat community. Now it's a difficult task for an attacker to manually connect to the database and then manually replace the index file of worpdress for a successful defacement. Therefore hackers use Mass defacers. These are tools used by hackers to change the index files of all the websites present on the server with their own defacement page, This usually happens when the hacker has root level access on the server. Recently, The admin of Team Root "Mauritania Attacker" mailed me his tool for the review, Which can be used by attackers to deface all the wordpress websites present on the same server. How Does It Work? For this tool to work the only requirement would be that the server is vulnerable to symlink bypass, This tool will automatically symlink all the wordpress websites on the server and replace their indexes with the page you will provide (.html or .PHP). How To Use It? The usage is extremely simple and i really don't see purpose of creating a tutorial, however this blog is mostly read by newbies, So I will add some screen shots. Requirements 1. Shell On The Server 2. The shell should not be secured from Symlink Bypassing. 3. Wordpress Mass Defacement Tool Once you have completed all the above requirements, Just upload the Mass Defacement tool to the webserver, it will look some thing like this, Now replace the contents of index url with your own defacement page.  Next you will see the results for the websites, yo have been able to deface:   And finally you can view the list of all the websites, you were able to deface:  How To Protect Your Self? In order to protect your website from being defaced, All you need to do is to change the permissions of your index files to 400. So no one will be able to change them, however if an attacker has root level access on the server, there is no way of protecting your website, since the attacker can manually change the permissions.  | |||||
| How Hackers Are Hacking Into Websites On Shared Hosts - Symlink Bypass Explained Posted: 13 Dec 2012 12:35 AM PST  What Is Symlink Bypass? Well, I would not like to go into much detail. However for your understanding all you need to know is that symlink is a method to refrence other files and folders on linux. Just like a shortcut in windows. Symlink is necessary in order to make linux work faster. However symlink bypassing is a method which is used to access folders on a server which the user isn't permitted. For example the home directory can only be accessed by a root level user. However with symlink bypass you can touch files inside home directory. Step 1 - The hackers searches for a vunerable website on a server. A hacker can get list of domains on a webserver by doing a reverse iP lookup. Step 2 - Next the hacker hacks into any vulnerable website on the server and upload a PHP shell.  Step 3 - The above picture demonstrates two files one named .htacess and the second named jaugar.izri being uploaded to the server. Here is what Jaugar.izri looks like when it's made public by adding 0755 permissions.  Step 4 - The hacker connects to the izri script and then gives the following commands mkdir 1111 cd 1111 ln -s / root ls -la /etc/valiases/(site.com) The first command creates a directory named 1111(Mkdir 1111). The next command navigates to the directory(cd 1111). The third command creates the symlink of the root. The fourth command will extract the user name of the website you put in place of site.com. The target website is entered in ls - la /etc/valiases/site.com.        The above screenshot explains the whole story. The hacker then navigates to the "1111" directory and the configuration file of the target website is created there. The hacker downloads the configuration files and uses the information to access the database and there he can make any changes. How To Be Protected? There is nothing much you can do it on your end, else then renaming your config and moving it to a safer place. If you are worried about your website's security, Feel free to contact me.  | |||||
| How To Secure Your Wordpress Blogs? Posted: 13 Dec 2012 12:35 AM PST After a long time i am going to show you how to secure Wordpress blogs from haclers. Hackers are the person like you and us but the only difference is that they use their skills for the negative and destructive purposes, they use their skills to break a website, they normally destroy all the stuff's, so if you are a admin of a website you should care about the security of the website. As you know that the wordpress is a common and most popular plate form for blogging, but the security of the wordpress is always a hot discussion and it need more and more concentration because vulnerability discover everyday. Below are some tips to make your blog secure: Secure WP-Admin By IP Let suppose if someone can get the ability(username & Password) to enter into your website WP section, you can restrict this area by your IP. It prevent brute forcing attack and only you can able to control on your website because of IP restriction. Order deny,allow Deny from All Allow from 123.456.789.0 You can allow and deny IP's from a range use this: order deny,allow deny from all # allow my home IP address allow from XX.XX.XXX.XXX # allow my work IP address allow from XX.XX.XXX.XXX Protect WP-Config.php File WP-Config.php file has a great importance on wordpress plate form, it need more care and usually an attacker get the required information about the database of your website from WP-Config file. Basically if you use a strong database user-name and password while your WP-Config security is low than an attacker can get your strong user-name and password from wp-config file, because it contain all the information about the security and other things of your website. Access .htaccess file is located at the root your WordPress installation open it and paste the following code. order allow,deny deny from all Hide WordPress Version Number You must hide the version of your wordpress because an attacker may find the available exploit by searching it on different exploit database by version number and it may cause a great harm for your blog so be care about it. This tag is in the header.php file that displays your current version of wordpress Copy and paste the code in the functions.php file of your theme and than you are done. remove_action('wp_head', 'wp_generator'); Remove Error Message From Login Screen This is your clever move to remove the error message that an attacker would not able to see if the user-name and password incorrect, update your function.php by this code. add_filter('login_errors',create_function('$a', \"return null;\")); Some Other Security Tips Use your mind because mind is an essential part to secure yourself on the jungle of web.
 |
| You are subscribed to email updates from Learn How to hack – Ethical Hacking and security tips To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google Inc., 20 West Kinzie, Chicago IL USA 60610 | |
Niciun comentariu:
Trimiteți un comentariu