Recovering Data

Hellow Guys :)

Today i am going to make your life pretty much easier by teaching new techniques.We call this as forensic.Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law.
What i am going to cover in this section is how to create USB drive image file with data.The most interesting part of this section is that data had being deleted and our target is recover that delete data.
For this we use .dd format for create USB drive image

This is the screenshots for that
                                       step 01 - you have to format USB without quick format option.

step 02- delete what you have created before

Step 03-Select physical drive and click next

Step 04-Now select target drive

Step 05-Select your image format

Step 06 - Fill the evidence  information

Step 07 - Give save location 

Step 08 - Click start for creating image process

Step 09 -Finally you have these kind of files

Step 10 -Start the recovering software 'Autopsy'(you can use any recovering software)

Step 11- You can get the all deleted file in here

Step 12-Select the file what you want and R.click and click extract here.

Step 13- Finally you got the doc with data

Thankyou.......

About Facebook

Facebook is a very popular social networking site, but there are a number of security issues with the site that can put you at serious risk if you aren't careful. The number of Facebook account hackings seem to be on the increase and this page is in response to a friend who asked what to do after her account got hacked.

While any online account is in danger of being hacked, Facebook has unique features that make this danger even more likely. For one thing, it is very common to post personal information which can be used to steal your identity. But the significant danger is because it is so easy to run malicious programs that can hack your account. In particular, be very careful using any application that asks to access your profile.

Keep in mind that if your account is compromised, not only is your personal information exposed, but the personal information of all your friends as well. So, even if you don't have anything sensitive in your profile information, your friends might. Every time you take one of those quizzes on Facebook, you are risking your information and that of your friends.

Facebook Profile Hacking Techniques.

1. Phishing

Phishing is still the most popular attack vector used for hacking Facebook accounts. There are variety methods to carry out phishing attack. In a simple phishing attacks a hacker creates a fake log in page which exactly looks like the real Facebook page and then asks the victim to log in. Once the victim log in through the fake page the, the victims "Email Address" and "Password" is stored in to a text file, and the hacker then downloads the text file and gets his hands on the victims credentials.

2. Keylogging

Keylogging is the easiest way to hack a Facebook password. Keylogging sometimes can be so dangerous that even a person with good knowledge of computers can fall for it. A Keylogger is basically a small program which, once is installed on victim's computer, will record everything victim types on his/her computer. The logs are then send back to the attacker by either FTP or directly to hackers email address.

3. Stealer's

Almost 80% percent people use stored passwords in their browser to access the Facebook. This is quite convenient, but can sometimes be extremely dangerous. Stealer's are software's specially designed to capture the saved passwords stored in the victims Internet browser.

4. Session Hijacking

Session Hijacking can be often very dangerous if you are accessing Facebook on a http (unsecure) connection. In Session Hijacking attack, a hacker steals the victim’s browser cookie which is used to authenticate the user on a website, and use it to access the victims account. Session hijacking is widely used on LAN, and Wi-Fi connections.

5. SidejackingwithFiresheep

Sidejacking attack went common in late 2010, however it's still popular now a days. Firesheep is widely used to carry out sidejacking attacks. Firesheep only works when the attacker and victim is on the same Wi-Fi network. A sidejacking attack is basically another name for http session hijacking, but it's more targeted towards Wi-Fi users.

6. Mobile Phone Hacking

Millions of Facebook users access Facebook through their mobile phones. In case the hacker can gain access to the victim’s mobile phone then he can probably gain access to his/her Facebook account. There are a lots of Mobile Spying software's used to monitor a Cellphone. The most popular Mobile Phone Spying software's are: Mobile Spy, and Spy Phone Gold.

7. DNS Spoofing

If both the victim and attacker are on the same network, an attacker can use a DNS spoofing attack and change the original Facebook page to his own fake page and hence can get access to victims Facebook account.

8. USB Hacking

If an attacker has physical access to your computer, he could just insert a USB programmed with a function to automatically extract saved passwords in the Internet browser.

9. Man in the Middle Attacks

If the victim and attacker are on the same LAN and on a switch based network, a hacker can place himself between the client and the server, or he could act as a default gateway and hence capturing all the traffic in between.

10. Botnets

Botnets are not commonly used for hacking Facebook accounts, because of its high setup costs. They are used to carry more advanced attacks. A Botnet is basically a collection of compromised computer. The infection process is same as the key logging, however a Botnet gives you additional options for carrying out attacks with the compromised computer. Some of the most popular Botnets include Spyeye and Zeus.

How A Hacked Facebook Account Can Affect Your Privacy And Security.

1.       Data mine for mobile numbers and e-mail addresses on account profiles.

2.       Use Photos of your friends and the data obtained from their accounts to set up more fake profiles.

3.       Collect personal data of your friends to be used for phishing attempts.

4.       Identity theft.

5.       Install rouge Facebook applications and send spam and scam links to all of the friends in your old account.

6.       Monitor status updates of friends and their check – ins to know when they are and when they are not at home.

7.       Privacy settings revert to a less safe default mode after each redesign.

8.       Your real friends unknowingly make you vulnerable.

9.       Scammers can create fake profiles.

Note: -Depending on the skills of the oppressor, there are many more things a professional cyber-criminal could devise.

What To Do When Facebook Account Is Hacked.

1.       Recover Hacked Facebook Account.

The first thing to do when you realize your account has been hacked, report your Facebook account is hacked. You will be presented with a dialog box that asks you if you wish to report a hacked account.

2.       Set Up Login Approval

When you turn on login approval, Facebook sends a code to your phone when someone tries to access it from an unknown device for the first time. For example, if you got a new network and you log into Facebook account (where the IP address is different), you will receive a message saying a code has been sent to your phone that is registered with Facebook. You will be asked to type in the code – displayed in the text message in your phone – before you can gain access to your Facebook Account. This two-step authentication method will further secure your Facebook account. You can activate Login Approvals from Security tab of Account Settings.

3.       Cleanup Facebook Account

Soon after you log into the Facebook account, you need to undo the changes the hacker might have done to your account. To check the activities, go to your profile timeline and see if anything has been posted on your timeline or on your friends’ timeline from your profile.

You may also want to check out the messages folder to see if the hacker sent any messages on your behalf. If the hacker did send messages to people, you should send messages to the same people telling them about the account being compromised and apologizing for the inconvenience the messages might have caused to them.

4.       Cleanup Authorized Apps

One of the most common methods how Facebook account gets hacked is the apps we authorize for using our Facebook account. Go to Account Settings and click on Apps. This will open the view where you can check out all the apps you have authorized for using data from your Facebook account.

If you find any app that you do not recognize, remove it from Facebook by clicking on the X button available towards the right. You may also want to clean up the apps view by removing the apps that you no longer use.

B/R
Pamoda P.Perera

Vulnerable OS - Windows 2000

Key Tool Used:-  nmap

                               DB exploit

                               Nessus

Turn on the windows 2000 and kali linux on a virtual environment.

1).find the IP address of win2000 machine

Run->cmd

Type ipconfig

2).find the IP address of kali linux

Run->cmd

Type ifconfig

And

Start Nessus

3) So for our first scan we have to go to the Scan Templates tab

Select new scan.(using Nessus tool)

4) If you go to the Result tab you in there you can see the scan populate in real time ;The vulnerabilities are broken down into categories related to the severity of the vulnerability

Purple-critical

Red-High

Orange-Medium

Green-low

Grey-Information

5) This report will shows vulnerabilities that can be exploited.

Now we can exploit the vulnerabilities

To start metasploit open a terminal, start by initializing the database and the web server.

Vulnerabilities

•      MS06-040

    Now I’m in msfconsole now I can search vulnerability to exploit the windows server.

We are in; I got the screen shot in windows server 2000 using this vulnerability

•  MS03-026:Microsoft RPC Interface Buffer Overrun(823980)

• MS04-011 Security update for Microsoft windows (835732)

Thankyou!

If any concern you are feel free to comment :)

B/R

Pamoda P. Perera

Hunt Facebook password with Kali Linux

Hi guys:)

Today I am going to illustrate how to get facebook password using Kali Linux.First of all I want you to know what is Kali Linux.Otherwise you may be messed up with these substances .

Kali Linux is Linux distribution focused to use penetration testing and security auditing.Kali contains many number of tools which are mainly focusing in information security tasks,Penetration testing,Security Research,Computer forensics and reverse engineering.

Kali Linux includes these tools as information gathering.

• Nmap
• Aircrack-ng
• Kismet
• Wireshark
• Metasploit Framework
• Burp suite
• Jorhn the Ripper
• Social Engenering Toolkit
• Maltego
• Ettercrap
• OWASP ZAP

Here onwards  I am going to discuss Social Engineering Toolkit to access facebook password .First of all you have to download VM ware and install Kali Linux according to your machine performance.

Then run your VMware and open Kali Linux .Click ->Applications->Social Engineering Tools->Social Engineering.

Now your terminal shows some option and hit 1.(Social Engineering Attacks)

   

Then hit option 2(website Attack Vectors)

Then again hit 3(Credential Harvester Attack Method)

Then again hit 2(Site Cloner)

Now there you have to add IP address of VM.Open new terminal and type ifconfig to get IP address.copy that IP and paste it.

In here type any website link which you want to clone ;as an example www.gmail.com or www.facebook.com

Now open your web browser and type that copied ip address in url.

Type your email address and password ,then it redirects to the original web site.

 

After inserting your email and password it goes to var/www/html folder to see that stolen pw.

Open harvester_.....txt file to see your credentials.

Whoa!!! you got the credentials :)

 Finally you reached your goal by hacking credentials.But the critical cause is not this,but preventing such kind of attacks.An attacker can create these kind of login form as legitimate web form and  book mark this page on his browser.Suddenly he asked us to login that web page by using  his browser. In that cause we do carefully check that url whether it comes from bogus site or not.

If any doubt you are feel free to comment here.

Thanku,

B/R

Pamoda P. Perera

OAuth 2.0 Learn

Everyone nowadays deal with internet.By going through it you have to create some accounts for some sites to access there resources. Finally you come up with lots of different accounts and passwords.On regarding that point i want to ask question from you...How you memorize these passwords?I know that it is very difficult work for you to do.

No worries,modern websites make use of the OAuth protocol [1] with the concepts of “Identity Federation” and “Delegated Authorization”. For example, the website you need to create an account may provide the facility to login with an existing account in a different Identity Provider such as Facebook, Twitter or LinkedIn so you don’t need to create a new account and also remember your credentials.

what i want to say is Facebook Apps......when you here that what comes to your mind,surely the post which you share couple weeks ago.ah ha what is about?prediction about you new job?or how your weeding dress looks like?mmmmm catch it?In this article you are going learn how to create such kind of app using OAth protocol.

First i need this below diagram to explain how this OAuth protocol happen.


 

 Registering the Client App in Facebook Developer Website


First step is to create an application in the developer account on Facebook. Visit https://developers.facebook.com/ and add a new application.

First got to Login button which in top right corner.

If it ask to provide password supply it register.

Go to "My Apps" on top right corner and select add new app.
This window will pop up. Enter required details and click "create App ID".

Once your app is created, associate “Facebook Login” with it.Under "Add product"

You will see this area. In here you have to provide redirect URL in valid OAuth redirect URLs.
Facebook will send all his responses to this URL.

In "settings" provide a App Domain and a Website URL. To provide a Website you have to click on "+ Platform" and then click on website.

In Dashboard you can see your app's App ID and App secret.

Now let's see how to use these values ( Redirection point URL, App ID, App secret ) to get resources from Facebook.

Obtain Authorization code from Facebook

For this we have to prepare the URL. This URL contains for elements.When we put these elements together all should be encoded using a URL encoding method. Parameter name, value and encoded value is given below.

1. response_type.
Code
Code

2. client_id
1322495584465273
1322495584465273

3. redirect_uri
http://localhost/toko/

http%3A%2F%2Flocalhost%2Ftoko%2F

4. scope
public_profile user_posts user_friends user_photos
public_profile%20user_posts%20user_friends%20user_photos

Ler's combine these values and make the URL.

https://www.facebook.com/dialog/oauth?response_type=code&client_id=1322495584465273&redirect_uri=http%3A%2F%2Flocalhost%2Ftoko%2F&scope=public_profile%20user_posts%20user_friends%20user_photos

Once you login, it will show the following popup. We call this as the “User Consent Page” in OAuth terminology. In there, it will show what are the resources from the user account that this external app would be able to access on behalf of you.

Since you are the owner of this App you don't have to worry about privacy. Click on continue.;
This page will appear.

This page appear because for real you don't have a project which supports http://localhost/toko/.
But check the URL. You can see authorization code is sent to you from Facebook. (highlighted)

http://localhost/toko/?code=AQA1Pq4xatyaqrGBiDiQTygen5i7U0wNFGqZVhWhmW0Q1yJH8C_P1muVw8luKm08dLt-ssYoaWWwwyEKXUMLebziVE6IRGP8szjzV7lqEWGilOcq0bsy3tU_SSpWsOQavxDHfV4ahjiR1i8zjvcJHoHpgh5UCZuGnqxkOPu9WYbguI0IeNZzj7SvmYKm9T1Wzu9lyQrsGAGu2LMUgIkr_A8V2_s9q_lPGLU67OKGw5XqAuURP6tqBCjHnoGoe-Kui0fu3TxuP9JZGzjZFAMmUKd-eAEcgDe_xiOPItCBzu9amjTLfR9rsI946TXxrK8fMl1xLDPcpOxW3qpoDI8QzHyV#_=_


Obtain access token

To obtain access token we have to have four parameters.
1. grant_type
Authorization_code

2. client_id
1322495584465273

3. redirect_uri
http://localhost/toko/

4. code

AQA1Pq4xatyaqrGBiDiQTygen5i7U0wNFGqZVhWhmW0Q1yJH8C_P1muVw8luKm08dLt-ssYoaWWwwyEKXUMLebziVE6IRGP8szjzV7lqEWGilOcq0bsy3tU_SSpWsOQavxDHfV4ahjiR1i8zjvcJHoHpgh5UCZuGnqxkOPu9WYbguI0IeNZzj7SvmYKm9T1Wzu9lyQrsGAGu2LMUgIkr_A8V2_s9q_lPGLU67OKGw5XqAuURP6tqBCjHnoGoe-Kui0fu3TxuP9JZGzjZFAMmUKd-eAEcgDe_xiOPItCBzu9amjTLfR9rsI946TXxrK8fMl1xLDPcpOxW3qpoDI8QzHyV#_=_

In the HTTP Headers, I need to add the Authorization header with the App credentials. For that I can prepare the value like this.

App ID = 183994178774345
App Secret = dc321ebea29283cd4092b6b476ccadbd

AppID:AppSecret = 183994178774345:dc321ebea29283cd4092b6b476ccadbd
Base64(AppID:AppSecret) = MTgzOTk0MTc4Nzc0MzQ1OmRjMzIxZWJlYTI5MjgzY2Q0MDkyYjZiNDc2Y2NhZGJk

So, I can add the header as following.

Authorization:MTMyMjQ5NTU4NDQ2NTI3MzpiYmVhNzUxY2EwMWZkNGUwMTQ2NjA3Y2RjOWRlZTI3ZQ==

                        


Now let's see how to implement an app which can retrieve these information and output to the user.
I used php to develop this app.
Github link - https://github.com/pamoda-perera/OAuth

You have to have Facebook SDK v5 for PHP. (You don't have to download this. I have added in it my project. Check folder "facebook" in my project folder)
https://developers.facebook.com/docs/reference/php

 

index.php

If your app does not have that permission provide this instead of $permissions = ['email']; in both i.php and index.php files

$permissions = array("email","user_friends");
Otherwise you will not get lover's name.



i.php

see finally ruining this on localhost/fb .You can come up with this page

Hope you all are got something from this,make sure to try this.Have a nice day..    :D

Thank you,

Pamoda P. Perera