Posted on

Beginners guide to OWASP ZAP

Hello, aspiring ethical hackers. This blogpost is a complete guide to OWAS ZAP tool also known a zaproxy. OWASP ZAP stands for Zed Attack Proxy. OWASP ZAP is a widely popular web app scanner that is maintained by a volunteer. It is used by both novices in web security and professional pen testers. The features of OWASP ZAP include.

  1. Traditional & AJAX web crawler.
  2. An automated scanner.
  3. Passive Scan.
  4. Forced browsing.
  5. Fuzzer.
  6. Scripting language etc.

Let’s see how to use OWASP ZAP to scan a website. Zaproxy can be downloaded from here. OWASP ZAP is installed by default on Kali Linux. If it is not installed, it can be installed using the command shown below.

Once the installation is finished, it can be stored using the command “Zaproxy”.

Everytime it starts, it asks you whether to save the current session or not. Make your choice and click on “Start”.

This is the interface of OWASP ZAP. Let’s perform an automated scan of a website. As target, I will be using mutillidae web app installed on Metasploitable 2. See how to install Metasploitable 2.

To perform as automated scan, click on “Quick start” and give the URL to attack and then click on “Attack”.

The time taken to scan the entire website depends on the size of the target website. The good thing about OWASP ZAP is that it displays results as soon as it finds them. Any vulnerability can be found on the alerts tab highlighted in the image given below.

When you click on the “alerts” tab, all the vulnerabilities are displayed based on their severity. The one that interests you should by the one in red flags.

For example, here Zaproxy detected a path traversal or local file inclusion vulnerability. When you click on the vulnerability, it displays the URL where the vulnerability was detected.

When you double click on the alert, a new window opens with an elaborate description of the vulnerability detected and with a POC to be see it in action and even the solution to the vulnerability.

Copy the URL and paste it in a browser. Here as suggested by Zaproxy, the /etc/passwd/ of the target system can be seen.

Posted on

Complete guide to cryptography

Hello, aspiring ethical hackers. In this blogpost, you will learn about cryptography or in the cybersecurity sense about encryption. The word cryptography came from a Greek word kryptos which means “hidden secret” and it plays a very important role in cybersecurity.

What is cryptography?

Cryptography is the study of secure communication techniques. It is closely associated with encryption which is an act of taking an ordinary text and scrambling it to transform it in to cipher text. The aim of this encryption is to make sure that the message is only understood by someone which it is intended to.

Types of Cryptographic techniques

There are three types of cryptographic techniques. They are,

  1. Single key cryptographic system (Symmetric encryption)
  2. Public key cryptographic system (Asymmetric encryption)
  3. Hash Functions.

What is a cryptographic key?

A cryptographic key is a string of characters used with an encryption algorithm to transform data into a scrambled form or cipher text.

What is an encryption algorithm?

An encryption algorithm is the method used to transform plain text to cipher text.

1. Symmetric encryption (Single key cryptographic system)

In symmetric encryption, a single key is used to both encrypt and decrypt data.

Hence it is known as single key cryptographic system. Symmetric encryption is very fast and hence used wherever speed is required for encryption. For example, it is used for encrypting credit card information and other confidential information, making malware and virus Fully Undetectable (FUD) etc. There are various encryption algorithms. The most popular encryption algorithms are DES, 2DES, 3DES, AES, IDEA, RC4, RC5, RC6, Blowfish etc.

2. Public key cryptographic system or asymmetric encryption (PKCS):

Also known as asymmetric encryption, Public key cryptographic system (PKCS) uses two keys: Public key and Private key. The data is encrypted with the Public key and can only be decrypted with private key or vice versa.

Since two different keys are used for encryption and decryption, even if any attacker knows about the key used for encryption there is no threat to any data. It is more secure than the single key cryptographic system but a bit slow. This is used in online communications like HTTPS, digital signatures etc. Example of Public key cryptography system algorithms are RSA, Diffie-Hellman etc.

3. Hash Functions or Message Digests:

A hash function is a versatile one-way cryptographic algorithm that converts plain text to a fixed length of encrypted text which is known as a message digest or simply a hash. A hash is known as a one-way function since once it encrypted it cannot be decrypted but (or decrypting it is very complex and difficult). Hash functions and message digests are used whenever the decrypting is not needed like hashing the passwords etc. Example of hash functions are MD5, SHA-1, SHA-512, RIPEMD etc.

Posted on

Beginners guide to IoT security

Hello, aspiring ethical hackers. In this blogpost you will learn about IoT security or Internet of Things (IoT) security. But before you understand IOT security, you need to understand what Information of Things (IOT) is.

What is Information of Things (IoT)?

A few years back, getting an internet connection to our home was a bit rare and costly. I remember most of my friends had a computer at home but nobody had internet. Nowadays, even device (that once existed without the need of internet) can be connected to the internet.

These devices include lightbulbs, security cameras, fans, Refrigerator, Washing machine and almost all the devices of a smart home. They are connected to internet to add comfort to humans. All these devices are together known as Internet of Things (IOT).

Unlike your computer, laptop or mobile, these devices don’t need any human interaction to connect to internet.

What is IoT security?

As you should have figured out by now, IoT security is ensuring the security of these devices to protect your network.

What are various threats to IoT security?

Every device that is connected to internet is vulnerable to hacking. MIRAI botnet proved it. Internet of Things (IoT) devices are built with usability and human comfort in mind. The most common threats to IOT devices are.

1. Firmware vulnerabilities:

Every digital device has a firmware which is similar to a operating system on a computer. However, it cannot by easily updated as a operating system. So, once a vulnerability is detected in the firmware and exploited in an IOT device, it is difficult to upgrade or patch it.

2. Credential attacks:

Although IoT devices come with credentials, these are default credentials that hat are insecure and easy to guess. In most IoT devices, these credentials cannot even be reset or changed. So, any attacker can easily guess the credentials, take control of the devices.

3. Man-in-the-Middle attacks:

Man in the middle (MiTM) attacks are just not limited to computers and servers. It is also possible to perform packet sniffing and password sniffing between the IOT device and the server it is connecting to. If the transmission is taking place in clear text, hackers can sniff on it.

4. Physical access attacks:

Most IoT devices are placed in easily accessible locations. If hackers can get hold of this device, they can take control of the device.

Posted on

Beginners guide to Cloud security

Hello, aspiring ethical hackers. In this blogpost, you will learn about cloud security. Before you learn about cloud security, you need to have a basic idea about what is cloud computing or cloud. Let me give you an example. Have you ever used Gmail or any other email service? What do you do to check your email? You open a browser or email client and go to the URL of the email service, enter your credentials and finally read your mails or start composing an email. Have you ever thought where all the mails are stored? Definitely not on your own system. They are stored elsewhere. Well, this is exactly how cloud computing works.

What is cloud computing?

Cloud computing is providing of computer system resources like data storage, computing power, networking, servers and software etc over the internet on demand.

Types of Cloud computing

Services in cloud can be provided as per anyone’s need with customization. However, there are three models of cloud computing that are generally preferred.

1. Infrastructure as a Service (IaaS):

In this model of cloud service, customers rent the building blocks of computing like servers (physical or virtual), storage and networking. It is usually rented by those organizations which want to have complete control over their cloud. The needed software and applications are installed by the organization.

2. Platform as a Service (PaaS):

What if organization or users don’t have the technical know how about installing everything on their rented hardware on cloud. The PaaS model comes to their rescue. This model comes with the installation of required tools and software along with basic computing resources provided in IaaS. For example, imagine you want to rent a WAMP server on cloud. Along with the basic computing resources, it comes with a Windows 10 machine with WAMP server installed on it. You still have to create the websites to be hosted on the WAMP server.

3. Software as a service (SaaS):

The most popular cloud model, it provides just all the resources and software you need. For example, let’s just say you rented a WordPress website on cloud for you. All you have to do is login into the WordPress website on your browser and upload blogposts. Rest all the cloud provider takes care for you.

What is Cloud Security?

Cloud security is the concept of providing security to the cloud-based systems from all the usual threats and dangers of cyber security. Cloud security is the responsibility of both the cloud service provider and the end user.

What are some cloud security threats?

Systems in cloud are vulnerable to all threats usual networks do like zero-day-vulnerabilities, DoS, phishing and malware etc.

Posted on

Beginners guide to Bluetooth hacking

Hello, aspiring ethical hackers. In this blogpost, you can learn about Bluetooth hacking. Bluetooth is a short-range wireless technology standard used for exchange of data between devices.

Bluetooth is mainly used as an alternative to exchange of data using wires. The range of Bluetooth is very short may be over 10 meters.

What is Bluetooth hacking?

Exploitation of vulnerabilities in Bluetooth technology standard to hack Bluetooth enabled devices is known as Bluetooth hacking.

Modes of Bluetooth

A Bluetooth device can be set in two modes. Discoverable and Non-Discoverable.

  1. Discoverable: In discoverable mode, the Bluetooth device is visible to other Bluetooth enables devices.
  2. Non-discoverable: As you should have guessed by now, in this mode, the device is not visible to other Bluetooth enabled devices.

Pairing modes

Similarly, Bluetooth has two pairing modes. They are Pairable mode and Non-pairable mode.

  1. Pairable mode: In this mode, the Bluetooth device accepts the pairing request upon requested.
  2. Non-pairable mode: In non-pairable mode, the Bluetooth device rejects the pairing attempt.

Various Bluetooth based attacks

There are various Bluetooth based attacks. Some of them are,

1. Bluejacking:

Bluejacking is the attack in which an attacker can send messages to other users from the victim’s phone using Bluetooth.

2. Blue snarfing:

In this attack, an attacker can exploit Bluetooth to steal sensitive data from the target mobile phone.

3. Bluesmacking:

Similar to Ping of Death DoS attack, in this attack, attacker sends a oversized ping packet using Bluetooth to the victim’s device causing a buffer overflow attack.

4. Bluebugging:

In this attack, the attacker gains access to the target’s device using Bluetooth without target user being aware of it.

5. Blueprinting:

In this attack, the attacker tries to printout the data information of the target user’s mobile phone.

6. MAC spoofing attack:

: In this attack, just like any MAC spoofing attack, the attacker spoofs the MAC address of the target user’s mobile phones.

7. Man in the Middle (MitM) attack:

The attacker places himself between two Bluetooth devices.

Impact of Bluetooth hacking

Bluetooth attacks can lead to various threats. These include,.

  1. Leak of calendars and address book.
  2. Sending spurious SMS messages.
  3. Bugging devices.
  4. Sending premium messages.
  5. Social engineering
  6. Installing malicious code