- gamertag: [none]
- user homepage:
More and more players on Xbox Live are getting scammed and easily approached, especially on the Halo franchise. So I decided to make a little paper describing protection and how this is done.
Phishing -
One of the most commonly used web attacks right now, most users give a tip such as 'look at the URL' but that doesn't stop users from buying a domain such as websitename.org and scamming users that don't notice. Although DNS spoofing is less common, this isn't.
If someone gets access to you're box, they can easily redirect all traffic to point to a certain web IP, once this is done the user can redirect to a phisher, ActiveX malware attack, etc, etc.
But there is an easy way to protect you're self from this, you can use link scanner, or you can use a web scanner like Acunetix that researches the website given via GET and POST methods and gives you the directory/vulnerability results. Although this fills access.logs up, it can help prove a scam.
Most users use FTP or SMTP for log transfers, thus usually resembling an HTML code, if you see a form redirecting to a website that offers SMTP transfers (logs, birthday, etc) then that usually means once you insert you're password, its sent and logged to that email.
Prevention? Simple, contact the host about it and the scam will end, but that doesn't stop users from creating a PHP script to send logs to a .txt file that is .htaccess'd. Although this can be stopped if you report abuse to their webhost.
ALWAYS CHECK THE SOURCE, always, even if you're DNS is hijacked, if you clear your DNS cache it will be solved, and if you check the source, and images are sent to a different website, that is usually a sign of scam.
Pharming -
Not a common attack anymore, but SFX is not looked into. We can set up a .rar file and extend an SFX command to change the HOSTS file for us, thus making a website like Myspace.com point to a different web IP address.
Not much about this unfortunately.
XSS -
XSS is one of the most common web vulnerabilities on the net right now, you insert an alert box via javascript, and if you get results sent back, that means the website is vulnerable to Javascript insertion. You can also use stuff like iframe and h1 to see if it's vulnerable to HTML injection, if it is, you can redirect to a malicious website that has malware via activex, codec trojan, etc, etc.
Now you're thinking, well what can I do with a simple alert box? "One insertion is temporary, and the other is permanent"
Depending on settings the website recognizes, the alert box can remain permanent.
XSS has its uses, lets say you wanted to get a cookie logger running ASAP! You can use document.title() and then encode you're URL and make it seem legit, once the user visits the link, whatever you titled will come up (download, phisher, etc) .
What else can you do? You can use script src and uload malicious .js files.
If you wanted to, you can link a user the document.title to link cookies and make the redirection of the formed cookie to a webhost that synchronizes cookies and saves them in a .txt file.
What can be done with cookies? A user can use HTTP headers and reform his cookies and once refreshed he can be logged on you're account until the session expires.
SQL injection -
Don't comprehend SQL injection on hosts that don't have SQL installed, sure there is XPATH injection, but this is SQL injection.
A user can use something like 1 OR 1=0 and basically recognize as nothing, then he can extract the users table and get hashed passwords in MD5 form, remember, salted hashes are secure, but non-salted will get an attacker somewhere near 1-10000 plain-text password if inserted into a GPU brute-forcer for MD5 hashes.
All that is required is the db information (what you want to extract, and from where)
remember, there are over 6 forms of SQL injection, one of the 2 are Blind SQL and second part SQL.
Server Side Includes -
This is a pretty small explanation I am going to give, but lets get to it.
Lets say an attacker has administrator access on a vB forum, and he wants that shell up, HE WANTS IT UP A.S.A.P, so what can he do? He can go to plugin controls and add a ajax code, then he can go to the link of the AJAX name he listed (such as ajax.php) and then he can ?global=UNIXCOMMAND
what that basically does is accept any commands globally (from UNIX of course) so lets say he wanted the shell up, he can wget the shell location, but remember, it has to be .txt format considering if we upload .php that would recognize the shell on the other website.
So once we do this, we can use something like "mv shell.txt shell.php" and then our shell will be accessible via /forumlocation/shell.php
We can also use forms of exec in search fields to execute server commands towards the server.
This was a set example, BTW!
Do you people want a tutorial like this again?