Traceroute : How it works

Traceroute is a computer network diagnostic tool for displaying the route (path) and measuring transit delays of packets across an Internet Protocol (IP) network. It utilizes the IP protocol’s time to live (TTL) field and attempts to elicit an ICMP TIME_EXCEEDED response from each gateway along the path to the host.

This tool verifies the path by which our packet should reach the destination, without actually sending the data. This post is not anything about how this tool works it’s rather about the concept this tools uses for fulfilling our purpose.

We can always refer the Linux man and info pages for gaining the knowledge about how to use this tool.

You should kow the basics first

Each IP packet that we send on the internet has a field called as TTL. TTL stands for Time To Live. we can measure TTL by the  no of hops. Its the maximum number of hops that a packet can travel through across the internet, before its discarded. Hops are the computers, routers, or any devices that comes in between the source and the destination. If there is no TTL in an IP packet, the packet will flow endlessly from one router to another and on and on forever searching for the destination. Operating System automatically handles TTL value, although we can change it with the help of few tools.

Now If the destination is not found after traveling through too many hops, the receiving router will drop the packet and informs the original sender. Let’s say I need to reach 8.8.8.8 Ip address, and my default TTL value is 30 hops. Which means i can travel a maximum of 30 hops to reach my destination, before which the packet is dropping. Each router that comes in between the source and destination will go on reducing the TTL value before sending to the next router.

Which means if i have a default TTL value of 30, then my first router will reduce it to 29 and then send that to the next router across the path. Again the receiving router will make it 28 and send to the next and so on. If a router receives a packet with TTl of 1, the packet will be discarded. But the router which discards the packet will inform the original sender that the TTL value has exceeded. Once the receiver gets the message he will come to know about the sender.

Read more

Back Refresh Attack Vulnerability on QualysGuard- Your browser’s back button can do more than you think !!


Hello Guys !! Hope the new year started good for you all. Continuing my previous statement of sometimes functionality leads to vulnerability..”, I am gonna start discussing this another feature of the browser which can lead to leaking sensitive information like your passwords and sometimes even you complete Credit Card details. Definitely there are scenarios and certain dependencies which we will go though in later in the post.

What Actually this vulnerability is !!

As you have already noticed the back and forward buttons of the browsers. These buttons simply navigate you to through the pages you have visited during your browsing history. So definitely browsers have the ability to maintain a recent record of pages that a users visits during the session. The back and forward button on browsers use this functionality to display the pages recently browsed.

In addition browsers also keep track of variables that were sent to server(Even by a POST Request) while you fetched any page.

These attractive feature enhances the user experience definitely but can be very harmful if the applications doesn’t handle it properly.

Read more

CSV Macro Injection

CSV Macro Injection : It’s rather a trick to abuse the functionality…

Application security is quite a tricky domain. Just imagine for all those years when you thought something as a functionality of the application and suddenly it turns out to be a vulnerability which can be exploited to take down your system completely. CSV Macro Injection/Formula Injection is also one of those. We will look into it in detail that how a simple and such useful feature can become vulnerable and abuse the complete CIA triangle.

We can’t deny the usefulness of spreadsheets in our daily IT/Non-IT life. If you have bulk data and you want it to edit, sort, represent, compute(we really can do more stuffs than this as well) repetitively the excel and CSV is the correct file format for you. In computing, a comma-separated values (CSV) file stores tabular data (numbers and text) in plain text. Each line of the file is a data record.

Each record consists of one or more fields, separated by commas. The use of the comma as a field separator is the source of the name for this file format. The CSV file format is not standard. The basic idea of separating fields with a comma is clear, but that idea complicates when the field data may also contain commas or even line-breaks. CSV implementations may not handle such field data, or they may use quotation marks to surround the field. Quotation does not solve everything: some fields may need embedded quotation marks, so a CSV implementation may include escape characters or escape sequences.

Read more

Is your CAPTCHA Strong enough !!

We have seen a lot of DoS (Denial of Service) attacks in recent times. An old but promising solution to DoS attacks in web applications is to have CAPTCHA implemented in the publicly available form/pages.  However, all CAPTCHA implementations are not quite safe, and some implementations would give the user a headache.

man image

There are recent developments on simplifying CAPTCHA- But on simplifying, some developers forget the purpose of CAPTCHA.
Well, what is the purpose of using CAPTCHA?

In simple words CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a program to ‘ensure’ that the user is a human.

Almost 80% of custom CAPTCHA implementations are found to be unsafe during our evaluations. So what all are the measures to make sure the application has safe and simple CAPTCHA?

Read more

iOS Mobile Application Security Assessment for Beginners

1333190248_342008618_7-apple-i-phone-apple-i-pad-or-blackberry-mobile-repair-indiaWhy Mobile Application Security?

With the ever increasing penetration of Mobile apps into our day to day life, it’s imperative that Mobile Applications will be at the behest of hackers and Security professionals likewise.

Thanks to phenomenal advances in mobile device capabilities, everything from shopping, banking, recharge, booking tickets and many such activities are performed with the help of a smart phone alone. Hackers are finding more ways to steal data through mobile applications. 

Read more

Understanding and Testing Web Services – Part 1

V1sXtMost of the time folks find it really difficult to test web services. It is because we don't have proper knowledge of web services. Before any testing it is important to understand the system, we should know what can be the positive and negative sides of the technology and implementations of that application. Lets dive into the depth of web service testing. To provide a better security solution to the web service we should  have a brief understanding of web services, their architectural styles, their constraints and their characteristics that are responsible for their strength as well as weakness.

Read more

Shadows are there to protect your Passwords (How Shadow-Utils is storing your password in Linux)

Computers_Password_guessing_041153_

Our world would have been exponentially more peaceful if there was no fear of theft. We would’ve left our doors open but still enjoyed our privacy and security. Unfortunately looking at the current scenario, that’s a rather impossible fiasco. And hence the need for doors and locks.

A similar case is applicable for the digital world where we have to assure complete data security. The simplest yet most important way to protect ones data even today remains with the use of passwords and robust access management systems.
Read more

No CAPTCHA reCAPTCHA

CAPTCHA-cartoonHow many times you feel affronted while reading those stupid numbers or words and re-entering it just to prove that you are a human. We call them CAPTCHA(Completely Automated Public Turing test to tell Computers and Humans Apart) and recommend it to avoid several kind of flooding attacks, brute force attacks and sometimes even for CSRF attacks.
It's time-consuming as well as frustrating.

Read more

SQL Injection- Not a Cup of Cake

What is SQL Injection:

I have gone through many SQL Injectioimagesn tutorials before writing this post. One thing was common at every place, the queries coming from the readers. Many people don’t know what actually SQL Injection is. They think that they can easily enter into the database and make some changes, or they can simply inject some query and will have the username and password of the administrator. Well !!! Till some extent the concept is true but it is not that much easy.

Read more

1 2