How To Crack A WPA Key With Aircrack-ng

With the increase in popularity of wireless networks and mobile computing, an overall understanding of common security issues has become not only relevant, but very necessary for both home users and IT professionals alike. This article is aimed at illustrating current security flaws in WPA/WPA2. Successfully cracking a wireless network assumes some basic familiarity with networking principles and terminology. To successfully crack WPA/WPA2, you first need to be able to set your wireless network card in "monitor" mode to passively capture packets without being associated with a network. One of the best free utilities for monitoring wireless traffic and cracking WPA-PSK/WPA2 keys is the aircrack-ng suite, which we will use throughout this article. It has both Linux and Windows versions (provided your network card is supported under Windows).

Java Hits Another Roadblock - Found To Be A Threat For Browsers

Java has been the most talked about application in the past couple of months. Not because of its functionality but due to its inability to refrain from being attacked and exploited. Oracle has released emergency security patches to deal with the vulnerabilities in Java but to no avail. Java has been attacked over and over again by free-rollers and experts alike using various tactics.

DOM Based XSS In Microsoft

Lately, i have been researching on DOM based XSS a bit, In my previous post i talked about the DOM based XSS i found inside AVG, DOM based XSS is caused due to lack of input filtering inside client side javascripts, since most of the code is moving towards client side, therefore DOM based xss have been very common now a days, It is predicted by the experts that the DOM based xss mostly occurs in the websites that heavily rely upon javascripts.

How Attackers Spread Malware With Java Drive by?

Hello RHA fans,

We are back with a new tutorial. Well making a malicious virus is one thing but how to spread it? Or how hackers hunt for victims? Well you will definitely be disappointed when you’ll know that this trick fails sometimes! Victims are now mostly aware of the old social engineering stuff.  But cheers up my friend there's no end, i will show you a very effective methods that attackers use to spread malicious viruses/worms.

Cisco ZeroClipboard Swf File XSS

The security of  the target website depends upon the number of vectors an attacker knows, The more vectors an attacker knows the more chances he would have for compromising your website. One of the reasons why i have managed to secure my places in most of the security hall of fames was that i did not tried a single attack vectors, i tested a the target for lots of different attack vectors, one of them was swf. swf files are commonly found on mots of the websites. Though there are lots of other vulnerabilities for swf files, however i would stick to the topic of this post and would leave other's for upcoming posts.

Vulnerability Discovered In iPhone - Poses Serious Threat To Users

Another vulnerability has been discovered on iPhone that could allow hackers to remotely control it. Skycure, an Israeli company, states it to be a major flaw in iOS configuration which could post a malware threat.

A file known as mobileconf is being attacked due to this vulnerability. This file is used by phones carriers to configure system-level settings including WiFi, VPN, email and APN.

Skycure's CEO, Adi Sharabani, has taken the exploit to a test drive to explain how an iPhone can be controlled while retrieving victim's location and other sensitive information.

600% Increase In Cyber Attacks: WebSense Releases Threat Report 2013

One thing I love more than writing is online threat reports - all the blood, sweat and tears combined with the satisfaction of discovery and elimination of the threat. Ahh! The moment you come to the realisation that there are smarter people in this world who can shoot you point-blank without ever being caught. Yes, brutality is the name, the name of the game!

Vulnerabilities Fixed in App Store Almost After A Year

It is being reported that Apple has ignored its network's security for more than a year. A problem that a  Google developer has pointed out.

Google Researcher, Elie Bursztein has stated on this blog that he had informed Apple of the security problems present in App Store that allowed attackers to steal passwords and/or install unwanted or expensive applications.

How To Dodge Android 4.1.2 Passcode Lock - Vulnerability Exploited And Explained

Do you want to elude Note II's security even for a brief moment? With iOS 6.1.2 being owned by hackers, it was time that someone took a look at Android's vulnerabilities.

The method that we are going to explain to you to bypass Android's security was found by Terence Eden on Samsung Galaxy Note II running Android 4.1.2. It allows users to temporarily get around the phone's lock screen without a password.

The Rise Of Ethical Hackers - Let The Bounty Hunting Begin!

Well, well well! It seems like our own favourite ethical hacker, Rafay Baloch, is about to meet the clan  with whom he shares his talents! If you still haven't figured out who R.B is, please do your homework before falling in love with us! (yes, I said it!)

Security researchers and ethical hackers are massing up in Vancouver at the CanSecWest conference this time of the year. The crowd is going to be equipped and ready to hunt down every vulnerability possible in Chrome, Internet, Explorer and Java (good riddance since Java has attacked over and over again since 2013 began). And in doing so, they will be able to bag generous cash prizes.

Java Zero-Day Vulnerabilities Fixed By Oracle

We recently reported two Java zero-day vulnerabilities that were spotted in the wild by FireEye now identified as the CVE-2013-1493 and CVE-2013-0809. One of these (CVE-2103-1493) was exploited by hackers to install McRat, an executable file, onto the user's machine and was therefore found to be more critical than the other.

MySQL Injection Time Based

We have already written a couple of posts on SQL Injection techniques, Such as "SQL Injection Union Based", "Blind SQL Injection" and last but not least "Common problems faced while performing SQL Injection", However how could the series miss the "Time based SQL injection" technqiues, @yappare has came with another excellent post, which explains how this attack can be used to perfrom wide variety of attacks, over to @yappare.

Hey everyone! Its another post by me again, @yappare. Today as I promised to our Mr Rafay previously that i would write a tutorial for RHA on MySQL Time based technique, here's a simple tutorial on MySQL Time Based SQLi, Before that, as usual here are some good references for those interested in SQLi

How Hackers Make Botnets To Infect Systems [Part 2]

Hello RHA readers, we are back with How To Setup A Botnet [Tutorial For Noobs] [Part 2]. Those who haven't read previous part than check the first part in order to understand part two, as it is the sequel of How to setup a Botnet.

Part 1: How To Setup A Botnet [Tutorial For Noobs] [Part 1]

Another Java Zero-Day Vulnerability Spotted In The Wild

So, you thought you were out of the woods with Java? Bad news. You aren't. Another Java zero-day vulnerability has been found in the wild by FireEye.

Java v1.6 and Java v1.7 Update 15 on browsers are being targeted this time around. The previously unknown and unpatched vulnerability exploits browsers to install a remote-access trojan named McRat.

McRat is a Windows Trojan therefore Windows users are prone to such an attack. It is not clear whether Mac and Linux users are at risk as well.

Exploiting XSS Vulnerabilites With Xenotix


Cross Site Scripting or XSS vulnerabilities have been reported and exploited since 1990s. XSS got listed as the top 3rd Vulnerability in the OWASP 2013 Web application Vulnerabilities list. Cross-site scripting (XSS) is a type of security vulnerability typically found in web applications which allows the attackers to inject client-side script into web pages viewed by other users. The execution of the injected code takes place at client side. A cross site scripting vulnerability can be used by the attacker to bypass the Same Origin Policy (SOP). In the past, the potentials of XSS vulnerability were not known. XSS was mainly used for stealing cookies and for temporary or permanent defacements and was not considered as high risk vulnerability. But later XSS tunneling and Payload delivering showed us the potential of XSS Vulnerability. Most of the large websites like Google, Facebook, Twitter, Microsoft, and Amazon etc. even now suffers from XSS bugs. That’s a brief introduction about XSS.

How Hackers Make Botnets To Infect Systems [Part 1]

Today, I would tell you step by step on how you can setup your own botnet and start playing with it, Botnet could be used to perform wide variety of attacks including spreading malware, DDOS attacks mostly. One of the most famous botnet was "ZEUS" that was widely used to stealing credit cards information. This article has been divided into two parts where in the first part the i will show you how to setup a botnet and in the second part, i will show you what can be done with the "Botnet". 

Part2 Published: How To Setup Botnet Part 2

Anonymous Hacks Bank Of America

Anonymous has gained a lot of stardom (good and bad) by crashing websites and hacking government servers. Anonymous usually come in handy when a particular person/s come together to raise a voice against certain injustices. If you take an example, Julian Assange from WikiLeaks would be the best one.
Rafay Baloch is an Independent security researcher, Internet marketer, Entrepreneur and a SEO consultant, He is the founder of RHA blog and multiple other blogs. Rafay got famous after finding a Remote Code Execution bug inside PayPal for which PayPal awarded him a sum of 10,000$ Read More..

Join In!

RHA © 2013. All Rights Reserved.