FOG FLAMES

Install Flock browser on Linux Ubuntu

noreply@blogger.com (H Z) — Mon, 14 Sep 2009 17:49:00 +0000

Flock Flock is a web browser that specializes in providing social networking features and other Web 2.0 features on the display interface. This is based browser Mozilla Firefox browser code.

Flock browser is very suitable to be used by those who can be called too 'often' use of social networking website like Facebook, Twitter, Youtube, MySpace and others because there are some features that would facilitate users to access their favorite sites.

Easy access to Facebook, the ease of video search on Youtube and several other features, will allow its users. And because it is based on Mozilla Firefox, so we can add the Add-On to complete the Add-On is already there.

Flock can be downloaded free of charge and available for Windows, Mac OS X and Linux.

This time we will try to install the Flock browser on Linux Ubuntu. For testing purposes I use Ubuntu 9.04 Jaunty and likely most of the steps in this tutorial can be used by Linux distros other.

1. Download Flock

You can download Flock of the following web page. http://flock.com/versions
Make sure you choose to download a version of Linux, located on the right.
Save on your desktop for easy.

2. Extract

Right-click on the file you downloaded Flock. Select Extract here and then the desktop will display a folder called 'flock'.

3. Use the root access

There will be 3 ways to become root so you can install Flock on the system. The first one, you are logged in as root, and it is not recommended. The second, you can do it by typing sudo on each command to be used and do it in the terminal, of course inconvenient for who is unfamiliar. And the third which I recommend is to open a terminal and type.

flames@h4ntu: ~ $ sudo nautilus

4. Move Flock

Command in the number 3 will open the nautilus file manager. See the flock in the desktop folder (/ home / flames / Desktop / flock) and then right click and select Copy. Still in nautilus now Paste the folder that flock to the directory / opt. To test whether you have correctly installed flock then run the following command from a terminal:
flames@h4ntu: ~ $ / opt / flock / flock-browser

5. Create link

Now you create a link to the flock so that programs can be run by the user. Type the following command in a terminal:

flames@h4ntu: ~ $ sudo ln-s / opt / flock / flock-browser / usr / bin / flock-browser

6. Create shortcut

In order to create a shortcut flock, be it in the menu bar or desktop, follow these steps:

System - Preferences - Main Menu

In the Applications menu on the left you select Internet and then click New Item is located on the right.

Fill in the blank boxes with information such as the following:

Type: Application
Name: Flock
Command: flock-browser
Comment: Flock Browser

Still in the same window, see picture icons on the left. Ubuntu has provided the default icon for the Flock, but it is not the original icon Flock. To change click on the icon and enter the address on the original icon Flock empty box at the Browse window icons:

/ opt/flock/icons/mozicon128.png

It's finished, now you can see Flock in the Applications menu - Internet - Flock. Next, you just put a shortcut on the menu Flock Panel or the Desktop menu, how to right click on the Applications menu - Internet - Flock and select Add this launcher to Panel or Add this launcher to desktop.

Problem After Re-install windows, dual boot with Ubuntu

noreply@blogger.com (H Z) — Mon, 14 Sep 2009 17:32:00 +0000

This problem often happens when we are to re-install windows, then ubuntu boot menu will be lost. how to overcome them:

Booting with Cd installer Ubuntu
Open Terminal
Type: sudo grub and enter
find /boot/grub/stage1

Malware Hash Fox

noreply@blogger.com (H Z) — Wed, 17 Jun 2009 06:38:00 +0000

Malware Hash Fox is a plugin for Mozilla Firefox Web Browser compatible with most Operating Systems (Windows,Linux,Mac). The plugin will scan every downloaded file for presence of computer viruses and trojans using the malwarehash.com online service.
Some features of the plugin are:

Scan downloaded files for presence of viruses;
View analysis report;
Automatically delete infected files;
Enable/Disable the plugin.

Version 1.0
Date: 26/04/2009
Size: 37kb

Download From : Mozilla Firefox addson

Download From : Malwarehash

Installing Metasploit on Ubuntu/Kubuntu/Debian Linux

noreply@blogger.com (H Z) — Tue, 09 Jun 2009 08:20:00 +0000

At this time, no package exists for Metasploit 3. In order to use the Metasploit Framework on Ubuntu or Debian distributions of Linux, the following packages need to be installed:

# apt-get install ruby libruby rdoc
# apt-get install libyaml-ruby
# apt-get install libzlib-ruby
# apt-get install libopenssl-ruby
# apt-get install libdl-ruby
# apt-get install libreadline-ruby
# apt-get install libiconv-ruby
# apt-get install rubygems *

*The RubyGems package may need to be manually downloaded and installed.
If you would like to use the experimental GUI, you will need to install the following packages:

# apt-get install libgtk2-ruby libglade2-ruby

If you would like to use the online update feature, you will need to install the "subversion" package as well. Once the pre-requisites have been installed, download the Unix tarball from Framework Website and extract it to the directory of your choice. If everything was installed
correctly, execute the interface of your choice to get started (msfconsole, msfweb, etc).

Nmap 4.85BETA6 now avail w/Conficker detection

noreply@blogger.com (H Z) — Thu, 30 Apr 2009 05:38:00 +0000

The Conficker worm is receiving a lot of attention because of its vast scale (millions of machines infected) and advanced update mechanisms. Conficker isn't the end of the Internet (despite some of that hype), but it is a huge nuisance we can all help to clean up.

Thanks to excellent research by Tillmann Werner and Felix Leder of The Honeynet Project and implementation work by Ron Bowes, David Fifield, Brandon Enright, and Fyodor, we've rolled out a new Nmap release which can remotely scan for and detect infected machines. Nmap 4.85BETA7 is now available from the Nmap Site, including official binaries for Windows and Mac OS X. To scan for Conficker, use a command such as:
nmap -PN -T4 -p139,445 -n -v --script smb-check-vulns,smb-os-discovery --script-args safe=1 [targetnetworks]

You will only see Conficker-related output if either port 139 or 445 are open on a host. A clean machine reports at the bottom: “Conficker: Likely CLEAN”, while likely infected machines say: “Conficker: Likely INFECTED”

for more info :

http://seclists.org/nmap-hackers/2009/0001.html
http://seclists.org/nmap-dev/2009/q1/0869.html
http://insecure.org/
http://www.doxpara.com/

Nmap Download

Ubuntu 9.04

noreply@blogger.com (H Z) — Wed, 22 Apr 2009 08:04:00 +0000

There are only two days left until the third Alpha version of the upcoming Ubuntu 9.04 (Jaunty Jackalope) will be available...

BackTrack 4 Beta Public Released

noreply@blogger.com (H Z) — Thu, 12 Feb 2009 04:56:00 +0000

The Remote Exploit Development Team has just announced BackTrack 4 Beta. BackTrack is a Linux based LiveCD intended for security testing and we’ve been watching the project since the very early days. They say this new beta is both stable and usable. They’ve moved towards behaving like an actual distribution: it’s based on Debian core, they use Ubuntu software, and they’re running their own BackTrack repositories for future updates. There are a lot of new features, but the one we’re most interested in is the built in Pico card support. You can use the FPGAs to generate rainbow tables and do lookups for things like WPA, GSM, and Bluetooth cracking.

Downloads:

BackTrack ISO | md5sum and sha512sum

VMWare images are available here | md5sum and sha512sum

Hack In The Box Security Conference 2009 - Dubai

noreply@blogger.com (H Z) — Tue, 20 Jan 2009 07:41:00 +0000

Welcome to the official homepage of HITBSecConf2009 - Dubai. The main aim of the HITBSecConf conference series is to create a truly technical and deep knowledge event in order to allow you to learn first hand on the security threats you face in todays super connected world. The HITBSecConf platform is used to enable the dissemination, discussion and sharing of critical network security information.

Presented by respected members of both the mainstream network security arena as well as the underground or black hat community, our events routinely highlight new and ground-breaking attack and defense methods that have not been seen or discussed in public before. HITBSecConf2009 - Dubai will be our 3rd conference in the UAE and is expected to attract over 200 delegates from the GCC, Europe, North America and the Asia Pacific region. Come and learn from some of the leading experts in the network security arena.

HITBSecConf2009 - Dubai will also see our highly popular attack-only Capture The Flag competition being organized once again. This years contest will also include an additional binary reversing challenge as well! We believe HITBSecConf is an ideal platform for leading network security vendors to not only meet with some of the leading network security specialists but to also showcase their own technology and solutions with the public as well.

Venue: Sheraton Dubai Creek,
Baniyas/Creek Road,
Dubai, UAE

Technical Training - DAY 1 and DAY 2
Date: 20th and 21st April 2009
Time: 0900 - 1700

TECH TRAINING 1 - Web Application Security - Threats and Countermeasures
TECH TRAINING 2 - 802.11 Ninjitsu
TECH TRAINING 3 - The Exploit Laboratory 3.0

Conference DAY 1 and DAY 2
Date: 22nd and 23rd April 2009
Time: 0900 - 1700

Dual Track Conference
Capture The Flag (CTF)

------------------------------------------------------------------------------------------------

EVENT ORGANIZER

TITANIUM SPONSOR
(POST CONFERENCE RECEPTION)
SUPPORTED AND ENDORSED BY

SUPPORTING ORGANIZATIONS

SUPPORTING MEDIA

For more Info Go : http://conference.hitb.org/hitbsecconf2009dubai/

Best Security Live CD Distros

noreply@blogger.com (H Z) — Mon, 12 Jan 2009 07:49:00 +0000

BackTrack

The newest contender on the block of course is BackTrack, which we have spoken about previously. An innovative merge between WHax and Auditor (WHax formely WHoppix).

BackTrack is the result of the merging of two Innovative Penetration Testing live Linux distributions Whax and Auditor, combining the best features from both distributions, and paying special attention to small details, this is probably the best version of either distributions to ever come out.

Based on SLAX (Slackware), BackTrack provides user modularity. This means the distribution can be easily customised by the user to include personal scripts, additional tools, customised kernels, etc.

Get BackTrack Here.

Russix

Russix is a Slax based Wireless Live Linux. It has been designed to be light (circa 230Mb) and dedicated purely to wireless auditing. It is not a script kiddy phishing tool and as such, while it will allow you to break a WEP key in 6 key strokes and conduct an "Evil Twin" attack in less than 5!

Project Home Page: http://www.russix.com

Operator

Operator is a very fully featured LiveCD totally oriented around network security (with open source tools of course).

Operator is a complete Linux (Debian) distribution that runs from a single bootable CD and runs entirely in RAM. The Operator contains an extensive set of Open Source network security tools that can be used for monitoring and discovering networks. This virtually can turn any PC into a network security pen-testing device without having to install any software. Operator also contains a set of computer forensic and data recovery tools that can be used to assist you in data retrieval on the local system.

Get Operator Here

PHLAK
PHLAK or [P]rofessional [H]acker’s [L]inux [A]ssault [K]it is a modular live security Linux distribution (a.k.a LiveCD). PHLAK comes with two light gui’s (fluxbox and XFCE4), many security tools, and a spiral notebook full of security documentation. PHLAK is a derivative of Morphix, created by Alex de Landgraaf.

Mainly based around Penetration Testing, PHLAK is a must have for any pro hacker/pen-tester.

Get PHLAK Here (You can find a PHLAK Mirror Here as the page often seems be down).

Auditor

Auditor although now underway merging with WHax is still an excellent choice.

The Auditor security collection is a Live-System based on KNOPPIX. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes. Independent of the hardware in use, the Auditor security collection offers a standardised working environment, so that the build-up of know-how and remote support is made easier.

Get Auditor Here

L.A.S Linux

L.A.S Linux or Local Area Security has been around quite some time aswell, although development has been a bit slow lately it’s still a useful CD to have. It has always aimed to fit on a MiniCD (180MB).

Local Area Security Linux is a ‘Live CD’ distribution with a strong emphasis on security tools and small footprint. We currently have 2 different versions of L.A.S. to fit two specific needs - MAIN and SECSERV. This project is released under the terms of GPL.

Get L.A.S Linux Here

Knoppix-STD

Horrible name I know! But it’s not a sexually trasmitted disease, trust me.

STD is a Linux-based Security Tool. Actually, it is a collection of hundreds if not thousands of open source security tools. It’s a Live Linux Distro, which means it runs from a bootable CD in memory without changing the native operating system of the host computer. Its sole purpose in life is to put as many security tools at your disposal with as slick an interface as it can.

Get Knoppix-STD Here

Helix

Helix is more on the forensics and incident response side than the networking or pen-testing side. Still a very useful tool to carry.

Helix is a customized distribution of the Knoppix Live Linux CD. Helix is more than just a bootable live CD. You can still boot into a customized Linux environment that includes customized linux kernels, excellent hardware detection and many applications dedicated to Incident Response and Forensics.

Get Helix Here

Anonym.OS

Anonym.OS is an OpenBSD 3.8 Live CD with strong tools for anonymizing and encrypting connections. Standard network applications are provided and configured to take advantage of the tor onion routing network.

Project Home Page: http://theory.kaos.to/projects.html

F.I.R.E

A little out of date, but still considered the strongest bootable forensics solution (of the open-source kind). Also has a few pen-testing tools on it.

FIRE is a portable bootable cdrom based distribution with the goal of providing an immediate environment to perform forensic analysis, incident response, data recovery, virus scanning and vulnerability assessment.

Get F.I.R.E Here

nUbuntu

nUbuntu or Network Ubuntu is fairly much a newcomer in the LiveCD arena as Ubuntu, on which it is based, is pretty new itself.

The main goal of nUbuntu is to create a distribution which is derived from the Ubuntu distribution, and add packages related to security testing, and remove unneeded packages, such as Gnome, Openoffice.org, and Evolution. nUbuntu is the result of an idea two people had to create a new distribution for the learning experience.

Get nUbuntu Here

INSERT Rescue Security Toolkit

A strong all around contender with no particular focus on any area (has network analysis, disaster recovery, antivirus, forensics and so-on).

INSERT is a complete, bootable linux system. It comes with a graphical user interface running the fluxbox window manager while still being sufficiently small to fit on a credit card-sized CD-ROM.

The current version is based on Linux kernel 2.6.12.5 and Knoppix 4.0.2

Get INSERT Here

Extra - Knoppix

Remember this is the innovator and pretty much the basis of all these other distros, so check it out and keep a copy on you at all times!

Not strictly a security distro, but definately the most streamlined and smooth LiveCD distribution. The new version (soon to be released - Knoppix 5) has seamless NTFS writing enabled with libntfs+fuse.

KNOPPIX is a bootable CD or DVD with a collection of GNU/Linux software, automatic hardware detection, and support for many graphics cards, sound cards, SCSI and USB devices and other peripherals. KNOPPIX can be used as a productive Linux desktop, educational CD, rescue system, or adapted and used as a platform for commercial software product demos. It is not necessary to install anything on a hard disk.

Get Knoppix Here

Other Useful Resources:

SecurityDistros
FrozenTech LiveCD List
DistroWatch

Others to consider (Out of date or very new):

SlackPen
ThePacketMaster
Trinux
WarLinux
Network Security Toolkit
BrutalWare
KCPentrix
Plan-B
PENToo

openSUSE 11.1 is Out

noreply@blogger.com (H Z) — Tue, 06 Jan 2009 04:19:00 +0000

The 11.1 release includes a ton of new features and improvements, an improved

desktop experience with GNOME 2.24 and KDE 4.1.3, OpenOffice.org 3.0, YaST
improvements, updated Linux kernel, and much more.

Learn more about the release over on openSUSE News, and then head over to the

download page to grab openSUSE 11.1

Taken From : www.opensuse.org

SQL Injection Prevention

noreply@blogger.com (H Z) — Tue, 06 Jan 2009 04:05:00 +0000

f you have ever taken raw user input and inserted it into a MySQL database
there's a chance that you have left yourself wide open for a security issue
known as SQL Injection. This lesson will teach you how to help prevent
this from happening and help you secure your scripts and MySQL statements.

What is SQL Injection

SQL injection refers to the
act of someone inserting a MySQL statement to be run on your database without
your knowledge. Injection usually occurs when you ask a user for input, like
their name, and instead of a name they give you a MySQL statement that you will
unknowingly run on your database.

SQL Injection Example

Below is a sample string that has been gathered from a normal user and a bad
user trying to use SQL Injection. We asked the users for their login, which will
be used to run a SELECT statement to get their information.

MySQL & PHP Code:

// a good user's name $name = "timmy"; $query = "SELECT * FROM customers WHERE username = '$name'"; echo "Normal: " . $query . " "; // user input that uses SQL Injection $name_bad = "' OR 1'"; // our MySQL query builder, however, not a very safe one $query_bad = "SELECT * FROM customers WHERE username = '$name_bad'"; // display what the new query will look like, with injection echo "Injection: " . $query_bad;

Display:

Normal: SELECT * FROM customers WHERE username = 'timmy' Injection: SELECT * FROM customers WHERE username = '' OR 1''

The normal query is no problem, as our MySQL statement will just select
everything from customers that has a username equal to timmy.

However, the injection attack has actually made our query behave
differently than we intended. By using a single quote (') they have ended the
string part of our MySQL query

username = ' '

and then added on to our WHERE statement with an OR clause of 1 (always
true).

username = ' ' OR 1

This OR clause of 1 will always be true and so every single entry
in the "customers" table would be selected by this statement!

More Serious SQL Injection Attacks

Although the above example displayed a situation where an attacker could
possibly get access to a lot of information they shouldn't have, the attacks can
be a lot worse. For example an attacker could empty out a table by executing a
DELETE statement.

MySQL & PHP Code:

$name_evil = "'; DELETE FROM customers WHERE 1 or username = '"; // our MySQL query builder really should check for injection $query_evil = "SELECT * FROM customers WHERE username = '$name_evil'"; // the new evil injection query would include a DELETE statement echo "Injection: " . $query_evil;

Display:

SELECT * FROM customers WHERE username = ' '; DELETE FROM customers WHERE 1 or username = ' '

If you were run this query, then the injected DELETE statement would
completely empty your "customers" table. Now that you know this is a problem,
how can you prevent it?

Injection Prevention - mysql_real_escape_string()

Lucky for you, this problem has been known for a while and PHP has a
specially-made function to prevent these attacks. All you need to do is use the
mouthful of a function mysql_real_escape_string.

What mysql_real_escape_string does is take a string that is going to
be used in a MySQL query and return the same string with all SQL Injection
attempts safely escaped. Basically, it will replace those troublesome quotes(')
a user might enter with a MySQL-safe substitute, an escaped quote \'.

Lets try out this function on our two previous injection attacks and see how
it works.

MySQL & PHP Code:

//NOTE: you must be connected to the database to use this function! // connect to MySQL $name_bad = "' OR 1'"; $name_bad = mysql_real_escape_string($name_bad); $query_bad = "SELECT * FROM customers WHERE username = '$name_bad'"; echo "Escaped Bad Injection: " . $query_bad . " "; $name_evil = "'; DELETE FROM customers WHERE 1 or username = '"; $name_evil = mysql_real_escape_string($name_evil); $query_evil = "SELECT * FROM customers WHERE username = '$name_evil'"; echo "Escaped Evil Injection: " . $query_evil;

Display:

Escaped Bad Injection: SELECT * FROM customers WHERE username = '\' OR 1\'' Escaped Evil Injection: SELECT * FROM customers WHERE username = '\'; DELETE FROM customers WHERE 1 or username = \''

Notice that those evil quotes have been escaped with a backslash \,
preventing the injection attack. Now all these queries will do is try to find a
username that is just completely ridiculous:

Bad: \' OR 1\'

Evil: \'; DELETE FROM customers WHERE 1 or username = \'

And I don't think we have to worry about those silly usernames getting access
to our MySQL database. So please do use the handy mysql_real_escape_string()
function to help prevent SQL Injection attacks on your websites. You have no
excuse not to use it after reading this lesson!

Tscrack

noreply@blogger.com (H Z) — Wed, 10 Dec 2008 08:45:00 +0000

Tscrack was one of the first Remote Desktop password-cracking tools to be released. While it is nothing more than a brute force password guesser that throws a predetermined list of passwords at a Remote Desktop logon session, it can test over 20 passwords a minute, with several different options available during the testing. In addition, tscrack can use other information, such as the domain name, which could help in cracking the password. To execute this program against the target of the RDP file. TScrack is a dictionary based (rather than bruteforce) password cracker for Microsoft Windows Terminal Services (RDP).

tscrack -t -w passwords.txt -l administrator -D mshome.net 192.168.0.101

Remote Assistance

Ethereal capture of Remote Assistance request

Remote Assistance is similar to the Remote Desktop, except that it allows two people to be connected to a computer at one time. Typically, a novice who needs the help of a technician will use this program. To receive help, the novice selects the Remote Assistance option from his Help page and sends the technician an email, MSN message, or file that allows the technician to connect to the computer. Unlike Remote Desktop, which is typically protected by a password, Remote Assistance does not have to be protected by a password. This can cause security problems. Unfortunately, the Remote Assistance file is nothing more than an encrypted link that is sent as plain text to the technician. Therefore, any sniffer can see the link and a hacker can potentially recreate the link and connect to the novice's computer instead of the technician. With a little social engineering, the hacker could talk the novice into giving the hacker full control and then could install a backdoor (or more) in a few minutes.

[Download]

Volume invisible on Ubuntu Desktop

noreply@blogger.com (H Z) — Mon, 17 Nov 2008 05:57:00 +0000

I try to Posting The Simple Triks...
How to invisible Mounted Drive in Ubuntu Desktop.....

Open Terminal and and write: " gconf-editor "

And we will see Konfiguration Editor Menu

and Go to " APP --> Natilus --> Desktop "

Uncheck Volume_invisible

Google Chrome (BETA) for Windows

noreply@blogger.com (H Z) — Fri, 12 Sep 2008 09:17:00 +0000

Google Chrome (BETA) for Windows

Google Chrome is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.

Google says Chrome will provide more speed, stability and security for Web users, and combined with Google Gears, which allows users to take Web-based applications offline.

Chrome also is fuelling talk about where Google itself is headed. Some say Google's effort may be as much proof-of-concept as future product in terms of showing Microsoft, Mozilla, Apple and others what can be done, and prodding them to upgrade their own browser software.

Still others believe there will eventually be a showdown with Microsoft and a Google end-run at building an enterprise computing business. Clearly Chrome could not have been timed better to coincide with Microsoft's Beta 2 release of Internet Explorer 8, a juxtaposition that Google explained as a inadvertent leak of a comic book trumpeting the browser's virtues.

"Google has generated a lot of excitement," says Forrester analyst Sheri McLeish." But it is a beta and from an enterprise perspective it is not ready for serious consideration as a replacement for IE."

Download Google Chrome

IPNetInfo v1.16 - Retrieves IP Address Information

noreply@blogger.com (H Z) — Fri, 12 Sep 2008 08:53:00 +0000

IPNetInfo is a small utility that allows you to easily find all available information about an IP address: The owner of the IP address, the country/state name, IP addresses range, contact information (address, phone, fax, and email), and more.

This utility can be very useful for finding the origin of unsolicited mail. You can simply copy the message headers from your email software and paste them into IPNetInfo utility. IPNetInfo automatically extracts all IP addresses from the message headers, and displays the information about these IP addresses.

How does it work ?

The IP address information is retrieved by sending a request to the whois server of ARIN. If ARIN doesn't maintain the information about the requested IP address, a second request is sent to the whois server of RIPE, APNIC, LACNIC or AfriNIC.

After the IP address information is retrieved, IPNetInfo analyzes the Whois record and displays it in a table.

Download IPNetInfo v1.16 in

Acunetix Web Vulnerability Scanner

noreply@blogger.com (H Z) — Wed, 10 Sep 2008 09:51:00 +0000

Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing.

if web applications are not secure, then your entire database of sensitive information is at serious risk. Why?

Websites and related web applications must be available 24 x 7 to provide the required service to customers, employees, suppliers and other stakeholders
Firewalls and SSL provide no protection against web application hacking, simply because access to the website has to be made public
Web applications often have direct access to backend data such as customer databases and, hence, control valuable data and are much more difficult to secure
Custom applications are more susceptible to attack because they involve a lesser degree of testing than off-the-shelf software
Hackers prefer gaining access to the sensitive data because of the immense pay-offs in selling the data.

Zenmap

noreply@blogger.com (H Z) — Wed, 10 Sep 2008 09:41:00 +0000

Zenmap is the official Nmap Security Scanner GUI. It is a multi-platform (Linux, Windows, Mac OS X, BSD, etc.) free and open source application which aims to make Nmap easy for beginners to use while providing advanced features for experienced Nmap users. Frequently used scans can be saved as profiles to make them easy to run repeatedly. A command creator allows interactive creation of Nmap command lines. Scan results can be saved and viewed later. Saved scan results can be compared with one another to see how they differ. The results of recent scans are stored in a searchable database.

You can download Zenmap (often packaged with Nmap itself) from the Nmap download page. Zenmap is quite intuitive, but you can learn more about using it from the Zenmap User's Guide or check out the Zenmap man page for some quick reference information.

L0phtcrack

noreply@blogger.com (H Z) — Wed, 10 Sep 2008 09:33:00 +0000

L0phtcrack : Windows password auditing and recovery application
L0phtCrack, also known as LC5, attempts to crack Windows passwords from hashes which it can obtain (given proper access) from stand-alone Windows NT/2000 workstations, networked servers, primary domain controllers, or Active Directory. In some cases it can sniff the hashes off the wire. It also has numerous methods of generating password guesses (dictionary, brute force, etc). LC5 was discontinued by Symantec in 2006, but you can still find the LC5 installer floating around. The free trial only lasts 15 days, and Symantec won't sell you a key, so you'll either have to cease using it or find a key generator. Since it is no longer maintained, you are probably better off trying Cain and Abel, John the Ripper, or Ophcrack instead.

THC Hydra

noreply@blogger.com (H Z) — Wed, 10 Sep 2008 09:28:00 +0000

THC Hydra : A Fast network authentication cracker which support many different services.
When you need to brute force crack a remote authentication service, Hydra is often the tool of choice. It can perform rapid dictionary attacks against more then 30 protocols, including telnet, ftp, http, https, smb, several databases, and much more. Like THC Amap this release is from the fine folks at THC.

John the Ripper

noreply@blogger.com (H Z) — Thu, 04 Sep 2008 09:53:00 +0000

John the Ripper : A powerful, flexible, and fast multi-platform password hash cracker John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types which are most commonly found on various Unix flavors, as well as Kerberos AFS and Windows NT/2000/XP LM hashes. Several other hash types are added with contributed patches. You will want to start with some wordlists, which you can find

Preventing SQL Injection Attacks

noreply@blogger.com (H Z) — Wed, 03 Sep 2008 10:06:00 +0000

Keep your code secure against intruders. In this article we provide examples of SQL injection attacks and how you can write code to prevent them. Stop people from getting information from your database.

In a previous article we provided some examples of how intruders will try to attack your site using Cross-site Scripting (XSS) attacks. In an XSS attack, the attacker tries to use client-side methods of injecting client-side script and then high-jacking a user's session. Now, we're going to provide some examples of a server-side attack where an intruder will try to obtain information from within your database. After the examples, we will go through methods of securing your code against these types of attacks.

SQL injection attacks take advantage of code that does not filter input that is being entered directly into a form. Susceptible applications are applications that take direct user input and then generate dynamic SQL that is executed via back-end code. For example say you have a logon form that accepts a user name and password. Once authenticated against the database, the application then sets a session value, or some other token for allowing the user to access the protected data.

Take a logon form for example, here you have two basic form elements, a textbox for accepting a user name, and a password box for the password.

Then in the code behind:

Dim SQL As String = "SELECT Count(*) FROM Users WHERE UserName = '" & _
username.text & "' AND Password = '" & password.text & "'"
Dim thisCommand As SQLCommand = New SQLCommand(SQL, Connection)
Dim thisCount As Integer = thisCommand.ExecuteScalar()

In the previous code block it executes the built SQL script directly, if count is greater than one, then you know the values entered in for the user name and password were the ones matching the database.

Now with that code in the previous example, suppose someone entered the following string into your username text box:

' or 0=0 --

The apostrophe will close the username value being sent to the SQL query, then pass another argument to the SQL query, after the last argument it then comments out the rest of the query using the "--". Since the second argument they entered into your texbox is an "or" statement, the first check on the user name doesn't matter, and since 0 is always going to equal 0 the script will execute successfully and return a positive logon. Guess what? Your intruder now has access to your application.

Ok so maybe they can logon into your application, but what else can they do? Let's take another example of SQL injection, as in the previous example of using the apostrophe to terminate the value, and proceed on to another argument, lets do this, but using something that can really ruin your application's data and day:

'; drop table users --

Definitely something that can ruin your day. Of course this type of an attack you'll probably notice pretty quick. Other SQL commands can then be entered to determine your database's structure, and return all user names and passwords from the database. You make it even easier for the attacker if you do not provide some ambiguous error message and provide the error message returned from .NET. This error message can provide critical information they need to determine what to enter in your form in order to obtain information.

SQL Injection Prevention

One method of preventing SQL injection is to avoid the use of dynamically generated SQL in your code. By using parameterized queries and stored procedures, you then make it impossible for SQL injection to occur against your application. For example, the previous SQL query could have been done in the following way in order to avoid the attack demonstrated in the example:

Dim thisCommand As SQLCommand = New SQLCommand("SELECT Count(*) " & _
"FROM Users WHERE UserName = @username AND Password = @password", Connection)
thisCommand.Parameters.Add ("@username", SqlDbType.VarChar).Value = username
thisCommand.Parameters.Add ("@password", SqlDbType.VarChar).Value = password
Dim thisCount As Integer = thisCommand.ExecuteScalar()

By passing parameters you avoid many types of SQL injection attacks, and even better method of securing your database access is to use stored procedures. Stored procedures can secure your database by restricting objects within the database to specific accounts, and permitting the accounts to just execute stored procedures. Your code then does all database access using this one account that only has access to execute stored procedures. You do not provide this account any other permissions, such as write, which would allow an attacker to enter in SQL statement to executed against your database. Any interaction to your database would have to be done using a stored procedure which you wrote and is in the database itself, which is usually inaccessible to a perimeter network or DMZ.

So if you wanted to do the authentication via a stored procedure, it may look like the following:

Dim thisCommand As SQLCommand = New SqlCommand ("proc_CheckLogon", Connection)
thisCommand.CommandType = CommandType.StoredProcedure
thisCommand.Parameters.Add ("@username", SqlDbType.VarChar).Value = username
thisCommand.Parameters.Add ("@password", SqlDbType.VarChar).Value = password
thisCommand.Parameters.Add ("@return", SqlDbType.Int).Direction = ParameterDirection.ReturnValue
Dim thisCount As Integer = thisCommand.ExecuteScalar()

Finally, ensure you provide very little information to the user when an error does occur. If there is database access failure, make sure you don't dump out the entire error message. Always try to provide the least amount of information possible to the users. Besides, do you want them to start helping you to debug your code? If not, why provide them with debugging information?

By following these tips for your database access you're on your way to preventing unwanted eyes from viewing your data.

By: Patrick Santry, Microsoft MVP (ASP/ASP.NET), developer of this site, author of books on Web technologies, and member of the DotNetNuke core development team. If you're interested in the services provided by Patrick, visit his company Website at Santry.com.

Crack Windows Password With Back|track

noreply@blogger.com (H Z) — Tue, 02 Sep 2008 09:15:00 +0000

BackTrack is the most Top rated linux live distribution focused on penetration testing. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes.

It's evolved from the merge of the two wide spread distributions - Whax and Auditor Security Collection. By joining forces and replacing these distributions, BackTrack has gained massive popularity and was voted in 2006 as the #1 Security Live Distribution by insecure.org. Security professionals as well as new comers are using BackTrack as their favorite toolset all over the globe.

BackTrack has a long history and was based on many different linux distributions until it is now based on a Slackware linux distribution and the corresponding live-CD scripts by Tomas M. (www.slax.org) . Every package, kernel configuration and script is optimized to be used by security penetration testers. Patches and automation have been added, applied or developed to provide a neat and ready-to-go environment.

After coming into a stable development procedure during the last releases and consolidating feedbacks and addition, the team was focused to support more and newer hardware as well as provide more flexibility and modularity by restructuring the build and maintenance processes. With the current version, most applications are built as individual modules which help to speed up the maintenance releases and fixes.

Because Metasploit is one of the key tools for most analysts it is tightly integrated into BackTrack and both projects collaborate together to always provide an on-the-edge implementation of Metasploit within the BackTrack CD-Rom images or the upcoming remote-exploit.org distributed and maintained virtualization images (like VMWare images appliances).

Being superior while staying easy to use is key to a good security live cd. We took things a step further and aligned BackTrack to penetration testing methodologies and assessment frameworks (ISSAF and OSSTMM). This will help our professional users during their daily reporting nightmares.

Currently BackTrack consists of more than 300 different up-to-date tools which are logically structured according to the work flow of security professionals. This structure allows even newcomers to find the related tools to a certain task to be accomplished. New technologies and testing techniques are merged into BackTrack as soon as possible to keep it up-to-date From : Remote-Exploit.

Now we Crack Windows Password With Back|track.

Step one boot with cd backtrack and login:

User : root
Password : toor

and open terminal with command :

bt~# mount

this command for check windows partation.. backtrack can read windows partation or not

and now look line 5 [ /dev/hda1 on /mnt/hda1 type ntfs (ro, noatime) ]
the meaning is, partation NTFS has been mount to directory /mnt/hda1 and now we cant acces windows file
with backtrack. this partation has mount with acces "read only" [ro] the meaning...we cannot change or
write in this directory.

and now we acces password windows directory [ \WINDOWS\system32\config\ ]

bt~# ls -l /mnt/hda1/WINDOWS/system32/config/sam

and now our mission to got syskey! for got this syskey we can use bkhive program.
bt~# bkhive /mnt/hda1/WINDOWS/system32/config/system my_syskey

bt~# ls -l

windows has put password in sam file....this password has been encrypt with windows system
and now we try to got hash from windows sam file
what program we use? we can use "samdump2"....this program has been packed in backtrack

bt~# samdump2 /mnt/hda1/WINDOWS/system32/config/sam my_syskey

look this screen shot.... we got the hash value from windows password...
and we must crack again with program ophcrack aor john the Ripper.. on this case im use a john the Ripper for cracking :)

first we must save the password hash to txt file.. with command:

bt~# samdump2 /mnt/hda1/WINDOWS/system32/config/sam my_syskey > hash.txt

bt~# ls -l

and now has save the hash in txt file with name "hash.txt"

Now John the Ripper ready to cracking...

bt~# /pentest/password/Jhon-1.7.2/run/John hash.txt

bt~# /pentest/password/Jhon-1.7.2/run/John.pot

oops the password found [ POTONGAN ]... but i dont understand why John the Ripper separated
the end alphabet [ N ]

but we can show the password again with command:

bt~# /pentest/password/Jhon-1.7.2/run/John --show hash.txt

done...happy cracking :) and sorry about my bad engglish !

Distributed Denial of Service

noreply@blogger.com (H Z) — Thu, 28 Aug 2008 10:23:00 +0000

This is by far the most deadly of all denial of service attacks, since an easy fix is hard to come by. Instead of just installing the latest hardware and software, network administrators will usually need extra help with these types of attacks.A distributed denial of service attack, or DDoS, is much like the ping flood method, only multiple computers are being used. In this instance, the computers that are being used may or may not be aware of the fact that they are attacking a website or network. Trojans and viruses commonly give the hacker control of a computer, and thus, the ability to use them for attack. In this case the victim computers are called zombies.

A DDoS attack is very tough to overcome. The first thing to do is to contact your hosting provider or internet service provider, depending on what is under attack. They will usually be able to filter out the bulk of the traffic based on where it’s coming from. For more large-scale attacks, you’ll have to become more creative.

If you have access to your router, and are running a Cisco brand, enter the following command into your router command prompt: No ip verify unicast reverse-path.

This will ensure that attackers can’t spoof their IP address. This will still be a problem for zombie computers however, since those IP addresses aren’t spoofed at all. In this case, you can do one of several things.

Options in DDoS Prevention

1. Hire a security company to assess and repair the damage
2. Buy an intrusion detection system (IDS)

As a last resort, the traffic can be routed to a sink hole, which will route all traffic elsewhere until a solution can be obtained. This will route good traffic and bad traffic- so this is usually not a good choice

SYN flood attack

noreply@blogger.com (H Z) — Thu, 28 Aug 2008 10:17:00 +0000

The SYN flood attack takes advantage of the TCP three-way handshake. This method operates two separate ways. Both methods attempt to start a three-way handshake, but not complete it. You can view the proper three-way handshake below.

The first attack method can be achieved when the attacker sends a synchronize request, or SYN, with a spoofed IP address. When the server tries to send back a SYN-ACK request, or synchronize-acknowledge request, it will obviously not get a response. This means that the server never obtains the client’s ACK request, and resources are left half-open.

Alternatively, the attacker can just choose to not send the acknowledgement request. Both of these methods stall the server, who is patiently waiting for the ACK request. Thankfully, this hole in the three-way handshake has been patched for years, just like the ping of death attack. Should you suspect that your older devices are the subject of this attack, upgrade them immediately.

Fedora 9 on a USB Drive

noreply@blogger.com (H Z) — Thu, 21 Aug 2008 05:42:00 +0000

This week's release of the Fedora 9 Linux distribution makes putting a full-fledged desktop on a portable USB thumb drive a three-click affair. Even better, you don't need Linux installed to create it, you can leave the data on your thumb drive untouched, and any files you create or settings you tweak remain in place the next time you boot up. After the jump, let's create a fully-functional desktop-to-go using a simple Windows program and a 1GB or larger thumb drive.

Why Fedora?

Turning a live CD ISO into a bootable USB image has been possible for some time now, but it usually involves some heavy lifting with the command line, and almost always in Linux. Fedora's liveusb-creator program makes USB imaging dead simple, and the Fedora distribution itself has a lot going for it. The latest "community" version of Red Hat's Linux package benefits from the same updates to the GNOME desktop that Ubuntu's Hardy Heron includes, and KDE fans get a pretty full-featured version that runs on the customizable KDE 4. You can see a full list of updates and improvements to Fedora 9 here, but it's best to check it out for yourself. Here's how.

Make your live USB

First we'll need to grab Fedora's liveusb-creator tool by grabbing the zip file listed under "Download," extracting it and running the liveusb-creator.exe file found inside in Windows.

The top options on the window let you choose to use a live Fedora CD image you've already downloaded or have the tool grab a copy of the standard Fedora 9 disc itself. If you'd rather grab the file yourself or download it through a torrent, use one of the links listed under "live media"
at the Fedora Project. Plug in your USB drive if you haven't already, and make sure it's selected in the "Target" field. Don't worry about files you've got on there—as long as the tool has space to put Fedora on there, it won't touch your other files.

The slider to the right is the most important part—"Persistent Overlay" is the space on the thumb drive you want to use for storing your files and settings. The Fedora system itself is going to take up roughly the size of a stuffed CD; using an empty 1GB thumb drive, I chose 205MB for the overlay, which left 63MB free, but you can scale that up for larger drives or down if you want more free space. Keep in mind that any files you store on the drive itself can be accessed from inside your USB-booted system, so a bigger persistent overlay isn't always necessary.

Hit "Create Live USB," and watch the creator do its thing. Once it's done, your stick is probably ready to get plugged in and booted up.

Fix booting problems

I say "probably" because there's a chance, especially if you've done some formatting or other live-booting experiments, that you'll get an error at boot-up stating there's "No partition active" or something similar. If that's the case, head to your Start menu's "Run" command ("Start search" box in Vista), type in diskpart and hit Enter. You'll get a "DISKPART>" command prompt, where you should follow these commands to mark your USB drive as "active."

list disk (Note the number that corresponds to your USB drive, usually "1")
select disk 1 (Assuming "1" was your USB drive
list partition (If you multi-partitioned your USB drive, select the right one, otherwise we'll assume "1")
select partition 1
active
exit

Customize your persistent desktop

Now you should be set to boot into Fedora 9. You'll see a splash screen counting down from 10 when you boot (hit Enter twice to speed it up), and you'll land at a desktop that's pretty much a fresh Fedora 9 install. You can access to your USB drive's files from here, connect to a wired or wireless network with the icon in the upper-right system tray, and you've got a solid set of built-in applications—Firefox 3 Beta 5, the GIMP, Pidgin, the Transmission BitTorrent client, and a pretty nifty Bluetooth manager, to name a few.

Want to add Thunderbird or OpenOffice.org? Head to the upper-left menus and click to System->Administration->Add/Remove Programs. Anything you install goes into your "persistent overlay," so as long as you've got space for it, you can add whatever you'd like.

Now it's time to explore and get familiar with a GNOME-based Linux system (or KDE 4, depending on which image you grabbed). Here are a few suggestions on helpful tweaks you might want to make once you're set up:

Enable your NTFS drives: If you've loaded a USB Fedora on a system with Windows installed, you'll want to open up Add/Remove Programs, search for "ntfs-config," and install that package. From the System menu again, choose NTFS Config, and you can select the drives you want to have access to.
Sync data with your Windows apps: Once you can see your NTFS drives on your desktop, you can use your established settings in Firefox 3, Thunderbird, Pidgin, and other apps if you're booting on the same system as Windows. Check out guide to dual-booting with shared data; if you're using Firefox 2 in Windows and only want to replicate bookmarks in Fedora, the GMarks synchronizer has updated to support versions 3 and 2.
Turn off annoying system sounds: One misstep Fedora makes, at least in my opinion, is enabling by default a slew of little chirps and whistles every time you click or do something. To silence them, head to System-Preferences->Hardware->Sound, click the "System" tab, and un-check the "Enable system sounds" box.

You've now got a portable system that's great for rescuing un-bootable computers, bringing your favorite work apps on the go, or just testing out Linux with realistic performance and custom options. What apps and tweaks have you made to your own live USB system?