Tuesday, December 18, 2007

Nmap 10th Anniversary Edition (4.50) released

After Two Years a major version change in nmap is here.
The new nmap anniversary edition is available for download.
Here is what the mail from fyodor says

------------------------------------------------------------------------------------------------
FROM Fyodor

Hi everyone. I'm proud to say that Nmap has reached its 10th
anniversary since I released it in 1997, and it is still going strong!
To celebrate that, Nmap 4.50 has been released. It is the first
stable release in more than a year (there have been dozens of dev
releases), and the first major release since 4.00 two years ago.

In related good news, the movie Bourne Ultimatum was released to DVD
on Tuesday, and is currently the 3rd highest selling DVD on Amazon.
In this movie, the CIA needs to hack the mail server of a newspaper
(The Guardian UK) to read the email of a reporter they
assassinated. So they turn to Nmap and its new official GUI Zenmap
(part of the 4.50 release)! I have screenshots up on
http://insecure.org . Nmap has now appeared in at least five
movies--it has become quite the movie star!

The changelog shows 320 changes since 4.00 with a lot of great stuff
in this release! It has a brand new GUI and results viewer (Zenmap),
a scripting engine allowing you to write your own scripts for
high-performance network discovery (or use one of the 40 scripts
shipped with it), the 2nd generation OS detection system (now with
more than a thousand fingerprints), nearly 1,500 more version
detection signatures, and a lot more! You can read the full release
announcement, which describes the changes as well as future plans,
right here:

http://insecure.org/stf/Nmap-4.50-Release.html

Or if you are ready to jump right in, head to the download page:

http://insecure.org/nmap/download.html

We don't have an ad budget, so please help spread the word about the
new Nmap. The 4.00 release made Slashdot, Digg, etc. and this release
is even better!

And of course be sure to try it out yourself! Let us know on the
nmap-dev list if you encounter any problems. See
http://insecure.org/nmap/man/man-bugs.html .

Cheers,
Fyodor

------------------------------------------------------------------------------------------------
!!!!!   Cheeeeeeeerssss to  Fyodor !!!!!

Tuesday, December 4, 2007

An almost invisible ssh connection

In the worse case if you have to ssh on a box, do it every time
with no tty allocation

ssh -T user@host

If you connect to a host with this way, a command like "w" will not
show your connection. Better, add 'bash -i' at the end of the command to
simulate a shell

ssh -T user@host /bin/bash -i

Another trick with ssh is to use the -o option which allow you to
specify a particular know_hosts file (by default it's ~/.ssh/know_hosts).
The trick is to use -o with /dev/null:

ssh -o UserKnownHostsFile=/dev/null -T user@host /bin/bash -i

With this trick the IP of the box you connect to won't be logged in
know_hosts.

Using an alias is a good idea.

------------------------------------------------------------------
credits: An artical by Duvel in phrack magazine
------------------------------------------------------------------

Wednesday, October 17, 2007

DCOP: Scripting the KDE Desktop

KDE provides a powerful interprocess communication system in DCOP, the Desktop COmmunication Protocol. Using DCOP, you can control a wide range of functions in KDE from the command line or from a script written in your favorite scripting language. You can also get information out of KDE applications: for example, several KDE media players provide methods to query the player for information about the currently-playing track.

For the whole Artical can be seen HERE

I found this when I was trying to write a script that will change my desktop to the Daily comic strip Dilbert automatically
Then I found the DCOP command
Example
#dcop kdesktop KBackgroundIface setWallpaper /tmp/dilbert.gif 1

The Above command will change your desktop wallpaper to /tmp/dilbert.gif

If any one interested to see the script the script is at link given bellow
python script source code

Sunday, October 14, 2007

Script to Automate Download Google Videos

I had to download a large number of google videos this week. But I was fade up with the pasting the url in to sites like keepvid.com then click on the download links then downlaod videos. I had a defined list of videos to be downlaoded, so I decided to write my own programm to download these files automatically from a commandline program.
My program reads the filename given in the commndline and then treats each line of the file as a google video entry and filename given separated by pipe.
Format is as shown bellow

# cat testurl.txt
http://video.google.com/videoplay?docid=2889527841583480458|testvdo.flv
http://video.google.com/videoplay?docid=1332505621497959742|testvdo2.flv
#
(testurl.txt can be downloaded from HERE

The python code is as given bellow

Python Code File
I am too lazy to format code in blogger post, so I have uploaded the file.

Save the python code as file name getvdo.py
make sure you have testurl.txt file with the google video urls, then run the code by command given bellow
[code]
python getvdo.py testurl.txt
[/code]

Any suggestions welcome
Now Some LEGAL Crap

 Is this tool legal?

From http://www.google.com/terms_of_service.html: "You may not send
automated queries of any sort to Google's system without express
permission in advance from Google."

This means that you should not use this tool to query Google without
advance express permission. Google appliances, however, do not have these
limitations. You should, however, obtain advance express permission from
the owner or maintainer of the Google appliance before searching it with
any automated tool for various legal and moral reasons.

The author wrote this tool not to violate Google's terms of service (ToS)
but to automate some of his work.

Wednesday, August 22, 2007

Beware of Ankit Fadia

I have herd lots of times of newbies that they are very inspired by So called hacker Ankit Fadia, When I was in college I had also braught his first book on "Ethical Hacking"( which was full of CRAP). I herd he has started his own Certified Ethical Hacker courses, trying to fool people.
Some of my juniors were asking whether they should joined that course. First I thought it was CEH certification aided by these freaks. But it is not, it is Ankit Fadia Certified Ethical Hacker. I was could not stop laughing when I saw that this fellow has started his own certification course, which has offcourse ZERO value in any place you go. I have instructed my all contacts not to go for this kind of crap.
I am realy amzed what kinda effects the indian media has created about this Ankit fadia. Well I think that indian media is not that literate about the information security.

I recommend to readers not waste your time and money on the any crap from Mr Ankit Fadia.

Read other people's thoughts about ankit fadia at these urls

http://attrition.org/errata/www/fadia1.html
http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009654.html

Here are some more links about crap of Ankit Fadia

http://kalpeshsharma.wordpress.com/ - Article by security consultant about Fadia
http://forum.techspot.in/showthread.php?t=2380 - Article from some one who attended Fadia's seminar

Here is official site of Fadia CEH
http://www.hackingmobilephones.com/afceh/

Some crap conteent from his Course Details page is as bellow

Want to be recognized for your computer security expertise? Want to be considered amongst the best security gurus in the world? Want to climb up the career ladder and improve your global job prospects? Want to be trained and certified by world renowned author and computer security guru? Want to become an ANKIT FADIA CERTIFIED ETHICAL HACKER?

ROFL

Friday, July 27, 2007

How to implement Proxy ARP on linux box

Note If you dont know what is proxy arp then stop reading this
and read this first http://en.wikipedia.org/wiki/Proxy_arp

The scenario before implementation of Proxy ARP is as bellow (Before Proxy ARP)
There is a server (10.10.10.3) on the LAN (10.10.10.0/24) that
we want to put in to DMZ. But normally if we move the server we
have to change its ip address and put it into different lan network
But by using proxy arp we can port the server to DMZ without changing
any configuration like ip address.

Before proxy ARP

|
| eth1
+-------+
|Linux |-- eth2
|Box |
+-------+
|
| eth0
| 10.10.10.0/24
|
----|---|--------|----------
| |
10.10.10.3 10.10.10.?
Server


After implementation of the Proxy arp we can put the Server directly connected to eth2
without changing its ip address.

To implement proxy ARP following steps should be followed

1.Turn on the proxy ARP option on the selected interfaces
To do this we have to put value 1 in to the proc file.

echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/eth2/proxy_arp

2. Delete Route of LAN from eth0

route del -net 10.10.10.0 netmask 255.255.255.0 dev eth0

3. Add Routes for proxy ARP

route add 10.10.10.3 dev eth0
route add -net 10.10.10.0 netmask 255.255.255.0 dev eth0

Now the Proxy ARP is working and the Systems in the LAN (10.10.10.0/24) will
be able to communicate with server (10.10.10.3) similar to what that was before
proxy arp. Now you can put the iptables rules to prevent/allow access the server if you want.

After Proxy ARP

|
| eth1
+-------+
|Linux |------- 10.10.10.3
|Box | eth2
+-------+
|
| eth0
| 10.10.10.0/24
|
----|---|--------|----
| |

Wednesday, July 18, 2007

Lack of Information Security Conern in India - Part 2

Continuing from where I left...
The only sector which has a little bit of sense of security is the financial sector.
That too they have learned from the foreign financial institutes. There has been lots
of wire frauds, cracking in the financial sector. Lots of time this kind of cracking is
done by a script kiddie.
(For the Dummies: Script Kiddie is a person who just downloads
some programs and try to attack on a computer system without understanding what the program
does. I have also seen conditions where the script kiddies are using some windowz cracking program
against the linux sytems)
The most famous crack in the financial sector is phishing ( pronounced as Fishing).
Phishing is done by using social engineering techniques. Phishers attempt to fraudulently acquire
sensitive information, such as usernames, passwords and credit card details, by acting as a mail came from the financial institute. eBay and PayPal are two of the most targeted companies, and online banks are also common targets.
Phishing also work most of the times when there is no concern about security in the users mind. No I have a concern for
security. i know that no bank in the world will ask me to send my password in the mail. But lots of normal users dont
understand this. Phishing also used Fake websites lots of times. But if the user is carefull to look at the url bar to
see that the url of the site is different that the url user is visiting then harm can be avoided. I know some of you will say that there are some java scripts that try to cover the address bar by a image of the leagal url. But this type
of phishing is more sophisticated and not that much in numbers. (If we disable javascript for unknown site we can stop this kind of attack.) Lot more phishing is done by script kiddies than the pros. I wont say we will be 100% percent secure but with a little bit of awareness we can avoid these script kiddies. So I again say that awareness in people is must.

Sunday, July 8, 2007

Lack of Information Security Conern in India


When 2-3 Days Ago I was watching some news of one indian university network was hacked by some nygerian hacker. News channel was telling that he hacked their mail server. And stole their economic information.I am very much surprise that how much ignorance is in theindian people aobut the importance of the information security.
    I have seen in my own university also. When I was university I was able to get the root access of the linux system very easly that was giving shared access to the students. Also I was able to torjen the whole network, every PC wasunder my control. Though I did not do any damage, (damaging system never gains anything, unless you are getting paid to damge the system, but a real hacker will never damage the system) I was very surprise to see the lack of security. There were more than 80 computers having internet access on which I had installed RAT (Remote Access Trojan) So if I wished I could use them as Bot-Network to do any kind of attack.
      I think the history repeats itself, as in america first the hackers and system security were not given any notice. But when cracker get in the situation, they started damaging systems, or shutting down telphone networks, etc. Then one day american governmentgot awake of sudden and started hunting the hackers. India also is on the samepath. You will be surprised to hear that one fren of mine who is in marketing the firewall and IDS (Intruder Detection System) tell me that the product is not sold by how much security it provides but most of the times to just manage the network bandwidth, block the URLs for users. He says he has till this date not mate with a CTO who has genuine interest in the security of his network. After some big attacks by some cracker the people will awake. But do we want this ?
   I think the people should become aware before such things. We should make people aware of things. In my later blogs I will try to handle more such issues.
   -neo