Social Icons

Wednesday, November 28, 2012

ESSPEE : eth0 issue in Installation

1.   First thing first ...what's ESSPEE.So friends who are aware of whats Backtrack R3....ESSPEE is a derivative of BackTrack 5, based on Ubuntu 12.04. Designed for users who wish to use only free software. It is packed with featured security tools with stable configurations....and now for those of you who wish to know the expanded form of ESSPEE ...its EXTREME SECURITY SCANNING PENETRATION TESTING & EXPLOITATION ENVIRONMENT.....:-)

2.   So after downloading this from  here...and after installing I came across a small issue of eth0 NIC not being detected unlike regularly where it gets detected automatically vide a DHCP config.So the answer is a small tweak that is required while selecting the Mac address of the eth0 as shown in the screen shot below :

(Click on the image to ENLARGE)

3.    That's it....and now ur internet will be on with network adapter configured to NAT....


Saturday, November 24, 2012

Detecting a MALICIOUS PDF:PDFid @ BACKTRACK 5 R3


1.    Adobe, who gave us the the ever comfortable PDF..thats the "Portable Document Format" in the early 1990's never thought like how this can become a security threat by the simple action of opening it only....yess!!!this post will give a small insight of how things really work behind the scene in execution of a malicious PDF....

2.  So first of all...how a PDF becomes a malicious document?The answer to this question is simple embedding of a JAVA SCRIPT, that is not seen but only executed once a PDF is opened....no antivirus will be able to identify of what malicious thing lies behind a normal PDF that u and me use daily...so if u scan a malicious PDF with your Antivirus,it is veri unlikely to be caught....how do we know then whether a PDF is malicious or not?...thats what this post shows here....I came across a tool known as PDFid in the BACKTRACK R3 that I was running in Virtual Box.

3.   Few lines about the tool....this was developed by Didier Stevens who blogs at http://blog.didierstevens.com/.So this helps us to differentiate between PDF Documents that could be malicious and those that are unlikely to be....The tool is based on the fact that that a  typical PDF File comprises of header, objects, cross-reference table (to locate objects), and trailer.So , if there is a tool that can find out if any one of them is available in this PDF...things can become easier...so like for example...if a PDF that has no purpose of embedding or holding a JS inside it,then a eye brow raise is certain as to why should it be there....so PDFid tool comes to rescue us out of this question...First the typical structure of a PDF with its one line explanation is given below :

“/OpenAction” and “/AA” (Additional Action) specifies the script or action to run automatically.

 “/Names”, “/AcroForm”, “/Action” can also specify and launch scripts or actions.

“/JavaScript” specifies JavaScript to run.

 “/GoTo*” changes the view to a specified destination within the PDF or in another PDF file.

 “/Launch” launches a program or opens a document.

“/URI” accesses a resource by its URL.

“/SubmitForm” and “/GoToR” can send data to URL.

“/RichMedia” can be used to embed Flash in PDF.

“/ObjStm” can hide objects inside an Object Stream.

4. So now I have set up a VB machine running BTR3 that would run this tool and find out if the PDF that I have analyzed is malicious or not? These are the screen shots showing a step by step scene of how u do it....


(Click on the Image to ENLARGE)

(Click on the Image to ENLARGE)

(Click on the Image to ENLARGE)

(Click on the Image to ENLARGE)

5.   So the last screen shows the final result...for those of you who find this little complicated I will upload a video cast of this soon....

Monday, November 19, 2012

Thursday, November 15, 2012

McAfee : Runs on Windows/Linux and from Police

1.    Strange is the heading and so is the story....according to the news doing the rounds in cyber space.Anti-virus software pioneer John McAfee says he is moving every four hours to avoid Belizean police who wants to question him about the murder of his neighbor, a fellow American....how true or untrue is this ...m no one to comment....but being an ardent McAfee user for long on my various VMs....I would like to wish him the best.....more on the story that I read from is available here.....

Wednesday, November 14, 2012

Otome 3D : World’s first 3D-Printing Photo Booth

1.    At one of my earlier posts about 3D Printers about 4 months back,I had discussed about the phenomenal world of 3D Printers....the vast applications envisaged and what not...it is left to imagination of how do we use this technology....but then I could not find any commercially available products available to comman men.....but here we are....a company Harajaku in Japan will house the world’s first 3D-printing photo Booth by Otome 3D. This can ensure that you have your very own Madam Tussad-esque replica, up to 20cm, of yourself. The process involves scanning of entire bodies of subjects for about 15 minutes, after which, you are reproduced in material, to much awe and astonishment. More details about this at here

Sunday, November 11, 2012

FEDORA 17 & VIRTUAL BOX : Virtualbox Installs but won't load

1.   This particular problem kept me busy the whole day....and in fact I reached a point of frustration that I should switch back to Ubuntu that I was earlier using.......so the problem goes like when I install virtual box via the rps and yum commands ...I used to invariably get some odd message that mostly included the following :


Kernel driver not installed (rc=-1908)

The VirtualBox Linux kernel driver (vboxdrv) is either not loaded or there is a permission problem with /dev/vboxdrv. Please reinstall the kernel module by executing

'/etc/init.d/vboxdrv setup'

2.    I would not actually lie about it...but i checked about so many forums that gave relatively the same solutions that you would have mostly found out by now...but to no avail...so the two command simple solution that would make you VB run like a horse without any issues goes like this :


yum install dkms binutils gcc make patch libgomp glibc-headers glibc-devel kernel-headers kernel-PAE-devel

/etc/init.d/vboxdrv setup

offcourse you have to run this as a su -

3.   Do let me know if u r stuck on this again...the sets of commands that I run since morning as root are produced below for info only.BUt I am sure the commands above would solve your problem.

   21  wget http://download.virtualbox.org/virtualbox/rpm/fedora/virtualbox.repo
   22  yum update
   23  rpm -qa kernel |sort |tail -n 1
   24  uname -r
   25  reboot
   26  rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
   27  pwd
   28  cd /etc/init.d/
   29  ls
   30  cd vboxdrv
   31  /etc/init.d/vboxdrv setup
   32  cd /var/log/
   33  more vbox-install.log 
   34  cd /etc/yum.repos.d/
   35  wget http://download.virtualbox.org/virtualbox/rpm/fedora/virtualbox.repo
   36  yum update
   37  yum install binutils qt gcc make patch libgomp glibc-headers glibc-devel kernel-headers kernel-devel      
   dkms   
   38  yum install VirtualBox-4.2                                                                                  
   39  virtualbox                                                                                                  
   40  KERN_DIR=/usr/src/kernels/2.6.18-194.11.1.el5-x86_64                                                        
   41  export KERN_DIR                                                                                             
   42  yum update virtualbox-4.2                                                                                   
   43  aptitude update                                                                                             
   44  yum install dkms gcc                                                                                        
   45  yum install kernel-headers kernel-devel                                                                     
   46  /etc/init.d/vboxdrv setup                                                                                   
   47  more /var/log/vbox-install.log                                                                                                                                                                    
   49  wget http://download.virtualbox.org/virtualbox/rpm/fedora/virtualbox.repo                                   
   50  uname -r                                                                                                                                                                             
   53  rpm -qa kernel |sort |tail -n 1                                                                             
   54  uname -r
   55  service vboxdrv setup
   56  uname -r
   57  KERN_DIR=/usr/src/kernels/3.6.6-1.fc17.i686.PAE
   58  export KERN_DIR
   59  virtualbox
   60  usermod -a -G vboxusers duqu
   61  virtualbox
   62  apt-get install dkms
   63  wget install dkms
   64  uname -r
   65  rpm -q kernel-devel
   66  uname -r
   67  virtualbox
   68  /etc/init.d/vboxdrv setup
   69  more /var/log/vbox-install.log
   70  KERN_DIR=/usr/src/kernels/3.6.6-1.fc17.i686.PAE
   71  export KERN_DIR
   72  virtualbox
   73  /etc/init.d/vboxdrv setup
   74  uname -r
   75  yum install kernel-headers-3.6.6-1.fc17.i686.PAE
   76  exit
   77  yum install kernel-headers gcc
   78  /etc/init.d/vboxdrv setup
   79  exit
   81  yum install dkms binutils gcc make patch libgomp glibc-headers glibc-devel kernel-headers kernel-   
   PAE-devel
   82  /etc/init.d/vboxdrv setup