Social Icons

Saturday, November 23, 2013

BACKTRACK 5 R3 : 0trace

This post is going to introduce you to a "Identify Live Hosts" tool by the name of 0trace that enables a user to perform hop enumeration (“traceroute”) within an established TCP connection, such as a HTTP or SMTP session. This is opposed to sending stray packets, as traceroute-type tools usually do. The important benefit of using an established connection and matching TCP packets to send a TTL-based probe is that such traffic is happily allowed through by many stateful firewalls and other defenses without further inspection (since it is related to an entry in the connection table).

How to reach 0trace ?
(Click to enlarge)
(Click to enlarge)
(Click to enlarge)

The command syntax :

root@bt:/pentest/enumeration/0trace# ./0trace.sh eth0 (IP ADDRESS1)

and then you need to then open another terminal and connect using netcat as below

root@bt:~# nc (IP ADDRESS1) 80

Here in the example as shown vide screenshots,i have used a web site ip address for sample check....without opening the second terminal window...you will not get any progress on the first terminal....

Tuesday, November 19, 2013

Facebook on Basic Phone : Possible@YESS!!!

1.  The penetration of smartphones in the market is rapidly setting new benchmark verticals.Smartphones have changed our basic routine access exercise of switching on laptops or workstations to access our facebook,gmail and other accounts...but somehow this access to facebook and other accounts has been limited to smartphones only...and thus the basic mobile user still has the traditional method of accessing the mails and social networking sites....but thankfully this is not likely to go on for long...
 
2. One Mr Sumesh Menon, co-founder and CEO of U2opia Mobile,has fine-tuned USSD (Unstructured Supplementary Service Data) technology and is using it to allow anyone with a mobile phone to connect to Facebook. Unstructured Supplementary Service Data (USSD) is a protocol used by GSM cellular telephones to communicate with the service provider's computers. USSD can be used for WAP browsing, prepaid callback service, mobile-money services, location-based content services, menu-based information services, and as part of configuring the phone on the network. Thus even if a user has a very basic phone and no data connection, he can use USSD to connect to Facebook.

3.  Offcourse the concept of USSD is not new per se as a technology..users have all been using it in some way or the other in routine.For example, when you check your remaining pre-paid balance in the phone using a code, you use the USSD technology.So basically it is a kind of 1G solution that works in a 3G world.For those who wish to know about the 'G' family...please click here to find the 'G' Generation.

HOW TO USE THIS SERVICE :

-  In India, it is available to almost all mobile phone users, except those who are using network of BSNL.

-  To access Facebook from a basic (or from a smartphone that has no data connection) a user has to first subscribe to the service by dialling *325#.

-  Once the service is active, which happens within a few minutes, users can utilize the USSD menu to go through their timeline, check status updates, post status updates and check likes or comments on their posts. The service also allows access to Facebook Messenger and users can exchange messages with their friends.

-  There is no limit on how many times you can access Facebook or how many messages you can send to your friends on Facebook messenger. While different operators charge different price for the service, usually the price is around Re 1 per day, making it a cost-effective way to keep in touch with friends.

Few interesting points about this :

-  The underlying technology is called FoneTwish.

-  Any operator can use FoneTwish to enable access to Facebook through USSD for its users.

-  Service is used by over 40 operators in 30 countries.

-  Currently, there are over 10 million users across the world who access Facebook through USSD.

LIMITATIONS :

-  Facebook will be limited to a text-based service when used through USSD.

-  A user cannot access photographs on his phone through FoneTwish.

-  Offcourse there will be limitations w.r.t the proper web based experience that we see on a smartphone...but still..kudos to the effort and congrats to basic phone users.

4.   Well there may be one good news that as on date such phones will be more secure than smartphones.Too early to say before they get broken  too...lets wait and watch...

Sunday, November 10, 2013

Sell your old PC & IT Hardware @ NCR Delhi

1.   Isn't it very often that you have a old working CRT monitor or a old pentium PC though working fine or even in a non workable condition and you find it hard to sell it to the local kabadi wala who would offer not greater the plastic scrap rate...and so that old box keeps lying in store room and you don't know what to do with it....do you know that even a dead motherboard would fetch you around Rs 150....but all this will be possible only if you hit it right...i mean you know a place to sell all this IT scrap....so i thought of writing this post..I have been to this shop at Nehru Place for about 4-5 years now....has a professional team and approach to rate your scrap be it working or not working!!!!


2.   Though I have no affiliation with this shop in any way but thought of sharing this exploitable info for all guys based in NCR.....few pics to help in identification for those of you who wish to visit this below :




Contact Details :

B-6 & B-7, Basement,Madhuban Building
55,Nehru Place, New Delhi-19 India
(L) + 91 11 26412642
(L) + 91 11 26293639
(M) + 91 9958977551
(Fax) 00-91-11-4654 2668
E-Mail :- ashish@2ndscomputers.com
Website :- www.2ndscomputers.com


3.   In fact shops like these should be promoted through advertising for benefit of all.....so that there is managed E-Waste.....

Sunday, November 03, 2013

ENCRYPTED E-MAILS @ DARK MAIL ALLIANCE

1.   How often we keep reading so much about privacy and IT security issues across the web and daily surf's!!!....but we only have more to believe that privacy with times to come will be a matter of past...be it your mobile with loads of applications inbuilt already or your exchange on yahoo or gmail etc..every one is trying to vie for your data in some form or the other...your sms..your mms...your contacts..your stored data on the SD card,your browsing history or your location at various times of the day etc etc.....every one wants all this to make your profile and then in the long run use all this to market or even blackmail you(who knows!!!!!)...future will buzz a lot with our past....

2.  In such times it is good to read about "Dark Mail Alliance". Extract from their website is produced below for general direction of purpose :

" To bring the world our unique end-to-end encrypted protocol and architecture that is the 'next-generation' of private and secure email. As founding partners of The , both Silent Circle and Lavabit will work to bring other members into the alliance, assist them in implementing the new protocol and jointly work to proliferate the worlds first end-to-end encrypted 'Email 3.0' throughout the world's email providers. Our goal is to open source the protocol and architecture and help others implement this new technology to address privacy concerns against surveillance and back door threats of any kind."

3.   Silent Circle’s team as mentioned in the extract is a unique and eclectic mix of world-renowned cryptographers, Silicon Valley software engineers, German VoIP engineers, Latvian system analysts and former US Navy SEALs & British Special Air Service (SAS) security experts....while Lavabit was an encrypted email service, founded in 2004, that suspended operations on August 8, 2013 after it was ordered to turn over its Secure Sockets Layer (SSL) private key to the US government.So the combo of these two majors can be a force to reckon with provided the policies and strategies do not bar them again in some manner...till then lets give a "good night" to privacy!!!

4.   More at http://darkmail.info/