Fierce Domain Scan by FIERCE @ Kali Linux

1.   This post gives a stepped screen shot version of a relatively unknown but powerful tool known as Fierce. It is a perl script written by rsnake. Fierce tries multiple techniques to find all the IP addresses and hostnames used by a target. Fierce is meant specifically to locate likely targets both inside and outside a corporate network.A very detailed explanation with ease is given at http://ha.ckers.org/fierce/

2.  To use Fierce, navigate to Information Gathering | DNS Analysis | Fierce.
Fierce will load into a terminal window as shown in the following screen shot.

DOMAIN INFORMATION GROPER : DIG@Kali LINUX

1.    Most high-value targets have a DNS name associated to an application. DNS names make it easier for users to access a particular service and add a layer of professionalism to their system. For example, if you want to access Google for information, you could open a browser and type in 74.125.68.138 or type www.google.com

(Click on image to enlarge)

2.  DNS information about a particular target can be extremely useful to a Penetration Tester. DNS allows a Penetration Tester to map out systems and subdomains. To use Dig, open a command prompt and type dig and hostname, where hostname represents the target domain. 

3.  Dig lookups will show the DNS records for the given host or domain. This gateway allows lookups for network address, mail exchanger, name servers, host information, arbitrary strings and zone of authority records. Please leave the server field blank to query a properly configured internet DNS cache.Dig will use your operating systems default DNS settings to query the hostname.You can also configure Dig to query custom DNS servers by adding @ to the command. The example in the following screen shot illustrates using Dig on http://www.hacklabs.com/

 

4.   The -t option in Dig will delegate a DNS zone to use the authoritative name
servers. We type dig -t ns http://www.hacklabs.com/ in the example in the
following screen shot:

             

5.  We see from the results we have two authoritative DNS servers for the domain http://www.hacklabs.com/; they are ns51.domaincontrol.com and ns51.domaincontrol.com

6.   Thanks to book Web Penetration Testing with Kali Linux by Joseph Muniz & Aamir Lakhani

HTTrack : Clone a Website@KALI LINUX

1.    This post will introduce you with a well known tool to clone a website ..the tool is known as HTTrack...though is inbuilt into Kali but older versions may not have it... The purpose of HTTrack is to copy a website.It allows a Penetration Tester to look at the entire content of a website, all its pages,and files offline, and in their own controlled environment. Needless to emphasize on the importance and usefulness of having a copy of a website that could be used to develop fake phishing websites, which can be incorporated in other Penetration Testing toolsets.To install HTTrack if not already inbuilt in Kali, open a Terminal window and type in the following as shown in the following screenshot.

apt-get install httrack 

(Click on image to enlarge)

(Click on image to enlarge)

(Click on image to enlarge)

2.  Firstly we will create a directory to store the copied website. The following
screenshot shows a directory created named testwebsite using the mkdir command.

3.   To start HTTrack, type httrack in the command window and give the project
a name, as shown in the following screen shot:

(Click on image to enlarge)

(Click on image to enlarge)

 4.   The next step is to select a directory to save the website. The example in the
following screen shot shows the folder created in the previous step /root/
testwebsite, used for the directory:

(Click on image to enlarge)

5.   Enter the URL of the site you want to capture. The example in the following
screen shot shows www.hackershandbook.org. This can be any website. Most attacks use a website accessed by clients from your target, such as popular social media websites or the target's internal websites.The next two options are presented regarding what you want to do with the captured site. Option 2 is the easiest method, which is a mirror website with a wizard as shown in the following screen shot:

(Click on image to enlarge)

6.  Next, you can specify if you want to use a proxy to launch the attack. You can also specify what type of files you want to download (the example in the following screen shot shows * for all files). You can also define any command line options or flags you might want to set. The example in the following screen shot shows no additional options.Before httrack runs, it will display the command that it is running. You can use this command in the future if you want to run httrack without going through the wizard again. The following screen shots show hhtrack cloning www.hackershandbook.org:

(Click on image to enlarge)

(Click on image to enlarge)

7.   After you are done cloning the website, navigate to the directory where you
saved it. Inside, you will find all your files and web pages, as shown in the
following screen shot:

(Click on image to enlarge)

8.   Thanks to book Web Penetration Testing with Kali Linux by Joseph Muniz & Aamir Lakhani

Kali Linux 1.0.8 - New Release Supports UEFI Boot

1.    The long awaited Kali Linux USB UEFI boot support feature has been added to newly released Kali Linux 1.0.8 release. This new feature simplifies getting Kali installed and running on more recent hardware which requires EFI as well as various Apple Macbooks Air and Retina models.

2.   If you already have Kali installed on your system, need not to download the new setup since it can easily be upgrade to the latest version of the Kali Linux using the following commands:

    root@kali:~# apt-get update
    root@kali:~# apt-get dist-upgrade

3.   Btw..this is my 500th post on this blog!!!hurrah!!!

KALI LINUX : INSTALLATION SCREENSHOTS

Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security Ltd. It was developed by Mati Aharoni and Devon Kearns of Offensive Security through the rewrite of BackTrack, their previous forensics Linux distribution.Kali Linux is preinstalled with numerous penetration-testing programs, including nmap (a port scanner), Wireshark (a packet analyzer), John the Ripper (a password cracker), and Aircrack-ng (a software suite for penetration-testing wireless LANs). Kali Linux can be run from a hard disk, live CD, or live USB. It is a supported platform of the Metasploit Project's Metasploit Framework, a tool for developing and executing security exploits.This post brings you the screen step wise shots during installation....

ESSPEE : eth0 issue in Installation

1.   First thing first ...what's ESSPEE.So friends who are aware of whats Backtrack R3....ESSPEE is a derivative of BackTrack 5, based on Ubuntu 12.04. Designed for users who wish to use only free software. It is packed with featured security tools with stable configurations....and now for those of you who wish to know the expanded form of ESSPEE ...its EXTREME SECURITY SCANNING PENETRATION TESTING & EXPLOITATION ENVIRONMENT.....:-)

2.   So after downloading this from  here...and after installing I came across a small issue of eth0 NIC not being detected unlike regularly where it gets detected automatically vide a DHCP config.So the answer is a small tweak that is required while selecting the Mac address of the eth0 as shown in the screen shot below :

(Click on the image to ENLARGE)

3.    That's it....and now ur internet will be on with network adapter configured to NAT....

Windows 7 Hacked @ BACKTRACK

(DOUBLE CLICK TO VIEW BETTER)

Nothing new for the active Cyber Sec community...but since I had recently recorded a screen cord I thought like uploading the same for everi one.....This is my second "hands on" a windows machine after I attempted on XP last year at  http://anupriti.blogspot.in/2011/10/backtrack-5-how-to-use.html

NATIONAL CYBER SECURITY POLICY : DRAFT

1.    Finally we are working on a national cyber policy....infact late but ...IT'S NEVER TOO LATE....the thing that we have started on this is a good sign.The draft of the subject policy is available at www.mit.gov.in/sites/upload_files/dit/files/ncsp_060411.pdf and is in fact inviting comments in case u have any!!!

2.   The draft is a 21 page report.After going through the same I have given the following points at the desired email address available in the draft report.

PARA 3.3 (I) C
GOVERNMENT SECURED INTRANET :
Addition point :

“ In addition to the emphasis on creation of such kind of intranet, efforts at the design stage should be made to exclude all possible options of internet connectivity with this intranet to avoid any kind of imminent threats. This intranet may need internet for various updates etc ,but this should be a privilege access point and no node should be allowed a free access. Any attempts to connect the same may invite action as a threat to nation. The limited internet connectivity to this is required for the following purpose :

- It is the most common action by any user to browse the net. Once given a opportunity he/she is always eager to access emails and download malware or infected software or any third party application. This is the point where command and control centre of a Botnet can be established by a cyber criminal. To avoid such practices it would always be the endeavor of the designer and the super administrator to ensure physical separation of Intranet and Internet. This Intranet should also be subject to regular cyber /IT audits by govt recognized penetration testers and forensic experts to maintain a cyber secure working environment.

PARA 3.3(D) @ Page 12
OPEN STANDARDS

The strength and power of open standards and applications remains unexploited in our country. Other developed nations who have realized the potential of this standard are already contributing significantly to their positive growth in cyber space. This has largely been possible owing to the lack of exposure of such standards by the new generation who is only exposed to the windows environment. Policy should be in place to ensure growth of open standards at school level curriculum.

PARA 3.5.2
COMBATING HIGH TECH CRIME/CYBER CRIME

Though the cat and mouse race between the good and the bad cyber guy would remain on always,it is worth noting that cyber crime if not controlled at such a nascent stage of induction and growth, has the full potential to become a cyber threat.No single policy would be able to achieve a CYBER CRIME FREE CYBER SPACE.It remains the onus of the common man how he tackles the cime himself.It is here that the National Cyber Policy can contribute in the following manner :

- Cyber Huntsville is a collaborative cyber community with the aim of attracting and developing the brightest minds, attacking the most complex problems, and providing the best solutions of national and international significance. Cyber Huntsville is an integral part of the National Cyber Initiative. Similar establishments should be encouraged at India level. More info at http://www.hsvcity.com/cyber/

4.2.3
Thrust areas of R&D  : 

-  Thrust areas of R&D should majorly focus on inducing maximum SRS and QRs at the DESIGN STAGE. Because, if not done at this stage, whatever work follows is patch work that remains a cover up action.
- Analysis of data flow in a network
- Pentration testing
- Storage solutions with backup, archiving, recovery provisioning of entire data.

5.1.1
ENABLING PEOPLE

Promoting a comprehensive national awareness program to include organizing seminars, events, webinars, guest lecture’s in tie up with established societies like IETE,Institution of  Engineers, Computer Society of India etc

Besides,these points I would suggest to include ensuring information security by managing the flow of information to the citizens as well as on securing its physical information infrastructure.The policy should call for the following :

- Popularize e- government
- Optimize the cyber industry structure.
- Provide a rugged 24x7 nationwide cyber infrastructure.
- Promote innovation of cyber technologies.
- Build a cyber oriented national economy.
- Design way to advanced internet culture.

BACKTRACK 5 : How to use ?

Recently uploaded a step by step with screen shot on how to use and benefit from BACKTRACK 5 on a virtual lab platform.....

Backtrack 5

HDFC CLEAN BOWLED by Hidden SQL Injection Vulnerability

1.  Howoften do we find ourselves getting irritated with the constant reminders from banks to change passwords every 15 days...to include few small cases,few caps,few numbers and few special characters and more often then not 40% of the account holders forget keeping a tab on what was the last password.....Inspite of heavy claims by most of the banks that they have the highly secured banking netwrok here comes a boomrang for HDFC...inspite of ample number of warnings by zSecure , a firm committed in providing comprehensive and cost-effective Penetration Testing services Networks, Servers and Web application,HDFC had no inkling of what they were warned about and what was supposed to be done....simply banking on some third party solution and getting into a SURRENDER SITUATION.....the story goes like this

HDFC was warned about Hidden SQL Injection Vulnerability by the firm ZSECURE.The subject vulnerability was discovered on 15-July-2011 and was reported on 17-July-2011 (reminder sent on 24-July-2011). The HDFC Bank’s team took around 22 days to respond to our e-mail and their first response came on 08-August-2011 with a message:

“Thank you for sending us this information on the critical vulnerability. We have remediated the same.“

After their e-mail, we again checked the status of said vulnerability and found that the vulnerability was still active on their web portal. We immediately replied to their email with additional proof of vulnerability and asked them to fix the same asap. Later on, after 2 days we again received an e-mail from their team with a message:

“We have remediated all the vulnerability reported on our website. Also we have got the application vulnerability assessment performed through one of our third party service provider and they confirmed that there are no more SQL Injection vulnerability.“

Their above response left us with an unexpected surprise. We were not able to believe that such a big organization doesn’t have proper vulnerability assessment in place because we already reported the vulnerability to them and even after conducting vulnerability assessment from a third party (as claimed) they were not able to find the active vulnerability in their web-portal.Thereafter, we sent complete inputs about the vulnerability to their security team and finally the vulnerable file was removed from HDFC’s web-server.

2.  The story goes on to confirm how much vulnerable we all are to such holes.Not blaming the bank singly,but the policies and the measures supposed to be taken and adopted have no firm policies on date.It is entirely left to the third party dependency solution....its high time for all banks to constantly take measures and keep itself updated to all new vulnerabilities hanging around......

3.  Thanks http://www.zsecure.net