BACKTRACK 5 R3 : dnsmap

1.  Another useful tool for information gathering is dnsmap....few of you guys may wonder of why to use a variety of tools for information gathering when most of them give more or less the same result.The answer lies in the fact that any kind of additional information can be a hole to exploit later...so in the stage of information gathering,it is always better to collect as much info as possible...so few quickies about what is the purpose of this tool...

-  Get IP addresses associated to each successfully bruteforced subdomain, rather than just one IP address per subdomain.
   
-  Bypassing of signature-based dnsmap detection by generating a proper pseudo-random subdomain when checking for wildcards.

-  Abort the bruteforcing process in case the target domain uses wildcards.
   
-  Ability to be able to run the tool without providing a wordlist by using a built-in list of keywords.
   
-  Saving the results in human-readable and CSV format for easy processing.
   
-  Improved built-in subdomains wordlist.
   
-  New bash script (dnsmap-bulk.sh) included which allows running dnsmap against a list of domains from a user-supplied file. i.e.: bruteforcing several domains in a bulk fashion.
   
[ Source : http://stylodj.wordpress.com/category/how-to-use-dnsmap-tool-backtrack-5-rx/]

2.  So to get to this tool...we need to follow the same route as we have been doing it in past...vide the information gathering sub menu as shown below :

Backtrack - Information Gathering - Network Analysis - DNS Analysis - dnsmap

 

(Click on the image to enlarge)

(Click on the image to enlarge)

 

 

3.   The basic syntax and switches for the tool are :

./dnsmap sitename.com [options]

and the switches are :

- w for wordlist file)
- r for regular results file
- c for csv results file
- d for delay millisec
-  i for ip's to ignore

4.   The screens below show the usage and execution part as it happens on the screen.

(Click on the image to enlarge)

(Click on the image to enlarge)

(Click on the image to enlarge)

5.    What we are attempting vide the command executed is to bruteforce all of the subdomains of certifiedhacker.com and saving them to a file called result. I have truncated the output since its very long and thus avoided.So I have only shown some part from the beginning and then as it ends.IN addition if one has a custom wordlist of subdomains he/she can use that as well simply by specifying the -w argument and then the path to the wordlist.So after the run is executed,the final results are seen in a manner shown below vide the screenshots :

(Click on the image to enlarge)

So as seen in the results above...we see there are 924 subdomains with their respective IP addresses.Though in the  screen shots above,we see a common IP address since it is a site for CEH testers.

(Click on the image to enlarge)

(Click on the image to enlarge)

In the screen shots above,the result file created is seen and read...so u can see the kind of contents that are stored in the file so generated....

IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA

1.  Recently attended  IT SUMMIT : Next Generation Network security at AMITY,NOIDA campus.The day long summit had three panel discussions including Big Data,Cloud and Next Generation Network security.I was part of the third panel discussion..uploading the ppt  here....

  IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA by Anupam Tiwari

Being CEH : Certified Ethical Hacker V8

1.    After CCCSP,,my efforts to clear a EC-Council exam finally paid off....and today I passed my CEH V8 exam....the feeling of being a CEH is yet to set in...but yess!!!it feels good to clear a exam which has good repu in the security world....one thing I would like to share is that though the exam covers nearly all domains and spheres of security and hacking but still ,end of course does not mean that a guy can hack into any site and create havoc...but yess it does make you understand the nuts and bolts of how one can do it...and more importantly from a CEH point of view...what and where are the vulnerabilities?

2.  CEH is all about offensive hacking.The amount of tools that are available today in the open source world is mind boggling...and the best part is the course ware that the student gets...its great!!!!I can just say that...it all comes with a set of 6 CDs which have thousands of PDFs and tools.If one starts doing each and every practical aspect of this course-ware it will take more than a year to assimilate and do it on a VM platform...so that is definitely going to keep me busy.The best part is that all this is explained with screen shots and step by step instructions.

3.   As i keep doing these practicals on my VM...will try certainly uploading and sharing with you guys!!!!will get my hard copy of the certificate in a few weeks from now...anxiously waiting!!!!

Fedora Security Labs

1.   The Fedora Security Lab provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies in universities and other organizations.

2.    The spin is maintained by a community of security testers and developers. It comes with the clean and fast LXDE Desktop Environment and a customized menu that provides all the instruments needed to follow a proper test path for security testing or to rescue a broken system. The Live image has been crafted to make it possible to install software while running, and if you are running it from a USB stick created with LiveUSB Creator using the overlay feature, you can install and update software and save your test results permanently.

3.    Download the .iso file from http://spins.fedoraproject.org/security/#downloads

Here in the video below,basic running of the lab along with inside features available inside are shown...

4.    More at http://spins.fedoraproject.org/security/#home

Is PORT SCANNING legal in INDIA?

1.   The IT security guys have so much to experiment and learn vide unending open source information and tools available on the net.Be it BACKTRACK or Wireshark or Nmap or nessus or Canvas(not opensource) or a web scanner like Acunetix or Arachini and the list is unending....there is lots to do...but do we actually know that simply running a port scan on the internet is a crime in other parts of the world?

2.   In countries like Australia,UK , port scanning is recognized as a "potential attempt" to infringe on a system and that's a simple truth....no body would run such tools openly available without intent. Yess!!!...the intent can be educating self but the other side can be bad intent and no one can prove whats the intent inside the person's mind.It may change the moment he realizes he/she is caught.In the United States there is no need to prove intent and port scanning is considered illegal.So even installation of such tools is a crime.So if a naive script kiddie from India goes with his laptop to US with a virtual box machine holding a OS with a port scanner...he is a cyber criminal the moment he lands in the US.

3.   Today we in India do not have straight and clear laws defining whether running such tools or installation is a crime or not coz the whole thing is COMPLEX.The compliance laws across countries vary and that too drastically...it may be acceptable in a country like India and it may be serious offence in US.So seeing from the current state of affairs in India,it does not look like if a day will be near when such stringent guidelines exist in India to restrict all these uses and installations...or let it be restricted to professionals only.....but then who will define a Cyber Security Professional....CDAC or CEH or some other such agency....these institutes can be a critical node in identifying and certifying cyber security professionals to measure and endorse the intent...but at the end of the day we all are humans...and we know that "too err is human"....so a agency certified person finally has himself to decide whether he uses a black hat or a white hat!!!! :-)

4.   Meanwhile students and IT security enthusiasts should take care of running such tools on the internet coz these are serious tools who can break into some one's privacy...and if the victim gets serious after you...things will be bad enough to land you behind bars...so the best place to experiment with such tools is a virtual environment that can be available vide Virtual box or vmware etc....Security guys and enthus should be familiar with the excellent Open Source Security Testing Methodology Manual (OSSTMM), which provides best practices for these situations.

PLEASE TAKE CARE TO RUN THE CYBER SECURITY TOOLS BEFORE THE LAW STARTS RUNNING AFTER YOU

BACKTRACK 6.0 aka KALI LINUX

1.      This will  be a surprise news for those who have were updated till Backtrack 5R3....the same team has come up with some thing more powerful thats named...KALI LINUX....:-)....and not BACKTRACK 6.0......few key points about KALI....

-    Based upon Debian Linux, instead of Ubuntu 

-    New streamlined repositories synchronize with the Debian repositories 4 times a day.

-   Another great feature introduced is that, because of Debian compliant system, it is now able to Bootstrap a Kali Installation/ISO directly from Kali repositories. This allow any user to easily build their own customization of Kali, as well as perform enterprise network installs from a local or remote repository...now start distributing your own ISO....

-   More than 300 penetration testing tools, completely free, Open source, Vast wireless device support, GPG signed packages and repos, Multi-language, Completely customizable make this distribution one of the best available masterpiece of  hacking community.

-    Once again, default root password is same “toor“, you can download Kali Linux here.

2.    My download will start tomorrow morning....will keep me busy for few days and hours...:-)

3.     Thanks http://thehackernews.com

DRDO HACKED : NO....YESS...NO...YESS!!!!goes on...

1.    Now nothing new about this news....its just another hacking news among-st the millions of hacking news and scrolls daily....but it has become an eye popper because it has the word DRDO in it..... that's the Defence Research and Development Organisation.

2.   Though DRDO straight away denies it that it can never happen(whats the basis behind is a well guarded secret...)...but Pawan Duggal,a known Cyber Expert says that never in the history of "India Hacked" past has such voluminous data transferred and resided in servers outside the country borders.....video down here

and more details at http://zeenews.india.com/videos/china-hacks-drdo-systems_20156.html

and http://www.dnaindia.com/india/report_drdo-s-website-hacked-antony-orders-probe_1810730

and http://www.indianexpress.com/news/china-hacks-into-sensitive-drdo-computers/1087499/

and http://timesofindia.indiatimes.com/india/DRDO-computers-hacked/articleshow/18955837.cms

3.    The hacking is suspected to have been carried out by Chinese hackers and there are fears that some sensitive information could have been compromised.When asked about it, Defence Minister A K Antony said, "Intelligence agencies are investigating the matter at this stage and I do not want to say anything else."

Commenting on the issue, DRDO spokesperson Ravi Gupta said, "As per our information, no computer or network of the DRDO has been compromised."(Offcourse they have records to prove that all sentries and guards were on duty at the moment hackers claim they hacked DRDO....pun intended SIR!!!!!)

4.     Today things in context of Cyber Security at national level stand at a very critical juncture...infact I feel that juncture is past now....we are already late...but still we read and hear that Cyber Security Policy of India will arrive soon.....(i know cut paste also takes time....pun intended!!!!!)..READ HERE

5. India I am sure will keep busy with hiding elephants......jantar mantar.......elections...2014....italy guards.....bhagwan etc etc...but if the priorities don't change the order soon...India will be backed up and downloaded in some other country sooon....it will be veri sad...we are one of the leaders in IT industry....specially software but we have not been able to exploit this potential for in house strengthening...we are all concerned for individual growth...vo subah kabhi to aaayegi....vo subah kabhi to aaayegi!!!!!

TrueCaller : Is it Stealing your Info?

1.    TrueCaller is one famous application doing the rounds on Twitter Google+ Facebook Android Phones.The claim by the application goes like you login from either of the applications and you would be able to know the name of the mobile phone number owner by name.The claim actually stands right in over 90 % of the cases that I tried.This made me wonder how?...i thought like all those free forms that we keep regularly filling on the internet or some grocery shop for some free bundles or if TrueCaller has tied up with the mobile phone service providers?But then something happened that made me a little suspicious about this app.It so happened that I tried my mom's number on the application and so came the answer like "TIWARI MAM"....this made me think of how would the application know that my mom is a teacher...

2.   So I wondered if the application after installation on your mobile device actually makes all the contacts phone number available on the site with the name that I have typed against that number!!!So I tried mine which was not available, by the name "anupam CCCSP"

3.  Though it did not show promptly but after a day after I typed my phone number it came to be seen as "anupam CCCSP".So this actually means that the application is actually stealing and making my contacts info on my phone public!!!!...but then I also realized that it was me only who agreed to the terms and conditions while installing the app on my phone which most of us including me never read.

4.   So it comes actually to the naiveness of the common user who invariably without reading any of the terms and conditions agrees to install.....:-) 

Being CCCSP: CDAC Certified Cyber Security Professional

1.     There is no doubt that I have keen interest in cyber security issues and subjects.I stop anywhere I find some thing to read or see articles / videos related to cyber security...always grab opportunities like workshops and seminars that hold related events. But just reading and going through these was not going to be enough to make a small mark in the field.Thus I decided to go for a certification exam.Came across CISSP,CCIE,Comp-TIA etc....which were slightly heavier on pocket :-)...so looked for a Indian version and equivalent that is not only recognized but also accepted in government organisations.So I enrolled for the exam in the month of Dec 2011 last year.....and got the results last week....and I passed....became a CDAC Certified Cyber Security Professional.The list of certified professionals is given at the link http://esikshak.in/eSikshak/professional_certified.html

2.   So in this post I am going to tell you few key features of this informative and excellent course :

- Name : CCCSP ie CDAC Certified Cyber Security Professional

- Duration : 6 months

- Certification Fees : Rs 7500/-

- Conducted By : CDAC,Hyderabad

-  Written test conducted at identified CDAC centres across India.

-   Duration of the test is 2 hours.

-  Two sections, 80% of objective type and 20% of subjective in the examination paper .

- 60% score in each section must required

-  The minimum score to get professional certification on average is 70%.

3.    More details available about this course at http://esikshak.in/eSikshak/help/English/eSikshak/CCCSP.html

4.    The certificate issued by C-DAC on CCCSP (C-DAC Certified Cyber Security Professional) is valid for 3 years from the date of issue. This is introduced, considering the importance of updating on-self on the latest security issues. 

5.   Thanks CDAC,Hyderabad.