Social Icons

Showing posts with label cyber awareness. Show all posts
Showing posts with label cyber awareness. Show all posts

Saturday, February 29, 2020

CAPT Bhopal Conference Presentation : BLOCKCHAIN-BITCOIN-CRIMES INTRODUCTION & What's it all about?

A copy of the presentation and talk that I gave at Central Academy for Police Training(CAPT) at Bhopal on 29 Feb 2020.The presentation covers a brief overview of what blockchain and bitcoin mean,how they work concluded by the crimes happening around them.


Few pics from the conference below




Sunday, December 01, 2019

Blockchain Technology Workshop : IIIT Raipur

Dr. SPM IIIT-Naya Raipur, established by the International Institute of Information Technology University Act,2013 of the Government of Chhatissgarh, is a joint venture by Chhattisgarh State Government and National Thermal Power Corporation (NTPC).A workshop on Blockchain Technology was organized from 28-30 Nov 2019 at the campus with the following aims:

(a) To disseminate the knowledge of Blockchain technology among students, researchers and academicians.

(b) To discuss the current status of the Blockchain development and research work in India and across the world.

The material and slides presentation is shared at link https://drive.google.com/open?id=1s9mZtR7hnyQF4YQ5VYAxgKUiCMenWxlf

Few pics shared below



















Thursday, July 07, 2016

Gurugram Police Summer Internship on Cyber Security 2016

A small mention about me made in this video link uploaded to give an overview brief of the Gurugram Police Summer Internship on Cyber Security 2016 conducted under aegis Rakshit Tandon.


Friday, June 10, 2016

Cyber Security Summer Internship 2016 Gurgaon Police : 10 Jun 2016

Today got an opportunity to speak at Cyber Security Summer Internship 2016 Gurgaon Police being conducted under the aegis of Shri Rakshit Tandon.Below is the presentation that I presented before the attending audience on Hardware Trojans.


Few Pics from the Internship meet are shared below :








Monday, May 30, 2016

Qubes OS Installation issue with Virtual Box

1.    I have a habit of running most of the Operating systems in Virtual Environment(mostly Virtual Box) that I keep experimenting with.Till date I have had no issues running anyone of them inside Virtual Box including Ubuntu,Fedora ,Mint,BackBox , BackTrack ,Metasploit , Windows , Pentoo ,Knoppix ,Chromium OS, Arch Linux , Open Suse, Red Hat etc....in fact the list goes on.But whilst exploring the QUBES OS today...I found the Virtual Box unable to run it...and always getting the following screens :





2.   Qubes is a security-oriented operating system (OS) and an extract from the installation advise is shown below : 


Extract produced below :

Note: We don’t recommend installing Qubes in a virtual machine! It will likely not work. Please don’t send emails asking about it. You can, however, install it on an external USB hard drive and run from it, at least for testing.

3.  But further to my surprise,I found via Google searches that this OS works fine with VMWare workstation player.And after I tried it,I found it works perfectly fine as I show it in my next post.I though couldn't find a resolve or any kind of solution to run it fine on the Virtual Box but then till the time VMware workstation performs the task,I am ok :-)

Sunday, October 25, 2015

Kali Linux 2 : Putting SCANNERS at work

1.    In this post we get introduced to built in scanners that come preloaded with Metasploit in Kali Linux that let us search and recover service information from a single computer or an entire network.We assume the same setup of virtual machines as in my past post at http://anupriti.blogspot.in/2015/10/irc-exploit-tutorial-to-hack-into-root.html

SETTING UP THE VIRTUAL MACHINES

Exactly the same setup as I followed at the post at http://anupriti.blogspot.in/2015/10/irc-exploit-tutorial-to-hack-into-root.html

Virtual Machine One,VM1  : Kali Linux 2 @ 192.168.56.102
Virtual Machine Two,VM2 : Metasploitable 2 @ 192.168.56.103

Machines pinging each other...please check before proceeding ahead


Using SCANNERS to gain info

To find scanners available in Kali Linux,just run “msfconsole” from Kali command prompt and then type “search scanner” at the prompt as below :

msf > search scanner

U get something like this as seen below which is actually trimmed shot as the complete out is pretty exhaustive.

CLICK TO ENLARGE
nmap the metasploitable machine...as we did earlier and we get this screen as below :

CLICK TO ENLARGE
Let’s focus on Port 22 ie Secure Shell (ssh) and thus search Metasploit for ssh scanners as follows :

SSH

At msf terminals type : search scanner/ssh
Click to ENLARGE
We see from above about six of them and in these there is one looking for version information ie the “auxiliary/scanner/ssh/ssh_version” module.Will use this to find the version info as follows :

- Type, “use auxiliary/scanner/ssh/ssh_version” at the terminal of msf
- Then type “show options
- set RHOSTS  
- Type “exploit” to run.

From above we see that the victim is running an SSH server and the software version is 
SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu

Mysql

But the above comes with a exclamation too...if we run mysql version query,then too we get some result that's different as seen below :
Click to ENLARGE
The scan reveals that MySQL 5.0.51.a-3ubuntu5 is running as seen in the shot above.

telnet

Click to ENLARGE
Highlighted text “Login with msfadmin/msfadmin to get started”, actually gives login credentials on the Telnet page....these kinds of security holes actually exists in the real world..real web at so many web sites....

smb


The above gives the SAAMBA version

Sunday, October 04, 2015

Extracting Username/Passwords from RAM Dump : Volatility Framework makes it Easy

1.  For those of you who have started reading this post coz of the tempting post title claiming extracting username/passwords from a RAM Dump,I must assure you it is possible easily in few steps using Volatility Framework.In the post ahead I have a RAM dump of a Windows 7 OS and I have been able to extract the user names and passwords of these users in three simple steps using Volatility Framework.Well,I will quickly get to the steps with screenshots :

Setup Required

 - Volatility Framework Installed.
[How to Install at http://anupriti.blogspot.in/2015/09/volatility-advanced-memory-forensics.html]

- Taking Ram Dump from Windows
[How to take RAM dump at para 3 of http://anupriti.blogspot.in/2015/09/volatility-command-using-imageinfo-to.html]

Here I am using two commands basically ie hivelist and hashdump

HIVELIST


Hivelist is used to locate the virtual addresses of registry hives in memory, and the full paths to the corresponding hive on disk.

Command Usage

python vol.py --profile=Win7SP0x86 -f /home/cuckoo/Desktop/windows_7_ramdump.raw hivelist

You get a similar output as seen below :
CLICK TO ENLARGE

Note Virtual Address for SYSTEM as highlighted
CLICK TO ENLARGE

Note Virtual Address for SAM as highlighted
CLICK TO ENLARGE

HASHDUMP


Hashdump is used to extract and decrypt cached domain credentials stored in the registry.

Command Usage

To use hashdump, pass the virtual address of the SYSTEM hive as -y and the virtual address of the SAM hive as -s, as shown below:

python vol.py --profile=Win7SP0x86 hashdump -f /home/cuckoo/Desktop/windows_7_ramdump.raw -y 0x8901a360 -s 0x8faff008

Hashdump output seen with user names and NTLM dump
CLICK TO ENLARGE
As we see vide above screen shot we have been able to extract names of users as stalin,VOLA and TILITY with hash of passwords against their names.Now we will decrypt these hashes.

DECRYPTING NTLM hash

Now comes decrypting this hash as we have got vide hashdump above.Hashes can now be cracked using John the Ripper, rainbow tables, etc.Now no need to install these crackers separately.Simply google for online decryptos and you will get the password too.I used this site at http://www.hashkiller.co.uk/ntlm-decrypter.aspx

Screen shots below:

Password extracted is test_1234
CLICK TO ENLARGE

Password extracted is test_123
CLICK TO ENLARGE

Password extracted is test
CLICK TO ENLARGE
So in all two terminal commands running volatility hivelist and hashdump followed by decrypting the hash online will give you the usernames and passwords from the RAM dump.Any queries and questions or advises are most welcome.Thanks
Powered By Blogger