BACKTRACK 5 R3 : dnsenum

1.  Coming to next good information gathering tool in Backtrack 5 R3...here I give the command run details and a sample result by a tool known as dnsenum

First a small Intro about the tool :

DNSenum is a tool that is designed with the purpose of enumerating DNS information about a domain.Then information that one obtain's from this tool is useful for the phase of information gathering when one is conducting a penetration test.Thus the basic purpose of Dnsenum is to gather as much information as possible about a domain. The program performs the following operations:

-  Get the host's addresse (A record)
-  Get the nameservers (threaded)
-  Get the MX record (threaded)
- Perform axfr (ie DNS zone transfer) queries on nameservers
- Get extra names and subdomains via google scraping (google query = "allinurl: -www site:domain")
- Brute force subdomains from file, can also perform recursion on subdomain that have NS records (all threaded)
- Calculate C class domain network ranges and perform whois queries on them (threaded)
- Perform reverse lookups on netranges ( C class or/and whois netranges) (threaded)
- Write to domain_ips.txt file ip-blocks

(Click on the image to enlarge)

2.   So coming to executing the command,once you click the dnsenum available vide the following route :

Backtrack - Information Gathering - Network Analysis - DNS Analysis - dnsenum
you get to see the following screen...

(Click on the image to enlarge)

Now the run syntax for the command is pretty simple that goes like :

./dnsenum.pl sitename.com

(Click on the image to enlarge)

In the above sample run...I have taken a site dvwa.co.uk

(Click on the image to enlarge)

BACKTRACK 5 R3 : DNSDICT6

1.    I have been using and playing with BT5 R3 for quiet some time now...and having used and practised about 50% of them...I have decided to start sharing and how to use them on my blog for the firstimers..with screen shots and screen cast when required....although I have shown few tools and exploits of BT5 earlier .... now I wish to just make it all systematic....and in the first attempt here I am giving out a step by step screen shot of how to use the tool DNSDICT6...

2. The route to dnsdict6 is show in the screen shot below :

Backtrack - Information Gathering - Network Analysis - DNS Analysis - dnsdict6

3.  As can be made out from the Backtrack menu drop down...since it is listed in the information gathering sub menu..it is a Information Gathering tool. This tool is used to find all the sub-domains of a website or web server. The most advanced use of DSNDICT6 is to enumerate all IPv4 and IPv6 addresses and extract the dumps like sub-domains, IP information. This tool is quite a powerful tool because it also extracts those sub domains which are restricted or invisible for users.With respect to the usage and screens...they are seen below :

(Click on the image to Enlarge)

Once you click this dnsdict6...u get the following screen :

(Click on the image to Enlarge)

Before we execute the command,let us see the command syntax & switches available :

The switches details are seen below :

    - d is used to display information on Name Servers and MX Records
    - 4 is used to dump IPv4 addresses.

Four types of dictionary are inbuilt in this tool as follows :

     - s    (mall=50), 

     - m   (edium=796) (DEFAULT) 

     - l     (arge=1416), and

     - x    (treme=3211).
     - t      is used to specify no. of threads.

MX record ie mail exchanger record is a type of resource record in the Domain Name System that specifies a mail server responsible for accepting email messages on behalf of a recipient's domain, and a preference value used to prioritize mail delivery if multiple mail servers are available. The set of MX records of a domain name specifies how email should be routed with the Simple Mail Transfer Protocol (SMTP).

So for example we run this command on http://certifiedhacker.com/

(Click on the image to Enlarge)

The command reads :

dnsdict6 -d46 -s -t 10 certifiedhacker.com

(Click on the image to Enlarge)

In the command above I have used the small dictionary with 10 threads to minimize the running time...so actually this is a limited result...would have been slightly different had the same been run with xtreme dict and large number of threads...

SMART TVs : OUTSMARTED & HACKED

1.   In the land of Hacking,no one can be spared.We all keep hearing about how websites have been hacked,how smartphones are getting out smarted by various exploits in recent times.Now comes something new ,that makes smart TV owners prone .Yess!!all the proud owners of Smart TVs(SAMSUNG LEDs specifically)...can start checking if they are the lucky ones to get bitten here..this one is all about SMART TVs getting HACKED...So now on all the data that is available in their respective HDDs connected vide the USB is vulnerable to be accessed by undesired third party.So now it is not just that you watch the TV....its time for the TV to watch you.Few valuable briefs given out here :

- The Vulnerability exposed in all Samsung's Smart LED TV Software.

- This Vulnerability allows remote attackers to swipe data.

- ReVuln,a Malta-based security firm claims to have discovered this vulnerability.

- Remains a zero-day vulnerability as on date.

- A demo video by ReVuln shows how a "vulnerability for such devices can be used to retrieve sensitive information, monitor and root the device.Click on the video below to have a glimpse of how the vulnerability is exploitable.

2.   I am sure whatever efforts are made by the typical user as on date,he remains vulnerable round the clock in all the fields.How can a normal user who is not so tech savvy be aware of securing his PC,his Laptop,his smartphone,his TV,his external HDD with his personal data without encryption,his pendrives and the list is actually endless.He simply remains one of the choices by any hacker..if he is chosen he is gone...or he can remain lucky ..but how long can anyone remain lucky? The hackers community is growing at a pace which is pretty fast owing to the lure of what else but DOLLARs and more DOLLARs.With "Crimeware as a Service" readily available as a service at the click, NO ONE IS SECURE.It will actually take years to stabilize the current security environment from perspective of a typical user as he understands that giving an equal importance to his IT assets security is more important then locking his house as he leaves for work.

Upgrading Backtrack R2 to R3 : Distribution Upgrade

Single line terminal command from the BT Terminal to upgrade your Backtrack Dist is

apt-get update && apt-get dist-upgrade

Hacking a HEART : Lover's Dream vs Hacker's BEAT IT!!!

1.    I think this is yet to come even on screen...but has unfortunately happened in real life.So we have all heard of Pacemakers that keep connected to internet to provision live feed of diagnostic parameters to their doctors mobile phone!!!smart....veri smart.....so those of you who read this for the first time....the cardiac pacemaker's based on internet call essential parameters to assist in diagnosis and fine-tuning.The patient's data is sent automatically on a daily basis to their cardiologist. This greatly simplifies patient care and can improve quality of life significantly..but now read on whats the worry about.One top google search led me to this vendor St. Jude Medical.Details of such selling pacemakers at this site.

(Photo Courtesy : http://www.popsci.com/scitech/article/2009-08/first-patient-implanted-pacemaker-communicates-wirelessly-her-doctor)

2.     So hacking a heart has been a lover's dream for ages....but in this age it can be hacked and controlled in all means.I read this article by Nick Barron at http://www.scmagazineuk.com and another one by GREGORY FERENSTEIN at http://techcrunch.com.

At a recent developer conference, a pacemaker was wirelessly hacked to send deadly 830 volt shocks. Even worse, it would be “100 percent possible” that virus could spread to other devices in a wave of “mass murder”.The demonstration showed how to rewrite the devices onboard software (firmware). 

3.   So now what?.....this means that all those light hearted guys who are surviving on such internet based pace makers for actually facilitating live feed to their respective doctors now also need to worry about eating Antivirus Tablets and wearing Firewall Clothes!!!!uuh!!!!Although the recipe bought out here 

makes a perfect movie story but is actually a pretty worrisome worry!!!

4.    The image shown above is for reference only for the readers to see how actually a internet based pacemaker looks like.Case in point hacking of the device has got no link to the company and any of its product.

HUMANE COMPUTING

1.  The cyber space keeps coming up with such new terms and will continue doing so for years to come.So this is one term I heard of when I recently got an opportunity to attend a Two day symposium conducted by CSI ie COMPUTER SOCIETY OF INDIA,Indore Chapter.The Computer Society of India is the first and the largest body of computer professionals in India.

2.  So whats exactly HUMANE COMPUTING to which even google has limited answers....what i could gather from the forum which was presided by distinguised and expert speakers is produced below in as brief to understand possible words.

3.  The concept would be easier to understand with the help of few examples cited by the speaker :

-  Firstly imagine one typical branded washing machine getting faulty after few months of completion of warranty.Is it typical? or could it have been programmed to do so intentionally?

-  Secondly ,remember the movies I-Robot@Will Smith or Robot@my favorite Rajini Sir......both the movies revolve around the protagonist struggle to control his creation, the  robot whose software was upgraded to give it the ability to comprehend and generate human emotions.....so in both the cases laws of robotics failed and the plan back fired!So both the movies were based on imagination that may be possible in future...both were runaway hits...

-   Thirdly, the matrix series(triology)...that depicts a future in which reality as perceived by most humans is actually a simulated reality created by sentient machines to pacify and subdue the human population, while their bodies' heat and electrical activity are used as an energy source. So the lead computer programmer is drawn into a rebellion against the machines, involving other people who have been freed from the "dream world" and into reality.

-   Fourthly....any time a computer programme is made ...the code is written...so many aspects are considered at design level but any where is human thought process or kind of human psych is involved?.....no!!!m sure on that...windows or linux OS has got nothing to do with human emotions....person who is drunk and is in inebriated state would be able to conduct some kind of damage via the system that he might not have attempted if he was not drunk!!!!!

4.   So by giving these examples here I am trying to make you think the reverse way....@we all are getting IT/Computer savvy in our life but when we see it from the top...do we need to become COMPUTER SAVVY?...or it should have been the reverse way...the gadget/IT around us should have become HUMAN SAVVY....u might need to read this sentence twice since I might have just pinged ur thought process and not actaully conveyed the actual meaning.The field is actually just setting in and will take much time to evolve.....its neither black nor white...its just grey...and its upto the present genre of scientists and developers to actually start sorting out black and white!!

5.   "The term Humane Computing comes to encourage study of ethics, empowerment,empathy, equality, environmental sustainability with reference to the use of technology. Since it involves coming together and study of humans as well as computers, it involves technical as well as soft subjects and diverse disciplines

ranging from computing technology to soft disciplines like sociology, psychology, education, medicine, behavioral science and communication theory. The study of Humane Computing will be able to provide insights, which may make it possible to bridge the digital divide and which may help tilt the usage of computing in a direction, which makes it work for promoting ethical practices."

6.   So thats HUMANE COMPUTING in the most grey manner...the field as on date is not even an understood thing but yes...the field is enough to create a mind start thinking of ahead ie FUTURE....

nVidia GeForce GPU cracks six character password in four seconds

1.  An nVidia GeForce GT220 graphics card, which costs about £30, is capable of cracking strong passwords in a matter of hours. Security experts were able to crack a  6 character password in 4 seconds, a 7 character password in less than 5 minutes, and 8 character password in four hours.So guys ...have mentioned it so many times earlier...even a password upto 14 character in length has been shown easy to crack when i discussed at a post here about one year back....so better take care of ur passwords...small case with few caps and special characters with numbers upto a length of 10-15 should do it for the time being....things r getting nasty in the hacking world.....take care....

2.  more about this at...here...here...here....here...

CYBER SECURITY : ACTIVE ATTACKS

An active attack involves probing the netwrok to discover individual hosts to confirm the information gathered in the passive attack phase.A lsit of tools i recently read are listed below for info.These are small but great tools for experimenting....m doing it on a VMware machine......

arphound

arping

bing

bugtraq

dig

dnstracer

dsniff

filesnarf

findsmb

fping

fragroute

fragtest

hackbot

hmap

hping

httping

hunt

libwhisker

mailsnarf

msgsnarf

nbtscan

nessus

netcat

nikto

nmap

pathchar

ping

scanssh

smbclient

smtpscan

tcpdump

tcpreplay

thcamap

traceroute

urlsnarf

xprobe2

HDFC CLEAN BOWLED by Hidden SQL Injection Vulnerability

1.  Howoften do we find ourselves getting irritated with the constant reminders from banks to change passwords every 15 days...to include few small cases,few caps,few numbers and few special characters and more often then not 40% of the account holders forget keeping a tab on what was the last password.....Inspite of heavy claims by most of the banks that they have the highly secured banking netwrok here comes a boomrang for HDFC...inspite of ample number of warnings by zSecure , a firm committed in providing comprehensive and cost-effective Penetration Testing services Networks, Servers and Web application,HDFC had no inkling of what they were warned about and what was supposed to be done....simply banking on some third party solution and getting into a SURRENDER SITUATION.....the story goes like this

HDFC was warned about Hidden SQL Injection Vulnerability by the firm ZSECURE.The subject vulnerability was discovered on 15-July-2011 and was reported on 17-July-2011 (reminder sent on 24-July-2011). The HDFC Bank’s team took around 22 days to respond to our e-mail and their first response came on 08-August-2011 with a message:

“Thank you for sending us this information on the critical vulnerability. We have remediated the same.“

After their e-mail, we again checked the status of said vulnerability and found that the vulnerability was still active on their web portal. We immediately replied to their email with additional proof of vulnerability and asked them to fix the same asap. Later on, after 2 days we again received an e-mail from their team with a message:

“We have remediated all the vulnerability reported on our website. Also we have got the application vulnerability assessment performed through one of our third party service provider and they confirmed that there are no more SQL Injection vulnerability.“

Their above response left us with an unexpected surprise. We were not able to believe that such a big organization doesn’t have proper vulnerability assessment in place because we already reported the vulnerability to them and even after conducting vulnerability assessment from a third party (as claimed) they were not able to find the active vulnerability in their web-portal.Thereafter, we sent complete inputs about the vulnerability to their security team and finally the vulnerable file was removed from HDFC’s web-server.

2.  The story goes on to confirm how much vulnerable we all are to such holes.Not blaming the bank singly,but the policies and the measures supposed to be taken and adopted have no firm policies on date.It is entirely left to the third party dependency solution....its high time for all banks to constantly take measures and keep itself updated to all new vulnerabilities hanging around......

3.  Thanks http://www.zsecure.net

CHINA CAUGHT ON WRONG FOOT in its own MARCH

1. Across the globe ,across all the cyber attacks investigated one thing that comes out common is the source of attack ie CHINA.As always China has been always denying all claims and has been doing reverse propoganda of actually deep rooted spoofing and involvement of other countries.But recently it was caught on the wrong foot in front of the international nietizens....

2.   Below is the extract straight from FEDERAL COMPUTING WEEK penned as China provides smoking gun against itself in cyberattacks by John Breeden II

" But now, thanks to China itself, I have proof that the People’s Liberation Army does attack the United States, and likely does so on a regular basis.

China’s claims of innocence have come crashing down because of an apparent mistake in editing in a documentary on the country’s own state TV that should never have gone live. The PLA presentation demonstrated its military capabilities. Amid all the tanks and planes, the propaganda piece showed a mere four seconds inside the group's cyber warfare center.Without narration, one has to think that the cybersecurity part of the piece was only put into the video by accident, a technical background shot placed between segments for a bit of extra color. However, those four seconds are both telling and damning to the Chinese lie that they don’t attack the United States.

Here is the incredible part: During those four seconds, we clearly see a Chinese soldier use a drop-down list to choose from preset target websites around the world. Then he actually attacks a website in Alabama.

In this case, the website was setup to support Falun Gong, a spiritual movement outlawed in China that practices meditation and a philosophy that emphasizes moral responsibility.

Even though all the targets shown in the four-second video were Falun Gong sites around the world, the fact that they were in a drop-down menu is telling and appalling. You don’t set up drop-down menus with attack buttons unless you plan to use them. And the Chinese military did push the attack button in the video, so apparently it has no problem pulling the trigger.

So to all you people who wanted to know where my smoking gun was, watch the video. It’s clear to me that we are under attack from China right now.

It’s time for China to own up to what it is doing. Or it’s time for the United States to do something about it."

3. The video link is shown below for info of all.Watch it carefully!!!!

4. Thanks http://fcw.com

The weak password problem : Now solved????

1.    We are part of the first phase of IT revolution across the globe where every thing is happening....methods to secure...methods to hack....stronger and powerful servers....patching vulnerabilities....fighting malware....analysing stuxnets genre...and what not....every thing is happening.....now the following text (org from http://lanl.arxiv.org/abs/1103.6219) opens another dimension to make the passwords secure.....

"Vulnerabilities related to weak passwords are a pressing global economic and security issue. We report a novel, simple, and effective approach to address the weak password problem. Building upon chaotic dynamics, criticality at phase transitions, CAPTCHA recognition, and computational round-off errors we design an algorithm that strengthens security of passwords. The core idea of our method is to split a long and secure password into two components. The first component is memorized by the user. The second component is transformed into a CAPTCHA image and then protected using evolution of a two-dimensional dynamical system close to a phase transition, in such a way that standard brute-force attacks become ineffective. We expect our approach to have wide applications for authentication and encryption technologies."

2.    Thanks http://lanl.arxiv.org

The Gawker case : EXPERIENCING A HACK

1.   A six-letter password in lower-case text takes a hacker's computer just 10 minutes to crack. But make those letters upper-case and it takes 10 hours for it to randomly work out your password. Thus simply upper-casing your password can minimise a hacker's chance of finding out your account.Add numbers and/or symbols to your password and the hacker's computer has to work for 18 days.Despite widespread warning, 50 per cent of people choose a common word or simple key combination for their password.The most used passwords are 123456, password, 12345678, qwerty and abc123. 

2.   I read about the Gawker case recently wherein the subject media firm Gawker urged subscribers to change their passwords after its user database was hacked and more than 1.3 million passwords were stolen.Now imagine some one like Yahoo or Google requesting one fine day on a similar line....won't our heart come out????

3.   The exact Gawker announce ment goes like this 

“Our user databases appear to have been compromised. The passwords were encrypted. But simple ones may be vulnerable to a brute-force attack. You should change your Gawker password and on any other sites on which you’ve used the same passwords. We’re deeply embarrassed by this breach. We should not be in the position of relying on the goodwill of the hackers who identified the weakness in our systems. And, yes, the irony is not lost on us.”

4.   The problem emanated when Gawker recently launched a multi-site redesign thatthat failed spectacularly, leading visitors to blank pages. The culprit was a misbehaving piece of JavaScript, but when a single line of JavaScript causes your entire suite of sites to fail you no longer have websites, you have, well, nothing.The problem with Gawker’s redesign is that it uses JavaScript to load everything. That means that, not only is there no chance for the site to degrade gracefully in browsers that don’t have JavaScript enabled, the smallest JavaScript typo can crash the entire website.

5.   Now we all have seen it personally as we sometimes tend to have the same password for multiple accounts on the web.....this could be a simple fall like a pack of cards...one point failure leads to the complete fort coming down.....so guys...take care....change ur passwords for better and stronger security.....

WiFi at home : Take precautions

1. Accessing WiFi at home is no more limited to tech geeks as the simple configuration has made it accessible to even a layman who hardly has any know how of how it works and what are the dangers floating around if he goes with the default settings.The two year back case of a hacker emailing from an open WiFi account in Mumbai reflects the deep dangers associated with such mishaps.Following are a set of desirable config changes any WiFi account holder at home and office whould take care of while configuring.....

Step 1: Change the default password

Step: 2: Change the default IP address

Step 3: Disable the DHCP service

DHCP (Dynamic Host Configuration Protocol) enables remote computers connected to the router to obtain an IP address and join the network without needing to know the IP and router address information. This is a simple and effective way of keeping intruders away. As far as possible, set up the computers on your network with static IP addresses. If you still want to use DHCP to make your own configuration easier, restrict the number of DHCP IP users to the number of computers on your network. For example, if you have five laptops running on the network, limit the DHCP IP addresses to 5 from the default 50.

Step 4: Restrict the network mode

Step 5: Change the default SSID

Step 6: Opt for WPA2 or PSK security over WEP

Step 7: Enable the MAC Filter

Step 8: Use the router’s firewall

Step 9: Use Internet Access Policies

Step 10: Disable remote administration

Step 11: Switch off the router when not in use

Step 12: Disconnect the Internet when not needed

Step 13: Position your router carefully

Step 14: Update the router firmware

Step 15: Scan for signal leaks from time to time

2. Also check out here.Thanks http://www.freealldown.com

DANGEROUS PASSWORDS

1. According to a recent study,most dangerous passwords used across the cyber fora and continents are listed below :

123456

Tops the list.The study reveals that '123456' is the most ordinarily used password. Imperva found that nearly 1% of the 32 million people it studied were using "123456" as a password.

12345

The second most vulnerable password is 12345

123456789

Stands at a proud 3rd position

PASSWORD

The fourth most vulnerable password is the word 'Password' itself

iloveyou

Another easy one for remembrance and breaking.

princess

Stands at 6th position

Rockyou

The seventh most compromising password is 12345

1234567

Rockyou is followed by 1234567 at No 8

abc123

the last one as per study....

2. How many of you have or had from the list?be carefullllllllllllllllllllllll

3. Thanks Imperva and TOI.

CYBER GENOME PROJECT : U CAN BE TRACED BACK!!!!

1. The earlier mention on IP Spoofing and the pleothra of options and techniques available for attack,hack,sniff,crashing a network etc are well known for not reaching out to the origin of the person or hacker with the malaecious intention. DARPA (...please google or bing if u wish to know more on DARPA)has finally come out with the ‘Cyber Genome Program’ which will allow any digital artifact either in form of a document, or a piece of malware - to be poked into its very origins.

2. In in principle, it appears that almost any data fished from a relevant network, a computer, a pen drive, someone's phone or whatever is to be studied much as like a human genetic material. The code or document's relationships with other "digital artifacts" will be revealed, perhaps its origins, and other info of interest to a Pentagon admin defending military networks or a military/spook investigator tracing online adversaries.In other words, any code you write, perhaps even any document you create, might one day be traceable back to you - just as your DNA could be if found at a crime scene, and just as it used to be possible to identify radio operators even on encrypted channels by the distinctive "fist" with which they operated their Morse keys. Or something like that, anyway.

3. The concept is a cyber-equivalent of human finger-prints or DNA. The project will thus seek to develop a digital genotype as well as any inferred or observed phenotype in order to determine the identity of such digital artifacts and thus the users who left them behind.

4. DARPA is now looking for technologists to develop and use the cyber-equivalent of DNA to target the people behind cyber attacks. They are looking for geniuses in the fields of Cyber Genetics, Cyber Anthropology and Sociology and Cyber Physiology who can jointly work out the practical solutions to this project.The research involves creating lineage tree for digital artifacts, gaining better understanding of software evolution, and automatic analysis of social relationships between users and malware. Each of these researches will jointly develop the cyber equivalent of fingerprints or DNA.DARPA believes that this can identify the best-of-the-best hackers.

5. Thanks http://www.theregister.co.uk

IP Spoofing : Legal Acceptance in India?

1. I have been reading about this term for many years,have known about what it is through various sites,read about types of IP spoofing incl Blind Spoofing,Non blind spoofing etc.One question that started me trying reach out details of this term was "WHY IS IT AVAILABLE?"What is the aim intended in spoofing an IP?Is it solely MALICIOUS?

2. Indian IT Act 2000 followed by amendments ie IIA 2006,IIA 2008 have not mentioned any thing on this surprisingly!!Is it legal to use this for any reason?Recently I tried one third party software for this to check out effectivity of this.As per the option available in this software I configured this to changing IP address every 8 minutes.Then after it started I checked out my IP address from 4 sites including whatismyip.com,whatismyipadress.com etc.And yes!!! one minute I was shown in USA and the other minute I was in Netherland followed by Russia,China etc.If a script kid like me can do this what can a professional person intended with malicious intention can do.

3. Remember the Mumbai Blast episode wherein the email sent to the police were tracked only with the help of IP address.God forbid,he knew of such tricks what would have we tracked out?

4. I will request any reader to just add his views or enlighten me on this!!