Being CEH : Certified Ethical Hacker V8

1.    After CCCSP,,my efforts to clear a EC-Council exam finally paid off....and today I passed my CEH V8 exam....the feeling of being a CEH is yet to set in...but yess!!!it feels good to clear a exam which has good repu in the security world....one thing I would like to share is that though the exam covers nearly all domains and spheres of security and hacking but still ,end of course does not mean that a guy can hack into any site and create havoc...but yess it does make you understand the nuts and bolts of how one can do it...and more importantly from a CEH point of view...what and where are the vulnerabilities?

2.  CEH is all about offensive hacking.The amount of tools that are available today in the open source world is mind boggling...and the best part is the course ware that the student gets...its great!!!!I can just say that...it all comes with a set of 6 CDs which have thousands of PDFs and tools.If one starts doing each and every practical aspect of this course-ware it will take more than a year to assimilate and do it on a VM platform...so that is definitely going to keep me busy.The best part is that all this is explained with screen shots and step by step instructions.

3.   As i keep doing these practicals on my VM...will try certainly uploading and sharing with you guys!!!!will get my hard copy of the certificate in a few weeks from now...anxiously waiting!!!!

Fedora Security Labs

1.   The Fedora Security Lab provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies in universities and other organizations.

2.    The spin is maintained by a community of security testers and developers. It comes with the clean and fast LXDE Desktop Environment and a customized menu that provides all the instruments needed to follow a proper test path for security testing or to rescue a broken system. The Live image has been crafted to make it possible to install software while running, and if you are running it from a USB stick created with LiveUSB Creator using the overlay feature, you can install and update software and save your test results permanently.

3.    Download the .iso file from http://spins.fedoraproject.org/security/#downloads

Here in the video below,basic running of the lab along with inside features available inside are shown...

4.    More at http://spins.fedoraproject.org/security/#home

FEDORA 19 BETA INSTALLATION

The screen cord shows the guide to Fedora 19 " Schrödinger's Cat " Beta Installation on a Virtual Box.

Virtual Machines : Escape vs Introspection

1.   For last few years playing inside a VM ,I always used to wonder if it actually that safe surfing anything inside a VM...and that hardly anything gets in touch with the Host machine while we work with applications inside.Then I heard of two relative terms that are : Virtual Machine Escape vs Virtual Machine Introspection

2.  New to me but pretty old from point of view of existence....these are briefly explained below :

Virtual Machine Escape

Normally virtual machines are encapsulated, isolated environments. The operating systems running inside the virtual machine shouldn't know that they are virtualized, and there should be no way to break out of the virtual machine and interact with the parent hyper visor  The process of breaking out and interacting with the hyper visor is called a “VM escape.” Since the hyper visor controls the execution of all of the virtual machines an attacker that can gain access to the hyper visor can then gain control over every other virtual machine running on the host. Because the hyper visor is between the physical hardware and the guest operating system an attacker will then be able to circumvent security controls in place on the virtual machine.(Source : http://lonesysadmin.net)

Virtual Machine Introspection

Although virtualization isn’t new, the recent development of x86 virtualization products has revived interest in the virtualization market. This has led to the evolution of Virtual Machine Introspection (VMI) techniques and tools to monitor VM behavior. VMI tools inspect a VM from the outside to assess what’s happening on the inside.This makes it possible for security tools—such as virus scanners and intrusion detection system to observe and respond to VM events from a “safe” location outside the monitored machine. Depth of information is the fundamental benefit behind a concept called Virtual Machine Introspection (VMI). Its use within virtualized environments is absolutely crucial to effective risk mitigation at scale.(Source : |http://www.securityweek.com/vm-introspection-know-your-virtual-environment-inside-and-out)

So the basic difference is I think the route,in case of the former the need is to contact the hypervisor from inside and the latter shows the way out to get to know whats happening inside from outside perspective.....

Whonix : Not just another ANONYMOUS OS!!!

1.     When u simply Google on "How to surf Anonymously on the web ? ".....u get a whooping 5,510,000 results in 0.19 seconds!!!!!but when u have such a plethora of options..how do u actually decide on which is actually worth? So there is TOR, then there is Anonymous OS.....did some one think Incognito?....:-)..so we have millions in the line!...so now what I am going to mention here is about Whonix OS.....few points about this as follows :

- An anonymous general purpose Operating System based on Virtual Box, Debian GNU/Linux and Tor.

- By Whonix design, IP and DNS leaks are impossible.

- Not even malware with root rights can find out the user's real IP/location.

- Whonix consists of two (virtual) machines.

-  One VM solely runs Tor and acts as a gateway, which we call Whonix-Gateway.

-  The other VM, which we call Whonix-Workstation, is on a completely isolated network.

-  Only connections through Tor are possible.

2.  When you download the image from the source forge site at http://sourceforge.net/projects/whonix/files/whonix-0.5.6/ you get basically three files.Two in the appliance format and one as a vmdk.So here is the basic diagram explaining the working architecture in WHONIX.

(Click on the image to enlarge)

3.   There is a small difference when we install this OS.Unlike the regular OSs wherein you get the .iso image of the OS and you install it in the typical manner,here the files you need to install are actually virtual appliances in form of .ovf and .ova format.How the installation is done is shown in the video cast below :

Detecting a MALICIOUS PDF:PDFid @ BACKTRACK 5 R3

Here is the Screen cast of the past link on "Detecting a MALICIOUS PDF:PDFid @ BACKTRACK 5 R3"

Detecting a MALICIOUS PDF:PDFid @ BACKTRACK 5 R3

1.    Adobe, who gave us the the ever comfortable PDF..thats the "Portable Document Format" in the early 1990's never thought like how this can become a security threat by the simple action of opening it only....yess!!!this post will give a small insight of how things really work behind the scene in execution of a malicious PDF....

2.  So first of all...how a PDF becomes a malicious document?The answer to this question is simple embedding of a JAVA SCRIPT, that is not seen but only executed once a PDF is opened....no antivirus will be able to identify of what malicious thing lies behind a normal PDF that u and me use daily...so if u scan a malicious PDF with your Antivirus,it is veri unlikely to be caught....how do we know then whether a PDF is malicious or not?...thats what this post shows here....I came across a tool known as PDFid in the BACKTRACK R3 that I was running in Virtual Box.

3.   Few lines about the tool....this was developed by Didier Stevens who blogs at http://blog.didierstevens.com/.So this helps us to differentiate between PDF Documents that could be malicious and those that are unlikely to be....The tool is based on the fact that that a  typical PDF File comprises of header, objects, cross-reference table (to locate objects), and trailer.So , if there is a tool that can find out if any one of them is available in this PDF...things can become easier...so like for example...if a PDF that has no purpose of embedding or holding a JS inside it,then a eye brow raise is certain as to why should it be there....so PDFid tool comes to rescue us out of this question...First the typical structure of a PDF with its one line explanation is given below :

“/OpenAction” and “/AA” (Additional Action) specifies the script or action to run automatically.

 “/Names”, “/AcroForm”, “/Action” can also specify and launch scripts or actions.

“/JavaScript” specifies JavaScript to run.

 “/GoTo*” changes the view to a specified destination within the PDF or in another PDF file.

 “/Launch” launches a program or opens a document.

“/URI” accesses a resource by its URL.

“/SubmitForm” and “/GoToR” can send data to URL.

“/RichMedia” can be used to embed Flash in PDF.

“/ObjStm” can hide objects inside an Object Stream.

4. So now I have set up a VB machine running BTR3 that would run this tool and find out if the PDF that I have analyzed is malicious or not? These are the screen shots showing a step by step scene of how u do it....

(Click on the Image to ENLARGE)

(Click on the Image to ENLARGE)

(Click on the Image to ENLARGE)

(Click on the Image to ENLARGE)

5.   So the last screen shows the final result...for those of you who find this little complicated I will upload a video cast of this soon....

6.   Thanks http://blog.didierstevens.com and http://zeltser.com

FEDORA 17 & VIRTUAL BOX : Virtualbox Installs but won't load

1.   This particular problem kept me busy the whole day....and in fact I reached a point of frustration that I should switch back to Ubuntu that I was earlier using.......so the problem goes like when I install virtual box via the rps and yum commands ...I used to invariably get some odd message that mostly included the following :

Kernel driver not installed (rc=-1908)

The VirtualBox Linux kernel driver (vboxdrv) is either not loaded or there is a permission problem with /dev/vboxdrv. Please reinstall the kernel module by executing

'/etc/init.d/vboxdrv setup'

2.    I would not actually lie about it...but i checked about so many forums that gave relatively the same solutions that you would have mostly found out by now...but to no avail...so the two command simple solution that would make you VB run like a horse without any issues goes like this :

yum install dkms binutils gcc make patch libgomp glibc-headers glibc-devel kernel-headers kernel-PAE-devel

/etc/init.d/vboxdrv setup

offcourse you have to run this as a su -

3.   Do let me know if u r stuck on this again...the sets of commands that I run since morning as root are produced below for info only.BUt I am sure the commands above would solve your problem.

   21  wget http://download.virtualbox.org/virtualbox/rpm/fedora/virtualbox.repo

   22  yum update

   23  rpm -qa kernel |sort |tail -n 1

   24  uname -r

   25  reboot

   26  rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm

   27  pwd

   28  cd /etc/init.d/

   29  ls

   30  cd vboxdrv

   31  /etc/init.d/vboxdrv setup

   32  cd /var/log/

   33  more vbox-install.log 

   34  cd /etc/yum.repos.d/

   35  wget http://download.virtualbox.org/virtualbox/rpm/fedora/virtualbox.repo

   36  yum update

   37  yum install binutils qt gcc make patch libgomp glibc-headers glibc-devel kernel-headers kernel-devel      

   dkms   

   38  yum install VirtualBox-4.2                                                                                  

   39  virtualbox                                                                                                  

   40  KERN_DIR=/usr/src/kernels/2.6.18-194.11.1.el5-x86_64                                                        

   41  export KERN_DIR                                                                                             

   42  yum update virtualbox-4.2                                                                                   

   43  aptitude update                                                                                             

   44  yum install dkms gcc                                                                                        

   45  yum install kernel-headers kernel-devel                                                                     

   46  /etc/init.d/vboxdrv setup                                                                                   

   47  more /var/log/vbox-install.log                                                                                                                                                                    

   49  wget http://download.virtualbox.org/virtualbox/rpm/fedora/virtualbox.repo                                   

   50  uname -r                                                                                                                                                                             

   53  rpm -qa kernel |sort |tail -n 1                                                                             

   54  uname -r

   55  service vboxdrv setup

   56  uname -r

   57  KERN_DIR=/usr/src/kernels/3.6.6-1.fc17.i686.PAE

   58  export KERN_DIR

   59  virtualbox

   60  usermod -a -G vboxusers duqu

   61  virtualbox

   62  apt-get install dkms

   63  wget install dkms

   64  uname -r

   65  rpm -q kernel-devel

   66  uname -r

   67  virtualbox

   68  /etc/init.d/vboxdrv setup

   69  more /var/log/vbox-install.log

   70  KERN_DIR=/usr/src/kernels/3.6.6-1.fc17.i686.PAE

   71  export KERN_DIR

   72  virtualbox

   73  /etc/init.d/vboxdrv setup

   74  uname -r

   75  yum install kernel-headers-3.6.6-1.fc17.i686.PAE

   76  exit

   77  yum install kernel-headers gcc

   78  /etc/init.d/vboxdrv setup

   79  exit

   81  yum install dkms binutils gcc make patch libgomp glibc-headers glibc-devel kernel-headers kernel-   

   PAE-devel

   82  /etc/init.d/vboxdrv setup

BARE METAL ENVIRONMENT & HYPERVISORS

1.   I had till now been playing around with Virtual Machines for quiet some time . I started with loading xp on Vista around 2006-7 and then tried networking,played around with basic linux OS....but what I did everi time was that I loaded the host OS first and then allocated the desired resources in form of some RAM and HDD and then booting the new OS....but then I was wasting the host OS Resource that actually is running the various virtual machines on it.....so how to use that, is where Bare Metal Environment comes in to rescue.

2.    Simply told,a bare metal environment is a system in which a virtual machine is installed directly on hardware rather than within the host operating system (OS). The term "bare metal" refers to a hard disk, the usual medium on which a computer's OS is installed.But then how come it is called virtual when the machine is directly running on the hardware? So actually a kind of  a pseudonym since a virtual machine running directly on bare metal would technically not be a virtual machine. In such cases VMs run within a hypervisor which creates the abstraction layer between physical and virtual hardware. So whats Hypervisor?? :-)

3.    A hypervisor is actually the virtual machine manager (VMM), or a virtualization technique allowing multiple operating systems to run concurrently on a host computer. Multiple instances of a variety of operating systems may share the virtualized hardware resources.The hypervisors are classified into basically two types as follows :

Type 1 refers to bare metal hypervisors that run directly on the host's hardware to control the hardware and to manage guest operating systems. 

Type 2 refers to hypervisors that run within a conventional operating system environment. With the hypervisor layer as a distinct second software level, guest operating systems run at the third level above the hardware.This classification can be made more clear with the help of figures below :

TYPE 1 : THE NATIVE BARE METAL TYPE

(click to enlarge)

TYPE 2 : HOSTED TYPE

(click to enlarge)

4.    Thanks Wiki and http://forums.hornfans.com

Windows 7 Hacked @ BACKTRACK

(DOUBLE CLICK TO VIEW BETTER)

Nothing new for the active Cyber Sec community...but since I had recently recorded a screen cord I thought like uploading the same for everi one.....This is my second "hands on" a windows machine after I attempted on XP last year at  http://anupriti.blogspot.in/2011/10/backtrack-5-how-to-use.html

YUM INSTALLATION STEP BY STEP : RHEL 5

1.   Recently inserted one video screen recording of how the yum installation is conducted in RHEL 5.The step wise command summary goes like this :


  130  cd /media/RHEL_5.1\ i386\ DVD/
  131  cp -av /media/RHEL_5.1\ i386\ DVD/images/ /var/ftp/pub/
  132  cp -av /media/RHEL_5.1\ i386\ DVD/RPM-GPG-KEY* /var/ftp/pub/
  133  cd /var/ftp/pub/Server/
  134  rpm -ivh createrepo-0.4.4-2.fc6.noarch.rpm 
  135  createrepo -v /var/ftp/pub/
  136  createrepo -g /var/ftp/pub/Server/repodata/comps-rhel5-server-core.xml /var/ftp/pub/

2.  The start to end video is down here.Click to watch :

Windows 8 Developer Pre BETA : How to get full screen on a VM?

In continuation with my earlier post here about windows 8 Pre Beta edition,one thing that bugged me for a while was not getting the display across full screen in spite of choosing "view full screen" from drop down.The answer to this goes like this

..SIMPLY CHOOSE A HIGHER RESOLUTION AND U WILL GET IT....

Simple to get till u know!!!!!!!!!!!

Windows 8 Developer Preview : Pre Beta Version for Developers

I recently downloaded the Windows 8 Preview Developer edition from http://msdn.microsoft.com/en-us/windows/apps/br229516 and then tried running it as a virtual machine.Found the following issues :

- does not run on VMWARE 7

- runs on VMWARE 8

- Donno y...but runs at a pathetic speed on VMWARE 8 inspite of a good resourceful machine with upto 1.5 GB of RAM.

- Even on installation on VMWARE 8...doesnt show the NIC card so it has no access to Internet.So no updates.

- Runs at a horse's pace in VIRTUAL BOX.

- No NIC issues in virtual box.