Social Icons

Wednesday, January 01, 2014

Nessus Installation @ Backtrack R3

1.   This post speaks less and shows more about how to install Nessus in Backtrack R3.Also it is assumed that the user is connected to the Internet while installation is in progress.

First Step :  Get to the terminal and type apt-get install nessus

 closer look to the above screen shot as in terminal.

 This screen shot shows a progress shot whilst installation is in progress....

 Installation gets over here....as seen

 Second Step : Creating a user for login into the Nessus Interface.........

 You get to see the following after you have created the user....
 Third step : Visit the website as seen in the screen shot below :
 
 Fourth Step : Click on the Home user option and register with your e-mail id.You get a activation key in few seconds at your e-mail.

 Fifth Step :  After you get the key...type in the following syntax followed by the key that you get in ur email id....
 A closer look of the above screen shot

 After you the user is registered he gets to see the following screen :

 Sixth Step : Now open your Backtrack Mozilla Browser and type in the following address as shown in the screen shot here.This initialising takes a little time...mine took 4 minutes and more...
 A closer look at the address .......
 Once initialised you get the following screen for login
 Here you are...the login screen for Nessus...

Tuesday, December 31, 2013

New Laptops without Windows 8 @ Rare

1.   Strange it may seem but the current availability of Laptops for sale in the market show a peculiar sad state of specs...ie they are available only with Windows 8.There are rare options on few sites that offer New laptops for sale without Windows OS.I have been planning to buy a laptop with i3/i5 processor and in my search over various sites I came across this sad but surprising stat.

2.  Infact leading online shopping retails in Dubai have got NIL option to buy a laptop without Windows 8.I checked up at the following sites :

- http://www.carrefouruae.com/
- http://www.ic4uae.com/

3.   Even the options without Windows 8 on leading retails in India have much lesser options then with Windows 8. Checked up at Flipkart, snapdeal,timesofindia shopping to mention a few.
 

 4.   Given these facts...it looks like Microsoft has put in rigorous and vigorous marketing efforts to increase there sales graph for Windows 8.For those guys who wish to buy Windows 8 laptop and then attempt removing the windows and install some Linux flavour...it is equally surprising that unlike till Windows 7 wherein it was relatively a matter of deleting Windows and installing Linux...it is complex removing Windows 8 so the user has to be content with a dual boot option wherein he has to compromise with wastage of space dedicated to Windows....

5.  Thus there is a kind of binding that comes along with these laptops with Windows 8 that you cannot mov to another OS.....:-(

Saturday, November 23, 2013

BACKTRACK 5 R3 : 0trace

This post is going to introduce you to a "Identify Live Hosts" tool by the name of 0trace that enables a user to perform hop enumeration (“traceroute”) within an established TCP connection, such as a HTTP or SMTP session. This is opposed to sending stray packets, as traceroute-type tools usually do. The important benefit of using an established connection and matching TCP packets to send a TTL-based probe is that such traffic is happily allowed through by many stateful firewalls and other defenses without further inspection (since it is related to an entry in the connection table).

How to reach 0trace ?
(Click to enlarge)
(Click to enlarge)
(Click to enlarge)

The command syntax :

root@bt:/pentest/enumeration/0trace# ./0trace.sh eth0 (IP ADDRESS1)

and then you need to then open another terminal and connect using netcat as below

root@bt:~# nc (IP ADDRESS1) 80

Here in the example as shown vide screenshots,i have used a web site ip address for sample check....without opening the second terminal window...you will not get any progress on the first terminal....

Tuesday, November 19, 2013

Facebook on Basic Phone : Possible@YESS!!!

1.  The penetration of smartphones in the market is rapidly setting new benchmark verticals.Smartphones have changed our basic routine access exercise of switching on laptops or workstations to access our facebook,gmail and other accounts...but somehow this access to facebook and other accounts has been limited to smartphones only...and thus the basic mobile user still has the traditional method of accessing the mails and social networking sites....but thankfully this is not likely to go on for long...
 
2. One Mr Sumesh Menon, co-founder and CEO of U2opia Mobile,has fine-tuned USSD (Unstructured Supplementary Service Data) technology and is using it to allow anyone with a mobile phone to connect to Facebook. Unstructured Supplementary Service Data (USSD) is a protocol used by GSM cellular telephones to communicate with the service provider's computers. USSD can be used for WAP browsing, prepaid callback service, mobile-money services, location-based content services, menu-based information services, and as part of configuring the phone on the network. Thus even if a user has a very basic phone and no data connection, he can use USSD to connect to Facebook.

3.  Offcourse the concept of USSD is not new per se as a technology..users have all been using it in some way or the other in routine.For example, when you check your remaining pre-paid balance in the phone using a code, you use the USSD technology.So basically it is a kind of 1G solution that works in a 3G world.For those who wish to know about the 'G' family...please click here to find the 'G' Generation.

HOW TO USE THIS SERVICE :

-  In India, it is available to almost all mobile phone users, except those who are using network of BSNL.

-  To access Facebook from a basic (or from a smartphone that has no data connection) a user has to first subscribe to the service by dialling *325#.

-  Once the service is active, which happens within a few minutes, users can utilize the USSD menu to go through their timeline, check status updates, post status updates and check likes or comments on their posts. The service also allows access to Facebook Messenger and users can exchange messages with their friends.

-  There is no limit on how many times you can access Facebook or how many messages you can send to your friends on Facebook messenger. While different operators charge different price for the service, usually the price is around Re 1 per day, making it a cost-effective way to keep in touch with friends.

Few interesting points about this :

-  The underlying technology is called FoneTwish.

-  Any operator can use FoneTwish to enable access to Facebook through USSD for its users.

-  Service is used by over 40 operators in 30 countries.

-  Currently, there are over 10 million users across the world who access Facebook through USSD.

LIMITATIONS :

-  Facebook will be limited to a text-based service when used through USSD.

-  A user cannot access photographs on his phone through FoneTwish.

-  Offcourse there will be limitations w.r.t the proper web based experience that we see on a smartphone...but still..kudos to the effort and congrats to basic phone users.

4.   Well there may be one good news that as on date such phones will be more secure than smartphones.Too early to say before they get broken  too...lets wait and watch...

Sunday, November 10, 2013

Sell your old PC & IT Hardware @ NCR Delhi

1.   Isn't it very often that you have a old working CRT monitor or a old pentium PC though working fine or even in a non workable condition and you find it hard to sell it to the local kabadi wala who would offer not greater the plastic scrap rate...and so that old box keeps lying in store room and you don't know what to do with it....do you know that even a dead motherboard would fetch you around Rs 150....but all this will be possible only if you hit it right...i mean you know a place to sell all this IT scrap....so i thought of writing this post..I have been to this shop at Nehru Place for about 4-5 years now....has a professional team and approach to rate your scrap be it working or not working!!!!


2.   Though I have no affiliation with this shop in any way but thought of sharing this exploitable info for all guys based in NCR.....few pics to help in identification for those of you who wish to visit this below :




Contact Details :

B-6 & B-7, Basement,Madhuban Building
55,Nehru Place, New Delhi-19 India
(L) + 91 11 26412642
(L) + 91 11 26293639
(M) + 91 9958977551
(Fax) 00-91-11-4654 2668
E-Mail :- ashish@2ndscomputers.com
Website :- www.2ndscomputers.com


3.   In fact shops like these should be promoted through advertising for benefit of all.....so that there is managed E-Waste.....

Sunday, November 03, 2013

ENCRYPTED E-MAILS @ DARK MAIL ALLIANCE

1.   How often we keep reading so much about privacy and IT security issues across the web and daily surf's!!!....but we only have more to believe that privacy with times to come will be a matter of past...be it your mobile with loads of applications inbuilt already or your exchange on yahoo or gmail etc..every one is trying to vie for your data in some form or the other...your sms..your mms...your contacts..your stored data on the SD card,your browsing history or your location at various times of the day etc etc.....every one wants all this to make your profile and then in the long run use all this to market or even blackmail you(who knows!!!!!)...future will buzz a lot with our past....

2.  In such times it is good to read about "Dark Mail Alliance". Extract from their website is produced below for general direction of purpose :

" To bring the world our unique end-to-end encrypted protocol and architecture that is the 'next-generation' of private and secure email. As founding partners of The , both Silent Circle and Lavabit will work to bring other members into the alliance, assist them in implementing the new protocol and jointly work to proliferate the worlds first end-to-end encrypted 'Email 3.0' throughout the world's email providers. Our goal is to open source the protocol and architecture and help others implement this new technology to address privacy concerns against surveillance and back door threats of any kind."

3.   Silent Circle’s team as mentioned in the extract is a unique and eclectic mix of world-renowned cryptographers, Silicon Valley software engineers, German VoIP engineers, Latvian system analysts and former US Navy SEALs & British Special Air Service (SAS) security experts....while Lavabit was an encrypted email service, founded in 2004, that suspended operations on August 8, 2013 after it was ordered to turn over its Secure Sockets Layer (SSL) private key to the US government.So the combo of these two majors can be a force to reckon with provided the policies and strategies do not bar them again in some manner...till then lets give a "good night" to privacy!!!

4.   More at http://darkmail.info/

Wednesday, October 09, 2013

Dual Boot Mobile Phone : Ubuntu and Android

1.   Any time we speak about dual boot,it is a understood fact that we are speaking about a desktop or a laptop device...but what if there is a third answer to this....a MOBILE Phone!!!!!surprise surprise surprise..:-)...read on for what’s  in store ahead...

2.    Well...the first time I read about this concept...that says like you have the typical android OS for being used as a smart phone but in addition you can boot the same device with UBUNTU to get the desktop experience as u insert it in the dock....I was excited to know more and few facts after googling have emerged out as bought out below.


3.  The first Ubuntu smartphone has been announced by Canonical . Under the project code named Ubuntu Edge,the phone has almost everything that we don’t normally see.But first, Canonical wants to raise $32 million (21.5 million pounds) on Indiegogo to build this. The company is asking prospective consumers to put in money for it to make an Ubuntu phone and it is hoping to do it in 31 days.  At the time of writing this, it had already raised over $12,814,196.Details at http://www.indiegogo.com/projects/ubuntu-edge



4.  The phone is likely to go on sale in May 2014 and the brief specs out are as follows :

    Dual boot Ubuntu mobile OS and Android
    Fully integrated Ubuntu desktop PC when docked
    Fastest multi-core CPU, 4GB RAM, 128GB storage
    4.5in 1,280 x 720 HD sapphire crystal display
    8MP low-light rear camera, 2MP front camera
    Dual-LTE, dual-band 802.11n Wi-Fi, Bluetooth 4, NFC
    GPS, accelerometer, gyro, proximity sensor, compass, barometer
    Stereo speakers with HD audio, dual-mic recording, Active Noise Cancellation
    MHL connector, 3.5mm jack
    Silicon-anode Li-Ion battery
    Form Factor : 64 x 9 x 124mm



3.   Not just Android with Ubuntu,infact Microsoft has approached HTC with a plan to load Windows Phone 8 onto its Android handsets as a way to give consumers more than one platform option on their devices. In exchange for loading Windows Phone onto Android handsets, Microsoft would consider waiving licensing fees for using the mobile operating system, Amazingly, HTC is apparently warm to the idea and is pondering the logistics of making a dual-boot Windows-Android handset.

4.  So it is a welcome concept overall.But then from a security point of view the user will have to handle two attack surfaces in form of the two boot options.More details at the following links :

http://www.indiegogo.com/projects/ubuntu-edge


Saturday, October 05, 2013

My Blog Reaches 1,00,000 ie 1 Lakh hits : STATISTICS here

1.   I have been blogging for around 6 years now and the journey has been amazing.I got into blogging without knowing any thing about traffic and readers and then maintaining a blog when you are working also is at times difficult.This actually means the time you could have spent with your family is being spent on blogging.But then as we say "Purpose is the reason you journey and Passion is the fire that lights your way."...and so has been applicable to me.Simply the passion to study and share IT and experiment with tools and researches has been the force for my energies being put in here.I bring out the stats here of the 1 Lakh hits from Google Analytics.

ALL STATS HERE HAVE BEEN TAKEN FROM GOOGLE ANALYTICS

COUNTRY WISE HITS RECORDED
 
BROWSER STATS OF THE USERS WHO HIT IT


 OPERATING SYSTEM DETAILS OF USERS WHO HIT IT



  THE ASCEND OF OVERALL HITS SEEN RISING 2007 ONWARDS


THE GOOGLE ANALYTICS INTERFACE



BLOG SCREEN SHOT SHOWING THE VISITANTS

Friday, October 04, 2013

BACKTRACK 5 R3 : ReverseRaider

1.   This post will brief on a tool known as Reverse Raider available in the information gathering menu drop down in Backtrack 5

About the Tool 

2.   ReverseRaider is a domain scanner that uses various techniques, such as wordlist scanning to find target's subdomains or reverse resolution for a range of ip.It's fully multi-threaded and supports permutation on wordlist, IPv6 and various DNS options (e.g. no-recursion).

3. Developed by  Acri Emanuele at crossbower@gmail.com

Usage: reverseraider -d domain | -r range [options]
 
Options:

  -r    range of ipv4 or ipv6 addresses, for reverse scanning
        examples: 208.67.1.1-254 or 2001:0DB8::1428:57ab-6344
  -f    file containing lists of ip addresses, for reverse scanning
  -d    domain, for wordlist scanning (example google.com)
  -w    wordlist file (see wordlists directory...)
 
Extra options:
  
  -t    requests timeout in seconds
  -P    enable numeric permutation on wordlist (default off)
  -D    nameserver to use (default: resolv.conf)
  -T    use TCP queries instead of UDP queries
  -R    don't set the recursion bit on queries

4.   Most of the  DNS enumeration scripts available in backtrack focus on typical DNS but reverseraider does what it sounds like it might do which is enumerate reverse DNS names. Enumerating reverse DNS on an IP or set of IP’s can sometimes reveal information you did not previously have. It is possible to be targeting a web server that has a bunch of virtual hosts and you prefer to track down primary web site on the web server which is where reverseraider may provide the results necessary as it is more likely that the most important site on the virtual web server has reverse DNS configured on the host itself. 


This post gives an excellent description with details of three methods of using reverseraider.


Thursday, October 03, 2013

BACKTRACK 5 R3 : LBD [ Load Balancing Detector ]

1.   Before we start working on this tool,we need to first get clear of what exactly is Load Balancing?

2.    Load balancing is a method to distribute workload over multiple computers , network links, central processing units, disk drives, or other resources, to achieve optimal resource utilization, maximize throughput, minimize response time, and avoid overload. So before any one performs a penetration test, some recon work needs to be done on the target domain to make sure it does not have the ability to misdirect any probes and attacks.

About the Tool : LBD


3.   LBD (Load Balancing Detector) is a small script that tells if a given domain uses DNS and/or HTTP Load-Balancing (via Server: and Date: header and diffs between server answers). The main purpose of the tool is to check if the given domain uses load balancing.In other words when a server uses load balancing to distribute its work load over multiple systems, it should not get clogged up with excessive requests that prevents disruptions. This will mostly be applicable to renowned websites to reduce their system workload and to prevent malicious DOS attacks.

Usage : ./lbd [Domain]

4.    I could not find any switch option that can be used with the command ....so the usage is simple....I have tried this on two sites : certifiedhacker.com and dvwa.co.uk.Screen shots of the results obtained are seen below :




Wednesday, October 02, 2013

BACKTRACK 5 R3 : FIERCE

1.  What's in a name ? But here when the name of the tool is FIERCE...it has the potential to grab eyeballs....about FIERCE first....Fierce is a perl script written by RSnake and helps at the first steps of a pentesting ie the reconnaissance. The focus of any pentester  is to gather as much info as possible about the target before starting the attack.Exactly like earlier tools discussed in the Information Gathering drop down of Backtrack 5 R3,FIERCE is used for DNS Enumeration and is a great tool for discovering non-contiguous IP address for a certain company. It is difficult to discover and gather information about a company network which is non-contiguous using traditional tools. Though we can use a normal scanner against an IP range, but if the IP ranges are nowhere near one another there may be chance of missing chunks of networks. For this type of situation FIERCE is used.The following is the working process of FIERCE.

First it asks DNS for the DNS servers of the target. If DNS server of target is misconfigured then fierce attempts to dump the SOA records for the domain. If it fails then it attempts to "guess" names that are common amongst different companies using bruteforce.

2.   The info gained from this tool FIERCE can be used by subsequent tools to be used like nmap, unicornscan, nessus, nikto, etc, since all of those require that you already know what IP space you are looking for.  This does not perform exploitation and does not scan the whole internet indiscriminately.  It is meant specifically to locate likely targets both inside and outside a corporate network.  Because it uses DNS primarily you will often find mis-configured networks that leak internal address space. That's especially useful in targeted malware.

SYNTAX :  perl fierce.pl [-dns example.com] [OPTIONS]  

3.  The switches that can be used with this command are shown in the screen shot below :
(Click on the Image to enlarge)
4.    So I tried running the tool on certifiedhacker.com & dvwa.co.uk and the output is shown below vide a screen shot :

certifiedhacker.com
(Click on the Image to enlarge)
dvwa.co.uk

(Click on the Image to enlarge) 
(Click on the Image to enlarge)
This info will be good enough to march ahead from a pen tester point of view!!!!!!

BACKTRACK 5 R3 : dnswalk

1.   In this post I am going to show how the dnswalk works.Before you use this tool...there is a small twist to the tale...almost all users who use this command will invariably get the message " You will have to enable the component called 'universe'"....and for this..so to resolve refer my immediate earlier post here.First lets see what are the features of this tool...what actually it does and what is the syntax ?

Main Features :
 
2.    Dnswalk is a DNS debugger. It performs zone transfers of specified domains, and checks the database in numerous ways for internal consistency, as well as accuracy. Dnswalk should NOT be used without a firm knowledge of the DNS RFC's. The warnings and errors must be interpreted within the context they are being used. Something may be flagged as a warning, but in reality it is a really bad error. Conversely dnswalk will flag things as warnings and possibly even errors, but they may actually be perfectly "legal" or normal in your specific situation. Dnswalk is not an AI engine. It just provides useful information which you need to interpret.

3.   Another important thing about the tool is w.r.t the syntax.The domain name specified on the command line MUST end with a '.' ie a dot.If u simply type in man dnswalk at the terminal,you will most of the info than I have bought here...The syntax and the switch functions are briefly bought out here :

SYNTAX : dnswalk [ -adilrfFm ] domain.

-r = Recursively descend sub-domains of the specified domain. Use with care.
-a = Turn on warning of duplicate A records. (see below)
-d = Print debugging and ‘status’ information to stderr. (Use only if redirecting stdout) See DIAGNOSTICS section.
-m = Perform checks only if the zone has been modified since the previous run.
-F = perform “forced” checking. When checking an A record, compare the PTR name for each IP address with the forward name and report mismatches.
-i = Suppress check for invalid characters in a domain name. (see below)
-l = Perform “lame delegation” checking. For every NS record, check to see that the listed host is indeed returning authoritative answers for this domain.

Below I have bought out few screen shots on how the command may be used and what it brings out.I have used two domains for practise here.One is certifiedhacker.com and iitk.ac.in.The former does not bring out much but the latter brings out more info that I find amazing......so the first command tries to find zone transfer records of the target domain.

Command : dnswalk -r iitk.ac.in.
(Click on the Image to Enlarge)
(Click on the Image to Enlarge)
This command with other switches can be used in the same manner as shown above with the following switch combinations :

dnswalk -i iitk.ac.in.

Turns on warning of duplicate A records

dnswalk -a iitk.ac.in.

Performs debugging on the site

dnswalk -d iitk.ac.in.

Checks whether the domains are been modified are not

dnswalk -m iitk.ac.in.

If you wish to perform all the above things through single command line argument you can type the following.The same is shown in the screen shot subsequently

dnswalk -riadmfl iitk.ac.in.

(Click on the Image to Enlarge)
(Click on the Image to Enlarge)
....and for a website that shows no result like certifiedhacker.com.....the screen shows the answer
(Click on the Image to Enlarge)



[SOLVED] : You will have to enable the component called 'universe' backtrack

1.  In my attempts to try few tools like dnswalk and fierce...I used to see these messages that read like :

you will have to enable the component called 'universe'

Click on the image to Enlarge
So after many attempted failures that I am not going to share here...I am bringing out steps on how to resolve and start using the tools....
Click on the image to Enlarge
So the first command is to install synaptic that you can simply do by typing the following command as shown in the screen shot above :

apt-get install synaptic

Click on the image to Enlarge
After synaptic is installed you need to install gdebi by typing in the following command as shown in the screen shot above :

apt-get install gdebi

Click on the image to Enlarge

Click on the image to Enlarge
 Now after installing these two tools synaptic and gdebi,you have to follow the screen shots..Go to Systems > Administration > Synaptic Package Manager

Click on the image to Enlarge
 As the Synaptic Package Manager window opens up...go to Settings > Repositories
Click on the image to Enlarge
Then you see this...all the check boxes will be disabled as default as seen in the screen shots below :
Click on the image to Enlarge
 Just check all of them and click close
Click on the image to Enlarge
 Then click on Reload and you will see the downloading Package Information window as seen below :
Click on the image to Enlarge
 Then you simply reboot and try installing dnswalk...no issues...and you see going ahead with success...
Click on the image to Enlarge


Powered By Blogger