Social Icons

Thursday, October 22, 2015

segmentation fault Kali Linux 2.0 [solved]

Kali Linux 2.0,the well known Penetration testing distro contains a plethora for digital forensics tools and is widely used by ethical hacker community across the globe.It comes with over 650 tools pre-installed that help  perform tasks like network analysis, ethical hacking, load & crash testing etc. It is powered by Linux kernel 4.0 and has enhanced support for different graphics cards and desktop environments.However ,a small bug as I noticed running two regular commands as apt-get update and msfupdate. Used to get the segmentation fault error as seen below in the screen shot :


Resolved by running the following commands at terminal to open sources.list  file

root@kali:~# leafpad /etc/apt/sources.list

As the file opens, simply select all the existing content in the file and delete it.Further to it cut and paste the following lines in the file and save :  

# Regular repositories
deb http://http.kali.org/kali sana main non-free contrib
deb http://security.kali.org/kali-security sana/updates main contrib non-free
# Source repositories
deb-src http://http.kali.org/kali sana main non-free contrib
deb-src http://security.kali.org/kali-security sana/updates main contrib non-free

and now it should work just as it worked in my case as seen below :



Posted by at 0 comments
Labels: , , , , , , , , , , , , , ,

Tuesday, October 20, 2015

MY Blog hits : 3,00,000 plus :-)

Exactly about a year back my blog got the 2,00,000th hit and today it is 3,00,000 plus. So I assume an ok traffic since technical blogs do not have the glamorous and mass factor associated....I got into blogging without knowing any thing about traffic and readers and then maintaining a blog when you are working also is at times difficult.This actually means the time you could have spent with your family is being spent on blogging.But then as we say "Purpose is the reason you journey and Passion is the fire that lights your way."...and so has been applicable to me.Simply the passion to study and share IT and experiment with tools and researches has been the force for my energies being put in here.Putting here some past shots and analytics ex Google :

20 Oct 2015


 05 Oct 2013


 02 Nov 2014


FEW STATS STRAIGHT FROM GOOGLE ANALYTICS

Increase over years

 Page  views by countries

 

Page-views by Browsers

 Page  views by Operating Systems


Posted by at 0 comments
Labels: , , , , , , , ,

Sunday, October 04, 2015

Extracting Username/Passwords from RAM Dump : Volatility Framework makes it Easy

1.  For those of you who have started reading this post coz of the tempting post title claiming extracting username/passwords from a RAM Dump,I must assure you it is possible easily in few steps using Volatility Framework.In the post ahead I have a RAM dump of a Windows 7 OS and I have been able to extract the user names and passwords of these users in three simple steps using Volatility Framework.Well,I will quickly get to the steps with screenshots :

Setup Required

 - Volatility Framework Installed.
[How to Install at http://anupriti.blogspot.in/2015/09/volatility-advanced-memory-forensics.html]

- Taking Ram Dump from Windows
[How to take RAM dump at para 3 of http://anupriti.blogspot.in/2015/09/volatility-command-using-imageinfo-to.html]

Here I am using two commands basically ie hivelist and hashdump

HIVELIST


Hivelist is used to locate the virtual addresses of registry hives in memory, and the full paths to the corresponding hive on disk.

Command Usage

python vol.py --profile=Win7SP0x86 -f /home/cuckoo/Desktop/windows_7_ramdump.raw hivelist

You get a similar output as seen below :
CLICK TO ENLARGE

Note Virtual Address for SYSTEM as highlighted
CLICK TO ENLARGE

Note Virtual Address for SAM as highlighted
CLICK TO ENLARGE

HASHDUMP


Hashdump is used to extract and decrypt cached domain credentials stored in the registry.

Command Usage

To use hashdump, pass the virtual address of the SYSTEM hive as -y and the virtual address of the SAM hive as -s, as shown below:

python vol.py --profile=Win7SP0x86 hashdump -f /home/cuckoo/Desktop/windows_7_ramdump.raw -y 0x8901a360 -s 0x8faff008

Hashdump output seen with user names and NTLM dump
CLICK TO ENLARGE
As we see vide above screen shot we have been able to extract names of users as stalin,VOLA and TILITY with hash of passwords against their names.Now we will decrypt these hashes.

DECRYPTING NTLM hash

Now comes decrypting this hash as we have got vide hashdump above.Hashes can now be cracked using John the Ripper, rainbow tables, etc.Now no need to install these crackers separately.Simply google for online decryptos and you will get the password too.I used this site at http://www.hashkiller.co.uk/ntlm-decrypter.aspx

Screen shots below:

Password extracted is test_1234
CLICK TO ENLARGE

Password extracted is test_123
CLICK TO ENLARGE

Password extracted is test
CLICK TO ENLARGE
So in all two terminal commands running volatility hivelist and hashdump followed by decrypting the hash online will give you the usernames and passwords from the RAM dump.Any queries and questions or advises are most welcome.Thanks
Posted by at 0 comments
Labels: , , , , , , , , , , , ,

Thursday, October 01, 2015

Burp Suite : Configuring the browser and redirecting traffic

1.   Vide my last post about installing Burp Suite here ,now I move ahead to configure your browser in order to redirect all HTTP/S requests through Burp Proxy, instead of the actual target website. In my case here I am configuring a Mozilla Browser with proxy host address to 127.0.0.1 and the proxy port to 8080 , for both HTTP and HTTPS.The typical configuring of browsers is more or less common with major browsers with minor differences in interfaces.Here next I place you screen shots as I surfed a redirected traffic both for http and https via Burp Suite.First steps to configure Mozilla followed by screen shots :

Configuring Mozilla Firefox

- Click Firefox menu and then Preferences.
- In the Advanced options, under the Network tab, click on connection Settings.
- Select Manual proxy configuration.
- Enter the proxy host address as 127.0.0.1 and the proxy port as 8080.
- Select Use this proxy server for all protocols.
- Make sure to remove all exceptions from the No Proxy for field.
- Click OK and close.


2.   So now you have a working installation of Burp Suite and your browser is properly configured to intercept all requests.Now to test go to the browser, enter any http://www.****** site in the address bar and press Enter . If all is well, Burp Proxy should intercept this request. In Burp Suite,go to the Proxy and Intercept tab and verify that the web request is waiting for your approval.Ensure tha the Intercept on button is enabled; click on it and allow the request to transit through Burp by pressing Forward in Burp Suite Interface. Now in the browser, you should see the http page you entered in address bar.

Now try a https site and you are bound to see this warning as seen below in the screenshot.You will be presented with a This Connection is Untrusted page.In such a case, you are required to manually approve the connection by clicking on I Understand The Risks, then Add Exceptions... and Confirm Security Exception. To make sure that Burp Proxy is actually causing the warning, you click on the certificate status View... and see that the certificate belongs to PortSwigger CA as seen below in one screenshot.

 PortSwigger CA certificate


This setup means that Burp Suite is now ready for use as the traffic is being redirected as desired as per configuration....
Posted by at 0 comments
Labels: , , , , , , , , , , , , ,
Subscribe to: Posts (Atom)
Powered By Blogger