Leaderboard

Today we are going to discuss how to Detect NMAP scan using Snort but before moving ahead kindly read our privious both articles releted to Snort Installation (Manually or using apt-respiratory)and its rule configuration to enable it as IDS for your network. Basically in this article we are testing Snort against NMAP various scan which will help network security analyst to setup snort rule in such a way so that they become aware of any kind of NMAP scanning. Requirement Attacker: Kali Linux (NMAP Scan) Target: Ubuntu (Snort as IDS) Optional: Wireshark (we have added it in our tutorial so that we can clearly confirm all incoming and outgoing packet of network) Let’s Begins!! Identify NMAP Ping Scan As we know any attacker will start attack by identifying host status by sending ICMP packet using ping scan. Therefore be smart and add a rule in snort which will analyst NMAP Ping scan when someone try to scan your network for identifying live host of network. Execute given below command in ubuntu’s terminal to open snort local rule file in text editor. sudo gedit /etc/snort/rules/local.rules Now add given below line which will capture the incoming traffic coming on 192.168.1.105(ubuntu IP) network for ICMP protocol. alert icmp any any -> 192.168.1.105 any (msg: “NMAP ping sweep Scan “; dsize:0;sid:10000004; rev: 1;) Turn on IDS mode of snort by executing given below command in terminal: sudo snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i eth0 Now using attacking machine execute given below command to identify status of target maching i.e. host is UP or Down. nmap -sP 192.168.1.105 –disable-arp-ping If you will execute above command without parameter “disable arp-ping” then will work as default ping sweep scan which will send arp packets inspite of sending ICMP on targets network and may be snort not able to capture NMAP Ping scan in that sinario, therefore we had use parameter “disable arp-ping” in above command. As I had declaimed above why we are involving wireshark in this tutorial so that you can clearly see the packet sends form attacker network to targets network. Hence in given below image you can notice ICMP request packet as well as ICMP reply packets both are part of network traffic. Come back to over your target machine where snort is capturing all in coming traffic here your will observe that it is generating alert for NMAP Ping Sweep scan. Hence you can block attacker’s IP to protect your network from further scanning. Identify NMAP TCP Scan Now in order to connect with target network, attacker may go with networking enumeration either using TCP Protocol or UDP protocol. Let assume attacker may choose TCP scanning for network enumeration then in that situation we can apply following rule in snort local rule file. alert tcp any any -> 192.168.1.105 22 (msg: “NMAP TCP Scan”; sid:10000005; rev:2; ) Above rule is only applicable for port 22 so if you want to scan any other port then replace 22 from the port you want to scan else you can also use “any” to analysis all ports. Enable NIDS mode of snort as done above. Now again using attacker machine execute the given below command for TCP scan on port 22. nmap -sT -p22 192.168.1.105 From given below image you can observe wireshark has captured TCP packets from 192.168.1.104 to 192.168.1.105 Here you can confirm that our snort is absolutely working when attacker is scanning port 22 using nmap TCP scan and it is showing attacker’s IP from where traffic is coming on port 22. Hence you can block this IP to protect your network from further scanning. Identify NMAP XMAS Scan As we know that TCP communication follows three way handshake to established TCP connection with target machine but sometimes instead of using SYN, SYN/ACK,ACK flag attacker choose XMAS scan to connect with target by sending data packets through Fin, PSH & URG flags. Let assume attacker may choose XMAS scanning for network enumeration then in that situation we can apply following rule in snort local rule file. alert tcp any any -> 192.168.1.105 22 (msg:”Nmap XMAS Tree Scan”; flags:FPU; sid:1000006; rev:1;) Again above rule is only applicable for port 22 which will listen for incoming traffic when packets come from Fin, PSH & URG flags .So if you want to scan any other port then replace 22 from the port you want to scan else you can also use “any” to analysis all ports. Enable NIDS mode of snort as done above. Now again using attacker machine execute the given below command for XMAS scan on port 22. nmap -sX -p22 192.168.1.105 From given below image you can observe that wireshark is showing 2 packets from attacker machine to target machine has been send using FIN, PSH, URG flags. Come back to over your target machine where snort is capturing all in coming traffic here your will observe that it is generating alert for NMAP XMAP scan. Hence you can block attacker’s IP to protect your network from further scanning. Identify NMAP FIN Scan Instead of using SYN, SYN/ACK and ACK flag to established TCP connection with target machine may attacker choose FIN scan to connect with target by sending data packets through Fin flags only. Let assume attacker may choose FIN scanning for network enumeration then in that situation we can apply following rule in snort local rule file. alert tcp any any -> 192.168.1.1045 22 (msg:”Nmap FIN Scan”; flags:F; sid:1000008; rev:1;) Again above rule is only applicable for port 22 which will listen for incoming traffic when packets come from Fin Flags. So if you want to scan any other port then replace 22 from the port you want to scan else you can also use “any” to analysis all ports. Enable NIDS mode of snort as done above. Now again using attacker machine execute the given below command for FIN scan on port 22. nmap -sF -p22 192.168.1.105 From given below image you can observe that wireshark is showing 2 packets from attacker machine to target machine has been send using FIN flags. Come back to over your target machine where snort is capturing all in coming traffic here your will observe that it is generating alert for NMAP FIN scan. Hence you can block attacker’s IP to protect your network from further scanning. Identify NMAP NULL Scan Instead of using SYN, SYN/ACK and ACK flag to established TCP connection with target machine may attacker choose NULL scan to connect with target by sending data packets through NONE flags only. Let assume attacker may choose NULL scanning for network enumeration then in that situation we can apply following rule in snort local rule file. alert tcp any any -> 192.168.1.105 22 (msg:”Nmap NULL Scan”; flags:0; sid:1000009; rev:1;) Again above rule is only applicable for port 22 which will listen for incoming traffic when packets come from NONE Flags. So if you want to scan any other port then replace 22 from the port you want to scan else you can also use “any” to analysis all ports. Enable NIDS mode of snort as done above. Now again using attacker machine execute the given below command for NULL scan on port 22. nmap -sN -p22 192.168.1.105 From given below image you can observe that wireshark is showing 2 packets from attacker machine to target machine has been send using NONE flags. Come back to over your target machine where snort is capturing all in coming traffic here your will observe that it is generating alert for NMAP Null scan. Hence you can block attacker’s IP to protect your network from further scanning. Identify NMAP UDP Scan In order to Identify open UDP port and running services attacker may chose NMAP UDP scan to establish connection with target machine for network enumeration then in that situation we can apply following rule in snort local rule file. alert UDP any any -> 192.168.1.105 any(msg:”Nmap UDPScan”; sid:1000010; rev:1;) Again above rule is applicable for every UDP port which will listen for incoming traffic when packets is coming over any UDP port, so if you want to capture traffic for any particular UDP port then replace “any” from that specific port number as done above. Enable NIDS mode of snort as done above. Now again using attacker machine execute the given below command for NULL scan on port 22. nmap -sU -p68 192.168.1.105 From given below image you can observe that wireshark is showing 2 packets from attacker machine to target machine has been send over UDP Port. Come back to over your target machine where snort is capturing all in coming traffic here your will observe that it is generating alert for NMAP UDP scan. Hence you can block attacker’s IP to protect your network from further scanning. Author: AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here Source: http://www.hackingarticles.in/detect-nmap-scan-using-snort/

Stii ca in ziua de azi astia pun laserul pe geamul tau din masina si asculta ce vorbesti in casa, nu?:) http://www.bestlasermicrophones.com/files/typeM-equalized.wav

Pentru producatori de muzica:: Content: 01. Vengeance Dance Explotion Vol.102. Vengeance Dirty Electro Vol.103. Vengeance Dirty Electro Vol.204. Vengeance Effects Vol.105. Vengeance Effects Vol.206. Vengeance Effects Vol.307. Vengeance Electro Essentials Vol.108. Vengeance Electro Essentials Vol.209. Vengeance Electroshock Vol.110. Vengeance Electroshock Vol.211. Vengeance Essential Clubsounds Vol.112. Vengeance Essential Clubsounds Vol.213. Vengeance Essential Clubsounds Vol.314. Vengeance Essential Clubsounds Vol.415. Vengeance Essential Dubstep Vol.116. Vengeance Essential House Vol.117. Vengeance Essential House Vol.218. Vengeance Essential House Vol.319. Vengeance Freakz On Beatz Vol.120. Vengeance Future House Vol.121. Vengeance Future House Vol.222. Vengeance Future House Vol.323. Vengeance Future House Vol.424. Vengeance Minimal House Vol.125. Vengeance Minimal House Vol.226. Vengeance Rhythm Guitars Vol.127. Vengeance Studio Vocals Vol.128. Vengeance Total Dance Sounds Vol.129. Vengeance Total Dance Sounds Vol.230. Vengeance Total Dance Sounds Vol.331. Vengeance Trance Sensation Vol.132. Vengeance Trance Sensation Vol.233. Vengeance Trance Sensation Vol.334. Vengeance Ultimate Bass EXS Halion.iso35. Vengeance Ultimate Fills Vol.136. Vengeance Ultimate Fills Vol.237. Vengeance Vocal Essentials Vol.138. Vengeance Vocal Essentials Vol.2

or sa scada, dar nu se vor prabusi.toti cumpara zilele astea pentru ca sunt anuntate parteneriate cu multe monezi in anul 2018 (news & comunicate officiale ), eu vad ripple ajungand la 3$ pana la jumatatea lu' ianuarie. la ora actuala e cea mai buna moneda in care poti investi. e usor sa mananci seminte si sa iti dai cu parerea cand nu ai habar cu ce se mananca...cam asta e definitia romanului.

poti sa incerci pe etoro, poti sa cumperi direct ripple din cate am vazut, btc poti sa cumperi si de la exchangeurile locale, dar au adaosuri, citeste ce fees au fiecare si alege ce iti convine mai mult

feed2email Send RSS/Atom feeds to e-mail requirements.txt feedparser==5.2.1 feed2email.py #!/usr/bin/env python3 # vim: set ai et ts=4 sw=4: # feed2email.py # (c) Aleksander Alekseev 2016-2017 # http://eax.me/ import feedparser from smtplib import SMTP # from smtplib import SMTP_SSL as SMTP from email.mime.text import MIMEText from contextlib import contextmanager import signal import getpass import hashlib import time import sys import re server = 'smtp.yandex.ru' port = 587 # 25 login = "YOUR_SENDER_LOGIN" from_addr = "NEWS <YOUR_SENDER_LOGIN@yandex.ru>" receiver = "YOUR_EMAIL" processed_urls_fname = "processed-urls.txt" feed_list_fname = "feed-list.txt" # change to True before first run or you will receive A LOT of emails # then change back to False fake_send = False sleep_time = 60*5 # seconds net_timeout = 20 # seconds smtp_retry_time = 30 # seconds smtp_retries_num = 5 # >>> import hashlib # >>> hashlib.sha1(b"qwerty").hexdigest() # 'b1b3773a05c0ed0176787a4f1574ff0075f7521e' pwhash = 'YOUR_PASSWORD_SHA1_HASH' # FUNCS class TimeoutException(Exception): pass @contextmanager def timeout_sec(seconds): def signal_handler(signum, frame): raise TimeoutException(Exception("Timed out!")) signal.signal(signal.SIGALRM, signal_handler) signal.alarm(seconds) try: yield finally: signal.alarm(0) def file_to_list(fname): rslt = [] with open(fname, "r") as f: rslt = [x for x in f.read().split("\n") if x.strip() != "" ] return rslt # MAIN password = getpass.getpass("SMTP Password: ") if hashlib.sha1(bytearray(password, 'utf-8')).hexdigest() != pwhash: print("Invalid password", file = sys.stderr) sys.exit(1) while True: feed_list = file_to_list(feed_list_fname) # filter comments feed_list = [ x for x in feed_list if not re.match("(?i)\s*#", x) ] keep_urls = 1000*len(feed_list) processed_urls = [] try: processed_urls = file_to_list(processed_urls_fname) except FileNotFoundError: pass print("Processing {} feeds...".format(len(feed_list))) for feed in feed_list: print(feed) f = None try: with timeout_sec(net_timeout): f = feedparser.parse(feed) except TimeoutException: print("ERROR: Timeout!") continue feed_title = f['feed'].get('title', '(NO TITLE)') feed_link = f['feed'].get('link', '(NO LINK)') for entry in f['entries']: if entry['link'] in processed_urls: continue subject = "{title} | {feed_title} ({feed_link})".format( title = entry.get('title', '(NO TITLE'), feed_title = feed_title, feed_link = feed_link ) print(subject) summary = entry.get('summary', '(NO SUMMARY)') body = "{summary}\n\n{link}\n\nSource feed: {feed}".format( summary = summary[:256], link = entry['link'], feed = feed ) print(body) print("-------") msg = MIMEText(body, 'plain') msg['Subject'] = subject msg['From'] = from_addr msg['To'] = receiver if not fake_send: for attempt in range(1, smtp_retries_num+1): try: with timeout_sec(net_timeout), SMTP(server, port) as conn: conn.starttls() conn.login(login, password) conn.sendmail(from_addr, [receiver], msg.as_string()) break except Exception as exc: print(("Failed to send email {}/{} - {}, " + "retrying in {} seconds").format( attempt, smtp_retries_num, exc, smtp_retry_time ) ) time.sleep(smtp_retry_time) processed_urls = [ entry['link'] ] + processed_urls with open(processed_urls_fname, "w") as urls_file: urls_file.write("\n".join(processed_urls[:keep_urls])) print("Sleeping {} seconds...".format(sleep_time)) time.sleep(sleep_time) Download: feed2email-master.zip Source: https://github.com/afiskon/feed2email

In 2015, artist Ai Weiwei was bugged in his home, presumably by government actors. This situation raised our awareness on the lack of research in our community about operating and detecting spying microphones. Our biggest concern was that most of the knowledge came from fictional movies. Therefore, we performed a deep study on the state-of-the-art of microphone bugs, their characteristics, features and pitfalls. It included real life experiments trying to bug ourselves and trying to detect the hidden mics. Given the lack of open detection tools, we developed a free software SDR-based program, called Salamandra, to detect and locate hidden microphones in a room. After more than 120 experiments we concluded that placing mics correctly and listening is not an easy task, but it has a huge payoff when it works. Also, most mics can be detected easily with the correct tools (with some exceptions on GSM mics). In our experiments the average time to locate the mics in a room was 15 minutes. Locating mics is the novel feature of Salamandra, which is released to the public with this work. We hope that our study raises awareness on the possibility of being bugged by a powerful actor and the countermeasure tools available for our protection. Video: https://media.ccc.de/v/34c3-8735-spy_vs_spy_a_modern_study_of_microphone_bugs_operation_and_detection#video&t=0

Washington (CNN): Two Romanian hackers infiltrated nearly two-thirds of the outdoor surveillance cameras in Washington, DC, as part of an extortion scheme, according to federal court documents. In a criminal complaint filed last week in the US District Court for the District of Columbia, the US government alleges that the two Romanian hackers operating outside the United States infiltrated 65% of the outdoor surveillance cameras operated by DC city police — that's 123 cameras out of 187 in the city. The alleged hacking occurred during a four-day period in early January. The hacking suspects, Mihai Alexandru Isvanca and Eveline Cismaru, are also accused of using the computers behind the surveillance cameras to distribute ransomware through spam emails, according to an affidavit by Secret Service agent James Graham in support of the government's criminal complaint. The affidavit alleges the hackers meant to use the malware to lock victims' computers and then extort payments from them to regain access. In the affidavit, the Romanians are accused of "intent to extort from persons money and other things of value, to transmit in interstate and foreign commerce communications containing threats to cause damage to protected computers." They were traced through their registered email addresses, one of which roughly translates into "selling souls" in Romanian, according to the affidavit. http://edition.cnn.com/2017/12/20/politics/romanian-hackers-dc-cameras/index.html

De Verge (XVG) ce parere aveti?

Aka dai teapa

Patriot in totalitate.

O mica cautare pe google sigur ti-ar fi adus la cunostinte tot ce aveai nevoie. Pe scurt, "dicționare pentru hacking-ul de Wi-Fi" sunt niste dictionare care sunt folosite ca sa faci un fel de brute force la parole, nu neaparat doar la wifi, adica incerci toate combinatiile/toate parolele posibile sa vezi care e cea corecta, asta daca exista in dictionarul(ele) tau(tale). tutorial de hackuit "wifi" in engleza cu dictionare si link cu dictionare de downloadat. Din nou, o mica cautare pe google nu ar strica

Salut, referitor la ceea ce scrie în acest articol, sa spunem că Facebook chiar ascultă telefonul fiecărei persoane care are instalată aplicația pe telefon. Ceea ce scrie în articol e bine definit și anume că, ca și cantitate de informații ce ar trebui procesate, e imposibil ca să asculte direct și sa preia fiecare bit de informație din inputul audio de la fiecare telefon din lume și să il trimită la un server care mai departe să il proceseze, etc.. Dar mi s-a mai întamplat și mie acest lucru, să vorbesc(doar să vorbesc/menționez de mai multe ori niște cuvinte fără să fi accesat siteuri related) și după o perioadă să primesc ad-uri pe facebook vizate pe acele keywords să zicem. Dacă ar fi posibil, cum s-ar putea face/ce algoritm ar putea fi folosit pentru a extrage dintr-un sample audio(chiar și live) niște keywords-uri, având în vedere și semantica lor în context? Sau dacă știți alte întamplări similare sau posibilități de a obține anumite date/informații făcând cât mai puține procesări posibil.

Da chiar, @Nytro, apuca-te si fa si tu tricouri si cani si stickere. Tranteste un shop si cand comanda lumea te duci fuga si printezi. Mai faci un ban pentru site.

Dupa ce ai preluat raspunsul si ai retinut datele json intr-o variabila, ai 2 cazuri: - fie citesti si interpretezi automat ca json outputul si ai un json object intr-o variabila json_value - fie ai un string ca output si faci json_value = json.loads(output_text) Dupa ce ai variabila respectiva poti accesa valori de la chei in mai multe feluri: 1. main_principal_animals = json_value["mainPrincipalAnimals"] (poti sa verifici daca o cheie 'alpha' exista in dictionar cu < if 'alpha' in json_value: >) 2. main_principal_animals = json_value.get('mainPrincipalAnimals', 'Pisi') <- in cazul in care cheia 'mainPrincipalAnimals' nu exista, variabila va retine stringul "Pisi" Ca sa iti raspund la intrebarile tale acum: 1. dictionary = json.loads(results.getvalue()) 2. cum am zis mai sus un pic 3. depinde de baza de date pe care o folosesti dar daca folosesti baza de date nosql cu documente, ar fi de ajuns sa inserezi jsonul tau cu informatiile dorite.

Il recomand pe cataspy. A platit pe 2 luni. Good guy! -Gonzalez

Ca desktop am ales KDE , dupa ce am deschis interfata grafica ,am sters tot ,am renuntat la KDE si am pus GNOME Am ramas dezamagit de noul dekstop kde4 Deci am instalat debian Light cu desktop Gnome Pt a instala un sistem debian simplu folosind un desktop Gnome-core se poate folosi orice fel de cd deoarece se va instala doar sistemul in text mode Dupa ce vine instalat sistemul se va face login root nano /etc/apt/sources.list Va trebui sters tot si adaugat deb http://ftp.debian.org/debian squeeze main contrib non-free deb-src http://ftp.debian.org/debian squeeze main contrib non-free Update,upgrade,installx,basic gnome install: aptitude update && aptitude upgrade aptitude install xserver-xorg-core xorg aptitude install gnome-core Install curl,sudo and reboot aptitude install curl sudo reboot Install firefox pyth0n3 way wget http://sprunge.us/EZGX -O getfox.py sudo python getfox.py Note: De default vine epiphany care are un oarecare bug , deci nu permite copy and paste in terminal Download flash player from Adobe - Install a different version of Adobe Flash Player dpkg -i install_flash_player_10_linux.deb Audio Note de default vine alsa 1.0.21 , e probabil ca in unele cazuri sa nu mearga audio cat /proc/asound/version In acest caz va trebui facut upgrade la versiunea de alsa m-a a-i alsa Debian va instala alsa-source 1.0.23 In cazul in care vine folosit ATI ca driver grafic , pt a avea efecte speciale in desktop va trebui instalat driverul proprietar AMD Graphics Drivers & Software ? Download the latest drivers for your graphics products apt-get install build-essential linux-headers-$(uname -r) module-assistant ati-driver-installer-10-9-x86.x86_64 Dupa reboot pt a vedea daca a fost instalat se va rula comandul fglrxinfo Ar trebui sa apara un output asemanator display: :0.0 screen: 0 OpenGL vendor string: ATI Technologies Inc. OpenGL renderer string: ATI Mobility Radeon HD 3400 Series OpenGL version string: 3.3.10188 Compatibility Profile Context Compiz ,emerald ,desktop effects apt-get install compiz compizconfig-settings-manager compiz-fusion-plugins-main Emerald va trebui compilat din sursa Vom folosi versiunea 0.8.4 sudo apt-get install build-essential intltool libxrender-dev libdecoration0-dev libwnck-dev Se va descarca emerald si extrage din arhiva wget http://releases.compiz-fusion.org/0.8.4/emerald-0.8.4.tar.gz tar xvzf emerald-0.8.4.tar.gz cd emerald-0-8-4 ./configure --prefix=/usr/ make In cazul in care comandul make va da errori de tipul main.o: In function `hide_tooltip': /home/akino/Downloads/prueba/emerald-0.8.4/src/main.c:3760: undefined reference to `GTK_WIDGET_VISIBLE' ../libengine/.libs/libemeraldengine.so: undefined reference to `GTK_OBJECT_TYPE_NAME' collect2: ld returned 1 exit status make[2]: *** [emerald] Error 1 make[2]: se sale del directorio `/home/akino/Downloads/prueba/emerald-0.8.4/src' make[1]: *** [all-recursive] Error 1 make[1]: se sale del directorio `/home/akino/Downloads/prueba/emerald-0.8.4' make: *** [all] Error 2 Va trebui modificat urmatorul fisier src/main.c Presupunem ca ne aflam in directorul emerald-0-8-4 Vom edita urmatorul fisier nano src/main.c Se va cauta urmatoarea linie if (GTK_WIDGET_VISIBLE(tip_window)) Va fi modificata in if (gtk_widget_get_visible(tip_window)) Se va salva fisierul Urmatoarea modivica va trebui facuta asupra unui alt fisier nano libengine/themer.c Se va cauta linea 464 if(!strcmp(GTK_OBJECT_TYPE_NAME(item->widget),"GtkSpinButton")) { Si va fi mofificata in if(!strcmp(G_OBJECT_TYPE_NAME(item->widget),"GtkSpinButton")) { Se va cauta linea 650 if(!strcmp(GTK_OBJECT_TYPE_NAME(item->widget),"GtkSpinButton")) { Si va fi modificata in if(!strcmp(G_OBJECT_TYPE_NAME(item->widget),"GtkSpinButton")) { Acum se va compila programul make make install De obicei ar trebui sa apara in menu , daca nu se poate rula din temrminal emerald-theme-manager Pot fi introduse diverse teme Compiz ,Emerald automatic startup Ok pt a incarca aceste doua programe in automat la fievcare startup Va trebui creat un comand personalizat pt fiecare si pus in Menu > System > Preferences > Startup Application compiz --replace emerald --replace Pt a descarca diverse teme pt emerald The Compiz Community - Compiz-Themes.org Stop and remove portmap /sbin/portmap stop apt-get remove portmap [Edit] Pt a configura compiz va trebui editat xorg.conf, inainte de a edita se va face un backup la fisier nano /etc/X11/xorg.conf Se vor adauga urmatoarele linii de cod La sectiunea “Screen” section Option “XAANoOffscreenPixmaps” Option “AddARGBGLXVisuals” “true” La sectiunea “Device” Option “AllowGLXWithComposite” “true” Option “RenderAccel” “true” La sectiunea “Server Layout” Option “AIGLX” “on” La sfarsitul fisierului Section “Extensions” Option “Composite” “Enable” EndSection Reboot la sistem Screenshot1 Screenshot2

Cresc acuma, dupa 31.12.2017 se vor prabusi instantaneu. Toata aceasta crestere nu e bazata pe nimic, doar pe zvonuri raspandite pe internet de catre cei care au cumparat si ei la randul lor si tipa pe tot internetul ca ce au cumparat ei e bun si ca va creste ca sa vada lumea si sa cumpere si altii ca sa creasca. Asta una la mana, doi la mana, e sfarsit de an si a fost, si inca mai este, perioada Sarbatorilor. Personal cred ca cei care vor cumpara acum sunt cei care isi vor lua teapa.