Wubi

Ar fi o idee, sau s`ar putea pune captcha pentru reply, sau start thread urmand sa fie validate de moderatori pana ce userul ajunge la un anumit numar de posturi, 100, 50. Am scapa de off-topic, reply-uri fara rost, utilizatori cu 1 post ce incep topic-uri la Ajutor sau Cereri, s.a.m.d.

Basic Scanning Techniques Scan a single target —> nmap [target] Scan multiple targets —> nmap [target1,target2,etc] Scan a list of targets —-> nmap -iL [list.txt] Scan a range of hosts —-> nmap [range of IP addresses] Scan an entire subnet —-> nmap [iP address/cdir] Scan random hosts —-> nmap -iR [number] Excluding targets from a scan —> nmap [targets] –exclude [targets] Excluding targets using a list —> nmap [targets] –excludefile [list.txt] Perform an aggressive scan —> nmap -A [target] Scan an IPv6 target —> nmap -6 [target] Discovery Options Perform a ping scan only —> nmap -sP [target] Don’t ping —> nmap -PN [target] TCP SYN Ping —> nmap -PS [target] TCP ACK ping —-> nmap -PA [target] UDP ping —-> nmap -PU [target] SCTP Init Ping —> nmap -PY [target] ICMP echo ping —-> nmap -PE [target] ICMP Timestamp ping —> nmap -PP [target] ICMP address mask ping —> nmap -PM [target] IP protocol ping —-> nmap -PO [target] ARP ping —> nmap -PR [target] Traceroute —> nmap –traceroute [target] Force reverse DNS resolution —> nmap -R [target] Disable reverse DNS resolution —> nmap -n [target] Alternative DNS lookup —> nmap –system-dns [target] Manually specify DNS servers —> nmap –dns-servers [servers] [target] Create a host list —-> nmap -sL [targets] Advanced Scanning Options TCP SYN Scan —> nmap -sS [target] TCP connect scan —-> nmap -sT [target] UDP scan —-> nmap -sU [target] TCP Null scan —-> nmap -sN [target] TCP Fin scan —> nmap -sF [target] Xmas scan —-> nmap -sX [target] TCP ACK scan —> nmap -sA [target] Custom TCP scan —-> nmap –scanflags [flags] [target] IP protocol scan —-> nmap -sO [target] Send Raw Ethernet packets —-> nmap –send-eth [target] Send IP packets —-> nmap –send-ip [target] Port Scanning Options Perform a fast scan —> nmap -F [target] Scan specific ports —-> nmap -p [ports] [target] Scan ports by name —-> nmap -p [port name] [target] Scan ports by protocol —-> nmap -sU -sT -p U:[ports],T:[ports] [target] Scan all ports —-> nmap -p “*” [target] Scan top ports —–> nmap –top-ports [number] [target] Perform a sequential port scan —-> nmap -r [target] Version Detection Operating system detection —-> nmap -O [target] Submit TCP/IP Fingerprints —-> www.nmap.org/submit/ Attempt to guess an unknown —-> nmap -O –osscan-guess [target] Service version detection —-> nmap -sV [target] Troubleshooting version scans —-> nmap -sV –version-trace [target] Perform a RPC scan —-> nmap -sR [target] Timing Options Timing Templates —-> nmap -T [0-5] [target] Set the packet TTL —-> nmap –ttl [time] [target] Minimum of parallel connections —-> nmap –min-parallelism [number] [target] Maximum of parallel connection —-> nmap –max-parallelism [number] [target] Minimum host group size —–> nmap –min-hostgroup [number] [targets] Maximum host group size —-> nmap –max-hostgroup [number] [targets] Maximum RTT timeout —–> nmap –initial-rtt-timeout [time] [target] Initial RTT timeout —-> nmap –max-rtt-timeout [TTL] [target] Maximum retries —-> nmap –max-retries [number] [target] Host timeout —-> nmap –host-timeout [time] [target] Minimum Scan delay —->nmap –scan-delay [time] [target] Maximum scan delay —-> nmap –max-scan-delay [time] [target] Minimum packet rate —-> nmap –min-rate [number] [target] Maximum packet rate —-> nmap –max-rate [number] [target] Defeat reset rate limits —-> nmap –defeat-rst-ratelimit [target] Firewall Evasion Techniques Fragment packets —-> nmap -f [target] Specify a specific MTU —-> nmap –mtu [MTU] [target] Use a decoy —-> nmap -D RND: [number] [target] Idle zombie scan —> nmap -sI [zombie] [target] Manually specify a source port —-> nmap –source-port [port] [target] Append random data —-> nmap –data-length [target] Randomize target scan order —-> nmap –randomize-hosts [target] Spoof MAC Address —-> nmap –spoof-mac [MAC|0|vendor] [target] Send bad checksums —-> nmap –badsum [target] Output Options Save output to a text file —-> nmap -oN [scan.txt] [target] Save output to a xml file —> nmap -oX [scan.xml] [target] Grepable output —-> nmap -oG [scan.txt] [target] Output all supported file types —-> nmap -oA [path/filename] [target] Periodically display statistics —-> nmap –stats-every [time] [target] 133t output —-> nmap -oS [scan.txt] [target] Troubleshooting and debugging Help —> nmap -h Display Nmap version —-> nmap -V Verbose output —-> nmap -v [target] Debugging —-> nmap -d [target] Display port state reason —-> nmap –reason [target] Only display open ports —-> nmap –open [target] Trace packets —> nmap –packet-trace [target] Display host networking —> nmap –iflist Specify a network interface —> nmap -e [interface] [target] Nmap Scripting Engine Execute individual scripts —> nmap –script [script.nse] [target] Execute multiple scripts —-> nmap –script [expression] [target] Script categories —->all, auth, default, discovery, external, intrusive, malware, safe, vuln Execute scripts by category —-> nmap –script [category] [target] Execute multiple scripts categories —-> nmap –script [category1,category2, etc] Troubleshoot scripts —-> nmap –script [script] –script-trace [target] Update the script database —-> nmap –script-updatedb Ndiff Comparison using Ndiff —-> ndiff [scan1.xml] [scan2.xml] Ndiff verbose mode —-> ndiff -v [scan1.xml] [scan2.xml] XML output mode —-> ndiff –xml [scan1.xm] [scan2.xml] Sursa Penetration Testing Lab

During a penetration testing engagement we might come across with the NetBIOS service.In the past the NetBIOS protocol was enabled in almost every network that was running Windows.In nowadays system administrators are disabling this service due to the fact that plenty of information can be unveiled regarding shares,users and domain controllers.However NetBIOS can still be found on default configurations of Windows Server 2008 and Windows Vista so in a penetration testing this protocol can be abused if we discover it. Generally the NetBIOS provides the following three services: Name Service: UDP/137 Datagram Service: UDP/138 Session Service: TCP/139 In systems that have this service enabled we can use some tools in order to discover information about the hostnames and domains especially in windows networks.In some cases this protocol can be found and in Linux systems. The two basic tools are nbtstat and nbtscan.The nbtstat is a command line utility that is integrated in windows systems and it can unveil information about the netbios names and the remote machine name table or local but only for one host.From the other hand the nbtscan is a netbios nameserver scanner which has the same functions as nbtstat but it operates on a range of addresses instead of one. The next image is showing the usage of the nbtstat: The numeric values are called suffixes.For example the <01> and <1D> suffixes indicates the Master Browser,the <20> that the machine is running File Server service,the <03> that a messenger service is running and the <00> means that a workstation service is running as well.The <1E> is the Browser Service Elections. The nbtscan is by default installed on backtrack but there is a version as well for windows platforms.We can use the nbtscan in order to scan the whole network.As we can see from the next image we have discovered the IP addresses,the NetBIOS names,the users that are logged in and the MAC addresses from the hosts that are running the NetBIOS service on the network. We can use also the -v option in order to produce a verbose output. With the verbose option the output format is similar to the nbtstat.Again the <01> indicates the Master Browser service,the <00> the workstation,the <20> the File Server service and the <1e> and <1d> the Browser Service Elections and the Master Browser.Also we can see that the domain that this workstation belongs is London. As an alternative option we can use the metasploit module smb_version which will unveil additional information like the operating system name and version,the service pack level,the language,the system and domain name. Conclusion As we saw in this article from systems that had enabled the netbios service we have managed to discover plenty of information including the domain names,users,operating systems versions,MAC addresses and other.This service if found enabled can be used in the information gathering stage of a penetration test.So from the security point of view it is recommended this service to be disabled Sursa Penetration Testing Lab

http://www.youtube.com/watch?v=WAJ_nECKKkM&feature=player_embedded Pugfuzz is an easy to use dumb fuzzer that does mutations on a chosen base file. It is written in python and uses Pydbg as its debugger to monitor for access violations. This video gives a short demo of using pugfuzz to fuzz an AVI file on a multimedia program. The source can be obtained from github @ https://github.com/sun1rge/pugfuzz http://jlritchey.wordpress.com Sursa YouTube

PassMark DiskCheckup allows the user to monitor the SMART attributes of a particular hard disk drive. SMART (Self-Monitoring Analysis and Reporting Technology) is a feature on a computer’s hard disk for providing various monitoring indicators of disk reliability. If SMART is enabled on a hard disk, the system administrator can receive analytical information from the hard drive to determine a possible future failure of the hard drive. DiskCheckup which costs US$15.00 is free for personal use. Features of DiskCheckup Device Info lists the capacity, interface, model number, firmware and other device related information including the drive’s standards compliance. SMART Info displays information about the health of a drive. Here you find information about the current and worst temperature, or error rates, and status information for each value that informs you if the drive is still running within limits. SMART History is deactivated by default. You first need to activate the feature in the program settings. Please note that the data file can grow significantly in size. It is therefor suggested to only activate this feature temporarily. Disk Self Test offers to run a short or extended test and displays the status of that test afterwards. SMART monitors elements of possible long term drive failure, such as ‘Spin Up Time’, the number of start/stops, the number of hours powered on and the hard disk temperature. DiskCheckup displays the current values of the SMART attributes, along with the Threshold value for that attribute. If an attribute drops below its threshold, the drive cannot guarantee that it will be able to meet its specifications in the future. We need to enable the warning system with a click on the configuration button. Here WE can define a temperature warning level, and configure whether WE like to see a message window or receive an email when values exceed the threshold. Download DiskCheckup: DiskCheckup V3.1 (Build 1005) – diskcheckup.exe Sursa PenTestIT

The spt project ( sptoolkit ) is an open source phishing education toolkit that aims to help in securing the mind as opposed to securing computers. Organizations spend billions of dollars annually in an effort to safeguard information systems, but spend little to nothing on the under trained and susceptible minds that operate these systems, thus rendering most technical protections instantly ineffective. A simple, targeted link is all it takes to bypass the most advanced security protections. The link is clicked, the deed is done. spt ( sptoolkit )was developed from the ground up to provide a simple and easy to use framework to identify your weakest links so that you can patch the human vulnerability. If the spt project sounds interesting to you, please consider downloading it for evaluation in your own organization. Feedback is welcomed and always appreciated Installation of sptoolkit is easy there are lots of templates, We are planning to customize and make our own template lets see how it goes. Basic reuirements for sptoolkit Apache, PHP MySQL Feature list of sptoolkit Vast improvements in the editing functionality for templates and education packages. Major changes include: two different editors to choose from (the oroginal spt text editor and TinyMCE), copy templates or education to new version and then customize them. Added education completion tracking, now you can determine if your targets completed the assigned education in a campaign. Support for the Google and TinyURL URL shortener services. Now your phishing emails can have shortened URLs, making them harder to detect. Support for sending SMTP using SSL secured connections. Enhancements to the viewing of campiang information including SMTP relay used and destination URL used. Initial support for using spt in SSL/TLS secured installations, code updates to prevent insecure content warnings. All forms now generate inline errors with entered value retention, allowing easy correction of incorrect or missing items without requiring all information to be entered again. Email tracking times are now more accurate when viewing campaign information. Most items in the Quick Start module now feature links allowing you to quickly access the desired location in the spt UI. Enhancements to the browser detection script for more information on what you need vs. what you have. Many security and usability issues fixed. Additional improvements in authentication and session management security. Download sptoolkit: sptoolkit v0.70 – sptoolkit_0.70.zip Sursa PenTestIT

Burp Log Reviver A solution for converting burp logs into sessions, in all burp suite versions Burp Log Reviver is an easy-to-use tool, which helps you “revive” a burp log file and transform it to a burp session, even while using the free edition of burp suite. After reviving the log, you can continue working with your requests and responses, and feel like you never closed burp at all. Developed by Hacktics ASC Requirements: Written in Perl v5.12.3 How does it work? Burp Log Reviver is responsible for parsing burp’s logs and placing each of the requests and responses into a Hash table. After parsing and indexing each message, the tool can function in two methods: client and server. The Burp Log Reviver client is responsible for sending all requests to burp’s listener port, while burp is configured to transfer all requests to an upstream proxy, which is configured as the Burp Log Reviver server. The Burp Log Reviver server is responsible for responding with its corresponding response and creating a complete loopback solution. The results of this process allow you to reload your burp sessions and continue working from the place you’ve previously stopped. Developers Burp Log Reviver is developed and maintained by Niv Sela. User Guide Instructions (Requests and Responses): 1. Record a burp log that includes requests and responses. 2. Remove burp history. 3. Define burp to listen on port 9999 and set it to "support invisible proxying" mode. 4. Define an upstream proxy to localhost:9998. 5. Start the server with the following command: ./burpLoader.pl c:\BurpLog.txt -L 9998 6. Start the client with the following command: ./burpLoader.pl c:\BurpLog.txt -C 9999 Instructions (Requests and Real Server’s Reponses): 1. Remove burp history. 2. Define burp to Listen on port 9999 and set it to "support invisible proxying" mode. 3. Execute the following command: ./burpLoader.pl c:\BurpLog.txt -C 9999 Download [TABLE=class: grid, width: 600] [TR] [TD]File: [/TD] [TD] BurpLogReviver.pl 4.4 KB [/TD] [/TR] [TR] [TD]SHA1 Checksum: [/TD] [TD]14aede726a1f9997f01db3363002ad620dc48946 What's this? [/TD] [/TR] [/TABLE] Sursa Google Code

Buffer overflow is caused when too much data is inserted into a buffer than it can handle. So this may lead to the executing of arbitrary code if a certain memory pointer is overwritten. It's simply like we got a cup full of coffee and when we tried again to fill it, it overflows and this overflowed coffee falls somewhere and cause an unexpected results. The Buffer Overflows can be caused due to Stack overflow, heap overflow etc. resulting in the overwriting of pointers. This video will make you understand what is a Buffer Overflow and how it can be exploited. Sursa YouTube

http://www.youtube.com/watch?feature=player_embedded&v=ndFCzL4WWiI This demonstration is for EDUCATIONAL PURPOSE ONLY!!! I have been asked to do a video on some things to do once a system has been compromised. Here in this video are a few fun things everyone should know or a least learn. Sursa YouTube

This video tutorial covers exploiting Metasploitable-2 to get a root shell and eventually a terminal via a valid "sudo-able" login over SSH. Two machines; a test host (Backtrack 5-R2) and a target host (Metasploitable-2) are set up on a VirtualBox host-only network. With this lab network set up, the demonstration walks through a practice pen-test using the phases of recon, scanning, exploitation, post-exploitation, and maintaining access. (Covering tracks and reporting are not covered. Recon is assumed because Virtual Box runs a default DHCP server on the 192.168.56/24 network). A video tutorial on installing Metasploitable-2 on VirtualBox can be found at https://community.rapid7.com/message/4137#4137. Initially, nmap is used to locate the Metasploitable-2 machine on the Virtual Box host only network. In the video the Metasploitable-2 host is running at 192.168.56.102 and the Backtrack 5-R2 host at 192.168.56.1.3. Additionally, open ports are enumerated nmap along with the services running. The nmap default NSE scripts provide additional information on the services and help nmap discover the precise version. Some features of nmap are reviewed and an nmap XML report is generated. This report is viewed in Firefox and imported into Metasploit via msfconsole and using the Metaspoit Comminity Edition web interface which has the functionality of db_import built-in. nmap is run a second time with different options to show how to focus the information in the reports on open services. With the services listed and versions discovered, it is possible to begin locating vulnerabilites for services. To make this step easier, both Nessus and Rapid7 NexPose scanners are used locate potential vulnerabilities for each service. Eventually an exploit suitible for the outdated samba services running on Metasploitable-2 is chosen and metasploit msfconsole is used to configure the samba-usermap exploit. The cmd/unix/bind_netcat payload is selected and sent to Metasploitable-2 via the samba-usermap exploit. A remote root shell is gained. For post exploitation, the shell is used to gather the usernames and passwords for Metasploitable-2 which are copied back to the testing machine and cracked with john-the-ripper. The two files are "unshadowed" using JTR unshadow and then cracked with JTR MD5 module. The passwords are stored in the JTR pot file for retrieval. Updates on video in this channel are available on Twitter @webpwnized. Sursa YouTube

ESSPEE is a derivetive of Back Track 5, based on Ubuntu 12.04. Designed for users who wish to use only free software. It is packed with featured security tools with stable configurations. This version consolidates the Unity desktop interface; a brand new way to find and manage your applications. ESSPEE is inspired from Back Track and Blackbuntu. Well again an alternative to with good look and feel. Features and tools included in ESSPEE A Perfect Forensics Mode – Read-Only Mount A Perfect Stealth Mode – Networking Disabled Net Activity Viewer – GUI for All Network Connection Ruby 1.9.3 – The Latest Available Ruby Python 3 + Padding Orale Exploit Tool Kvirustotal Online Scanning – Scan Suspicious File with File Manager Gnome Pie – Press Ctrl+Alt+E and See The Magic Babel Enterprise – ISO 27001 Implementation Meld – View and Edit the Difference between Two Files or Folders MySQL Workbench – MySQL GUI Administration Tool OSSEC – System Integrity Monitor Linux Kernel 3.4.5-esspee (1000 Hz) Multicore Special VMware Player 4.0.4 Libreoffice 3 with all Plugins Penguin Pills – GUI for Multi-Antivirus Products Wine QT – A Brand New Interface for Wine Software Managemnet FSlint – Duplicate File Finder DocFetcher Text Search – Search Words within The Documents Tor Browser – Be Anonymous Ophcrack GUI Download ESSPEE: ESSPEE R1 – ESSPEE-R1.iso Sursa PenTestIT

Using UCSniff to demonstrate the sniffing of phone calls of VoIP PBX in corporations Tutorial by Nishant Das Patnaik Sursa YouTube

This video demonstrates how to create spear phishing templates and send spear phishing emails. Spear Phishing - Cobalt Strike Sursa YouTube

Pivoting is a Meterpreter method that allows for the attack of other systems on a network through the Meterpreter console. security4information.com/2011/10/pivoting-into-other-systems-with_10.html Sursa Vimeo

Sursa Vimeo

Khan Academy is a free online learning resource with more than 3000 educational videos. Everyone is welcome to join any course or lesson on the site. The focus has been largely on math with other science thrown into the mix for good measure. Khan Academy launched their much anticipated Computer Science program which at the time of writing offers 14 different computer science related tutorials. The preferred programming language of choice is JavaScript, but instead of walking you through a step by step instructional course that covers the basic foundations of JavaScript, all commands and examples, you step right into the programming. A total of 14 lessons are available right now that walk you through some of the basics of the JavaScript language. This includes using variables, understanding Boolean operators, animations and drawing. What is interesting is that you can modify code and output in real time to get a better understanding of the concepts. Below the introductory video for instance you find the code on the left and the actual output on the right. While you won’t see all of the code, you get to play around with some of the variables to change the position or color of elements. A pretty powerful environment to better understand how variables and code changes impact the output. Click here to know more or start learning Sursa PenTestIT

What's good? This time we're building up on our code to support multiple clients, allowing our server to choose at any given time a client to interact with. No doubt this was the next logical step in the series, with still a few heavy hitters out there -- persistence, logging, etc. Let's get busy on this fifth part! Click here to read full article: Python Backdoor – Multiple Clients | Technic Dynamic Sursa YouTube

We all know that Tor enables us to be anonymous on the Internet. In this article we’ll look at how to achieve this and truly know what we’re up against. First, let’s install Tor and start using it to get a grasp on things. There are many tutorials on the Internet describing how to install and use Tor, but let’s mention all of the required steps again. We’ll assume that we use Ubuntu Linux distribution, but the steps are relevant for other distributions as well. First check [1] on how to add the right repository to the sources list. In case you’re using Ubuntu 10.04 – the same versions as Backtrack 5 R2 uses – then issue the commands presented below: # echo "deb [URL="http://deb.torproject.org/torproject.org"]Index of /torproject.org[/URL] lucid main" >> /etc/apt/sources.list # echo "deb-src [URL="http://deb.torproject.org/torproject.org"]Index of /torproject.org[/URL] lucid main" >> /etc/apt/sources.list Then install the tor and privoxy: # apt-get update # apt-get install tor privoxy At this point we should note what both of them are: tor: is used to connect us to anonymous network over TCP. privoxy: is used to connect our browser to Tor over HTTP proxy. Add the following line to the /etc/privoxy/config: # echo "forward-socks4a / 127.0.0.1:9050 ." >> /etc/privoxy/config Also edit the /etc/tor/torrc and add the following lines: AvoidDiskWrites 1 ControlPort 9051 Log notice stdout SafeSocks 1 WarnUnsafeSocks 1 SocksListenAddress 127.0.0.1 SocksPort 9050 We won’t go into too much detail what the options mean right now, but we’ll describe the interesting configuration variables later. First let’s start tor and privoxy: # /etc/init.d/tor start # /etc/init.d/privoxy start This should open two ports, the 9050 one for tor and 8118 for privoxy. Let’s check if that’s true: # netstat -lntup tcp 0 0 127.0.0.1:8118 0.0.0.0:* LISTEN 8520/privoxy tcp 0 0 127.0.0.1:9050 0.0.0.0:* LISTEN 8540/tor Ok, the ports are in a listening state, which means all is well, because they can accept connections. The only missing step is to actually configure our browser to use the privoxy. An example of Firefox configuration is presented on the next picture: We can see that we configured the browser to connect through the proxy running on IP 127.0.0.1 and port 8118, which is exactly our Privoxy proxy. Out web browser connects to Privoxy, which in turn connects to Tor, which enables us to browse the Internet anonymously. Let’s check whether the browser is actually using the Tor network to browse the Internet anonymously. We can do that by visiting the URI Check Torproject. If we get something like below picture, then we’ve set up Tor successfully and we can browse the Internet anonymously. Instead of setting it manually, we can also use Tor Browser Bundle, which integrates practically everything that we need to anonymous browsing. We do that by downloading the Tor Browser Bundle, extracting it, and running the start-for-browser script, as presented below: # tar -xvzf tor-browser-gnu-linux-x86_64-2.2.37-1-dev-en-US.tar.gz # cd tor-browser_en-US # ./start-tor-browser The start-for-browser script first starts Vidalia, which is a QT frontend for Tor and will look like this: On this picture we can see that we’ve successfully connected to Tor network (the connection happens when the Vidalia is started). If we click on the “View the Network”, we’ll also get a listing of all the online relays the Tor network is using – this might be more up-to-date as Tor Nodes. The start-for-browser script will also open the Tor web browser once we’ve successfully connected to Tor network. Tor web browser is based on Firefox and will look like the picture below: We can see that our browser is successfully using the Tor network and we can browse the Internet anonymously. 2. How does Tor work Before describing how Tor works, we must know how modern Internet works. When we’re visiting a website like Google we’re sending a request to one of the Google’s web servers. But this doesn’t happen directly from our computer at home to Google web server. What happens is that we send the request to our home router first, followed by the ISP (Internet Service Provider), which forwards it to one of the NIRs (National Internet Registries), which forwards it to one of the LIRs (Local Internet Registries), which forwards it to one of the RIRs (Regional Internet Registries), etc, until eventually the process is reversed when the request finally reaches the target – the Google web server. This can be observed by using the Traceroute program that sends packets with specifically set TTL (Time To Live) value, which expires on every hop (TTL is increased by 1 each time the packet is sent to make sure that it expires) between our client and server, thus revealing the identity of each node. To find all the nodes the packet has to visit when it travels through the Internet to the Google web server, we can execute the command presented below: # traceroute [URL="http://www.google.com"]Google[/URL] The basic problem with the above approach is that all intermediary nodes can monitor our packets being forwarded through the Internet. Even if we use an encrypted connection (HTTPS), various data can still be gathered just by looking at the TCP header, like source IP, destination IP, payload size, time of communication, etc. But what happens if we’re using Tor on top of the usual Internet network? We can’t actually execute Traceroute when we’re using Tor, because of the way Tor was designed. Because Tor can’t handle ICMP (ping) packets, there is no way of actually knowing where the packets will be routed to. This is what makes Tor secure. When we’re using our browser to connect to Tor network, we’re actually sending a request through the Internet to the first Tor relay, which forwards it to the next relay and the next and the next, until finally reaching the target. In Tor network, we still need to send our packets to our home network, then ISP, since this is our Internet service provider; without it, we can’t even use the Internet. But additionally, our packets are also routed though the Tor network, where they are randomly routed through secure relays. This enables our traffic to be unseen by the skillful attacker and government that are monitoring the traffic at any given location on the Internet. The client connecting to the Tor network first needs a list of Tor nodes that can be obtained from the directory server. We can see the available Tor relays by visiting Tor Nodes, where we can find various data about the Tor relays, including hostname, router name, uptime, available bandwidth, etc. After the client has obtained a list of available Tor relays, it needs to build a circuit of connections between the relays on the Tor network. Each connection between subsequent nodes in a circuit is encrypted with different encryption keys, so each node only knows the previous and the next node in a circuit. We should also mention that Tor works over TCP protocol and it can be used by any application that can be configured to send its traffic through a SOCKS proxy. This isn’t entirely true, since we can torify the application with the use of tsocks, which we’ll describe in one of the subsequent articles. So all in all, Tor network provides a means to hide the link between the source and destination address of any given connection. Therefore, an eavesdropper cannot determine where the data came from and where it is going, thus making us anonymous. But the question remains: can that really make us anonymous? The answer is yes and no. We need to remember that all the data packets that are sent from our client to the server will be unencrypted on the server. This really makes sense, since how would the server use the data and do something with it if the data was encrypted. Therefore, Tor provides anonymity over the Internet, but it can’t provide the means to actually stay anonymous from the server that’s receiving data. Let’s describe this a little further. If we’re sending data packets that contain our username, domain name, or any other information that indicate our presence, then the target machine will know who we are, although any eavesdropper listening in an intermediary relay may not. It boils down to this: In each connection going though the Tor network, we need to be concerned about: the client sending the data the Internet routing the data the server receiving the data With Tor, we can ensure that the Internet routing the data doesn’t have any idea about the source and destination address we’re using, which is crucial for being anonymous over the Internet. But the data being sent from client to server are visible on both ends of the connection. Therefore, to truly stay anonymous, even to the target machine, we need not encapsulate any sensitive information within the data packet of the traffic flowing between client and server. In order to hide the application-level information that could compromise our anonymity, we can use Torbutton; a Firefox extension that disables many possible information leakage that can compromise our anonymity. Even better, we can use Tor browser bundle, which uses Vidalia to configure and start Tor. It also opens Tor web browser with Torbutton integrated, which we can use to anonymously search the Internet. 3. Tor configuration variables Let’s present what the manual says about the configuration variables that we used in this article: AvoidDiskWrites: If non-zero, try to write to disk less frequently than we would otherwise. This is useful when running on flash memory or other media that support only a limited number of writes. (Default: 0) ControlPort: If set, Tor will accept connections on this port and allow those connections to control the Tor process using the Tor Control Protocol (described in control-spec.txt). Note: unless you also specify one or more of HashedControlPassword or CookieAuthentication, setting this option will cause Tor to allow any process on the local host to control it. (Setting both authentication methods means either method is sufficient to authenticate to Tor.) This option is required for many Tor controllers; most use the value of 9051. Set it to “auto” to have Tor pick a port for you. (Default: 0). Log: Send all messages to the standard output stream, the standard error stream, or to the system log. (The “syslog” value is only supported on Unix.) Recognized severity levels are debug, info, notice, warn, and err. We advise using “notice” in most cases, since anything more verbose may provide sensitive information to an attacker who obtains the logs. If only one severity level is given, all messages of that level or higher will be sent to the listed destination. SocksListenAddress: Bind to this address to listen for connections from Socks-speaking applications. (Default: 127.0.0.1) You can also specify a port (e.g. 192.168.0.1:9100). This directive can be specified multiple times to bind to multiple addresses/ports. SocksPort: Advertise this port to listen for connections from Socks-speaking applications. Set this to 0 if you don’t want to allow application connections via SOCKS. Set it to “auto” to have Tor pick a port for you. (Default: 9050) 3. Configuring DNS resolution securely The one thing that we must really watch out when using Tor is the DNS resolution. Usually, our client machine is using our own DNS servers, which in turn use ISP’s DNS server, so an eavesdropper can still obtain the source and destination IP we’re communicating with. This is an unwanted behavior, because the DNS server sees what hostname we are trying to resolve and connect to, which can lead to user disclosure. Our web browser uses SOCKS proxy to connect to Tor. We must know what kind of SOCKS proxies are out there. There are three kinds of SOCKS proxies, listed below: SOCKS 4 : uses IP addresses. SOCKS 4a : uses hostnames. SOCKS 5 : uses IP addresses and hostnames. To test whether we’re resolving hostnames locally or remotely, we can edit torrc configuration file and add the following line into the configuration file: TestSocks 1 SafeSocks 1 WarnUnsafeSocks 1 TestSocks: When this option is enabled, Tor will make a notice-level log entry for each connection to the Socks port indicating whether the request used a safe socks protocol or an unsafe one (see above entry on SafeSocks). This helps to determine whether an application using Tor is possibly leaking DNS requests. (Default: 0) SafeSocks: When this option is enabled, Tor will reject application connections that use unsafe variants of the socks protocol?—?ones that only provide an IP address, meaning the application is doing a DNS resolve first. Specifically, these are socks4 and socks5 when not doing remote DNS. (Defaults to 0.) WarnUnsafeSocks: When this option is enabled, Tor will warn whenever a request is received that only contains an IP address instead of a hostname. Allowing applications to do DNS resolves themselves is usually a bad idea and can leak your location to attackers. (Default: 1) In the next article we’ll describe how to set-up DNS resolution mechanism to prevent any possible information leakage and client disclosures. 4. Conclusion We can see that if we’re careful we can achieve total anonymity on the Internet. We must watch out not to resolve hostnames locally and we must not include sensitive information in an application data that can blow our cover. If we do that, we can really stay anonymous on the Internet. References: [1] Ubuntu tor installation guide, retrieved from https://help.ubuntu.com/community/Tor. [2] Tor manual, retrieved from https://www.torproject.org/docs/tor-manual.html.en. Sursa, InfoSec Institute (InfoSec Resources – Achieving Anonymity with Tor Part 1)

Description Johnny is a GUI for John the Ripper. It was proposed by Shinnok. You could look onto original version on John the Ripper GUI sketches page. Release 1.1 After small fixes release version is 1.1.2. This Johnny release is oriented onto core john. It was tested with john 1.7.9. Though all versions should work, even jumbo. All basic things work well: export of cracked passwords through clipboard, export works with office suits (tested with LibreOffice Calc), user could start, pause and resume attack (though only one session is allowed globally), all attack related options work, all input file formats are supported (pure hashes, pwdump, passwd, mixed), “smart” default options, accurate output of cracked passwords, smooth work, i.e. no lags, config is stored in .conf file (~/.john/johnny.conf), nice error messages and other user friendly things, many minor fixes to polish ui. You could download and unpack tarball or use git: git clone https://github.com/AlekseyCherepanov/johnny.git -b release1.1 Then build and run (no installation required): cd johnny qmake make && ./johnny Binaries will come soon… Release 1 The first release is prepared to take more opinions from real users. This release includes all things from development release plus nice tabbed panel for mode selection and some additional clean-ups. Basic functionality is supposed to work: password could be loaded from file and cracked with different options. What do you think? Your opinion is very welcome! You could download and unpack tarball or use git: git clone https://github.com/AlekseyCherepanov/johnny.git -b release1 Then build and run (no installation required): cd johnny qmake make && ./johnny You could affect decisions about GSoC 2012. Please tell us your suggestions! Development release To review current state and make new decisions for GSoC 2012 here is cleaned up version (that has all not implemented features not available). Download tarball and unpack it, Or clone using git, [*] Enter directory, [*] Build and run, [*] Review and post your suggestions on john-dev list (subsribe here). You are welcome! For instance, git clone https://github.com/AlekseyCherepanov/johnny.git -b gsoc2012review cd johnny qmake && make && ./johnny ... Current state Johnny is in development. Development was started as part of Summer of Security 2011 by Aleksey Cherepanov while Shinnok became a mentor for Aleksey. Downloads Source code is available through git: git clone git://github.com/AlekseyCherepanov/johnny.git Links to other downloads are spread over this page. Snapshots Prebuilt binaries are available for testing. Built from version of commit 6ae97db95fa989dca55aaef319a2839763aa018d x86_64-gnome x86_64-kde x86-gnome x86-kde (all was built on x86 and x86_64 (aka Amd64) Debian Squeeze (Stable) machines with KDE and GNOME respectively) Screenshots There are few screenshots here. They are done primarily to show differences from original version. Aleksey Cherepanov propose to name screenshots as johnny_<repo url with slashes replaced by underscores>_<git commmit name>.<format> or johnny_<repo url with slashes replaced by underscores>_<git commit name>_<screenshot number>.<format> if there are more than one screenshot for certain commit. So if someone wants to build exactly this version of Johnny he can do following: git clone <repo url> cd johnny git checkout <git commit name> Options page after redesign seems to be overloaded Password column was added. While user and hash column are filled from passwd file, password is filled from output of 'john -show' Sursa Openwall Community Wiki!

Tema respectiva trebuie refacuta, intre timp poti folosi alta tema.

Am inchis momentan serverele de proxy prin care se facea navigarea din pOS pana la finalizarea unui ToS(Termeni si conditii).

A new day and a new tool from the Blackhat USA 2012 tool arsenal – XMPPloit! Before we talk about the tool itself, let us first know what XMPP is. XMPP stands for Extensible Messaging and Presence Protocol and is a streaming XML protocol that was previously named Jabber. It is an open technology for real-time communication, which powers a wide range of applications including instant messaging, presence, multi-party chat, voice and video calls, collaboration, lightweight middleware, content syndication, and generalized routing of XML data. Back to the actual tool now. XMPPloit is an open source, command-line tool that can help you to attack XMPP connections. Successful attacks can allow you, (the attacker) to place a gateway between the client and the server and perform different attacks on the client stream. It exploits implementation vulnerabilities at the client & server side in the XMPP protocol. Precisely put, XMPPloit is an application to establish a gateway between the client and server, allowing you to monitor and manipulate XMPP traffic between them (taking advantage of vulnerabilities in implementations client / server and the protocol itself). By default the application is configured to work with Google Talk so that, if you want to use it for another system, you must specify the IP or XMPP server domain. The main goal is that all the process is transparently for the user and never replace any certificate (like HTTPS attacks). Features of XMPPloit: Downgrade the authentication mechanism (can obtain the user credentials) Force the client not to use an encrypted communication Set filters for traffic manipulation Filters that have been implemented in this version for Google Talk are: Read all the the user’s account mails Read and modify all the user’s account contacts (being or not in the roster). The open source tool has been programmed in Java and only requires the Librería HttpClient (Apache). We actually had to wait for this one to be released since without authentication, we could not download the tool. Download XMPPloit: XMPPloit 1.0 – XMPPloit.7z/XMPPloit_src.7z Sursa PenTestiT

La multi ani tex, si tuturor celor cu nume de Maria, Marian.

This video demonstrates how we can telnet to the Router and crack the hidden accounts present in it. Sursa Vimeo