NewsSpy Personal Search Engine

Posted on September 5, 2007
Filed Under 1) Footprinting | Leave a Comment

In this article, I want to introduce you a program I recently developed: NewsSpy Personal Search Engine.

NewsSpy is a customizable web crawler program where a user can do indexing and search on web sites defined by him/herself and based on the critical words again defined by him/herself.

This program can be used by intelligential purposes to have info of newly published news about some critical words such as terror, Irak etc., by news agencies to follow up all the critical news or by researchers who need to be aware of all the happenings about a scientific or social topic on the fly. The classical search engine approach such as Google or Yahoo generic web sites doesn’t help this in terms of being up-to-date.

Read more

Share This

The Magicbox of Tools: BackTrack Linux

Posted on August 27, 2007
Filed Under Evading IDS, Firewalls and Honeypots, Linux Hacking | 1 Comment

So far we have used many interesting tools on Ubuntu Linux. We learned how to download source file or debian package of a tool and install it. What about a ready-to-use Linux distribution with all the tools provided? Yes, there is such a magic box: BackTrack Linux.

Here we again will run our OS on a virtual environment. Possible steps to be able to use BackTrack could be:
1) Download the iso image file of the OS from http://www.remote-exploit.org/backtrack_download.html .
2) Open VmWare Workstation and create a new virtual machine. 
   - Choose File > New > Virtual Machine and click next
   - Select Typical and click next
   - Select Linux then select Other 2.6.x Kernel from the pull-down menu and click next
   - Name your virtual machine BackTrack2 or something similar and click next
   - Choose Use Bridged Networking if you are in a LAN behind ADSL or choose Use Network Address Translation if you are allowed having only one IP address behind your modem.
   - Select the disk space you need and click finish.
3) Edit Virtual Machine Settings
   - Adjust the RAM depending on how much you want to allocate.
4) Select CD-ROM, select Use ISO Image and browse the iso file you downloaded.
5) Start virtual machine
6) Login with username root, password toor
7) Type startx to boot up KDE. You should have a view similar as below:

Read more

Share This

hping3

Posted on August 19, 2007
Filed Under Evading IDS, Firewalls and Honeypots, 2) Scanning, 1) Footprinting | Leave a Comment

As we together experienced, hping is a fascinating tool (www.hping.org). But besides all the features it brings us this small program also supports scripting. hping3 is developed for this purpose out of hping2 by adding a framework of TCL language. TCL is a programmable programming language like we saw Python for Scapy. Thus you can create customized packets and codes powerfully with this tool.

By typing the command
hping3
you directly get into the scripting interface. There you can type your commands such as:
resolve www.hackerswisdom.com

The extensions of hping3 TCL scripts are htcl. You can run the htcl scripts with the command
hping3 exec yourscript.htcl

Below you can see a sample output of ping.htcl:

Read more

Share This

Firewalking through Firewalls - hping -

Posted on August 11, 2007
Filed Under Evading IDS, Firewalls and Honeypots, 2) Scanning, 1) Footprinting | Leave a Comment

We learned a fair amount of info about www.hackmee.com. Now we want to dig for some firewall info.

The most simple command is ping. So we start with ping:

ping www.hackmee.com, yet we see that 100% packet loss. Because we can reach the web site via our browser, the only meaning is that the ICMP packets are dropped somewhere by a firewall.

The next command we try is hping:
hping -V -c 1 -C 8 www.hackmee.com
(-V makes our output verbose, c 1 means send only one packet and C 8 means send ICMP type 8 (echo_request) message. Yet again we see 100% packet loss. We try all the ICMP request types (13 timestamp, 15 information, 17 address mask request), yet still we do get no packet back.

We also try different ports:
hping www.hackmee.com -S -p 99
Here we are sending a SYN packet to port 99. This port is probably not assigned for any service and should be filtered by the firewall. As expected, we see again 100% packet loss. We also try sending ACK packet via:
hping www.hackmee.com -A -p 99
The firewall is also intelligent enough to drop a loose ACK packet.

Ok, we ought to do some more. Maybe we could send packets fragmented via nmap:

Read more

Share This

Firewalking through Firewalls - Start -

Posted on August 7, 2007
Filed Under Evading IDS, Firewalls and Honeypots, 2) Scanning, 1) Footprinting | Leave a Comment

In this series of article we’ll briefly describe what firewalls are, on which mechanism they lie on and what can be done to deal with them.

Firewalls are used to control network activity between the interconnected networks based on the policy defined by the system administrator. An administrator creates a policy based on information about the services that users need to access on the external network and the services on the internal network requiring access from the outside of the network.

Firewalls run by filtering packets; allowing only the necessery packets in and out by checking out the defined rulesets. The packet filter often operates at kernel-level and checks the header (like envelops containing packets) on the packet to see where it’s heading. It than looks for these targets in it’s ruleset and decides it’s fate. The packet can be discarded or accepted in different ways, or it may trigger another action (for example to accept the packet to pass through but to log the event).

In the case of the internet most packet filters operate on IP and TCP level. IP specifies the host the packet is heading to, TCP identifies the program that the packet is destined for.

When administrators define rulesets, they normally start by denying everything and then allowing one-by-one. So, the primary rule looks like:

Source: Anywhere
Destination: Anywhere
Protocol: Any
Destination port: Any
Policy: DENY

Read more

Share This

Experting Network Hack with the Power of Python: Scapy

Posted on August 2, 2007
Filed Under 5) System Hacking, 1) Footprinting | Leave a Comment

We learned quite a lot of tools utilizing network protocols to discover useful information and detect specifications of the target system. Yet each is written by different developer or vendor and all are based on you-run-from-a-shell paradigm. You need an awful syntax to define a packet, and limited to only what the author of the tool envisioned with that packet. If it is a port scanner, that is it. You cannot use it for any other purpose in a flexible way. These tools also give you a report of list of the detection, which is nothing else than its interpretation of the packet, that is, you can loose many useful data or have wrong impression about the mechanism.

There is a very interesting tool, actually not tool yet a language (domain specific language): Scapy.

Scapy is a Python program that enables you to forge, dissect, emit or sniff network packets, probe, scan or attack networks. Python is a very neat interactive language; you instantly see  the result what you expect to see without compiling it.

python

Read more

Share This

Fragrouter - Intrusion Detection Evasion Toolkit -

Posted on July 31, 2007
Filed Under Evading IDS, Firewalls and Honeypots, 2) Scanning | Leave a Comment

We have examined some packet crafting tools such as nmap, hping and nemesis for detection and intrusion purposes. Still, the sophisticated intrusion detection systems can recognize them based on the patterns predefined. Here, I want to introduce a tool, which disorders the packets sent, so they very likely won’t be recognized by IDS: Fragrouter.

Fragrouter is a program for routing network traffic in such a way as to elude most network intrusion detection systems. Most attacks implemented by this tool correspond to those listed in the Secure Networks”Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection” paper of January 1998.

Fragrouter is a one-way fragmenting router; IP packets get sent from the attacker to the fragrouter, which transforms them into fragmented data stream to forward to the victim. Most IDS fail to this attack-hiding technique because they don’t bother to reconstruct a coherent view of network data (via IP fragmentation and TCP stream reassambly).

This tool will not fragment the traffic originating the host itself, which is a conscious design decision of the developers to prevent abuse of the tool. So, you have to install fragrouter on a middle machine, route your traffic to the victim via this middle machine and have your packets fragmented.

Read more

Share This

Nemesis Packet Injection Utility

Posted on July 29, 2007
Filed Under Evading IDS, Firewalls and Honeypots, 2) Scanning | Leave a Comment

As we have seen before, nmap and hping are very cool tools to build packets for detecting, discovering and intrusion of the target system. Yet there are some other tools to manage all the internal organs of packets. You can configure a packet in a limitless flexibility. I want to introduce here the Nemesis Packet Injection Utility.

The  Nemesis  Project  is  designed  to be a command line-based, portable human IP stack for UNIX-like  and  Windows
systems.  The suite is broken down by protocol, and should allow for useful scripting of injected packets from simple shell scripts. Nemesis is developed and maintained by Jeff Nathan.  With Nemesis, it is possible to generate and transmit packets from the command line or from within a shell script.

Nemesis provides an interface to craft and inject a variety of arbitary packet types.  Nemesis Supports the  following protocols: arp, dns, ethernet, icmp, igmp, ip, ospf, rip, tcp, and udp.

Being able to build your own packet allows you to bypass the normal conventions about the structure of a packet. Therefore, you can pretend to be someone you’re not, or build the packet in such a way that the receiving computer will not know how to deal with it and fall over. Therefore the ability of packet crafting is a very powerful tool to evade intrusion detection systems and go behind the walls.

Read more

Share This

Rainbow Crack - Cryptoanalysis of Block Cyphers Tool -

Posted on July 27, 2007
Filed Under 6) Password Cracking | Leave a Comment

As we have seen on previous chapters, it is possible to dump the hash values or shadows of passwords and then crack them tools such as John The Ripper.

Here, I want to introduce another tool to crack hash values of passwords which allows us to prepare plaintext&hash tables (rainbow tables) manually: Rainbow Crack. This idea of table precomputation is to precompute and store encryptions of a chosen plaintext and corresponding keys for all possible keys. 

After downloading this tool packet from http://www.antsight.com/zsl/rainbowcrack/, you can use the command line tools inside the packet to generate rainbow tables:

rtgen lm alpha1 7 0 2100 8000000 all (you can replace lm with md5 or sha1 if you want) 
rtgen lm alpha1 7 1 2100 8000000 all (you can replace lm with md5 or sha1 if you want) 
………….

Read more

Share This

Attacking a Website or FTP site with Password Crackers

Posted on July 26, 2007
Filed Under Hacking Worpress, 6) Password Cracking, 5) System Hacking | 1 Comment

Still the weakest link of any security sistem is the weak passwords. So, with try-and-miss method, it may be possible to crack the password especially when we have some knowledge about the target user. We can do a dictionary attack based on some ready-to-use wordlists or on lists we prepare ourselves. We can also do bruteforce attack yet on network it is not a handy way.

The first tool I want to introduce you is Brutus (By the way, do not forget to turn off your Antivirus program when running such programs). Using this tool you can do password guessing on services such as HTTP (Basic Auth), HTTP (Form), FTP, POP3, Telnet, SMB, Netbus or any custom service. Below you can see an FTP password guessing attack on ftp.hackerswisdom.com:

Brutus password crack guess attack FTP

Read more

Share This

keep looking »
Close
E-mail It
eXTReMe Tracker