CISSP Fix

NetworkMiner is a network forensic analysis tool (NFAT) for Windows. It is used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner is also used to parse PCAP files for off-line analysis and to regenerate or reassemble transmitted files and certificates from PCAP files.

The purpose of NetworkMiner is to collect data (such as forensic evidence) about hosts on the network rather than to collect data regarding the traffic on the network. The main view is host centric (information grouped per host) rather than packet centric (information showed as a list of packets/frames).

Another work to help my friend with his white paper. I am including overview because each topic can elaborate in long epic. I like to add topics as it gives me chance to post atomic topics later. I will surely come with the elaborate post for each atomic topic.

Remote hacking is the process of entering a target system remotely by using the advantage of vulnerability.

Remote Hacking Steps:

1. Information Gathering / Foot Printing
2. Port Scanning
3. OS Fingerprinting
4. Banner Grabbing
5. Vulnerability Assessment
6. Search & Build Exploit
7. Attack
8. Maintaining Access

Lately I came up with a new methodical challenge. One of my friend is writing white paper on the effect of different tools used in hacking and penetration testing. He came to me with a weird kind of problem. He wants to categorize the password cracking tools according to their usage and effectiveness. It took my whole weekend to complete this work, but its worth like spending so much time. I learned what I thought never existed. Rare elites are out there in World. I am sharing the part of my work in this blog. KNOWLEDGE FOR ALL, ALL FOR KNOWLEDGE. I tried my best to omit any lame mistake and keep the content appropriate. I know many websites are also giving these lists but I tested each tool with my hands on practical experiences.

A rootkit is software that is installed on your server with the purpose of hiding the fact that your server has been compromised and providing access to your server so that the intruder can easily return. It is important to understand that in order for an intruder to install a rootkit they will have to have gained the rights to do so on your server. This means that the first line of defense is good security that prevents the installation of a rootkit.

I was start liking computers when theory of Y2K hit us. It created chaos that didn’t last long. Everything stay tuned and work fine. This time another theory hit us with proclaiming greater destruction in real time scenario.

Welcome to the 2038 Bug theory.

This is important to learn. Couple of days back I experienced the threat more or less like it. That day I decided to fight with it and let my readers aware of this type of security. Its short and simple and easy to implement. Friends, prevention si better than the cure. Go through and please let me know your feedback.

Network security is a hot cake in contemporary IT industry scenario, and this trend will only increase in importance in the years ahead. Generally, all of the attention is focused to exterior threats and attacks, there are some steps we can take to prevent unwanted Cisco router access from within an organization (internal network).

Firewall is used to protect the network from external attacks by hackers. Firewall prevents direct communication between computers in the network and the external computers, through the Internet. Instead, all communication is done through a proxy server, outside the organization s network, which decides whether or not it is safe to let a file pass through. The term firewall now denotes a component or set of components that restrict access, protects, and filters the content passing through a protected network from the Internet. Firewalls can protect a network by screening out harmful files or data from within or outside and prevent its clients from accessing prohibited or harmful websites. The use of a firewall on a router is possible. A number of different router brands or designs like the CISCO collection of routers have options on setting up a basic firewall. A router is a device that diverts or routes information along a specified network.

THC Hydra is a fast network authentication cracker that supports many different services. Hydra was a software project developed by a German organization called The Hacker s Choice (THC). THC Hydra uses a dictionary attack to test for weak or simple passwords on one or many remote hosts running a variety of different services. It was designed as a proof-of-concept utility to demonstrate the ease of cracking poorly chosen passwords. The project supports a wide range of services and protocols: TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, SMB, SMBNT, MS-SQL, MYSQL, REXEC, RSH, RLOGIN, CVS, SNMP, SMTP-AUTH, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS, ICQ, SAP/R3, LDAP, PostgreSQL, Teamspeak, Cisco auth, Cisco enable, and Cisco AAA.

A virtual terminal terminal is an application service that:

1. Allows host terminals on a multi-user network to interact with other hosts regardless of terminal type and characteristics.
2. Allows remote log-on by local area network managers for the purpose of management,
3. Allows users to access information from another host processor for transaction processing,
4. Serves as a backup facility.

PuTTY is an example of a Virtual terminal.

ITU-T defines a virtual terminal protocol based on the OSI application layer protocols. However, the virtual terminal protocol is not widely used on the Internet.

Recently, when I was working on the penetration testing of CISCO Routers a fellow Cisco administrator told me about a tool he had used to reset a password on a router. He had forgotten the line vty password and the enable password. He could not log in to the router. He did, however, know the SNMP Read/Write password.

He decided to use a freeware tool called “Cisco SNMP Tool”. It can be downloaded from here. He was able to reset the passwords on the router so he could log in. He found that, without knowing the admin passwords, he could even upload and download the start and running configuration files. Amazingly, he could even reboot the router.