It takes lots of patience and strength to use this swiss army knife. I have to test everything, put everything on acid test. Then I thought why others suffer the same. This post will help people who want to see the true picture of netcat.

Netcat is a computer networking service for reading from and writing network connections using TCP or UDP. Netcat is designed to be a dependable “back-end” device that can be used candidly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and investigation tool since it can produce almost any kind of correlation one would need and has a number of built-in capabilities.

The common Netcat switches are as follows:

Features of Netcat: NetCat has the following features:

• Outbound or inbound connections, TCP or UDP, to or from any ports
• Full DNS forward/reverse checking, with appropriate warnings
• Ability to use any local source port
• Ability to use any locally-configured network source address
• Built-in port-scanning capabilities, with randomization
• Built-in loose source-routing capability
• Can read command line arguments from standard input
• Slow-send mode, one line every N seconds
• Hex dump of transmitted and received data
• Optional ability to let another program service established connections
• Optional telnet-options responder
• Featured tunneling mode which also allows special tunneling, such as UDP to TCP, with the possibility of specifying all network parameters (source port/interface, listening port/interface, and the remote host allowed to connect to the tunnel).

Netcat Examples:

• Opening a raw connection to port 25 is (like telnet) :

  nc mail.server.net 25

• Setting up a one-shot webserver on port 8080 to present a file:

  ( echo -e “HTTP/1.0 200 Ok\n\r”; cat some.file; ) | nc -q 1 -l -p 8080

  The file can then be accessed via a webbrowser under http://servername:8080/. Netcat only serves the file once to the first client that connects and then exits.

• Checking if UDP ports (-u) 80-90 are open on 192.168.0.1 using zero mode I/O (-z) :

  nc -vzu 192.168.0.1 80-90

• Pipe via UDP (-u) with a wait time (-w) of 1 second to ‘loggerhost’ on port 514:

  echo ‘<0>message’ | nc -w 1 -u loggerhost 514

• Portscanning:

  An uncommon use of netcat is port scanning. Netcat is not considered the best tool for this job, but it can be sufficient (a more advanced tool is Nmap)

  nc -v -n -z -w 1 192.168.1.2 1-1000

  The “-n” parameter here prevents DNS lookup, “-z” makes nc not to receive any data from the server, and “-w 1? makes the connection timeout after 1 second of inactivity.

• Proxying

  Another useful behavior is using netcat as a proxy. Both ports and hosts can be redirected. Look at this example:

  nc -l -p 12345 | nc www.google.com 80

  Port 12345 represents the request. This starts a nc server on port 12345 and all the connections get redirected to google.com:80. If a web browser makes a request to nc, the request will be sent to google but the response will not be sent to the web browser. That is because pipes are unidirectional. This can be worked around with a named pipe to redirect the input and output.

  mkfifo backpipe
  nc -l -p 12345 0backpipe

  On the Linux computer, also can use “-c” option.

  nc -l -p 12345 -c ‘nc www.google.com 80′

• Making any process a server:

  On a computer A with IP 192.168.1.2:

  nc -l -p 1234 -e /bin/bash

  Look these videos to get more idea..

  The “-e” option spawns the executable with its input and output redirected via network socket.

Hackers did it again. After jail breaking now they are running Android from Google on Apple’s iPhone.

To add to the iDroid experience, the developers have also brought in the menu tab, meaning you can drag it across the screen to access the iPhone menu.

And to take things even further, the dial pad has been re-jigged to use the Hero’s larger buttons, so fat-fingered iPhone users can now rejoice.

Admittedly you have to have a jailbroken iPhone to use it, but for everyone secretly wishing their Apple device has the superior functionality of the Android interface, this theme could be the one for you.”

Google’s Android Platform is hardware agnostic which means that in theory, Android should be able to run on Apple’s iPhone just like Windows Vista strolls casually on Apple Macbook hardware.

And there are plenty of reasons why this could/should happen: Android could soon have a wealth of developers coding feverishly for the platform and Apple’s iPhone is by far the most desirable smartphone available.

The iPhone uses a variant of the Mach Kernel found in the Mac OS X and runs with the help of a 3D accelerator from PowerVR. It is powered by a proper CPU, shouldered by 128MB memory and 16GB of hard disk space.

This video will show more…..

These days I am experimenting a lot and I am enjoying a lot with the new path of evolution. For the starter I tried Movie review and it is going fine, as more movie reviews are in pipeline.

I wanted to open a secret with my readers (or I say my Friends), so as to start new initiative in this blogging field. I am currently working on a Study Guide based on Hacking tools and Penetration testing. I thought i can help everyone out there with the knowledge and resources I have.

This post is meant to help my friends in there quest of knowledge.

If anyone wants any kind of information about any Hacking Tool, methods and process of Penetration testing, Intrusion or any stray topic related to information security. Kindly let me take the pain of providing you the valuable information about almost anything. What I can promise to my friends is that I will try my level best to keep the representation as simple as possible.

What you have to do is to leave the name of the topic as the comment of this post. Kindly keep it straight and simple, so I can explain it better.

Let me take this voyage to the next level to find out pearls and feathers on our way.

Happy reading.

Metasploit Framework is a tool for developing and executing exploit code against a remote target machine. Metasploit can be used to test the vulnerability of computer systems in order to protect them, and it can be used to break into remote systems. Like many information security tools, Metasploit can be used for both legitimate and unauthorized activities. The basic steps for exploiting a system using the Framework include -

1. Choosing and configuring an exploit (code that enters a target system by taking advantage of one of its bugs; about 300 different exploits for Windows, Unix/Linux and Mac OS X systems are included).
2. Checking whether the intended target system is susceptible to the chosen exploit.
3. Choosing and configuring a payload (code that will be executed on the target system upon successful entry, for instance a remote shell or a VNC server).
4. Choosing the encoding technique to encode the payload so that the Intrusion-prevention system will not catch the encoded payload.
5. Executing the exploit. This modularity of allowing to combine any exploit with any payload is the major advantage of the Framework: it facilitates the tasks of attackers, exploit writers, and payload writers.

Snort is an open source network intrusion prevention and detection system that operates as a network sniffer. It logs activities of the network that is matched with the predefined signatures. Signatures can be designed for a wide range of traffic, including Internet Protocol (IP), Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Internet Control Message Protocol (ICMP).

The three main modes in which Snort can be configured are as follows:

• Sniffer mode: It reads the packets of the network and displays them in a continuous stream on the console.
• Packet logger mode: It logs the packets to the disk.
• Network intrusion detection mode: It is the most complex and configurable configuration, allowing Snort to analyze network traffic for matches against a user-defined rule set.

I find netcat the best tool for banner grabbing. If you have messed around with method than you must be aware that you can read and write data across a network very easily and you can also connect to servers with a normal tcp stream and send strings for your own needs. we’re interested in knowing what’s running behind port 80 and 21.

We can use Netcat to grab port banners in the following way:

So we know it’s probably a Windows 2000 machine as it’s running IIS 5.0 and Microsoft FTP Service.

Let’s try to send a malformed URL which attempts to exploit the File Traversal vulnerability in unpatched IIS servers (Pre SP3). We will be using Netcat to Check for the vulnerability, and if found (and it will!), we will upload Netcat to the IIS server and demonstrate how we can use Netcat as a backdoor.

If you do not know what the Unicode File traversal exploit is, you can check the “IIS Unicode File Traversal” tutorial, or read it up on the net.

Basically this exploit allows us to “break out” of C:inetpubwwwroot and explore and execute programs anywhere on the attacked machine.

Hackers usually use social engineering to gain most of their knowledge. Social Engineering is the act of getting someone to tell you about sensitive information through trust. This unadulterated trust becomes a weakness for most companies.

Brute Force, Exploit and dictionary attacks are usually started through the use of software on the hacker’s computer. To avoid detection, the hacker’s may use proxies or zombie machines so that their location cannot be determined. This is just a small list of the different attacks hackers can use.

Hacking process consists of a fixed approach or methodology. Hacking refers to the act of penetrating or gaining unauthorized access to computer systems for creating or modifying computer software and hardware, including computer programming, administration, and security-related items. A Hacker is a person who breaks into computers, usually by gaining access of administrative level. Hackers use various methods to accomplish the task. These methods are sequentially followed by a malicious hacker to accomplish his objective. These methods are widely divided in the following six phases:

1. Reconnaissance
2. Scanning
3. Gaining access
4. Escalation of privilege
5. Maintaining access
6. Covering tracks

Wireshark is an open source protocol analyzer that can capture traffic in real time. Wireshark is a free packet sniffer computer application. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Wireshark is very similar to tcpdump, but it has a graphical front-end, and many more information sorting and filtering options. It allows the user to see all traffic being passed over the network (usually an Ethernet network but support is being added for others) by putting the network interface into promiscuous mode.

Wireshark uses pcap to capture packets, so it can only capture the packets on the networks supported by pcap. It has the following features:

• Data can be captured “from the wire” from a live network connection or read from a file that records the already-captured packets.
• Live data can be read from a number of types of network, including Ethernet, IEEE 802.11, PPP, and loopback.
• Captured network data can be browsed via a GUI, or via the terminal (command line) version of the utility, tshark.
• Captured files can be programmatically edited or converted via command-line switches to the “editcap” program.
• Data display can be refined using a display filter.
• Plugins can be created for dissecting new protocols.
  

  

  ]]> http://cisspfix.com/wireshark-come-shallow.html/feed 0 http://cisspfix.com/follow-the-footprinting.html http://cisspfix.com/follow-the-footprinting.html#comments Wed, 21 Oct 2009 04:17:25 +0000 cisspfix http://cisspfix.com/follow-the-footprinting.html Continue reading →]]>
  
  

  Footprinting in computer is actually the process of collecting data with regard to a specific network environment, usually for the purpose of finding ways to intrude into the environment. Footprinting can reveal system vulnerabilities and improve the ease with which they can be exploited. Footprinting begins by determining the location and objective of an intrusion. Once this is known, specific information about the organization is gathered using non-intrusive methods. For example, the organization’s own Web page may provide a personnel directory or employee bios, which may prove useful if the hacker needs to use social engineering to reach the objective. Conducting a whois query on the Web provides the domain names and associated networks related to a specific organization. Other information obtained may include learning the Internet technologies being used; the operating system and hardware being used; IP addresses; e-mail addresses and phone numbers; and policies and procedures.

  Open Source Footprinting is the easiest and safest way to go about finding information about a company. Information that is available to the public, such as phone numbers, addresses, etc. Performing whois requests, searching through DNS tables, and scanning certain IP addresses for open ports, are other forms of open source footprinting. Most of this information is fairly easy to get, and getting it is legal, legal is always good. Most companies post lots of information about themselves on their website. A lot of this information can be very useful to hackers and the companies don’t even realize it. It may also be helpful to skim through the webpage’s HTML source to look for comments.

  

  ]]> http://cisspfix.com/follow-the-footprinting.html/feed 0 http://cisspfix.com/what-on-earth-is-email-spam.html http://cisspfix.com/what-on-earth-is-email-spam.html#comments Fri, 09 Oct 2009 02:59:56 +0000 cisspfix http://cisspfix.com/what-on-earth-is-email-spam.html Continue reading →]]>
  
  

  E-mail spam new name of irritation and congestion in IT centaury. It is also known as junk e-mail, which kind of spam that includes nearly identical messages commercial in nature and is sent to various recipients by e-mail. Spam is commonly as unsolicited bulk e-mail (UBE). Description of spam usually includes the aspects that email is unsolicited and sent in bulk “UCE” refers specifically to unsolicited commercial e-mail. E-mail spam has exponential growth in last two decades to several billion messages a day. Spam has frustrated, confused, and annoyed e-mail users. The total quantity of spam has leveled off slightly in recent years, and is no longer growing exponentially. Receiving spam is a common complaint of many Internet users. In fact, spam email has become a troublesome problem as individuals spreading spam email find easier ways to invade users’ email accounts, leading to the necessity of such tools as spam filters and spam blocker features. Spam is a term that refers to the unsolicited e-mails sent to a large number of e-mail users. The number of such e-mails is increasing day by day, as most companies now prefer to use e-mails for promoting their products. Because of these unsolicited e-mails, legitimate e-mails take a much longer time to deliver to their destination. The attachments sent through spam may also contain viruses. However, spam can be stopped by implementing spam filters on servers and e-mail clients.

  

  ]]> http://cisspfix.com/what-on-earth-is-email-spam.html/feed 2 http://cisspfix.com/computer-investigation-process.html http://cisspfix.com/computer-investigation-process.html#comments Fri, 18 Sep 2009 04:34:04 +0000 cisspfix http://cisspfix.com/?p=50 Continue reading →]]>
  
  

  “Necessity is the Mother of all Inventions”, sophistication of digital environment lead to the discovery of Computer Forensics. Computer Forensics is an investigative process of collecting and examining of electronic evidence to form a structured report which can be produced in a court as a evidence. Computer Forensic is introduced when crime is facilitated either by using computer or on Computer or Network itself. Computer Forensic also deals with the issue, such as Privacy, Copy Infringement, and Software ownership. For the collection of Electronic Evidence, it is required to follow certain pre-established procedure and steps, which ensures the identity of culprit. By following such methodologies, computer crime investigation can be done effectively and efficiently.

  Investigating Computer Crimes

  If any forensic investigation involves Computer in one way or another, then the investigation is coined as Computer Forensic Investigation. Development of technology from the last two decades is so rapid that it made lot easier for criminals to hide information about their crimes, one advantage enjoyed by investigators is that any type of Computer Crime results in some type of clue and evidence stored on computer but still there are number of Cyber Crimes which requires Computer Forensic investigation, some of them are:

  • Unauthorized access
  • Property Theft (misuse of information)
  • Forgery
  • Privacy breach
  • Computer fraud.
  • Child pornography

  Methodology of Forensic Investigation
  First and Foremost step of Investigation process is Complaint. Investigation will never going to occur if it remain un-noticed, unless appropriate authorities are not aware of the crime being committed, criminal gets away with crime. There are some fundamental steps involved in forensic investigation,

  Preparation (of the investigator, not the data)

  Computer Forensic Investigators must be prepared with the tools and procedures used during investigation, these tools include Hardware as well as Software which are used to secure evidence and data.

  Collection (the data)

  Next important step is to collect damaged data as efficiently as possible, damaged data typically includes deleted files, formatted hard disk, deleted partitions or any other form of electronic storage medium like compact disk, USB drives etc. Special care must be taken when handling computer evidence: most digital information is easily changed, and once changed it is usually impossible to detect that a change has taken place (or to revert the data back to its original state) unless other measures have been taken.

  Analysis

  This step involves proper examination and evaluation of gathered information. During analysis it is very important that the collected data and information aren’t modified in any way, otherwise property of data will change. Therefore it is very necessary to use tools that won’t modify data. Chiefly Forensic Analysis consists of manual review of material on the media, reviewing the Windows registry for suspect information, discovering and cracking passwords, keyword searches for topics related to the crime, and extracting e-mail and images for review.

  Reporting

  After the completion of Analysis, a detailed report is generated enlisting all possible evidences and information. This Report is produced as a legal evidence before court whenever required.

  The Role of Evidence

  Collection of Evidence is the sole reason behind the Forensic Investigation; therefore Evidence plays a vital role in Computer Forensic Investigation. The Digital Evidence should be properly studied, preserved and presented. These Evidences are presented in court during legal process and questioning. Collection of Evidence is done in several steps, first of which is Identification of Evidence followed by the Recovery of Evidence, this is accomplished viewing log files, recovering data using different forensic tools. One more important point which should be kept in mind during Investigation is security of Data, Digital Evidence and Data must be secured throughout the investigation.

  Volatile Evidence

  Data stored in temporary storage media [Random Access Memory(RAM), Cache Memory, Onboard memory of different peripherals like Graphics and video card etc ) are termed as Volatile Memory because data stored in it depends on the electricity for their existence, as soon as the system is powered off, stored data will be permanently vanished. It is therefore very important to collect such data first.

  Acquiring Evidence

  This is the next step of processing evidence. Acquisition process involves in making exact copy of digital evidence. It is very important that the original data isn’t altered, damaged or destroyed in doing so.

  Disk Imaging

  This technique is used to preserve the original evidence as it was seized. Disk imaging is different from back up of a disk in a way that while creating backup, only active files of a system are copied. Whereas during disk imaging exact replica of original disk is formed.

  Retaining Data and Timestamp:

  Retaining the Date and Time of creation and modification of Data is a vital factor to be kept in mind in criminal issues. Timestamp in a file are very important evidence, since the timestamp is according to the system clock which is in turn depends on the time zone. It should always investigated that which time zone is configured on the system, it may be possible that criminal deliberately change the time zone so that the data does not co-relate with the real time.

  Investigating Company Policy Violations

  Investigation Process of Companies are totally different from the other types of Investigations. Normally when Cyber crime occurs on house computers, police are called for proper investigation. In a Corporate World a team of some specialized skilled peoples are formed which is known as Incident Response Team. This team is responsible for finding the type of Cyber crime occurred and eventually contact police for further investigation, depending upon the type of crime occurred and what is found in investigation. This Incident Response Team also deal with the internal matter of the company like security breach by company employee, unauthorized access to company’s computer etc. It is not always necessary to include police investigation when policies are violated, sometime it is dealt by company itself by taking disciplinary action against the accused employee. But still Forensic Investigations is important because these procedures create a tighter case, thus leaving no point to argue the facts.

  

  ]]> http://cisspfix.com/computer-investigation-process.html/feed 30