* Fingerprinting is done to determine the remote OS
* Allows attacker to leave smaller footprint and have greater chance to succeed
* Based on the fact that various OS vendors implement the TCP stack differently
* Specially crafted packets sent to remote OS and response is noted. This is compared with a database to determine the OS
Concept The term OS fingerprinting defines any method used to determine what operating system is running on a remote computer. OS fingerprinting is an essential part of network reconnaissance, because the attacker has a greater probability of succeeding in his attack if he can formulate his attack strategy based on operating systems specific vulnerabilities.
Note Remote OS fingerprinting is carried out by noting the way the remote system responds to specifically crafted TCP packets. These can range from examining the default TCP window size in a packet, to measuring the amount of data in ICMP packets, and even gauging TCP initial sequence numbers. Similar to port scanning, there are several methods to successfully fingerprint an OS. Querying the services running on a target machine is often the simplest means for OS fingerprinting.
Note Active stack fingerprinting is based on the principle that an operating system's IP stack has its own unique way of responding to specially crafted TCP packets. This arises due to the different interpretations that vendors abide with while implementing the TCP/IP stack on the particular OS. In active fingerprinting, a variety of malformed packets are sent to the remote host, and the responses compared to a database.
For instance, in N map, the OS fingerprint is done through eight tests. Each of these tests is described below.
The first test is named T1 for test 1. In this test a TCP packet with the SYN, and ECN-Echo flags enabled is sent to an open TCP port.
The second test is named T2 for test 2. It involves sending a TCP packet with no flags enabled to an open TCP port. This type of packet is known as a NULL packet.
The third test is named T3 for test 3. It involves sending a TCP packet with the URG, PSH, SYN, and FIN flags enabled to an open TCP port.
The fourth test is named T4 for test 4. It involves sending a TCP packet with the ACK flag enabled to an open TCP port.
The fifth test is named T5 for test 5. It involves sending a TCP packet with the SYN flag enabled to a closed TCP port.
The sixth test is named T6 for test 6. It involves sending a TCP packet with the ACK flag enabled to a closed TCP port.
The seventh test is named T7 for test 7. It involves sending a TCP packet with the URG, PSH, and FIN flags enabled to a closed TCP port.
The eighth test is named PU for port unreachable test. It involves sending a UDP packet to a closed UDP port. The objective is to extract an ICMP port unreachable message back from the target machine.
But this is not all. The last test that Nmap performs is named TSeq for TCP sequenceability test. The test tries to determine the sequence generation patterns of the TCP initial sequence numbers also known as TCP ISN sampling, the IP identification numbers also known as IPID sampling, and the TCP timestamp numbers. The test is performed by sending six TCP packets with the SYN flag enabled to an open TCP port.
Posted by
Ramesh Nagar
comments (0)
Follow these steps :-
1. Go to the Profile-page of the Person.
2. Clear your Address line
3. Copy this into:
Code:
javascript:(function(){CSS.removeClass(document.body,%20'profile_two_columns')
;tab_controller.changePage("photos");})()4. Now you can easily see Pictures of s.b. you don't even know.
Posted by
Ramesh Nagar
comments (0)
Quick Heal AntiVirus 2010, with its intuitive and easy-to-use interface, provides hassle-free protection for your system. Once installed it acts as a shield against viruses, worms, trojans, spywares and other malicious threats. It also provides protection against new and unknown viruses using Quick Heal's renowned DNAScan technology, and blocks malicious websites. Quick Heal AntiVirus 2010 is very low on resource usage and gives enhanced protection without slowing down your computer.
Download:
SETUP + CRACK
Code:
http://www.fileserve.com/file/WehmUAY
Posted by
Ramesh Nagar
comments (0)
BitDefender Total Security 2011 x86 Final + Serial Key
BitDefender Total Security 2011 x86 Final Full Version | 215.6 Mb
BitDefender Total Security 2011 x86 Final Full Version | 215.6 Mb
BitDefender 2011 product line has just launched, and the developer announces hefty improvements to the modules that maintained your PC secure in the previous edition, as well as new features to increase protection and turn handling the applications into less of a challenge for all types of users.
This module brings a new layer of security, besides the now standard protection against all sorts of malware (signature based detection and heuristics) and elimination of phishing attacks (antiphishing toolbar still gets installed automatically in Internet Explorer and Mozilla Firefox). Search Advisor has been introduced in this edition of the suite as a means to counterattack infections via shady websites.
Starting with this version BitDefender Total Security can scan your search results in Yahoo!, Bing and Google and mark those with compromised security integrity. Search Advisor is based on the same technology used by antiphing and anti-fraud engines and is designed to check if the links returned by the search engine are safe or not.
To ensure maximum efficiency the results are verified against a database of signatures but the code is also analyzed. However, this may affect your browsing speed, as during our tests we noticed that the safety marks would load progressively, with the first result being verified in about two seconds.
The benefits of cloud antivirus are no secret. Besides taking the load off the user?s station there is also the advantage of faster scan results. In BitDefender products it is called QuickScan and it does contribute to turning down a notch the impact on system resources and the time required for a full of system scan to complete.
Testing the efficiency of the improved malware protection, showed that the standard has not been lowered in this version. We put the engine against a database of 300 of the worst threats we could find back in July and the results were pretty good as only 11 items managed to evade its vigilance.
However, we continued with a fresher database encompassing some of the worst threats we collected through August and the results were again good. Out of the 38 malicious elements 30 of them got nabbed by the engine, leaving 8 threats behind.
Parental Control
The same options are available in this module as in the previous version. However now you have the possibility to view and configure your kid?s activity remotely, from any web access point through an online parental control management console. You need to log into your BitDefender *** and you have instant access to alerts, recent activity and a settings area.
It offers the same flexibility you are accustomed to in the program, from blocking websites and applications to defining Internet access schedules. Statistics with most accessed web pages, as well as most used applications and contacts in instant messaging programs (Yahoo! Messenger and Windows Live Messenger) are available. The effects of the settings in this online console, however, are not instant. It takes a while for the information to be sent to the suite installed on your machine and enforce the restrictions.
System Tune-Up
This time around, the PC performance improving module in Total Security offers a new instrument to maintain the system at its best behavior. ?Monitor? section in the menu provides ample statistics about each application currently running on your computer and calculates its average CPU and RAM usage and labels its resource usage as Low, Medium or High.
Based on this information you can easily decide which of the apps is causing performance drag on the system and choose to close it. More than this, Total Security makes available a 30-minute CPU and RAM usage history for each of the elements displayed.
An improvement added to the module is the fact that during the PC Clean-Up process you now have the advantage of selecting the elements that should be cleaned. This basically translates into the possibility of choosing if you want IE or Firefox cache to be purged or if the list of recent and temporary documents should be cleaned up.
Home Network
As the number of computers in a household keeps increasing, the need for a console to manage the security of all stations also keeps growing. With BitDefender Total Security you have the possibility to administer BitDefender products installed on different stations inside the network.
The list of activities you can engage in remotely comprises of registering the product, running on-demand scan (full scan, deep scan or verifying My Documents folder), initiate a fix-all-issues routine, begin the update process, set a specific parental control profile or run a tune-up task. As soon as you add the computer to BitDefender Home Network and all the passwords verify you are good to go.
BitDefender Total Security 2011 is not exactly a suite for the weak-hearted if you choose Expert View. But it can adjust its interface to the level of computer knowledge of the user. Its learning curve is not at all difficult, especially with the introduction of the new support feature which sports flash videos thoroughly explaining the steps as plainly as possible.
The list of tutorials covers subjects from creating a BitDefender *** to more complicated stuff like removing infected files from System Volume Information folder or adding exclusions in the Active Virus Control module. Internet connection is required to view the clips.
Apart from the improvements and the new features available in this edition, the suite maintains the high standards of the previous version. Thus the firewall will not leave you uncovered and data coming in or going out will still be filtered; Vulnerability module will still keep an eye wide open for the system to have the latest updates installed and applications on the system to be in their latest version. Also, privacy control is on guard against identity theft, Trojans trying to fit in Windows Registry, tracking cookies or scripts from gaining access to your data.
As good as all this sounds, we had our share of trouble tinkering with BitDefender Total Security and we could not test the Antispam module. We tried it in Outlook 2010 and Mozilla Thunderbird (both the portable and the desktop versions) but the result was the same: no email was filtered. The trouble may be on our end, but we also contacted BitDefender for instructions to make it work. They assured us that the issue will be investigated and come back with an answer.
The Good
BitDefender Total Security 2011 comes off as a reliable suite that addresses any sort of user, regardless of their computer knowledge level. Its interface can be adjusted to multiple degrees of control even in Basic and Intermediate view by customizing the number of shortcuts in the main menus.
System resource usage is kept within acceptable parameters; during our tests it required about 80MB for scan tasks while CPU usage averaged between 50%-60%.
Smart Schedule feature allows you to run scan jobs when computer is idle, and pauses as soon as it is used again. On the same note, scan times are lower thanks to QuickScan and the fact that the engine does not scan known operating system files.
The Bad
Search Advisor does a fine job, but it takes a while to load the safety marks for the displayed results. Also, firewall pop-ups were quite frequent and we received multiple messages about adding a rule for the same application that tried to connect to the Internet, despite the fact that each time we gave full access to the process.
Installation:
1. Install app
2. Disconnect internet connection during this step
3. Use the serial from "Serial.txt"
Homepage:http://www.bitdefender.com/
Posted by
Ramesh Nagar
comments (0)
Its a powerful tool used for penetration testing. Learning to work with metasploit needs a lot of efforts and time. Ofcourse to can learn metasploit overnight, it needs lots of practice and patience
Download here(windows user) http://www.metasploit.com/releases/framework-3.2.exe
Download here(linux user) http://www.metasploit.com/releases/framework-3.2.tar.gz
Just give a look at following basic steps for beginners to break into a system using metasploit after gathering some information about the target system.
1. Select a right exploit and then set the target. 2.Verify the exploit options to determine whether the target system is vulnerable to the exploit. 3.Select a payload 4.Execute the exploit.
You must be confused !!!!
Now carefully read the following basic terms to get an idea about these four steps mentioned above .I have defined the terms technically and side by side explained in layman language to clarify the things. I have taken an example that an attacker wants to break into a house . I hope my this approach will give you a great idea about these basic terms .
Vulnerability -A weakness which allows an attacker to break into or compromise a system's security.
Like the main gate of house with a weak lock (can be easily opened) , a glass window of house(can be easily broken) etc can be the vulnerabilities in the systems which make it easy for an attacker to break into.
Exploit - Code which allows an attacker to take advantage of a vulnerability system.
The set of different keys which he can try one by one to open the lock , the hammer with him which he can use to break the glass window etc can be the exploits.
Payload- Actual code which runs on the system after exploitation
Now Finally after exploiting the vulnerability and breaking in , he can have different things to do. He can steal money, destroy the things or just can give a look and come back.. Deciding this is what we mean by setting the Payload.
I hope its enough friends, You will learn more with further tutorials when you will start working with metasploit practically.
Posted by
Ramesh Nagar
comments (0)
Anonymizers are services that help make your own web surfing anonymous.
*
The first anonymizer developed was Anonymizer.com, created in 1997 by Lance Cottrell.
*
An anonymizer removes all the identifying information from a user's computers while the user surfs the Internet, thereby ensuring the privacy of the user.
Many anonymizer sites create an anonymized URL by appending the name of the site the user wishes to access to their own URL, e.g.:
http://anon.free.anonymizer.com/http://www.yahoo.com/
After the user anonymizes a web access with an anonymizer prefix, every subsequent link selected is also automatically accessed anonymously. Most anonymizers can anonymize at least the web (http:), file transfer protocol (ftp:), and gopher (gopher:) Internet services.
However, anonymizers have the following limitations:
o
HTTPS. Secure protocols like "https:" cannot be properly anonymized, since the browser needs to access the site directly to properly maintain the secure encryption.
o
Plugins. If an accessed site invokes a third-party plugin, then there is no guarantee that they will not establish independent direct connections from the user computer to a remote site.
o
Logs. All anonymizer sites claim that they don't keep a log of requests. Some sites, such as the Anonymizer, keep a log of the addresses accessed, but don't keep a log of the connection between accessed addresses and users logged in.
o
Java. Any Java application that is accessed through an anonymizer will not be able to bypass the Java security wall.
o
Active X. Active-X applications have almost unlimited access to the user's computer system.
o
JavaScript. The JavaScript scripting language is disabled with url-based anonymizers
Some anonymizer sites are:
o
Anonymizer.com
o
Anonymize.net
o
@nonymouse.com
o
Iprive.com
o
MagusNet Public Proxy
o
MuteMail.com PublicProxyServers.com
o
Rewebber.de
o
SilentSurf.com
o
Surfola.com
o
Ultimate-anonymity.com
Posted by
Ramesh Nagar
comments (0)
As firewall, a proxy protects the local network from outside access.
*
As IP-addresses multiplexer, a proxy allows to connect a number of computers to Internet when having only one IP-address
*
Proxy servers can be used (to some extent) to anonymous web surfing.
*
Specialized proxy servers can filter out unwanted content, such as ads or 'unsuitable' material.
*
Proxy servers can afford some protection against hacking attacks.
The program Win gate is often used as proxy. Quite a number of such proxies are open to easy access. Anonymous proxies hide the real IP address (and sometimes other information) from websites that the user visits. There are two sorts; ones can be used in the same way as the non-anonymous proxies above, and web-based anonymizers.
Using a non-anonymous proxy:
HTTP_X_FORWARDED_FOR = 62.64.175.55, 194.72.9.37. This shows the IP address (first number) and possibly the IP address of the proxy server used (second).
Using an anonymous proxy:
HTTP_X_FORWARDED_FOR = 66.51.107.3 This now only shows the IP address of the proxy.
Posted by
Ramesh Nagar
comments (0)
Cheops (KEE-ops) is a Network management tool for mapping and monitoring the network. It has host/network discovery functionality as well as OS detection of hosts.
Cheops is an Open Source Network User Interface. It is designed to be the network equivalent of a Swiss-army knife, unifying your network utilities. Cheops does for the network what a file manager does for the file system.
Cheops can optionally determine the OS of hosts on the network, selecting appropriate icons for them. Cheops can show the routes taken to access areas of the network. This feature is designed for larger networks, with routers, sub nets, etc. This mapping not only makes hierarchy clearer, but can show unusual routing issues.
DOWNLOAD @ http://cheops-ng.sourceforge.net/index.php
Cheops includes a generalized TCP port scanner to see what ports on the network are in use. It can be used to retrieve version information for certain services, to be sure any given host is up-to-date with the latest revision of its services.
Cheops includes a simple integrated SNMP browser, including write capability, using the UCD SNMP library. Cheops also supports a plug-in interface, which includes support for SNMP plug-ins, similar in concept to those of HP Openview.
Cheops can monitor critical servers, and immediately notify the concerned person through its event log, standard e-mail, and soon via paging, when things go wrong. The network administrator can know exactly which system is up or down, and just when problems occur. Right clicking on a host quickly shows a list of common services it supports, and rapid, easy access to them. The co-developer has given cheops a makeover and it is called Cheops-ng (new generation)
Posted by
Ramesh Nagar
comments (0)
* Passive fingerprinting is also based on the differential implantation of the stack and the various ways an OS responds to it.
* However, instead of relying on scanning the target host, passive fingerprinting captures packets from the target host and study it for tell tale signs that can reveal the OS.
* Passive fingerprinting is less accurate than active fingerprinting.
Like active fingerprinting, passive fingerprinting is also based on the differential implantation of the stack and the various ways an OS responds to it. However, instead of relying on scanning the target host, passive fingerprinting captures packets from the target host and study it for tell tale signs that can reveal the OS.
Note The four areas that are typically noted to determine the operating system are:
TTL - What the operating system sets the Time To Live on the outbound packet
Window Size - What the operating system sets the Window Size at.
DF - Does the operating system set the Don't Fragment bit?
TOS - Does the operating system set the Type of Service, and if so, at what?
Passive fingerprinting need not be fully accurate nor does it have to be limited to these four signatures. However, by looking at several signatures and combining the information, the accuracy can be improved upon. The following is the analysis of a sniffed packet dissected by Lance Spitzner in his paper on passive fingerprinting (http://www.honeynet.org/papers/finger/)
04/20-21:41:48.129662 129.142.224.3:659 -> 172.16.1.107:604
TCP TTL:45 TOS:oxo ID:56257
***F**A* Seq: 0x9DD90553
Ack: 0xE3C65D7Win: 0x7D78
Based on the 4 criteria, the following is identified:
TTL: 45
Window Size: 0x7D78 (or 32120 in decimal)
DF: The Don't Fragment bit is set
TOS: 0x0
This information is then compared to a database of signatures. Considering the TTL used by the remote host, it is seen from the sniffer trace that the TTL is set at 45. This indicates that it went through 19 hops to get to the target, so the original TTL must have been set at 64. Based on this TTL, it appears that the packet was sent from a Linux or FreeBSD box, (however, more system signatures need to be added to the database). This TTL is confirmed by doing a traceroute to the remote host.
The next step is to compare the Window size. The Window Size is another effective tool, specifically what Window Size is used and how often the size changes. In the above signature, it is set at 0x7D78, a default Window Size commonly used by Linux. Also, Linux, FreeBSD, and Solaris tend to maintain the same Window Size throughout a session. However, Cisco routers and Microsoft Windows/NT Window Sizes are constantly changing. The Window Size is more accurate if measured after the initial three -way handshake (due to TCP slow start).
Most systems use the DF bit set, so this is of limited value. However, this does make it easier to identify the few systems that do not use the DF flag (such as SCO or OpenBSD). TOS is also of limited value. This seems to be more session based then operating system. In other words, it's not so much the operating system that determines the TOS, but the protocol used. Therefore, based on the information above, specifically TTL and Window size, one can compare the results to the database of signatures and with a degree of confidence determine the OS (in this case, Linux kernel 2.2.x).
Threat Passive fingerprinting can be used for several other purposes. It can be used by crackers as 'stealthy' fingerprinting. For example, to determine the Operating System of a 'potential victim', such as a web server, one only needs to request a webpage from the server, and then analyze the sniffer traces. This bypasses the need for using an active tool that can be detected by various IDS systems. Also, Passive Fingerprinting may be used to identify remote proxy firewalls. Since proxy firewalls rebuild connection for clients, it may be possible to ID the proxy firewalls based on the signatures we have discussed. Organizations can use Passive Fingerprinting to identify 'rogue' systems on their network. These would be systems that are not authorized on the network.
Posted by
Ramesh Nagar
comments (0)
Readers should note that the term "attacker" is used here, as these are the tools you might see being used over the Internet for unauthorized access. From a penetration tester's viewpoint, these very tools can be used to test the network as well as assist in doing reconnaissance about the attacker. In our example here, we find additional information on TCP ports that were not listed by NetScan Tools - we find a port with pcAnywhere data connection. This is good news to an attacker as he has to just get one point of access into the target system. Let us look at the data we have obtained here.
* + 64.3x.3x.xxx xxxxxx.com
|___ 25 Simple Mail Transfer
|___ 220 X1 NT-ESMTP Server xxxxxx.com (IMail 5.05 111734-1)..
|___ 80 World Wide Web HTTP
|___ HTTP/1.1 200 OK..Server: Microsoft-IIS/4.0..Cache-Control:
no-cache..Expires: Mon, 21 Apr 2003 05:02:42 GMT..Content-Location:
|___ 110 Post Office Protocol - Version 3
|___ +OK X1 NT-POP3 Server xxxxxx.com (IMail 5.08 228329-2)..
|___ 135 DCE endpoint resolution |__ 139 NET BIOS Session Service
|___ 143 Internet Message Access Protocol
|___ * OK IMAP4 Server (IMail 5.09)..
|___ 1032 BBN IAD
|___ 5631 pc ANYWHERE data
|___ 5800 Virtual Network Computing server
|___ 5900 Virtual Network Computing server
|___ RFB 003.003.
Notice how the scanner returns additional information about the services running on the ports. Here, we see some banner grabbing done for the HTTP server, SMTP server, IMAP server and the POP3 server.
Posted by
Ramesh Nagar
comments (0)
NetScanTools consists of many independent network functions joined together in a single tabbed window. Most functions are designed to run in separate threads so several tabs can be used simultaneously. This program operates best on the newer Windows platforms.
NetScanTools Pro has a scanner tab - Port Prober, which will be discussed here. Port Probe (a port scanner) is an essential tool in determining the services or daemons running on a target machine. This prober is multithreaded, configurable and it allows running four different types of probing patterns. The user can build lists of target IP Addresses and lists of ports to probe, specifying timeouts and the protocol to connect with. Additionally, any data that is received from the target port upon connection is saved for viewing. The results are presented in a treeview and are colorcoded with different types of images for easy location of information at a glance.
The types of port connections supported are:
TCP Full Connect. This mode makes a full connection to the target's TCP ports and can save any data or banners returned from the target. This mode is the most accurate for determining TCP services, but it is also easily recognized by Intrusion Detection Systems (IDS).
UDP ICMP Port Unreachable Connect. This mode sends a short UDP packet to the target's UDP ports and looks for an ICMP Port Unreachable message in return. The absence of that message indicates either the port is used, or the target does not return the ICMP message which can lead to false positives. It can save any data or banners returned from the target. This mode is also easily recognized by IDS.
TCP Full/UDP ICMP Combined. This mode combines the previous two modes into one operation.
TCP SYN Half Open. (Windows XP/2000 only) This mode sends out a SYN packet to the target port and listens for the appropriate response. Open ports respond with a SYN|ACK and closed ports respond with ACK|RST or RST. This mode is less likely to be noted by IDS, but since the connection is never fully completed, it cannot gather data or banner information. However, the attacker has full control over TTL, Source Port, MTU, Sequence number, and Window parameters in the SYN packet.
TCP Other. (Windows XP/2000 only) This mode sends out a TCP packet with any combination of the SYN, FIN, ACK, RST, PSH, URG flags set to the target port and listens for the response. Again, the attacker can have full control over TTL, Source Port, MTU, Sequence number, and Window parameters in the custom TCP packet. The Analyze feature helps with analyzing the response based on the flag settings chosen. Each operating system responds differently to these special combinations. The tool includes presets for XMAS, NULL, FIN and ACK flag settings.
The four types of probe patterns are:
Sequential Probe. This method scans a linear set of ports as defined by the start/end port numbers over a linear set of IP addresses as defined by the IP address range settings.
Probe Port List. This mode probes only the ports listed in the Port List. This mode probes either a single host or a range of IP addresses based on the selection made in the Probe Single Host/Probe IP Range radio button group. It probes each host sequentially, that is the first, then the second etc., using the list of port numbers shown in the Port List.
Sequential Port Probe Using the Target List. This mode probes every port using the Starting through ending port range on every computer in the target list.
Probe a List of Ports on a List of Targets. This mode is the most stealthy mode and uses the least amount of CPU time and bandwidth because scanning is restricted to only the target ports on the target machines.
The tool also includes Ping before probe. This option allows the attacker to skip (automatically or by user response to a message) hosts that do not respond to pings. He can control the number of threads used to probe the host and the delay between launching each thread. He can also vary the amount of time to wait for a response to a probe of the port and the amount of time to wait after a connection for a banner to be sent.
Posted by
Ramesh Nagar
comments (0)
Can an ethical hacker simulate the scanning techniques to ensure the security of the network? The first and foremost armor is knowledge itself. The results of a scanner can be misleading if the ethical hacker does not have a good knowledge of common vulnerabilities, commonly affected hosts, and patterns indicating misuse.
Apart from this, performing an exhaustive scan against all the systems in a large enterprise is usually not feasible due to network constraints, stability of the backbone and scanned systems, and the dynamic nature of network deployments (wireless, DHCP, etc.). Therefore mere scanning does not a security check complete.
Tool: ipEye, IPSecScan
ipEye is a command-line driven port scanner written by Arne Vidstrom. It is a lightweight powerful tool bearing similarities with the command shell tools seen with UNIX. However, this port scanner is restricted to the Windows platform - 2000 and XP. Another drawback of this tool is that the hacker needs to know the specific IP before he can initiate a scan.
The basic usage for ipEye is:
ipEye -p [optional parameters]
The scantype parameter can take values of: -syn = SYN scan, -fin = FIN scan, -null = Null scan, - xmas = Xmas scan
However, the FIN, Null and Xmas scans don't work against Windows systems. Of these scan types, only the SYN SCAN is valid when scanning a Windows system. ipEye will scan the requested ports, given a valid IP address, and return a list of the FIN, Null and Xmas scans don't work against Windows systems.
"Closed" indicates that there is a computer on the other end, but there is no service that listens at the port.
"Reject" indicates the presence of a firewall or packet filtering device (sending a reset back) protecting the port.
"Drop" indicates the presence of a firewall or packet filtering device that drops packets directed to port, or it indicates that the particular system is not alive on the target network.
"Open" indicates that there is a service listening at the port.
Note in the above scan we see ports 135 and 139 as open.
In the scan above we have specified a range of IP addresses from 192.168.2.1 to 192.168.2.118. Note that the scan returns "Disabled" for some IPs - such as IP 192.168.2.1. This indicates that the system either doesn't support IPSec, has IPSec disabled, or that it is configured not to reveal that it has IPSec enabled.
IPsec is the short for IP Security. It is a set of protocols developed by the IETF to support secure exchange of packets at the IP layer.
IPsec = AH + ESP + IPcomp + IKE
Authentication Header (AH): provides authenticity guarantee for packets, by attaching strong crypto checksum to packets. If a packet is received with AH and the checksum operation is successful, it indicates that the packet was originated by the expected peer (the packet was not generated by impersonator) and that the packet was not modified in transit. Unlike other protocols, AH covers the whole packet, from the IP header to the end of the packet.
Encapsulating Security Payload (ESP) provides confidentiality guarantee for packets, by encrypting packets with encryption algorithms. If a packet is received with ESP and successfully decrypted it indicates that the packet was not wiretapped in the middle, if the sender and the receiver share a secret key, and no other party knows the key.
ESP provides encryption service to the packets. However, encryption tends to give negative impact to compression on the wire (such as ppp compression). IP Compression (IPcomp) provides a way to compress packet before encryption by ESP.
As discussed above, AH and ESP need shared secret key between peers. For communication between distant locations, there is a need to provide ways to negotiate keys in secrecy. Internet Key Exchange (IKE) makes this possible.
IPsec has been deployed widely to implement Virtual Private Networks (VPNs). IPsec supports two encryption modes: Transport and Tunnel.
Transport mode encrypts only the data portion (payload) of each packet, but leaves the header untouched. The more secure Tunnel mode encrypts both the header and the payload. On the receiving side, an IPSec-compliant device decrypts each packet.
For IPsec to work, the sending and receiving devices must share a public key. This is accomplished through a protocol known as Internet Security Association and Key Management Protocol/Oakley (ISAKMP/Oakley), which allows the receiver to obtain a public key and authenticate the sender using digital certificates.
Note security of IPsec protocols depend on the secrecy of secret keys. If secret keys are compromised, IPsec protocols can no longer be secure.
Posted by
Ramesh Nagar
comments (0)
*
Nslookup is a program to query Internet domain name servers. Displays information that can be used to diagnose Domain Name System (DNS) infrastructure.
*
Helps find additional IP addresses if authoritative DNS is known from whois.
*
MX record reveals the IP of the mail server.
*
Both Unix and Windows come with a Nslookup client.
*
Third party clients are also available - E.g. Sam Spade
Nslookup employs the domain name delegation method when used on the local domain. For instance, typing 'hr.targetcompany.com' will query for the particular name and if not found, will go one level up to find 'targetcompany.com'. To query a host name outside the domain, a fully qualified domain name (FQDN) must be typed.
The attacker can use dig and host command to obtain more information on UNIX systems.
..................................................................................................................................................................... .....................................................
Posted by
Ramesh Nagar
comments (0)
The attacker may choose to source the information from:
* A web page (save it offline, e.g. using offline browser such as Teleport pro
* Yahoo or other directories. (Tifny is a comprehensive search tool for USENET newsgroups.
* Multiple search engines (All-in-One, Dogpile), groups.google.com is a great resource for searching large numbers of news group archives without having to use a tool.
* Using advanced search (e.g. AltaVista),
* Search on publicly trade companies (e.g. EDGAR).
* Dumpster diving (To retrieve documents that have been carelessly disposed)
* Physical access (False ID, temporary/contract employees, unauthorized access etc)
There are four RIRs, each maintaining a whois database holding details of IP address registrations in their regions. The RIR whois databases are located at:
*
ARIN (North America and sub-Saharan Africa)
*
APNIC (Asia Pacific region)
*
LACNIC (Southern and Central America and Caribbean)
*
RIPE NCC (Europe and northern Africa)
Tools
There are tools available to aid a whois lookup. Some of them are Sam Spade (downloadable from www.samspade.org). Smart Whois (downloadable from www.tamos.com). Netscan (downloadable from www.netscantools.com) and GTWhois (Windows XP compatible) (www.geektools.com) etc.
Posted by
Ramesh Nagar
comments (0)
*
Foot printing is the blueprinting of the security profile of an organization, undertaken in a methodological manner.
*
Foot printing is one of the three pre-attack phases. The others are scanning and enumeration.
*
Foot printing results in a unique organization profile with respect to networks (Internet / Intranet / Extra net / Wireless) and systems involved.
There is no single methodology for foot printing, as a hacker can choose several routes to trace the information. Foot printing therefore, needs to be carried out precisely and in an organized manner. The information unveiled at various network levels can include details of domain name, network blocks, network services and applications, system architecture, intrusion detection systems, specific IP addresses, access control mechanisms and related lists, phone numbers, contact addresses, authentication mechanisms and system enumeration.
The information gathering activity can be broadly divided into seven phases:
o The attacker would first unearth initial information (such as domain name),
o locate the network range of the target system (using tools such as Nslookup, whois etc),
o ascertain the active machines (for instance by pinging the machine),
o discover open ports or access points (using tools such as port scanners),
o detect operating systems (for instance querying with telnet),
o uncover services on ports and
o ultimately map the network.
This not only speeds up the real attack process, but also aids in helping the attacker prepare better for covering his tracks and thereby leave a smaller or minimal footprint.
Initial Information:
Commonly includes:
o
Domain name lookup
o
Locations
o
Contacts (Telephone / mail)
Information Sources:
o
Open source
o
Who is
o
Nslookup
Hacking Tool:
o
Sam Spade
Open Source Foot printing is the easiest and safest way to go about finding information about a company. Information that is available to the public, such as phone numbers, addresses, etc. Performing whois requests, searching through DNS tables are other forms of open source foot printing. Most of this information is fairly easy to get, and within legal limits. One easy way to check for sensitive information is to check the HTML source code of the website to look for links, comments, Meta tags etc
Posted by
Ramesh Nagar
comments (0)
Hacker Classes
*
Black hats
o
Individuals with extraordinary computing skills, resorting to malicious or destructive activities. Also known as 'Crackers.'
*
White Hats
o
Individuals professing hacker skills and using them for defensive purposes. Also known as 'Security Analysts'.
*
Gray Hats
o
Individuals who work both offensively and defensively at various times.
*
Ethical Hacker Classes
o
Former Black Hats
+
Reformed crackers
+
First-hand experience
+
Lesser credibility perceived
o
White Hats
+
Independent security consultants (maybe groups as well)
+
Claims to be knowledgeable about black hat activities
o
Consulting Firms
+
Part of ICT firms
+
Good credentials
Posted by
Ramesh Nagar
comments (0)
*
Covering Tracks refers to the activities undertaken by the hacker to extend his misuse of the system without being detected.
*
Reasons include need for prolonged stay, continued use of resources, removing evidence of hacking, avoiding legal action etc.
*
Examples include Steganography, tunneling, altering log files etc.
*
Hackers can remain undetected for long periods or use this phase to start a fresh reconnaissance to a related target system.
Posted by
Ramesh Nagar
comments (0)
*
Gaining Access refers to the true attack phase. The hacker exploits the system.
*
The exploit can occur over a LAN, locally, Internet, offline, as a deception or theft. Examples include stack-based buffer overflows, denial of service, session hijacking, password filtering etc.
*
Influencing factors include architecture and configuration of target system, skill level of the perpetrator and initial level of access obtained.
*
Business Risk - 'Highest' - The hacker can gain access at operating system level, application level or network level.
Posted by
Ramesh Nagar
comments (0)
*
Maintaining Access refers to the phase when the hacker tries to retain his 'ownership' of the system.
*
The hacker has exploited a vulnerability and can tamper and compromise the system.
*
Sometimes, hackers harden the system from other hackers as well (to own the system) by securing their exclusive access with Backdoors, RootKits, Trojans and Trojan horse Backdoors.
*
Hackers can upload, download or manipulate data / applications / configurations on the 'owned' system.
Posted by
Ramesh Nagar
comments (0)
Business Risk - To see if someone is watching and responding. Could be future point of return when noted for ease of entry for an attack when more is known on a broad scale about the target.
*
Passive reconnaissance involves monitoring network data for patterns and clues.
o
Examples include sniffing, information gathering etc.
*
Active reconnaissance involves probing the network to detect
o
accessible hosts
o
open ports
o
location of routers
o
details of operating systems and services
Posted by
Ramesh Nagar
comments (0)
*
Scanning refers to pre-attack phase when the hacker scans the network with specific information gathered during reconnaissance.
*
Business Risk - 'High' - Hackers have to get a single point of entry to launch an attack and could be point of exploit when vulnerability of the system is detected.
*
Scanning can include use of dialers, port scanners, network mapping, sweeping, vulnerability scanners etc.
Posted by
Ramesh Nagar
comments (0)
Refers to 'hacking with / for a cause'.
*
Comprises of hackers with a social or political agenda
*
Aims at sending across a message through their hacking activity and gaining visibility for their cause and themselves.
*
Common targets include government agencies, MNCs, or any other entity perceived as 'bad' or 'wrong' by these groups / individuals.
*
It remains a fact however, that gaining unauthorized access is a crime, no matter what the intent.
Most hacktivists aim at sending across a message through their hacking activity and gaining visibility for their cause and themselves. Common targets include government agencies, MNCs, or any other entity perceived as 'bad' or 'wrong' by these groups / individuals. It remains a fact however, that gaining unauthorized access is a crime, no matter what the intent.
Posted by
Ramesh Nagar
comments (0)
"If you know the enemy and know yourself, you need not fear the result of a hundred battles." - Sun Tzu, Art of War
*
Ethical hackers tries to answer:
o
What can the intruder see on the target system? (Reconnaissance and Scanning phase of hacking)
o
What can an intruder do with that information? (Gaining Access and Maintaining Access phases)
o
Does anyone at the target notice the intruders attempts or success? (Reconnaissance and Covering Tracks phases)
*
If hired by any organization, an ethical hacker asks the organization what it is trying to protect, against whom and what resources it is willing to expend in order to gain protection.
..................................................................................................................................................................... .....................................................
Posted by
Ramesh Nagar
comments (0)
Can Hacking Be Ethical?
*
The noun 'hacker' refers to a person who enjoys learning the details of computer systems and stretch their capabilities.
*
The verb 'hacking' describes the rapid development of new programs or the reverse engineering of already existing software to make the code better, and efficient.
*
The term 'cracker' refers to a person who uses his hacking skills for offensive purposes.
*
The term 'ethical hacker' refers to security professionals who apply their hacking skills for defensive purposes.
Now its all upon you, how you wanna to take it.
WITH THIS POST YOUR INTRODUCTION TO HACKING IS FINISHED NOW YOU WILL START LEARN HACKING FULL 4 FREE.IF YOU WANT TO BECOME A GOOD HACKER THEN , LEARN WITH COMPLETE CONCENTRATION SO, NEVER BORED IN LEARN Ethical HACKING ONLINE .
*
The noun 'hacker' refers to a person who enjoys learning the details of computer systems and stretch their capabilities.
*
The verb 'hacking' describes the rapid development of new programs or the reverse engineering of already existing software to make the code better, and efficient.
*
The term 'cracker' refers to a person who uses his hacking skills for offensive purposes.
*
The term 'ethical hacker' refers to security professionals who apply their hacking skills for defensive purposes.
Now its all upon you, how you wanna to take it.
WITH THIS POST YOUR INTRODUCTION TO HACKING IS FINISHED NOW YOU WILL START LEARN HACKING FULL 4 FREE.IF YOU WANT TO BECOME A GOOD HACKER THEN , LEARN WITH COMPLETE CONCENTRATION SO, NEVER BORED IN LEARN Ethical HACKING ONLINE .
Posted by
Ramesh Nagar
comments (0)
Test your hacking Skill at
http://www.hellboundhackers.org
The hands-on approach to computer security. Learn how hackers break in, and how to keep them out.
.......................
http://www.hellboundhackers.org
The hands-on approach to computer security. Learn how hackers break in, and how to keep them out.
.......................
![[Image: sms42.png]](http://i137.photobucket.com/albums/q201/InuyashaITB/sms42.png)
Posted by
Ramesh Nagar
comments (0)
Hi all,
i'd like to share some of my stuff with my blog visitors.It Will Help to scan websites for Lfi(Local File Inclusion)
SnapShot:
Download mirror:
[Warning! This file can include malicious contents which you may not be aware of!] Multiupload.com - upload your files to multiple file hosting sites!
Password: intern0t
i'd like to share some of my stuff with my blog visitors.It Will Help to scan websites for Lfi(Local File Inclusion)
SnapShot:
Download mirror:
[Warning! This file can include malicious contents which you may not be aware of!] Multiupload.com - upload your files to multiple file hosting sites!
Password: intern0t
Posted by
Ramesh Nagar
comments (0)
Hello Friends here is One More tutorial about hacking Facebook , Hotmail ,Yahoo ,Gmail ,Twitter ,orkut ,myspace and msn accounts with easy as 1 2 3 . In my previous article, I mentioned about Armadax Key logger for Hacking Hotmail, Yahoo, Myspace and Msn account passwords.
Today i am Introducing a very effective key logger namely Vicspy key logger - the key logger that I found extremely Good and user-friendly for hacking hotmail, yahoo account passwords. I have provided link for software download and password ... So Enjoy and Let's Begin the Tutorial .Hacking Facebook,hotmail,Yahoo,Gmail,Twitter,orkut,myspace and msn Passwords
1. Download Vicspy keylogger for hacking Hotmail, Yahoo, msn ,myspace ,Face book And Gmail account passwords.
2. Extract the Rar to obtain Vicspy keylogger.
3. Simply run peditor.exe to get key logger interface and create a key logger for hacking hotmail, yahoo and msn account password. No need to install software on computer.
3. Simply run peditor.exe to get key logger interface and create a key logger for hacking hotmail, yahoo and msn account password. No need to install software on computer.
4. Now, in Servers , fill in the FTP server which you wanna use to receive logs from keylogger.
Fill in ftp server as:
Fill in ftp server as:
where:
# user: your username at ftp server.
# pass: your password.
# logs: create a new folder named "logs" at your ftp server. You will receive hotmail, yahoo and msn hacked passwords in this folder.
# ftp.example.com : your ftp server address. (eg: ftp.drivehq.com for drivehq ftp server)
After you have completed filling ftp server, hit on "Check" just adjacent to it to check whether you have entered ftp server correctly and whether server is available.
5. In Control, check "Melt" to make key logger evaporate after installation on victim computer.
6. Additional Options included in Vicspy key logger are that you can
- Change keylogger file icon
- Bind key logger with another file to make it undetectable by victim.
7. Now, simply choose the path where you want key logger to be saved and hit on "Create" to create key logger file at preferred destination.
# user: your username at ftp server.
# pass: your password.
# logs: create a new folder named "logs" at your ftp server. You will receive hotmail, yahoo and msn hacked passwords in this folder.
# ftp.example.com : your ftp server address. (eg: ftp.drivehq.com for drivehq ftp server)
After you have completed filling ftp server, hit on "Check" just adjacent to it to check whether you have entered ftp server correctly and whether server is available.
5. In Control, check "Melt" to make key logger evaporate after installation on victim computer.
6. Additional Options included in Vicspy key logger are that you can
- Change keylogger file icon
- Bind key logger with another file to make it undetectable by victim.
7. Now, simply choose the path where you want key logger to be saved and hit on "Create" to create key logger file at preferred destination.
8. Now, send this file to your victim and make him to install this binded keylogged file on his computer (Social engineering). You can crypt this keylogger file and then use Fake error message generator to make our key logger undetectable by antivirus.
Once the victim installs key logger on his computer, you will start receiving all typed passwords on his computer in your FTP server account (in logs folder). Thus, our target of hacking hotmail, yahoo, msn account password accomplished.
Once the victim installs key logger on his computer, you will start receiving all typed passwords on his computer in your FTP server account (in logs folder). Thus, our target of hacking hotmail, yahoo, msn account password accomplished.
That's ALL About Vicspy Key logger for hacking Facebook,hotmail,Yahoo,Gmail,Twitter,orkut,myspace and msn account passwords. Vicspy keylogger can also be used for hacking other email account passwords.
..................................................................