I'm working on some kind of malware for Windows systems(for testing purposes of course :) ) for some time, and since I'm very busy with all the things I'm doing at the moment, this little application won't be finished soon.
But in the last days I was coding something about startup, and I've remembered one way of hidden startup that is not so popular or known. And the strange thing is that Microsoft is not fixing this bug for a long time.
What is it all about?
Windows Registry Editor for 2k and XP systems has a design flaw that alows to hide registry information from viewing or editing. And the best thing is that this exploitation also includes even users with administrative access.
Easiest way to exploit this bug is to:
1. Create a new string value in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run with Registry editor(Regedit32.exe)
2. Fill the name of the key with some string of 258 characters
3. Create one more string value, and type some name(of you program), and for data insert the path to your program.
4. Now press F5 to refresh it, and voila :) the key disappeared!
5. Restart the system, and your program will be executed.
Simple as that... :)
For last two days I had some free time, and accidentally I found something very interesting in serbian mobile network mt:s.
If you call your own number, you'll see a "number busy" like message. Ok, that normal. :)
But, for a couple of minutes, you will receive an SMS from mt:s that you had a missed call.
And from who? Yes, your own number! :)
And that's not all. After that, you will receive another SMS from mt:s that the number you called(your own number) is now available! :)
Funny...
If you call your own number, you'll see a "number busy" like message. Ok, that normal. :)
But, for a couple of minutes, you will receive an SMS from mt:s that you had a missed call.
And from who? Yes, your own number! :)
And that's not all. After that, you will receive another SMS from mt:s that the number you called(your own number) is now available! :)
Funny...
posted by Jovica at 10:46 AM
|
0 comments
|
0 comments
I think I need to mention some more usefull shell commands, so here they are:
# uptime //everybody knows this (shows how long the system has been running)
# man hier //description of the file system hierarchy
# dmesg // detected hardware and boot messages
# lsdev // information about installed hardware
# cat /proc/cpuinfo //cpu info
# cat /proc/meminfo //memory info
# free -m // used and free memory in MB
# cat /proc/devices //configured devices
# cat /proc/net/dev //shows network adapters and statistics
# lshal // shows a list of all devices with their properties
# top //nice display and update of top cpu processes
# tail -n 500 /var/log/messages //last 500 kernel/syslog messages
# tail /var/log/warn //system warning messages
# sysctl -a //view all system limits
# sysctl fs.file-max //view max open files limit
# sysctl kern.ipc.numopensockets //how many open sockets are in use
# ps -auxefw // nice display of all running processes
# fuser -va 22/tcp //list processes using port 22
# tar c dir/ | gzip | ssh user@remote 'dd of=dir.tgz' // arch dir/ and store remotely.
enjoy and see you soon...
# uptime //everybody knows this (shows how long the system has been running)
# man hier //description of the file system hierarchy
# dmesg // detected hardware and boot messages
# lsdev // information about installed hardware
# cat /proc/cpuinfo //cpu info
# cat /proc/meminfo //memory info
# free -m // used and free memory in MB
# cat /proc/devices //configured devices
# cat /proc/net/dev //shows network adapters and statistics
# lshal // shows a list of all devices with their properties
# top //nice display and update of top cpu processes
# tail -n 500 /var/log/messages //last 500 kernel/syslog messages
# tail /var/log/warn //system warning messages
# sysctl -a //view all system limits
# sysctl fs.file-max //view max open files limit
# sysctl kern.ipc.numopensockets //how many open sockets are in use
# ps -auxefw // nice display of all running processes
# fuser -va 22/tcp //list processes using port 22
# tar c dir/ | gzip | ssh user@remote 'dd of=dir.tgz' // arch dir/ and store remotely.
enjoy and see you soon...
posted by Jovica at 10:06 PM |
0 comments
|
0 comments
I was thinking about the path of my blog, and changed my decision for now. I realized that it's not my point to teach about penetration testing, and I need to write more actual stuff.
So, in the future, I won't continue to write about steps in penetration testing, and some global points of ethical hacking.
I'm going to write about real things, situations, scenarios etc. So stay tuned!
So, here are some very usefull commands and tips in everyday Linux use.
Configuring additional IP addresses:
# ifconfig eth0 10.4.0.1 netmask 255.255.0.0
# ifconfig eth0:0 10.4.0.2 netmask 255.255.0.0
Changing MAC address:
# ifconfig eth0 hw ether 00:11:22:33:44:55
Adding and deleting a route:
# route add 210.110.0.0/16 192.168.10.10
# route delete 210.110.0.0/16
# route add default 192.168.10.10
To see open ports:
# netstat -an | grep LISTEN //displays all Internet connections
# lsof -i //displays list of open sockets
# netstat -tup //displays list of active connections to and from system
# netstat -tupl // displays list of listening ports from system
IP forward for routing(pay attention on this :) )
# cat /proc/sys/net/ipv4/ip_forward // to chek IP forwarding -> 0=off, 1=on
# echo 1 > /proc/sys/net/ipv4/ip_forward //turning IP forwarding on
Print routing table:
# route -n
Add route permanently:
# static_routes="someroute"
# route_someroute="-net 210.110.0.0/16 192.168.10.10"
Firewall stuff:
# iptables -L -n -v // for status
# iptables -P INPUT ACCEPT //open everything
# iptables -X //delete all chains
# iptables -F // flush all chains
That's it for now. Ciao!
So, in the future, I won't continue to write about steps in penetration testing, and some global points of ethical hacking.
I'm going to write about real things, situations, scenarios etc. So stay tuned!
So, here are some very usefull commands and tips in everyday Linux use.
Configuring additional IP addresses:
# ifconfig eth0 10.4.0.1 netmask 255.255.0.0
# ifconfig eth0:0 10.4.0.2 netmask 255.255.0.0
Changing MAC address:
# ifconfig eth0 hw ether 00:11:22:33:44:55
Adding and deleting a route:
# route add 210.110.0.0/16 192.168.10.10
# route delete 210.110.0.0/16
# route add default 192.168.10.10
To see open ports:
# netstat -an | grep LISTEN //displays all Internet connections
# lsof -i //displays list of open sockets
# netstat -tup //displays list of active connections to and from system
# netstat -tupl // displays list of listening ports from system
IP forward for routing(pay attention on this :) )
# cat /proc/sys/net/ipv4/ip_forward // to chek IP forwarding -> 0=off, 1=on
# echo 1 > /proc/sys/net/ipv4/ip_forward //turning IP forwarding on
Print routing table:
# route -n
Add route permanently:
# static_routes="someroute"
# route_someroute="-net 210.110.0.0/16 192.168.10.10"
Firewall stuff:
# iptables -L -n -v // for status
# iptables -P INPUT ACCEPT //open everything
# iptables -X //delete all chains
# iptables -F // flush all chains
That's it for now. Ciao!
posted by Jovica at 9:03 PM |
0 comments
|
0 comments
Hey!
Something interesting is happening these days... BackTrack 4 Beta is going to be released every moment!
I'm waiting for a release, and I'll try it as soon as I find some free time these days...
More info you can find at http://backtrack4.blogspot.com
And here is the manual for installing: http://www.offensive-security.com/documentation/bt4install.pdf
See you soon...
Something interesting is happening these days... BackTrack 4 Beta is going to be released every moment!
I'm waiting for a release, and I'll try it as soon as I find some free time these days...
More info you can find at http://backtrack4.blogspot.com
And here is the manual for installing: http://www.offensive-security.com/documentation/bt4install.pdf
See you soon...
posted by Jovica at 4:29 PM |
0 comments
|
0 comments