Sunday, March 8, 2009
Hey! These days I'm terible busy, so I won't start writing about Man in the Middle as I wanted. I will talk about man in the middle attack pretty much in the future. These days I'm exploring new type of Man in the Middle attacks, called active MitM. Very powerfull, and I will write about this, as soon as I find some time to play a little with this kind of attack.

Until then, I want to share with you one of my thoughts. It's about Google.

As I read a lot of blogs, couple days ago, I read something about Google and some google services, and this question just came to my mind.

Can you even imagine how much things Google knows about YOU?

Did you ever think about that?

Let me help you. Google knows things like:

- Eveything you search via Google

- Your real name, address, bank account, credit card number with Adsense service

- Everything about your mail, including content, sent items, contacts,....

- All informations about you, list of friends, interests,... via Orkut

- Which pictures have you been looking for, every photo you have uploaded to Picasa

- Subject of your site, what kind of users visits your pages, how many minutes they spend on page, their geographical location, IP adress and a lot more... via Adsense, Analytics

- Everything you have written to your blog via Blogger, every blog that you have visited, every your comment...

- Strategy, composition, aims and problems in company, where are APPS being used... via Apps


and a lot more information...

scary?

No need to be. Our secrets are safe with Google. For now. :)

Think about it.
posted by Jovica at 11:29 PM | 1 comments
Monday, March 2, 2009
Here is something usefull about Nmap...

Using the -iL command is easy way to specify host addresses in a file. For ports, the fast scan option, with a -F, provides a similar function.
Since port numbers will need to be scanned often and usually don’t change, the fast scan looks to the nmap-services file to get its list of ports to scan.
But, you need to know that the default nmap-services file contains over 2000 UDP and TCP port numbers! Yes, a lot! But, if you change this file, you can create a customized scan that will only identify the ports you specify.

Very good idea is to keep many different files handy for different situations. For example, you may want to keep a customized file that has a list of the port numbers that you’d never want to see open on your network.
Or list of some famous trojan/spyware/malware ports, or whatever else...

When you decide which of your files you will use, simply rename your file to nmap-services, use the fast scan option, and you’ll instantly have a customized Nmap scan that can hunt down the ones you want.
When you’re done with scaning, you can restore the original Nmap-services file and you’re back to normal.
So simple, and so usefull!

The nmap-services support file is found in the default nmap directory.

I've created my own nmap-services file in my home directory, and to start your hunting scan, do:

[jolenzy@bt3 ~]# nmap -F 192.168.0.1/24 --datadir .

Nmap fast scan use the --datadir option that points to our current directory in example above. This means that Nmap will look in the local directory for all of it's support files, including our customized nmap-services file.

This certainly makes the scan go much faster because we've cut down the total number of ports scanned per device. The --datadir parameter and a customized nmap-services support file makes all the difference!
posted by Jovica at 7:15 PM | 0 comments
Thursday, February 26, 2009
I'm working on some kind of malware for Windows systems(for testing purposes of course :) ) for some time, and since I'm very busy with all the things I'm doing at the moment, this little application won't be finished soon.

But in the last days I was coding something about startup, and I've remembered one way of hidden startup that is not so popular or known. And the strange thing is that Microsoft is not fixing this bug for a long time.

What is it all about?

Windows Registry Editor for 2k and XP systems has a design flaw that alows to hide registry information from viewing or editing. And the best thing is that this exploitation also includes even users with administrative access.

Easiest way to exploit this bug is to:

1. Create a new string value in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run with Registry editor(Regedit32.exe)

2. Fill the name of the key with some string of 258 characters

3. Create one more string value, and type some name(of you program), and for data insert the path to your program.

4. Now press F5 to refresh it, and voila :) the key disappeared!

5. Restart the system, and your program will be executed.


Simple as that... :)
posted by Jovica at 11:47 PM | 0 comments
Saturday, February 21, 2009
For last two days I had some free time, and accidentally I found something very interesting in serbian mobile network mt:s.

If you call your own number, you'll see a "number busy" like message. Ok, that normal. :)

But, for a couple of minutes, you will receive an SMS from mt:s that you had a missed call.
And from who? Yes, your own number! :)

And that's not all. After that, you will receive another SMS from mt:s that the number you called(your own number) is now available! :)


Funny...
posted by Jovica at 10:46 AM | 0 comments
Tuesday, February 17, 2009
I think I need to mention some more usefull shell commands, so here they are:

# uptime //everybody knows this (shows how long the system has been running)

# man hier //description of the file system hierarchy

# dmesg // detected hardware and boot messages

# lsdev // information about installed hardware

# cat /proc/cpuinfo //cpu info

# cat /proc/meminfo //memory info

# free -m // used and free memory in MB

# cat /proc/devices //configured devices

# cat /proc/net/dev //shows network adapters and statistics

# lshal // shows a list of all devices with their properties

# top //nice display and update of top cpu processes

# tail -n 500 /var/log/messages //last 500 kernel/syslog messages

# tail /var/log/warn //system warning messages

# sysctl -a //view all system limits

# sysctl fs.file-max //view max open files limit

# sysctl kern.ipc.numopensockets //how many open sockets are in use

# ps -auxefw // nice display of all running processes

# fuser -va 22/tcp //list processes using port 22

# tar c dir/ | gzip | ssh user@remote 'dd of=dir.tgz' // arch dir/ and store remotely.



enjoy and see you soon...
posted by Jovica at 10:06 PM | 0 comments
Thursday, February 12, 2009
I was thinking about the path of my blog, and changed my decision for now. I realized that it's not my point to teach about penetration testing, and I need to write more actual stuff.

So, in the future, I won't continue to write about steps in penetration testing, and some global points of ethical hacking.
I'm going to write about real things, situations, scenarios etc. So stay tuned!

So, here are some very usefull commands and tips in everyday Linux use.

Configuring additional IP addresses:
# ifconfig eth0 10.4.0.1 netmask 255.255.0.0
# ifconfig eth0:0 10.4.0.2 netmask 255.255.0.0

Changing MAC address:
# ifconfig eth0 hw ether 00:11:22:33:44:55

Adding and deleting a route:
# route add 210.110.0.0/16 192.168.10.10
# route delete 210.110.0.0/16
# route add default 192.168.10.10

To see open ports:
# netstat -an | grep LISTEN //displays all Internet connections
# lsof -i //displays list of open sockets
# netstat -tup //displays list of active connections to and from system
# netstat -tupl // displays list of listening ports from system

IP forward for routing(pay attention on this :) )
# cat /proc/sys/net/ipv4/ip_forward // to chek IP forwarding -> 0=off, 1=on
# echo 1 > /proc/sys/net/ipv4/ip_forward //turning IP forwarding on

Print routing table:
# route -n

Add route permanently:
# static_routes="someroute"
# route_someroute="-net 210.110.0.0/16 192.168.10.10"

Firewall stuff:
# iptables -L -n -v // for status
# iptables -P INPUT ACCEPT //open everything
# iptables -X //delete all chains
# iptables -F // flush all chains

That's it for now. Ciao!
posted by Jovica at 9:03 PM | 0 comments
Tuesday, February 10, 2009
Hey!
Something interesting is happening these days... BackTrack 4 Beta is going to be released every moment!






I'm waiting for a release, and I'll try it as soon as I find some free time these days...

More info you can find at http://backtrack4.blogspot.com

And here is the manual for installing: http://www.offensive-security.com/documentation/bt4install.pdf

See you soon...
posted by Jovica at 4:29 PM | 0 comments