Skip to main content

Posts

Showing posts from January, 2013

Penetration Testing Lab-1

Aim to Exploit MS08-067 Vulnerability of Window XP and Window Server 2003




On 24 October 2008, Microsoft released an out-of-cycle patch that addressed a stack buffer overflow vulnerability in the Microsoft Windows Server service MS08-067, CVE-2008-4250. Per Microsoft, "This security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit." Public exploit code and malware began circulating as soon as the patch was released. Microsoft and Symantec provided analysis on malware known as Gimmiv.A. The malware harvests and exfiltrates system information and is able to scan and exploit the MS08-067 vul…

Assignment 01(Enroll TO Offensive-Security Course)

Steps 1:download the page.
2:open fc4.js in your favourite editor and add following lines in it or just replace it with vode given below.
3:then open the download html file in browser and fill the form with your email and a garbage value string.
4:thats it? it will show you the real security string??
yeah but  ...theirs another challenge waiting for you ... :D

function fc4me(srvstr) {

   if(!document.pleazfc4me.email.value || !document.pleazfc4me.securitystring.value) {
      alert("Please fill in all the required fields!");
      return false;
   }
   else {
      document.pleazfc4me.submit();
    }
   var t=hexMD5("\x74\x72\x79\x68\x61\x72\x64\x65\x72"+srvstr)
alert(t)
document.write(t)
}



Finally Got In :-)

LAB-01 (Information Gathering and making a blueprint of network)

Information Gathering 

/*click on image to download the lab file*/

Ethical Hacking 0x02

Structured cabling is building or campus telecommunications cabling infrastructure that consists of a number of standardized smaller elements (hence structured) called subsystems. Structured cabling falls into five subsystems: Demarcation point is the point where the telephone company network ends and connects with the on-premises wiring at the customer premises. Equipment or Telecommunications Rooms house equipment and wiring consolidation points that serve the users inside the building or campus. Vertical or Riser Cabling connects between the equipment/telecommunications rooms, so named because the rooms are typically on different floors. Horizontal wiring can be IW (inside wiring) or Plenum Cabling and connects telecommunications rooms to individual outlets or work areas on the floor, usually through the wireways, conduits or ceiling spaces of each floor. Work-Area Components connect end-user equipment to outlets of the horizontal cabling system. Structured cabling design and inst…

EthiCaL HacKing 0x01

WHY SECURITY?

Evolution Of TechnologyFocus On ease of UseIncrease Complexity of ComputerDecreasing Skill level needed for ExploitDirect Impact of Security breach on corporate asset base and goodwillIncreased network environment and network based application.
With the advent of new technology the bigger companies are shifting their focus to the ease of use i.e how much easy they can make it for the home user to access and use their product.So as we known if we shift our focus to ease of use then the two paradigm functionality and security will be on stake.
Following figure will show change in type of technology which is making things easier so that we do it on our fingure tips:

Dynamic Data Exchange: The primary function of DDE is to allow Windows applications to share data. For example, a cell in Microsoft Excel could be linked to a value in another application and when the value changed, it would be automatically updated in the Excel spreadsheet. The data communication was established …

Ethical HAcking 0x00

Understanding the importance of security

HACKING: Hacking!! so the question here is what is hacking actually mean??
Haking is actually a process of doing reverse engineering, which is done by an expert of that subject.
Now if it is done in computer field then it is a computer  hacking ,if it done in automobile field then it is a automobile hacking and so on.
So what really you need to note is that IT IS DONE BY AN EXPERT OR GROUP OF EXPERTS.
That simply mean to do hacking you must have profound knowledge of your subject on which you are attempting hacking.

Types Of HAcking:
1:Malicious Hacking
2:Defensive Hacking(Ethical Hacking)


Both the type of hacking are self explanatory.Malicious Hacking is done to harm someone or damage something for money or for any other benefit.
Defensive Hacking is done so that no one can easly barge in to your syytem and able to steal your confidential data  .It can also  be done to find vulnerabilities in system so that they can be patched.

Category of Hackers:
1:BLAC…

HEAP OVERFLOW

#include<stdio.h>
#include<strings.h>


int main(int argc, char *argv[])
{
FILE  *filed;
char *userinput = malloc(20);
char *outputfile = malloc(20);


if (argc != 2)
{
printf("Usage: %s \n", argv[0]);
exit(0);
}


strcpy(outputfile, "/tmp/notes");
strcpy(userinput, argv[1]);



printf("userinput @ %p: %s\n", userinput, userinput);
printf("outputfile @ %p: %s\n",outputfile, outputfile);


filed = fopen(outputfile, "a");
if(filed == NULL)
{
fprintf(stderr, "error opening file %s\n", outputfile);
exit(1);
}


fprintf(filed, "%s\n", userinput);
fclose(filed);
return 0;
}


Building the code
 # gcc -o heap-overflow heap-overflow.c
 # chown root.root heap-overflow
 # chmod u+s heap-overflow
 # ./heap-overflow InformationSecurity
 userinput @ 0x80498d0: InformationSecurity
 outputfile @ 0x80498e8: /tmp/notes
 #cat /tmp/notes
 InformationSecurity

 # ./heap-overflow Hacker
 userinput @ 0x80498d0: Hacker
 outputfile @ 0x804…