Intrusion Attack Through Port Scanning

Port scanning determines which ports are listening to the active connections on the subjected host. These ports represent potential communication channels. With the help of port scanning we get close to the network communication scenario. We get to know more about victim’s network which is useful for further attacks. Internet does not exclusively rely on TCP port 80, used by hypertext transfer protocol (HTTP). Any surfer surfing any website can gain the same level of proficiency as your average casual surfer. Port scanning can be efficiently done to reveal the secret’s about the host.

Automated port scanners are necessary to perform such scanning, which are available in the market for very small cost.

Port scanning is done so as to gather information passively about the victim. This help’s intruder to eavesdrop into Victim’s Network.

Such scanning also helps in gathering information so as to form a network map. Network map are useful to get to know the victim network architecture or hierarchy.

There are thousands of ports available for communication on a network some well known are FTP, HTTP, SMTP etc., Which ports remains open or close depends on the network’s requirement. Like any web server will always have an FTP port open.

Every port has its unique number which is targeted after the successful port scanning. Various bugs, backdoors are installed on these ports and tested whether the system is vulnerable.

And this is how a successful attack through port scanning is done.

Hope you have enjoyed this informative article about port scanning. We are covering requirements of a good port scanner in next post.

To know more about port scanning comment here or mail us at amol@hackersenigma.com

Port Scanners Selection Factors

We have covered brief introduction about port scanning and its techniques in our previous topic. Here we are, with requirements of a good port scanner.

Dynamic delay time calculations: Delay time is necessary for some scanners to send the data chunks.  So you need to check whether it is working properly or not with ping, which gives replies to every execution. But that is some time cumbersome, so you can use connect ( ) to a closed port on target. Which can gives you an initial delay time you’re your scanner. Simple, isn’t it!!!
 
Parallel Port Scanning: Scanners generally scans orts linearly and one by one till total ports are reached, but this old technique only works better with TCP on a faster network. So you need to test whether your port scanner has parallel port scanning or not because we have to scan over larger area or wide area network.

Port Scanners
Port Scanners

Flexible Port Specification: Can you believe we need to scan all 65535 ports. It will be slow and tiresome process. Also, the scanners which only allow you to scan ports 1 – N often fall short of an intruder’s need. Test whether your scanner has ranges option available which can allow you to scan the ports in better manner.

Flexible target specification: On a larger network you may surely want to scan more than one or two hosts.  So you should have flexible target specification available on your port scanner.

Retransmission: Sending chunks and collecting for response is a way old technique for scanners. But this can lead to false positives or negatives in the case where packets are dropped. So, check whether your scanner have automated retransmission available.

So these are some of the primary facts of considerations. Some secondary consideration includes Down Host Detection, Own IP detector, and IP scanner etc.

Packet Sniffing Attack & Vulnerable Ethernet Communications – I

A wire-tap device that plugs into computer networks and eavesdrops on the network traffic is known as the Packet Sniffer or protocol analyzer. Same as we tap any phone call this sniffing allows us to listen to communication between two or more computers.

Computer conversations consist of apparently random binary data. Therefore, network wiretap programs also come with a feature known as “protocol analysis”, which allow them to “decode” the computer traffic and make sense of it. We don’t directly need to break in to actual communication, we can install device on network and tap other network’s conversation which is the other advantage of packet Sniffer.

This shared technology is known as promiscus mode in sniffing, but bad news for black hats is this shared technology is getting transferred to Non-promiscus mode which is making it harder for intruder to install the sniffing programs.Internet is place where no place is available to see the all communication. Means we need to concentrate on single communication at a time. This architecture of internet prevents any single point of packet sniffing.

Packet Sniffing
Packet Sniffing

If we have two machines in our own office talking to each other, and both are on the Internet. They take a direct route of communication, and the traffic never goes across the outside public portion of the Internet. Any communication anywhere in the net follows a similar “least-cost-path” principle.  Ethernet was built around a “shared” principle: all machines on a local network share the same wire.

This scenario implies that all the machines are able to “see” all the traffic on the same wire. Therefore, the next Ethernet hardware is built with a “filter” that ignores all traffic that doesn’t belong to it. It does this by ignoring all frames whose MAC address doesn’t match their own. A wiretap program effectively turns off this filter, putting the Ethernet hardware into “promiscuous mode”. MAC works on non promiscus mode and so only that traffic can be heard who is on same Ethernet wire. Like victim and intruder should share same Ethernet wire to make any attack possible.

To be Continued in Next Post . . .

Firewalk Attack: Beyond The Boundaries of Security.

Firewalk which was developed by two masterminds known as developed by Mike Schiffman and Dave Goldsmith furthers the techniques used both by static port traceroutes and hping.

It can be successfully implemented to scan a host downstream from a security gateway to assess what rules relate to the target system, without any packets having to reach it.

Firewalk utilizes the TTL functions to carry out the whole attack. This was different to analyze by any firewall. And so it was called as beyond the boundaries of security.

Firewalk

Some of the fact that should be true for any kind of firewall responses are:

If the packet is passed by the Firewall, a TTL expired should be received.

If the packet is blocked by the Firewall, this could be caused be either of the following:
An ICMP administratively prohibited response is received or The packet is dropped without comment. Again, uncertainty is introduced through packets lost in transit. Some security gateways will detect the packet is due to expire and send the expired message whether the policy would have allowed the packet or not.

Firewalls and intruders are always the big rivals as firewalls updates with technologies implemented by intruders. Which sometimes makes it harder for firewall vendors and sometimes for hackers.

Set Up Your Own Domain Name Server

This is only a quick tutorial, there are literally hundreds of little tricks you can do with a DNS, but this will get your basics up and running. I’m assuming you want to setup a windows DNS server, but the principals will work for most servers.

You will need..

1) A domain name over which you have full control
2) DNS server software(Windows server always comes with one of these)
3) At least one fixed IP address, allthough two is highly desirable
4) An idea of what services you want on your server

The first thing you need to do is create your new domain entry. In windows this is called a “Zone” and you will have one for every domain name you have. Add your main domain in the forward lookup zone as a Primary zone, which will be in the format “Domainname.com”, or .co.uk, or whatever, you shouldn’t need any more details for this bit. Do *not* allow dynamic updates unless this is a local network DNS. Once it is created you will have 2 entry’s under your new domain, “SOA”(Or Start of Authority) and “NS”(Or Name server). If you want a 100% compliant DNS then you should now follow the same process but adding a domain as a reverse lookup zone. Any changes you make to the forward lookup should have the “Update Reverse Lookup” option ticked if its available, if not you must update the reverse zone manually(This is very important).

Now edit the “NS” entry in your forward zone to “NS0.DomainName.Com”, and set it to the relevant IP address. Add another (NS) record and set it to “NS1.DomainName.Com”. If using 2 IP address, try to make NS0 the first IP. Now you need to configure the SOA entry in the forward lookup zone. The serial number should be changed to a date followed by a number in this format “YYYYMMDDnn”, this is not required, but is advised by RIPE. The primary server will be the “NS0.domainname.com” entry you just made and the responsible person should be left for now. The refresh interval should be set somewhere between 1200 to 43200 seconds, the retry should be between 120-7200 seconds and the expires after should be around 2-4 weeks(I’ll let you work out the seconds for that). The minimum TTL is quite important, and depending on what you are going to do with the domain, you might need to tweak this a bit. Typically a value between 1-3 hours should be used. Now go to your “Name server” settings in your SOA record(In windows this is a tab in the same window) remove the defaults, and add your two Name servers that you just setup. We will come back to the SOA record later, but for now we need to do some more stuff.

If you want a website, then your going to want the WWW. setting up. We will set it up as an “A” record, which means it is a separate top level record and will be populated separately from other entries. So add an “A” to your forward lookup zone and put the entry as “WWW”, and set the IP address to wherever you want the website to be. This will be where the domain always goes, and it could be anywhere. Just make sure there is a web server waiting there for it. If you want FTP, then setup the same thing but with “FTP” in the entry. You will now also have to setup “A” records for the NS0 and NS1 name servers that you added previously, just make them the same as WWW and FTP, but make sure the IP addresses match the ones used for setting up the “NS” records. Also add a blank “A” record, this will make sure that “domainname.com” works as well as “www.domainname.com”.

Now you should decide whether or not you want to have mail on this domain. It is Hegel advisable that you set one up, even if it just to catch domain mail about abuse or potential problems that might occur. You can find plenty of high quality free mail servers out there, but I would recommend “Mail Enable”, its free and provides everything you would want, but if you want webmail you do have to pay something extra for it. We will now configure the MX records. Add an “A” name for your mail server, you can add 2 if you want, but for simplicity I would advise staying with 1. We will call ours “Mail.domainname.com”, and point it to one of our IP addresses. Now add an “MX” record in the Forward Lookup zone, giving it the full “A” record you just entered “Mail.domainname.com”, and do not setup a host or child domain, just leave it blank.

This next step isn’t needed, but is again highly recommended.

Now to finish the SOA you need to add two more records. A “RP” entry, which is a Responsible Person, and they will be the contact point for domain complaints and a “MB” entry, which is a mailbox entry. The “MB” should just be pointed to the mail server domain name “Mail.domainname.com”, and the “RP” should have the host or domain set to the name of your mail box. So for this server it will be “Tony.Domainname.com”, and the mailbox will be set to the “MB” record you just made. Don’t worry about the RP address having no “@” in it, this is the expected format for an “RP” entry. You will now have to go back into the SOA and change the responsible person to the new “RP” record you just made.

And thats it, your done! You can add as many “A” records as you like to point to other web servers, or a multitude of FTP sites. And you can add “CNAME” records to basically point to another name, usually an “A” record, like an alias.

Now before you switch your domain on, you need to check that the server is performing properly. So go to www.dnsreport.com, and run the report on your domain “domainname.com”, and it will give you a very detailed report of any problems, and even a short description of how to fix the problems. If all is OK, then you are ready to go live. If your domain name is new, or not currently hosted anywhere then the first thing you should do is re-point the domain at your new server. You will typically do this with the provider who owns the domain, and it will be different with all hosts. But the basic settings are the same. You will be asked for at least 2 name servers and ip addresses to go with them. Just put in “NS0.domainname.com” and “NS1.domainname.com” and put in the correct IP addresses. Make sure you do not mess this up, as changes to your main NS servers could potentially take several days to straighten themselves out. Update these settings, and then sit back and wait. You can do a whois on the main DNS server of your domain provider to check if the settings have worked, but again this doesn’t always work. For the big 3 domains(.com .net .org) you can do a whois on the network associates site to see the changes instantly. You can also track the progress of the domain changes by doing an NSLookup in dos, like this…

c:\nslookup ns0.domainname.com NS0.yourprovidersdns.com

That will give you the entries your domain provider has

c:\nslookup www.domainname.com ns0.domainname.com

And this will tell you if the changes for your domain have gone through to your ISPs DNS yet. It should give you back the IP address of your new DNS server.

You should always make sure your server is backed up, and that you refresh or update the DNS when you are making changes.

How to set up a server with Apache , PHP , MySQL , Perl , phpMyAdmin

Let’s start by installing apache (http server) . you can download the
apache installer on www.apache.org . download the verion you like ,
even thought , in win systems i recomand verion 2 (this tutorials is
for apache 2) . here is a link for it :

Code:
http://apache.mirror.nedlinux.nl/dist/httpd/binaries/win32/apache_2.0.52-win32-x86-no_ssl.msi

for a faster mirror , visit http://httpd.apache.org/download.cgi .

After downloading the file (.msi installer) , run it . The installation wizard
is a next , next , finish ‘work’ … The installer will ask you some details like
your server name , your server adress and the admin’s mail adress . if
you have a domain name or a hostname , enter the info’s like this :

Code:
Server Name : your_domain.org

Server Adress : www.your-domain.org

Admin Email : admin@yourdomain.org

if you don’t have one , you should get on e free at :

Code:
http://www.no-ip.org/

Check the ‘Run as a service for all users on port 8080’ option and click
next , finish to fiinish the instllation . Advice : Install it in c: (he creates
a folder for it , don’t worry) to make sure you configure it easyer .
If you are finished , open up a browser and write in the adress bar :

Code:
http://localhost/

If you will see a ‘Test Page for Apache Installation’ , everything works .

=====

Let’s install PHP . download the archives from www.php.net . Here is a
direct link for verion 4.3.9 :

Code:
http://nl.php.net/get/php-4.3.9-Win32.zip/from/this/mirror

Make sure you download the archive and not the installer . Ok! after
downloading it , extract the archive in c:/php (this is to simplify paths) .
Now , open up c:/apache/conf/httpd.conf and search for this line :

Code:
#LoadModule ssl_module modules/mod_ssl.so

How To Clear BIOS Information

READ EVEYTHING BEFORE YOU USE ANY METHOD LISTED BELOW

Basic BIOS password crack – works 9.9 times out of ten
This is a password hack but it clears the BIOS such that the next time you start the PC, the CMOS does not ask for any password. Now if you are able to bring the DOS prompt up, then you will be able to change the BIOS setting to the default. To clear the CMOS do the following:
Get DOS prompt and type:
DEBUG hit enter
-o 70 2e hit enter
-o 71 ff hit enter
-q hit enter
exit hit enter
Restart the computer. It works on most versions of the AWARD BIOS.

Accessing information on the hard disk
When you turn on the host machine, enter the CMOS setup menu (usually you have to press F2, or DEL, or CTRL+ALT+S during the boot sequence) and go to STANDARD CMOS SETUP, and set the channel to which you have put the hard disk as TYPE=Auto, MODE=AUTO, then SAVE & EXIT SETUP. Now you have access to the hard disk.

Standard BIOS backdoor passwords
The first, less invasive, attempt to bypass a BIOS password is to try on of these standard manufacturer’s backdoor passwords:
AWARD BIOS
AWARD SW, AWARD_SW, Award SW, AWARD PW, _award, awkward, J64, j256, j262, j332, j322, 01322222, 589589, 589721, 595595, 598598, HLT, SER, SKY_FOX, aLLy, aLLY, Condo, CONCAT, TTPTHA, aPAf, HLT, KDD, ZBAAACA, ZAAADA, ZJAAADC, djonet, %????? ?p??????%, %?????? ?p??????%
AMI BIOS
AMI, A.M.I., AMI SW, AMI_SW, BIOS, PASSWORD, HEWITT RAND, Oder
Other passwords you may try (for AMI/AWARD or other BIOSes)
LKWPETER, lkwpeter, BIOSTAR, biostar, BIOSSTAR, biosstar, ALFAROME, Syxz, Wodj
Note that the key associated to “_” in the US keyboard corresponds to “?” in some European keyboards (such as Italian and German ones), so — for example — you should type AWARD?SW when using those keyboards. Also remember that passwords are Case Sensitive. The last two passwords in the AWARD BIOS list are in Russian.

Flashing BIOS via software
If you have access to the computer when it’s turned on, you could try one of those programs that remove the password from the BIOS, by invalidating its memory.
However, it might happen you don’t have one of those programs when you have access to the computer, so you’d better learn how to do manually what they do. You can reset the BIOS to its default values using the MS-DOS tool DEBUG (type DEBUG at the command prompt. You’d better do it in pure MS-DOS mode, not from a MS-DOS shell window in Windows). Once you are in the debug environment enter the following commands:
AMI/AWARD BIOS
O 70 17
O 71 17
Q
PHOENIX BIOS
O 70 FF
O 71 17
Q
GENERIC
Invalidates CMOS RAM.
Should work on all AT motherboards
(XT motherboards don’t have CMOS)
O 70 2E

IP Spoofing Attack

Internet Protocol i.e IP addresses are unique and used for digital data communication for internet. Any mailing system or website technology works on the same principle of digital communication.

IP Spoofing
IP Spoofing

Every computer connected to Network have its unique IP address.

When Person A sends an email  to person B, The mail is assigned with the header which contains the IP’s of sender and Reciver so that mail can go to the same person B and not to some one else.

Now in a private network for security reasons limited mails are accpeted from reserved IP’s.

In Simple word only internal communication can be worked. Person from outside can’t send mail in that network.

So if attacker wants send the mail inside, He will spoof the IP.

He first will sniffs the data packets in the internal communication adn steal some internal email.

Then he will perform changing in header of the mail. he will change content of the mail and send this mail to network again.

System cant provide security against this because it have internal fake IP.

This is how fake IP  is created and attack of spoofing is done.

Thank You all For Reading.

The Flow of Packet Swithching

 

Data is transmitted from source to destination by packet switching. So what exactly is packet switching.

 

In simple words when you send message through an email the message is broken into chunks of small size and then they travel to destination and again get recombined there, and message is displayed to that user.

 

Just take a look at ‘Figure 1’ –

We have to send message from A to B. we have to make wired communication between them. If distance is 2-3 miles it is possible to do it.

 

But what if I wanted to send message from India to China, is it possible to place wire between every computer? – No way, therefore packet switching is used.

 

In figure 2 –

I have to send data from source A to destination H. Then my data first goes to B then to C, D, G and then to H. The data packets get sent and received to many mid stations (C, D, and G). The same process of breaking chunks and joining repeated through all these points.  The Source and destinations are almost 5000 miles away, still data got transmitted in through other addresses.

 

          Packet switches are named differently as routers, gateways, bridges etc. Some of its advantages are.

 

1. All the data chunks travel through same or different paths but gathers at same address. 

2. The maximum size of packet if kept limited, buffer management becomes simpler.

3. If one chunk is missed in the transfer, for error recovery only one chunk need to be re transmitted.

 

 

So this is how packet switching takes place in the internet world. But thing to notice is that data transfer tries to cover shortest path to reach destination as you can see in Fig.2 that data did not transmitted through E and F. So with the help of packet switching data transfer takes place intelligently and efficiently.

 

Amol Wagh

Virus On Facebook

If you receive an email from a friend titled “You’ve been catched on hidden cam, LOL:
With the link (DO NOT CLICK)

ttp://myvideo.d9.pl/?a=F0F

2EFE6E9ECE5AEE1EBAEE6E1E3E5E2EFEFEBAEE3EFEDAF..
F6B2B2B2AFB1B7B6B6AFB1B0B5AFF1B7B3B6B7B5B0B4B2B1DFB9B0B8B2AEEAF0E7&b=..
D4E5F2E5F3E1A0D2EFF4E9&v=07&s=fb..

It’s a virus

Update your virus scanners to be protected. (AVG is Good)

Happy Surfing.