Tutorial Proggraming Free

tutorial - SQL Injection Tool - sqlninja

Sqlninja is a tool to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered.

Features:

The full documentation can be found in the tarball and also here, but here's a list of what the Ninja does:

* Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, DB authentication mode)

* Bruteforce of 'sa' password (in 2 flavors: dictionary-based and incremental)

* Privilege escalation to sysadmin group if 'sa' password has been found

* Creation of a custom xp_cmdshell if the original one has been removed

* Upload of netcat (or any other executable) using only normal HTTP requests (no FTP/TFTP needed)

* TCP/UDP portscan from the target SQL Server to the attacking machine, in order to find a port that is allowed by the firewall of the target network and use it for a reverse shell

* Direct and reverse bindshell, both TCP and UDP

* DNS-tunneled pseudo-shell, when no TCP/UDP ports are available for a direct/reverse shell, but the DB server can resolve external hostnames (check the documentation for details about how this works)

* Evasion techniques to confuse a few IDS/IPS/WAF

Prerequisites

In order to use sqlninja, the following Perl modules need to be present:

* NetPacket

* Net-Pcap

* Net-DNS

* Net-RawIP

* IO-Socket-SSL

download Sqlninja here

Free, facebook, tips, Links, blogging, Downloads, Google, facebookTips, money, news, apps, Social, Media, Website, Tricks, games, Android, software, PIctures, Internet, Security, Web, codes, Review, bloggers, SAMSUNG, Worldwide, Contest, Exitic, Phones, facebookTricks, hacking, London, Olympics, SEO, Youtube, iOS, Adsense, gadgets, iPHONE, widgets, Doodle, twitter, video, Deals, technology, Aircel, Airtel, iPAD, Angry, Birds, BSNL, TechLife, GMAIL, Idea, Microsoft, SmartPhones, Stress, Buster, Windows, Yahoo, Infolinks, Nokia, Scam, Uninor, browsers, Amazon, Euro, CUP, Chat, IDM, JOBS, Modem, Music, Reliance, Results, SSC, Tata, Docomo, bing, freebie, mobile, placements, AIEEE, AlertPay, Chrome, College, Competetive, Exam, Dehradun, Extension, FireFox, GPRS, HTC, IMPACT, Info, MTS, Mark, Zukerberg, Paypal, Promotional, Post, Torrent, UTU, Unlocking, VodaFone, Wall, Paper, apple, books, engineering, iCAR, iTunes, pinterest, rovio, AVG, Admit, Card, Adobe, Affiliate, Marketing, Akhilesh, Amul, Girl, BlackBerry, ChromeBook, Clixsense, Coupon, Digitallife, Discovery, Emoticons, Festival, GATE, GIMP, Income, Tax, International, JSS, JailBreaking, Kindle, Linux, Local, MAX, PAYNE, Mac, Mango, Memory, Speed, Nexus, Online, Shopping, Raakhi, Report, Rising, Stars, Sample, Science, Sony, Syllabus, TabletBooK, Teamviewer, Templates, Dark, Knight, Rises, USA, UPMT, Virgin, Xperia, ZTE, challan, counselling, course, btech, funny, iMOVE, registration

source:http://linuxpoison.blogspot.com/2008/04/13578175806071.html

tutorial - Call For Open Source Awards 2008 Nominations

For the 4th year running, Google and O’Reilly will present a set of Open Source Awards at OSCON 2008. The awards recognize individual contributors who have demonstrated exceptional leadership, creativity, and collaboration in the development of Open Source Software. Past recipients for 2005-2007 include Doc Searls, Jeff Waugh, Gerv Markham, Julian Seward, David Heinemeier Hansson, Karl Fogel, David Recordon, and Paul Vixie.

The nomination process is open to the entire open source community, closing May 15th, 2008. Send your nominations to osawards AT oreilly DOT com. Nominations should include the name of the recipient, any associated project/org, suggested title for the award (”Best Hacker”, “Best Community Builder”, etc.), and a description of why you are nominating the individual. Google and O’Reilly employees cannot be nominated.

source:http://linuxpoison.blogspot.com/2008/04/135781758018354.html

tutorial - Discovering and Hacking Bluetooth

Discovering Bluetooth Devices

BlueScanner - BlueScanner searches out for Bluetooth-enabled devices. It will try to extract as much information as possible for each newly discovered device. Download BlueScan.

BlueSniff - BlueSniff is a GUI-based utility for finding discoverable and hidden Bluetooth-enabled devices. Download BlueSniff.

BTBrowser - Bluetooth Browser is a J2ME application that can browse and explore the technical specification of surrounding Bluetooth-enabled devices. You can browse device information and all supported profiles and service records of each device. BTBrowser works on phones that supports JSR-82 - the Java Bluetooth specification. Download BTBrowser.

BTCrawler -BTCrawler is a scanner for Windows Mobile based devices. It scans for other devices in range and performs service query. It implements the BlueJacking and BlueSnarfing attacks. Download BTCrawler.

Hacking Bluetooth Devices

BlueBugger -BlueBugger exploits the BlueBug vulnerability. BlueBug is the name of a set of Bluetooth security holes found in some Bluetooth-enabled mobile phones. By exploiting those vulnerabilities, one can gain an unauthorized access to the phone-book, calls lists and other private information. Download BlueBugger.

CIHWB - Can I Hack With Bluetooth (CIHWB) is a Bluetooth security auditing framework for Windows Mobile 2005. Currently it only support some Bluetooth exploits and tools like BlueSnarf, BlueJack, and some DoS attacks. Should work on any PocketPC with the Microsoft Bluetooth stack. Download CIHWB.

Bluediving - Bluediving is a Bluetooth penetration testing suite. It implements attacks like Bluebug, BlueSnarf, BlueSnarf++, BlueSmack, has features such as Bluetooth address spoofing, an AT and a RFCOMM socket shell and implements tools like carwhisperer, bss, L2CAP packetgenerator, L2CAP connection resetter, RFCOMM scanner and greenplaque scanning mode. Download Bluediving.

Transient Bluetooth Environment Auditor - T-BEAR is a security-auditing platform for Bluetooth-enabled devices. The platform consists of Bluetooth discovery tools, sniffing tools and various cracking tools. Download T-BEAR.

Bluesnarfer - Bluesnarfer will download the phone-book of any mobile device vulnerable to Bluesnarfing. Bluesnarfing is a serious security flow discovered in several Bluetooth-enabled mobile phones. If a mobile phone is vulnerable, it is possible to connect to the phone without alerting the owner, and gain access to restricted portions of the stored data. Download Bluesnarfer.

BTcrack - BTCrack is a Bluetooth Pass phrase (PIN) cracking tool. BTCrack aims to reconstruct the Passkey and the Link key from captured Pairing exchanges. Download BTcrack.

Blooover II - Blooover II is a J2ME-based auditing tool. It is intended to serve as an auditing tool to check whether a mobile phone is vulnerable. Download Blooover II.

BlueTest - BlueTest is a Perl script designed to do data extraction from vulnerable Bluetooth-enabled devices. Download BlueTest.

BTAudit - BTAudit is a set of programs and scripts for auditing Bluetooth-enabled devices. Download BTAuding.

source:http://linuxpoison.blogspot.com/2008/04/135781758019973.html

tutorial - Forward Squid traffic to secure tunnel (SSH)

When Squid is installed and running, it uses port 3128 by default. You should test it manually by setting your HTTP proxy to the server that runs Squid. For instance, in Firefox to go Tools -> Options -> Advanced -> Network -> Settings and enter the IP address or host of the Squid proxy (e.g. 192.168.0.100) and 3128 for the port. Try to load any web page. If you see an access denied error, check out the http_access configuration in the squid configuration file.

Once Squid is all set and ready to go, you need to forward your connection to it over SSH. To set the tunnel up on your Windows laptop, download Plink, a command-line version of Putty SSH client, and run this command:

plink.exe -batch -N -l UserName -pw Password -L 3128:localhost:3128 SSH_Server

On Unix-based systems, simply run this command:

ssh -L 3128:localhost:3128 SSH_Server -f -N

Finally, tell your browser to use the SSH tunnel as a proxy. Basically you need to change the host to localhost and the port number to 3128 (See below).

source:http://linuxpoison.blogspot.com/2008/04/1357817580611.html

tutorial - Underground hacking/cracking Magazine - Phrack

You can read the latest release of the underground magazine Phrack from their website. For those among us who are not very familiar with phrack or underground magazine scene. Phrack has been around since 1985, well over 20 years, and has been the leading underground hacking/cracking ezine out there. Some notable facts about phrack (taken from wikipedia):

The Mentor’s Hacker Manifesto, which has been an inspiration to young hackers since the 1980s, was published in the 7th issue of Phrack.

Aleph One’s Smashing The Stack For Fun And Profit, published in issue 49, is the “classic paper” on stack buffer overflows, partly responsible for popularizing the vulnerability.

* Several regular columns are present in most issues of Phrack, such as:
* Prophile - the presentation of a very influential character from the hacking underground.
* Loopback - answers to the most original (or stupid) emails received by the phrack staff.
* Phrack World News - a compilation of reports on the latest counter-culture events.
* International Scene - a compilation of testimonies from hackers all around the world focusing on national and international activities.

You can read more about phrack history here and here.

[Source of this article: Here]

source:http://linuxpoison.blogspot.com/2008/04/13578175804460.html

tutorial - How To add another disk to running Linux system

In this example we will fdisk the disk attached to our 2nd array controller.

1. fdisk the new drive
* fdisk /dev/sda
* Make a new partition using fdisk (/dev/sda1)

2. format the new partition using mkfs
* mkfs -t ext3 /dev/sda1
* Note, if you will be storing lots of small files, you may need to increase the inode count. You do this when you format the drive. The default count of inodes will be good for most people.

3. Make a new directory to mount your new space to
* mkdir /newspace
* Note: If moving a current filesystem over to this new space, you will need to first mount the new space to a temporary mount point, move all the contents to it, then unmount that temporary mount point, and finally add an entry in /etc/fstab so it will mount automatically on bootup.

4. Have the new drive mount automatically
* vi /etc/fstab
* make a copy of an existing line
* change this new line to match your partition number

5. Test that your partition mounts ok according to the changes you made in /etc/fstab
* mount /dev/sda1 /newspace

source:http://linuxpoison.blogspot.com/2008/04/135781758017147.html

tutorial - sync users' Samba passwords with their system passwords

The pam_smbpass PAM module can be used to sync users' Samba passwords with their system passwords when the passwd command is used. If a user invokes the passwd command, the password the uses to log in to the system as well as the password he must provide to connect to a Samba share are changed.

To enable this feature, add the following line to /etc/pam.d/system-auth below the pam_cracklib.so invocation:

password required /lib/security/pam_smbpass.so nullok use_authtok try_first_pass

source:http://linuxpoison.blogspot.com/2008/04/135781758011734.html

tutorial - Transfer Linux user to Samba users

To configure Samba on your Red Hat Linux system to use encrypted passwords, follow these steps:

1. Create a separate password file for Samba. To create one based on your existing /etc/passwd file, at a shell prompt, type the following command:

# cat /etc/passwd | mksmbpasswd.sh > /etc/samba/smbpasswd

If the system uses NIS, type the following command:

# ypcat passwd | mksmbpasswd.sh > /etc/samba/smbpasswd

The mksmbpasswd.sh script is installed in your /usr/bin directory with the samba package.

2. Change the permissions of the Samba password file so that only root has read and write permissions:

# chmod 600 /etc/samba/smbpasswd

3. The script does not copy user passwords to the new file, and a Samba user account is not active until a password is set for it. For higher security, it is recommended that the user's Samba password be different from the user's Red Hat Linux password. To set each Samba user's password, use the following command (replace username with each user's username):

# smbpasswd username

4. Encrypted passwords must be enabled in the Samba configuration file. In the file smb.conf, verify that the following lines are not commented out:

encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd

5. Make sure the smb service is started by typing the command service smb restart at a shell prompt.

source:http://linuxpoison.blogspot.com/2008/04/135781758011229.html

tutorial - How To do SHA-1 checksum

SHA-1 is the successor of MD5 ( Read about MD5 here ) is a tool to check the integrity of your downloads.
The SHA-1 algorithm is the brainchild of the US-based National Security Agency (NSA)

Basically it works the same as the MD5, a SHA-1 file is available on the download server where you downloaded your ISOs and when opening it you will see a string of numbers that you compare to the output of the command:

CODE: $ sha1sum /home/Nikesh/downloaded.iso

The string you get from this command typically looks like:

QUOTE
f560f26a32820143e8286afb188f7c36d905a735

You compare it to the string you find in the SHA-1 file on the download server. If both of them are identical you can be sure your downloaded ISO is okay and you can burn it to a CD.

source:http://linuxpoison.blogspot.com/2008/04/135781758012247.html

tutorial - How to change the login banner/message

The login banner is essential to legal actions taken against people who misuse and illegally hack into your box. There have been cases where the hackers got off because the server they hacked into actually “Welcomed” them into the system!

To change the login banner/welcome message, simply edit the /etc/issue file and put whatever you want into this file, best option is to keep it empty.

#vi /etc/issue

source:http://linuxpoison.blogspot.com/2008/04/13578175809121.html

tutorial - How to hide PHP version Information

You should hide php banner information from being displayed so the attackers are not aware of what version of PHP version you are running and thus making it more difficult for them to exploit any system holes and thus making vulnerability scanners work harder and in some cases impossible without knowing banner information.

How To:
Modify php.ini
Change the expose_php line to: expose_php=Off
Notice: You may need to restart Apache.

source:http://linuxpoison.blogspot.com/2008/04/13578175806580.html

tutorial - How To hide Apache version Information

You should hide apache banner information from being displayed so the attackers are not aware of what version of Apache version you are running and thus making it more difficult for them to exploit any system holes and thus making vulnerability scanners work harder and in some cases impossible without knowing banner information.

How To:
Modify /etc/httpd/conf/httpd.conf
Change the ServerSignature line to: ServerSignature Off
Change the ServerTokens line to: ServerTokens Prod
Restart Apache: /sbin/service httpd restart

source:http://linuxpoison.blogspot.com/2008/04/135781758018214.html

tutorial - Disable Root SSH Login on Linux

One of the biggest security holes you could open on your server is to allow directly logging in as root through ssh, because any cracker can attempt to brute force your root password and potentially get access to your system if they can figure out your password.

It's much better to have a separate account that you regularly use and simply sudo to root when necessary. Before we begin, you should make sure that you have a regular user account and that you can su or sudo to root from it.

To fix this problem, we'll need to edit the sshd_config file, which is the main configuration file for the sshd service. The location will sometimes be different, but it's usually in /etc/ssh/. Open the file up while logged on as root.

vi /etc/ssh/sshd_config

Find this section in the file, containing the line with "PermitRootLogin" in it.

#LoginGraceTime 2m
#PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6

Make the line look like this to disable logging in through ssh as root.

PermitRootLogin no

Now you'll need to restart the sshd service:

/etc/init.d/sshd restart

Now nobody can brute force your root login, at least.

source:http://linuxpoison.blogspot.com/2008/04/13578175806996.html

tutorial - Brute Force Detection

BFD is a modular shell script for parsing applicable logs and checking for authentication failures. There is not much complexity or detail to BFD yet and likewise it is very straight-forward in its installation, configuration and usage. The reason behind BFD is very simple; the fact there is little to no authentication and brute force auditing programs in the Linux community that work in conjunction with a firewall or real time facility to place bans. To use BFD you must have APF Firewall installed first.

How To:
Download BFD: wget http://www.r-fx.ca/downloads/bfd-current.tar.gz
[Check here if you want to know how to install the software from source]
After the installation is complete you will receive a message saying it has been installed.
Next we will have to configure the firewall: vi /usr/local/bfd/conf.bfd
Find the following lines and replace them with your details:
# Enable/disable user alerts [0 = off; 1 = on]
ALERT_USR="1"
#
# User alert email address
EMAIL_USR="your@mail.com"
#
# User alert email; subject
SUBJ_USR="Brute Force Warning for $HOSTNAME"
#
Now you should put your ip address to allow hosts so you will not accidentally lock yourself out.
vi /usr/local/bfd/ignore.hosts and put your ip address.
Now we are ready to start the BFD system: /usr/local/sbin/bfd –s
For more configuration options you are suggested to read the README.

source:http://linuxpoison.blogspot.com/2008/04/135781758015461.html

tutorial - How to run a crontab entry as "nobody"

Here's a quick example of how to run a program on a Linux system through a crontab entry, with the program being executed as the user nobody.

Just put this entry in a crontab file (by issuing the "crontab -e" command, for example), and the program named myProgram.sh will be run at 1:30 a.m. using the Bourne shell, and will be run as the user nobody.

30 1 * * * su -c '/path/to/program/myProgram.sh' -s /bin/sh nobody

Of course testing is always recommended, but this has worked for me.

source:http://linuxpoison.blogspot.com/2008/04/135781758015137.html

tutorial - How to run a Unix/Linux job in the background when you log off (nohup)

So you want to log off and go home for the night, but you need to run a job that's going to take a couple of hours? Fear not, the nohup command will help you out.

As a simple example, assume that you have a command named RunningJob.sh that you want to run, but you know if will take over three hours to run. Just submit the job using the nohup ("no hang up") command as shown below, and you should be good to go:

nohup myLongRunningJob.sh &

Of course make sure you test your program to know that it is really set up properly, otherwise you'll be in for a disappointment in the morning. Other than that, if your command is set up properly, the nohup command should do the trick for you. You can safely log out, and find your results waiting for you in the morning.

source:http://linuxpoison.blogspot.com/2008/04/135781758019691.html

Labels