Monday, 8 November 2010

VMWARE


Why VMware ?

There are many reasons for using VMware.
Primarily as hackers we want to be able to protect ourselves from other hackers at all times.
The other reason being that as hackers we would be doing a lot of experimenting and using a lot of software that might not be tested properly. So, basically to protect our PCs from these threats we can use VMware.

Advantages:-
  1. Network Isolation :- Hide from other hackers. We can configure VMware to communicate only to a specific machine, while performing some isolated tasks.
  2. Hardware Consolidation :- VMware is a good choice instead of spending time and money on different physical computers. Different virtual machines can run on the same host OS, that means we can have more than one Guest OS running on our PC.
  3. Performance :– Virtual Machines run simple and common tasks pretty well. Shared resource enhances performance of the physical computer also.
  4. Testing :-  Usually production work is not done on virtual machines. It is used mostly for different tools and experimenting with them, thus if something goes wrong, we can isolate any damage that can happen.
  5. Snapshots :-Snapshot is a feature of VMware. Snapshot is like a backup of the machine. Just like rollback, snapshot takes the machine to a previous saved state. So, if accidently the machine crashes or loses some system files, then we can restore the machine from the snapshot saved previously.
  6. Pause/Resume :- VMWare also comes with the feature where you can pause the Guest OS and then resume it later from the same state.
 
  1.  Download :- www.vmware.com VMware Player is free, while VMware Workstation requires license and is also available as an evaluation version. VMware Player comes with less features than VMware Workstation. Registration is required for downloading the software.
  2. Install :- Installation is a simple next-next process. Installation options for network are:
    a)      Bridged networking – It gives the same direct access as physical network to the guest OS.  Each guest OS will have an IP address of its own.
    b)      NAT  - Host OS will have the physical IP on network. And guest OS will have private IP, they can connect to the network through the host IP.
    c)       Host only - Guest OSs will be able to connect to each other but not even the host or the network.
    d)      No connection
  3.  Host OS is the main OS running on the physical machine. 
  4.  Guest OS is the OS running on a virtual machine. 
  5.  VMWare Tools :-  VMware Tools can be installed after the guest OS is installed. It adds some extra features, such as moving the mouse easily from guest to host.
  6. Changing Views :- There are a variety of options that VMware guest OS can be viewed in. 

Introduction to Wireless LAN Principles

PART I

1) Wireless Spectrum
2) Frequency
3) Amplitude
4) Free Path Loss Model
5) Absorption
6) Reflection
7) MultiPath

1) WIRELESS SPECTRUM
RF Bandwidth:-
* Bandwidth is what we get is accomplished by emitting data as electronic signals, and we place data on these RF signals by using Modulation Techniques. Modulation is the process of adding data to the carries signal.

* Spread Spectrum is method for modulation. It is used by ISM BANDS.
ISM BANDS :- Unlicensed Industrial, Scientific and Medical Bands (900MHz-2.4GHz) 
(5GHz - Unlicensed National Information Infratructure [UNII BAND])

* B/W means of acutal DATA RATE or [Width of RF Channel] --> For us

* B/W is measured in Hertz = Cycles per sec

* Radio Waves :-  Are used to send infiormation in a wide variety of fashion (eg. AM, FM).
It is elctromagnetic field that radiates from the sender, and propogates to the reciever
that revieves the energy.

* Hz expreses how often a wave happenes. Cycles per second
Wave Category :-  Lowest -> Sonic
Higest -> Gamma Ray
900MHz - 5Ghz -> Wireless


2) FREQUENCY - How often a signal is seen ?
   
* Wavelength - The distance the signal travels in a single cycle
Shorter wavelength signal has more freqency, since it travels more times in a second than signal with longer wavelength.

Eg:- 6 cycles/sec = 6Hz
Lower freq signals travels farther than higher freq.

RF signals are generated by Transmitter, sent through a cable to an antenna,
where it is radiated in the form of electromagnetic wireless signals.

Impact of obstacle on a signal depends wavelength and also the obstacle.


3) AMPLITUDE

This is the strength of the signal. Level of energy injected into 1 cycle. More energy -> Higher Amplitude
Height or vertical distance between the crest of signal. Y -> Gamma
       
           Active -> Increasing the amplitude
              /
i) Amplification 
   -------------
              \
           Passive -> done by focusing the energy into a single direction by a special antenna

ii) Attenuation --> Decreasing the amplitude
    -----------

Amplitide Modulation (AM) - Amplitude that is modified dynamically by transmitter
Frequncy Modulation (FM) - Modifying  the frequency of signal to encode the information  


4) FREE PATH LOSS
 
Amount of energy is going to decrease as the distance increases for the signal.
Quantity of energy available at each point is going to be less the farther out you get.
This wave propogation attenuation.

The loss of energy is simply due to the distance (since energy is dispersed), and not because of any obstacle blocking the signal.


5) ABSORPTION
   
Absorption is going to take energy from this wave.
Energy is dissipited as heat from the object. Frequency stays same


6) REFLECTION
Wave bounces uniformly out of a regular flat surface, paritally reflect and absorb the signal
Reflection depends on the frequncy and the angle of signal.


7) Multi-Path
   
Multi-path happens when a signal is going to reflect off of surfaces.
So, delayed multiple copies of the same signal is hitting the reciever.
This makes the signal weak.


PART II


1) Scattering
2) Refraction
3) Line of Sight (LOS)
4) Fresnel zone
5) RSSI
6) SNR

1) Scattering
  
Scattering will have an effect on the signal quality, coz the recieved result of the signal is going to be weaker,
coz some of it was send in other directions along the path, and also because of the attenuation.
Caused by :- dust, humidity (water), surface, humans, leaves etc

Its effect depends on frequency.
Two major effects are :-
i) Degradtion of wave strength and quality of the signal
ii) Uneven signal quality


2) Refraction  

Mostly occurs outdoors (not much indoor).
Refraction happens when wave changes direction (from one medium to another).


3) Line of Sight (LOS)
  
A building or wall might cause absorption hence attenuation, that may prevent the comm.
At 6 feet the horizon appears at 10KMs.


4) Fresnel zone  
Augustine Fresnel was a physicist.

60% of the 1st zone of the Fresnel Zone should be interference free (80% recommended).
Mainly for outdoors.


5) RSSI  
Recieved Signal Strength Indicator (Unit -> dBm)

We express RSSI as a relative value determined by the recieving LAN Card.
It is a grade value between 0-255

It is used to compare the signal to itself in different locations.
Typically expressed as a -ve value. The closer to zero, the better.


6) SNR
  
Signal to Noise Ratio.

It tells us how much stronger the signal is than the noise.
The more the better.


* LINK BUDGET  
The accumulation of all of the losses from the sender to the recievers transmitter.
It tells us how much power we need to send for the reciever to interpret it.
Applied only for outdoor networks.

Wednesday, 3 November 2010

5-steps of a Hack !!!

1) Reconnaissance :- The first stage of any attack is “reconnaissance”. It involves information-gathering behaviors that aim to profile the target organization or network for the effective attack tactics This usually includes public data. This is where we are doing our foot-printing, so that we can identify, what the network looks like, what the organization looks like, where we can identify potential vulnerabilities. It all starts with Passive Reconnaissance.
    - Passive :- It can simply be browsing the web, collecting information, try directory browsing.
    - Active :- This is going to be a major part of this phase, where we use network tools, identify weakness in the company.

2. Vulnerability/Scanning :- Network scanning is a procedure for identifying active hosts on a network, either for the purpose of attacking them or for network security assessment. In scanning phase we identify the potential weaknesses like open ports, using scanning tools such as NMAP.

3. Penetration / Gaining Access :- For example if the connection is not secure, anyone can use a packet sniffer and snatch passwords right off the air.

4. Maintaining Access :- Once we gain access, then create another account with domain level account privileges if root is known. Also we can install Trojan horse program or backdoors to maintain access.

5. Covering Tracks :- This is the last & final stage where a hacker covers the track of any records or logs showing his malicious behavior. Because in reality if the IT department found out that a hacker is trying to access their network, they would shutdown the IP address, and try to identify some other things about the attack.

Tuesday, 2 November 2010

Basic Terms

Certified Ethical Hacker or Penetration Tester is someone who uses same hacking techniques to test the security of an organization that an actual hacker would use to be able to compromise it. The difference basically comes down to motive.

       One of the definition of a hacker is, somebody who enjoys learning the details of computer systems and how to stretch out their own capability; as opposed to just generic users, who only want to learn the minimal amount necessary.

Hacker  -  A hacker is a person who modifies something to perform in a way that differs from its original design or intent. That doesn’t always refer just to computer issues, but that’s typically how we think of it today.

Cracker -  A cracker is defiantly someone who is typically viewed as someone who hacks into a computer for offensive purposes. A cracker is still a kind of hacker.

Ethical Hacker - Ethical Hacker is a security professional who uses hacking skills for defensive purposes.

White Hat - An ethical hacker should always be a white hat hacker. This is a hacker with defensive security intentions. In the past ethical hackers were referred to as white hat hackers.

Black Hat - Black Hat Hacker is a hacker with malicious or destructive intentions, somewhat synonym with a cracker.

Grey Hat – It is a combination between a white hat and a black hat hacker. Typically a grey hat hacker is a person who alternates roles as a white hat or black hat hacker. I really think most white hat or ethical hackers are really grey hat hackers.

Script Kiddy - This is somebody who uses hacker’s tools indiscriminately or unskillfully, and they never come up with anything original. They just take a bunch of tools and keep launching them against a target, because they don’t really know what else to do.
                          Regarded as a highly insulting term.

Hacktivism - For example: A Hacktivist will typically deface a website to make their point.

Vulnerability – It is simply a weakness that could lead to compromised security.

Exploit - An exploit is a defined method of hacking a vulnerability, or it’s a proof of concept.

0Day - An unreported exploit. The person who comes up with the exploit first has come up with a 0Day. They are the originator of an exploit against a vulnerability.

*********************************************************************************************************
           Penetrate only what you have permission to penetrate.

Friday, 29 October 2010

BackTrack 4 Linux Security Distribution

BackTrack is one of the most popular Linux security distributions and rightly so.
It is specially suited for penetration testing, with more than 300 tools available for the task. These tools are the best in the industry and are continuously revised. All of the tools are freeware including BackTrack.
It  has a full suite of the best free hacking applications that are pre-configured, so you don’t waste your time in setting up the tools.

BackTrack is based on Ubuntu. This means good stability and hardware detection and a whole lot of software that can be easily obtained. It's a one stop shop for a penetration tester. I would recommended any security professional to keep a live CD of BackTrack with him at all times.

I would suggest going through the BackTrack 4 review.

The official site for BackTrack is http://www.backtrack-linux.org/.
Latest version of BackTrack can be downloaded here:- http://www.backtrack-linux.org/downloads/

It has available as Live CD (ISO Image) as well as VMware Image.
For lab purposes and from a learning point of view, the VMware image is highly recommended.
After downloading the VMware image of BackTrack, you can instantly get started with it.
It can be run on VMware Workstation or the VMware Player.

But the Live CD is also equally good, which can be used to install BackTrack on a physical HardDrive, or on a pendrive or just running it live.

For downloading, I would suggest torrent download if you do not have a high speed net connection.

This was just to introduce you to one of the most important tools for an ethical hacker.
Installation instructions will be posted later along with steps for setting up a personal
hacking lab.

******************************************************************************
The quieter you become, the more you are able to hear…”

Thursday, 28 October 2010

Security Certifications and Institutes

Without getting into the argument over the value of certifications or college degrees,  let me just state that :-

1. Certifications and Degrees do not prove anything, other than that you can take exams.

2. Certifications and degrees are often necessary to get past Human Resources (HR),   so you can get a interview.

3. All else being equal, certifications and degrees are the differentiators between employees and can improve your chances of a raise, promotions or provide an escape from a layoff.

Anyways, there is no real good reason except maybe financial for not doing a certification.
Generally, nowadays the price for Security Certifications are pretty steep in India.

For beginners the EC-Council's Certified Ethical Hacker (CEH) is one of the best.
Check here for more details:- https://www.eccouncil.org/certification/certified_ethical_hacker.aspx 

The curriculum for CEH is suited for beginners and it gives an overall knowledge about the subject. And even though there are some better certifications available from other organizations, I think that a beginner should start with CEH.

CBT Nuggets have a great video tutorial series for CEH. Hereis the link :- http://www.cbtnuggets.com/series?id=250
A search on www.HotFile.com will get you some good results for this videos.
Very highly recommended.

If not the certification for CEH, beginners should at least complete the course curriculum for CEH if you can get your hands on the video series. It is pretty basic stuff and a must for beginners.

Check out these links for other highly recommended certifications such as CISA, CISM, and CISSP although these are pretty advanced level and requires some experience as a prerequisite:-

http://www.isaca.org/CERTIFICATION/Pages/default.aspx

https://www.isc2.org/credentials/default.aspx

One other recommended certification is from C-DAC called CCCSP :-
http://elearn.cdac.in/eSikshak/help/English/eSikshak/CCCSP.html

This is available with or without training. It is held only twice a year. This course could be valuable for entry-level candidates since C-DAC has very good placement assistance and C-DAC also has Government support.

C-DAC has examination centers in Mumbai, Pune, Hyderabad and some other cities in India.

Pillai's Institute at Panvel in Navi Mumbai has a Cyber Security Division offering several courses in collaboration with Mile2 Security.

CPEH from Mile2 would a good choice. The links are :-

http://www.pillaiscyber.ac.in/

http://www.pillaiscyber.ac.in/CPEH.htm

http://www.mile2.com/outlines/CPEH_Outline.pdf


Mile2 has some of the best certifications and trainers available :-
http://mile2.com/Menu_Landing_Pages/courses_a_training_titles.html

Recommended Mile2 Certifications are :

1. CISSO
2. CSLO - 12 months IT experience required.
3. CSWAE (Certified Secure Web Application Engineer)
                This is the best one to get started in Web Application Security. It also does not have any prerequisites.
Link for CSWAE :- http://mile2.com/Course_Outlines/certified_secure_web_application_engineer.html

Here is a review of a Mile2 class:- http://www.ethicalhacker.net/content/view/9/2/

The Institute of Information Security also provides good training for various certifications. They also have their own security course. They have a centre at Andheri in Mumbai.

They are operated by Network Intelligence India, and chances of placement with NII is good.

Still, besides the certifications and the trainings, passion for knowledge is of outmost important, especailly for a field like ethical hacking and penetration testing.

**************************************************************************************

      "Begin nothing until you have considered how it is to be finished" – Russian Proverb

Thursday, 21 October 2010

What is Mogambo ??

The word 'Mogambo' is taken from one of the local dialects of Swahili in Kenya, called kikuyu (the biggest tribe in Kenya), it means 'warning signal'. Back in the feudal old days local tribes used to put guards at the edge of the villages to look out for enemy tribes coming to attack. So, whenever these were spotted, the watcher would alert the village by raising a warning signal (mogambo!!). This could be in the form of a shriek, drumbeat or blowing of a large horn.

Apparently, "Mogambo" also means "big gorilla" in Swahili.