Monday, 8 November 2010

VMWARE


Why VMware ?

There are many reasons for using VMware.
Primarily as hackers we want to be able to protect ourselves from other hackers at all times.
The other reason being that as hackers we would be doing a lot of experimenting and using a lot of software that might not be tested properly. So, basically to protect our PCs from these threats we can use VMware.

Advantages:-
  1. Network Isolation :- Hide from other hackers. We can configure VMware to communicate only to a specific machine, while performing some isolated tasks.
  2. Hardware Consolidation :- VMware is a good choice instead of spending time and money on different physical computers. Different virtual machines can run on the same host OS, that means we can have more than one Guest OS running on our PC.
  3. Performance :– Virtual Machines run simple and common tasks pretty well. Shared resource enhances performance of the physical computer also.
  4. Testing :-  Usually production work is not done on virtual machines. It is used mostly for different tools and experimenting with them, thus if something goes wrong, we can isolate any damage that can happen.
  5. Snapshots :-Snapshot is a feature of VMware. Snapshot is like a backup of the machine. Just like rollback, snapshot takes the machine to a previous saved state. So, if accidently the machine crashes or loses some system files, then we can restore the machine from the snapshot saved previously.
  6. Pause/Resume :- VMWare also comes with the feature where you can pause the Guest OS and then resume it later from the same state.
 
  1.  Download :- www.vmware.com VMware Player is free, while VMware Workstation requires license and is also available as an evaluation version. VMware Player comes with less features than VMware Workstation. Registration is required for downloading the software.
  2. Install :- Installation is a simple next-next process. Installation options for network are:
    a)      Bridged networking – It gives the same direct access as physical network to the guest OS.  Each guest OS will have an IP address of its own.
    b)      NAT  - Host OS will have the physical IP on network. And guest OS will have private IP, they can connect to the network through the host IP.
    c)       Host only - Guest OSs will be able to connect to each other but not even the host or the network.
    d)      No connection
  3.  Host OS is the main OS running on the physical machine. 
  4.  Guest OS is the OS running on a virtual machine. 
  5.  VMWare Tools :-  VMware Tools can be installed after the guest OS is installed. It adds some extra features, such as moving the mouse easily from guest to host.
  6. Changing Views :- There are a variety of options that VMware guest OS can be viewed in. 

Introduction to Wireless LAN Principles

PART I

1) Wireless Spectrum
2) Frequency
3) Amplitude
4) Free Path Loss Model
5) Absorption
6) Reflection
7) MultiPath

1) WIRELESS SPECTRUM
RF Bandwidth:-
* Bandwidth is what we get is accomplished by emitting data as electronic signals, and we place data on these RF signals by using Modulation Techniques. Modulation is the process of adding data to the carries signal.

* Spread Spectrum is method for modulation. It is used by ISM BANDS.
ISM BANDS :- Unlicensed Industrial, Scientific and Medical Bands (900MHz-2.4GHz) 
(5GHz - Unlicensed National Information Infratructure [UNII BAND])

* B/W means of acutal DATA RATE or [Width of RF Channel] --> For us

* B/W is measured in Hertz = Cycles per sec

* Radio Waves :-  Are used to send infiormation in a wide variety of fashion (eg. AM, FM).
It is elctromagnetic field that radiates from the sender, and propogates to the reciever
that revieves the energy.

* Hz expreses how often a wave happenes. Cycles per second
Wave Category :-  Lowest -> Sonic
Higest -> Gamma Ray
900MHz - 5Ghz -> Wireless


2) FREQUENCY - How often a signal is seen ?
   
* Wavelength - The distance the signal travels in a single cycle
Shorter wavelength signal has more freqency, since it travels more times in a second than signal with longer wavelength.

Eg:- 6 cycles/sec = 6Hz
Lower freq signals travels farther than higher freq.

RF signals are generated by Transmitter, sent through a cable to an antenna,
where it is radiated in the form of electromagnetic wireless signals.

Impact of obstacle on a signal depends wavelength and also the obstacle.


3) AMPLITUDE

This is the strength of the signal. Level of energy injected into 1 cycle. More energy -> Higher Amplitude
Height or vertical distance between the crest of signal. Y -> Gamma
       
           Active -> Increasing the amplitude
              /
i) Amplification 
   -------------
              \
           Passive -> done by focusing the energy into a single direction by a special antenna

ii) Attenuation --> Decreasing the amplitude
    -----------

Amplitide Modulation (AM) - Amplitude that is modified dynamically by transmitter
Frequncy Modulation (FM) - Modifying  the frequency of signal to encode the information  


4) FREE PATH LOSS
 
Amount of energy is going to decrease as the distance increases for the signal.
Quantity of energy available at each point is going to be less the farther out you get.
This wave propogation attenuation.

The loss of energy is simply due to the distance (since energy is dispersed), and not because of any obstacle blocking the signal.


5) ABSORPTION
   
Absorption is going to take energy from this wave.
Energy is dissipited as heat from the object. Frequency stays same


6) REFLECTION
Wave bounces uniformly out of a regular flat surface, paritally reflect and absorb the signal
Reflection depends on the frequncy and the angle of signal.


7) Multi-Path
   
Multi-path happens when a signal is going to reflect off of surfaces.
So, delayed multiple copies of the same signal is hitting the reciever.
This makes the signal weak.


PART II


1) Scattering
2) Refraction
3) Line of Sight (LOS)
4) Fresnel zone
5) RSSI
6) SNR

1) Scattering
  
Scattering will have an effect on the signal quality, coz the recieved result of the signal is going to be weaker,
coz some of it was send in other directions along the path, and also because of the attenuation.
Caused by :- dust, humidity (water), surface, humans, leaves etc

Its effect depends on frequency.
Two major effects are :-
i) Degradtion of wave strength and quality of the signal
ii) Uneven signal quality


2) Refraction  

Mostly occurs outdoors (not much indoor).
Refraction happens when wave changes direction (from one medium to another).


3) Line of Sight (LOS)
  
A building or wall might cause absorption hence attenuation, that may prevent the comm.
At 6 feet the horizon appears at 10KMs.


4) Fresnel zone  
Augustine Fresnel was a physicist.

60% of the 1st zone of the Fresnel Zone should be interference free (80% recommended).
Mainly for outdoors.


5) RSSI  
Recieved Signal Strength Indicator (Unit -> dBm)

We express RSSI as a relative value determined by the recieving LAN Card.
It is a grade value between 0-255

It is used to compare the signal to itself in different locations.
Typically expressed as a -ve value. The closer to zero, the better.


6) SNR
  
Signal to Noise Ratio.

It tells us how much stronger the signal is than the noise.
The more the better.


* LINK BUDGET  
The accumulation of all of the losses from the sender to the recievers transmitter.
It tells us how much power we need to send for the reciever to interpret it.
Applied only for outdoor networks.

Wednesday, 3 November 2010

5-steps of a Hack !!!

1) Reconnaissance :- The first stage of any attack is “reconnaissance”. It involves information-gathering behaviors that aim to profile the target organization or network for the effective attack tactics This usually includes public data. This is where we are doing our foot-printing, so that we can identify, what the network looks like, what the organization looks like, where we can identify potential vulnerabilities. It all starts with Passive Reconnaissance.
    - Passive :- It can simply be browsing the web, collecting information, try directory browsing.
    - Active :- This is going to be a major part of this phase, where we use network tools, identify weakness in the company.

2. Vulnerability/Scanning :- Network scanning is a procedure for identifying active hosts on a network, either for the purpose of attacking them or for network security assessment. In scanning phase we identify the potential weaknesses like open ports, using scanning tools such as NMAP.

3. Penetration / Gaining Access :- For example if the connection is not secure, anyone can use a packet sniffer and snatch passwords right off the air.

4. Maintaining Access :- Once we gain access, then create another account with domain level account privileges if root is known. Also we can install Trojan horse program or backdoors to maintain access.

5. Covering Tracks :- This is the last & final stage where a hacker covers the track of any records or logs showing his malicious behavior. Because in reality if the IT department found out that a hacker is trying to access their network, they would shutdown the IP address, and try to identify some other things about the attack.

Tuesday, 2 November 2010

Basic Terms

Certified Ethical Hacker or Penetration Tester is someone who uses same hacking techniques to test the security of an organization that an actual hacker would use to be able to compromise it. The difference basically comes down to motive.

       One of the definition of a hacker is, somebody who enjoys learning the details of computer systems and how to stretch out their own capability; as opposed to just generic users, who only want to learn the minimal amount necessary.

Hacker  -  A hacker is a person who modifies something to perform in a way that differs from its original design or intent. That doesn’t always refer just to computer issues, but that’s typically how we think of it today.

Cracker -  A cracker is defiantly someone who is typically viewed as someone who hacks into a computer for offensive purposes. A cracker is still a kind of hacker.

Ethical Hacker - Ethical Hacker is a security professional who uses hacking skills for defensive purposes.

White Hat - An ethical hacker should always be a white hat hacker. This is a hacker with defensive security intentions. In the past ethical hackers were referred to as white hat hackers.

Black Hat - Black Hat Hacker is a hacker with malicious or destructive intentions, somewhat synonym with a cracker.

Grey Hat – It is a combination between a white hat and a black hat hacker. Typically a grey hat hacker is a person who alternates roles as a white hat or black hat hacker. I really think most white hat or ethical hackers are really grey hat hackers.

Script Kiddy - This is somebody who uses hacker’s tools indiscriminately or unskillfully, and they never come up with anything original. They just take a bunch of tools and keep launching them against a target, because they don’t really know what else to do.
                          Regarded as a highly insulting term.

Hacktivism - For example: A Hacktivist will typically deface a website to make their point.

Vulnerability – It is simply a weakness that could lead to compromised security.

Exploit - An exploit is a defined method of hacking a vulnerability, or it’s a proof of concept.

0Day - An unreported exploit. The person who comes up with the exploit first has come up with a 0Day. They are the originator of an exploit against a vulnerability.

*********************************************************************************************************
           Penetrate only what you have permission to penetrate.