IPV4

An IP address is a unique number / address used to identify a device on a network. An IP address is made up of 32 binary bits, which is divided into a Network portion and Host portion with the help of a Subnet Mask.

The 32 binary bi
ts are broken into four octets (1 octet = 8 bits). Each octet is converted to decimal and separated by a period (dot). For this reason, an IP address is expressed in dotted decimal format (for example, 192.168.10.12). The value in each octet ranges from 0 to 255 decimal, or 00000000 - 11111111 binary.

Below is how binary octets are converted to decimal: The right most bit, or least significant bit, of an octet holds a value of 20. The bit just to the left of that holds a value of 21. This continues until the left-most bit, or most significant bit, which holds a value of 27. So if all binary bits are a one, the decimal equivalent would be 255 as shown here:
1 1 1 1 1 1 1 1
128 64 32 16 8 4 2 1 = (128+64+32+16+8+4+2+1=255)
And this sample below shows an IP address represented in binary and decimal.
192. 168. 4. 10 (decimal)
11000000.10101000.00000100.00001010 (binary).



"For more information about NetworkzPeritus, you may visit our website at http://www.NetworkzPeritus.com/ & blog at http://networkzperitus.blogspot.in/


Posted by Viviek
Posted by No comments:
Labels: ,

Possibility to hack a website/server

I am gonna discuss about web hack . What it is and what method we use to pawn a website There are hell of method .
I'm gonna explain most common method which are being used by an attacker .

1# Sql Injection 70%
2# Lfi
30% for both
3# RFI
Before I begin I would like to explain some thing which is very important all skilled person know what I'm gonna talk about. ah.. ok its enumeration .

Most of the noob just visit php site and look for fuckin sqli if failed they move back . A good skill person will surely find an other way to pawn it.
For that he/she will dig the information about that target webserver/website. Our target will be abc.com

Step-1# What we need:
This is what we start our journey , visiting out target website to have an idea. We have found get basic info site based on php ok fine. Now what ..?

Bare in mind in this tutorial I am not gonna use any automate tool or any thing it will be fully manual finding.

Step-2# Information Gathering:
What information do we need to gather for attack on our target?? Obviously loophole in a website , try to make your habit to review the website source code.
That will help a lot and make things easier for attack. In my case of abc.com is a wordpress 3.2.1 and full patched . We assume is it on shared hosting.

Step-2.1# Looking for other vuln website on same host:
Now we will look for an other target (vuln website) that hosted on same server where our target is hosted . We will look for I.E SQLi , RFI , LFI these are
most common attacking approach.

Step-2.2# IP information/Reverse Domain Lookup:
We will use nslookup or dig to find out IP address of abc.com .

I.E : nslookup abc.com
Code:
Server:        x.x.x.x
Address:    x.x.x.x#53

Non-authoritative answer:
Name:    abc.com
Address: 1.2.3.4

dig abc.com
Code:
;; ANSWER SECTION:
abc.com.        300    IN    A    1.2.3.4

We are sure that our abc.com is point to 1.2.3.4 , how to get other domain information which are hosted on same server ? There are online tool available for
this purpose following are two websites :

Code:

Why I recommended domaintz.com because it will bring up apropirate results. Ive test abc.com on yougetsingal.com it gave me only 73 but with
domaintz.com gave a perfect one 400 wow .

Step-3# Attacking:
We have found a website vuln to sqli , Im skiping how to sqli work this is behind the scope of this tutz. Hint will be you will have to check those website
for vuln either for sqli , rfi , lfi even some website having default user/pass like . admin:admin or admin:123456 .

Now reset of things you know what to do ;). uploading shell then launching symlink attack to pawn actual target on same host .

The main purpose of this tutz is to think out of the box , think about many possibility to hack a website/server. Hope you enjoy it ;) .
Most Important thing in this tutorial is from Step#2 - 2.2 and review source code of your target that will help you a lot really. Mostly website open to directory triversal or discloser ;)
Hope you enjoy reading this .
======================================================
"For more information about NetworkzPeritus, you may visit our website at http://www.NetworkzPeritus.com/ & blog at http://networkzperitus.blogspot.in/
Posted by Viviek
Posted by No comments:
Labels: ,

Cyber Warriors


For students seeking to become Cyber Warriors, the US government has a sweet deal.

Full tuition, expenses and a stipend will be paid at any of dozens of universities for students to get specialized cyber security training, in exchange for an equal number of years working for a federal agency.

The CyberCorps programme launched in 2000 highlights how desperate the US government is to get people with the special skills to keep computer networks secure.

Backers of the programme say it is having a modest impact in meeting the country's growing cyber security needs.

"We have a large number of people who are students of cyber security, report writers, analysts," Alan Paller, research director at the SANS Institute and head of a task force advising the Department of Homeland Security on cyber skills.

The programme funded through the National Science Foundation currently provides graduates around 150 students each year. But that is small compared with China which trains "a thousand times more" people, according to Piotrowski.

It is difficult to find people with science and technology background, but cyber security adds more requirements -- those working for US government agencies must be US citizens, without any criminal records.

Piotrowski said each year some 40 to 60 federal agencies compete for about 150 graduates, virtually ensuring a job for each.

"I can't think of any other profession which attracts so many agencies," he said.

Highlighting the shortage, Piotrowski said some graduates -- who are required to work in government for the same number of years for which they receive a scholarship -- sometimes get job offers from the private sector which allow them to bypass that requirement by paying back the government.

He said a large number of graduates go to top-secret jobs at places like the National Security Agency, but that all organizations need cyber security, from the Federal Reserve to utility companies.

The programme offers aid similar to that of Reserve Officer Training Corps, which offers student aid for those going into the military.

Andreae Pohlman, a recent graduate of the programme at George Washington University who is set to begin a government job, said the training included real-life attack and defense simulations which included some surprises.

Mischel Kwon, another George Washington cyber security graduate who went on to head the US Computer Emergency Readiness Team before starting her own consulting firm, said awareness is a major issue.

"A lot of the problem is understanding we have a problem," she said.

"The workforce needs to grow and I think CyberCorps is a great way of doing that. We need to educate executives and company boards and help heads of agencies understand this is a priority that needs to be funded."

Patrick Kelly graduated from the GWU program and now teaches there in addition to his work at a federal agency.

Kelly said he tries to get students to learn about a range of possible threats like "phishing" e-mails, physical attacks and data thefts from portable thumb drives.

But he said the bad guys are constantly changing tactics.

"It's getting more severe," he said. "There is now an ability to automate attacks. The number of attacks and successful ones are going up exponentially, you're always playing catch-up."

Paller said there is a growing concern that "the next war will be in cyberspace" and that the US is ill prepared.


"For more information about NetworkzPeritus, you may visit our website at http://www.NetworkzPeritus.com/ & blog at http://networkzperitus.blogspot.in/

Posted by Viviek

www.NetworkzPeritus.com
Posted by No comments:
Labels: ,

SQLi attacks prevention







Idea about SQLi attacks & how to prevent



SQL injection is the technique to bypass the security of website.
Its very common vulnerability found in websites, SQL injection
vulnerability caused due to poor coding of the developers.
With the SQLi loophole an attacker can easily hack your site that will lead to data loss or many other social issues.

Now we are going to develop a simple login system where PHP is used
for database connectivity and server side processing and MySQL is used
as database storage.
======================================================
PHP CODE

<title>
SQLi – Attacks
</title>
<from action="”verify.php”" method="”POST”"></from>
Username :<input type="”text”" name="”user”"></input>
Password :<input type="”password”" name="pass”"></input>
<input type="“submit”" value="”Login”"></input>
======================================================
//Now verify.php for verifying the login by user

PHP CODE

/// For Database Connectivity ///
$count = 0;
$host=”localhost”;               //Host name
$username=”root”;              //Mysql usermane
$passqord=””;                                   //Mysql password
$db_name=”SQL”;   //Database name
$tbl_name=”user”;   //Table name
// connect to server and select database.
Mysql_connect(“$host”, “$username”, “$password”)or die(“cannot connect”);
Mysql_select_db(“$db_name”)or die(“cannot select DB”);
======================================================
//checking login essentials
$user =$_POST[‘user’];
$pass =$_POST[‘pass’];
$sql=”SELECT *FROM $tbl_name WHERE usern=’$user’ AND pass=’$pass””;
$result=mysql_query($sql);
$count=mysql_nu,_rows($result);
If($count) {
Echo “
Welcome Usser
”;
}
Else
{
Echo “Bed Username or Password”;
}

?>

In the above code, we used the query
“SELSCT *FROME $tbl_name WHERE usern=’$user’ AND pass=’$pass’”;

An attacker can easily bypass this by making the whole expression
true. It can be done, if the user passes the value 1’ or’1’=’1 in
username and password. Then the above expression becomes like this :
“SELECT *FROM $tbl_name WHERE usern=’$user’ AND pass=’$pass’”;
Now the value of user and password is 1’ or’1’=’1.
“SELECT *FROM $tbl_name WHERE usern=’1’ or’1’=’1’ AND pass=’1’ or’1’=’1’”;
Now the whole expression become TRUE you can try it yourself.
======================================================
SQLi Prevention:-

Now to avoid SQL injection we well escape the data before passing it
to the MySQL query string. In PHP, we take the help of the function
mysql_real_escape_string();, which escapes the string. It will convert
‘into \’by escaping it.
Now I am going to writing secure code.

PHP CODE

/// FOR Database connectivity ///
$count =0;
$host=”localhost”;               //Host name
$username=”root”;              //Mysql username
$password=””;                                  //Mysql password
$db_name=”SQLi”;              //Database name
$tbl_name=”user”;               //Table name

// Connect to server and select database.
mysql_connect(“$host”,”$username”, “$password”)or die(“cannot connect”);
mysql_select_db(“$db_name”)or die(“cannot selectDB”);
// Checking login essentials
$user =mysql_real_escape_string($_POST[‘user]);
$pass =mysql_real_escapr_string($_POST[‘pass’]);
$sql=”SELSCT * FROM $tbl_name WHERE usern=’$user’ AND pass=’$pass’”;
$result=mysql_query($sql);
$count=mysql_num_rows($result);
If($ccount){
Echo “
Welcome User
”;
}
Else
{
Echo ‘Bed Username or Password”;
}

?>
This code is more secure than the previous one. It can be made more securing by considering Brute Force prevention,
 Now we have the knowledge of SQLi attack and its prevention, and we are able to write more secure code
======================================================

"For more information about NetworkzPeritus, you may visit our website at http://www.NetworkzPeritus.com/ & blog at http://networkzperitus.blogspot.in/

Posted by Viviek
Posted by No comments:
Labels: ,

RIPv2

RIPv2 is a classless, distance vector routing protocol as defined in RFC 1723. Because RIPv2 is a classless routing protocol, which means, it includes the subnet mask with the network addresses in the routing updates. As with other classless routing protocols, RIPv2 supports CIDR super-nets, VLSM and discontiguous networks.

Due to the deficiencies of RIPv1, RIP version 2 (RIPv2) was developed sometime in 1993. It’s equipped with the ability to support subnet information and supports Classless Inter-Domain Routing (CIDR). A router that receives routing updates from multiple routers advertising the same classful summary route cannot determine which subnets belong to which summary route. This inability leads to unexpected results including misrouted packets.

However, with RIPv2 automatic summarization can be disabled with the no auto-summary command. Automatic summarization must be disabled to support discontiguous networks.

RIPv2 still maintains the hop count limit of 15 and incorporated a password authentication mechanism. However, passwords were transmitted in clear-text format, which were found insufficient for secure communications on the Internet.

The default version of RIP is version 1. The command version 2 is used to modify RIPv1 to RIPv2.

Use The show ip protocols command to view that RIP is now sending and receiving version 2 updates and whether or not automatic summarization is in effect.

RIPv2 is actually an enhancement of RIPv1's features and extensions rather than an entirely new protocol. Some of these enhanced features include:

  • Next-hop addresses included in the routing updates
  • Use of multicast addresses in sending updates
  • Authentication option available
Like RIPv1, RIPv2 is a distance vector routing protocol. Both versions of RIP share the following features and limitations:
Use of hold down and other timers to help prevent routing loops.
  • Use of split horizon or split horizon with poison reverse to also help prevent routing loops.
  • Use of hold down and other timers to help prevent routing loops.
  • Use of triggered updates when there is a change in the topology for faster convergence.
  • Maximum hop count limit of 15 hops, with the hop count of 16 signifying an unreachable network.

For more information about NetworkzPeritus, you may visit our website at http://www.NetworkzPeritus.com/ & blog at http://networkzperitus.blogspot.com/

Posted by Shubham,Shushant & Viviek
Posted by No comments:
Labels: , ,

10 hot IT skills for 2013

Wonder what are the IT skills that will help IT professionals sail through the current tough job market? Skills that will help IT pros stay relevant as the business needs of their organization change. A survey conducted shows the following results:

 Networking
19% of the IT recruiters will look for experienced professionals with networking capabilities. Though the demand for networking personnel has declined by 50% over the past three years, the pro
spects for such professionals are still good for coming times.

Help Desk/Technical Support
35% of IT recruiters surveyed by Computerworld said that they will hire IT help desk professionals within the next one year. Such companies' focus is to not only develop modern systems and solutions but also to help end users to access them easily, hence the emphasis on the technical support skills.

Security
IT security also seems to be high on IT companies' agenda as 27% responded that they were on the lookout for professionals with skills for safeguarding systems and data. Therefore, it's time that candidates in IT security industry brush up their knowledge on deploying firewalls, threat detection tools, encryption technology and other security systems.

Virtualization
24% IT companies that Computerworld surveyed plan to hire professionals with virtualization skills in 2013. However, their biggest issue was that they usually find inexperienced candidates with half-baked virtualization skills.

Programming and Application Development
According to the survey, 60% of the respondents wanted to hire employees with programming and application development skills by next year. Those who have experience in Java, J2EE and .Net are at an advantage as these skills will be heavily demanded by companies in the coming time.

Project Management
Project management will be in huge demand next year as 40% of the companies questioned in the survey said that they will recruit project managers in the next 12 months. The rising demand for candidates with this profile is due to the jump in the number of as well as increase in the complexity of such projects as applications are now more connected.

Business Intelligence/Analytics
Big data is a major concern for IT firms, which is why many companies are looking for business analytics professionals. In the Computerworld survey, 26% of the respondents stated that they will hire business intelligence/analytics professionals in 2013.
Recruiters will keep in mind technical know-how, business knowledge and strong statistical and mathematical backgrounds while hiring personnel for this domain.

Cloud/SaaS
25% of the IT companies interviewed by Computerworld said that they will hire employees who are proficient with cloud computing capabilities. cloud services/Software-as-a-Service are set to become the next big thing in the IT world according to research firms like Gartner, and professionals who have the requisite skills will be high in demand next year.

Mobile Applications and Device Management
This is a fairly new job title, but will grow at a rapid pace with the increase in the penetration of mobile devices in the life of consumers. 19% IT companies are looking such professionals, who will be responsible for handling the increase growth in mobile apps on various consumer devices.

Data Center
Data center professionals are still in demand as their skills are essential to server management. 16% of the companies surveyed by Computerworld will hire personnel with data center management and data back-up capabilities.


For Further Details Contact:
shubham@networkzperitus.com

For more information about NetworkzPeritus, you may visit our website at http://www.NetworkzPeritus.com/ & blog at http://networkzperitus.blogspot.com/

Posted by Shubham
www.NetworkzPeritus.com


Posted by No comments:
Labels: , , ,

NetworkzPeritus' photostream

Posted by No comments:
Labels:

How to Hack Website


Here I am going to share some real hacking techniques, using which one can hack any server or website.

This post is for educational purpose only.

The best vulnerability scanner software and assessment tool: Nessus & Exploitation Tool: Metasploit Framework

Used Tools are freely available on internet:Tool

  • 1. NESSUS
  • 2. OpenVAS Server
  • 3. OpenVAS Client
  • 4. Nmap
  • 5. Nikto
  • 6. SQLMap
  • 7. Metasploit

Steps need to be followed to hack a server is as cited below:

 1. Fist port scanning, Scan target server open ports with N-Map or Angry-IP

2. Second step is Service enumeration. Here you have to use N-Map to determine what services are open and available.
To know how to perform Enumeration and foot printing attack, please Google it :)

3. The third step is Scanning target to find the vulnerabilities. For this you have to use NESSUS or OPEN VAS. These tools will scan all open ports, regardless of common and defaulted settings. This will confirm listening services and check those against a database of exploitable services. To see if you are running any services that are mis-configured or vulnerable to exploits.

Note:If you want to working of NESSUS...OR How to use NESSUS video tutorials available on YouTube.com

4. You can also use Nikto. It will used to check the web server(s) for mis-configurations and exploitable web applications.

5. After all these scanning, play with SQL. Use Sqlmap for this. You can also use few more SQL tools, softwares and techniques.

6. The next step is to get access on system using the vulnerabilities found. Gaining Access on remote system. This you can achieve using Metasploit software. To know how to use metasploit search in http://www.securitytube.net

7. The next step is to maintain you access on the compromised system.
Upload shell like c99,b374k,r57_kartal or upload any backdoors like sshdoor and also any perl,python backdoors.

8. Now you are able to anything like deface or root server (rooting server pritty much interesting but for that need good command in Linux)

10. After uploading shell check kernel version with this command "uname -a" it show like this "Linux shell99 2.6.35-28-generic #50-Ubuntu SMP Fri Mar 18 19:00:26 UTC 2011 i686 GNU/Linux"

11. Now u have kernel version now search Local kernel exploit and upload into server and run (exploit upload in Temp folder coz temp folder always writable) don't forget to change the permission of the exploit to using this command "chmod 777"

12. Run exploit and you will get root, check with this command "whoami"

9. THIS IS THE MOST IMPORTANT STEP Covering Tracks. After you activities, you must remove all your track records....;)
Remove all Log files using Log Cleaner

Posted by Viviek
www.NetworkzPeritus.com

Posted by No comments:
Labels: , ,
Subscribe to: Posts (Atom)