Ajit Gaddam: TechNews and Security

This article is part # 4 in this series of penetration and security testing of a corporate network. Previously I talked about some dirty tactics which penetration testers might have to use. I also started this series by talking in general about Penetration and security testing and also some important computer security keywords and terminologies.

In this article, I will introduce you to some well known tools which security analysts use, to know more about the layout of the network they are trying to test and also gather intelligence about that company,  which we will use later on to conduct further tests and poke it for its weak points. The more information we can obtain, the more we can advice our client company of any potential problem areas. This whole process is called footprinting.

Footprinting Definition from Wikipedia)

Footprinting is the technique of gathering information about computer systems and the entities they belong to. This is done by employing various computer security techniques, as Ping Sweeps, TCP Scans, UDP Scans, OS Identification, Network Enumeration, Registrar Queries, Organizational Queries, Domain Queries, Network Queries, POC Queries and DNS Interrogation

When used in the computer security lexicon, “footprinting” generally refers to one of the pre-attack phases; tasks performed prior to doing the actual attack. Some of the tools used for footprinting are samspade, nslookup, traceroute and neotrace.

I will not be revealing what kind of Business my client does, but a lot of corporations out there perform most of their business online, through the web. Each of these companies would have a web site which should be the first place we use to gather intelligence about the company.

==================TOOL # 1: PAROS (http://www.parosproxy.org)

Paros is a Java based HTTP/HTTPS proxy for assessing web application vulnerability. It supports editing/viewing HTTP messages on-the-fly. Other featuers include spiders, client certificate, proxy-chaining, intelligent scanning for XSS and SQL injections etc.

Paros requires that you have Java J2SE installed which you can download from Sun here. Paros is also available in both Unix and Windows platforms. You can download Parox Proxy here.

1. After you download Paros, you need to configure your browser’s Internet options. Set your HTTP proxy and Secure proxy addresses to “localhost” with port “8080″ as shown below

2. Launch Paros. In this example, we will use mit.edu as our target Internet location. Type in http://www.mit.edu. If you go back to Paros, you will see a screen that looks something like this

Read the rest of this entry »

If you are one of those poeple using a Digital camera to capture pictures, when you import your pictures to your computer, chances are that you have a wierd naming scheme such as DSC001021 something etc. Using this tip, you would be able to rename many pictures all at once.

1. Open the folder where you have saved your pictures. Select the batch of pictures you wish to rename. You can select multiple pictures by pressing <Ctrl> key plus the picture. Do not let go of the <Ctrl> key when you select a different picture.
2. Right-click the first picture selected and then click Rename.
3. Rename the first picture to whatever you like (for example, Vint Cerf Google Speaker Series), then click any empty space within the window to deselect the pictures.

Your pictures automatically rename themselves (“Vint Cerf Google Speaker Series (1),” “Vint Cerf Google Speaker Series (2),” etc.). This tip also works to rename any collection of files.

By default, Windows Vista can be installed, used and run without any license, product key or the need of activation for 30 days grace period, for purpose of trial or evaluation. Although Microsoft initially stressed that users should purchase a license with valid product key before the trial period expires, or else Windows Vista will lock into Reduced Functionality Mode. However, a “rearm” method has long since been discovered to be able to extend, or reset the remaining time for activation to another fresh 30 days, for up to 3 times.

To extend, reset or restart the initial OOB grace period of Windows Vista to another 30 days, use the following steps:

You need to run the command prompt under the Administrative mode. You can either use the step outlined below or just type in cmd in the Start Search Box. Once command prompt is displayed in search results, right click and select Run As “Administrator” and then follow from step # 3 otherwise follow from Step #1 as shown below.

Step # 1: Click on Vista Start button and key in Cmd in Start Search box.

Step # 2: Press on Ctrl-Shift-Enter to open Command Prompt with administrative credentials (equivalent to “Run as Administrator”).

Step # 3: In the Command Prompt, type the following command and press Enter when done: slmgr -rearm or you can use sysprep /generalize

Step # 4: Reboot the computer.

Step # 5: Rearm again when the remaining activation grace period timer counts down to 0 days.

Rearm option resets the computer’s activation timer and reinitializes some activation parameters.

via [neowin.net]

I recently lost my Cell phone while travelling abroad. Fortunately for me, I had an brand new cell phone which I got from T-Mobile for free when I renewed my contract with them, a Nokia 6010 hanging around. In most countries, there are pre-paid options for phones where you pay a provider some cash and you get a SIM card which you can plug into your phone and you are all set. However, the Nokia phone I had was locked to T-Mobile and I could not use my SIM card.

This led me to go online and see if there are any methods out there to help me unlock and use my cellphone. Now, there are plently of sites out there which give you the unlock codes for your Nokia Cell phone. However, most of them charge anywhere from $9.99 to $65 to provide you with the unlock codes. Also, some of them only take payment in Euros. So, in this post, I will introduce you to two sites who provide you with unlock codes for your Nokia Cell phone absolutely FREE.

Site # 1: Unlock.it

This site is the most popular free site for unlocking any Nokia based Cell phone and most of the cell phones out there. Some of their other brands for which they provide unlock codes include Siements, LG, NEC, Panasonic, Samsung, Sony Ericsson and Motorola based phones.

The procedure for unlocking your Cell phone is as follows:

1. Start your phone without your new SIM or any SIM card in it

2. Now hit *#06# on your cell phone. When you do it, your IMEI number, a unique global serial number for your cell phone shows up. Your IMEI number should be 15 digits.

3. Now, choose the model of your Cell phone. If you don’t know your cell phone model number, you can always find out by removing the cell/battery of your phone. The model number along with the IMEI of the phone should be present.

4. Now, select the country and the operator the phone is locked to. For example “USA- T-Mobile”

5. You are now given the unlock codes for your cell phone. A lot of people have a problem punching in the alphabet p and w while entering the unlock codes. To enter the codes, here is a visual guide below as well as the step by step procedure
Read the rest of this entry »

Alex over at SkunkLabs profiles an interesting web startup called Senduit.

SendUit seems to be pretty good for sharing files where they have a max restriction of 100MB. The files you upload also expire with time limits ranging from 30 minutes to 1 week.

It took me around 10 seconds to upload a 1MB file. So file transfer speed does not seem to be an issue here.

Link to Senduit, a free file upload and sharing service

WordPress.com recently released the latest and greatest version of WordPress v 2.1. The much maligned Rich Text Editor in WordPress has been significantly upgraded with an easy tab option which allows you to switch between a Visual mode and a much more comfortable Code mode.Wordpress uses TinyMCE for text input.

Now, say you switched over to Code mode and after a while, you realize that you want the Visual Mode. You will notice that you do not have the option to switch between Visual and Code modes anymore.

This might happen if you recently upgraded to a newer version of WordPress. Restoring this option is pretty simple. Go to Users –> Your Profile and select the option “Use the Visual Editor when writing”.

Read the rest of this entry »

The Show Desktop Icon is not a standard program shortcut but a Windows explorer command file written in plain text.If you have accidently deleted the Show Desktop Icons, here are the steps involved to recreate it:Step 1: Open a new notepad file and type the following text:

[Shell]
Command=2
IconFile=explorer.exe,3
[Taskbar]
Command=ToggleDesktop

Step 2: Save this file as “Show Desktop.scf” and remember that when you save the notepad file, keep the filetype under “all files” and not “.txt” type.

Step 3: Use the mouse to drag the Show Desktop.scf icon to the Quick Launch toolbar or another location where you want the shortcut to appear.

Alternatively, you can press the Win+D shortcut key for Show Desktop. It’s much the same as Win+M which will minimize all the open windows to the task bar.

Windows that don’t have a minimize button are minimized using Win+D but not with Win+M. That’s the only difference.

All of us have experienced the tremendous pains of spam. Who can remember the glory days of Hotmail 2MB storage where 85% of the inbox was filled with spam. While this plague is going to exist for some more time, here are a few tips we can take to overcome this issue and prevent spam from hitting your inbox.

» Don’t post your email address on message boards or mailing list.

» Maintain two separate email aliases – one for business and important email and other one for subscribing to mailing lists and web forums (called throw away email)

» Don’t publish your email addres directly on the homepage – use Email Obfuscators.

» Provide a fake email address to websites that require mandatory registration before you download software or read their archives.