February 18, 2007 at 9:12 am
· Filed under Pen Testing, Security
Been busy lately, where I am currently performing pen testing for a major company based in India. Under NDAs, I cannot disclose the name of the company.
However, the company has given me permission to incorporate some of the findings into this series: An Introduction to Ethical hacking through the eyes of a pen tester and hopefully helps anyone reading this blog on how to protect and secure a network by understanding how a Hacker operates and understanding their tools and methodologies.
Why would I want to publish such a series of articles; because, I did not want to be part of the problem anymore. The need to know and understand Computer Security has passed the realm of just security professionals. The web is an ugly place out there with hackers and crackers lurking at every corner selling their Trojans and the rest of their goods in the malicious code dept, trying to install Botnets and seeking to profit from your mistakes or rather lack of security awareness.
Every other day, you see articles on the newspaper and on the web on identity theft or credit card numbers being stolen from compromised database servers. The need for security professions who know networks and understand how Hackers operate is growing every day which companies utilizing such security professionals to test and break into their network before the bad guys do and patch up their security infrastructure. It is here that we, the “security tester” or “penetration tester” come in.
So what will you learn in this series on Penetration Testing?
I will try to offer you a structured approach to security and penetration testing. I will also try to explain in-depth some of the tools which hackers typically use. Remember you are trying to be the Ethical hacker and you need to know how to use and implement the tools of the trade.
A network is only as secure as its weakest link. You are trying to discover vulnerabilities within a network and find that weak link before the bad guys.
Disclaimer: You will learn about some tools and methodologies which are not meant to be used for Hacking purposes. Hacking or compromising a computer or a network is illegal in many parts of the world. Please use them to further understand how computer security works. If you are trying to take up the role as a penetration tester for a company, make sure you have a contract signed with the client and what you can and cannot do clearly defined. Also, make sure you read your ISP’s contract and their acceptable use policy defining any scanning software such as port scanners. Anytime you run something that denies a user access to a system or a network resource is illegal.
Permalink
January 29, 2007 at 7:40 pm
· Filed under Do no Evil!, Security, Spam
Spammer Watch : DAY # 1
So, I followed up with our London based Nigerian spammer by emailing him that I am indeed interested in proceeding with this “financial transaction”. I pretend to be a Mr. Brandon Hurley based in the UK. So, here is my first email to Mr. Peter Fischer, our friendly neighbourhood spammer
Spammer Watch : Day # 2
So, within 7 hours, I get an email from Mr.Fischer thanking me for my interest. This is starting to get interesting.
Read the rest of this entry »
Permalink
January 29, 2007 at 1:41 am
· Filed under Security, Spam
Mark Sunner, Chief Security Analyst at MessageLabs was among the many security analysts watching one Trojan called “Spam Thru”, a piece of malware designed to send spam from an infected computer, at the turn of last year. Spam Thru represented an expontential jump in the level of sophistication and complexity of these botnets, harnessing a 70,000 strong peer to peer botnet seeded with the Spam Thru Trojan. Spam Thru is also known by the Aliases Backdoor.Win32.Agent.uu, Spam-DComServ and Troj_Agent.Bor.
Spam Thru was unique because it had its own antivirus engine designed to remove any other malicious programs residing in the same infected host machine so that it can get unlimited access to the machine’s processing power as well as bandwidth. It also had the potential to be 10 times more productive than most other botnets while evading detection because of in-built defences.
The thing that worries Mark Sunner the most is that he suspects the major traffic spike towards the end of 2006 was merely a test run for more if not similarly sophisticated botnets to follow. Sunner adds
” With new levels of sophistication this has reached a real milestone. Botnets are getting smaller, more stealthy and more discreet and yet the volumes of spam are going up. Without a hint of scaremongering, will this get a lot worse throughout 2007 in terms of botnet sending? Absolutely, yes.”
The British IT-Sicherheitsfirma Message Lab registered a dramatic increase in Spam Mail traffic from 64.4% to 72.9% late last year, all attributed to Spam Thru.
Read the rest of this entry »
Permalink
January 28, 2007 at 9:04 pm
· Filed under Security
The most visible form of fee fraud today is the Nigerian Letter or 419 fraud. A typical letter claims to come from a person needing to transfer large sums of money out of the country or from a lottery company. As the Nigerian letter has become well known to potential targets, the gangs operating the scams have developed other variations.
So apparantly, the Nigerian Scammer has shifted base out of Africa and into the Queen’s country, England. Below is a picture of the email.
Related Articles:
Read everything you need to know about the Nigerian Email Scam here in this in-depth article on Crimes of Persuation
Permalink
January 28, 2007 at 6:53 pm
· Filed under Security, Spam
Spamming is the abuse of electronic messaging systems to send unsolicited bulk messages. While the most widely recognized form of spam is email spam, spam in blogs is becomming huge these days along with search engine spam and mobile phone messaging spam.
Spamming is economically viable because advertisers have no operating costs beyond the management of their mailing lists, and it is difficult to hold senders accountable for their mass mailings. Because the barrier to entry is so low, spammers are numerous, and the volume of unsolicited mail has become very high. The costs, such as lost productivity and fraud, are borne by the public and by Internet service providers, which have been forced to add extra capacity to cope with the deluge.
Blog Spam or “blam” for short is spamming on webblogs. This type of spam takes advantage of the open nature of comments in the blogging sftware by placing comments to various blog posts that provided nothing more than a link to the spammer’s commerical web site.
Blogs such as TechCrunch have caught over 1 million spam comments. For most blogs such as this one and AskStudent, the protection from such Blog Spam like TechCrunch is Akismet.
Today, I saw a new method of Blog Spam by these spammers. They are using TinyURL, a very popular web service which provides short aliases to long URLs. TinyURL inspite of its benefits has had to face the criticism that they are opaque, hiding the ultimate destination from a web user. This opaqueness is now being leveraged by spammers, who can use such link in spam and thus bypassing URL blacklists.
UPDATE:
TinyURL has blocked the above site stating that they abused their policy. How does one deal with such spam? Post in comments area.
Related Articles:
1. How to hide your email address from spammers, a thorough guide
2. How a PayPal phishing email looks like and how to detect it
3. Top phishing targets are Ebay and PayPal followed by Banks
4. References: Wikipedia article on spammer
Permalink
January 19, 2007 at 10:02 am
· Filed under Security, Spam
In computing, phishing is a criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an electronic communication. Phishing is typically carried out using email or an instant message, although phone contact has been used as well. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, and technical measures.
The first recorded mention of phishing is on the alt.online-service.america-online Usenet newsgroup on January 2, 1996, although the term may have appeared even earlier in the print edition of the hacker magazine 2600. The term phishing is a variant of fishing, probably influenced by phreaking, and alludes to the use of increasingly sophisticated lures to “fish” for users’ financial information and passwords. The word may also be linked to leetspeak, in which ph is a common substitution for f.
Shown below is a sample email message I received from PayPal
If you dissect this email digging into its header and the content code, you will see two things jump out
Read the rest of this entry »
Permalink
January 18, 2007 at 9:59 am
· Filed under Do no Evil!, Security, Spam
Every IT professional worth his/her salt has their own webpage/blog these days. While you may have people from all over the globe dropping a line at your site, Email harvesters are the most unwanted visitors on any website. These email spambots crawl the web via search engines to find and extract email addresses from webpages. E-mail addresses in your blog or webpage are no secret to spam robots. Here’s a guide that should help you protect your email addresses from these spam spiders. Techniques mentioned use text manipulation, Masking, HTML, Flash, CSS, and JS to hide email addresses.
How email spammers operate? Email addresses always contain an @ symbol. Most spambots do a pattern-search for likely combinations of letters (abc@xyz.com) like billgates@microsoft.com or larrypage@google.org in the HTML source of webpages. Often they just search for the @ character and grab all the letters on each side on the assumption that it’s a valid email address.
How to keep your email address available to humans but invisible to email spiders? There are tons of Email Address Protector software that claim to protect your email address in web pages and get rid of junk mail - Don’t waste your money, they only encode your email or generate a javascript snippet. We will discuss manual email encoding techniques here. If a visitor clicks an encryped email link on your website, it will work as normal, but spam robots will not be able to extract the address from the link. Read the rest of this entry »
Permalink
January 17, 2007 at 9:58 am
· Filed under Security
A root kit is a collection of programs that intruders often install after they have compromised the root account of a system.
These programs will help the intruders clean up their tracks, as well as provide access back into the system.
Root kits will sometimes leave processes running so that the intruder can come back easily and without the system administrator’s knowledge.Solution
chkrootkit V. 0.46a
Nelson Murilo [nelson@pangeia.com.br] (main author)
Klaus Steding-Jessen [jessen@cert.br] (co-author)
This program locally checks for signs of a rootkit.
chkrootkit is available at: http://www.chkrootkit.org/
This tool includes software developed by the DFN-CERT, Univ. of Hamburg (chklastlog and chkwtmp), and small portions of ifconfig developed by Fred N. van Kempen, [waltje@uwalt.nl.mugnet.org].
What’s chkrootkit?
Read the rest of this entry »
Permalink
January 16, 2007 at 9:57 am
· Filed under Security
It’s not an easy task to find a vulnerable service and find an exploit for it. It’s also not easy to defend against users who might want to exploit your system, if you are a system administrator. However, writing an exploit by yourself, to convert a news line from bug tracker into a working lockpick, is much more difficult. This article is not a guide on writing exploits, nor an overview of popular vulnerabilities. This is a step-by-step guide on developing a shellcode, a crucial point of any exploit software. Hopefully, learning how they work will help conscientious and respectable developers and system administrators to understand how malefactors think and to defend their systems against them.
How an Exploit WorksTake any exploit downloaded from the internet that promises you an easy root shell on a remote machine, and examine its source code. Find the most unintelligible piece of the code; it will be there, for sure. Most probably, you will find a several lines of strange and unrelated symbols; something like this:
Read the rest of this entry »
Permalink
January 14, 2007 at 9:55 am
· Filed under Security
In computing, phishing is a criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an electronic communication. Phishing is typically carried out using email or an instant message, although phone contact has been used as well. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, and technical measures.
The first recorded mention of phishing is on the alt.online-service.america-online Usenet newsgroup on January 2, 1996, although the term may have appeared even earlier in the print edition of the hacker magazine 2600. The term phishing is a variant of fishing, probably influenced by phreaking, and alludes to the use of increasingly sophisticated lures to “fish” for users’ financial information and passwords. The word may also be linked to leetspeak, in which ph is a common substitution for f.
Shown below is a sample email message I received from PayPal
If you dissect this email digging into its header and the content code, you will see two things jump out
Read the rest of this entry »
Permalink