Wednesday 20 April 2016
Saturday 16 April 2016
Thursday 14 April 2016
Thursday 7 April 2016
Wednesday 6 April 2016
An insight into The Torrent World
My quick research allowed me to understand the working of Trackers, the prime force in providing us the files we desire to download.
The below Image shows the DHT set of clients in work...
The following notes are compiled into a single file : Torrent-info.pdf
The Below Figure shows the Trackers working...
The below Image shows the DHT set of clients in work...
The following notes are compiled into a single file : Torrent-info.pdf
Saturday 2 April 2016
Thursday 24 March 2016
Top Ten Pentesting Tools
Full Article: Top Ten Pentesting Tools
Credits : Russ McRee and Jonathan Lampe
I am utterly sorry for posting links of the pdf's because of the absence of formatting tools here. Links are perfectly safe as they are directly opened on the Google Storage interface in the browser. You may also wish to save them on your local machines.
Tuesday 22 March 2016
Tuesday 15 March 2016
Intercepting VOIP calls over LAN using Wireshark
1) To understand how and why VOIP calls work, you must first
understand what a codec is and what role does it play in VOIP. Although, this may not be necessary to understand VOIP capture but it gives you insight on the working of VOIP.
As you can see, a CODEC samples audio coming into your audio device and using an algorithm converts into a digital output which can be used up in making audio files(.mp3, .m4a), understandable by the computer.
The same mechanism is followed vice versa while displaying some sound through your headphones or speakers.
2) So, VOIP consists of an RTP protocol which is responsible for carrying the audio stream. The RTP header consists of the appropriate CODEC used by the VOIP calling software but Wireshark uses its default set to analyse the stream without us specifying the CODEC. The RTP protocol is built on the UDP protocol.
3) In the following video, I have explained how to use Wireshark to capture the Audio Stream.
VOIP LAN calling software: http://www.ssuitesoft.com/voippcphonelanchat.htm
As you can see, a CODEC samples audio coming into your audio device and using an algorithm converts into a digital output which can be used up in making audio files(.mp3, .m4a), understandable by the computer.
The same mechanism is followed vice versa while displaying some sound through your headphones or speakers.
2) So, VOIP consists of an RTP protocol which is responsible for carrying the audio stream. The RTP header consists of the appropriate CODEC used by the VOIP calling software but Wireshark uses its default set to analyse the stream without us specifying the CODEC. The RTP protocol is built on the UDP protocol.
3) In the following video, I have explained how to use Wireshark to capture the Audio Stream.
VOIP LAN calling software: http://www.ssuitesoft.com/voippcphonelanchat.htm
Friday 11 March 2016
Exploiting Windows XP using the Java Signed Applet Attack
Java Applets
A Java applet is a small application
which is written in Java and delivered to users in the form of bytecode.
The user launches the Java applet from a web page, and the applet is then
executed within a Java Virtual Machine (JVM) in a process separate
from the web browser
itself. A Java applet can appear in a frame of the web page, a new application
window, Sun's AppletViewer,
or a stand-alone tool for testing applets.
The Applets are used to provide interactive features to web
applications that cannot be provided by HTML alone.They can
capture mouse input
and also have controls like buttons or check boxes.
An untrusted
applet has no access to the local machine and can only access the server it
came from. This makes such an applet much safer to run than a standalone
executable that it could replace. However, a signed applet can have full access
to the machine it is running on if the user agrees.
This attack will create a malicious Java applet hosted on the
attacker's machine within a local copy of a famous website (Gmail, Facebook,
...) and start a listener. Once the victim will connect to us, he/she will bind
to us and a session will be created on the attacker's machine.
Thursday 10 March 2016
Wordpress Scanner (wpscan)
WPScan is a black box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues.
- Introduction
- Prerequisites
- Setting up a local Wordpress website in Windows
- Performing wpscan commands on Kali Linux
1. Basic Scan
2. Enumerating Usernames
3. Enumerating Plugins
4. Enumerating Themes
5. Enumerating Timthumbs
6. Brute Forcing Passwords
. - Commands List
Full Article : WPScan.pdf
Wednesday 9 March 2016
Bastion Hosts
A bastion host is a computer that is fully exposed to attack. The system is on the public side of the DMZ, unprotected by a firewall or filtering router. Frequently the roles of these systems are critical to the network security system.
Full Article : Bastion Hosts.pdf
Wednesday 10 February 2016
Monday 8 February 2016
Friday 5 February 2016
Wednesday 3 February 2016
OWASP ZAP Fuzzing -1 [Multiple Parameters/Payloads + Message Processors]
Fuzzing Multiple Parameters and tagging Custom Response String (using Message Processors) to
associate a successful event --This can be useful to Brute Force
username and password at the login page and use a text from successful
login to tag (Message Processors) the success of right combination of
username and password. This way fuzzing can be stopped at an earlier
stage.
Monday 1 February 2016
Batch Programming DAY !!!
Every morning when I get up, it has become a sort of a habit to type in
all the URL's one by one in my browser, which are about 6-7, to sync up with the world. It's
annoying, especially for a lazy guy like me.
The next thing I did was to Add these websites to my "Suggested Sites" in the New Tab window of Firefox. Still, had to click all of them one by one.
if(work.contains("Hard Work"))
System.out.print("Do something better DORK!!!");
I happened to notice something interesting. It opens the Firefox browser.
Of course I knew this way back! Pfff... Wait..., are you judging me? I had to provide a timeline of events for this blog hadn't I?
Something more interesting. Facebook opens in the browser.
So I decided to make a file in windows that when clicked would open all the domains which I wished to access.
I Fired up notepad ( RIP if flames came to your thought) and saved the file with a bat extension( .bat ).
Yes, you got it right, a Batch file. What is it?
A batch file is an unformatted text file that contains one or more commands and has a .bat or .cmd file name extension. When you type the file name at the command prompt, Cmd.exe runs the commands sequentially as they appear in the file.
I am going to provide a walkthrough of the commands used in the batch file to automate my work. I recommend you to try the following commands if you are not aware of Batch programming.
start firefox.exe
- launches the Firefox browser
start firefox.exe facebook.com
-launches Facebook in Firefox (new window or old one)
set /p input=enter some input here
-Asks for parameter values during execution. The input variable stores your input.
That blue box hurts you isn't it? It makes you feel like a NOOB. Don't worry.
@echo off
set /p input=enter some input here
-It vanishes the above line.
if %input%==check some condition
-to check Single word input
if "%input%"=="check some condition"
-to check Multi word inputs
if %input%==condition (start firefox.exe)
-Make sure not to break the commands within brackets from the if statement. cmd will syntactically disapprove it.
if %input%==condition (start firefox.exe) else ( start chrome.exe)
-if-else ladder. Notice , how i don't break the Else part from the if statement.
All done.
BrowseMe.bat
@echo off
set /p input=Enter 1.Social Sites 2.SANS Newsletter
if %input%==1 (start firefox.exe facebook.com quora.com linkedin.com mail.yahoo.com gmail.com) else (start firefox.exe https://www.sans.org/newsletters/newsbites/ https://www.sans.org/tip-of-the-day)
exit
Cool Lazy Link: BrowseMe.bat
if(work.contains("Hard Work"))
System.out.print("Do something better DORK!!!");
I happened to notice something interesting. It opens the Firefox browser.
Something more interesting. Facebook opens in the browser.
So I decided to make a file in windows that when clicked would open all the domains which I wished to access.
I Fired up notepad ( RIP if flames came to your thought) and saved the file with a bat extension( .bat ).
Yes, you got it right, a Batch file. What is it?
A batch file is an unformatted text file that contains one or more commands and has a .bat or .cmd file name extension. When you type the file name at the command prompt, Cmd.exe runs the commands sequentially as they appear in the file.
I am going to provide a walkthrough of the commands used in the batch file to automate my work. I recommend you to try the following commands if you are not aware of Batch programming.
start firefox.exe
- launches the Firefox browser
start firefox.exe facebook.com
-launches Facebook in Firefox (new window or old one)
set /p input=enter some input here
-Asks for parameter values during execution. The input variable stores your input.
That blue box hurts you isn't it? It makes you feel like a NOOB. Don't worry.
@echo off
set /p input=enter some input here
-It vanishes the above line.
if %input%==check some condition
-to check Single word input
if "%input%"=="check some condition"
-to check Multi word inputs
if %input%==condition (start firefox.exe)
-Make sure not to break the commands within brackets from the if statement. cmd will syntactically disapprove it.
if %input%==condition (start firefox.exe) else ( start chrome.exe)
-if-else ladder. Notice , how i don't break the Else part from the if statement.
All done.
BrowseMe.bat
@echo off
set /p input=Enter 1.Social Sites 2.SANS Newsletter
if %input%==1 (start firefox.exe facebook.com quora.com linkedin.com mail.yahoo.com gmail.com) else (start firefox.exe https://www.sans.org/newsletters/newsbites/ https://www.sans.org/tip-of-the-day)
exit
Cool Lazy Link: BrowseMe.bat
Monday 18 January 2016
Friday 15 January 2016
Thursday 14 January 2016
Tuesday 12 January 2016
Subscribe to:
Posts (Atom)