Httprint

So today i'm going to show you how to use httprint tool. based on net-square "httprint is a web server fingerprinting tool. It relies on web server characteristics to accurately identify web servers, despite the fact that they may have been obfuscated by changing the server banner strings, or by plug-ins such as mod_security or servermask. httprint can also be used to detect web enabled devices which do not have a server banner string, such as wireless access points, routers, switches, cable modems, etc. "

in this tutorial i using kalilinux as my virtual machine i operate the httprint using terminal command line. but there is also a GUI version for httprint you can download at this link (http://www.net-square.com/httprint.html)

so lets get started it

first you have to download the httprint because by default kali linux is not provide the httprint tools.

type the following command at terminal "apt-get install httprint"

it would take a couple of minute to install it

okay if you encounter this kind of problem don't be panic you just have to download the "signature.txt"

 go to this link and save at /usr/share/httprint folder just replace the signatures.txt folder

now lets run the httprint scanning

 from this result it say that the web server using Apache and also you can see the rest of the result if you scroll down.

so that's all i can give you today

Have a nice day ^_^

Spoofing and Flooding

So today i'm going to give you a simple tutorial about spoofing and  flooding. why this two method is so important to hacking world ?

let me explain first

spoofing is an act of assuming the identity of some other computer or program so basically you try to be someone else on the network this is why spoofing is important technique use by a hacker to conceal their identity IP address of a trusted computer and hackers can easily gains access to the restricted network and spoofing can take the forms of IP spoofing, email spoofing and network spoofing. but today i only give you how to do ip spoffing using HPING3.

flooding  is form of attacking a network not by infiltrate the network but just try to shut down the network by sending a large packet. why flooding is also important ? one of my lecture said that in internet there are many of website that is try to go increase their value on the net but there are also a competitor who want to go big so how do you get rid of your competitor at the network?

by simply taking them out off from the map

you don't have to actually get into the system, you just have to simply crash the website and it's done! because on the internet if the system is crash for about 5 minutes or 10 minutes there is going to be a lot of major loss and cost to the website.

so lets get started

Spoofing:

i using two Operating system one is for launching the attack (Kali linux) and the other one is for the target (windows xp) make sure you know both of the ip address and set it in one network

type this following command this type of command will random the ip address of the source which is the kali linux with UDP packet (you can also use ICMP packet,TCP packet and etc) and 500 byte data to the target machine. when you enter the command don't be afraid if there are no result at the terminal you can check the on going traffic using wireshark.

from this result we can see that the source have been spoofed this actually not our ip address it has been randomly selected.

move to the Flooding

type the following command

this will flood the target with UDP packet but as usual you can use TCP and ICMP packet also to do flooding . i suggest if you want to do flooding do in virtual machine or your own network.

so that's all i can give you today

Have a nice day ^_^

What is Penetration testing?

Before you go to a hacker world you should know a couple of term that is used in computer security in order to have a decent based knowledge about ethical hacking. In my ethical hacking class at the first day i was introduce with many common terms such as what is penetration testing, vulnerability assessment, black box testing, white box testing and many more.

so today i'm going to give a basic methodology that is in penetration testing. Penetration Testing, sometimes abbreviated as PenTest, is a process that is followed to conduct a hardcore security assessment or audit.

A methodology defines a set of rules, practices, procedures, and methods that are pursued and implemented during the course of any information security audit program

there are 2 types of testing:

Black-box testing
The black-box approach is also known as external testing. While applying this
approach, the security auditor will be assessing the network infrastructure from
a remote location and will not be aware of any internal technologies deployed
by the concerning organization

White-box testing
The white-box approach is also referred to as internal testing. An auditor involved in this kind of penetration testing process should be aware of all the internal and underlying technologies used by the target environment.

There have been various open source methodologies introduced to address security assessment needs. Using these assessment methodologies, one can easily pass the time-critical and challenging task of assessing the system security depending on its

size and complexity. Some of these methodologies focus on the technical aspect of security testing, while others focus on managerial criteria, and very few address both sides. The basic idea behind formalizing these methodologies with your assessment is to execute different types of tests step-by-step in order to judge the security of a system accurately. Therefore, we have introduced four such well-known security assessment methodologies to provide an extended view of assessing the network and application security by highlighting their key features and benefits. These include:
•     Open Source Security Testing Methodology Manual (OSSTMM)
•     Information Systems Security Assessment Framework (ISSAF)
•     Open Web Application Security Project (OWASP) Top Ten
•     Web Application Security Consortium Threat Classification (WASC-TC)

i encourage you to read these methodologies in order to dig deep understanding or security methodology and you can find all of these on the internet

in pentesting there are several steps you have to follow before doing an attacking to a target network.

these include:

Target scoping
Before starting the technical security assessment, it is important to observe and
understand the given scope of the target network environment.

Information gathering
Once the scope has been finalized, it is time to move into the reconnaissance phase.During this phase, a pentester uses a number of publicly available resources to learn more about his target.

Target discovery
This phase mainly deals with identifying the target's network status, operating
system, and its relative network architecture.

Enumerating target
This phase takes all the previous efforts forward and finds the open ports on the
target systems.

Vulnerability mapping
Until the previous phase, we have gathered sufficient information about the target network.It is now time to identify and analyze the vulnerabilities based on the disclosed ports and services.

Social engineering
Practicing the art of deception is considerably important when there is no open gate available for an auditor to enter the target network. Thus, using a human attack vector. actually in this phase it was not necessary to do social engineering

Target exploitation
After carefully examining the discovered vulnerabilities, it is possible to penetrate the target system based on the types of exploits available. Sometimes it may require additional research or modifications to the existing exploit in order to make it work properly

Privilege escalation
Once the target is acquired, the penetration is successful. An auditor can now move freely into the system depending on his access privileges.

Maintaining access
Sometimes an auditor may be asked to retain access to the system for a specified time period. Such activity can be used to demonstrate illegitimate access to the system without hindering the penetration testing process again.

Documentation and reporting
Documenting, reporting, and presenting the vulnerabilities found, verified, and
exploited will conclude our penetration testing methodology.

So this all i can give the information about penetration testing. i reference this information from a book called BackTrack-4-Assuring-Security-by-Penetration-Testing.

Have a lovely day ^_^

Information gathering (ping , arping , fping)

So today i'm gonna give a tutorial about information gathering with these following tools:
-ping
-arping
-fping

Ping:
most all of the computer scientist student about ping total we can use ping as testing to see the reachability of the network. ping command is available to all operating system. open your command prompt (windows) or terminal (linux). Ping operate by using ICMP (internet control message protocol) echo request to the target.

well most of the people only care about about the time, the smaller the time, faster the internet connection. But do you know the rest of the parameter like TTL and icmp_seq?.

according to searchnetworking.techtarget.com TTL is, again, the number of seconds for which cached information can be returned before the Web server is required to check again that it is still "fresh." and did you know from TTL we can determine what kind of OS that is used by the system.

Operating System (OS)	IP Initial TTL	TCP window size
FreeBSD	64	65535
Windows XP	128	65535
Windows 7, Vista and Server 2008	128	8192
Cisco Router (IOS 12.4)	255	4128

(source:www.netresec.com)

for the icmp_seq:
http://www.faqs.org/rfcs/rfc792.html

0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |     Code      |          Checksum             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           Identifier          |        Sequence Number        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Data ...
   +-+-+-+-+-

   IP Fields:

   Addresses

      The address of the source in an echo message will be the
      destination of the echo reply message.  To form an echo reply
      message, the source and destination addresses are simply reversed,
      the type code changed to 0, and the checksum recomputed.

   IP Fields:

   Type

      8 for echo message;

      0 for echo reply message.

   Code

      0

   Checksum

      The checksum is the 16-bit ones's complement of the one's
      complement sum of the ICMP message starting with the ICMP Type.
      For computing the checksum , the checksum field should be zero.
      If the total length is odd, the received data is padded with one
      octet of zeros for computing the checksum.  This checksum may be
      replaced in the future.

   Identifier

      If code = 0, an identifier to aid in matching echos and replies,
      may be zero.

   Sequence Number


      If code = 0, a sequence number to aid in matching echos and
      replies, may be zero.

   Description

      The data received in the echo message must be returned in the echo
      reply message.

      The identifier and sequence number may be used by the echo sender
      to aid in matching the replies with the echo requests.  For
      example, the identifier might be used like a port in TCP or UDP to
      identify a session, and the sequence number might be incremented
      on each echo request sent.  The echoer returns these same values
      in the echo reply.

 Arping:
 
The arping tool is used to ping a destination host in the Local Area Network (LAN) using the ARP (Address Resolution Protocol) request. The arping is useful to test whether a particular IP address is in use in the network. you can use Arping or Arping2.


arping -c 3 -I wlan0 binus.ac.id
ARPING 202.58.182.119 from 192.168.31.68 wlan0
Unicast reply from 202.58.x.x [D4:CA:6D:x:x:x]  1.751ms
Unicast reply from 202.58.x.x [D4:CA:6D:x:x:x]  2.698ms
Unicast reply from 202.58.x.x [D4:CA:6D:x:x:x]  3.316ms
Sent 3 probes (1 broadcast(s))
Received 3 response(s)














this is the result that can show if you do the arping within the Local area network

 

and this is what happen if you arping the target outside the local area network it will not get any response

Fping:

according to fping.org:

fping is a program to send ICMP echo probes to network hosts, similar to ping, but much better performing when pinging multiple hosts.

i will try to check if the target is alive

fping -A binus.ac.id binuscareer.com binus.tv
202.58.x.x is alive
202.58.x.x is alive
202.58.x.x is alive

as you can see i can send icmp packet to a multiple host

and with fping you can ping multiple host in a range of ip address

ex= fping -g 202.58.x.x/24

it means i send icmp packet to the all c block.

so that's all that i can give you if you want to know more about Arping and fping check (  http://fping.org/fping.1.html and http://linux-ip.net/html/tools-arping.html)

Have a lovely day ^_^

SPIDERFOOT

Today i'm going to talk about Spiderfoot, Spiderfoot is one of the tool to information gathering the goal is to automate the process of
gathering intelligence about a given target, which may be an IP address, domain name, hostname or network subnet.. Spiderfoot give a nice representation of user interface and it's easy to operate it. you can install it in linux or windows.

For windows user you just can install the Spiderfoot at this link (http://www.spiderfoot.net/download/)  and extract the zip and run the .exe

for linux you have to operate spiderfoot by command line. you can check the installation at this link (http://www.spiderfoot.net/documentation/)

after you finish install the spiderfoot.Run the spiderfoot and open web browser type at the bar

127.0.0.1:5001

you can change the port to any port

 (figure 1.1)

 

(figure 1.2)

it will look like this if you run the spiderfoot
there are several option in provide by spiderfoot you can change the option as free as you like but in my case i use all module on my spiderfoot scanning

now lets try to run the scanning

 

(figure 1.3)

after you put the domain name and fill the package name and click the scan button it will automatically doing the scanning

it will take sometimes depend how big the connection of the website you try to scan

i stop the search after 15 minutes because it take so much time

This is the result:

 (figure 2.1)

(figure 2.2)

(figure 2.3) 

you may counter some error in the log section but it's okay according the documentation it's probably sql error

(figure 2.4)

(figure 2.5)

 (figure 2.6)

 (figure 2.7)

 (figure 2.8)

(figure 2.9)

sometimes you will ajax error because there are so many data that have been loaded it will slow your browser and give AJAX error

 (figure 2.10)

 this mean that spiderfoot is running and try to collect information that related to information by visiting a related website

if you want know more about spiderfoot module result etc
you can check it at (http://www.spiderfoot.net/documentation/)

so that's all folks if you question or comment feel free to ask my anytime 

have a lovely day ^_^