Intro
It all begins with tunnneling. I admit the first time i enter my local campus i was amazed with the infratstructure of the network architecture inside it. I've heard rumours since i was a kid this is the place where you can dug the most secret of the NET without any restriction.
However as times change, admins begin to take more proactive action by filtering sites, check ip logging status and etcx3 thus making your life a little bit challenging. But thanks to that my knowledge about network have evolved respectively to the next level.
What is tunneling anyway?
Believe it or not, most of the internet connection inside univeristies, officess and large company is using a single transparent proxy. And this proxy can be setup mostly using SQUID (well afaik this is the best web proxy . Now supposely your transparent proxy only allowed connection inbound/outbount at port 443 and 80 only. to make it worst it will check each packet header so that only certain type of files is allowed to go inside/outside the NET.
This sucks a lot. True their intention is good but entirely wrong.
For e;g YOu >>>>> Transparent_Proxy_Server >>>>> Internet ..
So there are two methods on how you can bypass certain restriction . Either by bruteforcing access to the proxy server or follow the flow of networks (i prefer the second choice).
Introduction to SSH
Instead of relying on a full force of VPN. we can simply use SSH to forward all out connection into an encrypted packet. (client and server) This is useful when you are in a situation i mention above. By default a ssh server will bind it's listening port on Port 22. However you change the binding port to port 443 .
The network flow now will change like this.
You >>> Establish SSH Connection>>> Transparent Proxy >>>>> SSH Server >>Proxy>>Internet
or
You >>> Establish SSH COnnection (SSH client) >> Transparent Proxy >>> SSH Server/Secure Proxy>> Internet
Pretty cool isn't it?
This is the famous free port forwarding method widely used among those who got restrictive firewall rules but wish to follow the flow of the Internet.
Most of the guide can be google around i'm just here to talk randomly..
So is SSH is the only method of tunneling ?
Nope hence there's a lot more. Recently it is discovered that Javascript can also be used to establish a tunneling connection. Hence SSH is just one method. HTTP_Tunnel , ICMP Tunnel , Java Tunneling . Obfuscation Tor Tunneling and million of methods waiting to be discovered out there :)
Which is the best? Of course a full fledge VPN ..
Friday, September 28, 2007
Saturday, September 22, 2007
Chapter 4: Where to get information
Classical method of gathering information is by asking . There`s a bit risk on it as asking requires connection between one or two persons. It require trust and handshake (This sounds a lot like socsks programming).
So in the modern days day where telephone sucks, your water bill (even though God creates water people charged it anyway), inflation arise, groceries price increase, yet information can be retrieved easily in a nick of an eye :)
Huh? Really so what's the trick in it? Can i just simple learn everything? IMHO yeah there is so much stuff on the net but as your head is kinda thick it won't make much difference
So what's the best source of all sources?
No.1 Google
Google have been with us since the early 90s till now and still the most reliable search engine in the world. The pageranking system is simply remarkable. The arts of manipluating the queries send to google is often called google hacks or dorkds (it doesn`t do any damage to google anyway) just by simply manipulating the query that we send we can get a lots of information . Some classical query which may or not may work are like below
Recently google have evolve where it plans to indexing all the public source code that is available on the net :) it`called Google code search similliar to Koders ,this turn out to be the best thing to filter out million of codes that have bugs and potential exploits (from classic b0f to extra powerful VA defeat).
Common bugs that stated by Dr. Jose Nazario are for example stuff like this:
No.2 Wiki
Wikipedia is without a doubt is a great teacher that simplified complex matter into general information.(Where else can you learn quantum physic easily besides wiki?) I used to see my friends plagiarize most of information from wiki . Too bad the lecturer will saw throught it immediately anway . But i`m not talking bout copyright or else. But wiki also can be a good tutor on giving you genereal understanding of something.
For example the classic b0f attack. Let'st face it , most of you noobs don`t have any idea what is written by Aleph One in "Smashing the Stack for Fun and Profit" . But the wiki folks love to spend their time transforming alien term into language human can understand .
Where else can you learn bout japaneses/chineses/muslims/singapore tradition besides wiki.
Besides gathering information. The latest wikimapia (which used the googlemap api anyway) can be used to point out the exact ( or quite close it`s not perfect yet ) location when you are planning something or stalking someone :p
No3. Friendster and Myspace and i insist Myspace
Need i say more? U definitely should create an account and have a peak on it. Besides all those hot chicks faces in there, identity thef, personnel hobbies, interest blax3 u name itr emails... Heaven for identitify thefts.
On the next chapter we are going to focus on what can you do on your faithful x86 box
So in the modern days day where telephone sucks, your water bill (even though God creates water people charged it anyway), inflation arise, groceries price increase, yet information can be retrieved easily in a nick of an eye :)
Huh? Really so what's the trick in it? Can i just simple learn everything? IMHO yeah there is so much stuff on the net but as your head is kinda thick it won't make much difference
So what's the best source of all sources?
No.1 Google
Google have been with us since the early 90s till now and still the most reliable search engine in the world. The pageranking system is simply remarkable. The arts of manipluating the queries send to google is often called google hacks or dorkds (it doesn`t do any damage to google anyway) just by simply manipulating the query that we send we can get a lots of information . Some classical query which may or not may work are like below
- intitle:"Powered by xxx"
- allinurlversion-3.0
Recently google have evolve where it plans to indexing all the public source code that is available on the net :) it`called Google code search similliar to Koders ,this turn out to be the best thing to filter out million of codes that have bugs and potential exploits (from classic b0f to extra powerful VA defeat).
Common bugs that stated by Dr. Jose Nazario are for example stuff like this:
- & vs &&
- if (is_set && process) { ... }
if (flags & FLAG_PROCESS) { ... - flags\ *&&\ *[A-Za-z_]*
- | vs ||
- = vs ==
No.2 Wiki
Wikipedia is without a doubt is a great teacher that simplified complex matter into general information.(Where else can you learn quantum physic easily besides wiki?) I used to see my friends plagiarize most of information from wiki . Too bad the lecturer will saw throught it immediately anway . But i`m not talking bout copyright or else. But wiki also can be a good tutor on giving you genereal understanding of something.
For example the classic b0f attack. Let'st face it , most of you noobs don`t have any idea what is written by Aleph One in "Smashing the Stack for Fun and Profit" . But the wiki folks love to spend their time transforming alien term into language human can understand .
Where else can you learn bout japaneses/chineses/muslims/singapore tradition besides wiki.
Besides gathering information. The latest wikimapia (which used the googlemap api anyway) can be used to point out the exact ( or quite close it`s not perfect yet ) location when you are planning something or stalking someone :p
No3. Friendster and Myspace and i insist Myspace
Need i say more? U definitely should create an account and have a peak on it. Besides all those hot chicks faces in there, identity thef, personnel hobbies, interest blax3 u name itr emails... Heaven for identitify thefts.
On the next chapter we are going to focus on what can you do on your faithful x86 box
Monday, September 17, 2007
Chapter 3: Manipulating human, the art of social engineering
Since the beginning of the era of humankind (When Adam (peace upon him) and Eve was created by God) ,they have been tricked by the devils on eating the forbidden fruits.
The moral that we can learn from this story is, being a human itself is an exploit. We have seen wars, scandals,cons,philosopher,kings,pharaoh have been manipulating the human to submit to their wills. to satisfied their desire and so on so on.
Well we won't get a slave nowdays but still the concept is the same. Humans are prone to be tricked!!! Vast communication such as SMS, Email, Websites can easily be used to conceal one identity. Photoshopping, Money counterfeiting can be used to deceived the eyes of a human (not a machine but probably in the future).
I'm not saying that we should lies towards people. (Lying is bad people really bad) but for gathering information upon someonex2 thus this a skill that most people ofen taken for granted . The social engineering.
The nature of human , if you are ask for a restrictive information they will conceal the information. Why because they didn't know wethere the person who are asking is worth trusting upon him or not. Their gray cells begin to give them warning.
However the scenario change when a con artist decided he just wanted to fill a survey from (for example Bancian Negara) he can easily gain access to restrictive information such as IC Number, Income, Home Address, Real Name, Working places, Emails and the list can go and go on.
An act of charity is noble. However it can be backfired to aids mafia instead of helping the poor . During the Catherina Typhoon we saw massive sites asking for donation? Does it really work? Only God knows best.
So basicly here is my rule of social engineering:
The moral that we can learn from this story is, being a human itself is an exploit. We have seen wars, scandals,cons,philosopher,kings,pharaoh have been manipulating the human to submit to their wills. to satisfied their desire and so on so on.
Well we won't get a slave nowdays but still the concept is the same. Humans are prone to be tricked!!! Vast communication such as SMS, Email, Websites can easily be used to conceal one identity. Photoshopping, Money counterfeiting can be used to deceived the eyes of a human (not a machine but probably in the future).
I'm not saying that we should lies towards people. (Lying is bad people really bad) but for gathering information upon someonex2 thus this a skill that most people ofen taken for granted . The social engineering.
The nature of human , if you are ask for a restrictive information they will conceal the information. Why because they didn't know wethere the person who are asking is worth trusting upon him or not. Their gray cells begin to give them warning.
However the scenario change when a con artist decided he just wanted to fill a survey from (for example Bancian Negara) he can easily gain access to restrictive information such as IC Number, Income, Home Address, Real Name, Working places, Emails and the list can go and go on.
An act of charity is noble. However it can be backfired to aids mafia instead of helping the poor . During the Catherina Typhoon we saw massive sites asking for donation? Does it really work? Only God knows best.
So basicly here is my rule of social engineering:
- Never underestimate the mind of humankind. There are full lots of surprise in them.
- If you knew that the person you are asking is more capable then you. Pretend that you are the same level as them. he/she will spill the beans.
- If you knew the person is a trash but he have some valuable infos. Act dumb and he will spill the beans.
- To ask for address of somebody or someone, think youself as a postman (It works all the time on me)
- When being ask about yourself, just say i'm not that good or i knew only a little bit,
- Don't reveal too much on what you know.
- Customer are always right , right? Start complaining even a minor details about something and watch the catalyst.
- Construct yourself 2-3 identities with name cards on it or a a website. Just use the freedomain like co.nr
- Talk when needs otherwise STFU.
- Slow and steady rules. Rushing will get you nowhere.
Chapter 2: Security is a process not a product
Yes as the head of the tile suggested. Security is a process not a product. What does it mean?
Most people think that by having an antivirus in their system, they are secure.
Most people think that by having a firewall in their system, they are are secure.
Newbies to linux/bsd when they start migrating from windows, they think they are secure.
Or some sysadmin may think that by setting up an IDS Snort/tcpdump , they are secure.
Well the statement that i mentione above is correct but not entirely. They forgot the one critical flaw on part of their thinking. Yes that is human and there are is cure for human stupidity. (Well forgive me if you are a 180 IQ level or something but this is a fact)
I can twisted the fact into something like this: -
Most people have antivirus, but they are usually cracked up or have weak heuaristical analysis.
Most people have firewall but don't have the basis on how firewall actually work.
Yeah using linux/bsd is secure unless you make it insecure by your own stupidity (eg username root; pwd toor)
So people you must understand that security is not a product but the process of securing a system. If somehow you do not find a flaw in your process of securing. Don' be happy, but sit down and dream if you can't find one it's possible for others to notice and use the exploit silently. So in arts of security , two heads are better then one, hence that's y security teams are created :)
Most people think that by having an antivirus in their system, they are secure.
Most people think that by having a firewall in their system, they are are secure.
Newbies to linux/bsd when they start migrating from windows, they think they are secure.
Or some sysadmin may think that by setting up an IDS Snort/tcpdump , they are secure.
Well the statement that i mentione above is correct but not entirely. They forgot the one critical flaw on part of their thinking. Yes that is human and there are is cure for human stupidity. (Well forgive me if you are a 180 IQ level or something but this is a fact)
I can twisted the fact into something like this: -
Most people have antivirus, but they are usually cracked up or have weak heuaristical analysis.
Most people have firewall but don't have the basis on how firewall actually work.
Yeah using linux/bsd is secure unless you make it insecure by your own stupidity (eg username root; pwd toor)
So people you must understand that security is not a product but the process of securing a system. If somehow you do not find a flaw in your process of securing. Don' be happy, but sit down and dream if you can't find one it's possible for others to notice and use the exploit silently. So in arts of security , two heads are better then one, hence that's y security teams are created :)
Chapter 1: Accept the Fact that you sucks!!!
Finally i got the guts out of myself to try and gamble myself on creating a so call my hacking/security blog. I admit i know that my hacking skill is really not on par with other well known hacker in Malaysia. But hey everyone is a n00b in the first place. (Well it depends on various factor).
The reason i start this out is because the lore of computing that i have witnessed inside my campus have decrease rapidly. People doesn' t seem concern much bout what's going in and out inside the computer these days. Thus it creates a sad phenomena where the respect on the lore of computing is lost or tarnished! Some says "this is for the IT/IS " students only.
What the heck? The lore of computing doesn't require you to be part of any courses. Through passion , skills research you can perfrom various task.
Well the first step towards the path of greater lore. Accept the fact that you sucks!!. This is important by accepting this fact, you realize that you need to do something in order no to get yourself in a suckly situation. Hence what you can do? Heh we continue this on the next chapter
The reason i start this out is because the lore of computing that i have witnessed inside my campus have decrease rapidly. People doesn' t seem concern much bout what's going in and out inside the computer these days. Thus it creates a sad phenomena where the respect on the lore of computing is lost or tarnished! Some says "this is for the IT/IS " students only.
What the heck? The lore of computing doesn't require you to be part of any courses. Through passion , skills research you can perfrom various task.
Well the first step towards the path of greater lore. Accept the fact that you sucks!!. This is important by accepting this fact, you realize that you need to do something in order no to get yourself in a suckly situation. Hence what you can do? Heh we continue this on the next chapter
Subscribe to:
Posts (Atom)
