Python is one of those languages that people either love or hate... wait, thats all programming languages. Anyway, I found this wiki that has some snippets of some pretty useful things to do in Python. Included are howtos on opening and writing to files, both ascii and binary, working with email, xml, web programming, SVN, linux shells, SQLite, and more. Its a pretty handy thing to have around, just in case you ever start a project that requires you do something regarding one of these areas. It may not teach you everything about working with whatever you're looking up but it'd give you a jumpoff point anyway. Plus, its a wiki! If you know of a useful snippet that isn't there, add it!
Alot of buzz has been spewed by Microsoft about how secure they made Vista. With its "Address Space Layout Randomization", which randomly moves a program's stack and libraries in memory, and Data Execution Prevention, Vista was supposed to be the most secure operating system around. While we all know this not to be true, Vista is just as insecure as anything else, only a few major security flaws have been discovered... until now. This one's a doozy.
Mark Dowd of IBM's Internet Security Systems and Alexander Sotirov of VMWare have found a way to completely demolish the relevance of Vista's security features. They have found a method to plant binaries anywhere in the filesystem, with any permissions, and execute them. This, like most attacks these days, is found at the application layer and deals with how Internet Explorer deals with active scripting. Few details have been released at this point, but it is said that the method is simple and reusable.
Dowd and Sotirov were able to load data on the system wherever they wanted and with any permissions they specified via Java applets, and ActiveX and .Net objects, The ramifications of this find is predicted to change the way technologists think about computer and network security. Evidently, this is not only limited to Internet Explorer, but other browsers as well (possibly IE derivatives like Maxthon, not sure about Firefox/Opera). Security and IT personnell should keep their eyes on this story, I have a feeling this will have a long lasting impact on IT policy.
2600 Magazine is the oldest surviving hacker magazine and has spurned local chapters all over the US. These chapters have monthly meetings and some of them even hold conferences. The Nashville chapter is one of these. Every year, the 615 chapter holds the Phreaknic conference in Nashville and the time is nearing for the 2008 conference. Things are still getting setup and not much has been announced. If you would like to speak at the conference, check out the Call for Papers page and submit your work for review.
The con will be October 24th and 25th at the Days Inn Stadium in Nashville. Over 120 rooms have been reserved for the conference and a special rate has been cut for Phreaknic attendees. Its $65 for a room for up to 4 adults. The presentations will be broadcast over the hotel's CCTV system so if you're not able to get to the speaking floor for some reason (hangover), you can just lay in your room and watch.
Not only will there be speakers with interesting views on security, there are also some pretty cool contests and games. Wifirace is a foxhunt with a mobile wifi target around Nashville that you must track down and compromise before your opponents. Oh, and don't forget the G33k Shoot crew which will be bringing their arsenal of weaponry.
So if you're looking for a bitchin con to go to in the Southeastern US, come on down to Nashville, Tennessee at the end of October. This conference should be a blast, and as an added bonus, you can meet me!
One of the most famous hackers of all time, Kevin Mitnick tells us a story of how he and his friend get out of trouble when they got caught sneaking around the central office of a phone company. Great story that lets you in on the personality and demeanor you must keep up when doing social engineering.
You've seen the fancy, expensive drives that feature encryption, ie Ironkey, but what if you don't want to spend exorbitant amounts of money to have some encrypted space on your drive? TrueCrypt is the answer. Truecrypt allows you several options for encrypting a volume or part of a volume and choose from several encryption options.
The flexibility is really nice, you have the option to choose from several encryption types such as AES, Serpent, and Twofish and combinations of the three. You can encrypt the whole drive, a file within the drive, or even implement multiple layers of encryption to create a hidden volume. The GUI interface is intuitive and simple to use and allows you to manage many volumes at once.
This would be an excellent solution for people who carry sensitive data for work but don't want to shell out the big bucks for specialized drives. The only thing to think about is that if you intend on using TrueCrypt to encrypt your entire drive, you'll have to have TrueCrypt on any computer where you may need to access that data (or on another thumbdrive you carry with you). If you're using the Windows version of TrueCrypt you can run the Traveler Disk Setup from the Tools menu which installs TrueCrypt to the root of the thumbdrive so you can access that encrypted partition (file) from any computer without having to install TC to that pc. Unfortunately, this isn't available in the Linux version.
TrueCrypt is an excellent solution for encrypting sensitive data. It works on Windows, Linux, and OSX so you can access your data anywhere and it uses the highest encryption level available to civilians, which is also good enough to encrypt documents labeled Top Secret by the US Government. By the way, the Corsair Flash Voyager USB drive comes with TrueCrypt ready for you to encrypt your data. Not sure if any other drives come with TC, but there are a variety of drives that come with other solutions. If you have any preferences, let us know!
There is a whole realm of hacking that isn't necessarily to do with computers. Hacking is the art of learning how things work and implementing them in new and interesting ways. I've found a website that specializes in this form of hacking. Kipkay Videos features some very interesting articles on how to modify everyday items in order to make them work for you in ways you may not have thought of before.
You can find videos on everything from making your own illumninated keyboard to improving your gas mileage, or even using your phone line to provide power for a lamp during a power outage! Pretty much anyone can take advantage of this form of information. Hacking of this nature can be used by anyone, anywhere without the intense technical knowledge needed by computer hackers.
There are lots and lots of places to find information like this. One of my favorites is Instructables.com. On Instructables, you'll find so many projects your head will swim with ideas. Not only does it provide a great number of things for you to try, but it also can ignite personal inventiveness and inspire you to create your own projects. This form of hacking is very rewarding and very readily available to anyone. You can hack anything, anytime, anywhere as long as you've got a vision of doing so. If you can think of a cool hack, do it and tell us about it. Post it some information about it so we can do it too!
The latest issue of the free pdf-based security magazine publication, (IN)Secure Magazine, has been released. (IN)Secure Magazine is an absolute must read for anyone interested in security as it contains tons of great information and insight that you don't find anywhere else.
Here is what you can find in this latest issue:
- Security standpoint by Sandro Gauci: when best intentions go wrong - Review: Red Condor Hosted Service - Reverse engineering software armoring (part 1) - Security training and awareness: strengthening your weakest link - Hacking Second Life - Building a secure wireless network for under $300 - Assessing risk in VoIP/UC networks - Open redirect vulnerabilities: definition and prevention - Migration from e-mail to web borne threats - Bypassing and enhancing live behavioral protection - Point security solutions are not a 4 letter word - The future of security is information-centric - Corporate due diligence in India: an ICT perspective - E-mail encryption service: a smart choice for SMBs - Securing the enterprise data flow against advanced attacks - How to prevent identity theft - Security flaws identification and technical risk analysis through threat modeling
The venerable authentication auditing app, Cain & Abel has released their latest version with some additional features. As most security professionals know, C&A is an indispensable tool when it comes to auditing network security and now it has even more features.
At first glance, it doesn't look like much is added. That's understandable since it does so much already but if you'll look a little deeper you'll find that the things it does add are very important to auditing modern networks. Some of the new features from the changelog are:
- Added Oracle TNS Password Cracker (Dictionary and Brute-Force Attacks for DES and 3DES hashes). - Added Oracle TNS sniffer filter for DES and 3DES authentications. - Fixed a bug in VNC sniffer filter for new RFB protocol versions. - Fixed a bug with TCP/UDP/ICMP traceroute and Windows raw socket error code 10022. - Fixed a bug in RSA SecurID Calculator for keyfobs with serial numbers of more than 8 digits. - Fixed a bug in Dictionary Attack crackers regarding mixed Hybrid and Case Permutations variants. - Fixed a bug in challenge spoofing and NTLM downgrading when one of the victim hosts is a gateway. - OpenSSL library upgrade to version 0.9.8h.
It has finally arrived! The long awaited version 3 of the most popular and most powerful penetration testing livecd is here! Backtrack 3 takes what you loved about Backtrack 2 and pumps it full of steroids. With a bunch of new tools and a snazzy new bootsplash, Backtrack is back and it's kickin ass! It looks like the Remote-Exploit team has seen the need for more application layer and fuzzing tools and delivered the best of the best tools for web application testing and fuzzing. There are a couple neat new tools you've never seen before and might get you excited to try the new BT.
I will highlight the tools that really stood out to me here but keep in mind that there are plenty more that may be more suitable for the testing you're more accustomed to so don't think this is all the disc has to offer. The first tool I found and played with for a couple hours is metagoofil. metagoofil is a simple little application that lets you utilize google to search domains for several filetypes and automatically download the files it finds. metagoofil can cut information gathering time down to nothing and give you a nice directory full of everything it finds. Very simple concept, but also a tool I bet alot of penetration testers will drool over.
hackomatix is an automated SQL injection tool that you can configure via an ini file. It looks to be very versatile and customizable to whatever db structure you can think of. Very handy tool, but I'll have to test it more to get a real feel for it. Worth a look for anyone that does alot of SQL security testing.
Something new and original in Backtrack 3 is EzPWN. EzPWN is a "Backtrack companion" that allows you to do some common things with minimal effort, such as nmap, amap, unicorn, etc scans, access to Metasploit, and access to common utilities such as XHydra. This is clearly just a jumpoff point to those standard utilities that every pentester uses and while it may not add alot of NEW features, it sure does add some convenience.
Something else I had never seen before is Metasploit's companion webapp (no, not msfweb), FastTrack. FastTrack allows you to quickly run some popular attacks with Metasploit, such as the MSSQL Root SQL Injector, SQL Bruter, Metasploit Mass Client Attacker, Remote Command Shell, and "Metasploit Autopwn Automated" which portscans a target and runs some common exploits against ports it finds open. Given, this won't work on a properly secured host, but pentesters aren't looking for properly secured hosts, now are they?
Something else I should mention, they have 3 distinct versions of Backtrack 3 to download. There's the USB version, which you can either install on a USB drive or burn to a DVD; there's the stripped down version that will fit on a CD; and there's the VMWare image of Backtrack 3 that you can just plug into your VMWare implementation and run with it. Very cool to have these options.
There are lots of interesting tools to play with in BT3. Far too many for me to mention here. Go download it and have fun. Great job, Backtrack team!
There have been tools around for a long time that will allow you to change your mac address. The most famous of which probably being SMAC. Most (if not all) of them are proprietary programs that cost money. If you've ever bought one of these programs, I've got bad news for you, you paid money for a program that changes a single registry entry. That's right, you've been had.
To get technical, the registry entry in question is HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002Be10318\<XXXX>\Ndi\params\NetworkAddress where <XXXX> is the id of the NIC you're working with. If the value of that key is set, Windows will use that value as the MAC address of the NIC, otherwise it uses the hardcoded MAC address on the NIC itself. But that's the hard way of doing it. Now there is a free program that lets you do this and gives you some pretty nice options to tweak it to your liking.
Technitium MAC Address Changer is a free tool that lets you choose from a list of manufacturers' MAC addresses, use a custom MAC, use a random MAC, use a random MAC from a certain vendor, restart the card and apply the changes instantly, save and load presets, and a load of other options. If you need a Windows program to manage your MAC address, and any security professional will need this at some point, TMAC is your best choice.
Now, on to how to do it in Linux. Just open up a terminal and run the following as root:
ifconfig eth0 down ifconfig eth0 hw ether XX:XX:XX:XX:XX:XX ifconfig eth0 up
Where the X's are the hex for the mac address. Of course, if you don't want to change eth0, you can replace that with ethX or athX or whatever your interface is called. Or you can do it the easy way and use a program called macchanger which is readily available in most package management schemes. macchanger's website has some great examples of how to use it.
