KNOX D3: February 2014

A Beginners Guide To Using IPTables

<div dir="ltr" style="text-align: left;" trbidi="on"><div dir="ltr" style="text-align: left;" trbidi="on"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijTJ3Cp3q38pmokVGO5SoGw-FEo0HOihKlFOXhEWy8NwTzPah9p2RFlh-ZXXTb5ao6sDw6K-i2qlKvNgB0R1HAttqgkqivFq8LVTq4HnbxDBOn_SHW1g4qqz_0vwK5jdVG8afmwzkDDw8/s1600/untitled.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="296" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijTJ3Cp3q38pmokVGO5SoGw-FEo0HOihKlFOXhEWy8NwTzPah9p2RFlh-ZXXTb5ao6sDw6K-i2qlKvNgB0R1HAttqgkqivFq8LVTq4HnbxDBOn_SHW1g4qqz_0vwK5jdVG8afmwzkDDw8/s1600/untitled.JPG" width="400" /></a></div><h4 style="text-align: left;">ABSTRACT</h4><span style="color: #666666;">Readers, there are numerous reasons ... It is well known that the Internet is an unmanaged an decentralized network, running under a set of protocols, which are not designed to ensure the integrity and confidentiality of information and access controls.</span><br /><span style="color: #666666;">There are several ways to breach a network, but these ways do nothing more than take advantage of flaws within network protocols and services.</span><br /><br /><a name='more'></a><br /><h4 style="text-align: left;">CONCEPTS</h4>IPTABLES is an editing tool for packet filtering, with it you can analyze the header and make decisions about the destinations of these packets, it is not the only existing solution to control this filtering. We still have the old ipfwadm and ipchains, etc.<br />It is important to note that in Gnu / Linux, packet filtering is built into the kernel. Why not configure your installation in accordance with this article, since most distributions come with it enabled as a module or compiled directly into the kernel.<br /><br /><h4 style="text-align: left;"><span style="color: #6aa84f;">STEP BY STEP</span></h4><br />case "$1" in<br />start)<br /><br /><span style="color: #6aa84f;">Clearing Rules</span><br />iptables -t filter -F<br />iptables -t filter -X<br /><br /><span style="color: #6aa84f;">Tips [ICMP ECHO-REQUEST] messages sent to broadcast or multicast</span><br />echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts<br /><br /><span style="color: #6aa84f;">Protection against ICMP redirect request</span><br />echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects<br /><br /><span style="color: #6aa84f;">Do not send messages, ICMP redirected.</span><br />echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects<br /><br /><span style="color: #6aa84f;">(Ping) ICMP </span><br />iptables -t filter -A INPUT -p icmp -j ACCEPT<br />iptables -t filter -A OUTPUT -p icmp -j ACCEPT<br /><br /><span style="color: #6aa84f;">Packages logs with nonexistent addresses (due to wrong routes) on your network</span><br />echo 1 > /proc/sys/net/ipv4/conf/all/log_martians<br /><br /><span style="color: #6aa84f;">Enabling forwarding packets (required for NAT)</span><br />echo "1" >/proc/sys/net/ipv4/ip_forward<br /><br /><span style="color: #6aa84f;">SSH accepted</span><br />iptables -t filter -A INPUT -p tcp --dport 22 -j ACCEPT<br /><br /><span style="color: #6aa84f;">Do not break established connections</span><br />iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT<br />iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT<br /><br /><span style="color: #6aa84f;">Block all connections by default</span><br />iptables -t filter -P INPUT DROP<br />iptables -t filter -P FORWARD DROP<br />iptables -t filter -P OUTPUT DROP<br /><br /><span style="color: #6aa84f;">IP spoofing protection</span><br />echo "1" > /proc/sys/net/ipv4/conf/default/rp_filter<br />echo - Subindo proteção contra ip spoofing : [OK]<br /><br /><span style="color: #6aa84f;">Disable sending the IPV4</span><br />echo 0 > /proc/sys/net/ipv4/ip_forward<br /><br /><span style="color: #6aa84f;">SYN-Flood Protection</span><br />iptables -N syn-flood<br />iptables -A syn-flood -m limit --limit 10/second --limit-burst 50 -j RETURN<br />iptables -A syn-flood -j LOG --log-prefix "SYN FLOOD: "<br />iptables -A syn-flood -j DROP<br /><br /><span style="color: #6aa84f;"># Loopback</span><br />iptables -t filter -A INPUT -i lo -j ACCEPT<br />iptables -t filter -A OUTPUT -o lo -j ACCEPT<br /><span style="color: #6aa84f;"><br /></span><span style="color: #6aa84f;">Tips connections scans</span><br />iptables -A INPUT -m recent --name scan --update --seconds 600 --rttl --hitcount 3 -j DROP<br />iptables -A INPUT -m recent --name scan --update --seconds 600 --rttl --hitcount 3 -j LOG --log-level info --log-prefix "Scan recent"<br /><br /><span style="color: #6aa84f;">Tips SYN packets invalid</span><br />iptables -A INPUT -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP<br />iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP<br />iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP<br />iptables -A INPUT -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-level info --log-prefix "Packages SYN Detected"<br />iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-level info --log-prefix "Packages SYN Detected"<br />iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-level info --log-prefix "Packages SYN Detected"<br /><span style="color: #6aa84f;"># Tips SYN packets invalid</span><br />iptables -A OUTPUT -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP<br />iptables -A OUTPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP<br />iptables -A OUTPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP<br />iptables -A INPUT -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-level info --log-prefix "Packages SYN Detected"<br />iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-level info --log-prefix "Packages SYN Detected"<br />iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-level info --log-prefix "Packages SYN Detected"<br /><br /><span style="color: #6aa84f;">Certifies that new packets are SYN, otherwise they Tips</span><br />iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP<br /><br /><span style="color: #6aa84f;">Discard packets with fragments of entry. Attack that can cause data loss</span><br />iptables -A INPUT -f -j DROP<br />iptables -A INPUT -f -j LOG --log-level info --log-prefix "Packages fragmented entries"<br /><br /><span style="color: #6aa84f;">Tips malformed XMAS packets</span><br />iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP<br />iptables -A INPUT -p tcp --tcp-flags ALL ALL -j LOG --log-level info --log-prefix "malformed XMAS packets"<br /><br /><span style="color: #6aa84f;">DNS In/Out</span><br />iptables -t filter -A OUTPUT -p tcp --dport 53 -j ACCEPT<br />iptables -t filter -A OUTPUT -p udp --dport 53 -j ACCEPT<br />iptables -t filter -A INPUT -p tcp --dport 53 -j ACCEPT<br />iptables -t filter -A INPUT -p udp --dport 53 -j ACCEPT<br /><br /><span style="color: #6aa84f;">NTP Out</span><br />iptables -t filter -A OUTPUT -p udp --dport 123 -j ACCEPT<br /><br /><span style="color: #6aa84f;">WHOIS Out</span><br />iptables -t filter -A OUTPUT -p tcp --dport 43 -j ACCEPT<br /><br /><span style="color: #6aa84f;">FTP Out</span><br />iptables -t filter -A OUTPUT -p tcp --dport 20:21 -j ACCEPT<br />iptables -t filter -A OUTPUT -p tcp --dport 30000:50000 -j ACCEPT<br /><br /><span style="color: #6aa84f;">FTP In</span><br />iptables -t filter -A INPUT -p tcp --dport 20:21 -j ACCEPT<br />iptables -t filter -A INPUT -p tcp --dport 30000:50000 -j ACCEPT<br />iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT<br /><br /><span style="color: #6aa84f;">HTTP + HTTPS Out</span><br />iptables -t filter -A OUTPUT -p tcp --dport 80 -j ACCEPT<br />iptables -t filter -A OUTPUT -p tcp --dport 443 -j ACCEPT<br /><br /><span style="color: #6aa84f;">HTTP + HTTPS In</span><br />iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT<br />iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT<br /><br /><span style="color: #6aa84f;">Mail SMTP:25</span><br />iptables -t filter -A INPUT -p tcp --dport 25 -j ACCEPT<br />iptables -t filter -A OUTPUT -p tcp --dport 25 -j ACCEPT<br /><br /><span style="color: #6aa84f;">Mail POP3:110</span><br />iptables -t filter -A INPUT -p tcp --dport 110 -j ACCEPT<br />iptables -t filter -A OUTPUT -p tcp --dport 110 -j ACCEPT<br /><br /><span style="color: #6aa84f;">Mail IMAP:143</span><br />iptables -t filter -A INPUT -p tcp --dport 143 -j ACCEPT<br />iptables -t filter -A OUTPUT -p tcp --dport 143 -j ACCEPT<br /><br /><span style="color: #6aa84f;"># Reverse</span><br />iptables -t filter -A INPUT -p tcp --dport 77 -j ACCEPT<br />iptables -t filter -A OUTPUT -p tcp --dport 77 -j ACCEPT<br /><br /><span style="color: #6aa84f;">MSF</span><br />iptables -t filter -A INPUT -p tcp --dport 7337 -j ACCEPT<br />iptables -t filter -A OUTPUT -p tcp --dport 7337 -j ACCEPT<br /><br />#######################################<br /><span style="color: #6aa84f;">WEB Management Firewall</span><br />touch /var/log/firewall<br />chmod +x /var/log/firewall<br />/var/log/firewall -A INPUT -p icmp -m limit --limit 1/s -j LOG --log-level info --log-prefix "ICMP Dropped "<br />/var/log/firewall -A INPUT -p tcp -m limit --limit 1/s -j LOG --log-level info --log-prefix "TCP Dropped "<br />/var/log/firewall -A INPUT -p udp -m limit --limit 1/s -j LOG --log-level info --log-prefix "UDP Dropped "<br />/var/log/firewall -A INPUT -f -m limit --limit 1/s -j LOG --log-level warning --log-prefix "FRAGMENT Dropped "<br />/var/log/firewall -A INPUT -m limit --limit 1/minute --limit-burst 3 -j LOG --log-level DEBUG --log-prefix "IPT INPUT packet died: "<br />/var/log/firewall -A INPUT -m limit --limit 3/minute --limit-burst 3 -j LOG --log-level DEBUG --log-prefix "IPT INPUT packet died: "<br />exit 0<br />;;<br /><br />stop)<br />echo "turning off the firewall "<br />iptables -P INPUT ACCEPT<br />iptables -P OUTPUT ACCEPT<br />iptables -t filter -F<br />exit 0<br />;;<br /><br />restart)<br />/etc/init.d/firewall stop<br />/etc/init.d/firewall start<br />;;<br /><br /><span style="color: #6aa84f;">echo "Use: /etc/init.d/firewall {start|stop|restart}"</span><br />exit 1<br />;;<br />esac<br /><br /><span style="color: #6aa84f;">Logs available:</span> /var/log/firewall<br /><span style="color: #6aa84f;">COMMANDS TO MONITOR LOGS</span><span style="color: lime;">:</span> tail -f /var/log/messages<br /><span style="color: #6aa84f;">Save</span><span style="color: lime;">:</span> /etc/init.d/firewall<br /><br /><h4 style="text-align: left;">CONCLUSION</h4>Gentlemen, I hope to help you in configuring your network security and remind you to choose only the best options available.<br />Allow me to add a few Advantages of using your firewall. Be sure to Block unknown and unauthorized connections. You can specify what types of network protocols and services to be provided and you may control the packets from any untrusted services. Your firewall also allows blocking websites with URL filters, access control, access logs for reports by user, protecting the corporate network through proxies, and Automatic Address Conversion (NAT). Control services that can either be executed or not, on the network allowing for high performance in their duties with easy administration and reliability.<br /><u><br /></u><u>A hug to all who follow RHA and my sweet brother Rafay Baloch.</u></div><h4 style="text-align: left;">ABOUT THE AUTHOR:</h4><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiW20uw8T8ysccUKPby8pUltzOvGP9SFROKU-o2mqHEuxLw9FUwB3OsaAAr535b818hL9f3KxihgWtIlfaPNaruznzRxx3X9NVNlCf8tFj19pIEDs2NMnIO2nT2U4oBsNSY23ZIVvbJfVZo/s200/desouze.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiW20uw8T8ysccUKPby8pUltzOvGP9SFROKU-o2mqHEuxLw9FUwB3OsaAAr535b818hL9f3KxihgWtIlfaPNaruznzRxx3X9NVNlCf8tFj19pIEDs2NMnIO2nT2U4oBsNSY23ZIVvbJfVZo/s200/desouze.jpg" /></a></div><span style="background-color: white; color: #333333; font-family: Verdana; font-size: 12px; line-height: 19.1875px;">This is a guest post written by , </span><b style="background-color: white; color: #333333; font-family: Verdana; font-size: 12px; line-height: 19.1875px;">RAFAEL FONTES SOUZA</b><span style="background-color: white; color: #333333; font-family: Verdana; font-size: 12px; line-height: 19.1875px;">. He is the maintainer of the “</span><b style="background-color: white; color: #333333; font-family: Verdana; font-size: 12px; line-height: 19.1875px;">Project Backtrack Team Brazilian</b><span style="background-color: white; color: #333333; font-family: Verdana; font-size: 12px; line-height: 19.1875px;">”, He works at </span><a href="http://services.rafayhackingarticles.net/" style="background-color: white; color: #666666; font-family: Verdana; font-size: 12px; line-height: 19.1875px; text-decoration: none;" target="_blank">RHAinfosec </a><span style="background-color: white; color: #333333; font-family: Verdana; font-size: 12px; line-height: 19.1875px;">as a senior penetration tester. He is also the Founder of the "Wikileaks and Intelligence, Cypherpunks". Good communication in groups and the general public, attended college projects with a focus on business organization, he currently seeks work experience outside of brazil”. He frequently contributes at RHA and talks about various topics related to internet security. </span> </div>

A Beginners Guide To Using IPTables

ABSTRACT Readers, there are numerous reasons ... It is well known that the Internet is an unmanaged an decentralized network, running under ...

+ Read more »

Certified Penetration Testing Consultant - C)PTC Review

<div dir="ltr" style="text-align: left;" trbidi="on"><html> <div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjO54ROaddAdxrRxtlEl05J4BN-5vaeEzFi0k1eyGHSnQYOX6US64CEPzpHvRq0OW4azMBtcxS-Pg2cGP_pg7BMLsMMVxia75uRgb5gZRGHhnoYh1jKuch_EOhMo1q8VCDkJoG0f5JtoC8/s1600/cptc.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjO54ROaddAdxrRxtlEl05J4BN-5vaeEzFi0k1eyGHSnQYOX6US64CEPzpHvRq0OW4azMBtcxS-Pg2cGP_pg7BMLsMMVxia75uRgb5gZRGHhnoYh1jKuch_EOhMo1q8VCDkJoG0f5JtoC8/s1600/cptc.png" /></a></div>Although most of the attacks have moved towards Web Application, but the most critical information resides upon the network and is not being exposed to the Web application, therefore a lot of the organizations are allocating a certain amount of budget to obtain a better security model. However, now a days network penetration testing is becoming a tedious job due to the fact that organizations are now implementing multiple layers of defenses. In such cases a better strategy and advanced attack strategies are required for conducting a better security assessment.<br /> <br /> Recently, I got a chance to take the C | PTC course which was focused primarily on testing huge network infrastructures. So, therefore I thought to write an unbiased review about the course contents and the examination.<br /> <a name='more'></a><b>CPTC (Certified Penetration Testing Consultant)</b> comes into two flavors, the practical and the theoretical exam. The theoretical exam costs about 300$ and comes in the form of multiple choice questions, whereas the CPTC practical exam costs 600$. The exam would consists of two IP addresses to pentest and 6 hours to exploit them and report the results to pass the examination. At the end of the engagement, you would need to submit full penetration testing report with all your technical findings under 90 days, the report would be evaluated by experts and based upon their decision, you'll be marked with a pass or fail.<br /> <br /> The overall course is based upon Network infrastructure based attacks i.e. mostly related to layer 2, layer 3, Layer 4 attacks. The course included in depth coverage of much less discussed topics such as Vlan hopping at layer 2, routing protocols attacks (OSPF, EIGRP), HSRP, VPN, IPV6 based attacks etc. The course kit ships up with a workbook, a Lab guide and lab access to follow practice the attacks you have learnt through out the course. The course is strongly recommended to any one who is interested in taking their skills to the next level.<br /> <h4> Course Content</h4>The course is divided into 8 different modules and each module comes up with a lab of it's own. So that after each module you would be able to practice the attacks you learned.<br /> <br /> <br /> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgI6aDyy13dY_BzpJgNyozUoEMdnu6EO1R3otJm8j_WsV0tXr2t1yYgjrc8vOFOjGR6x2NUXPaYpSbKq2k5StppAjgSbNiPu-Z2IioGpYUmDM1UmrNuat3NBpbTDlJbUXRLud-ii4wlq8o/s1600/CPTC.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" height="260" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgI6aDyy13dY_BzpJgNyozUoEMdnu6EO1R3otJm8j_WsV0tXr2t1yYgjrc8vOFOjGR6x2NUXPaYpSbKq2k5StppAjgSbNiPu-Z2IioGpYUmDM1UmrNuat3NBpbTDlJbUXRLud-ii4wlq8o/s1600/CPTC.png" width="577" /></a><br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhC_6KOk1pq7AZx1vNPm2JT9Dga7shpwfG4UfbVaetHxgV6xbSTECeWWHGr81o_fbCxmF70vk5vU8SBnbHHX4rMx2-39He7n7gZ01l45xLSdqSiN5fW_xfOZErO-EWGifGKc1rwkozuhRU/s1600/CPTC+LAB2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="394" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhC_6KOk1pq7AZx1vNPm2JT9Dga7shpwfG4UfbVaetHxgV6xbSTECeWWHGr81o_fbCxmF70vk5vU8SBnbHHX4rMx2-39He7n7gZ01l45xLSdqSiN5fW_xfOZErO-EWGifGKc1rwkozuhRU/s1600/CPTC+LAB2.png" width="577" /></a></div><br /> <div class="separator" style="clear: both; text-align: center;"> </div><br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEigHCgaKHLCg0fYBtMEdKTSdLQxIcOKXwEW6DbuMH2q5xaXO0G6SaZDjg5wBhc2c7UNMfsyz7Cdi9pd-9pN4g9Rty7ONO8icBEM6ek2SU1EoSWwYhbD_wpAm7ww6B5K3A8wrgR71gvEU5s/s1600/CPTClab.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="526" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEigHCgaKHLCg0fYBtMEdKTSdLQxIcOKXwEW6DbuMH2q5xaXO0G6SaZDjg5wBhc2c7UNMfsyz7Cdi9pd-9pN4g9Rty7ONO8icBEM6ek2SU1EoSWwYhbD_wpAm7ww6B5K3A8wrgR71gvEU5s/s1600/CPTClab.png" width="577" /></a></div><br /> <br /> According to mile2, the attendees of the course would be able to do the following things:<br /> <br /> <ul style="text-align: left;"><li>Perform a penetration test and submit a deliverable report</li><li>Capture and replay VoIP traffic</li><li>Learning Network Infrastructure advanced Attacks.</li><li>Find and exploit databases with SQL Injection vulnerabilities</li><li>Manipulate prices on e-commerce websites</li><li>Obtain and transfer information via Bluetooth enabled telephones</li><li>Tools and resources for picking simple and complex locks</li><li>Techniques for Wireless Site Surveying and Cracking WEP/WPA key</li><li>Each day ends with a Capture the Flag Competition to ensure that participants retain the daily objectives.</li><li>Additionally, attendees will be qualified to confidently undertake the CPT Consultant practical examination.</li></ul><h4> Pros</h4><ul style="text-align: left;"><li>The course offers wide varieties of topics for advanced penetration testing</li><li>The examination is based upon real world practical challenge.</li><li>Along with pentesting, they also teach you how to write reports, which is something that is often not taught in most of the penetration testing courses.</li><li>The course talks about complex network Infrastructure attacks specifically focused on cisco.</li><li>The cost for the exam and material is pretty reasonable when compared with other certifications such as eccouncil's CEH.</li></ul><h4> Cons</h4><ul style="text-align: left;"><li>Since the CPTE course covers much about webapplication penetration testing, the course being an advanced versions should also had contained a module on "WebApplication" security/pentesting. However, mile2 has specifically designed a course for webapplications known as CSWAE course, which we would review very soon here at RHA.</li><li>The workbook/labguide should be downloadable as the PDF, so that people can study offline.</li></ul><h4> Conclusion</h4>Overall, I found the course pretty fascinating and it's definitely recommended for individuals that want to dive inside the world of network infrastructure attacks and hack on lower layers.<br /> <h4> Questions and Comments</h4>If you have any questions feel free to contact: <b>BillNelson@Mile2.com.</b> Mile2 has been kind enough to offer a special discount rate of 14% specifically for <b>RHA readers</b>.<br /> <br /> <b>Discount Code</b>:<b> <u>BNSpcl14</u></b></div></html></div>

Certified Penetration Testing Consultant - C)PTC Review

Although most of the attacks have moved towards Web Application, but the most critical information resides upon the network and is not be...

+ Read more »

How to install and use Veil-Catapult in backtrack?

<div dir="ltr" style="text-align: left;" trbidi="on"><div style="text-align: left;">Today we are gonna talk about Veil-Catapult.Veil-Catapult is payload delivery for when metasploit’s psexec getting caught by AV.It utilizes Veil-Evasion to generate AV-evading binaries, impacket to upload/host the binaries, and the passing-the-hash toolkit to trigger execution.It officially supported on kali linux only.I`m going to show you how to install Veil-Catapult in backtrack? <br /><br />First if you have not already installed <a href="http://tipstrickshack.blogspot.com/2013/08/bypass-av-using-veil-in-backtrack.html">veil-evasion</a> framework then first install it as mentioned <a href="http://tipstrickshack.blogspot.com/2013/08/bypass-av-using-veil-in-backtrack.html">here</a>.After installing Veil-evasion follow steps. <br /><br />root@bt:~wget https://github.com/Veil-Framework/Veil-Catapult/archive/master.zip <br /><br />root@bt:~unzip master.zip  <br /><br />root@bt:~cd Veil-Catapult-master/ <br /><br />root@bt:~sh setup.sh <br /><br />Now veil-catapult require impacket library & passing the hash toolkit.So setup script try to install PTH suite but we got error.So we have to manually do it. </div><h3 style="text-align: left;">Install passing the hash. </h3><div style="text-align: left;"><br />root@bt:~wget https://passing-the-hash.googlecode.com/files/wmiPTH-1.0-1.deb <br /><br />root@bt:~wget https://passing-the-hash.googlecode.com/files/winexePTH1.1.0-1.deb <br /><br />root@bt:~dpkg -i winexePTH1.1.0-1.deb <br /><br />root@bt:~dpkg -i wmiPTH-1.0-1.deb <br /><br />If you are using other OS then you have to manually build it as mentioned <a href="http://passing-the-hash.blogspot.in/2012/07/building-pth-suite-post-install.html">here</a> . <br /><br />It installed into the /opt/pth/bin folder , we have to move it into /usr/bin. <br /><br />root@bt:~# ln -s /opt/pth/bin/wmis /usr/bin/pth-wmis <br /><br />root@bt:~# ln -s /opt/pth/bin/winexe /usr/bin/pth-winexe <br /><br />root@bt:~# ln -s /opt/pth/bin/wmic /usr/bin/pth-wmic </div><a name='more'></a><h3 style="text-align: left;">Installing impacket library </h3><div style="text-align: left;"><br />root@bt:~# wget http://corelabs.coresecurity.com/index.php?module=Wiki&action=attachment&type=tool&page=Impacket&file=impacket-0.9.11.tar.gz <br /><br />root@bt:~# tar -xvzf impacket-0.9.11.tar.gz  <br /><br />root@bt:~# cd impacket <br /><br />root@bt:~# python setup.py build  <br /><br />I know you have question that we can install it , but when we tried to install , it  installed succesfully ;but some of modules are missing.So we first gonna build it then copy it. Now copy folder impacket from build/lib.linux-i686-2.6/ and paste it into /usr/lib/pymodules/python2.6  <br /><br />Now everything is ready ,we can run it. Before that open /etc/veil/settings.py and checkout all path. <br /><br />root@bt:~/Veil-Catapult-master# python Veil-Catapult.py  <br /><br />Now select number according to your choice & fill out necessary option. </div><h3 style="text-align: left;">Powershell injector </h3><div style="text-align: left;"><br /></div><div style="text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi0BDFHBpObRMq4opQzHFIeOG4vA5vCKKzyZ_gvbTwQ6dAWStCSKsDcehaGuomFCqwFbvrHJdkLVZ6v_GeKSdzz0pLOw-6KXPXTp5QCFos4MU2AYfNFhEhGHPT6afeJ5s1hdyzUcdyyLaeN/s1600/Screenshot-1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="powershell-injector" border="0" height="43" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi0BDFHBpObRMq4opQzHFIeOG4vA5vCKKzyZ_gvbTwQ6dAWStCSKsDcehaGuomFCqwFbvrHJdkLVZ6v_GeKSdzz0pLOw-6KXPXTp5QCFos4MU2AYfNFhEhGHPT6afeJ5s1hdyzUcdyyLaeN/s1600/Screenshot-1.png" title="powershell-injector" width="200" /></a></div><div style="text-align: left;"></div><h3 style="text-align: left;">Barebones python injector </h3><div style="text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQB2EDELvZHiRKe3nc9BrA2zgFffT8AwQ7x6B5nfpXcxInyP9Ot80XlEoXALSd5jluonMM4rcPeVcx-DcR4E0Q7y14ImF9SiCjOli9qTxisDsRDpLQa9pgX4zXegbLWnFZlOP2mxyq6f2R/s1600/Screenshot-2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Barebones-Python-Injection" border="0" height="43" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQB2EDELvZHiRKe3nc9BrA2zgFffT8AwQ7x6B5nfpXcxInyP9Ot80XlEoXALSd5jluonMM4rcPeVcx-DcR4E0Q7y14ImF9SiCjOli9qTxisDsRDpLQa9pgX4zXegbLWnFZlOP2mxyq6f2R/s1600/Screenshot-2.png" title="Barebones-Python-Injection" width="200" /></a></div><h3 class="separator" style="clear: both; text-align: left;">Sethc backdoor</h3><div style="text-align: left;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZC3tosDIr_tc3JRV7zWmWlm99zsvpRpFPkdcmKyYIlAt3KLCoezEyjCFTdhANOli2ePYIYHcFIAfXYJdSk0qpPH0_T_LOB_xv5VgWGziWfWdo5mvIbjNyUfogBXM4OdkYfzEnlWeyL389/s1600/Screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="190" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZC3tosDIr_tc3JRV7zWmWlm99zsvpRpFPkdcmKyYIlAt3KLCoezEyjCFTdhANOli2ePYIYHcFIAfXYJdSk0qpPH0_T_LOB_xv5VgWGziWfWdo5mvIbjNyUfogBXM4OdkYfzEnlWeyL389/s1600/Screenshot.png" width="320" /></a></div><div style="text-align: left;"><br /></div><div style="text-align: left;"><div style="text-align: left;">Reboot, hit Shift key 5 times, SYSTEM shell will pop up. Also there is <a href="http://tipstrickshack.blogspot.com/2013/08/post-exploitation-swaparoo-backdoor.html">script</a> for it in metasploit.Check it out this awesome <a href="http://carnal0wnage.attackresearch.com/2012/04/privilege-escalation-via-sticky-keys.html">blog</a> for more details.<br /><h3 style="text-align: left;">EXE delivery upload  </h3></div></div><div style="text-align: left;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjj-vkoCmHU3efM5JZjKKTIcYP_JgK5cW1nFomDGbnN7LWgj57nRbfIvK27s9FWP7bb6H6-u62cNohb9Iygs83EnEYLQvdVdKo5ZqGpf0QjnjJ6Z9mA3rKL3qk3L2uWOZTTrb6mhM1Hm5B2/s1600/Screenshot-4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="exe-deliver" border="0" height="108" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjj-vkoCmHU3efM5JZjKKTIcYP_JgK5cW1nFomDGbnN7LWgj57nRbfIvK27s9FWP7bb6H6-u62cNohb9Iygs83EnEYLQvdVdKo5ZqGpf0QjnjJ6Z9mA3rKL3qk3L2uWOZTTrb6mhM1Hm5B2/s1600/Screenshot-4.png" title="exe-deliver" width="320" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgy_6sOPz1MzJ-7FldzA1ncj2axmb8UI7wxr6bKgDXk2BdZPU-bWebY9J5IfqATpl8E3aeOAwEIBA5cCVndIQfdzPxa8W5Geb6rVzv-BR-IIVWU-0jFlEzVpl9ruPirX2lNMQpnwMkZMMqT/s1600/Screenshot-6.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="veil-catapult-exe-upload" border="0" height="110" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgy_6sOPz1MzJ-7FldzA1ncj2axmb8UI7wxr6bKgDXk2BdZPU-bWebY9J5IfqATpl8E3aeOAwEIBA5cCVndIQfdzPxa8W5Geb6rVzv-BR-IIVWU-0jFlEzVpl9ruPirX2lNMQpnwMkZMMqT/s1600/Screenshot-6.png" title="veil-catapult-exe-upload" width="320" /></a></div><br />Cleanup resource script is generated , you can use it after your work completed for kill process & remove exe.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQYJ4xpRPcERU19EdEBmIc-o3DpYrJpfaS7XHA0uuC1TB630LvYeDNd0rgvUZGAAwd7crJBjUbF35AGYucdhh2hNJ6_8aAiEKFHjvnB0AQgIRWyDgmfqoUuLIbH_f-fUw3I67mITUeSYkH/s1600/Screenshot-7.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Veil-Catapult-cleanup-script" border="0" height="135" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQYJ4xpRPcERU19EdEBmIc-o3DpYrJpfaS7XHA0uuC1TB630LvYeDNd0rgvUZGAAwd7crJBjUbF35AGYucdhh2hNJ6_8aAiEKFHjvnB0AQgIRWyDgmfqoUuLIbH_f-fUw3I67mITUeSYkH/s1600/Screenshot-7.png" title="Veil-Catapult-cleanup-script" width="200" /></a></div><br />You can also host exe using temporary SMB server.This will load the payload executable into memory without touching disk,  allowing otherwise disk-detectable executable to bypass detection<br /><div style="text-align: left;"><br />Alternatives of Veil-Catapult are <a href="http://www.pentestgeek.com/2013/10/23/smbexec-2-0-released">smbexec</a>  and <a href="http://bernardodamele.blogspot.in/2009/12/keimpx-in-action.html">keimpx</a>. </div></div>

How to install and use Veil-Catapult in backtrack?

Today we are gonna talk about Veil-Catapult.Veil-Catapult is payload delivery for when metasploit’s psexec getting caught by AV.It utilizes ...

+ Read more »

The Hacker's Manifesto

<div dir="ltr" style="text-align: left;" trbidi="on"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhviqYkVy3ZaROKL1do9TdYXdZTvYbCSt_0Tri9NrA9lXU4kGO6otMYGUZciGdk_9WmcwbAinCnmYATVhQfnoNWMivIehxyTjLGm2SAOrtQCATlzZqH0crk-w6OhUepCwkt9EeyQE0Wffk/s1600/8c95bb3eff4d6b49e5782a27f994a7db_large.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhviqYkVy3ZaROKL1do9TdYXdZTvYbCSt_0Tri9NrA9lXU4kGO6otMYGUZciGdk_9WmcwbAinCnmYATVhQfnoNWMivIehxyTjLGm2SAOrtQCATlzZqH0crk-w6OhUepCwkt9EeyQE0Wffk/s1600/8c95bb3eff4d6b49e5782a27f994a7db_large.jpeg" width="577" /></a></div><div class="MsoNormal" style="line-height: 115%; margin-bottom: 10.0pt;"><br /></div><div class="MsoNormal" style="line-height: 115%; margin-bottom: 10.0pt;">Every hacker has his own manifesto, and this is what our team member "<b>Rafael Souza</b>" has sent to us as his manifesto. </div><div class="MsoNormal" style="line-height: 115%; margin-bottom: 10.0pt;">This is my manifest... I dedicated more than half of my life to studying the martial arts, and the study of “Hacking”;these two seemingly unrelated paths, found many common points that I would like to share.</div><div class="MsoNormal" style="line-height: 115%; margin-bottom: 10.0pt;">The first commonality is that normally people today are more interested in products "fast food", something that is fast, easy, with minimal effort and maximum results. Anyone who has really studied and practiced legitimate hacking knows that as in the Martial Arts Hacking is a way of life that never ends!</div><div class="MsoNormal" style="line-height: 115%; margin-bottom: 10.0pt;">You see a simple example of this is to see the hundreds of self-defense academies that teach the individual how to defend against assaults, etc...When in fact they are just creating a false sense of security about the individual and therefore the individual will be more in danger.</div><div class="MsoNormal" style="line-height: 115%; margin-bottom: 10.0pt;"></div><a name='more'></a><br /><div class="MsoNormal" style="line-height: 115%; margin-bottom: 10.0pt;">This also happens in Hacking, there are thousands of books that say: "you’ll be e a hacker soon”, "Learn all the techniques of hackers”, "Maximum Security"... All sharing a minimum of knowledge and common sense, knowing that this is all nonsense!</div><div class="MsoNormal" style="line-height: 115%; margin-bottom: 10.0pt;">Martial arts are part of an ancient culture, a people that has a very rich history. The term Kung Fu was created over 4000 years and at first was not directly linked to the practice of Martial Arts. For KUNG refers to work, effort, dedication, Kung ideogram represents the figure of anAgricola instrument, denoting effort, sweat. The term semiotic FU "Mature Man", was generally associated with her husband, a man of great culture and great influence in society or a great artist of great creativity.</div><div class="MsoNormal" style="line-height: 115%; margin-bottom: 10.0pt;">So Kung Fu was used to refer to a mature man who has achieved a high level of understanding and implementation in a particular area. Within this reasoning, you could have very Kung Fu for math,literature, cuisine...</div><div class="MsoNormal" style="line-height: 115%; margin-bottom: 10.0pt;">The term Kung Fu only began to be associated with Chinese martial arts in the West in the 50's when the famous Bruce Lee came to America and made a completely new method of struggle, and when questioned about what he did he just said“Kung Fu “. He started teaching Dai in the West and westerners began to associate the name “Kung Fu” exclusively with Chinese Martial Arts.</div><div class="MsoNormal" style="line-height: 115%; margin-bottom: 10.0pt;">Centuries later when the monks began to employ the training Kung Fu in the Shaolin Monastery, WuShu(now has another connotation) Stop the violence through self-control, the monks developed the ability to hurt an individual or even kill him, but at the same time developed the self-control (i.e. retain within "themselves”), an ethic that had an emotional balance.</div><div class="MsoNormal" style="line-height: 115%; margin-bottom: 10.0pt;">This same spirit is found in the Hacking in which people develop a series of abilities through intense dedication to the study of Hacking. For hacking practiced in essence develops in the individual focus (large ability of the individual to focus and determined on a problem and stick to it forhours, even days without sleep often ate until finding the solution).</div><div class="MsoNormal" style="line-height: 115%; margin-bottom: 10.0pt;">Creativity: Many mistakenly think that the hacker is just a walking library that has accumulated much knowledge, but the real hacking begins at the starting point at which he learned by going beyond the point you have learned.  </div><div class="MsoNormal" style="line-height: 115%; margin-bottom: 10.0pt;">The ability of abstraction and get rid of all logic.</div><div class="MsoNormal" style="line-height: 115%; margin-bottom: 10.0pt;">The practical importance of these two pathways is essential: movement, action!</div><div class="MsoNormal" style="line-height: 115%; margin-bottom: 10.0pt;">So you are not considered a hacker or legitimate martial artist why not develop your own discipline as mentioned earlier about the emotional control of warrior monks.</div><div class="MsoNormal" style="line-height: 115%; margin-bottom: 10.0pt;">Inside there is a hacking ethic that must be cultivated, i.e.individuals have the ability to be able to do something destructive, but this does not have to be the larger goal. These principles which differentiate a Martial Artist fighter or an athlete.</div><div class="MsoNormal" style="line-height: 115%; margin-bottom: 10.0pt;">Often the goal of the individual is in just winning competitions and win medals, while the Martial Artist focus on increasing levels of skill and self-discipline.</div><div class="MsoNormal" style="line-height: 115%; margin-bottom: 10.0pt;">The same scenario is found in the difference between the hacker and cracker, one aims to achieve excellence of knowledge, the other is only interested in stealing, destroying and perhaps achieve profit. There is a gulf of difference in these ways and I hope that most can see these differences.</div><div class="MsoNormal" style="line-height: 115%; margin-bottom: 10.0pt;">Another aspect that is worth to be mentioned, is about the relationship between man and machine. Or the ancient warriors, like the great samurai for example, had not his sword as a tool but as part of himself, such is the intimacy between a soldier and his gun. The samurai sword was simply an extension of his body, he reached such a high degree that the two were one!</div><div class="MsoNormal" style="line-height: 115%; margin-bottom: 10.0pt;">I think we should have the same aim in hacking similar levels of self-discipline, know the system, the machine thoroughly so that you arrive at the level of running<a href="https://www.blogger.com/blogger.g?blogID=3121270199089759062" name="_GoBack"></a> anything you want, without limitations, and you are part of it!</div><div class="MsoNormal" style="line-height: 115%; margin-bottom: 10.0pt;">Another interesting feature in both paths that must be cultivated is malice: Because my master told me a phrase that I never forgot: "<b>The Martial Artist can be accused of anything, least of naive</b>". With malice does not mean doing something destructive, the individual's ability to see the good and bad of every possible situation.</div><br /><div class="MsoNormal" style="line-height: 115%; margin-bottom: 10.0pt;">Gentleman, I hope this clarifies some text for people who do not yet have a clear view on these paths, and the Martial Artists who see only as troublemakers and violent fighters and Hackers as virtual outcasts.</div></div>

The Hacker's Manifesto

Every hacker has his own manifesto, and this is what our team member " Rafael Souza " has sent to us as his manifesto. This is my...

+ Read more »