https://nets.ec/api.php?action=feedcontributions&user=MaxSchiller&feedformat=atomNetSec - User contributions [en]2024-03-28T12:24:34ZUser contributionsMediaWiki 1.25.1https://nets.ec/index.php?title=User:Hatter/getting_started&diff=9362User:Hatter/getting started2012-10-04T03:11:31Z<p>MaxSchiller: /* Maintaining access */</p>
<hr />
<div>So you're new to offensive security, and one day you want to call yourself a hacker. Understanding the building blocks of a system is the first step towards learning to control it. A solid basis in [[administration]] is needed in order to know how to use a machine. A solid basis in [[programming]] will help you understand what [[information gathering]] leads to successful [[exploitation]] and [[maintaining access]]. While [[countermeasures]] do get in the way, most can be [[IDS evasion|evaded]] or [[filter bypass|bypassed]] with an intermediate knowledge of [[programming]].<br />
<br />
This page will start you off on the right foot, it is meant to be a guide that briefly skims the surface of what hacking is composed of. A talented hacker does their research first so you have already made a good decision in your hacking career! For further inquiries we encourage you to come and talk to us on the [[IRC|Blackhat Academy IRC Network]].<br />
<br />
== [[Administration]] ==<br />
Administration can be broken into a few categories, but for the purposes of this library, administration is divided into system administration, and network administration. <br />
<br />
Mastery of an [[Operating System]] is essential. Most [[server]]s on the internet are powered by [[Linux]]. While difficult, a head-first approach to learning [[Linux]] can be obtained with [[Gentoo Installation]]. We crawl before we learn to walk. Mastery of the basics of file manipulation, diagnostic tools and the like in the Linux environment will make you much more efficient when using Linux to do anything - be it rooting a box or web exploitation - so it is advised that you check out the [[Bash book]], which will familiarize you with the commands that are essential to efficiently using a Linux system.<br />
<br />
Protecting yourself on the Internet is essential, although you have already taken the first step by using a Linux box - especially if you chose to use Gentoo. In order to protect yourself from malicious packets, see the article on [[Iptables]] for filtering incoming packets and dropping those that are potentially malicious in nature. It is also a good idea to check the [[Anonymity]] article for tips on how to keep your identity secret on the Internet - depending on just what you intend to do, these measures can be as simple or as complex as you desire.<br />
<br />
== [[Programming|Code]] == <br />
<br />
[[Programming]] is the next essential skill. While it is possible to perform exploitation on an [[application]] without any knowledge of the language it is written in, understanding of the language allows for a deeper understanding of the way the application you are exploiting handles input and processes data - if you understand what makes it work, you will understand what makes it stop working in the way you want it to. If you want to go "head-first", start with a lower level language like [[assembly]] and move on to [[compiled languages]], finishing with [[interpreted languages]]. If you prefer the easier, or "feet-first" approach, [[interpreted languages]] are the best place to start, then work towards [[assembly]] - perhaps learning one of the [[compiled languages]] in between. <br />
<br />
[[Assembly]] and [[machine code]] are the building blocks of all other [[programming language]]s. Machine code is what most people think of when they refer to "[[binary]] code" (though it is more often represented as hexadecimal opcodes), while assembly is a system of mnemonic words to make machine code easier to work with - for example, "\xcd\x80" comes "int $0x80". <br />
<br />
These languages are the predecessors to the [[C]] language, a mid-level [[compiled language]] which became the cornerstone for nearly all of the modern [[interpreted languages]], including [[PHP]], [[Perl]], [[Python]], and [[Ruby]]. The [[Linux]] operating system is written in [[C]] and [[C++]]. It is advisable to become familiar with C and at least learn enough assembly to understand how your C code is compiling. Learning interpreted languages such as PHP and Perl can also be useful for their flexibility and power.<br />
<br />
When starting out with [[programming]], it is important to avoid the kinds of mistakes that lead to [[vulnerability|vulnerabilities]] in your code - such as [[unsafe string replacement]] and other [[Design Flaws|design flaws]]. Not only does learning about these vulnerabilities prevent your own code from being [[exploitation|exploited]], but the better you understand the potential pitfalls of a language, the better you can exploit those same pitfalls.<br />
<br />
The biggest priority to the aspiring hacker and beginning programmer is to just start programming. Practice makes perfect and the sooner you start, the faster you will become a competent coder. Thankfully, it is an amazing time for people new to programming as there are now many resources for learning how to code. A good place to check out is [http://www.codecademy.com Codecademy] due to the fact that it is very beginner friendly and will get you on the road to learning essential tools in your hacking career like [[JavaScript]] and [[Python]].<br />
<br />
=== [[Programming|Programming Style]] ===<br />
<br />
A critical strategy to keep in mind is the practice of keeping your code organized and to follow the standards put forth by coders who came before you. This is known as [[programming]] style and can spell the difference between a good hacker and an amazing hacker. <br />
<br />
The vast majority of [[programming language]]s offer the ability to comment your code by using special syntax. It is important that you use comments to document your code, it's useful to think "If I returned to this code in 20 years to improve it, would I be able to tell what it was doing?". <br />
<br />
Variables are something that you will deal with constantly in your programming activities, these are names given to some piece of data and like the name implies can vary during the life of your program. Good programming style incorporates useful variable names. In other words, if you had a program that took input from a user then changed the first letter of their name it would be bad style to name that variable "apple" as opposed to "userInput". Something to strive for is code that is self-documenting, the organization and variable naming being so good that it requires few comments to explain it's execution. <br />
<br />
A major benefit of keeping good programming style is that the clear organization of your program will aid in spotting errors at a much faster rate than someone who was careless in crafting their program (resulting in the dreaded "spaghetti code"). Not only does it help in [[debugging]] but, it will also make it easier to update your code to patch any [[exploitation|exploits]]/[[vulnerability|vulnerabilities]]. There exist many other minute programming styles which are specific to the language you are learning (in [https://www.java.com/en/download/faq/whatis_java.xml Java] it is customary to use camelCase to name variables while in [[Python]] you will see variables written as name_of_var) so it is recommended that you talk with the community in order to discover best practices.<br />
<br />
== [[information gathering|Information Gathering]] ==<br />
=== [[Social Engineering]] ===<br />
[[Social Engineering]] is a method of extracting information from targets by means of social/psychological manipulation for the purpose of gaining unauthorized access to desired targets later on. Techniques often rely on the follies of human nature such as our tendency to easily trust others and help our fellow man. <br />
<br />
An example scenario would be if an individual wanted to gain access to a targeted financial firm, utilizing [[social engineering]] the individual may wear a cast and crutches to approach the door just as an employee were walking out. It is reasonable to assume that if any of us were in this position we would kindly hold the door open for this person. The financial firm has just been compromised and is now vulnerable to any number of attacks. The door may have been secured with a sophisticated access card lock but it is useless against this kind of social engineering technique. The weakest link in any security set up are the users, this is a fact that [[social engineering]] [[Exploit|exploits]].<br />
<br />
== [[Exploitation]] == <br />
The best way to learn exploitation is with a solid basis in [[programming]]. The best place to start is usually with exploiting a [[programming language]] that you are familiar with. If you are familiar with [[interpreted languages]], [[web exploitation]] is the best place to begin; whereas if you are familiar with [[compiled languages]], binary exploitation is the best step for a beginner. It is also best to start with an environment already familiar to you. <br />
<br />
=== [[Web exploitation]] ===<br />
Most beginners find [[web exploitation]] to be the easiest topic to start with. This requires a strong understanding of the [[HTTP|world wide web]]. [[Web application]]s are [[programming|programmed]] using a series of [[interpreted languages]]. This nearly always involves some form of [[HTML]] and [[CSS]], originally developed to be a document and that document's stylesheet. Dynamic content is usually powered by a [[database]], and usually involves [[SQL]] code. The [[programming language]]s used to render dynamic content are [[interpreted languages|interpreted]] on the web [[server]], while languages such as [[HTML]], [[CSS]], and [[JavaScript]] are interpreted and rendered by the client. <br />
<br />
[[Web exploitation]] can be used to [[Command Injection|execute remote commands]], [[steal cookies]], [[SQL injection|extract database information]], bypass [[authentication credentials|authentication]], plant [[database]]-powered [[privilege escalation]] [[SQL backdoors|backdoors]] and more. Simply because [[exploitation]] of [[interpreted languages]] is easier than [[exploitation]] of [[compiled languages]] does not make it any less effective. This, in conjunction with the recent popularity of [[web application]]s makes it the best place to begin. We've also developed a series of [[web exploitation tools]] to assist beginners in remedial tasks.<br />
<br />
=== Binary exploitation ===<br />
Exploitation of [[compiled languages]] used to be much easier than it is today. Due to [[countermeasures]] like [[DEP]], [[ASLR]], and [[IPS]] applications/devices, [[binary]] [[exploitation]] is becoming more and more difficult. To perform a [[filter bypass]] on a modern [[Operating System]], the [[shellcode]] or [[machine code]] used during a [[buffer overflow]] exploit must be crafted to bypass all of the restrictions in place. Beginners usually start learning to write [[shellcode]] with a fundamental knowledge of [[assembly]]. Once an understanding of [[assembly]] for the respective [[operating system]] is obtained, [[null-free shellcode]] is usually the first type of shellcode written by a beginner. It is even possible to write printable and [[polymorphic]] [[alphanumeric shellcode]] and [[ascii shellcode]] for [[IDS evasion]]. The [[Bleeding Life]] project contains [[shellcode]] which utilizes [[return oriented programming]] in order to bypass [[ASLR]] and [[DEP]] [[countermeasures]] for [[vulnerability|vulnerable]] [[applications|software]] running on the Windows 7 [[operating system|Operating System]].<br />
<br />
=== Network exploitation ===<br />
Network exploitation requires a solid understanding of [[network]] [[administration]] and [[network]] [[protocols]].<br />
<br />
== [[maintaining access|Maintaining access]] ==<br />
There are several ways to maintain access, and I will attempt to cover a few of the basics here. The first such would be using innocent looking process names (init , [kthreadd], httpd, sshd, etcetera). This is to mislead administrators to hopefully overlook the process. <br />
<br />
Another such would be a lkm rootkit, on older kernels these can be an ideal way to maintain a backdoor in to the system. An important thing to remember is that anti-rootkit technologies for Linux based systems such as chkrootkit and rkhunter are merely shellscripts. These can be easily modified to even remove checks for whatever public rootkit that you may choose as well as removing the checksum checks on its own script. If it is a newer kernel you may wish to check in to something like [[Jynx Rootkit]] as this will compile on most servers.</div>MaxSchillerhttps://nets.ec/index.php?title=User:Hatter/getting_started&diff=9361User:Hatter/getting started2012-10-04T03:08:53Z<p>MaxSchiller: /* Programming Style */ badly worded sentence corrected</p>
<hr />
<div>So you're new to offensive security, and one day you want to call yourself a hacker. Understanding the building blocks of a system is the first step towards learning to control it. A solid basis in [[administration]] is needed in order to know how to use a machine. A solid basis in [[programming]] will help you understand what [[information gathering]] leads to successful [[exploitation]] and [[maintaining access]]. While [[countermeasures]] do get in the way, most can be [[IDS evasion|evaded]] or [[filter bypass|bypassed]] with an intermediate knowledge of [[programming]].<br />
<br />
This page will start you off on the right foot, it is meant to be a guide that briefly skims the surface of what hacking is composed of. A talented hacker does their research first so you have already made a good decision in your hacking career! For further inquiries we encourage you to come and talk to us on the [[IRC|Blackhat Academy IRC Network]].<br />
<br />
== [[Administration]] ==<br />
Administration can be broken into a few categories, but for the purposes of this library, administration is divided into system administration, and network administration. <br />
<br />
Mastery of an [[Operating System]] is essential. Most [[server]]s on the internet are powered by [[Linux]]. While difficult, a head-first approach to learning [[Linux]] can be obtained with [[Gentoo Installation]]. We crawl before we learn to walk. Mastery of the basics of file manipulation, diagnostic tools and the like in the Linux environment will make you much more efficient when using Linux to do anything - be it rooting a box or web exploitation - so it is advised that you check out the [[Bash book]], which will familiarize you with the commands that are essential to efficiently using a Linux system.<br />
<br />
Protecting yourself on the Internet is essential, although you have already taken the first step by using a Linux box - especially if you chose to use Gentoo. In order to protect yourself from malicious packets, see the article on [[Iptables]] for filtering incoming packets and dropping those that are potentially malicious in nature. It is also a good idea to check the [[Anonymity]] article for tips on how to keep your identity secret on the Internet - depending on just what you intend to do, these measures can be as simple or as complex as you desire.<br />
<br />
== [[Programming|Code]] == <br />
<br />
[[Programming]] is the next essential skill. While it is possible to perform exploitation on an [[application]] without any knowledge of the language it is written in, understanding of the language allows for a deeper understanding of the way the application you are exploiting handles input and processes data - if you understand what makes it work, you will understand what makes it stop working in the way you want it to. If you want to go "head-first", start with a lower level language like [[assembly]] and move on to [[compiled languages]], finishing with [[interpreted languages]]. If you prefer the easier, or "feet-first" approach, [[interpreted languages]] are the best place to start, then work towards [[assembly]] - perhaps learning one of the [[compiled languages]] in between. <br />
<br />
[[Assembly]] and [[machine code]] are the building blocks of all other [[programming language]]s. Machine code is what most people think of when they refer to "[[binary]] code" (though it is more often represented as hexadecimal opcodes), while assembly is a system of mnemonic words to make machine code easier to work with - for example, "\xcd\x80" comes "int $0x80". <br />
<br />
These languages are the predecessors to the [[C]] language, a mid-level [[compiled language]] which became the cornerstone for nearly all of the modern [[interpreted languages]], including [[PHP]], [[Perl]], [[Python]], and [[Ruby]]. The [[Linux]] operating system is written in [[C]] and [[C++]]. It is advisable to become familiar with C and at least learn enough assembly to understand how your C code is compiling. Learning interpreted languages such as PHP and Perl can also be useful for their flexibility and power.<br />
<br />
When starting out with [[programming]], it is important to avoid the kinds of mistakes that lead to [[vulnerability|vulnerabilities]] in your code - such as [[unsafe string replacement]] and other [[Design Flaws|design flaws]]. Not only does learning about these vulnerabilities prevent your own code from being [[exploitation|exploited]], but the better you understand the potential pitfalls of a language, the better you can exploit those same pitfalls.<br />
<br />
The biggest priority to the aspiring hacker and beginning programmer is to just start programming. Practice makes perfect and the sooner you start, the faster you will become a competent coder. Thankfully, it is an amazing time for people new to programming as there are now many resources for learning how to code. A good place to check out is [http://www.codecademy.com Codecademy] due to the fact that it is very beginner friendly and will get you on the road to learning essential tools in your hacking career like [[JavaScript]] and [[Python]].<br />
<br />
=== [[Programming|Programming Style]] ===<br />
<br />
A critical strategy to keep in mind is the practice of keeping your code organized and to follow the standards put forth by coders who came before you. This is known as [[programming]] style and can spell the difference between a good hacker and an amazing hacker. <br />
<br />
The vast majority of [[programming language]]s offer the ability to comment your code by using special syntax. It is important that you use comments to document your code, it's useful to think "If I returned to this code in 20 years to improve it, would I be able to tell what it was doing?". <br />
<br />
Variables are something that you will deal with constantly in your programming activities, these are names given to some piece of data and like the name implies can vary during the life of your program. Good programming style incorporates useful variable names. In other words, if you had a program that took input from a user then changed the first letter of their name it would be bad style to name that variable "apple" as opposed to "userInput". Something to strive for is code that is self-documenting, the organization and variable naming being so good that it requires few comments to explain it's execution. <br />
<br />
A major benefit of keeping good programming style is that the clear organization of your program will aid in spotting errors at a much faster rate than someone who was careless in crafting their program (resulting in the dreaded "spaghetti code"). Not only does it help in [[debugging]] but, it will also make it easier to update your code to patch any [[exploitation|exploits]]/[[vulnerability|vulnerabilities]]. There exist many other minute programming styles which are specific to the language you are learning (in [https://www.java.com/en/download/faq/whatis_java.xml Java] it is customary to use camelCase to name variables while in [[Python]] you will see variables written as name_of_var) so it is recommended that you talk with the community in order to discover best practices.<br />
<br />
== [[information gathering|Information Gathering]] ==<br />
=== [[Social Engineering]] ===<br />
[[Social Engineering]] is a method of extracting information from targets by means of social/psychological manipulation for the purpose of gaining unauthorized access to desired targets later on. Techniques often rely on the follies of human nature such as our tendency to easily trust others and help our fellow man. <br />
<br />
An example scenario would be if an individual wanted to gain access to a targeted financial firm, utilizing [[social engineering]] the individual may wear a cast and crutches to approach the door just as an employee were walking out. It is reasonable to assume that if any of us were in this position we would kindly hold the door open for this person. The financial firm has just been compromised and is now vulnerable to any number of attacks. The door may have been secured with a sophisticated access card lock but it is useless against this kind of social engineering technique. The weakest link in any security set up are the users, this is a fact that [[social engineering]] [[Exploit|exploits]].<br />
<br />
== [[Exploitation]] == <br />
The best way to learn exploitation is with a solid basis in [[programming]]. The best place to start is usually with exploiting a [[programming language]] that you are familiar with. If you are familiar with [[interpreted languages]], [[web exploitation]] is the best place to begin; whereas if you are familiar with [[compiled languages]], binary exploitation is the best step for a beginner. It is also best to start with an environment already familiar to you. <br />
<br />
=== [[Web exploitation]] ===<br />
Most beginners find [[web exploitation]] to be the easiest topic to start with. This requires a strong understanding of the [[HTTP|world wide web]]. [[Web application]]s are [[programming|programmed]] using a series of [[interpreted languages]]. This nearly always involves some form of [[HTML]] and [[CSS]], originally developed to be a document and that document's stylesheet. Dynamic content is usually powered by a [[database]], and usually involves [[SQL]] code. The [[programming language]]s used to render dynamic content are [[interpreted languages|interpreted]] on the web [[server]], while languages such as [[HTML]], [[CSS]], and [[JavaScript]] are interpreted and rendered by the client. <br />
<br />
[[Web exploitation]] can be used to [[Command Injection|execute remote commands]], [[steal cookies]], [[SQL injection|extract database information]], bypass [[authentication credentials|authentication]], plant [[database]]-powered [[privilege escalation]] [[SQL backdoors|backdoors]] and more. Simply because [[exploitation]] of [[interpreted languages]] is easier than [[exploitation]] of [[compiled languages]] does not make it any less effective. This, in conjunction with the recent popularity of [[web application]]s makes it the best place to begin. We've also developed a series of [[web exploitation tools]] to assist beginners in remedial tasks.<br />
<br />
=== Binary exploitation ===<br />
Exploitation of [[compiled languages]] used to be much easier than it is today. Due to [[countermeasures]] like [[DEP]], [[ASLR]], and [[IPS]] applications/devices, [[binary]] [[exploitation]] is becoming more and more difficult. To perform a [[filter bypass]] on a modern [[Operating System]], the [[shellcode]] or [[machine code]] used during a [[buffer overflow]] exploit must be crafted to bypass all of the restrictions in place. Beginners usually start learning to write [[shellcode]] with a fundamental knowledge of [[assembly]]. Once an understanding of [[assembly]] for the respective [[operating system]] is obtained, [[null-free shellcode]] is usually the first type of shellcode written by a beginner. It is even possible to write printable and [[polymorphic]] [[alphanumeric shellcode]] and [[ascii shellcode]] for [[IDS evasion]]. The [[Bleeding Life]] project contains [[shellcode]] which utilizes [[return oriented programming]] in order to bypass [[ASLR]] and [[DEP]] [[countermeasures]] for [[vulnerability|vulnerable]] [[applications|software]] running on the Windows 7 [[operating system|Operating System]].<br />
<br />
=== Network exploitation ===<br />
Network exploitation requires a solid understanding of [[network]] [[administration]] and [[network]] [[protocols]].<br />
<br />
== Maintaining access ==<br />
There are several ways to maintain access, and I will attempt to cover a few of the basics here. The first such would be using innocent looking process names (init , [kthreadd], httpd, sshd, etcetera). This is to mislead administrators to hopefully overlook the process. <br />
<br />
Another such would be a lkm rootkit, on older kernels these can be an ideal way to maintain a backdoor in to the system. An important thing to remember is that anti-rootkit technologies for Linux based systems such as chkrootkit and rkhunter are merely shellscripts. These can be easily modified to even remove checks for whatever public rootkit that you may choose as well as removing the checksum checks on its own script. If it is a newer kernel you may wish to check in to something like [[Jynx Rootkit]] as this will compile on most servers.</div>MaxSchillerhttps://nets.ec/index.php?title=User:Hatter/getting_started&diff=9360User:Hatter/getting started2012-10-04T03:04:21Z<p>MaxSchiller: /* Binary exploitation */ minor changes in capitalization</p>
<hr />
<div>So you're new to offensive security, and one day you want to call yourself a hacker. Understanding the building blocks of a system is the first step towards learning to control it. A solid basis in [[administration]] is needed in order to know how to use a machine. A solid basis in [[programming]] will help you understand what [[information gathering]] leads to successful [[exploitation]] and [[maintaining access]]. While [[countermeasures]] do get in the way, most can be [[IDS evasion|evaded]] or [[filter bypass|bypassed]] with an intermediate knowledge of [[programming]].<br />
<br />
This page will start you off on the right foot, it is meant to be a guide that briefly skims the surface of what hacking is composed of. A talented hacker does their research first so you have already made a good decision in your hacking career! For further inquiries we encourage you to come and talk to us on the [[IRC|Blackhat Academy IRC Network]].<br />
<br />
== [[Administration]] ==<br />
Administration can be broken into a few categories, but for the purposes of this library, administration is divided into system administration, and network administration. <br />
<br />
Mastery of an [[Operating System]] is essential. Most [[server]]s on the internet are powered by [[Linux]]. While difficult, a head-first approach to learning [[Linux]] can be obtained with [[Gentoo Installation]]. We crawl before we learn to walk. Mastery of the basics of file manipulation, diagnostic tools and the like in the Linux environment will make you much more efficient when using Linux to do anything - be it rooting a box or web exploitation - so it is advised that you check out the [[Bash book]], which will familiarize you with the commands that are essential to efficiently using a Linux system.<br />
<br />
Protecting yourself on the Internet is essential, although you have already taken the first step by using a Linux box - especially if you chose to use Gentoo. In order to protect yourself from malicious packets, see the article on [[Iptables]] for filtering incoming packets and dropping those that are potentially malicious in nature. It is also a good idea to check the [[Anonymity]] article for tips on how to keep your identity secret on the Internet - depending on just what you intend to do, these measures can be as simple or as complex as you desire.<br />
<br />
== [[Programming|Code]] == <br />
<br />
[[Programming]] is the next essential skill. While it is possible to perform exploitation on an [[application]] without any knowledge of the language it is written in, understanding of the language allows for a deeper understanding of the way the application you are exploiting handles input and processes data - if you understand what makes it work, you will understand what makes it stop working in the way you want it to. If you want to go "head-first", start with a lower level language like [[assembly]] and move on to [[compiled languages]], finishing with [[interpreted languages]]. If you prefer the easier, or "feet-first" approach, [[interpreted languages]] are the best place to start, then work towards [[assembly]] - perhaps learning one of the [[compiled languages]] in between. <br />
<br />
[[Assembly]] and [[machine code]] are the building blocks of all other [[programming language]]s. Machine code is what most people think of when they refer to "[[binary]] code" (though it is more often represented as hexadecimal opcodes), while assembly is a system of mnemonic words to make machine code easier to work with - for example, "\xcd\x80" comes "int $0x80". <br />
<br />
These languages are the predecessors to the [[C]] language, a mid-level [[compiled language]] which became the cornerstone for nearly all of the modern [[interpreted languages]], including [[PHP]], [[Perl]], [[Python]], and [[Ruby]]. The [[Linux]] operating system is written in [[C]] and [[C++]]. It is advisable to become familiar with C and at least learn enough assembly to understand how your C code is compiling. Learning interpreted languages such as PHP and Perl can also be useful for their flexibility and power.<br />
<br />
When starting out with [[programming]], it is important to avoid the kinds of mistakes that lead to [[vulnerability|vulnerabilities]] in your code - such as [[unsafe string replacement]] and other [[Design Flaws|design flaws]]. Not only does learning about these vulnerabilities prevent your own code from being [[exploitation|exploited]], but the better you understand the potential pitfalls of a language, the better you can exploit those same pitfalls.<br />
<br />
The biggest priority to the aspiring hacker and beginning programmer is to just start programming. Practice makes perfect and the sooner you start, the faster you will become a competent coder. Thankfully, it is an amazing time for people new to programming as there are now many resources for learning how to code. A good place to check out is [http://www.codecademy.com Codecademy] due to the fact that it is very beginner friendly and will get you on the road to learning essential tools in your hacking career like [[JavaScript]] and [[Python]].<br />
<br />
=== [[Programming|Programming Style]] ===<br />
<br />
A critical strategy to keep in mind is the practice of keeping your code organized and to follow the standards put forth by coders who came before you. This is known as [[programming]] style and can spell the difference between a good hacker and an amazing hacker. <br />
<br />
The vast majority of [[programming language]]s offer the ability to comment your code by using special syntax. It is important that you use comments to document your code, it's useful to think "If I returned to this code in 20 years to improve it, would I be able to tell what it was doing?". <br />
<br />
Variables are something that you will deal with constantly in your programming activities, these are names given to some piece of data and like the name implies can vary during the life of your program. Good programming style incorporates useful variable names. In other words, if you had a program that took input from a user then changed the first letter of their name it would be bad style to name that variable "apple" as opposed to "userInput". Something to strive for is code that is self-documenting, the organization and variable naming being so good that it requires few comments to explain it's execution. <br />
<br />
A major benefit of keeping good programming style is that the clear organization of your program will aid in spotting errors at a much faster rate than someone who was careless in crafting their program (resulting in the dreaded "spaghetti code"). Not only does it help in [[debugging]] but, it will also make it easier to update your code to patch any [[exploitation|exploits]]/[[vulnerability|vulnerabilities]]. There exist many other minute programming styles which are specific to the language you are learning (in [https://www.java.com/en/download/faq/whatis_java.xml Java] it is customary to use camelCase to name variables while in [[Python]] you will see variables written as name_of_var) so it is best to talk with the community in order to discover best practices.<br />
<br />
== [[information gathering|Information Gathering]] ==<br />
=== [[Social Engineering]] ===<br />
[[Social Engineering]] is a method of extracting information from targets by means of social/psychological manipulation for the purpose of gaining unauthorized access to desired targets later on. Techniques often rely on the follies of human nature such as our tendency to easily trust others and help our fellow man. <br />
<br />
An example scenario would be if an individual wanted to gain access to a targeted financial firm, utilizing [[social engineering]] the individual may wear a cast and crutches to approach the door just as an employee were walking out. It is reasonable to assume that if any of us were in this position we would kindly hold the door open for this person. The financial firm has just been compromised and is now vulnerable to any number of attacks. The door may have been secured with a sophisticated access card lock but it is useless against this kind of social engineering technique. The weakest link in any security set up are the users, this is a fact that [[social engineering]] [[Exploit|exploits]].<br />
<br />
== [[Exploitation]] == <br />
The best way to learn exploitation is with a solid basis in [[programming]]. The best place to start is usually with exploiting a [[programming language]] that you are familiar with. If you are familiar with [[interpreted languages]], [[web exploitation]] is the best place to begin; whereas if you are familiar with [[compiled languages]], binary exploitation is the best step for a beginner. It is also best to start with an environment already familiar to you. <br />
<br />
=== [[Web exploitation]] ===<br />
Most beginners find [[web exploitation]] to be the easiest topic to start with. This requires a strong understanding of the [[HTTP|world wide web]]. [[Web application]]s are [[programming|programmed]] using a series of [[interpreted languages]]. This nearly always involves some form of [[HTML]] and [[CSS]], originally developed to be a document and that document's stylesheet. Dynamic content is usually powered by a [[database]], and usually involves [[SQL]] code. The [[programming language]]s used to render dynamic content are [[interpreted languages|interpreted]] on the web [[server]], while languages such as [[HTML]], [[CSS]], and [[JavaScript]] are interpreted and rendered by the client. <br />
<br />
[[Web exploitation]] can be used to [[Command Injection|execute remote commands]], [[steal cookies]], [[SQL injection|extract database information]], bypass [[authentication credentials|authentication]], plant [[database]]-powered [[privilege escalation]] [[SQL backdoors|backdoors]] and more. Simply because [[exploitation]] of [[interpreted languages]] is easier than [[exploitation]] of [[compiled languages]] does not make it any less effective. This, in conjunction with the recent popularity of [[web application]]s makes it the best place to begin. We've also developed a series of [[web exploitation tools]] to assist beginners in remedial tasks.<br />
<br />
=== Binary exploitation ===<br />
Exploitation of [[compiled languages]] used to be much easier than it is today. Due to [[countermeasures]] like [[DEP]], [[ASLR]], and [[IPS]] applications/devices, [[binary]] [[exploitation]] is becoming more and more difficult. To perform a [[filter bypass]] on a modern [[Operating System]], the [[shellcode]] or [[machine code]] used during a [[buffer overflow]] exploit must be crafted to bypass all of the restrictions in place. Beginners usually start learning to write [[shellcode]] with a fundamental knowledge of [[assembly]]. Once an understanding of [[assembly]] for the respective [[operating system]] is obtained, [[null-free shellcode]] is usually the first type of shellcode written by a beginner. It is even possible to write printable and [[polymorphic]] [[alphanumeric shellcode]] and [[ascii shellcode]] for [[IDS evasion]]. The [[Bleeding Life]] project contains [[shellcode]] which utilizes [[return oriented programming]] in order to bypass [[ASLR]] and [[DEP]] [[countermeasures]] for [[vulnerability|vulnerable]] [[applications|software]] running on the Windows 7 [[operating system|Operating System]].<br />
<br />
=== Network exploitation ===<br />
Network exploitation requires a solid understanding of [[network]] [[administration]] and [[network]] [[protocols]].<br />
<br />
== Maintaining access ==<br />
There are several ways to maintain access, and I will attempt to cover a few of the basics here. The first such would be using innocent looking process names (init , [kthreadd], httpd, sshd, etcetera). This is to mislead administrators to hopefully overlook the process. <br />
<br />
Another such would be a lkm rootkit, on older kernels these can be an ideal way to maintain a backdoor in to the system. An important thing to remember is that anti-rootkit technologies for Linux based systems such as chkrootkit and rkhunter are merely shellscripts. These can be easily modified to even remove checks for whatever public rootkit that you may choose as well as removing the checksum checks on its own script. If it is a newer kernel you may wish to check in to something like [[Jynx Rootkit]] as this will compile on most servers.</div>MaxSchillerhttps://nets.ec/index.php?title=User:Hatter/getting_started&diff=9359User:Hatter/getting started2012-10-04T02:58:36Z<p>MaxSchiller: /* Information Gathering */ Changed link for SEO reasons</p>
<hr />
<div>So you're new to offensive security, and one day you want to call yourself a hacker. Understanding the building blocks of a system is the first step towards learning to control it. A solid basis in [[administration]] is needed in order to know how to use a machine. A solid basis in [[programming]] will help you understand what [[information gathering]] leads to successful [[exploitation]] and [[maintaining access]]. While [[countermeasures]] do get in the way, most can be [[IDS evasion|evaded]] or [[filter bypass|bypassed]] with an intermediate knowledge of [[programming]].<br />
<br />
This page will start you off on the right foot, it is meant to be a guide that briefly skims the surface of what hacking is composed of. A talented hacker does their research first so you have already made a good decision in your hacking career! For further inquiries we encourage you to come and talk to us on the [[IRC|Blackhat Academy IRC Network]].<br />
<br />
== [[Administration]] ==<br />
Administration can be broken into a few categories, but for the purposes of this library, administration is divided into system administration, and network administration. <br />
<br />
Mastery of an [[Operating System]] is essential. Most [[server]]s on the internet are powered by [[Linux]]. While difficult, a head-first approach to learning [[Linux]] can be obtained with [[Gentoo Installation]]. We crawl before we learn to walk. Mastery of the basics of file manipulation, diagnostic tools and the like in the Linux environment will make you much more efficient when using Linux to do anything - be it rooting a box or web exploitation - so it is advised that you check out the [[Bash book]], which will familiarize you with the commands that are essential to efficiently using a Linux system.<br />
<br />
Protecting yourself on the Internet is essential, although you have already taken the first step by using a Linux box - especially if you chose to use Gentoo. In order to protect yourself from malicious packets, see the article on [[Iptables]] for filtering incoming packets and dropping those that are potentially malicious in nature. It is also a good idea to check the [[Anonymity]] article for tips on how to keep your identity secret on the Internet - depending on just what you intend to do, these measures can be as simple or as complex as you desire.<br />
<br />
== [[Programming|Code]] == <br />
<br />
[[Programming]] is the next essential skill. While it is possible to perform exploitation on an [[application]] without any knowledge of the language it is written in, understanding of the language allows for a deeper understanding of the way the application you are exploiting handles input and processes data - if you understand what makes it work, you will understand what makes it stop working in the way you want it to. If you want to go "head-first", start with a lower level language like [[assembly]] and move on to [[compiled languages]], finishing with [[interpreted languages]]. If you prefer the easier, or "feet-first" approach, [[interpreted languages]] are the best place to start, then work towards [[assembly]] - perhaps learning one of the [[compiled languages]] in between. <br />
<br />
[[Assembly]] and [[machine code]] are the building blocks of all other [[programming language]]s. Machine code is what most people think of when they refer to "[[binary]] code" (though it is more often represented as hexadecimal opcodes), while assembly is a system of mnemonic words to make machine code easier to work with - for example, "\xcd\x80" comes "int $0x80". <br />
<br />
These languages are the predecessors to the [[C]] language, a mid-level [[compiled language]] which became the cornerstone for nearly all of the modern [[interpreted languages]], including [[PHP]], [[Perl]], [[Python]], and [[Ruby]]. The [[Linux]] operating system is written in [[C]] and [[C++]]. It is advisable to become familiar with C and at least learn enough assembly to understand how your C code is compiling. Learning interpreted languages such as PHP and Perl can also be useful for their flexibility and power.<br />
<br />
When starting out with [[programming]], it is important to avoid the kinds of mistakes that lead to [[vulnerability|vulnerabilities]] in your code - such as [[unsafe string replacement]] and other [[Design Flaws|design flaws]]. Not only does learning about these vulnerabilities prevent your own code from being [[exploitation|exploited]], but the better you understand the potential pitfalls of a language, the better you can exploit those same pitfalls.<br />
<br />
The biggest priority to the aspiring hacker and beginning programmer is to just start programming. Practice makes perfect and the sooner you start, the faster you will become a competent coder. Thankfully, it is an amazing time for people new to programming as there are now many resources for learning how to code. A good place to check out is [http://www.codecademy.com Codecademy] due to the fact that it is very beginner friendly and will get you on the road to learning essential tools in your hacking career like [[JavaScript]] and [[Python]].<br />
<br />
=== [[Programming|Programming Style]] ===<br />
<br />
A critical strategy to keep in mind is the practice of keeping your code organized and to follow the standards put forth by coders who came before you. This is known as [[programming]] style and can spell the difference between a good hacker and an amazing hacker. <br />
<br />
The vast majority of [[programming language]]s offer the ability to comment your code by using special syntax. It is important that you use comments to document your code, it's useful to think "If I returned to this code in 20 years to improve it, would I be able to tell what it was doing?". <br />
<br />
Variables are something that you will deal with constantly in your programming activities, these are names given to some piece of data and like the name implies can vary during the life of your program. Good programming style incorporates useful variable names. In other words, if you had a program that took input from a user then changed the first letter of their name it would be bad style to name that variable "apple" as opposed to "userInput". Something to strive for is code that is self-documenting, the organization and variable naming being so good that it requires few comments to explain it's execution. <br />
<br />
A major benefit of keeping good programming style is that the clear organization of your program will aid in spotting errors at a much faster rate than someone who was careless in crafting their program (resulting in the dreaded "spaghetti code"). Not only does it help in [[debugging]] but, it will also make it easier to update your code to patch any [[exploitation|exploits]]/[[vulnerability|vulnerabilities]]. There exist many other minute programming styles which are specific to the language you are learning (in [https://www.java.com/en/download/faq/whatis_java.xml Java] it is customary to use camelCase to name variables while in [[Python]] you will see variables written as name_of_var) so it is best to talk with the community in order to discover best practices.<br />
<br />
== [[information gathering|Information Gathering]] ==<br />
=== [[Social Engineering]] ===<br />
[[Social Engineering]] is a method of extracting information from targets by means of social/psychological manipulation for the purpose of gaining unauthorized access to desired targets later on. Techniques often rely on the follies of human nature such as our tendency to easily trust others and help our fellow man. <br />
<br />
An example scenario would be if an individual wanted to gain access to a targeted financial firm, utilizing [[social engineering]] the individual may wear a cast and crutches to approach the door just as an employee were walking out. It is reasonable to assume that if any of us were in this position we would kindly hold the door open for this person. The financial firm has just been compromised and is now vulnerable to any number of attacks. The door may have been secured with a sophisticated access card lock but it is useless against this kind of social engineering technique. The weakest link in any security set up are the users, this is a fact that [[social engineering]] [[Exploit|exploits]].<br />
<br />
== [[Exploitation]] == <br />
The best way to learn exploitation is with a solid basis in [[programming]]. The best place to start is usually with exploiting a [[programming language]] that you are familiar with. If you are familiar with [[interpreted languages]], [[web exploitation]] is the best place to begin; whereas if you are familiar with [[compiled languages]], binary exploitation is the best step for a beginner. It is also best to start with an environment already familiar to you. <br />
<br />
=== [[Web exploitation]] ===<br />
Most beginners find [[web exploitation]] to be the easiest topic to start with. This requires a strong understanding of the [[HTTP|world wide web]]. [[Web application]]s are [[programming|programmed]] using a series of [[interpreted languages]]. This nearly always involves some form of [[HTML]] and [[CSS]], originally developed to be a document and that document's stylesheet. Dynamic content is usually powered by a [[database]], and usually involves [[SQL]] code. The [[programming language]]s used to render dynamic content are [[interpreted languages|interpreted]] on the web [[server]], while languages such as [[HTML]], [[CSS]], and [[JavaScript]] are interpreted and rendered by the client. <br />
<br />
[[Web exploitation]] can be used to [[Command Injection|execute remote commands]], [[steal cookies]], [[SQL injection|extract database information]], bypass [[authentication credentials|authentication]], plant [[database]]-powered [[privilege escalation]] [[SQL backdoors|backdoors]] and more. Simply because [[exploitation]] of [[interpreted languages]] is easier than [[exploitation]] of [[compiled languages]] does not make it any less effective. This, in conjunction with the recent popularity of [[web application]]s makes it the best place to begin. We've also developed a series of [[web exploitation tools]] to assist beginners in remedial tasks.<br />
<br />
=== Binary exploitation ===<br />
Exploitation of [[compiled languages]] used to be much easier than it is today. Due to [[countermeasures]] like [[DEP]], [[ASLR]], and [[IPS]] applications/devices, [[binary]] [[exploitation]] is becoming more and more difficult. To perform a [[filter bypass]] on a modern [[Operating System]], the [[shellcode]] or [[machine code]] used during a [[buffer overflow]] exploit must be crafted to bypass all of the restrictions in place. Beginners usually start learning to write [[shellcode]] with a fundamental knowledge of [[assembly]]. Once an understanding of [[assembly]] for the respective [[operating system]] is obtained, [[null-free shellcode]] is usually the first type of shellcode written by a beginner. It is even possible to write printable and [[polymorphic]] [[alphanumeric shellcode]] and [[ascii shellcode]] for [[IDS evasion]]. The [[Bleeding Life]] project contains [[shellcode]] which utilizes [[return oriented programming]] in order to bypass [[ASLR]] and [[DEP]] [[countermeasures]] for [[vulnerability|vulnerable]] [[applications|software]] running on the windows 7 [[operating system]].<br />
<br />
=== Network exploitation ===<br />
Network exploitation requires a solid understanding of [[network]] [[administration]] and [[network]] [[protocols]].<br />
<br />
== Maintaining access ==<br />
There are several ways to maintain access, and I will attempt to cover a few of the basics here. The first such would be using innocent looking process names (init , [kthreadd], httpd, sshd, etcetera). This is to mislead administrators to hopefully overlook the process. <br />
<br />
Another such would be a lkm rootkit, on older kernels these can be an ideal way to maintain a backdoor in to the system. An important thing to remember is that anti-rootkit technologies for Linux based systems such as chkrootkit and rkhunter are merely shellscripts. These can be easily modified to even remove checks for whatever public rootkit that you may choose as well as removing the checksum checks on its own script. If it is a newer kernel you may wish to check in to something like [[Jynx Rootkit]] as this will compile on most servers.</div>MaxSchillerhttps://nets.ec/index.php?title=User:Hatter/getting_started&diff=9358User:Hatter/getting started2012-10-04T02:55:27Z<p>MaxSchiller: /* Exploitation */</p>
<hr />
<div>So you're new to offensive security, and one day you want to call yourself a hacker. Understanding the building blocks of a system is the first step towards learning to control it. A solid basis in [[administration]] is needed in order to know how to use a machine. A solid basis in [[programming]] will help you understand what [[information gathering]] leads to successful [[exploitation]] and [[maintaining access]]. While [[countermeasures]] do get in the way, most can be [[IDS evasion|evaded]] or [[filter bypass|bypassed]] with an intermediate knowledge of [[programming]].<br />
<br />
This page will start you off on the right foot, it is meant to be a guide that briefly skims the surface of what hacking is composed of. A talented hacker does their research first so you have already made a good decision in your hacking career! For further inquiries we encourage you to come and talk to us on the [[IRC|Blackhat Academy IRC Network]].<br />
<br />
== [[Administration]] ==<br />
Administration can be broken into a few categories, but for the purposes of this library, administration is divided into system administration, and network administration. <br />
<br />
Mastery of an [[Operating System]] is essential. Most [[server]]s on the internet are powered by [[Linux]]. While difficult, a head-first approach to learning [[Linux]] can be obtained with [[Gentoo Installation]]. We crawl before we learn to walk. Mastery of the basics of file manipulation, diagnostic tools and the like in the Linux environment will make you much more efficient when using Linux to do anything - be it rooting a box or web exploitation - so it is advised that you check out the [[Bash book]], which will familiarize you with the commands that are essential to efficiently using a Linux system.<br />
<br />
Protecting yourself on the Internet is essential, although you have already taken the first step by using a Linux box - especially if you chose to use Gentoo. In order to protect yourself from malicious packets, see the article on [[Iptables]] for filtering incoming packets and dropping those that are potentially malicious in nature. It is also a good idea to check the [[Anonymity]] article for tips on how to keep your identity secret on the Internet - depending on just what you intend to do, these measures can be as simple or as complex as you desire.<br />
<br />
== [[Programming|Code]] == <br />
<br />
[[Programming]] is the next essential skill. While it is possible to perform exploitation on an [[application]] without any knowledge of the language it is written in, understanding of the language allows for a deeper understanding of the way the application you are exploiting handles input and processes data - if you understand what makes it work, you will understand what makes it stop working in the way you want it to. If you want to go "head-first", start with a lower level language like [[assembly]] and move on to [[compiled languages]], finishing with [[interpreted languages]]. If you prefer the easier, or "feet-first" approach, [[interpreted languages]] are the best place to start, then work towards [[assembly]] - perhaps learning one of the [[compiled languages]] in between. <br />
<br />
[[Assembly]] and [[machine code]] are the building blocks of all other [[programming language]]s. Machine code is what most people think of when they refer to "[[binary]] code" (though it is more often represented as hexadecimal opcodes), while assembly is a system of mnemonic words to make machine code easier to work with - for example, "\xcd\x80" comes "int $0x80". <br />
<br />
These languages are the predecessors to the [[C]] language, a mid-level [[compiled language]] which became the cornerstone for nearly all of the modern [[interpreted languages]], including [[PHP]], [[Perl]], [[Python]], and [[Ruby]]. The [[Linux]] operating system is written in [[C]] and [[C++]]. It is advisable to become familiar with C and at least learn enough assembly to understand how your C code is compiling. Learning interpreted languages such as PHP and Perl can also be useful for their flexibility and power.<br />
<br />
When starting out with [[programming]], it is important to avoid the kinds of mistakes that lead to [[vulnerability|vulnerabilities]] in your code - such as [[unsafe string replacement]] and other [[Design Flaws|design flaws]]. Not only does learning about these vulnerabilities prevent your own code from being [[exploitation|exploited]], but the better you understand the potential pitfalls of a language, the better you can exploit those same pitfalls.<br />
<br />
The biggest priority to the aspiring hacker and beginning programmer is to just start programming. Practice makes perfect and the sooner you start, the faster you will become a competent coder. Thankfully, it is an amazing time for people new to programming as there are now many resources for learning how to code. A good place to check out is [http://www.codecademy.com Codecademy] due to the fact that it is very beginner friendly and will get you on the road to learning essential tools in your hacking career like [[JavaScript]] and [[Python]].<br />
<br />
=== [[Programming|Programming Style]] ===<br />
<br />
A critical strategy to keep in mind is the practice of keeping your code organized and to follow the standards put forth by coders who came before you. This is known as [[programming]] style and can spell the difference between a good hacker and an amazing hacker. <br />
<br />
The vast majority of [[programming language]]s offer the ability to comment your code by using special syntax. It is important that you use comments to document your code, it's useful to think "If I returned to this code in 20 years to improve it, would I be able to tell what it was doing?". <br />
<br />
Variables are something that you will deal with constantly in your programming activities, these are names given to some piece of data and like the name implies can vary during the life of your program. Good programming style incorporates useful variable names. In other words, if you had a program that took input from a user then changed the first letter of their name it would be bad style to name that variable "apple" as opposed to "userInput". Something to strive for is code that is self-documenting, the organization and variable naming being so good that it requires few comments to explain it's execution. <br />
<br />
A major benefit of keeping good programming style is that the clear organization of your program will aid in spotting errors at a much faster rate than someone who was careless in crafting their program (resulting in the dreaded "spaghetti code"). Not only does it help in [[debugging]] but, it will also make it easier to update your code to patch any [[exploitation|exploits]]/[[vulnerability|vulnerabilities]]. There exist many other minute programming styles which are specific to the language you are learning (in [https://www.java.com/en/download/faq/whatis_java.xml Java] it is customary to use camelCase to name variables while in [[Python]] you will see variables written as name_of_var) so it is best to talk with the community in order to discover best practices.<br />
<br />
== [[:Category:Information_Gathering|Information Gathering]] ==<br />
=== [[Social Engineering]] ===<br />
[[Social Engineering]] is a method of extracting information from targets by means of social/psychological manipulation for the purpose of gaining unauthorized access to desired targets later on. Techniques often rely on the follies of human nature such as our tendency to easily trust others and help our fellow man. <br />
<br />
An example scenario would be if an individual wanted to gain access to a targeted financial firm, utilizing [[social engineering]] the individual may wear a cast and crutches to approach the door just as an employee were walking out. It is reasonable to assume that if any of us were in this position we would kindly hold the door open for this person. The financial firm has just been compromised and is now vulnerable to any number of attacks. The door may have been secured with a sophisticated access card lock but it is useless against this kind of social engineering technique. The weakest link in any security set up are the users, this is a fact that [[social engineering]] [[Exploit|exploits]].<br />
<br />
== [[Exploitation]] == <br />
The best way to learn exploitation is with a solid basis in [[programming]]. The best place to start is usually with exploiting a [[programming language]] that you are familiar with. If you are familiar with [[interpreted languages]], [[web exploitation]] is the best place to begin; whereas if you are familiar with [[compiled languages]], binary exploitation is the best step for a beginner. It is also best to start with an environment already familiar to you. <br />
<br />
=== [[Web exploitation]] ===<br />
Most beginners find [[web exploitation]] to be the easiest topic to start with. This requires a strong understanding of the [[HTTP|world wide web]]. [[Web application]]s are [[programming|programmed]] using a series of [[interpreted languages]]. This nearly always involves some form of [[HTML]] and [[CSS]], originally developed to be a document and that document's stylesheet. Dynamic content is usually powered by a [[database]], and usually involves [[SQL]] code. The [[programming language]]s used to render dynamic content are [[interpreted languages|interpreted]] on the web [[server]], while languages such as [[HTML]], [[CSS]], and [[JavaScript]] are interpreted and rendered by the client. <br />
<br />
[[Web exploitation]] can be used to [[Command Injection|execute remote commands]], [[steal cookies]], [[SQL injection|extract database information]], bypass [[authentication credentials|authentication]], plant [[database]]-powered [[privilege escalation]] [[SQL backdoors|backdoors]] and more. Simply because [[exploitation]] of [[interpreted languages]] is easier than [[exploitation]] of [[compiled languages]] does not make it any less effective. This, in conjunction with the recent popularity of [[web application]]s makes it the best place to begin. We've also developed a series of [[web exploitation tools]] to assist beginners in remedial tasks.<br />
<br />
=== Binary exploitation ===<br />
Exploitation of [[compiled languages]] used to be much easier than it is today. Due to [[countermeasures]] like [[DEP]], [[ASLR]], and [[IPS]] applications/devices, [[binary]] [[exploitation]] is becoming more and more difficult. To perform a [[filter bypass]] on a modern [[Operating System]], the [[shellcode]] or [[machine code]] used during a [[buffer overflow]] exploit must be crafted to bypass all of the restrictions in place. Beginners usually start learning to write [[shellcode]] with a fundamental knowledge of [[assembly]]. Once an understanding of [[assembly]] for the respective [[operating system]] is obtained, [[null-free shellcode]] is usually the first type of shellcode written by a beginner. It is even possible to write printable and [[polymorphic]] [[alphanumeric shellcode]] and [[ascii shellcode]] for [[IDS evasion]]. The [[Bleeding Life]] project contains [[shellcode]] which utilizes [[return oriented programming]] in order to bypass [[ASLR]] and [[DEP]] [[countermeasures]] for [[vulnerability|vulnerable]] [[applications|software]] running on the windows 7 [[operating system]].<br />
<br />
=== Network exploitation ===<br />
Network exploitation requires a solid understanding of [[network]] [[administration]] and [[network]] [[protocols]].<br />
<br />
== Maintaining access ==<br />
There are several ways to maintain access, and I will attempt to cover a few of the basics here. The first such would be using innocent looking process names (init , [kthreadd], httpd, sshd, etcetera). This is to mislead administrators to hopefully overlook the process. <br />
<br />
Another such would be a lkm rootkit, on older kernels these can be an ideal way to maintain a backdoor in to the system. An important thing to remember is that anti-rootkit technologies for Linux based systems such as chkrootkit and rkhunter are merely shellscripts. These can be easily modified to even remove checks for whatever public rootkit that you may choose as well as removing the checksum checks on its own script. If it is a newer kernel you may wish to check in to something like [[Jynx Rootkit]] as this will compile on most servers.</div>MaxSchillerhttps://nets.ec/index.php?title=User:Hatter/getting_started&diff=9357User:Hatter/getting started2012-10-04T02:50:08Z<p>MaxSchiller: /* Introduction */ Added a brief explanation of the guide presented as well as an invitation to the IRC network linking to the IRC page.</p>
<hr />
<div>So you're new to offensive security, and one day you want to call yourself a hacker. Understanding the building blocks of a system is the first step towards learning to control it. A solid basis in [[administration]] is needed in order to know how to use a machine. A solid basis in [[programming]] will help you understand what [[information gathering]] leads to successful [[exploitation]] and [[maintaining access]]. While [[countermeasures]] do get in the way, most can be [[IDS evasion|evaded]] or [[filter bypass|bypassed]] with an intermediate knowledge of [[programming]].<br />
<br />
This page will start you off on the right foot, it is meant to be a guide that briefly skims the surface of what hacking is composed of. A talented hacker does their research first so you have already made a good decision in your hacking career! For further inquiries we encourage you to come and talk to us on the [[IRC|Blackhat Academy IRC Network]].<br />
<br />
== [[Administration]] ==<br />
Administration can be broken into a few categories, but for the purposes of this library, administration is divided into system administration, and network administration. <br />
<br />
Mastery of an [[Operating System]] is essential. Most [[server]]s on the internet are powered by [[Linux]]. While difficult, a head-first approach to learning [[Linux]] can be obtained with [[Gentoo Installation]]. We crawl before we learn to walk. Mastery of the basics of file manipulation, diagnostic tools and the like in the Linux environment will make you much more efficient when using Linux to do anything - be it rooting a box or web exploitation - so it is advised that you check out the [[Bash book]], which will familiarize you with the commands that are essential to efficiently using a Linux system.<br />
<br />
Protecting yourself on the Internet is essential, although you have already taken the first step by using a Linux box - especially if you chose to use Gentoo. In order to protect yourself from malicious packets, see the article on [[Iptables]] for filtering incoming packets and dropping those that are potentially malicious in nature. It is also a good idea to check the [[Anonymity]] article for tips on how to keep your identity secret on the Internet - depending on just what you intend to do, these measures can be as simple or as complex as you desire.<br />
<br />
== [[Programming|Code]] == <br />
<br />
[[Programming]] is the next essential skill. While it is possible to perform exploitation on an [[application]] without any knowledge of the language it is written in, understanding of the language allows for a deeper understanding of the way the application you are exploiting handles input and processes data - if you understand what makes it work, you will understand what makes it stop working in the way you want it to. If you want to go "head-first", start with a lower level language like [[assembly]] and move on to [[compiled languages]], finishing with [[interpreted languages]]. If you prefer the easier, or "feet-first" approach, [[interpreted languages]] are the best place to start, then work towards [[assembly]] - perhaps learning one of the [[compiled languages]] in between. <br />
<br />
[[Assembly]] and [[machine code]] are the building blocks of all other [[programming language]]s. Machine code is what most people think of when they refer to "[[binary]] code" (though it is more often represented as hexadecimal opcodes), while assembly is a system of mnemonic words to make machine code easier to work with - for example, "\xcd\x80" comes "int $0x80". <br />
<br />
These languages are the predecessors to the [[C]] language, a mid-level [[compiled language]] which became the cornerstone for nearly all of the modern [[interpreted languages]], including [[PHP]], [[Perl]], [[Python]], and [[Ruby]]. The [[Linux]] operating system is written in [[C]] and [[C++]]. It is advisable to become familiar with C and at least learn enough assembly to understand how your C code is compiling. Learning interpreted languages such as PHP and Perl can also be useful for their flexibility and power.<br />
<br />
When starting out with [[programming]], it is important to avoid the kinds of mistakes that lead to [[vulnerability|vulnerabilities]] in your code - such as [[unsafe string replacement]] and other [[Design Flaws|design flaws]]. Not only does learning about these vulnerabilities prevent your own code from being [[exploitation|exploited]], but the better you understand the potential pitfalls of a language, the better you can exploit those same pitfalls.<br />
<br />
The biggest priority to the aspiring hacker and beginning programmer is to just start programming. Practice makes perfect and the sooner you start, the faster you will become a competent coder. Thankfully, it is an amazing time for people new to programming as there are now many resources for learning how to code. A good place to check out is [http://www.codecademy.com Codecademy] due to the fact that it is very beginner friendly and will get you on the road to learning essential tools in your hacking career like [[JavaScript]] and [[Python]].<br />
<br />
=== [[Programming|Programming Style]] ===<br />
<br />
A critical strategy to keep in mind is the practice of keeping your code organized and to follow the standards put forth by coders who came before you. This is known as [[programming]] style and can spell the difference between a good hacker and an amazing hacker. <br />
<br />
The vast majority of [[programming language]]s offer the ability to comment your code by using special syntax. It is important that you use comments to document your code, it's useful to think "If I returned to this code in 20 years to improve it, would I be able to tell what it was doing?". <br />
<br />
Variables are something that you will deal with constantly in your programming activities, these are names given to some piece of data and like the name implies can vary during the life of your program. Good programming style incorporates useful variable names. In other words, if you had a program that took input from a user then changed the first letter of their name it would be bad style to name that variable "apple" as opposed to "userInput". Something to strive for is code that is self-documenting, the organization and variable naming being so good that it requires few comments to explain it's execution. <br />
<br />
A major benefit of keeping good programming style is that the clear organization of your program will aid in spotting errors at a much faster rate than someone who was careless in crafting their program (resulting in the dreaded "spaghetti code"). Not only does it help in [[debugging]] but, it will also make it easier to update your code to patch any [[exploitation|exploits]]/[[vulnerability|vulnerabilities]]. There exist many other minute programming styles which are specific to the language you are learning (in [https://www.java.com/en/download/faq/whatis_java.xml Java] it is customary to use camelCase to name variables while in [[Python]] you will see variables written as name_of_var) so it is best to talk with the community in order to discover best practices.<br />
<br />
== [[:Category:Information_Gathering|Information Gathering]] ==<br />
=== [[Social Engineering]] ===<br />
[[Social Engineering]] is a method of extracting information from targets by means of social/psychological manipulation for the purpose of gaining unauthorized access to desired targets later on. Techniques often rely on the follies of human nature such as our tendency to easily trust others and help our fellow man. <br />
<br />
An example scenario would be if an individual wanted to gain access to a targeted financial firm, utilizing [[social engineering]] the individual may wear a cast and crutches to approach the door just as an employee were walking out. It is reasonable to assume that if any of us were in this position we would kindly hold the door open for this person. The financial firm has just been compromised and is now vulnerable to any number of attacks. The door may have been secured with a sophisticated access card lock but it is useless against this kind of social engineering technique. The weakest link in any security set up are the users, this is a fact that [[social engineering]] [[Exploit|exploits]].<br />
<br />
== [[:Category:Exploitation|Exploitation]] == <br />
The best way to learn exploitation is with a solid basis in [[programming]]. The best place to start is usually with exploiting a [[programming language]] that you are familiar with. If you are familiar with [[interpreted languages]], [[web exploitation]] is the best place to begin; whereas if you are familiar with [[compiled languages]], binary exploitation is the best step for a beginner. It is also best to start with an environment already familiar to you. <br />
<br />
=== [[Web exploitation]] ===<br />
Most beginners find [[web exploitation]] to be the easiest topic to start with. This requires a strong understanding of the [[HTTP|world wide web]]. [[Web application]]s are [[programming|programmed]] using a series of [[interpreted languages]]. This nearly always involves some form of [[HTML]] and [[CSS]], originally developed to be a document and that document's stylesheet. Dynamic content is usually powered by a [[database]], and usually involves [[SQL]] code. The [[programming language]]s used to render dynamic content are [[interpreted languages|interpreted]] on the web [[server]], while languages such as [[HTML]], [[CSS]], and [[JavaScript]] are interpreted and rendered by the client. <br />
<br />
[[Web exploitation]] can be used to [[Command Injection|execute remote commands]], [[steal cookies]], [[SQL injection|extract database information]], bypass [[authentication credentials|authentication]], plant [[database]]-powered [[privilege escalation]] [[SQL backdoors|backdoors]] and more. Simply because [[exploitation]] of [[interpreted languages]] is easier than [[exploitation]] of [[compiled languages]] does not make it any less effective. This, in conjunction with the recent popularity of [[web application]]s makes it the best place to begin. We've also developed a series of [[web exploitation tools]] to assist beginners in remedial tasks.<br />
<br />
=== Binary exploitation ===<br />
Exploitation of [[compiled languages]] used to be much easier than it is today. Due to [[countermeasures]] like [[DEP]], [[ASLR]], and [[IPS]] applications/devices, [[binary]] [[exploitation]] is becoming more and more difficult. To perform a [[filter bypass]] on a modern [[Operating System]], the [[shellcode]] or [[machine code]] used during a [[buffer overflow]] exploit must be crafted to bypass all of the restrictions in place. Beginners usually start learning to write [[shellcode]] with a fundamental knowledge of [[assembly]]. Once an understanding of [[assembly]] for the respective [[operating system]] is obtained, [[null-free shellcode]] is usually the first type of shellcode written by a beginner. It is even possible to write printable and [[polymorphic]] [[alphanumeric shellcode]] and [[ascii shellcode]] for [[IDS evasion]]. The [[Bleeding Life]] project contains [[shellcode]] which utilizes [[return oriented programming]] in order to bypass [[ASLR]] and [[DEP]] [[countermeasures]] for [[vulnerability|vulnerable]] [[applications|software]] running on the windows 7 [[operating system]].<br />
<br />
=== Network exploitation ===<br />
Network exploitation requires a solid understanding of [[network]] [[administration]] and [[network]] [[protocols]].<br />
<br />
== Maintaining access ==<br />
There are several ways to maintain access, and I will attempt to cover a few of the basics here. The first such would be using innocent looking process names (init , [kthreadd], httpd, sshd, etcetera). This is to mislead administrators to hopefully overlook the process. <br />
<br />
Another such would be a lkm rootkit, on older kernels these can be an ideal way to maintain a backdoor in to the system. An important thing to remember is that anti-rootkit technologies for Linux based systems such as chkrootkit and rkhunter are merely shellscripts. These can be easily modified to even remove checks for whatever public rootkit that you may choose as well as removing the checksum checks on its own script. If it is a newer kernel you may wish to check in to something like [[Jynx Rootkit]] as this will compile on most servers.</div>MaxSchillerhttps://nets.ec/index.php?title=User:Hatter/getting_started&diff=9356User:Hatter/getting started2012-10-04T02:40:59Z<p>MaxSchiller: /* Exploitation */ Title now links to category of exploitation instead, should be more useful to users to get a long list of exploit articles as well as a brief description</p>
<hr />
<div>So you're new to offensive security, and one day you want to call yourself a hacker. Understanding the building blocks of a system is the first step towards learning to control it. A solid basis in [[administration]] is needed in order to know how to use a machine. A solid basis in [[programming]] will help you understand what [[information gathering]] leads to successful [[exploitation]] and [[maintaining access]]. While [[countermeasures]] do get in the way, most can be [[IDS evasion|evaded]] or [[filter bypass|bypassed]] with an intermediate knowledge of [[programming]].<br />
<br />
<br />
== [[Administration]] ==<br />
Administration can be broken into a few categories, but for the purposes of this library, administration is divided into system administration, and network administration. <br />
<br />
Mastery of an [[Operating System]] is essential. Most [[server]]s on the internet are powered by [[Linux]]. While difficult, a head-first approach to learning [[Linux]] can be obtained with [[Gentoo Installation]]. We crawl before we learn to walk. Mastery of the basics of file manipulation, diagnostic tools and the like in the Linux environment will make you much more efficient when using Linux to do anything - be it rooting a box or web exploitation - so it is advised that you check out the [[Bash book]], which will familiarize you with the commands that are essential to efficiently using a Linux system.<br />
<br />
Protecting yourself on the Internet is essential, although you have already taken the first step by using a Linux box - especially if you chose to use Gentoo. In order to protect yourself from malicious packets, see the article on [[Iptables]] for filtering incoming packets and dropping those that are potentially malicious in nature. It is also a good idea to check the [[Anonymity]] article for tips on how to keep your identity secret on the Internet - depending on just what you intend to do, these measures can be as simple or as complex as you desire.<br />
<br />
== [[Programming|Code]] == <br />
<br />
[[Programming]] is the next essential skill. While it is possible to perform exploitation on an [[application]] without any knowledge of the language it is written in, understanding of the language allows for a deeper understanding of the way the application you are exploiting handles input and processes data - if you understand what makes it work, you will understand what makes it stop working in the way you want it to. If you want to go "head-first", start with a lower level language like [[assembly]] and move on to [[compiled languages]], finishing with [[interpreted languages]]. If you prefer the easier, or "feet-first" approach, [[interpreted languages]] are the best place to start, then work towards [[assembly]] - perhaps learning one of the [[compiled languages]] in between. <br />
<br />
[[Assembly]] and [[machine code]] are the building blocks of all other [[programming language]]s. Machine code is what most people think of when they refer to "[[binary]] code" (though it is more often represented as hexadecimal opcodes), while assembly is a system of mnemonic words to make machine code easier to work with - for example, "\xcd\x80" comes "int $0x80". <br />
<br />
These languages are the predecessors to the [[C]] language, a mid-level [[compiled language]] which became the cornerstone for nearly all of the modern [[interpreted languages]], including [[PHP]], [[Perl]], [[Python]], and [[Ruby]]. The [[Linux]] operating system is written in [[C]] and [[C++]]. It is advisable to become familiar with C and at least learn enough assembly to understand how your C code is compiling. Learning interpreted languages such as PHP and Perl can also be useful for their flexibility and power.<br />
<br />
When starting out with [[programming]], it is important to avoid the kinds of mistakes that lead to [[vulnerability|vulnerabilities]] in your code - such as [[unsafe string replacement]] and other [[Design Flaws|design flaws]]. Not only does learning about these vulnerabilities prevent your own code from being [[exploitation|exploited]], but the better you understand the potential pitfalls of a language, the better you can exploit those same pitfalls.<br />
<br />
The biggest priority to the aspiring hacker and beginning programmer is to just start programming. Practice makes perfect and the sooner you start, the faster you will become a competent coder. Thankfully, it is an amazing time for people new to programming as there are now many resources for learning how to code. A good place to check out is [http://www.codecademy.com Codecademy] due to the fact that it is very beginner friendly and will get you on the road to learning essential tools in your hacking career like [[JavaScript]] and [[Python]].<br />
<br />
=== [[Programming|Programming Style]] ===<br />
<br />
A critical strategy to keep in mind is the practice of keeping your code organized and to follow the standards put forth by coders who came before you. This is known as [[programming]] style and can spell the difference between a good hacker and an amazing hacker. <br />
<br />
The vast majority of [[programming language]]s offer the ability to comment your code by using special syntax. It is important that you use comments to document your code, it's useful to think "If I returned to this code in 20 years to improve it, would I be able to tell what it was doing?". <br />
<br />
Variables are something that you will deal with constantly in your programming activities, these are names given to some piece of data and like the name implies can vary during the life of your program. Good programming style incorporates useful variable names. In other words, if you had a program that took input from a user then changed the first letter of their name it would be bad style to name that variable "apple" as opposed to "userInput". Something to strive for is code that is self-documenting, the organization and variable naming being so good that it requires few comments to explain it's execution. <br />
<br />
A major benefit of keeping good programming style is that the clear organization of your program will aid in spotting errors at a much faster rate than someone who was careless in crafting their program (resulting in the dreaded "spaghetti code"). Not only does it help in [[debugging]] but, it will also make it easier to update your code to patch any [[exploitation|exploits]]/[[vulnerability|vulnerabilities]]. There exist many other minute programming styles which are specific to the language you are learning (in [https://www.java.com/en/download/faq/whatis_java.xml Java] it is customary to use camelCase to name variables while in [[Python]] you will see variables written as name_of_var) so it is best to talk with the community in order to discover best practices.<br />
<br />
== [[:Category:Information_Gathering|Information Gathering]] ==<br />
=== [[Social Engineering]] ===<br />
[[Social Engineering]] is a method of extracting information from targets by means of social/psychological manipulation for the purpose of gaining unauthorized access to desired targets later on. Techniques often rely on the follies of human nature such as our tendency to easily trust others and help our fellow man. <br />
<br />
An example scenario would be if an individual wanted to gain access to a targeted financial firm, utilizing [[social engineering]] the individual may wear a cast and crutches to approach the door just as an employee were walking out. It is reasonable to assume that if any of us were in this position we would kindly hold the door open for this person. The financial firm has just been compromised and is now vulnerable to any number of attacks. The door may have been secured with a sophisticated access card lock but it is useless against this kind of social engineering technique. The weakest link in any security set up are the users, this is a fact that [[social engineering]] [[Exploit|exploits]].<br />
<br />
== [[:Category:Exploitation|Exploitation]] == <br />
The best way to learn exploitation is with a solid basis in [[programming]]. The best place to start is usually with exploiting a [[programming language]] that you are familiar with. If you are familiar with [[interpreted languages]], [[web exploitation]] is the best place to begin; whereas if you are familiar with [[compiled languages]], binary exploitation is the best step for a beginner. It is also best to start with an environment already familiar to you. <br />
<br />
=== [[Web exploitation]] ===<br />
Most beginners find [[web exploitation]] to be the easiest topic to start with. This requires a strong understanding of the [[HTTP|world wide web]]. [[Web application]]s are [[programming|programmed]] using a series of [[interpreted languages]]. This nearly always involves some form of [[HTML]] and [[CSS]], originally developed to be a document and that document's stylesheet. Dynamic content is usually powered by a [[database]], and usually involves [[SQL]] code. The [[programming language]]s used to render dynamic content are [[interpreted languages|interpreted]] on the web [[server]], while languages such as [[HTML]], [[CSS]], and [[JavaScript]] are interpreted and rendered by the client. <br />
<br />
[[Web exploitation]] can be used to [[Command Injection|execute remote commands]], [[steal cookies]], [[SQL injection|extract database information]], bypass [[authentication credentials|authentication]], plant [[database]]-powered [[privilege escalation]] [[SQL backdoors|backdoors]] and more. Simply because [[exploitation]] of [[interpreted languages]] is easier than [[exploitation]] of [[compiled languages]] does not make it any less effective. This, in conjunction with the recent popularity of [[web application]]s makes it the best place to begin. We've also developed a series of [[web exploitation tools]] to assist beginners in remedial tasks.<br />
<br />
=== Binary exploitation ===<br />
Exploitation of [[compiled languages]] used to be much easier than it is today. Due to [[countermeasures]] like [[DEP]], [[ASLR]], and [[IPS]] applications/devices, [[binary]] [[exploitation]] is becoming more and more difficult. To perform a [[filter bypass]] on a modern [[Operating System]], the [[shellcode]] or [[machine code]] used during a [[buffer overflow]] exploit must be crafted to bypass all of the restrictions in place. Beginners usually start learning to write [[shellcode]] with a fundamental knowledge of [[assembly]]. Once an understanding of [[assembly]] for the respective [[operating system]] is obtained, [[null-free shellcode]] is usually the first type of shellcode written by a beginner. It is even possible to write printable and [[polymorphic]] [[alphanumeric shellcode]] and [[ascii shellcode]] for [[IDS evasion]]. The [[Bleeding Life]] project contains [[shellcode]] which utilizes [[return oriented programming]] in order to bypass [[ASLR]] and [[DEP]] [[countermeasures]] for [[vulnerability|vulnerable]] [[applications|software]] running on the windows 7 [[operating system]].<br />
<br />
=== Network exploitation ===<br />
Network exploitation requires a solid understanding of [[network]] [[administration]] and [[network]] [[protocols]].<br />
<br />
== Maintaining access ==<br />
There are several ways to maintain access, and I will attempt to cover a few of the basics here. The first such would be using innocent looking process names (init , [kthreadd], httpd, sshd, etcetera). This is to mislead administrators to hopefully overlook the process. <br />
<br />
Another such would be a lkm rootkit, on older kernels these can be an ideal way to maintain a backdoor in to the system. An important thing to remember is that anti-rootkit technologies for Linux based systems such as chkrootkit and rkhunter are merely shellscripts. These can be easily modified to even remove checks for whatever public rootkit that you may choose as well as removing the checksum checks on its own script. If it is a newer kernel you may wish to check in to something like [[Jynx Rootkit]] as this will compile on most servers.</div>MaxSchillerhttps://nets.ec/index.php?title=User:Hatter/getting_started&diff=9355User:Hatter/getting started2012-10-04T02:36:27Z<p>MaxSchiller: /* Information Gathering */ Added category link for info gathering</p>
<hr />
<div>So you're new to offensive security, and one day you want to call yourself a hacker. Understanding the building blocks of a system is the first step towards learning to control it. A solid basis in [[administration]] is needed in order to know how to use a machine. A solid basis in [[programming]] will help you understand what [[information gathering]] leads to successful [[exploitation]] and [[maintaining access]]. While [[countermeasures]] do get in the way, most can be [[IDS evasion|evaded]] or [[filter bypass|bypassed]] with an intermediate knowledge of [[programming]].<br />
<br />
<br />
== [[Administration]] ==<br />
Administration can be broken into a few categories, but for the purposes of this library, administration is divided into system administration, and network administration. <br />
<br />
Mastery of an [[Operating System]] is essential. Most [[server]]s on the internet are powered by [[Linux]]. While difficult, a head-first approach to learning [[Linux]] can be obtained with [[Gentoo Installation]]. We crawl before we learn to walk. Mastery of the basics of file manipulation, diagnostic tools and the like in the Linux environment will make you much more efficient when using Linux to do anything - be it rooting a box or web exploitation - so it is advised that you check out the [[Bash book]], which will familiarize you with the commands that are essential to efficiently using a Linux system.<br />
<br />
Protecting yourself on the Internet is essential, although you have already taken the first step by using a Linux box - especially if you chose to use Gentoo. In order to protect yourself from malicious packets, see the article on [[Iptables]] for filtering incoming packets and dropping those that are potentially malicious in nature. It is also a good idea to check the [[Anonymity]] article for tips on how to keep your identity secret on the Internet - depending on just what you intend to do, these measures can be as simple or as complex as you desire.<br />
<br />
== [[Programming|Code]] == <br />
<br />
[[Programming]] is the next essential skill. While it is possible to perform exploitation on an [[application]] without any knowledge of the language it is written in, understanding of the language allows for a deeper understanding of the way the application you are exploiting handles input and processes data - if you understand what makes it work, you will understand what makes it stop working in the way you want it to. If you want to go "head-first", start with a lower level language like [[assembly]] and move on to [[compiled languages]], finishing with [[interpreted languages]]. If you prefer the easier, or "feet-first" approach, [[interpreted languages]] are the best place to start, then work towards [[assembly]] - perhaps learning one of the [[compiled languages]] in between. <br />
<br />
[[Assembly]] and [[machine code]] are the building blocks of all other [[programming language]]s. Machine code is what most people think of when they refer to "[[binary]] code" (though it is more often represented as hexadecimal opcodes), while assembly is a system of mnemonic words to make machine code easier to work with - for example, "\xcd\x80" comes "int $0x80". <br />
<br />
These languages are the predecessors to the [[C]] language, a mid-level [[compiled language]] which became the cornerstone for nearly all of the modern [[interpreted languages]], including [[PHP]], [[Perl]], [[Python]], and [[Ruby]]. The [[Linux]] operating system is written in [[C]] and [[C++]]. It is advisable to become familiar with C and at least learn enough assembly to understand how your C code is compiling. Learning interpreted languages such as PHP and Perl can also be useful for their flexibility and power.<br />
<br />
When starting out with [[programming]], it is important to avoid the kinds of mistakes that lead to [[vulnerability|vulnerabilities]] in your code - such as [[unsafe string replacement]] and other [[Design Flaws|design flaws]]. Not only does learning about these vulnerabilities prevent your own code from being [[exploitation|exploited]], but the better you understand the potential pitfalls of a language, the better you can exploit those same pitfalls.<br />
<br />
The biggest priority to the aspiring hacker and beginning programmer is to just start programming. Practice makes perfect and the sooner you start, the faster you will become a competent coder. Thankfully, it is an amazing time for people new to programming as there are now many resources for learning how to code. A good place to check out is [http://www.codecademy.com Codecademy] due to the fact that it is very beginner friendly and will get you on the road to learning essential tools in your hacking career like [[JavaScript]] and [[Python]].<br />
<br />
=== [[Programming|Programming Style]] ===<br />
<br />
A critical strategy to keep in mind is the practice of keeping your code organized and to follow the standards put forth by coders who came before you. This is known as [[programming]] style and can spell the difference between a good hacker and an amazing hacker. <br />
<br />
The vast majority of [[programming language]]s offer the ability to comment your code by using special syntax. It is important that you use comments to document your code, it's useful to think "If I returned to this code in 20 years to improve it, would I be able to tell what it was doing?". <br />
<br />
Variables are something that you will deal with constantly in your programming activities, these are names given to some piece of data and like the name implies can vary during the life of your program. Good programming style incorporates useful variable names. In other words, if you had a program that took input from a user then changed the first letter of their name it would be bad style to name that variable "apple" as opposed to "userInput". Something to strive for is code that is self-documenting, the organization and variable naming being so good that it requires few comments to explain it's execution. <br />
<br />
A major benefit of keeping good programming style is that the clear organization of your program will aid in spotting errors at a much faster rate than someone who was careless in crafting their program (resulting in the dreaded "spaghetti code"). Not only does it help in [[debugging]] but, it will also make it easier to update your code to patch any [[exploitation|exploits]]/[[vulnerability|vulnerabilities]]. There exist many other minute programming styles which are specific to the language you are learning (in [https://www.java.com/en/download/faq/whatis_java.xml Java] it is customary to use camelCase to name variables while in [[Python]] you will see variables written as name_of_var) so it is best to talk with the community in order to discover best practices.<br />
<br />
== [[:Category:Information_Gathering|Information Gathering]] ==<br />
=== [[Social Engineering]] ===<br />
[[Social Engineering]] is a method of extracting information from targets by means of social/psychological manipulation for the purpose of gaining unauthorized access to desired targets later on. Techniques often rely on the follies of human nature such as our tendency to easily trust others and help our fellow man. <br />
<br />
An example scenario would be if an individual wanted to gain access to a targeted financial firm, utilizing [[social engineering]] the individual may wear a cast and crutches to approach the door just as an employee were walking out. It is reasonable to assume that if any of us were in this position we would kindly hold the door open for this person. The financial firm has just been compromised and is now vulnerable to any number of attacks. The door may have been secured with a sophisticated access card lock but it is useless against this kind of social engineering technique. The weakest link in any security set up are the users, this is a fact that [[social engineering]] [[Exploit|exploits]].<br />
<br />
== [[Exploitation]] == <br />
The best way to learn exploitation is with a solid basis in [[programming]]. The best place to start is usually with exploiting a [[programming language]] that you are familiar with. If you are familiar with [[interpreted languages]], [[web exploitation]] is the best place to begin; whereas if you are familiar with [[compiled languages]], binary exploitation is the best step for a beginner. It is also best to start with an environment already familiar to you. <br />
<br />
=== [[Web exploitation]] ===<br />
Most beginners find [[web exploitation]] to be the easiest topic to start with. This requires a strong understanding of the [[HTTP|world wide web]]. [[Web application]]s are [[programming|programmed]] using a series of [[interpreted languages]]. This nearly always involves some form of [[HTML]] and [[CSS]], originally developed to be a document and that document's stylesheet. Dynamic content is usually powered by a [[database]], and usually involves [[SQL]] code. The [[programming language]]s used to render dynamic content are [[interpreted languages|interpreted]] on the web [[server]], while languages such as [[HTML]], [[CSS]], and [[JavaScript]] are interpreted and rendered by the client. <br />
<br />
[[Web exploitation]] can be used to [[Command Injection|execute remote commands]], [[steal cookies]], [[SQL injection|extract database information]], bypass [[authentication credentials|authentication]], plant [[database]]-powered [[privilege escalation]] [[SQL backdoors|backdoors]] and more. Simply because [[exploitation]] of [[interpreted languages]] is easier than [[exploitation]] of [[compiled languages]] does not make it any less effective. This, in conjunction with the recent popularity of [[web application]]s makes it the best place to begin. We've also developed a series of [[web exploitation tools]] to assist beginners in remedial tasks.<br />
<br />
=== Binary exploitation ===<br />
Exploitation of [[compiled languages]] used to be much easier than it is today. Due to [[countermeasures]] like [[DEP]], [[ASLR]], and [[IPS]] applications/devices, [[binary]] [[exploitation]] is becoming more and more difficult. To perform a [[filter bypass]] on a modern [[Operating System]], the [[shellcode]] or [[machine code]] used during a [[buffer overflow]] exploit must be crafted to bypass all of the restrictions in place. Beginners usually start learning to write [[shellcode]] with a fundamental knowledge of [[assembly]]. Once an understanding of [[assembly]] for the respective [[operating system]] is obtained, [[null-free shellcode]] is usually the first type of shellcode written by a beginner. It is even possible to write printable and [[polymorphic]] [[alphanumeric shellcode]] and [[ascii shellcode]] for [[IDS evasion]]. The [[Bleeding Life]] project contains [[shellcode]] which utilizes [[return oriented programming]] in order to bypass [[ASLR]] and [[DEP]] [[countermeasures]] for [[vulnerability|vulnerable]] [[applications|software]] running on the windows 7 [[operating system]].<br />
<br />
=== Network exploitation ===<br />
Network exploitation requires a solid understanding of [[network]] [[administration]] and [[network]] [[protocols]].<br />
<br />
== Maintaining access ==<br />
There are several ways to maintain access, and I will attempt to cover a few of the basics here. The first such would be using innocent looking process names (init , [kthreadd], httpd, sshd, etcetera). This is to mislead administrators to hopefully overlook the process. <br />
<br />
Another such would be a lkm rootkit, on older kernels these can be an ideal way to maintain a backdoor in to the system. An important thing to remember is that anti-rootkit technologies for Linux based systems such as chkrootkit and rkhunter are merely shellscripts. These can be easily modified to even remove checks for whatever public rootkit that you may choose as well as removing the checksum checks on its own script. If it is a newer kernel you may wish to check in to something like [[Jynx Rootkit]] as this will compile on most servers.</div>MaxSchillerhttps://nets.ec/index.php?title=User:Hatter/getting_started&diff=9354User:Hatter/getting started2012-10-04T02:31:13Z<p>MaxSchiller: /* Information Gathering */</p>
<hr />
<div>So you're new to offensive security, and one day you want to call yourself a hacker. Understanding the building blocks of a system is the first step towards learning to control it. A solid basis in [[administration]] is needed in order to know how to use a machine. A solid basis in [[programming]] will help you understand what [[information gathering]] leads to successful [[exploitation]] and [[maintaining access]]. While [[countermeasures]] do get in the way, most can be [[IDS evasion|evaded]] or [[filter bypass|bypassed]] with an intermediate knowledge of [[programming]].<br />
<br />
<br />
== [[Administration]] ==<br />
Administration can be broken into a few categories, but for the purposes of this library, administration is divided into system administration, and network administration. <br />
<br />
Mastery of an [[Operating System]] is essential. Most [[server]]s on the internet are powered by [[Linux]]. While difficult, a head-first approach to learning [[Linux]] can be obtained with [[Gentoo Installation]]. We crawl before we learn to walk. Mastery of the basics of file manipulation, diagnostic tools and the like in the Linux environment will make you much more efficient when using Linux to do anything - be it rooting a box or web exploitation - so it is advised that you check out the [[Bash book]], which will familiarize you with the commands that are essential to efficiently using a Linux system.<br />
<br />
Protecting yourself on the Internet is essential, although you have already taken the first step by using a Linux box - especially if you chose to use Gentoo. In order to protect yourself from malicious packets, see the article on [[Iptables]] for filtering incoming packets and dropping those that are potentially malicious in nature. It is also a good idea to check the [[Anonymity]] article for tips on how to keep your identity secret on the Internet - depending on just what you intend to do, these measures can be as simple or as complex as you desire.<br />
<br />
== [[Programming|Code]] == <br />
<br />
[[Programming]] is the next essential skill. While it is possible to perform exploitation on an [[application]] without any knowledge of the language it is written in, understanding of the language allows for a deeper understanding of the way the application you are exploiting handles input and processes data - if you understand what makes it work, you will understand what makes it stop working in the way you want it to. If you want to go "head-first", start with a lower level language like [[assembly]] and move on to [[compiled languages]], finishing with [[interpreted languages]]. If you prefer the easier, or "feet-first" approach, [[interpreted languages]] are the best place to start, then work towards [[assembly]] - perhaps learning one of the [[compiled languages]] in between. <br />
<br />
[[Assembly]] and [[machine code]] are the building blocks of all other [[programming language]]s. Machine code is what most people think of when they refer to "[[binary]] code" (though it is more often represented as hexadecimal opcodes), while assembly is a system of mnemonic words to make machine code easier to work with - for example, "\xcd\x80" comes "int $0x80". <br />
<br />
These languages are the predecessors to the [[C]] language, a mid-level [[compiled language]] which became the cornerstone for nearly all of the modern [[interpreted languages]], including [[PHP]], [[Perl]], [[Python]], and [[Ruby]]. The [[Linux]] operating system is written in [[C]] and [[C++]]. It is advisable to become familiar with C and at least learn enough assembly to understand how your C code is compiling. Learning interpreted languages such as PHP and Perl can also be useful for their flexibility and power.<br />
<br />
When starting out with [[programming]], it is important to avoid the kinds of mistakes that lead to [[vulnerability|vulnerabilities]] in your code - such as [[unsafe string replacement]] and other [[Design Flaws|design flaws]]. Not only does learning about these vulnerabilities prevent your own code from being [[exploitation|exploited]], but the better you understand the potential pitfalls of a language, the better you can exploit those same pitfalls.<br />
<br />
The biggest priority to the aspiring hacker and beginning programmer is to just start programming. Practice makes perfect and the sooner you start, the faster you will become a competent coder. Thankfully, it is an amazing time for people new to programming as there are now many resources for learning how to code. A good place to check out is [http://www.codecademy.com Codecademy] due to the fact that it is very beginner friendly and will get you on the road to learning essential tools in your hacking career like [[JavaScript]] and [[Python]].<br />
<br />
=== [[Programming|Programming Style]] ===<br />
<br />
A critical strategy to keep in mind is the practice of keeping your code organized and to follow the standards put forth by coders who came before you. This is known as [[programming]] style and can spell the difference between a good hacker and an amazing hacker. <br />
<br />
The vast majority of [[programming language]]s offer the ability to comment your code by using special syntax. It is important that you use comments to document your code, it's useful to think "If I returned to this code in 20 years to improve it, would I be able to tell what it was doing?". <br />
<br />
Variables are something that you will deal with constantly in your programming activities, these are names given to some piece of data and like the name implies can vary during the life of your program. Good programming style incorporates useful variable names. In other words, if you had a program that took input from a user then changed the first letter of their name it would be bad style to name that variable "apple" as opposed to "userInput". Something to strive for is code that is self-documenting, the organization and variable naming being so good that it requires few comments to explain it's execution. <br />
<br />
A major benefit of keeping good programming style is that the clear organization of your program will aid in spotting errors at a much faster rate than someone who was careless in crafting their program (resulting in the dreaded "spaghetti code"). Not only does it help in [[debugging]] but, it will also make it easier to update your code to patch any [[exploitation|exploits]]/[[vulnerability|vulnerabilities]]. There exist many other minute programming styles which are specific to the language you are learning (in [https://www.java.com/en/download/faq/whatis_java.xml Java] it is customary to use camelCase to name variables while in [[Python]] you will see variables written as name_of_var) so it is best to talk with the community in order to discover best practices.<br />
<br />
== [[Information Gathering]] ==<br />
=== [[Social Engineering]] ===<br />
[[Social Engineering]] is a method of extracting information from targets by means of social/psychological manipulation for the purpose of gaining unauthorized access to desired targets later on. Techniques often rely on the follies of human nature such as our tendency to easily trust others and help our fellow man. <br />
<br />
An example scenario would be if an individual wanted to gain access to a targeted financial firm, utilizing [[social engineering]] the individual may wear a cast and crutches to approach the door just as an employee were walking out. It is reasonable to assume that if any of us were in this position we would kindly hold the door open for this person. The financial firm has just been compromised and is now vulnerable to any number of attacks. The door may have been secured with a sophisticated access card lock but it is useless against this kind of social engineering technique. The weakest link in any security set up are the users, this is a fact that [[social engineering]] [[Exploit|exploits]].<br />
<br />
== [[Exploitation]] == <br />
The best way to learn exploitation is with a solid basis in [[programming]]. The best place to start is usually with exploiting a [[programming language]] that you are familiar with. If you are familiar with [[interpreted languages]], [[web exploitation]] is the best place to begin; whereas if you are familiar with [[compiled languages]], binary exploitation is the best step for a beginner. It is also best to start with an environment already familiar to you. <br />
<br />
=== [[Web exploitation]] ===<br />
Most beginners find [[web exploitation]] to be the easiest topic to start with. This requires a strong understanding of the [[HTTP|world wide web]]. [[Web application]]s are [[programming|programmed]] using a series of [[interpreted languages]]. This nearly always involves some form of [[HTML]] and [[CSS]], originally developed to be a document and that document's stylesheet. Dynamic content is usually powered by a [[database]], and usually involves [[SQL]] code. The [[programming language]]s used to render dynamic content are [[interpreted languages|interpreted]] on the web [[server]], while languages such as [[HTML]], [[CSS]], and [[JavaScript]] are interpreted and rendered by the client. <br />
<br />
[[Web exploitation]] can be used to [[Command Injection|execute remote commands]], [[steal cookies]], [[SQL injection|extract database information]], bypass [[authentication credentials|authentication]], plant [[database]]-powered [[privilege escalation]] [[SQL backdoors|backdoors]] and more. Simply because [[exploitation]] of [[interpreted languages]] is easier than [[exploitation]] of [[compiled languages]] does not make it any less effective. This, in conjunction with the recent popularity of [[web application]]s makes it the best place to begin. We've also developed a series of [[web exploitation tools]] to assist beginners in remedial tasks.<br />
<br />
=== Binary exploitation ===<br />
Exploitation of [[compiled languages]] used to be much easier than it is today. Due to [[countermeasures]] like [[DEP]], [[ASLR]], and [[IPS]] applications/devices, [[binary]] [[exploitation]] is becoming more and more difficult. To perform a [[filter bypass]] on a modern [[Operating System]], the [[shellcode]] or [[machine code]] used during a [[buffer overflow]] exploit must be crafted to bypass all of the restrictions in place. Beginners usually start learning to write [[shellcode]] with a fundamental knowledge of [[assembly]]. Once an understanding of [[assembly]] for the respective [[operating system]] is obtained, [[null-free shellcode]] is usually the first type of shellcode written by a beginner. It is even possible to write printable and [[polymorphic]] [[alphanumeric shellcode]] and [[ascii shellcode]] for [[IDS evasion]]. The [[Bleeding Life]] project contains [[shellcode]] which utilizes [[return oriented programming]] in order to bypass [[ASLR]] and [[DEP]] [[countermeasures]] for [[vulnerability|vulnerable]] [[applications|software]] running on the windows 7 [[operating system]].<br />
<br />
=== Network exploitation ===<br />
Network exploitation requires a solid understanding of [[network]] [[administration]] and [[network]] [[protocols]].<br />
<br />
== Maintaining access ==<br />
There are several ways to maintain access, and I will attempt to cover a few of the basics here. The first such would be using innocent looking process names (init , [kthreadd], httpd, sshd, etcetera). This is to mislead administrators to hopefully overlook the process. <br />
<br />
Another such would be a lkm rootkit, on older kernels these can be an ideal way to maintain a backdoor in to the system. An important thing to remember is that anti-rootkit technologies for Linux based systems such as chkrootkit and rkhunter are merely shellscripts. These can be easily modified to even remove checks for whatever public rootkit that you may choose as well as removing the checksum checks on its own script. If it is a newer kernel you may wish to check in to something like [[Jynx Rootkit]] as this will compile on most servers.</div>MaxSchillerhttps://nets.ec/index.php?title=User:Hatter/getting_started&diff=9353User:Hatter/getting started2012-10-04T02:30:24Z<p>MaxSchiller: /* Code */</p>
<hr />
<div>So you're new to offensive security, and one day you want to call yourself a hacker. Understanding the building blocks of a system is the first step towards learning to control it. A solid basis in [[administration]] is needed in order to know how to use a machine. A solid basis in [[programming]] will help you understand what [[information gathering]] leads to successful [[exploitation]] and [[maintaining access]]. While [[countermeasures]] do get in the way, most can be [[IDS evasion|evaded]] or [[filter bypass|bypassed]] with an intermediate knowledge of [[programming]].<br />
<br />
<br />
== [[Administration]] ==<br />
Administration can be broken into a few categories, but for the purposes of this library, administration is divided into system administration, and network administration. <br />
<br />
Mastery of an [[Operating System]] is essential. Most [[server]]s on the internet are powered by [[Linux]]. While difficult, a head-first approach to learning [[Linux]] can be obtained with [[Gentoo Installation]]. We crawl before we learn to walk. Mastery of the basics of file manipulation, diagnostic tools and the like in the Linux environment will make you much more efficient when using Linux to do anything - be it rooting a box or web exploitation - so it is advised that you check out the [[Bash book]], which will familiarize you with the commands that are essential to efficiently using a Linux system.<br />
<br />
Protecting yourself on the Internet is essential, although you have already taken the first step by using a Linux box - especially if you chose to use Gentoo. In order to protect yourself from malicious packets, see the article on [[Iptables]] for filtering incoming packets and dropping those that are potentially malicious in nature. It is also a good idea to check the [[Anonymity]] article for tips on how to keep your identity secret on the Internet - depending on just what you intend to do, these measures can be as simple or as complex as you desire.<br />
<br />
== [[Programming|Code]] == <br />
<br />
[[Programming]] is the next essential skill. While it is possible to perform exploitation on an [[application]] without any knowledge of the language it is written in, understanding of the language allows for a deeper understanding of the way the application you are exploiting handles input and processes data - if you understand what makes it work, you will understand what makes it stop working in the way you want it to. If you want to go "head-first", start with a lower level language like [[assembly]] and move on to [[compiled languages]], finishing with [[interpreted languages]]. If you prefer the easier, or "feet-first" approach, [[interpreted languages]] are the best place to start, then work towards [[assembly]] - perhaps learning one of the [[compiled languages]] in between. <br />
<br />
[[Assembly]] and [[machine code]] are the building blocks of all other [[programming language]]s. Machine code is what most people think of when they refer to "[[binary]] code" (though it is more often represented as hexadecimal opcodes), while assembly is a system of mnemonic words to make machine code easier to work with - for example, "\xcd\x80" comes "int $0x80". <br />
<br />
These languages are the predecessors to the [[C]] language, a mid-level [[compiled language]] which became the cornerstone for nearly all of the modern [[interpreted languages]], including [[PHP]], [[Perl]], [[Python]], and [[Ruby]]. The [[Linux]] operating system is written in [[C]] and [[C++]]. It is advisable to become familiar with C and at least learn enough assembly to understand how your C code is compiling. Learning interpreted languages such as PHP and Perl can also be useful for their flexibility and power.<br />
<br />
When starting out with [[programming]], it is important to avoid the kinds of mistakes that lead to [[vulnerability|vulnerabilities]] in your code - such as [[unsafe string replacement]] and other [[Design Flaws|design flaws]]. Not only does learning about these vulnerabilities prevent your own code from being [[exploitation|exploited]], but the better you understand the potential pitfalls of a language, the better you can exploit those same pitfalls.<br />
<br />
The biggest priority to the aspiring hacker and beginning programmer is to just start programming. Practice makes perfect and the sooner you start, the faster you will become a competent coder. Thankfully, it is an amazing time for people new to programming as there are now many resources for learning how to code. A good place to check out is [http://www.codecademy.com Codecademy] due to the fact that it is very beginner friendly and will get you on the road to learning essential tools in your hacking career like [[JavaScript]] and [[Python]].<br />
<br />
=== [[Programming|Programming Style]] ===<br />
<br />
A critical strategy to keep in mind is the practice of keeping your code organized and to follow the standards put forth by coders who came before you. This is known as [[programming]] style and can spell the difference between a good hacker and an amazing hacker. <br />
<br />
The vast majority of [[programming language]]s offer the ability to comment your code by using special syntax. It is important that you use comments to document your code, it's useful to think "If I returned to this code in 20 years to improve it, would I be able to tell what it was doing?". <br />
<br />
Variables are something that you will deal with constantly in your programming activities, these are names given to some piece of data and like the name implies can vary during the life of your program. Good programming style incorporates useful variable names. In other words, if you had a program that took input from a user then changed the first letter of their name it would be bad style to name that variable "apple" as opposed to "userInput". Something to strive for is code that is self-documenting, the organization and variable naming being so good that it requires few comments to explain it's execution. <br />
<br />
A major benefit of keeping good programming style is that the clear organization of your program will aid in spotting errors at a much faster rate than someone who was careless in crafting their program (resulting in the dreaded "spaghetti code"). Not only does it help in [[debugging]] but, it will also make it easier to update your code to patch any [[exploitation|exploits]]/[[vulnerability|vulnerabilities]]. There exist many other minute programming styles which are specific to the language you are learning (in [https://www.java.com/en/download/faq/whatis_java.xml Java] it is customary to use camelCase to name variables while in [[Python]] you will see variables written as name_of_var) so it is best to talk with the community in order to discover best practices.<br />
<br />
== Information Gathering ==<br />
=== [[Social Engineering]] ===<br />
[[Social Engineering]] is a method of extracting information from targets by means of social/psychological manipulation for the purpose of gaining unauthorized access to desired targets later on. Techniques often rely on the follies of human nature such as our tendency to easily trust others and help our fellow man. <br />
<br />
An example scenario would be if an individual wanted to gain access to a targeted financial firm, utilizing [[social engineering]] the individual may wear a cast and crutches to approach the door just as an employee were walking out. It is reasonable to assume that if any of us were in this position we would kindly hold the door open for this person. The financial firm has just been compromised and is now vulnerable to any number of attacks. The door may have been secured with a sophisticated access card lock but it is useless against this kind of social engineering technique. The weakest link in any security set up are the users, this is a fact that [[social engineering]] [[Exploit|exploits]].<br />
<br />
== [[Exploitation]] == <br />
The best way to learn exploitation is with a solid basis in [[programming]]. The best place to start is usually with exploiting a [[programming language]] that you are familiar with. If you are familiar with [[interpreted languages]], [[web exploitation]] is the best place to begin; whereas if you are familiar with [[compiled languages]], binary exploitation is the best step for a beginner. It is also best to start with an environment already familiar to you. <br />
<br />
=== [[Web exploitation]] ===<br />
Most beginners find [[web exploitation]] to be the easiest topic to start with. This requires a strong understanding of the [[HTTP|world wide web]]. [[Web application]]s are [[programming|programmed]] using a series of [[interpreted languages]]. This nearly always involves some form of [[HTML]] and [[CSS]], originally developed to be a document and that document's stylesheet. Dynamic content is usually powered by a [[database]], and usually involves [[SQL]] code. The [[programming language]]s used to render dynamic content are [[interpreted languages|interpreted]] on the web [[server]], while languages such as [[HTML]], [[CSS]], and [[JavaScript]] are interpreted and rendered by the client. <br />
<br />
[[Web exploitation]] can be used to [[Command Injection|execute remote commands]], [[steal cookies]], [[SQL injection|extract database information]], bypass [[authentication credentials|authentication]], plant [[database]]-powered [[privilege escalation]] [[SQL backdoors|backdoors]] and more. Simply because [[exploitation]] of [[interpreted languages]] is easier than [[exploitation]] of [[compiled languages]] does not make it any less effective. This, in conjunction with the recent popularity of [[web application]]s makes it the best place to begin. We've also developed a series of [[web exploitation tools]] to assist beginners in remedial tasks.<br />
<br />
=== Binary exploitation ===<br />
Exploitation of [[compiled languages]] used to be much easier than it is today. Due to [[countermeasures]] like [[DEP]], [[ASLR]], and [[IPS]] applications/devices, [[binary]] [[exploitation]] is becoming more and more difficult. To perform a [[filter bypass]] on a modern [[Operating System]], the [[shellcode]] or [[machine code]] used during a [[buffer overflow]] exploit must be crafted to bypass all of the restrictions in place. Beginners usually start learning to write [[shellcode]] with a fundamental knowledge of [[assembly]]. Once an understanding of [[assembly]] for the respective [[operating system]] is obtained, [[null-free shellcode]] is usually the first type of shellcode written by a beginner. It is even possible to write printable and [[polymorphic]] [[alphanumeric shellcode]] and [[ascii shellcode]] for [[IDS evasion]]. The [[Bleeding Life]] project contains [[shellcode]] which utilizes [[return oriented programming]] in order to bypass [[ASLR]] and [[DEP]] [[countermeasures]] for [[vulnerability|vulnerable]] [[applications|software]] running on the windows 7 [[operating system]].<br />
<br />
=== Network exploitation ===<br />
Network exploitation requires a solid understanding of [[network]] [[administration]] and [[network]] [[protocols]].<br />
<br />
== Maintaining access ==<br />
There are several ways to maintain access, and I will attempt to cover a few of the basics here. The first such would be using innocent looking process names (init , [kthreadd], httpd, sshd, etcetera). This is to mislead administrators to hopefully overlook the process. <br />
<br />
Another such would be a lkm rootkit, on older kernels these can be an ideal way to maintain a backdoor in to the system. An important thing to remember is that anti-rootkit technologies for Linux based systems such as chkrootkit and rkhunter are merely shellscripts. These can be easily modified to even remove checks for whatever public rootkit that you may choose as well as removing the checksum checks on its own script. If it is a newer kernel you may wish to check in to something like [[Jynx Rootkit]] as this will compile on most servers.</div>MaxSchillerhttps://nets.ec/index.php?title=User:Hatter/getting_started&diff=9352User:Hatter/getting started2012-10-04T02:25:00Z<p>MaxSchiller: /* Maintaining access */ Link added to Jynx Rootkit</p>
<hr />
<div>So you're new to offensive security, and one day you want to call yourself a hacker. Understanding the building blocks of a system is the first step towards learning to control it. A solid basis in [[administration]] is needed in order to know how to use a machine. A solid basis in [[programming]] will help you understand what [[information gathering]] leads to successful [[exploitation]] and [[maintaining access]]. While [[countermeasures]] do get in the way, most can be [[IDS evasion|evaded]] or [[filter bypass|bypassed]] with an intermediate knowledge of [[programming]].<br />
<br />
<br />
== [[Administration]] ==<br />
Administration can be broken into a few categories, but for the purposes of this library, administration is divided into system administration, and network administration. <br />
<br />
Mastery of an [[Operating System]] is essential. Most [[server]]s on the internet are powered by [[Linux]]. While difficult, a head-first approach to learning [[Linux]] can be obtained with [[Gentoo Installation]]. We crawl before we learn to walk. Mastery of the basics of file manipulation, diagnostic tools and the like in the Linux environment will make you much more efficient when using Linux to do anything - be it rooting a box or web exploitation - so it is advised that you check out the [[Bash book]], which will familiarize you with the commands that are essential to efficiently using a Linux system.<br />
<br />
Protecting yourself on the Internet is essential, although you have already taken the first step by using a Linux box - especially if you chose to use Gentoo. In order to protect yourself from malicious packets, see the article on [[Iptables]] for filtering incoming packets and dropping those that are potentially malicious in nature. It is also a good idea to check the [[Anonymity]] article for tips on how to keep your identity secret on the Internet - depending on just what you intend to do, these measures can be as simple or as complex as you desire.<br />
<br />
== [[Programming|Code]] == <br />
<br />
[[Programming]] is the next essential skill. While it is possible to perform exploitation on an [[application]] without any knowledge of the language it is written in, understanding of the language allows for a deeper understanding of the way the application you are exploiting handles input and processes data - if you understand what makes it work, you will understand what makes it stop working in the way you want it to. If you want to go "head-first", start with a lower level language like [[assembly]] and move on to [[compiled languages]], finishing with [[interpreted languages]]. If you prefer the easier, or "feet-first" approach, [[interpreted languages]] are the best place to start, then work towards [[assembly]] - perhaps learning one of the [[compiled languages]] in between. <br />
<br />
[[Assembly]] and [[machine code]] are the building blocks of all other [[programming language]]s. Machine code is what most people think of when they refer to "[[binary]] code" (though it is more often represented as hexadecimal opcodes), while assembly is a system of mnemonic words to make machine code easier to work with - for example, "\xcd\x80" comes "int $0x80". <br />
<br />
These languages are the predecessors to the [[C]] language, a mid-level [[compiled language]] which became the cornerstone for nearly all of the modern [[interpreted languages]], including [[PHP]], [[Perl]], [[Python]], and [[Ruby]]. The [[Linux]] operating system is written in [[C]] and [[C++]]. It is advisable to become familiar with C and at least learn enough assembly to understand how your C code is compiling. Learning interpreted languages such as PHP and Perl can also be useful for their flexibility and power.<br />
<br />
When starting out with [[programming]], it is important to avoid the kinds of mistakes that lead to [[vulnerability|vulnerabilities]] in your code - such as [[unsafe string replacement]] and other [[Design Flaws|design flaws]]. Not only does learning about these vulnerabilities prevent your own code from being [[exploitation|exploited]], but the better you understand the potential pitfalls of a language, the better you can exploit those same pitfalls.<br />
<br />
The biggest priority to the aspiring hacker and beginning programmer is to just start programming. Practice makes perfect and the sooner you start, the faster you will become a competent coder. Thankfully, it is an amazing time for people new to programming as there are now many resources for learning how to code. A good place to check out is [http://www.codecademy.com Codecademy] due to the fact that it is very beginner friendly and will get you on the road to learning essential tools in your hacking career like [[JavaScript]] and [[Python]].<br />
<br />
<br />
=== [[Programming|Programming Style]] ===<br />
<br />
A critical strategy to keep in mind is the practice of keeping your code organized and to follow the standards put forth by coders who came before you. This is known as [[programming]] style and can spell the difference between a good hacker and an amazing hacker. <br />
<br />
The vast majority of [[programming language]]s offer the ability to comment your code by using special syntax. It is important that you use comments to document your code, it's useful to think "If I returned to this code in 20 years to improve it, would I be able to tell what it was doing?". <br />
<br />
Variables are something that you will deal with constantly in your programming activities, these are names given to some piece of data and like the name implies can vary during the life of your program. Good programming style incorporates useful variable names. In other words, if you had a program that took input from a user then changed the first letter of their name it would be bad style to name that variable "apple" as opposed to "userInput". Something to strive for is code that is self-documenting, the organization and variable naming being so good that it requires few comments to explain it's execution. <br />
<br />
A major benefit of keeping good programming style is that the clear organization of your program will aid in spotting errors at a much faster rate than someone who was careless in crafting their program (resulting in the dreaded "spaghetti code"). Not only does it help in [[debugging]] but, it will also make it easier to update your code to patch any [[exploitation|exploits]]/[[vulnerability|vulnerabilities]]. There exist many other minute programming styles which are specific to the language you are learning (in [https://www.java.com/en/download/faq/whatis_java.xml Java] it is customary to use camelCase to name variables while in [[Python]] you will see variables written as name_of_var) so it is best to talk with the community in order to discover best practices.<br />
<br />
== Information Gathering ==<br />
=== [[Social Engineering]] ===<br />
[[Social Engineering]] is a method of extracting information from targets by means of social/psychological manipulation for the purpose of gaining unauthorized access to desired targets later on. Techniques often rely on the follies of human nature such as our tendency to easily trust others and help our fellow man. <br />
<br />
An example scenario would be if an individual wanted to gain access to a targeted financial firm, utilizing [[social engineering]] the individual may wear a cast and crutches to approach the door just as an employee were walking out. It is reasonable to assume that if any of us were in this position we would kindly hold the door open for this person. The financial firm has just been compromised and is now vulnerable to any number of attacks. The door may have been secured with a sophisticated access card lock but it is useless against this kind of social engineering technique. The weakest link in any security set up are the users, this is a fact that [[social engineering]] [[Exploit|exploits]].<br />
<br />
== [[Exploitation]] == <br />
The best way to learn exploitation is with a solid basis in [[programming]]. The best place to start is usually with exploiting a [[programming language]] that you are familiar with. If you are familiar with [[interpreted languages]], [[web exploitation]] is the best place to begin; whereas if you are familiar with [[compiled languages]], binary exploitation is the best step for a beginner. It is also best to start with an environment already familiar to you. <br />
<br />
=== [[Web exploitation]] ===<br />
Most beginners find [[web exploitation]] to be the easiest topic to start with. This requires a strong understanding of the [[HTTP|world wide web]]. [[Web application]]s are [[programming|programmed]] using a series of [[interpreted languages]]. This nearly always involves some form of [[HTML]] and [[CSS]], originally developed to be a document and that document's stylesheet. Dynamic content is usually powered by a [[database]], and usually involves [[SQL]] code. The [[programming language]]s used to render dynamic content are [[interpreted languages|interpreted]] on the web [[server]], while languages such as [[HTML]], [[CSS]], and [[JavaScript]] are interpreted and rendered by the client. <br />
<br />
[[Web exploitation]] can be used to [[Command Injection|execute remote commands]], [[steal cookies]], [[SQL injection|extract database information]], bypass [[authentication credentials|authentication]], plant [[database]]-powered [[privilege escalation]] [[SQL backdoors|backdoors]] and more. Simply because [[exploitation]] of [[interpreted languages]] is easier than [[exploitation]] of [[compiled languages]] does not make it any less effective. This, in conjunction with the recent popularity of [[web application]]s makes it the best place to begin. We've also developed a series of [[web exploitation tools]] to assist beginners in remedial tasks.<br />
<br />
=== Binary exploitation ===<br />
Exploitation of [[compiled languages]] used to be much easier than it is today. Due to [[countermeasures]] like [[DEP]], [[ASLR]], and [[IPS]] applications/devices, [[binary]] [[exploitation]] is becoming more and more difficult. To perform a [[filter bypass]] on a modern [[Operating System]], the [[shellcode]] or [[machine code]] used during a [[buffer overflow]] exploit must be crafted to bypass all of the restrictions in place. Beginners usually start learning to write [[shellcode]] with a fundamental knowledge of [[assembly]]. Once an understanding of [[assembly]] for the respective [[operating system]] is obtained, [[null-free shellcode]] is usually the first type of shellcode written by a beginner. It is even possible to write printable and [[polymorphic]] [[alphanumeric shellcode]] and [[ascii shellcode]] for [[IDS evasion]]. The [[Bleeding Life]] project contains [[shellcode]] which utilizes [[return oriented programming]] in order to bypass [[ASLR]] and [[DEP]] [[countermeasures]] for [[vulnerability|vulnerable]] [[applications|software]] running on the windows 7 [[operating system]].<br />
<br />
=== Network exploitation ===<br />
Network exploitation requires a solid understanding of [[network]] [[administration]] and [[network]] [[protocols]].<br />
<br />
== Maintaining access ==<br />
There are several ways to maintain access, and I will attempt to cover a few of the basics here. The first such would be using innocent looking process names (init , [kthreadd], httpd, sshd, etcetera). This is to mislead administrators to hopefully overlook the process. <br />
<br />
Another such would be a lkm rootkit, on older kernels these can be an ideal way to maintain a backdoor in to the system. An important thing to remember is that anti-rootkit technologies for Linux based systems such as chkrootkit and rkhunter are merely shellscripts. These can be easily modified to even remove checks for whatever public rootkit that you may choose as well as removing the checksum checks on its own script. If it is a newer kernel you may wish to check in to something like [[Jynx Rootkit]] as this will compile on most servers.</div>MaxSchillerhttps://nets.ec/index.php?title=User:Hatter/getting_started&diff=9351User:Hatter/getting started2012-10-04T02:23:23Z<p>MaxSchiller: /* Maintaining access */ quick spelling edit</p>
<hr />
<div>So you're new to offensive security, and one day you want to call yourself a hacker. Understanding the building blocks of a system is the first step towards learning to control it. A solid basis in [[administration]] is needed in order to know how to use a machine. A solid basis in [[programming]] will help you understand what [[information gathering]] leads to successful [[exploitation]] and [[maintaining access]]. While [[countermeasures]] do get in the way, most can be [[IDS evasion|evaded]] or [[filter bypass|bypassed]] with an intermediate knowledge of [[programming]].<br />
<br />
<br />
== [[Administration]] ==<br />
Administration can be broken into a few categories, but for the purposes of this library, administration is divided into system administration, and network administration. <br />
<br />
Mastery of an [[Operating System]] is essential. Most [[server]]s on the internet are powered by [[Linux]]. While difficult, a head-first approach to learning [[Linux]] can be obtained with [[Gentoo Installation]]. We crawl before we learn to walk. Mastery of the basics of file manipulation, diagnostic tools and the like in the Linux environment will make you much more efficient when using Linux to do anything - be it rooting a box or web exploitation - so it is advised that you check out the [[Bash book]], which will familiarize you with the commands that are essential to efficiently using a Linux system.<br />
<br />
Protecting yourself on the Internet is essential, although you have already taken the first step by using a Linux box - especially if you chose to use Gentoo. In order to protect yourself from malicious packets, see the article on [[Iptables]] for filtering incoming packets and dropping those that are potentially malicious in nature. It is also a good idea to check the [[Anonymity]] article for tips on how to keep your identity secret on the Internet - depending on just what you intend to do, these measures can be as simple or as complex as you desire.<br />
<br />
== [[Programming|Code]] == <br />
<br />
[[Programming]] is the next essential skill. While it is possible to perform exploitation on an [[application]] without any knowledge of the language it is written in, understanding of the language allows for a deeper understanding of the way the application you are exploiting handles input and processes data - if you understand what makes it work, you will understand what makes it stop working in the way you want it to. If you want to go "head-first", start with a lower level language like [[assembly]] and move on to [[compiled languages]], finishing with [[interpreted languages]]. If you prefer the easier, or "feet-first" approach, [[interpreted languages]] are the best place to start, then work towards [[assembly]] - perhaps learning one of the [[compiled languages]] in between. <br />
<br />
[[Assembly]] and [[machine code]] are the building blocks of all other [[programming language]]s. Machine code is what most people think of when they refer to "[[binary]] code" (though it is more often represented as hexadecimal opcodes), while assembly is a system of mnemonic words to make machine code easier to work with - for example, "\xcd\x80" comes "int $0x80". <br />
<br />
These languages are the predecessors to the [[C]] language, a mid-level [[compiled language]] which became the cornerstone for nearly all of the modern [[interpreted languages]], including [[PHP]], [[Perl]], [[Python]], and [[Ruby]]. The [[Linux]] operating system is written in [[C]] and [[C++]]. It is advisable to become familiar with C and at least learn enough assembly to understand how your C code is compiling. Learning interpreted languages such as PHP and Perl can also be useful for their flexibility and power.<br />
<br />
When starting out with [[programming]], it is important to avoid the kinds of mistakes that lead to [[vulnerability|vulnerabilities]] in your code - such as [[unsafe string replacement]] and other [[Design Flaws|design flaws]]. Not only does learning about these vulnerabilities prevent your own code from being [[exploitation|exploited]], but the better you understand the potential pitfalls of a language, the better you can exploit those same pitfalls.<br />
<br />
The biggest priority to the aspiring hacker and beginning programmer is to just start programming. Practice makes perfect and the sooner you start, the faster you will become a competent coder. Thankfully, it is an amazing time for people new to programming as there are now many resources for learning how to code. A good place to check out is [http://www.codecademy.com Codecademy] due to the fact that it is very beginner friendly and will get you on the road to learning essential tools in your hacking career like [[JavaScript]] and [[Python]].<br />
<br />
<br />
=== [[Programming|Programming Style]] ===<br />
<br />
A critical strategy to keep in mind is the practice of keeping your code organized and to follow the standards put forth by coders who came before you. This is known as [[programming]] style and can spell the difference between a good hacker and an amazing hacker. <br />
<br />
The vast majority of [[programming language]]s offer the ability to comment your code by using special syntax. It is important that you use comments to document your code, it's useful to think "If I returned to this code in 20 years to improve it, would I be able to tell what it was doing?". <br />
<br />
Variables are something that you will deal with constantly in your programming activities, these are names given to some piece of data and like the name implies can vary during the life of your program. Good programming style incorporates useful variable names. In other words, if you had a program that took input from a user then changed the first letter of their name it would be bad style to name that variable "apple" as opposed to "userInput". Something to strive for is code that is self-documenting, the organization and variable naming being so good that it requires few comments to explain it's execution. <br />
<br />
A major benefit of keeping good programming style is that the clear organization of your program will aid in spotting errors at a much faster rate than someone who was careless in crafting their program (resulting in the dreaded "spaghetti code"). Not only does it help in [[debugging]] but, it will also make it easier to update your code to patch any [[exploitation|exploits]]/[[vulnerability|vulnerabilities]]. There exist many other minute programming styles which are specific to the language you are learning (in [https://www.java.com/en/download/faq/whatis_java.xml Java] it is customary to use camelCase to name variables while in [[Python]] you will see variables written as name_of_var) so it is best to talk with the community in order to discover best practices.<br />
<br />
== Information Gathering ==<br />
=== [[Social Engineering]] ===<br />
[[Social Engineering]] is a method of extracting information from targets by means of social/psychological manipulation for the purpose of gaining unauthorized access to desired targets later on. Techniques often rely on the follies of human nature such as our tendency to easily trust others and help our fellow man. <br />
<br />
An example scenario would be if an individual wanted to gain access to a targeted financial firm, utilizing [[social engineering]] the individual may wear a cast and crutches to approach the door just as an employee were walking out. It is reasonable to assume that if any of us were in this position we would kindly hold the door open for this person. The financial firm has just been compromised and is now vulnerable to any number of attacks. The door may have been secured with a sophisticated access card lock but it is useless against this kind of social engineering technique. The weakest link in any security set up are the users, this is a fact that [[social engineering]] [[Exploit|exploits]].<br />
<br />
== [[Exploitation]] == <br />
The best way to learn exploitation is with a solid basis in [[programming]]. The best place to start is usually with exploiting a [[programming language]] that you are familiar with. If you are familiar with [[interpreted languages]], [[web exploitation]] is the best place to begin; whereas if you are familiar with [[compiled languages]], binary exploitation is the best step for a beginner. It is also best to start with an environment already familiar to you. <br />
<br />
=== [[Web exploitation]] ===<br />
Most beginners find [[web exploitation]] to be the easiest topic to start with. This requires a strong understanding of the [[HTTP|world wide web]]. [[Web application]]s are [[programming|programmed]] using a series of [[interpreted languages]]. This nearly always involves some form of [[HTML]] and [[CSS]], originally developed to be a document and that document's stylesheet. Dynamic content is usually powered by a [[database]], and usually involves [[SQL]] code. The [[programming language]]s used to render dynamic content are [[interpreted languages|interpreted]] on the web [[server]], while languages such as [[HTML]], [[CSS]], and [[JavaScript]] are interpreted and rendered by the client. <br />
<br />
[[Web exploitation]] can be used to [[Command Injection|execute remote commands]], [[steal cookies]], [[SQL injection|extract database information]], bypass [[authentication credentials|authentication]], plant [[database]]-powered [[privilege escalation]] [[SQL backdoors|backdoors]] and more. Simply because [[exploitation]] of [[interpreted languages]] is easier than [[exploitation]] of [[compiled languages]] does not make it any less effective. This, in conjunction with the recent popularity of [[web application]]s makes it the best place to begin. We've also developed a series of [[web exploitation tools]] to assist beginners in remedial tasks.<br />
<br />
=== Binary exploitation ===<br />
Exploitation of [[compiled languages]] used to be much easier than it is today. Due to [[countermeasures]] like [[DEP]], [[ASLR]], and [[IPS]] applications/devices, [[binary]] [[exploitation]] is becoming more and more difficult. To perform a [[filter bypass]] on a modern [[Operating System]], the [[shellcode]] or [[machine code]] used during a [[buffer overflow]] exploit must be crafted to bypass all of the restrictions in place. Beginners usually start learning to write [[shellcode]] with a fundamental knowledge of [[assembly]]. Once an understanding of [[assembly]] for the respective [[operating system]] is obtained, [[null-free shellcode]] is usually the first type of shellcode written by a beginner. It is even possible to write printable and [[polymorphic]] [[alphanumeric shellcode]] and [[ascii shellcode]] for [[IDS evasion]]. The [[Bleeding Life]] project contains [[shellcode]] which utilizes [[return oriented programming]] in order to bypass [[ASLR]] and [[DEP]] [[countermeasures]] for [[vulnerability|vulnerable]] [[applications|software]] running on the windows 7 [[operating system]].<br />
<br />
=== Network exploitation ===<br />
Network exploitation requires a solid understanding of [[network]] [[administration]] and [[network]] [[protocols]].<br />
<br />
== Maintaining access ==<br />
There are several ways to maintain access, and I will attempt to cover a few of the basics here. The first such would be using innocent looking process names (init , [kthreadd], httpd, sshd, etcetera). This is to mislead administrators to hopefully overlook the process. <br />
<br />
Another such would be a lkm rootkit, on older kernels these can be an ideal way to maintain a backdoor in to the system. An important thing to remember is that anti-rootkit technologies for Linux based systems such as chkrootkit and rkhunter are merely shellscripts. These can be easily modified to even remove checks for whatever public rootkit that you may choose as well as removing the checksum checks on its own script. If it is a newer kernel you may wish to check in to something like jynx rootkit as this will compile on most servers.</div>MaxSchillerhttps://nets.ec/index.php?title=User:Hatter/getting_started&diff=9350User:Hatter/getting started2012-10-04T02:19:32Z<p>MaxSchiller: /* Information Gathering */ Started a section on Social Engineering linking to the main article as this is a popular method of extracting information, article should be expanded upon by another user with more experience in this area.</p>
<hr />
<div>So you're new to offensive security, and one day you want to call yourself a hacker. Understanding the building blocks of a system is the first step towards learning to control it. A solid basis in [[administration]] is needed in order to know how to use a machine. A solid basis in [[programming]] will help you understand what [[information gathering]] leads to successful [[exploitation]] and [[maintaining access]]. While [[countermeasures]] do get in the way, most can be [[IDS evasion|evaded]] or [[filter bypass|bypassed]] with an intermediate knowledge of [[programming]].<br />
<br />
<br />
== [[Administration]] ==<br />
Administration can be broken into a few categories, but for the purposes of this library, administration is divided into system administration, and network administration. <br />
<br />
Mastery of an [[Operating System]] is essential. Most [[server]]s on the internet are powered by [[Linux]]. While difficult, a head-first approach to learning [[Linux]] can be obtained with [[Gentoo Installation]]. We crawl before we learn to walk. Mastery of the basics of file manipulation, diagnostic tools and the like in the Linux environment will make you much more efficient when using Linux to do anything - be it rooting a box or web exploitation - so it is advised that you check out the [[Bash book]], which will familiarize you with the commands that are essential to efficiently using a Linux system.<br />
<br />
Protecting yourself on the Internet is essential, although you have already taken the first step by using a Linux box - especially if you chose to use Gentoo. In order to protect yourself from malicious packets, see the article on [[Iptables]] for filtering incoming packets and dropping those that are potentially malicious in nature. It is also a good idea to check the [[Anonymity]] article for tips on how to keep your identity secret on the Internet - depending on just what you intend to do, these measures can be as simple or as complex as you desire.<br />
<br />
== [[Programming|Code]] == <br />
<br />
[[Programming]] is the next essential skill. While it is possible to perform exploitation on an [[application]] without any knowledge of the language it is written in, understanding of the language allows for a deeper understanding of the way the application you are exploiting handles input and processes data - if you understand what makes it work, you will understand what makes it stop working in the way you want it to. If you want to go "head-first", start with a lower level language like [[assembly]] and move on to [[compiled languages]], finishing with [[interpreted languages]]. If you prefer the easier, or "feet-first" approach, [[interpreted languages]] are the best place to start, then work towards [[assembly]] - perhaps learning one of the [[compiled languages]] in between. <br />
<br />
[[Assembly]] and [[machine code]] are the building blocks of all other [[programming language]]s. Machine code is what most people think of when they refer to "[[binary]] code" (though it is more often represented as hexadecimal opcodes), while assembly is a system of mnemonic words to make machine code easier to work with - for example, "\xcd\x80" comes "int $0x80". <br />
<br />
These languages are the predecessors to the [[C]] language, a mid-level [[compiled language]] which became the cornerstone for nearly all of the modern [[interpreted languages]], including [[PHP]], [[Perl]], [[Python]], and [[Ruby]]. The [[Linux]] operating system is written in [[C]] and [[C++]]. It is advisable to become familiar with C and at least learn enough assembly to understand how your C code is compiling. Learning interpreted languages such as PHP and Perl can also be useful for their flexibility and power.<br />
<br />
When starting out with [[programming]], it is important to avoid the kinds of mistakes that lead to [[vulnerability|vulnerabilities]] in your code - such as [[unsafe string replacement]] and other [[Design Flaws|design flaws]]. Not only does learning about these vulnerabilities prevent your own code from being [[exploitation|exploited]], but the better you understand the potential pitfalls of a language, the better you can exploit those same pitfalls.<br />
<br />
The biggest priority to the aspiring hacker and beginning programmer is to just start programming. Practice makes perfect and the sooner you start, the faster you will become a competent coder. Thankfully, it is an amazing time for people new to programming as there are now many resources for learning how to code. A good place to check out is [http://www.codecademy.com Codecademy] due to the fact that it is very beginner friendly and will get you on the road to learning essential tools in your hacking career like [[JavaScript]] and [[Python]].<br />
<br />
<br />
=== [[Programming|Programming Style]] ===<br />
<br />
A critical strategy to keep in mind is the practice of keeping your code organized and to follow the standards put forth by coders who came before you. This is known as [[programming]] style and can spell the difference between a good hacker and an amazing hacker. <br />
<br />
The vast majority of [[programming language]]s offer the ability to comment your code by using special syntax. It is important that you use comments to document your code, it's useful to think "If I returned to this code in 20 years to improve it, would I be able to tell what it was doing?". <br />
<br />
Variables are something that you will deal with constantly in your programming activities, these are names given to some piece of data and like the name implies can vary during the life of your program. Good programming style incorporates useful variable names. In other words, if you had a program that took input from a user then changed the first letter of their name it would be bad style to name that variable "apple" as opposed to "userInput". Something to strive for is code that is self-documenting, the organization and variable naming being so good that it requires few comments to explain it's execution. <br />
<br />
A major benefit of keeping good programming style is that the clear organization of your program will aid in spotting errors at a much faster rate than someone who was careless in crafting their program (resulting in the dreaded "spaghetti code"). Not only does it help in [[debugging]] but, it will also make it easier to update your code to patch any [[exploitation|exploits]]/[[vulnerability|vulnerabilities]]. There exist many other minute programming styles which are specific to the language you are learning (in [https://www.java.com/en/download/faq/whatis_java.xml Java] it is customary to use camelCase to name variables while in [[Python]] you will see variables written as name_of_var) so it is best to talk with the community in order to discover best practices.<br />
<br />
== Information Gathering ==<br />
=== [[Social Engineering]] ===<br />
[[Social Engineering]] is a method of extracting information from targets by means of social/psychological manipulation for the purpose of gaining unauthorized access to desired targets later on. Techniques often rely on the follies of human nature such as our tendency to easily trust others and help our fellow man. <br />
<br />
An example scenario would be if an individual wanted to gain access to a targeted financial firm, utilizing [[social engineering]] the individual may wear a cast and crutches to approach the door just as an employee were walking out. It is reasonable to assume that if any of us were in this position we would kindly hold the door open for this person. The financial firm has just been compromised and is now vulnerable to any number of attacks. The door may have been secured with a sophisticated access card lock but it is useless against this kind of social engineering technique. The weakest link in any security set up are the users, this is a fact that [[social engineering]] [[Exploit|exploits]].<br />
<br />
== [[Exploitation]] == <br />
The best way to learn exploitation is with a solid basis in [[programming]]. The best place to start is usually with exploiting a [[programming language]] that you are familiar with. If you are familiar with [[interpreted languages]], [[web exploitation]] is the best place to begin; whereas if you are familiar with [[compiled languages]], binary exploitation is the best step for a beginner. It is also best to start with an environment already familiar to you. <br />
<br />
=== [[Web exploitation]] ===<br />
Most beginners find [[web exploitation]] to be the easiest topic to start with. This requires a strong understanding of the [[HTTP|world wide web]]. [[Web application]]s are [[programming|programmed]] using a series of [[interpreted languages]]. This nearly always involves some form of [[HTML]] and [[CSS]], originally developed to be a document and that document's stylesheet. Dynamic content is usually powered by a [[database]], and usually involves [[SQL]] code. The [[programming language]]s used to render dynamic content are [[interpreted languages|interpreted]] on the web [[server]], while languages such as [[HTML]], [[CSS]], and [[JavaScript]] are interpreted and rendered by the client. <br />
<br />
[[Web exploitation]] can be used to [[Command Injection|execute remote commands]], [[steal cookies]], [[SQL injection|extract database information]], bypass [[authentication credentials|authentication]], plant [[database]]-powered [[privilege escalation]] [[SQL backdoors|backdoors]] and more. Simply because [[exploitation]] of [[interpreted languages]] is easier than [[exploitation]] of [[compiled languages]] does not make it any less effective. This, in conjunction with the recent popularity of [[web application]]s makes it the best place to begin. We've also developed a series of [[web exploitation tools]] to assist beginners in remedial tasks.<br />
<br />
=== Binary exploitation ===<br />
Exploitation of [[compiled languages]] used to be much easier than it is today. Due to [[countermeasures]] like [[DEP]], [[ASLR]], and [[IPS]] applications/devices, [[binary]] [[exploitation]] is becoming more and more difficult. To perform a [[filter bypass]] on a modern [[Operating System]], the [[shellcode]] or [[machine code]] used during a [[buffer overflow]] exploit must be crafted to bypass all of the restrictions in place. Beginners usually start learning to write [[shellcode]] with a fundamental knowledge of [[assembly]]. Once an understanding of [[assembly]] for the respective [[operating system]] is obtained, [[null-free shellcode]] is usually the first type of shellcode written by a beginner. It is even possible to write printable and [[polymorphic]] [[alphanumeric shellcode]] and [[ascii shellcode]] for [[IDS evasion]]. The [[Bleeding Life]] project contains [[shellcode]] which utilizes [[return oriented programming]] in order to bypass [[ASLR]] and [[DEP]] [[countermeasures]] for [[vulnerability|vulnerable]] [[applications|software]] running on the windows 7 [[operating system]].<br />
<br />
=== Network exploitation ===<br />
Network exploitation requires a solid understanding of [[network]] [[administration]] and [[network]] [[protocols]].<br />
<br />
== Maintaining access ==<br />
There are several ways to maintain access, and I will attempt to cover a few of the basics here. The first such would be using innocent looking process names (init , [kthreadd], httpd, sshd, etcetera). This is to mislead administrators to hopefully overlook the process. <br />
<br />
Another such would be a lkm rootkit, on older kernels these can be an ideal way to maintain a backdoor in to the system. An important thing to remember is that anti-rootkit technologies for linux based systems such as chkrootkit and rkhunter are merely shellscripts. These can be easily modified to even remove checks for whatever public rootkit that you may choose as well as removing the checksum checks on its own script. If it is a newer kernel you may wish to check in to something like jynx rootkit as this will compile on most servers.</div>MaxSchillerhttps://nets.ec/index.php?title=User:Hatter/getting_started&diff=9349User:Hatter/getting started2012-10-04T02:01:49Z<p>MaxSchiller: /* Programming Style */</p>
<hr />
<div>So you're new to offensive security, and one day you want to call yourself a hacker. Understanding the building blocks of a system is the first step towards learning to control it. A solid basis in [[administration]] is needed in order to know how to use a machine. A solid basis in [[programming]] will help you understand what [[information gathering]] leads to successful [[exploitation]] and [[maintaining access]]. While [[countermeasures]] do get in the way, most can be [[IDS evasion|evaded]] or [[filter bypass|bypassed]] with an intermediate knowledge of [[programming]].<br />
<br />
<br />
== [[Administration]] ==<br />
Administration can be broken into a few categories, but for the purposes of this library, administration is divided into system administration, and network administration. <br />
<br />
Mastery of an [[Operating System]] is essential. Most [[server]]s on the internet are powered by [[Linux]]. While difficult, a head-first approach to learning [[Linux]] can be obtained with [[Gentoo Installation]]. We crawl before we learn to walk. Mastery of the basics of file manipulation, diagnostic tools and the like in the Linux environment will make you much more efficient when using Linux to do anything - be it rooting a box or web exploitation - so it is advised that you check out the [[Bash book]], which will familiarize you with the commands that are essential to efficiently using a Linux system.<br />
<br />
Protecting yourself on the Internet is essential, although you have already taken the first step by using a Linux box - especially if you chose to use Gentoo. In order to protect yourself from malicious packets, see the article on [[Iptables]] for filtering incoming packets and dropping those that are potentially malicious in nature. It is also a good idea to check the [[Anonymity]] article for tips on how to keep your identity secret on the Internet - depending on just what you intend to do, these measures can be as simple or as complex as you desire.<br />
<br />
== [[Programming|Code]] == <br />
<br />
[[Programming]] is the next essential skill. While it is possible to perform exploitation on an [[application]] without any knowledge of the language it is written in, understanding of the language allows for a deeper understanding of the way the application you are exploiting handles input and processes data - if you understand what makes it work, you will understand what makes it stop working in the way you want it to. If you want to go "head-first", start with a lower level language like [[assembly]] and move on to [[compiled languages]], finishing with [[interpreted languages]]. If you prefer the easier, or "feet-first" approach, [[interpreted languages]] are the best place to start, then work towards [[assembly]] - perhaps learning one of the [[compiled languages]] in between. <br />
<br />
[[Assembly]] and [[machine code]] are the building blocks of all other [[programming language]]s. Machine code is what most people think of when they refer to "[[binary]] code" (though it is more often represented as hexadecimal opcodes), while assembly is a system of mnemonic words to make machine code easier to work with - for example, "\xcd\x80" comes "int $0x80". <br />
<br />
These languages are the predecessors to the [[C]] language, a mid-level [[compiled language]] which became the cornerstone for nearly all of the modern [[interpreted languages]], including [[PHP]], [[Perl]], [[Python]], and [[Ruby]]. The [[Linux]] operating system is written in [[C]] and [[C++]]. It is advisable to become familiar with C and at least learn enough assembly to understand how your C code is compiling. Learning interpreted languages such as PHP and Perl can also be useful for their flexibility and power.<br />
<br />
When starting out with [[programming]], it is important to avoid the kinds of mistakes that lead to [[vulnerability|vulnerabilities]] in your code - such as [[unsafe string replacement]] and other [[Design Flaws|design flaws]]. Not only does learning about these vulnerabilities prevent your own code from being [[exploitation|exploited]], but the better you understand the potential pitfalls of a language, the better you can exploit those same pitfalls.<br />
<br />
The biggest priority to the aspiring hacker and beginning programmer is to just start programming. Practice makes perfect and the sooner you start, the faster you will become a competent coder. Thankfully, it is an amazing time for people new to programming as there are now many resources for learning how to code. A good place to check out is [http://www.codecademy.com Codecademy] due to the fact that it is very beginner friendly and will get you on the road to learning essential tools in your hacking career like [[JavaScript]] and [[Python]].<br />
<br />
<br />
=== [[Programming|Programming Style]] ===<br />
<br />
A critical strategy to keep in mind is the practice of keeping your code organized and to follow the standards put forth by coders who came before you. This is known as [[programming]] style and can spell the difference between a good hacker and an amazing hacker. <br />
<br />
The vast majority of [[programming language]]s offer the ability to comment your code by using special syntax. It is important that you use comments to document your code, it's useful to think "If I returned to this code in 20 years to improve it, would I be able to tell what it was doing?". <br />
<br />
Variables are something that you will deal with constantly in your programming activities, these are names given to some piece of data and like the name implies can vary during the life of your program. Good programming style incorporates useful variable names. In other words, if you had a program that took input from a user then changed the first letter of their name it would be bad style to name that variable "apple" as opposed to "userInput". Something to strive for is code that is self-documenting, the organization and variable naming being so good that it requires few comments to explain it's execution. <br />
<br />
A major benefit of keeping good programming style is that the clear organization of your program will aid in spotting errors at a much faster rate than someone who was careless in crafting their program (resulting in the dreaded "spaghetti code"). Not only does it help in [[debugging]] but, it will also make it easier to update your code to patch any [[exploitation|exploits]]/[[vulnerability|vulnerabilities]]. There exist many other minute programming styles which are specific to the language you are learning (in [https://www.java.com/en/download/faq/whatis_java.xml Java] it is customary to use camelCase to name variables while in [[Python]] you will see variables written as name_of_var) so it is best to talk with the community in order to discover best practices.<br />
<br />
== Information Gathering ==<br />
<br />
== [[Exploitation]] == <br />
The best way to learn exploitation is with a solid basis in [[programming]]. The best place to start is usually with exploiting a [[programming language]] that you are familiar with. If you are familiar with [[interpreted languages]], [[web exploitation]] is the best place to begin; whereas if you are familiar with [[compiled languages]], binary exploitation is the best step for a beginner. It is also best to start with an environment already familiar to you. <br />
<br />
=== [[Web exploitation]] ===<br />
Most beginners find [[web exploitation]] to be the easiest topic to start with. This requires a strong understanding of the [[HTTP|world wide web]]. [[Web application]]s are [[programming|programmed]] using a series of [[interpreted languages]]. This nearly always involves some form of [[HTML]] and [[CSS]], originally developed to be a document and that document's stylesheet. Dynamic content is usually powered by a [[database]], and usually involves [[SQL]] code. The [[programming language]]s used to render dynamic content are [[interpreted languages|interpreted]] on the web [[server]], while languages such as [[HTML]], [[CSS]], and [[JavaScript]] are interpreted and rendered by the client. <br />
<br />
[[Web exploitation]] can be used to [[Command Injection|execute remote commands]], [[steal cookies]], [[SQL injection|extract database information]], bypass [[authentication credentials|authentication]], plant [[database]]-powered [[privilege escalation]] [[SQL backdoors|backdoors]] and more. Simply because [[exploitation]] of [[interpreted languages]] is easier than [[exploitation]] of [[compiled languages]] does not make it any less effective. This, in conjunction with the recent popularity of [[web application]]s makes it the best place to begin. We've also developed a series of [[web exploitation tools]] to assist beginners in remedial tasks.<br />
<br />
=== Binary exploitation ===<br />
Exploitation of [[compiled languages]] used to be much easier than it is today. Due to [[countermeasures]] like [[DEP]], [[ASLR]], and [[IPS]] applications/devices, [[binary]] [[exploitation]] is becoming more and more difficult. To perform a [[filter bypass]] on a modern [[Operating System]], the [[shellcode]] or [[machine code]] used during a [[buffer overflow]] exploit must be crafted to bypass all of the restrictions in place. Beginners usually start learning to write [[shellcode]] with a fundamental knowledge of [[assembly]]. Once an understanding of [[assembly]] for the respective [[operating system]] is obtained, [[null-free shellcode]] is usually the first type of shellcode written by a beginner. It is even possible to write printable and [[polymorphic]] [[alphanumeric shellcode]] and [[ascii shellcode]] for [[IDS evasion]]. The [[Bleeding Life]] project contains [[shellcode]] which utilizes [[return oriented programming]] in order to bypass [[ASLR]] and [[DEP]] [[countermeasures]] for [[vulnerability|vulnerable]] [[applications|software]] running on the windows 7 [[operating system]].<br />
<br />
=== Network exploitation ===<br />
Network exploitation requires a solid understanding of [[network]] [[administration]] and [[network]] [[protocols]].<br />
<br />
== Maintaining access ==<br />
There are several ways to maintain access, and I will attempt to cover a few of the basics here. The first such would be using innocent looking process names (init , [kthreadd], httpd, sshd, etcetera). This is to mislead administrators to hopefully overlook the process. <br />
<br />
Another such would be a lkm rootkit, on older kernels these can be an ideal way to maintain a backdoor in to the system. An important thing to remember is that anti-rootkit technologies for linux based systems such as chkrootkit and rkhunter are merely shellscripts. These can be easily modified to even remove checks for whatever public rootkit that you may choose as well as removing the checksum checks on its own script. If it is a newer kernel you may wish to check in to something like jynx rootkit as this will compile on most servers.</div>MaxSchillerhttps://nets.ec/index.php?title=User:Hatter/getting_started&diff=9348User:Hatter/getting started2012-10-04T01:55:11Z<p>MaxSchiller: /* Exploitation */</p>
<hr />
<div>So you're new to offensive security, and one day you want to call yourself a hacker. Understanding the building blocks of a system is the first step towards learning to control it. A solid basis in [[administration]] is needed in order to know how to use a machine. A solid basis in [[programming]] will help you understand what [[information gathering]] leads to successful [[exploitation]] and [[maintaining access]]. While [[countermeasures]] do get in the way, most can be [[IDS evasion|evaded]] or [[filter bypass|bypassed]] with an intermediate knowledge of [[programming]].<br />
<br />
<br />
== [[Administration]] ==<br />
Administration can be broken into a few categories, but for the purposes of this library, administration is divided into system administration, and network administration. <br />
<br />
Mastery of an [[Operating System]] is essential. Most [[server]]s on the internet are powered by [[Linux]]. While difficult, a head-first approach to learning [[Linux]] can be obtained with [[Gentoo Installation]]. We crawl before we learn to walk. Mastery of the basics of file manipulation, diagnostic tools and the like in the Linux environment will make you much more efficient when using Linux to do anything - be it rooting a box or web exploitation - so it is advised that you check out the [[Bash book]], which will familiarize you with the commands that are essential to efficiently using a Linux system.<br />
<br />
Protecting yourself on the Internet is essential, although you have already taken the first step by using a Linux box - especially if you chose to use Gentoo. In order to protect yourself from malicious packets, see the article on [[Iptables]] for filtering incoming packets and dropping those that are potentially malicious in nature. It is also a good idea to check the [[Anonymity]] article for tips on how to keep your identity secret on the Internet - depending on just what you intend to do, these measures can be as simple or as complex as you desire.<br />
<br />
== [[Programming|Code]] == <br />
<br />
[[Programming]] is the next essential skill. While it is possible to perform exploitation on an [[application]] without any knowledge of the language it is written in, understanding of the language allows for a deeper understanding of the way the application you are exploiting handles input and processes data - if you understand what makes it work, you will understand what makes it stop working in the way you want it to. If you want to go "head-first", start with a lower level language like [[assembly]] and move on to [[compiled languages]], finishing with [[interpreted languages]]. If you prefer the easier, or "feet-first" approach, [[interpreted languages]] are the best place to start, then work towards [[assembly]] - perhaps learning one of the [[compiled languages]] in between. <br />
<br />
[[Assembly]] and [[machine code]] are the building blocks of all other [[programming language]]s. Machine code is what most people think of when they refer to "[[binary]] code" (though it is more often represented as hexadecimal opcodes), while assembly is a system of mnemonic words to make machine code easier to work with - for example, "\xcd\x80" comes "int $0x80". <br />
<br />
These languages are the predecessors to the [[C]] language, a mid-level [[compiled language]] which became the cornerstone for nearly all of the modern [[interpreted languages]], including [[PHP]], [[Perl]], [[Python]], and [[Ruby]]. The [[Linux]] operating system is written in [[C]] and [[C++]]. It is advisable to become familiar with C and at least learn enough assembly to understand how your C code is compiling. Learning interpreted languages such as PHP and Perl can also be useful for their flexibility and power.<br />
<br />
When starting out with [[programming]], it is important to avoid the kinds of mistakes that lead to [[vulnerability|vulnerabilities]] in your code - such as [[unsafe string replacement]] and other [[Design Flaws|design flaws]]. Not only does learning about these vulnerabilities prevent your own code from being [[exploitation|exploited]], but the better you understand the potential pitfalls of a language, the better you can exploit those same pitfalls.<br />
<br />
The biggest priority to the aspiring hacker and beginning programmer is to just start programming. Practice makes perfect and the sooner you start, the faster you will become a competent coder. Thankfully, it is an amazing time for people new to programming as there are now many resources for learning how to code. A good place to check out is [http://www.codecademy.com Codecademy] due to the fact that it is very beginner friendly and will get you on the road to learning essential tools in your hacking career like [[JavaScript]] and [[Python]].<br />
<br />
<br />
=== [[Programming|Programming Style]] ===<br />
<br />
A critical strategy to keep in mind is the practice of keeping your code organized and to follow the standards put forth by coders who came before you. This is known as [[programming]] style and can spell the difference between a good hacker and an amazing hacker. <br />
<br />
The vast majority of [[programming language]]s offer the ability to comment your code by using special syntax. It is important that you use comments to document your code, it's useful to think "If I returned to this code in 20 years to improve it, would I be able to tell what it was doing?". <br />
<br />
Variables are something that you will deal with constantly in your programming activities, these are names given to some piece of data and like the name implies can vary during the life of your program. Good programming style incorporates useful variable names. In other words, if you had a program that took input from a user then changed the first letter of their name it would be bad style to name that variable "apple" as opposed to "userInput". Something to strive for is code that is self-documenting, the organization and variable naming being so good that it requires few comments to explain it's execution. <br />
<br />
A major benefit of keeping good programming style is that the clear organization of your program will aid in spotting errors at a much faster rate than someone who was careless in crafting their program (resulting in the dreaded "spaghetti code"). Not only does it help in [[debugging]] but, it will also make it easier to update your code to patch any [[exploitation|exploits]]/[[vulnerability|vulnerabilities]]. There exist many other minute programming styles which are specific to the language you are learning (in [[Java]] it is customary to use camelCase to name variables while in [[Python]] you will see variables written as name_of_var) so it is best to talk with the community in order to discover best practices.<br />
<br />
== Information Gathering ==<br />
<br />
== [[Exploitation]] == <br />
The best way to learn exploitation is with a solid basis in [[programming]]. The best place to start is usually with exploiting a [[programming language]] that you are familiar with. If you are familiar with [[interpreted languages]], [[web exploitation]] is the best place to begin; whereas if you are familiar with [[compiled languages]], binary exploitation is the best step for a beginner. It is also best to start with an environment already familiar to you. <br />
<br />
=== [[Web exploitation]] ===<br />
Most beginners find [[web exploitation]] to be the easiest topic to start with. This requires a strong understanding of the [[HTTP|world wide web]]. [[Web application]]s are [[programming|programmed]] using a series of [[interpreted languages]]. This nearly always involves some form of [[HTML]] and [[CSS]], originally developed to be a document and that document's stylesheet. Dynamic content is usually powered by a [[database]], and usually involves [[SQL]] code. The [[programming language]]s used to render dynamic content are [[interpreted languages|interpreted]] on the web [[server]], while languages such as [[HTML]], [[CSS]], and [[JavaScript]] are interpreted and rendered by the client. <br />
<br />
[[Web exploitation]] can be used to [[Command Injection|execute remote commands]], [[steal cookies]], [[SQL injection|extract database information]], bypass [[authentication credentials|authentication]], plant [[database]]-powered [[privilege escalation]] [[SQL backdoors|backdoors]] and more. Simply because [[exploitation]] of [[interpreted languages]] is easier than [[exploitation]] of [[compiled languages]] does not make it any less effective. This, in conjunction with the recent popularity of [[web application]]s makes it the best place to begin. We've also developed a series of [[web exploitation tools]] to assist beginners in remedial tasks.<br />
<br />
=== Binary exploitation ===<br />
Exploitation of [[compiled languages]] used to be much easier than it is today. Due to [[countermeasures]] like [[DEP]], [[ASLR]], and [[IPS]] applications/devices, [[binary]] [[exploitation]] is becoming more and more difficult. To perform a [[filter bypass]] on a modern [[Operating System]], the [[shellcode]] or [[machine code]] used during a [[buffer overflow]] exploit must be crafted to bypass all of the restrictions in place. Beginners usually start learning to write [[shellcode]] with a fundamental knowledge of [[assembly]]. Once an understanding of [[assembly]] for the respective [[operating system]] is obtained, [[null-free shellcode]] is usually the first type of shellcode written by a beginner. It is even possible to write printable and [[polymorphic]] [[alphanumeric shellcode]] and [[ascii shellcode]] for [[IDS evasion]]. The [[Bleeding Life]] project contains [[shellcode]] which utilizes [[return oriented programming]] in order to bypass [[ASLR]] and [[DEP]] [[countermeasures]] for [[vulnerability|vulnerable]] [[applications|software]] running on the windows 7 [[operating system]].<br />
<br />
=== Network exploitation ===<br />
Network exploitation requires a solid understanding of [[network]] [[administration]] and [[network]] [[protocols]].<br />
<br />
== Maintaining access ==<br />
There are several ways to maintain access, and I will attempt to cover a few of the basics here. The first such would be using innocent looking process names (init , [kthreadd], httpd, sshd, etcetera). This is to mislead administrators to hopefully overlook the process. <br />
<br />
Another such would be a lkm rootkit, on older kernels these can be an ideal way to maintain a backdoor in to the system. An important thing to remember is that anti-rootkit technologies for linux based systems such as chkrootkit and rkhunter are merely shellscripts. These can be easily modified to even remove checks for whatever public rootkit that you may choose as well as removing the checksum checks on its own script. If it is a newer kernel you may wish to check in to something like jynx rootkit as this will compile on most servers.</div>MaxSchillerhttps://nets.ec/index.php?title=User:Hatter/getting_started&diff=9347User:Hatter/getting started2012-10-04T01:53:45Z<p>MaxSchiller: /* Code */ In section Code, added a paragraph directing users to beginner programming practice websites. Added Programming Style section as this is relevant to creating clean code that is more likely to be free of vulnerabilities.</p>
<hr />
<div>So you're new to offensive security, and one day you want to call yourself a hacker. Understanding the building blocks of a system is the first step towards learning to control it. A solid basis in [[administration]] is needed in order to know how to use a machine. A solid basis in [[programming]] will help you understand what [[information gathering]] leads to successful [[exploitation]] and [[maintaining access]]. While [[countermeasures]] do get in the way, most can be [[IDS evasion|evaded]] or [[filter bypass|bypassed]] with an intermediate knowledge of [[programming]].<br />
<br />
<br />
== [[Administration]] ==<br />
Administration can be broken into a few categories, but for the purposes of this library, administration is divided into system administration, and network administration. <br />
<br />
Mastery of an [[Operating System]] is essential. Most [[server]]s on the internet are powered by [[Linux]]. While difficult, a head-first approach to learning [[Linux]] can be obtained with [[Gentoo Installation]]. We crawl before we learn to walk. Mastery of the basics of file manipulation, diagnostic tools and the like in the Linux environment will make you much more efficient when using Linux to do anything - be it rooting a box or web exploitation - so it is advised that you check out the [[Bash book]], which will familiarize you with the commands that are essential to efficiently using a Linux system.<br />
<br />
Protecting yourself on the Internet is essential, although you have already taken the first step by using a Linux box - especially if you chose to use Gentoo. In order to protect yourself from malicious packets, see the article on [[Iptables]] for filtering incoming packets and dropping those that are potentially malicious in nature. It is also a good idea to check the [[Anonymity]] article for tips on how to keep your identity secret on the Internet - depending on just what you intend to do, these measures can be as simple or as complex as you desire.<br />
<br />
== [[Programming|Code]] == <br />
<br />
[[Programming]] is the next essential skill. While it is possible to perform exploitation on an [[application]] without any knowledge of the language it is written in, understanding of the language allows for a deeper understanding of the way the application you are exploiting handles input and processes data - if you understand what makes it work, you will understand what makes it stop working in the way you want it to. If you want to go "head-first", start with a lower level language like [[assembly]] and move on to [[compiled languages]], finishing with [[interpreted languages]]. If you prefer the easier, or "feet-first" approach, [[interpreted languages]] are the best place to start, then work towards [[assembly]] - perhaps learning one of the [[compiled languages]] in between. <br />
<br />
[[Assembly]] and [[machine code]] are the building blocks of all other [[programming language]]s. Machine code is what most people think of when they refer to "[[binary]] code" (though it is more often represented as hexadecimal opcodes), while assembly is a system of mnemonic words to make machine code easier to work with - for example, "\xcd\x80" comes "int $0x80". <br />
<br />
These languages are the predecessors to the [[C]] language, a mid-level [[compiled language]] which became the cornerstone for nearly all of the modern [[interpreted languages]], including [[PHP]], [[Perl]], [[Python]], and [[Ruby]]. The [[Linux]] operating system is written in [[C]] and [[C++]]. It is advisable to become familiar with C and at least learn enough assembly to understand how your C code is compiling. Learning interpreted languages such as PHP and Perl can also be useful for their flexibility and power.<br />
<br />
When starting out with [[programming]], it is important to avoid the kinds of mistakes that lead to [[vulnerability|vulnerabilities]] in your code - such as [[unsafe string replacement]] and other [[Design Flaws|design flaws]]. Not only does learning about these vulnerabilities prevent your own code from being [[exploitation|exploited]], but the better you understand the potential pitfalls of a language, the better you can exploit those same pitfalls.<br />
<br />
The biggest priority to the aspiring hacker and beginning programmer is to just start programming. Practice makes perfect and the sooner you start, the faster you will become a competent coder. Thankfully, it is an amazing time for people new to programming as there are now many resources for learning how to code. A good place to check out is [http://www.codecademy.com Codecademy] due to the fact that it is very beginner friendly and will get you on the road to learning essential tools in your hacking career like [[JavaScript]] and [[Python]].<br />
<br />
<br />
=== [[Programming|Programming Style]] ===<br />
<br />
A critical strategy to keep in mind is the practice of keeping your code organized and to follow the standards put forth by coders who came before you. This is known as [[programming]] style and can spell the difference between a good hacker and an amazing hacker. <br />
<br />
The vast majority of [[programming language]]s offer the ability to comment your code by using special syntax. It is important that you use comments to document your code, it's useful to think "If I returned to this code in 20 years to improve it, would I be able to tell what it was doing?". <br />
<br />
Variables are something that you will deal with constantly in your programming activities, these are names given to some piece of data and like the name implies can vary during the life of your program. Good programming style incorporates useful variable names. In other words, if you had a program that took input from a user then changed the first letter of their name it would be bad style to name that variable "apple" as opposed to "userInput". Something to strive for is code that is self-documenting, the organization and variable naming being so good that it requires few comments to explain it's execution. <br />
<br />
A major benefit of keeping good programming style is that the clear organization of your program will aid in spotting errors at a much faster rate than someone who was careless in crafting their program (resulting in the dreaded "spaghetti code"). Not only does it help in [[debugging]] but, it will also make it easier to update your code to patch any [[exploitation|exploits]]/[[vulnerability|vulnerabilities]]. There exist many other minute programming styles which are specific to the language you are learning (in [[Java]] it is customary to use camelCase to name variables while in [[Python]] you will see variables written as name_of_var) so it is best to talk with the community in order to discover best practices.<br />
<br />
== Information Gathering ==<br />
<br />
== [[Exploitation]] == <br />
The best way to learn exploitation is with a solid basis in [[programming]]. The best place to start is usually with exploiting a [[programming language]] that you are familiar with. If you are familiar with [[interpreted languages]], [[web exploitation]] is the best place to begin; whereas if you are familiar with [[compiled languages]], binary exploitation is the best step for a beginner. It is also best to start with an environment already familiar to you. <br />
<br />
<br />
=== [[Web exploitation]] ===<br />
Most beginners find [[web exploitation]] to be the easiest topic to start with. This requires a strong understanding of the [[HTTP|world wide web]]. [[Web application]]s are [[programming|programmed]] using a series of [[interpreted languages]]. This nearly always involves some form of [[HTML]] and [[CSS]], originally developed to be a document and that document's stylesheet. Dynamic content is usually powered by a [[database]], and usually involves [[SQL]] code. The [[programming language]]s used to render dynamic content are [[interpreted languages|interpreted]] on the web [[server]], while languages such as [[HTML]], [[CSS]], and [[JavaScript]] are interpreted and rendered by the client. <br />
<br />
[[Web exploitation]] can be used to [[Command Injection|execute remote commands]], [[steal cookies]], [[SQL injection|extract database information]], bypass [[authentication credentials|authentication]], plant [[database]]-powered [[privilege escalation]] [[SQL backdoors|backdoors]] and more. Simply because [[exploitation]] of [[interpreted languages]] is easier than [[exploitation]] of [[compiled languages]] does not make it any less effective. This, in conjunction with the recent popularity of [[web application]]s makes it the best place to begin. We've also developed a series of [[web exploitation tools]] to assist beginners in remedial tasks.<br />
<br />
=== Binary exploitation ===<br />
Exploitation of [[compiled languages]] used to be much easier than it is today. Due to [[countermeasures]] like [[DEP]], [[ASLR]], and [[IPS]] applications/devices, [[binary]] [[exploitation]] is becoming more and more difficult. To perform a [[filter bypass]] on a modern [[Operating System]], the [[shellcode]] or [[machine code]] used during a [[buffer overflow]] exploit must be crafted to bypass all of the restrictions in place. Beginners usually start learning to write [[shellcode]] with a fundamental knowledge of [[assembly]]. Once an understanding of [[assembly]] for the respective [[operating system]] is obtained, [[null-free shellcode]] is usually the first type of shellcode written by a beginner. It is even possible to write printable and [[polymorphic]] [[alphanumeric shellcode]] and [[ascii shellcode]] for [[IDS evasion]]. The [[Bleeding Life]] project contains [[shellcode]] which utilizes [[return oriented programming]] in order to bypass [[ASLR]] and [[DEP]] [[countermeasures]] for [[vulnerability|vulnerable]] [[applications|software]] running on the windows 7 [[operating system]].<br />
<br />
=== Network exploitation ===<br />
Network exploitation requires a solid understanding of [[network]] [[administration]] and [[network]] [[protocols]].<br />
<br />
== Maintaining access ==<br />
There are several ways to maintain access, and I will attempt to cover a few of the basics here. The first such would be using innocent looking process names (init , [kthreadd], httpd, sshd, etcetera). This is to mislead administrators to hopefully overlook the process. <br />
<br />
Another such would be a lkm rootkit, on older kernels these can be an ideal way to maintain a backdoor in to the system. An important thing to remember is that anti-rootkit technologies for linux based systems such as chkrootkit and rkhunter are merely shellscripts. These can be easily modified to even remove checks for whatever public rootkit that you may choose as well as removing the checksum checks on its own script. If it is a newer kernel you may wish to check in to something like jynx rootkit as this will compile on most servers.</div>MaxSchillerhttps://nets.ec/index.php?title=User:Hatter/getting_started&diff=9346User:Hatter/getting started2012-10-04T00:56:36Z<p>MaxSchiller: /* Administration */ Corrected some small spelling mistakes</p>
<hr />
<div>So you're new to offensive security, and one day you want to call yourself a hacker. Understanding the building blocks of a system is the first step towards learning to control it. A solid basis in [[administration]] is needed in order to know how to use a machine. A solid basis in [[programming]] will help you understand what [[information gathering]] leads to successful [[exploitation]] and [[maintaining access]]. While [[countermeasures]] do get in the way, most can be [[IDS evasion|evaded]] or [[filter bypass|bypassed]] with an intermediate knowledge of [[programming]].<br />
<br />
<br />
== [[Administration]] ==<br />
Administration can be broken into a few categories, but for the purposes of this library, administration is divided into system administration, and network administration. <br />
<br />
Mastery of an [[Operating System]] is essential. Most [[server]]s on the internet are powered by [[Linux]]. While difficult, a head-first approach to learning [[Linux]] can be obtained with [[Gentoo Installation]]. We crawl before we learn to walk. Mastery of the basics of file manipulation, diagnostic tools and the like in the Linux environment will make you much more efficient when using Linux to do anything - be it rooting a box or web exploitation - so it is advised that you check out the [[Bash book]], which will familiarize you with the commands that are essential to efficiently using a Linux system.<br />
<br />
Protecting yourself on the Internet is essential, although you have already taken the first step by using a Linux box - especially if you chose to use Gentoo. In order to protect yourself from malicious packets, see the article on [[Iptables]] for filtering incoming packets and dropping those that are potentially malicious in nature. It is also a good idea to check the [[Anonymity]] article for tips on how to keep your identity secret on the Internet - depending on just what you intend to do, these measures can be as simple or as complex as you desire.<br />
<br />
== [[Programming|Code]] == <br />
<br />
[[Programming]] is the next essential skill. While it is possible to perform exploitation on an [[application]] without any knowledge of the language it is written in, understanding of the language allows for a deeper understanding of the way the application you are exploiting handles input and processes data - if you understand what makes it work, you will understand what makes it stop working in the way you want it to. If you want to go "head-first", start with a lower level language like [[assembly]] and move on to [[compiled languages]], finishing with [[interpreted languages]]. If you prefer the easier, or "feet-first" approach, [[interpreted languages]] are the best place to start, then work towards [[assembly]] - perhaps learning one of the [[compiled languages]] in between.<br />
<br />
[[Assembly]] and [[machine code]] are the building blocks of all other [[programming language]]s. Machine code is what most people think of when they refer to "[[binary]] code" (though it is more often represented as hexadecimal opcodes), while assembly is a system of mnemonic words to make machine code easier to work with - for example, "\xcd\x80" comes "int $0x80". <br />
<br />
These languages are the predecessors to the [[C]] language, a mid-level [[compiled language]] which became the cornerstone for nearly all of the modern [[interpreted languages]], including [[PHP]], [[Perl]], [[Python]], and [[Ruby]]. The [[Linux]] operating system is written in [[C]] and [[C++]]. It is advisable to become familiar with C and at least learn enough assembly to understand how your C code is compiling. Learning interpreted languages such as PHP and Perl can also be useful for their flexibility and power.<br />
<br />
When starting out with [[programming]], it is important to avoid the kinds of mistakes that lead to [[vulnerability|vulnerabilities]] in your code - such as [[unsafe string replacement]] and other [[Design Flaws|design flaws]]. Not only does learning about these vulnerabilities prevent your own code from being [[exploitation|exploited]], but the better you understand the potential pitfalls of a language, the better you can exploit those same pitfalls.<br />
<br />
== Information Gathering ==<br />
<br />
== [[Exploitation]] == <br />
The best way to learn exploitation is with a solid basis in [[programming]]. The best place to start is usually with exploiting a [[programming language]] that you are familiar with. If you are familiar with [[interpreted languages]], [[web exploitation]] is the best place to begin; whereas if you are familiar with [[compiled languages]], binary exploitation is the best step for a beginner. It is also best to start with an environment already familiar to you. <br />
<br />
<br />
=== [[Web exploitation]] ===<br />
Most beginners find [[web exploitation]] to be the easiest topic to start with. This requires a strong understanding of the [[HTTP|world wide web]]. [[Web application]]s are [[programming|programmed]] using a series of [[interpreted languages]]. This nearly always involves some form of [[HTML]] and [[CSS]], originally developed to be a document and that document's stylesheet. Dynamic content is usually powered by a [[database]], and usually involves [[SQL]] code. The [[programming language]]s used to render dynamic content are [[interpreted languages|interpreted]] on the web [[server]], while languages such as [[HTML]], [[CSS]], and [[JavaScript]] are interpreted and rendered by the client. <br />
<br />
[[Web exploitation]] can be used to [[Command Injection|execute remote commands]], [[steal cookies]], [[SQL injection|extract database information]], bypass [[authentication credentials|authentication]], plant [[database]]-powered [[privilege escalation]] [[SQL backdoors|backdoors]] and more. Simply because [[exploitation]] of [[interpreted languages]] is easier than [[exploitation]] of [[compiled languages]] does not make it any less effective. This, in conjunction with the recent popularity of [[web application]]s makes it the best place to begin. We've also developed a series of [[web exploitation tools]] to assist beginners in remedial tasks.<br />
<br />
=== Binary exploitation ===<br />
Exploitation of [[compiled languages]] used to be much easier than it is today. Due to [[countermeasures]] like [[DEP]], [[ASLR]], and [[IPS]] applications/devices, [[binary]] [[exploitation]] is becoming more and more difficult. To perform a [[filter bypass]] on a modern [[Operating System]], the [[shellcode]] or [[machine code]] used during a [[buffer overflow]] exploit must be crafted to bypass all of the restrictions in place. Beginners usually start learning to write [[shellcode]] with a fundamental knowledge of [[assembly]]. Once an understanding of [[assembly]] for the respective [[operating system]] is obtained, [[null-free shellcode]] is usually the first type of shellcode written by a beginner. It is even possible to write printable and [[polymorphic]] [[alphanumeric shellcode]] and [[ascii shellcode]] for [[IDS evasion]]. The [[Bleeding Life]] project contains [[shellcode]] which utilizes [[return oriented programming]] in order to bypass [[ASLR]] and [[DEP]] [[countermeasures]] for [[vulnerability|vulnerable]] [[applications|software]] running on the windows 7 [[operating system]].<br />
<br />
=== Network exploitation ===<br />
Network exploitation requires a solid understanding of [[network]] [[administration]] and [[network]] [[protocols]].<br />
<br />
== Maintaining access ==<br />
There are several ways to maintain access, and I will attempt to cover a few of the basics here. The first such would be using innocent looking process names (init , [kthreadd], httpd, sshd, etcetera). This is to mislead administrators to hopefully overlook the process. <br />
<br />
Another such would be a lkm rootkit, on older kernels these can be an ideal way to maintain a backdoor in to the system. An important thing to remember is that anti-rootkit technologies for linux based systems such as chkrootkit and rkhunter are merely shellscripts. These can be easily modified to even remove checks for whatever public rootkit that you may choose as well as removing the checksum checks on its own script. If it is a newer kernel you may wish to check in to something like jynx rootkit as this will compile on most servers.</div>MaxSchillerhttps://nets.ec/index.php?title=Talk:Viruses&diff=5712Talk:Viruses2012-05-21T04:08:23Z<p>MaxSchiller: Created page with "==Title== Should we make the title into simply "Computer Virus" as opposed to "Viruses"? Seems like it would make the article more accurate. --~~~~"</p>
<hr />
<div>==Title==<br />
Should we make the title into simply "Computer Virus" as opposed to "Viruses"? Seems like it would make the article more accurate. <br />
--[[User:Toxology|Toxology]] 08:08, 21 May 2012 (MSK)</div>MaxSchillerhttps://nets.ec/index.php?title=Routing&diff=5669Routing2012-05-19T23:50:28Z<p>MaxSchiller: /* Introduction */ Unnecessary introduction</p>
<hr />
<div>==Subnetting Schemes==<br />
When the internet started out, our routers only understood classful routes. A classful route would be something like 10.0.0.0/8, or 10.1.0.0/16, 10.1.1.0/24.<br />
Respectively, those are called a Class A, B and C network. You may be asking, "what's with that / and the number?".<br />
That's called a CIDR. A CIDR defines how many significant bits there are in a network.<br />
Meaning with a /8 only the first 8 out of 32 bits are significant.<br />
An IPv4 address is made up of 32 bits total. 8 bits per octet, hence why an octet is called an octet.<br />
The representation of those bits per octet in an IP address is found here: 11111111.11111111.11111111.11111111<br />
So when you say /8, that means only the first octet defines the network or size of the network depending on how you look at it.<br />
<br />
Subnetting is hard, but once you understand it you feel dumb as hell for it being so hard to understand.<br />
The /8 is the same thing as a subnet mask for those of you that knows what a subnetmask is. It is equivelant to 255.0.0.0.<br />
So, a /4 would be 127.0.0.0, a /16 is 255.255.0.0.<br />
If you look at the binary representations of these CIDR masks, you can see how it works pretty easily.<br />
/16 is 11111111.11111111.00000000.00000000<br />
/8 is 11111111.00000000.00000000.00000000<br />
/4 is 11110000.00000000.00000000.00000000<br />
and so on.<br />
<br />
To simplify, when the internet came about, you had /8, /16, and /24. Those were the only network sizes you could use. These all coorelate to numbers.<br />
/8 gives you something like 17 million ip addresses in a network<br />
/16 gives you 65536 addresses in a network<br />
/24 gives you 256 addresses in a network<br />
Remember, these are not all usable addresses.<br />
The first .0 in a network is the network identifier, the last .255 in a network is the broadcast address and the router typically requires an address as well.<br />
Generally, take 3 addresses off the size of a network, and that's how many usable IP addresses the network has.<br />
<br />
==Real World Examples==<br />
Let's say the year is 1990, a comp they have 23 network devices. The company applies for ip address space knowing that they will never have more than 23 network devices.<br />
Since in 1990 classless routing was not created yet, they would be assigned a classful class C network, also known as 255.255.255.0 or /24.<br />
That gives them 253 usable addresses. As you can see, that's a huge waste of address space<br />
<br />
Another example, a bit more drastic is that a company has 280 network devices. They apply for IP space.<br />
Way back in the say, they would have been assigned a class B network. That's 65532 usable addresses.<br />
Big big waste. The reason classful networks were used to begin with is netadmins didn't want to have to remember confusing subnet masks like 255.255.224.0.<br />
<br />
Around 1995ish, all of these network guys realized that they were wasting a ton of IP space. By assigning these unnecessarily large netblocks to people who only had a few addresses, a few things came around, one of the most useful being rfc1918.<br />
This was a nightmare but also a blessing at the same time. rfc1918 introduced the idea of private unroutable address space.<br />
That would be the oh so familiar 192.168.0.0/16 block, the probably somewhat familliar 10.0.0.0/8 block and the less common 172.16.0.0/12 block.<br />
The latter being the prettiest in my opinion. All of these corperations started using those block to put their devices.<br />
This had an extra security advantage because the devices couldn't be accessed from the internet. This posed a new problem though.<br />
Once all of your devices are on this block, how do they get out to the internet? And with this question, NAT was created.<br />
NAT stands for Network Address Translation.<br />
<br />
==Back to Subnetting==<br />
CIDR and Classless subnetting were created to alleviate the issue of overallocation. CIDR stands for Classless InterDomain Routing.<br />
Basically, what CIDR does is simplify the confusing netmasks down into single numbers.<br />
<br />
Going back to the previous example, an organization in 2009 has 23 network devices. They apply for IP space and ARIN (or whoever their overseeing numbers registry) assigns them a /27.<br />
In binary, a /27 is represented like this:<br />
11111111.11111111.11111111.11100000<br />
You can find the binary representation by basically taking 32 bits:<br />
11111111.11111111.11111111.11111111<br />
Now if you have a /27, you do 32-27 and that gives you 5.<br />
Take the last 5 (first 5) numbers of that binary representation and turn them into zeroes. So you get this:<br />
11111111.11111111.11111111.11100000<br />
<br />
If you know how to count in binary, it's fairly simple to find out how many addresses are in that network.<br />
Take your binary representation of the network (11111111.11111111.11111111.11100000) and inverse it, so you'll get 00000000.00000000.00000000.00011111.<br />
Then, you can see that this network only spans 1 octet, the last octet. You then take that binary number and convert it to decimal.<br />
16+8+4+2+1=31 or if you include 0 as a number, it's 32.<br />
<br />
==Extras==<br />
/32's are useful for blackholing like a single ip for interface aliases<br />
/31 has 1+1=2 addresses, 1 for the subnet itself and one for broadcast<br />
/30's are useful for point to point communications<br />
http://www.oav.net/mirrors/cidr.html <- this will be your friend throughout your networking career</div>MaxSchillerhttps://nets.ec/index.php?title=Physical_Security&diff=5668Physical Security2012-05-19T23:44:42Z<p>MaxSchiller: /* Execution */ added link to Wiki page for Vampire taps</p>
<hr />
<div>== Overview ==<br />
<br />
Physical security refers to the physical location and access level to servers, workstations, wiring and other electronics, or any other target that a corporation may have that an attacker may want to gain access to. For example, if a company houses its servers in a building that it leases space from while the property management company uses a third party janitorial service, it would be rather simple for an [[Cybercriminals|attacker]] to use [[Social Engineering]] to gain access while posing as a janitor and enter the server room.<br />
<br />
== Execution ==<br />
<br />
One of the most common ways that an attacker can exploit physical insecurity is by way of nearby physical access. If an attacker is able to gain physical access to a floor below or a floor above his target, or to certain boxes outside the building mounted to it, the attacker may be able to attach what is commonly known as a [http://en.wikipedia.org/wiki/Vampire_tap Vampire tap] to a network cable or phone line owned by the target corporation. A vampire tap allows an attacker to physically “tap” into a network. If an attacker compromises a network line, s/he may be able to gain an [[IP address]], [[Sniffing|sniff]] out authentication sessions and continue to penetrate the network from a physical line. If a phone line is compromised, phone calls could be recorded, and a hidden control system for the recording system could even be implanted.<br />
<br />
With physical access to a machine, almost anything is possible. An attacker could replace CMOS, EP/P-ROM chips, graphics cards, install malicious hardware devices and keyloggers, or even simply steal a hard disk drive. An attacker can do almost anything given physical access to a machine. It is because of this that physical security can be even more important than software security.<br />
<br />
=== Prevention ===<br />
<br />
One of the best ways to physically protect systems is combination of proper wiring jobs, BIOS [[Password|passwords]] and BIOS startup [[Password|passwords]], air-bolted hard drives, hardened building [[security]] with 100% ID checks, and biometric verification for office and laboratory entry. Be sure that any telecommunications boxes outside the building are either air-bolted or welded shut, and that the biometric verification systems look at the capillary patterns in the thumb or fingers as well as the print itself, that way an attacker cannot use what is commonly referred to as “gummy prints” to circumvent the biometrics.<br />
<br />
=== Attack Vectors ===<br />
<br />
If an attacker gains physical access to a machine, given enough time anything is possible. Live CD’s like HELIX, Knoppix STD, Backtrack, and PHLAK are commonly used to download operating system [[password]] files to a USB drive to be cracked at a later time. Live CD’s are [[Operating System|Operating Systems]] capable of running from a CD. If an attacker loads a live CD on a system, they have free run of any resources on the system under their own terms.<br />
<br />
Hardware keyloggers are also seriously dangerous. A hardware keylogger can fit in the space of a couple centimeters, and is usually plugged into the keyboard [[port]] on the back of a machine, and the keyboard is then plugged into the keylogger. There is no current way to detect keyloggers or vampire taps. Wireless keyboards are the most susceptible to keylogging, not just because of the hardware keylogger aspect but also because of the transmission signal. A wireless keyboard can usually broadcast approximately 20-30 feet, about the same as Bluetooth or an RFID chip. An attacker can listen in on keystrokes through a wall or door, so it would be a good idea to stay wired.<br />
<br />
The same goes for [[Network Recon|networking]]. Even with WPA-AES encryption on a wireless network, an attacker can still cause broadcast storms of encrypted packets and use that to gain enough data to crack the key for the WPA-AES algorithm and gain access to systems. A secure network needs to stay hardwired, no matter the performance and accessibility costs. Attackers primarily use ceiling vaults and lock bumping and picking to gain access to restricted areas.</div>MaxSchillerhttps://nets.ec/index.php?title=Viruses&diff=5667Viruses2012-05-19T23:29:19Z<p>MaxSchiller: /* Definition */ minor edit, changed from confusing level 1 heading to level 2 heading</p>
<hr />
<div>==Definition==<br />
A virus is a program that's purpose is to exploit vulnerabilities, obtain unauthorized information, obstruct computer systems, and much more.<br />
<br />
{{expand}}</div>MaxSchillerhttps://nets.ec/index.php?title=Whois&diff=5666Whois2012-05-19T23:26:33Z<p>MaxSchiller: /* 2.0 - Getting the information that you want */ minor, missing letters</p>
<hr />
<div>Whois is a unix command that allows you to determine the ownership of a domain name. <br />
<br />
==Lesson==<br />
===0.0 - Intro to Whois===<br />
Whois has been around for ages, it's like RFC3 or something. We're going to be using a good old fashioned whois client. Now, everyone knows you can just do: <br />
whois google.com<br />
<br />
It will return a ton of data, sometimes personal information too. Whois is a bit more powerful than most people realize, most whois servers actually support fuzzy completion i.e: *.<br />
<br />
===1.0 - Picking a Server===<br />
In order to get this fuzzy completion to work, you're going to want to tell your whois client to talk directly to a whois server. So let's use ARIN's whois server, whois.arin.net. To tell your whois client to use it, use: whois -h whois.arin.net<br />
Anything after that, will be the query for whois.arin.net to process. I recommend using quotes around whatever you're searching for, otherwise you might not get the results you expected.<br />
<br />
So for your most basic query, do something like: whois -h whois.arin.net "4.2.2.1"<br />
<pre><br />
[Querying whois.arin.net]<br />
[whois.arin.net]<br />
#<br />
# Query terms are ambiguous. The query is assumed to be:<br />
# "n 4.2.2.1"<br />
#<br />
# Use "?" to get help.<br />
#<br />
<br />
#<br />
# The following results may also be obtained via:<br />
# http://whois.arin.net/rest/nets;q=4.2.2.1?showDetails=true&showARIN=true<br />
#<br />
<br />
NetRange: 4.0.0.0 - 4.255.255.255<br />
CIDR: 4.0.0.0/8<br />
OriginAS: <br />
NetName: LVLT-ORG-4-8<br />
NetHandle: NET-4-0-0-0-1<br />
Parent: <br />
NetType: Direct Allocation<br />
RegDate: 1992-12-01<br />
Updated: 2009-06-19<br />
Ref: http://whois.arin.net/rest/net/NET-4-0-0-0-1<br />
<br />
OrgName: Level 3 Communications, Inc.<br />
OrgId: LVLT<br />
Address: 1025 Eldorado Blvd.<br />
City: Broomfield<br />
StateProv: CO<br />
PostalCode: 80021<br />
Country: US<br />
RegDate: 1998-05-22<br />
Updated: 2011-08-03<br />
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE<br />
Ref: http://whois.arin.net/rest/org/LVLT<br />
<br />
OrgTechHandle: TPL1-ARIN<br />
OrgTechName: Tech POC LVLT<br />
OrgTechPhone: +1-877-453-8353 <br />
OrgTechEmail: ipaddressing@level3.com<br />
OrgTechRef: http://whois.arin.net/rest/poc/TPL1-ARIN<br />
<br />
OrgAbuseHandle: APL8-ARIN<br />
OrgAbuseName: Abuse POC LVLT<br />
OrgAbusePhone: +1-877-453-8353 <br />
OrgAbuseEmail: security@level3.com<br />
OrgAbuseRef: http://whois.arin.net/rest/poc/APL8-ARIN<br />
<br />
OrgTechHandle: ARINC4-ARIN<br />
OrgTechName: ARIN Contact<br />
OrgTechPhone: +1-800-436-8489 <br />
OrgTechEmail: arin-contact@genuity.net<br />
OrgTechRef: http://whois.arin.net/rest/poc/ARINC4-ARIN<br />
<br />
#<br />
# ARIN WHOIS data and services are subject to the Terms of Use<br />
# available at: https://www.arin.net/whois_tou.html<br />
#<br />
</pre><br />
<br />
As you can see above, it gives you some useful info like the size of the network that IP is in (useful for scans), also ARIN and all other registries keep unique identification on who owns blocks so you can use their TechHandle (above, ARINC4-ARIN) or AbuseHandle (above, APL8-ARIN) to look up their other IP blocks.<br />
<br />
===2.0 - Getting the information that you want===<br />
If you haven't noticed, you can send pretty much anything to the whois server. Go ahead and try: whois -h whois.arin.net "?". As you can see, it gives you some help messages that describe how to perform more advanced queries.<br />
<br />
Here is an example of part of the output:<br />
<pre><br />
Query-by-record-type:<br />
To limit your query to a specific record type, include one of the following flags:<br />
n Network address space<br />
r CIDRized network space<br />
d Delegations<br />
a Autonomous systems<br />
p Points-of-contact<br />
o Organizations<br />
c End-user customers<br />
e Points-of-contact, organizations, end-user customers<br />
z All of the above<br />
</pre><br />
<br />
As you can see, you can limit (or "unlimit") the type of record you are searching for. When building an advanced query, this is the first thing you'll put, I usually use 'z', for "all of the above."<br />
<br />
So far we have: whois -h whois.arin.net "z", not too exciting. Next thing we can filter by is record attribute:<br />
<br />
<pre><br />
Query-by-attribute:<br />
To limit your query to a specific record attribute, include one of the following flags: <br />
@<domain name> Searches for matches by domain-portion of an email address<br />
!<handle> Searches for matches by handle or id<br />
/<name> Searches for matches by name<br />
.<name> Searches for matches by name (Same as above, but some whois clients have problems with.)<br />
</pre><br />
<br />
This allows you to filter whois results by attribute type. So for example, if you want to search for POC's by email domain only, you can use 'p @ <domain>'<br />
<br />
So lets say you want to look up every point of contact that had google.com in the email address attrbgute: whois -h whois.arin.net "p @ google.com"<br />
<br />
<pre><br />
[Querying whois.arin.net]<br />
[whois.arin.net]<br />
#<br />
# The following results may also be obtained via:<br />
# http://whois.arin.net/rest/pocs;domain=google.com?showDetails=true<br />
#<br />
<br />
ABUSE2410-ARIN (ABUSE2410-ARIN) postini-arin-abuse@google.com +1-650-318-0200<br />
ABUSE2410-ARIN (NETWO80-ARIN) postini-arin-contact@google.com +1-650-318-0200<br />
AdMob Network Operations (ANO60-ARIN) admob-netops@google.com +1-650-253-0000<br />
AXELROD, Michael (MAX1-ARIN) axelrod@google.com +1-650-253-0000<br />
Barkan, Ari (ABA104-ARIN) ari@google.com +1-310-468-1622<br />
Barkan, Ari (ABA105-ARIN) ari@google.com +1-310-460-4012<br />
Chittimaneni, Kiran Kumar (KKC9-ARIN) kk@google.com +1-650-253-3000<br />
Fong, Zhen Elizabeth (ZEF-ARIN) elizabeth@ugcs.caltech.edu +1-626-243-3341<br />
GC Abuse (GCABU-ARIN) gc-abuse@google.com +1-650-253-0000<br />
Google Apps (GOOGL-ARIN) apps-arin-contact@google.com +1-650-253-0000<br />
Google Inc (ZG39-ARIN) arin-contact@google.com +1-650-253-0000<br />
Google Numbers Administration (GNA34-ARIN) arin-contact@google.com +1-650-253-0000<br />
Higgin, Shawn Sr. NetEng (SHI68-ARIN) shiggin@google.com +1-408-728-6140<br />
Katenin, Gleb (KATEN-ARIN) gleb@google.com +353 (1) 543-2163<br />
kwon, david (DKW2-ARIN) dkwon@google.com +1-650-253-1322<br />
LAPERRIERE, SYLVIE (SLA183-ARIN) slaperriere@google.com +1-514-670-8739<br />
NETWORK ADMIN (NETWO4063-ARIN) crack.engine@google.com +1-320-629-8001<br />
Network Administration (NETWO2832-ARIN) inoc@google.com +1-650-486-8100<br />
Network Administration (NETWO81-ARIN) postini-arin-contact@google.com +1-650-318-0200<br />
Network Engineering (NETWO2831-ARIN) postini-neteng@google.com +1-650-486-8100<br />
Network Engineering Corp (NEC10-ARIN) ir-contact-netops-corp@google.com +1-650-214-6513<br />
Ng, Tony (TNG31-ARIN) tng@google.com +1-650-253-2576<br />
Simmon, Matt (MSI136-ARIN) mpsimmon@google.com +1-734-332-6874<br />
Socolow, Paul (PSO26-ARIN) socolow@google.com +1-310-468-1622<br />
Weaver, Tracy (TWE97-ARIN) tracyweaver@google.com +1-734-276-4794<br />
<br />
<br />
#<br />
# ARIN WHOIS data and services are subject to the Terms of Use<br />
# available at: https://www.arin.net/whois_tou.html<br />
#<br />
</pre><br />
<br />
===3.0 - Domain Whois Example===<br />
<br />
Example whois of a domain:<br />
<pre><br />
$ whois blackhatacademy.org<br />
<br />
NOTICE: Access to .ORG WHOIS information is provided to assist persons in <br />
determining the contents of a domain name registration record in the Public Interest Registry<br />
registry database. The data in this record is provided by Public Interest Registry<br />
for informational purposes only, and Public Interest Registry does not guarantee its <br />
accuracy. This service is intended only for query-based access. You agree <br />
that you will use this data only for lawful purposes and that, under no <br />
circumstances will you use this data to: (a) allow, enable, or otherwise <br />
support the transmission by e-mail, telephone, or facsimile of mass <br />
unsolicited, commercial advertising or solicitations to entities other than <br />
the data recipient's own existing customers; or (b) enable high volume, <br />
automated, electronic processes that send queries or data to the systems of <br />
Registry Operator or any ICANN-Accredited Registrar, except as reasonably <br />
necessary to register domain names or modify existing registrations. All <br />
rights reserved. Public Interest Registry reserves the right to modify these terms at any <br />
time. By submitting this query, you agree to abide by this policy. <br />
<br />
Domain ID:D162985960-LROR<br />
Domain Name:BLACKHATACADEMY.ORG<br />
Created On:08-Aug-2011 05:45:24 UTC<br />
Last Updated On:30-Aug-2011 07:44:03 UTC<br />
Expiration Date:08-Aug-2012 05:45:24 UTC<br />
Sponsoring Registrar:Active Registrar, Inc. (R1709-LROR)<br />
Status:TRANSFER PROHIBITED<br />
<br />
Registrant ID:ACTR1108301286<br />
Registrant Name:Whois Manager<br />
Registrant Organization:Whois Proof LLP<br />
Registrant Street1:PO Box 4120<br />
Registrant Street2:<br />
Registrant Street3:<br />
Registrant City:Portland<br />
Registrant State/Province:OR<br />
Registrant Postal Code:97208-4120<br />
Registrant Country:US<br />
Registrant Phone:+1.2024700599<br />
Registrant Phone Ext.:<br />
Registrant FAX:+1.8663666681<br />
Registrant FAX Ext.:<br />
Registrant Email:mcm158w2@whoisproof.com<br />
<br />
Admin ID:ACTR1108306123<br />
Admin Name:Whois Manager<br />
Admin Organization:Whois Proof LLP<br />
Admin Street1:PO Box 4120<br />
Admin Street2:<br />
Admin Street3:<br />
Admin City:Portland<br />
Admin State/Province:OR<br />
Admin Postal Code:97208-4120<br />
Admin Country:US<br />
Admin Phone:+1.2024700599<br />
Admin Phone Ext.:<br />
Admin FAX:+1.8663666681<br />
Admin FAX Ext.:<br />
Admin Email:mcm158w2@whoisproof.com<br />
<br />
Tech ID:ACTR1108307067<br />
Tech Name:Whois Manager<br />
Tech Organization:Whois Proof LLP<br />
Tech Street1:PO Box 4120<br />
Tech Street2:<br />
Tech Street3:<br />
Tech City:Portland<br />
Tech State/Province:OR<br />
Tech Postal Code:97208-4120<br />
Tech Country:US<br />
Tech Phone:+1.2024700599<br />
Tech Phone Ext.:<br />
Tech FAX:+1.8663666681<br />
Tech FAX Ext.:<br />
Tech Email:mcm158w2@whoisproof.com<br />
<br />
Name Server:VERA.NS.CLOUDFLARE.COM<br />
Name Server:ED.NS.CLOUDFLARE.COM<br />
<br />
DNSSEC:Unsigned<br />
<br />
</pre></div>MaxSchillerhttps://nets.ec/index.php?title=Whois&diff=5665Whois2012-05-19T23:24:56Z<p>MaxSchiller: /* 0.0 - Intro to Whois */ minor edit, syntax (then, than)</p>
<hr />
<div>Whois is a unix command that allows you to determine the ownership of a domain name. <br />
<br />
==Lesson==<br />
===0.0 - Intro to Whois===<br />
Whois has been around for ages, it's like RFC3 or something. We're going to be using a good old fashioned whois client. Now, everyone knows you can just do: <br />
whois google.com<br />
<br />
It will return a ton of data, sometimes personal information too. Whois is a bit more powerful than most people realize, most whois servers actually support fuzzy completion i.e: *.<br />
<br />
===1.0 - Picking a Server===<br />
In order to get this fuzzy completion to work, you're going to want to tell your whois client to talk directly to a whois server. So let's use ARIN's whois server, whois.arin.net. To tell your whois client to use it, use: whois -h whois.arin.net<br />
Anything after that, will be the query for whois.arin.net to process. I recommend using quotes around whatever you're searching for, otherwise you might not get the results you expected.<br />
<br />
So for your most basic query, do something like: whois -h whois.arin.net "4.2.2.1"<br />
<pre><br />
[Querying whois.arin.net]<br />
[whois.arin.net]<br />
#<br />
# Query terms are ambiguous. The query is assumed to be:<br />
# "n 4.2.2.1"<br />
#<br />
# Use "?" to get help.<br />
#<br />
<br />
#<br />
# The following results may also be obtained via:<br />
# http://whois.arin.net/rest/nets;q=4.2.2.1?showDetails=true&showARIN=true<br />
#<br />
<br />
NetRange: 4.0.0.0 - 4.255.255.255<br />
CIDR: 4.0.0.0/8<br />
OriginAS: <br />
NetName: LVLT-ORG-4-8<br />
NetHandle: NET-4-0-0-0-1<br />
Parent: <br />
NetType: Direct Allocation<br />
RegDate: 1992-12-01<br />
Updated: 2009-06-19<br />
Ref: http://whois.arin.net/rest/net/NET-4-0-0-0-1<br />
<br />
OrgName: Level 3 Communications, Inc.<br />
OrgId: LVLT<br />
Address: 1025 Eldorado Blvd.<br />
City: Broomfield<br />
StateProv: CO<br />
PostalCode: 80021<br />
Country: US<br />
RegDate: 1998-05-22<br />
Updated: 2011-08-03<br />
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE<br />
Ref: http://whois.arin.net/rest/org/LVLT<br />
<br />
OrgTechHandle: TPL1-ARIN<br />
OrgTechName: Tech POC LVLT<br />
OrgTechPhone: +1-877-453-8353 <br />
OrgTechEmail: ipaddressing@level3.com<br />
OrgTechRef: http://whois.arin.net/rest/poc/TPL1-ARIN<br />
<br />
OrgAbuseHandle: APL8-ARIN<br />
OrgAbuseName: Abuse POC LVLT<br />
OrgAbusePhone: +1-877-453-8353 <br />
OrgAbuseEmail: security@level3.com<br />
OrgAbuseRef: http://whois.arin.net/rest/poc/APL8-ARIN<br />
<br />
OrgTechHandle: ARINC4-ARIN<br />
OrgTechName: ARIN Contact<br />
OrgTechPhone: +1-800-436-8489 <br />
OrgTechEmail: arin-contact@genuity.net<br />
OrgTechRef: http://whois.arin.net/rest/poc/ARINC4-ARIN<br />
<br />
#<br />
# ARIN WHOIS data and services are subject to the Terms of Use<br />
# available at: https://www.arin.net/whois_tou.html<br />
#<br />
</pre><br />
<br />
As you can see above, it gives you some useful info like the size of the network that IP is in (useful for scans), also ARIN and all other registries keep unique identification on who owns blocks so you can use their TechHandle (above, ARINC4-ARIN) or AbuseHandle (above, APL8-ARIN) to look up their other IP blocks.<br />
<br />
===2.0 - Getting the information that you want===<br />
If you havn't noticed, you can send pretty much anything to the whois server. Go ahead and try: whois -h whois.arin.net "?". As you can see, it gives you some help messages that describe how to perform more advanced queries.<br />
<br />
Here is an example of part of the output:<br />
<pre><br />
Query-by-record-type:<br />
To limit your query to a specific record type, include one of the following flags:<br />
n Network address space<br />
r CIDRized network space<br />
d Delegations<br />
a Autonomous systems<br />
p Points-of-contact<br />
o Organizations<br />
c End-user customers<br />
e Points-of-contact, organizations, end-user customers<br />
z All of the above<br />
</pre><br />
<br />
As you can see, you can limit (or "unlimit") the type of record you are searching for. When building an advanced query, this is the first thing you'll put, I usually use 'z', for "all of the above."<br />
<br />
So far we have: whois -h whois.arin.net "z", not too exciting. Next thing we can filter by is record attribute:<br />
<br />
<pre><br />
Query-by-attribute:<br />
To limt your query to a specific record attribute, include one of the following flags: <br />
@<domain name> Searches for matches by domain-portion of an email address<br />
!<handle> Searches for matches by handle or id<br />
/<name> Searches for matches by name<br />
.<name> Searches for matches by name (Same as above, but some whois clients have problems with.)<br />
</pre><br />
<br />
This allows you to filter whois results by attribute type. So for example, if you want to search for POC's by email domain only, you can use 'p @ <domain>'<br />
<br />
So lets say you want to look up every point of contact that had google.com in the email address attrbgute: whois -h whois.arin.net "p @ google.com"<br />
<br />
<pre><br />
[Querying whois.arin.net]<br />
[whois.arin.net]<br />
#<br />
# The following results may also be obtained via:<br />
# http://whois.arin.net/rest/pocs;domain=google.com?showDetails=true<br />
#<br />
<br />
ABUSE2410-ARIN (ABUSE2410-ARIN) postini-arin-abuse@google.com +1-650-318-0200<br />
ABUSE2410-ARIN (NETWO80-ARIN) postini-arin-contact@google.com +1-650-318-0200<br />
AdMob Network Operations (ANO60-ARIN) admob-netops@google.com +1-650-253-0000<br />
AXELROD, Michael (MAX1-ARIN) axelrod@google.com +1-650-253-0000<br />
Barkan, Ari (ABA104-ARIN) ari@google.com +1-310-468-1622<br />
Barkan, Ari (ABA105-ARIN) ari@google.com +1-310-460-4012<br />
Chittimaneni, Kiran Kumar (KKC9-ARIN) kk@google.com +1-650-253-3000<br />
Fong, Zhen Elizabeth (ZEF-ARIN) elizabeth@ugcs.caltech.edu +1-626-243-3341<br />
GC Abuse (GCABU-ARIN) gc-abuse@google.com +1-650-253-0000<br />
Google Apps (GOOGL-ARIN) apps-arin-contact@google.com +1-650-253-0000<br />
Google Inc (ZG39-ARIN) arin-contact@google.com +1-650-253-0000<br />
Google Numbers Administration (GNA34-ARIN) arin-contact@google.com +1-650-253-0000<br />
Higgin, Shawn Sr. NetEng (SHI68-ARIN) shiggin@google.com +1-408-728-6140<br />
Katenin, Gleb (KATEN-ARIN) gleb@google.com +353 (1) 543-2163<br />
kwon, david (DKW2-ARIN) dkwon@google.com +1-650-253-1322<br />
LAPERRIERE, SYLVIE (SLA183-ARIN) slaperriere@google.com +1-514-670-8739<br />
NETWORK ADMIN (NETWO4063-ARIN) crack.engine@google.com +1-320-629-8001<br />
Network Administration (NETWO2832-ARIN) inoc@google.com +1-650-486-8100<br />
Network Administration (NETWO81-ARIN) postini-arin-contact@google.com +1-650-318-0200<br />
Network Engineering (NETWO2831-ARIN) postini-neteng@google.com +1-650-486-8100<br />
Network Engineering Corp (NEC10-ARIN) ir-contact-netops-corp@google.com +1-650-214-6513<br />
Ng, Tony (TNG31-ARIN) tng@google.com +1-650-253-2576<br />
Simmon, Matt (MSI136-ARIN) mpsimmon@google.com +1-734-332-6874<br />
Socolow, Paul (PSO26-ARIN) socolow@google.com +1-310-468-1622<br />
Weaver, Tracy (TWE97-ARIN) tracyweaver@google.com +1-734-276-4794<br />
<br />
<br />
#<br />
# ARIN WHOIS data and services are subject to the Terms of Use<br />
# available at: https://www.arin.net/whois_tou.html<br />
#<br />
</pre><br />
<br />
===3.0 - Domain Whois Example===<br />
<br />
Example whois of a domain:<br />
<pre><br />
$ whois blackhatacademy.org<br />
<br />
NOTICE: Access to .ORG WHOIS information is provided to assist persons in <br />
determining the contents of a domain name registration record in the Public Interest Registry<br />
registry database. The data in this record is provided by Public Interest Registry<br />
for informational purposes only, and Public Interest Registry does not guarantee its <br />
accuracy. This service is intended only for query-based access. You agree <br />
that you will use this data only for lawful purposes and that, under no <br />
circumstances will you use this data to: (a) allow, enable, or otherwise <br />
support the transmission by e-mail, telephone, or facsimile of mass <br />
unsolicited, commercial advertising or solicitations to entities other than <br />
the data recipient's own existing customers; or (b) enable high volume, <br />
automated, electronic processes that send queries or data to the systems of <br />
Registry Operator or any ICANN-Accredited Registrar, except as reasonably <br />
necessary to register domain names or modify existing registrations. All <br />
rights reserved. Public Interest Registry reserves the right to modify these terms at any <br />
time. By submitting this query, you agree to abide by this policy. <br />
<br />
Domain ID:D162985960-LROR<br />
Domain Name:BLACKHATACADEMY.ORG<br />
Created On:08-Aug-2011 05:45:24 UTC<br />
Last Updated On:30-Aug-2011 07:44:03 UTC<br />
Expiration Date:08-Aug-2012 05:45:24 UTC<br />
Sponsoring Registrar:Active Registrar, Inc. (R1709-LROR)<br />
Status:TRANSFER PROHIBITED<br />
<br />
Registrant ID:ACTR1108301286<br />
Registrant Name:Whois Manager<br />
Registrant Organization:Whois Proof LLP<br />
Registrant Street1:PO Box 4120<br />
Registrant Street2:<br />
Registrant Street3:<br />
Registrant City:Portland<br />
Registrant State/Province:OR<br />
Registrant Postal Code:97208-4120<br />
Registrant Country:US<br />
Registrant Phone:+1.2024700599<br />
Registrant Phone Ext.:<br />
Registrant FAX:+1.8663666681<br />
Registrant FAX Ext.:<br />
Registrant Email:mcm158w2@whoisproof.com<br />
<br />
Admin ID:ACTR1108306123<br />
Admin Name:Whois Manager<br />
Admin Organization:Whois Proof LLP<br />
Admin Street1:PO Box 4120<br />
Admin Street2:<br />
Admin Street3:<br />
Admin City:Portland<br />
Admin State/Province:OR<br />
Admin Postal Code:97208-4120<br />
Admin Country:US<br />
Admin Phone:+1.2024700599<br />
Admin Phone Ext.:<br />
Admin FAX:+1.8663666681<br />
Admin FAX Ext.:<br />
Admin Email:mcm158w2@whoisproof.com<br />
<br />
Tech ID:ACTR1108307067<br />
Tech Name:Whois Manager<br />
Tech Organization:Whois Proof LLP<br />
Tech Street1:PO Box 4120<br />
Tech Street2:<br />
Tech Street3:<br />
Tech City:Portland<br />
Tech State/Province:OR<br />
Tech Postal Code:97208-4120<br />
Tech Country:US<br />
Tech Phone:+1.2024700599<br />
Tech Phone Ext.:<br />
Tech FAX:+1.8663666681<br />
Tech FAX Ext.:<br />
Tech Email:mcm158w2@whoisproof.com<br />
<br />
Name Server:VERA.NS.CLOUDFLARE.COM<br />
Name Server:ED.NS.CLOUDFLARE.COM<br />
<br />
DNSSEC:Unsigned<br />
<br />
</pre></div>MaxSchillerhttps://nets.ec/index.php?title=Talk:Lessons&diff=5664Talk:Lessons2012-05-19T23:20:31Z<p>MaxSchiller: Relevance comment</p>
<hr />
<div>===Relevance===<br />
Is this page still required in the Wiki? It looks like the information is outdated and isn't serving a purpose?<br />
<br />
--[[User:Toxology|Toxology]] 03:20, 20 May 2012 (MSK)</div>MaxSchillerhttps://nets.ec/index.php?title=Talk:Main_Page&diff=5628Talk:Main Page2012-05-19T20:26:28Z<p>MaxSchiller: /* markup stuff */</p>
<hr />
<div>==wiki todo==<br />
'''Trying to get the following things done by the end of May:'''<br />
* Knock out cleanup and expand tags - people should be working on this constantly.<br />
{{info|<center>We are currently in soft-launch. This means that some pages may be incomplete, half empty, completely broken, or otherwise. We need to get to work on knocking all of these out.</center>}}<br />
<br />
===Wiki To-Start===<br />
* Series on information gathering ([[traceroute]]+tcp traceroute and [[mtr]], amongst other things)<br />
* Interpreted Language updates: [[PHP]], [[Ruby]], [[HTML]], [[CSS]], [[JavaScript]]<br />
* Interpreted Language updates: Add a "Security" section to each (existing) language; explaining dangerous functions, common mistakes, and sanitizing user input<br />
* Something about heap overflows and format string vulnerabilities<br />
* Articles on using debuggers (GDB, OllyDBG, IDA Pro) and disassemblers (Objdump) and hex editors<br />
* Articles on executable file formats (PE and ELF formats)<br />
* "How to get involved" page or forums post<br />
* Open wiki registration (after all above is completed)<br />
* [[Java]] (not required)<br />
<br />
===Wiki in progress===<br />
* IRC rules & Posting guidelines<br />
* Forums online<br />
* Update/Redesign main page<br />
* xo is working on a metasploit page<br />
* xo is working on an integer overflows page<br />
* [[bitwise math]] cleanup job<br />
* [[C]] page update - some can be imported from old forums, get at hatter for info<br />
* Assembly updates : [[linux assembly]], assembly basics rewrite as [[assembly]]<br />
* Information Gathering: [[nmap]], [[dig]]<br />
* [[Gentoo Installation]] - some new, some importing to be done from http://www.blackhatacademy.org/academy_x/GENTOO_f9834Axlfu83VDSs9.txt<br />
<br />
===Wiki done (but no official release yet)===<br />
* Logistics: [[Security101:About]], [[Security101:Privacy_policy]], [[Security101:General_disclaimer]]<br />
* [[Kolkata]]<br />
* [[LUA]]<br />
* [[null-free_shellcode]]<br />
* [[alphanumeric shellcode]]<br />
* [[unsafe string replacement]]<br />
* 64 bit additions to [[buffer overflow]] page<br />
[[User:Hatter|Hatter]] 14:20, 2 May 2012 (MSK)<br />
<br />
==Chimera Todo==<br />
* Artwork<br />
* Full LXDE theme<br />
* Disclaimer<br />
* Add custom LXDE app menu with links to added tools (update .desktop files in /usr/share/applications)<br />
* Update installed packages (if needed)<br />
* PDFify the wiki and add to /opt/docs - this will take some time, due to wiki todo. was thinking we'd release chimera around the same time as a lot of our updates. ~hatter<br />
* Bind to disk tool - hatter<br />
* Yaourt & Pacman repos - hatter & kratos <br />
===Done===<br />
* grsec/pax kernel<br />
* hardened apps<br />
* Domain name - chimeralinux.org - ErrorProne<br />
* BHA Tools Updated in /opt - ErrProne<br />
===Buggy===<br />
* Crashes while outputting to /dev/null. Lighten up policies? - I think this is a /proc/mounts and /etc/fstab thing.<br />
===Not done/started===<br />
* Finish chimera tweaking guide - ErrorProne<br />
* Hardening chimera article<br />
* Fix /opt packages. add YAML:XS<br />
<br />
==markup stuff==<br />
Templates and example markups at [[Test]].<br />
<br />
[[User:Hatter|Hatter]] 13:58, 2 May 2012 (MSK)<br />
<br />
<br />
__TOC__<br />
<br />
<br />
A few things I noticed should be addressed, so I'm opening up this talk page as a temporary community portal until project pages are set up, or a permanent destination is decided on. First:<br />
<br />
Templates:<br />
<br />
When making a template, it's important to pay attention to where you add the <nowiki><includeonly> and <noinclude></nowiki> tags, specifically in regards to spacing. It's counter intuitive, but when you add the tags on the next line, it incorporates the break in the template's transclusions. It's directly against good form with basic HTML, but is necessary for good layout, because you can't remove anything from a template without substituting it and defeating the point of using a template. A quick example of what I'm talking about:<br />
<pre><includeonly><br />
<div style="padding: .2em .3em; margin: .2em .2em; background-color: #FFF6BF; border: solid 2px #FFD324; font-size: 107%;">'''{{{label|Notice:}}}''' {{{1}}}</div><br />
</includeonly></pre><br />
Would produce a template with a break at the top and bottom, and in this example would be more than likely desired, but if not paid attention to can lead to undesirable whitespace.<br />
<br />
The other thing is talk pages: A good idea for those of you who don't know is to read up briefly [[Wikipedia:Help:Using talk pages|here]] on the general use, but with a wiki that's rapidly expanding like this one is and will be, there's almost no documented discussion going on. The jist of the article is basically use the discussion pages, sign your comments (add four tildes <nowiki>~~~~</nowiki>) and about general layout (indent for a response with :)<br />
<br />
Overall this wiki is very new and so there are <i>no</i> help articles for actually using the wiki, so anybody who has any questions should just ask them. It's a wiki and nothing gets broken by talking at people on it and we have several people who are good enough at wiki to help anything. {{User:Mike/Sig}} 13:46, 2 May 2012 (MSK)<br />
<br />
:Also, when creating Articles, they shouldn't be pluralized. For instance the correct article is [[password]] rather than passwords. If you want the plural link, you can use <nowiki>[[password]]s</nowiki> (appears as [[password]]s) to pluralize, but there is no syntax (aside from piping) for unpluralizing. On the topic of linking (or piping) when you pipe in a wiki, the first letter's capitalization does not matter. [[Password]] and [[password]] yield the exact same result, and so generally when creating multi-word articles you should either leave them as all lowercase (first will be capitalized automatically) unless it's a proper noun. I know it can get a little anal, but that's what asspies with too much free time are here for, and it saves a lot of effort down the road when you have strong precedents set up in the beginning. {{User:Mike/Sig}} 14:18, 2 May 2012 (MSK)<br />
<br />
::Another thing I'm running into is section header handling. Single = section headers should really never be used in articles. They work more or less like ==double section== only they force everything below them to be listed as a sub section. Their purpose is solely for handling archives. You would say, take a talk page on Wikipedia that has 50+ section headers and go back with single sections to sub section them off by dates or similar methods. {{User:Mike/Sig}} 02:34, 3 May 2012 (MSK)<br />
<br />
==Templates:==<br />
<br />
[[:Category:Templates]] has been populated with every template we have, and I deleted [[Template:Toggle]] and [[Template:PrettyTable]] because they were weird and unused. If you make a new template be sure to add noincludes and the category after the template so every page the template's on doesn't also get tagged as being a template. {{User:Mike/Sig}} 09:28, 7 May 2012 (MSK)</div>MaxSchillerhttps://nets.ec/index.php?title=Talk:Main_Page&diff=5627Talk:Main Page2012-05-19T20:25:05Z<p>MaxSchiller: /* markup stuff */</p>
<hr />
<div>==wiki todo==<br />
'''Trying to get the following things done by the end of May:'''<br />
* Knock out cleanup and expand tags - people should be working on this constantly.<br />
{{info|<center>We are currently in soft-launch. This means that some pages may be incomplete, half empty, completely broken, or otherwise. We need to get to work on knocking all of these out.</center>}}<br />
<br />
===Wiki To-Start===<br />
* Series on information gathering ([[traceroute]]+tcp traceroute and [[mtr]], amongst other things)<br />
* Interpreted Language updates: [[PHP]], [[Ruby]], [[HTML]], [[CSS]], [[JavaScript]]<br />
* Interpreted Language updates: Add a "Security" section to each (existing) language; explaining dangerous functions, common mistakes, and sanitizing user input<br />
* Something about heap overflows and format string vulnerabilities<br />
* Articles on using debuggers (GDB, OllyDBG, IDA Pro) and disassemblers (Objdump) and hex editors<br />
* Articles on executable file formats (PE and ELF formats)<br />
* "How to get involved" page or forums post<br />
* Open wiki registration (after all above is completed)<br />
* [[Java]] (not required)<br />
<br />
===Wiki in progress===<br />
* IRC rules & Posting guidelines<br />
* Forums online<br />
* Update/Redesign main page<br />
* xo is working on a metasploit page<br />
* xo is working on an integer overflows page<br />
* [[bitwise math]] cleanup job<br />
* [[C]] page update - some can be imported from old forums, get at hatter for info<br />
* Assembly updates : [[linux assembly]], assembly basics rewrite as [[assembly]]<br />
* Information Gathering: [[nmap]], [[dig]]<br />
* [[Gentoo Installation]] - some new, some importing to be done from http://www.blackhatacademy.org/academy_x/GENTOO_f9834Axlfu83VDSs9.txt<br />
<br />
===Wiki done (but no official release yet)===<br />
* Logistics: [[Security101:About]], [[Security101:Privacy_policy]], [[Security101:General_disclaimer]]<br />
* [[Kolkata]]<br />
* [[LUA]]<br />
* [[null-free_shellcode]]<br />
* [[alphanumeric shellcode]]<br />
* [[unsafe string replacement]]<br />
* 64 bit additions to [[buffer overflow]] page<br />
[[User:Hatter|Hatter]] 14:20, 2 May 2012 (MSK)<br />
<br />
==Chimera Todo==<br />
* Artwork<br />
* Full LXDE theme<br />
* Disclaimer<br />
* Add custom LXDE app menu with links to added tools (update .desktop files in /usr/share/applications)<br />
* Update installed packages (if needed)<br />
* PDFify the wiki and add to /opt/docs - this will take some time, due to wiki todo. was thinking we'd release chimera around the same time as a lot of our updates. ~hatter<br />
* Bind to disk tool - hatter<br />
* Yaourt & Pacman repos - hatter & kratos <br />
===Done===<br />
* grsec/pax kernel<br />
* hardened apps<br />
* Domain name - chimeralinux.org - ErrorProne<br />
* BHA Tools Updated in /opt - ErrProne<br />
===Buggy===<br />
* Crashes while outputting to /dev/null. Lighten up policies? - I think this is a /proc/mounts and /etc/fstab thing.<br />
===Not done/started===<br />
* Finish chimera tweaking guide - ErrorProne<br />
* Hardening chimera article<br />
* Fix /opt packages. add YAML:XS<br />
<br />
==markup stuff==<br />
Templates and example markups at [[Test]].<br />
<br />
[[User:Hatter|Hatter]] 13:58, 2 May 2012 (MSK)<br />
<br />
<br />
__TOC__<br />
<br />
<br />
A few things I noticed should be addressed, so I'm opening up this talk page as a temporary community portal until project pages are set up, or a permanent destination is decided on. First:<br />
<br />
Templates:<br />
<br />
When making a template, it's important to pay attention to where you add the <nowiki><includeonly> and <noinclude></nowiki> tags, specifically in regards to spacing. It's counter intuitive, but when you add the tags on the next line, it incorporates the break in the template's transclusions. It's directly against good form with basic HTML, but is necessary for good layout, because you can't remove anything from a template without substituting it and defeating the point of using a template. A quick example of what I'm talking about:<br />
<pre><includeonly><br />
<div style="padding: .2em .3em; margin: .2em .2em; background-color: #FFF6BF; border: solid 2px #FFD324; font-size: 107%;">'''{{{label|Notice:}}}''' {{{1}}}</div><br />
</includeonly></pre><br />
Would produce a template with a break at the top and bottom, and in this example would be more than likely desired, but if not paid attention to can lead to undesirable whitespace.<br />
<br />
The other thing is talk pages: A good idea for those of you who don't know is to read up briefly [[Wikipedia:Help:Using talk pages|here]] on the general use, but with a wiki that's rapidly expanding like this one is and will be, there's almost no documented discussion going on. The jist of the article is basically use the discussion pages, sign your comments (add four tildes <nowiki>~~~~</nowiki>) and about general layout (indent for a response with :)<br />
<br />
Overall this wiki is very new and so there are <i>no</i> help articles for actually using the wiki, so anybody who has any questions should just ask them. It's a wiki and nothing gets broken by talking at people on it and we have several people who are good enough at wiki to help anything. {{User:Mike/Sig}} 13:46, 2 May 2012 (MSK)<br />
<br />
:Also, when creating Articles, they shouldn't be pluralized. For instance the correct article is [[password]] rather than passwords. If you want the plural link, you can use <nowiki>[[password]]s</nowiki> (appears as [[password]]s) to pluralize, but there is no syntax (aside from piping) for unpluralizing. On the topic of linking (or piping) when you pipe in a wiki, the first letter's capitalization does not matter. [[Password]] and [[password]] yield the exact same result, and so generally when creating multi-word articles you should either leave them as all lowercase (first will be capitalized automatically) unless it's a proper noun. I know it can get a little anal, but that's what asspies with too much free time are here for, and it saves a lot of effort down the road when you have strong precedents set up in the beginning. {{User:Mike/Sig}} 14:18, 2 May 2012 (MSK)<br />
<br />
::Another thing I'm running into is section header handling. Single = section headers should really never be used in articles. The work more or less like ==double section== only they force everything below them to be listed as a sub section. Their purpose is solely for handling archives. You would say, take a talk page on wikipedia that has 50+ section headers and go back with single sections to sub section them off by dates or similar methods. {{User:Mike/Sig}} 02:34, 3 May 2012 (MSK)<br />
<br />
==Templates:==<br />
<br />
[[:Category:Templates]] has been populated with every template we have, and I deleted [[Template:Toggle]] and [[Template:PrettyTable]] because they were weird and unused. If you make a new template be sure to add noincludes and the category after the template so every page the template's on doesn't also get tagged as being a template. {{User:Mike/Sig}} 09:28, 7 May 2012 (MSK)</div>MaxSchillerhttps://nets.ec/index.php?title=Nmap&diff=5615Nmap2012-05-19T16:07:28Z<p>MaxSchiller: /* Script Scanning */</p>
<hr />
<div>{{cleanup}}<br />
NMAP is a [[Network_Recon|network recon]] tool widely used in the security community. It offers everything from port scanning, to [[Operating_System|OS]] detection and more. Most users value NMAP for multitude of options, along with the ability to perform many different actions within a single command. NMAP stands for network map.<br />
<br />
==Correct Usage==<br />
nmap [Scan Type(s)] [Options] {target specification}<br />
<br />
==Scan Types==<br />
* -sS <br />
** SYN Scan. The advantage over other scans is that a 3 way handshake isn't performed. This results in a lower chance of logging. A syn packet is sent to the server and a synack is sent in response back to the program with no ack replied. This is therefore a useful scan type for camouflaging scans.<br />
<br />
* -sA <br />
** ACK Scan. Using an ACK scan is essentially mapping the firewall rules to try and see what ports a firewall is attempting to protect, by determining whether the port is filtered or unfiltered, as opposed to closed or open.<br />
<br />
* -sF <br />
** FIN Scan. Using a FIN scan should return a RST packet on closed ports, but may not return anything on open ports, and will likely be discarded.<br />
<br />
* -sX <br />
** Xmas Scan. Nmap will send tcp packets with every flag lit up. Many firewalls will just ignore them and pass them through to hosts. You can get some really funky results with xmas scans so it isn't recommended using them as your primary scan type but when you want to look through firewalls, or determine if there are any firewalls protecting a host, use -sX. Way better than -sA or -sF by far in that regard. Keep in mind that firewalls are starting to filter xmas packets so it might not work well in some situations.<br />
<br />
* -sU <br />
** UDP Scan. UDP scans are very good. Since UDP is not a stateful protocol, and has no delivery confirmation like TCP, it takes a very long time to run a full UDP scan. It is recommended you know specifically what you're looking for. For example: SNMP = 161, NTP = 123, RPC = 111, NFS = 2049 You can typically get RPC on TCP, and it returns a list of the services from nmap, nfs/nfslock/etc. But, in cases where you have ancient boxes, it will more than likely be UDP. One example where you can tell if there is a firewall or not, is if you find an open port 111 and it is advertising nfs and portmap but you don't see any NFS on the host. That usually means that there's a firewall blocking nfs access.<br />
<br />
** Just probe RPC instead of NFS, even if the port is open. The timeout is ridiculous, so RPC will tell you what port to look for NFS on. UDP scans are -sU, use it with the -p option always and know what ports to scan on. <br />
<br />
** I know you're wondering, "isn't the point of nmap to tell me what ports are open?" Well yes, but in the udp scan situation scanning 1000 or even 100 ports is very impractical.If you are looking for snmp though: "-sU -p161 --script=all" will tell you which hosts are listening on snmp and if the community is public/private or not.<br />
<br />
* -sY<br />
** SCTP scan. Now you have sctp scans. They're relatively useless unless you're scanning a telco or something. sctp is a protocol like tcp, layer 3 etc, which is used in SS7, a system used by cell phone carriers and telcos. Recently there have been other applications for it since it is a really cool protocol.<br />
<br />
==Options==<br />
<br />
* -T <br />
**-T sets scan intensity, and is obviously, the -T flag.The range of -T flag is from 0 to 5 with 0 being highly intensive but slow and 5 being very fast but not very intense.<br />
<br />
* --open <br />
** --open means to only show open ports on hosts. When scanning more than one host, it is suggested that you use --open, which cleans up the output of nmap significantly.<br />
<br />
* -Pn <br />
** -Pn tells nmap not to do ping scan before scanning hosts. Usually, it will take the ip's it gave you and ping them all first to see which ones are online. In previous version of nmap, -Pn was -PO and -PN.<br />
<br />
* -p80 <br />
**-p80 tells nmap to only scan port 80, you can do multiple ports like so: -p80,113,135-139.<br />
<br />
* -F <br />
** -F will scan the 100 most popular ports based on a huge scan of the internet by the creators of nmap.<br />
<br />
* -iR <br />
** -iR scans for random hosts, so "-iR 1000" scans 1000 random ips. With the previous parameters, it's for port 80 w/ ping scan enabled. This is pretty stupid to use as it can get you in a lot of trouble if you scan the wrong thing.<br />
aximum Transmit Unit, it allows you to specify <br />
* -i <br />
** -i is internet wide, so you can do a random scan for webservers with -iR. This is useful for reducing attention to your activity as it spreads it across network blocks instead of hitting just one.<br />
<br />
* -6 <br />
** Enables IPv6 scanning <br />
<br />
* -A <br />
** Aggressive scan options including -O, -sV, -sC and --traceroute<br />
<br />
* -h <br />
** Prints a help summary page <br />
<br />
* --privileged <br />
**Assumes that the user is fully privileged. When you are running nmap unprivileged, you cannot run sys scans. In unpriveleged mode, you are scanning -sT by default, that is, raw connection scanning. So nmap is doing a full 3 way handshake with each client.In privileged mode, you can run a lot more scan types such as syn scans, ack scans, fin scans, xmas scans, udp scans, sctp scans, protocol scans.<br />
<br />
==Evasion Techniques== <br />
*-D (decoy)<br />
**It lets you specify a few addresses like: -D 2.9.11.231,99.99.99.99. nmap will forge packets with those as source addresses along with your legitimate packets and send those to remote hosts as decoys.<br />
*-f (fragment)<br />
**Allows for the fragmentation of packets going towards target, it's useful for avoiding firewalls with built in packet inspection methods.<br />
*--mtu (maximum transmission unit)<br />
**In much the same way as the fragment operator works, the MTU specifies the maximum transmission unit for a packet. Nmap will then fragment it's packets to the size of the MTU specified. NOTE:the MTU must be a multiple of 8.<br />
*--data-length<br />
**Helps to bypass IDP Systems, that have a default rule for nmap packets to be disallowed (which is often the case). These rules will look for packets that match certain criteria, and packet size is often one of them. Thusly, adding padding to the packet to increase it's size will often bypass common IDP Techniques.<br />
<br />
==Target Specification==<br />
<br />
For example:<br />
<br />
<pre><br />
[root@crankhandle ~]# nmap -sS -A -sV blackhatacademy.org<br />
<br />
Starting Nmap 5.21 ( http://nmap.org ) at 2010-12-16 06:26 EST<br />
Nmap scan report for blackhatacademy.org (201.218.250.220)<br />
Host is up (0.064s latency).<br />
Not shown: 995 filtered ports<br />
PORT STATE SERVICE VERSION<br />
22/tcp open ssh OpenSSH 4.6 (protocol 2.0)<br />
| ssh-hostkey: 1024 ad:d0:2e:72:22:89:54:91:6d:ac:4a:20:b2:2b:1b:b7 (DSA)<br />
|_1024 7d:24:f9:a1:e6:80:6e:04:1e:3b:3c:fc:f4:4a:6f:71 (RSA)<br />
80/tcp open http Apache httpd<br />
| robots.txt: has 5 disallowed entries <br />
| / /~joe/docs/ /~joe/private.html /~joe/foo.html <br />
|_/~joe/bar.html<br />
|_html-title: Hacks<br />
|_http-favicon: <br />
110/tcp open pop3 qpopper<br />
|_pop3-capabilities: USER EXPIRE(NEVER) UIDL X-MANGLE APOP TOP OK(K Capability list follows) RESP-CODES X-LOCALTIME(Thu 16 Dec 2010 06 27 06 -0500) LOGIN-DELAY(0) AUTH-RESP-CODE X-MACRO<br />
443/tcp open ssl/http Apache httpd<br />
|_sslv2: server still supports SSLv2<br />
| robots.txt: has 1 disallowed entry <br />
|_/<br />
|_http-favicon: Apache on Linux<br />
|_html-title: Site doesn't have a title (text/html).<br />
8000/tcp closed http-alt<br />
Device type: general purpose|WAP<br />
Running (JUST GUESSING) : Linux 2.6.X (86%), PheeNet embedded (85%)<br />
Aggressive OS guesses: Linux 2.6.15 - 2.6.26 (86%), PheeNet WAP-854GP WAP (85%)<br />
No exact OS matches for host (test conditions non-ideal).<br />
Network Distance: 14 hops<br />
Service Info: Host: meteor.localhost<br />
<br />
TRACEROUTE (using port 8000/tcp)<br />
HOP RTT ADDRESS<br />
1 3.41 ms myrouter.home (192.168.1.1)<br />
2 9.28 ms L100.TAMPFL-VFTTP-109.verizon-gni.net (71.180.136.1)<br />
3 11.41 ms G6-0-2-1709.TAMPFL-LCR-07.verizon-gni.net (130.81.105.128)<br />
4 11.76 ms so-6-1-0-0.TPA01-BB-RTR1.verizon-gni.net (130.81.29.240)<br />
5 31.72 ms so-7-3-0-0.ATL01-BB-RTR1.verizon-gni.net (130.81.19.30)<br />
6 26.76 ms 0.xe-7-1-0.BR3.ATL4.ALTER.NET (152.63.80.73)<br />
7 26.93 ms te7-2-10G.ar2.atl2.gblx.net (64.208.110.245)<br />
8 94.42 ms 64.214.150.198<br />
9 94.56 ms gsr1-wc.tcarrier.net (200.46.0.20)<br />
10 86.89 ms 200.90.140.174<br />
11 93.61 ms 201.218.239.246<br />
12 86.18 ms 200.46.241.13<br />
13 86.31 ms 201.218.218.51<br />
14 88.79 ms 201.218.250.220<br />
<br />
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .<br />
Nmap done: 1 IP address (1 host up) scanned in 26.53 seconds<br />
</pre><br />
<br />
Now, not only have we found the open ports on the target machine, but we have found service versions, a possible [[Operating_System|operating system]], and a nice traceroute to the target.<br />
<br />
This is a good way to tell if a host that has no open ports is alive or not. Another tip, if you are only scanning one host use -vv instead of --open. <br />
-vv means double verbose. Verbosity is good. You can actually change the verbosity in the middle of a running scan by typing v or V during a scan.<br />
v = increse, V = decrease. You can change the debug level as well with d and D. This is useful, when running a script scan. <br />
If you hit d 2 or 3 times usually it will tell you what a current script is doing down to the operation.<br />
You should hit D a few times afterwards to get the debug down to 0 because if it hits the end of the script, you will not like the output.<br />
<br />
==Script Scanning==<br />
<br />
So this brings me to script scanning. http://nmap.org/nsedoc/ is a very good reference.<br />
In a script scan, --script= is used. You can set individual scripts like: "--script=auth-owners,ftp-brute,finger". Script scans are great, they even have scripts to probe mysql info, ircd info, etc , all kinds of data.<br />
<br />
You can also run groups of scripts like: "--script=auth,dos,malware,intrusive,exploit,vuln". It will run them in the order specified. Note that nmap won't complete until every script finishes so you won't get pretty output until it's done. <br />
<br />
The other thing you can do is: "--script=all". This isn't recommended, it tries to exploit, violate, dos, and break into remote hosts. Another useful command is: "--script "not intrusive"" This loads every script except for those in the intrusive category.<br />
<br />
==Conclusion==<br />
There is no reason not to get the latest nmap sources and compile them. Whenever a new version of nmap is released even if it's beta. New scripts are included every released and it compiles and installs quick.</div>MaxSchillerhttps://nets.ec/index.php?title=Nmap&diff=5614Nmap2012-05-19T16:06:24Z<p>MaxSchiller: /* Target Specification */</p>
<hr />
<div>{{cleanup}}<br />
NMAP is a [[Network_Recon|network recon]] tool widely used in the security community. It offers everything from port scanning, to [[Operating_System|OS]] detection and more. Most users value NMAP for multitude of options, along with the ability to perform many different actions within a single command. NMAP stands for network map.<br />
<br />
==Correct Usage==<br />
nmap [Scan Type(s)] [Options] {target specification}<br />
<br />
==Scan Types==<br />
* -sS <br />
** SYN Scan. The advantage over other scans is that a 3 way handshake isn't performed. This results in a lower chance of logging. A syn packet is sent to the server and a synack is sent in response back to the program with no ack replied. This is therefore a useful scan type for camouflaging scans.<br />
<br />
* -sA <br />
** ACK Scan. Using an ACK scan is essentially mapping the firewall rules to try and see what ports a firewall is attempting to protect, by determining whether the port is filtered or unfiltered, as opposed to closed or open.<br />
<br />
* -sF <br />
** FIN Scan. Using a FIN scan should return a RST packet on closed ports, but may not return anything on open ports, and will likely be discarded.<br />
<br />
* -sX <br />
** Xmas Scan. Nmap will send tcp packets with every flag lit up. Many firewalls will just ignore them and pass them through to hosts. You can get some really funky results with xmas scans so it isn't recommended using them as your primary scan type but when you want to look through firewalls, or determine if there are any firewalls protecting a host, use -sX. Way better than -sA or -sF by far in that regard. Keep in mind that firewalls are starting to filter xmas packets so it might not work well in some situations.<br />
<br />
* -sU <br />
** UDP Scan. UDP scans are very good. Since UDP is not a stateful protocol, and has no delivery confirmation like TCP, it takes a very long time to run a full UDP scan. It is recommended you know specifically what you're looking for. For example: SNMP = 161, NTP = 123, RPC = 111, NFS = 2049 You can typically get RPC on TCP, and it returns a list of the services from nmap, nfs/nfslock/etc. But, in cases where you have ancient boxes, it will more than likely be UDP. One example where you can tell if there is a firewall or not, is if you find an open port 111 and it is advertising nfs and portmap but you don't see any NFS on the host. That usually means that there's a firewall blocking nfs access.<br />
<br />
** Just probe RPC instead of NFS, even if the port is open. The timeout is ridiculous, so RPC will tell you what port to look for NFS on. UDP scans are -sU, use it with the -p option always and know what ports to scan on. <br />
<br />
** I know you're wondering, "isn't the point of nmap to tell me what ports are open?" Well yes, but in the udp scan situation scanning 1000 or even 100 ports is very impractical.If you are looking for snmp though: "-sU -p161 --script=all" will tell you which hosts are listening on snmp and if the community is public/private or not.<br />
<br />
* -sY<br />
** SCTP scan. Now you have sctp scans. They're relatively useless unless you're scanning a telco or something. sctp is a protocol like tcp, layer 3 etc, which is used in SS7, a system used by cell phone carriers and telcos. Recently there have been other applications for it since it is a really cool protocol.<br />
<br />
==Options==<br />
<br />
* -T <br />
**-T sets scan intensity, and is obviously, the -T flag.The range of -T flag is from 0 to 5 with 0 being highly intensive but slow and 5 being very fast but not very intense.<br />
<br />
* --open <br />
** --open means to only show open ports on hosts. When scanning more than one host, it is suggested that you use --open, which cleans up the output of nmap significantly.<br />
<br />
* -Pn <br />
** -Pn tells nmap not to do ping scan before scanning hosts. Usually, it will take the ip's it gave you and ping them all first to see which ones are online. In previous version of nmap, -Pn was -PO and -PN.<br />
<br />
* -p80 <br />
**-p80 tells nmap to only scan port 80, you can do multiple ports like so: -p80,113,135-139.<br />
<br />
* -F <br />
** -F will scan the 100 most popular ports based on a huge scan of the internet by the creators of nmap.<br />
<br />
* -iR <br />
** -iR scans for random hosts, so "-iR 1000" scans 1000 random ips. With the previous parameters, it's for port 80 w/ ping scan enabled. This is pretty stupid to use as it can get you in a lot of trouble if you scan the wrong thing.<br />
aximum Transmit Unit, it allows you to specify <br />
* -i <br />
** -i is internet wide, so you can do a random scan for webservers with -iR. This is useful for reducing attention to your activity as it spreads it across network blocks instead of hitting just one.<br />
<br />
* -6 <br />
** Enables IPv6 scanning <br />
<br />
* -A <br />
** Aggressive scan options including -O, -sV, -sC and --traceroute<br />
<br />
* -h <br />
** Prints a help summary page <br />
<br />
* --privileged <br />
**Assumes that the user is fully privileged. When you are running nmap unprivileged, you cannot run sys scans. In unpriveleged mode, you are scanning -sT by default, that is, raw connection scanning. So nmap is doing a full 3 way handshake with each client.In privileged mode, you can run a lot more scan types such as syn scans, ack scans, fin scans, xmas scans, udp scans, sctp scans, protocol scans.<br />
<br />
==Evasion Techniques== <br />
*-D (decoy)<br />
**It lets you specify a few addresses like: -D 2.9.11.231,99.99.99.99. nmap will forge packets with those as source addresses along with your legitimate packets and send those to remote hosts as decoys.<br />
*-f (fragment)<br />
**Allows for the fragmentation of packets going towards target, it's useful for avoiding firewalls with built in packet inspection methods.<br />
*--mtu (maximum transmission unit)<br />
**In much the same way as the fragment operator works, the MTU specifies the maximum transmission unit for a packet. Nmap will then fragment it's packets to the size of the MTU specified. NOTE:the MTU must be a multiple of 8.<br />
*--data-length<br />
**Helps to bypass IDP Systems, that have a default rule for nmap packets to be disallowed (which is often the case). These rules will look for packets that match certain criteria, and packet size is often one of them. Thusly, adding padding to the packet to increase it's size will often bypass common IDP Techniques.<br />
<br />
==Target Specification==<br />
<br />
For example:<br />
<br />
<pre><br />
[root@crankhandle ~]# nmap -sS -A -sV blackhatacademy.org<br />
<br />
Starting Nmap 5.21 ( http://nmap.org ) at 2010-12-16 06:26 EST<br />
Nmap scan report for blackhatacademy.org (201.218.250.220)<br />
Host is up (0.064s latency).<br />
Not shown: 995 filtered ports<br />
PORT STATE SERVICE VERSION<br />
22/tcp open ssh OpenSSH 4.6 (protocol 2.0)<br />
| ssh-hostkey: 1024 ad:d0:2e:72:22:89:54:91:6d:ac:4a:20:b2:2b:1b:b7 (DSA)<br />
|_1024 7d:24:f9:a1:e6:80:6e:04:1e:3b:3c:fc:f4:4a:6f:71 (RSA)<br />
80/tcp open http Apache httpd<br />
| robots.txt: has 5 disallowed entries <br />
| / /~joe/docs/ /~joe/private.html /~joe/foo.html <br />
|_/~joe/bar.html<br />
|_html-title: Hacks<br />
|_http-favicon: <br />
110/tcp open pop3 qpopper<br />
|_pop3-capabilities: USER EXPIRE(NEVER) UIDL X-MANGLE APOP TOP OK(K Capability list follows) RESP-CODES X-LOCALTIME(Thu 16 Dec 2010 06 27 06 -0500) LOGIN-DELAY(0) AUTH-RESP-CODE X-MACRO<br />
443/tcp open ssl/http Apache httpd<br />
|_sslv2: server still supports SSLv2<br />
| robots.txt: has 1 disallowed entry <br />
|_/<br />
|_http-favicon: Apache on Linux<br />
|_html-title: Site doesn't have a title (text/html).<br />
8000/tcp closed http-alt<br />
Device type: general purpose|WAP<br />
Running (JUST GUESSING) : Linux 2.6.X (86%), PheeNet embedded (85%)<br />
Aggressive OS guesses: Linux 2.6.15 - 2.6.26 (86%), PheeNet WAP-854GP WAP (85%)<br />
No exact OS matches for host (test conditions non-ideal).<br />
Network Distance: 14 hops<br />
Service Info: Host: meteor.localhost<br />
<br />
TRACEROUTE (using port 8000/tcp)<br />
HOP RTT ADDRESS<br />
1 3.41 ms myrouter.home (192.168.1.1)<br />
2 9.28 ms L100.TAMPFL-VFTTP-109.verizon-gni.net (71.180.136.1)<br />
3 11.41 ms G6-0-2-1709.TAMPFL-LCR-07.verizon-gni.net (130.81.105.128)<br />
4 11.76 ms so-6-1-0-0.TPA01-BB-RTR1.verizon-gni.net (130.81.29.240)<br />
5 31.72 ms so-7-3-0-0.ATL01-BB-RTR1.verizon-gni.net (130.81.19.30)<br />
6 26.76 ms 0.xe-7-1-0.BR3.ATL4.ALTER.NET (152.63.80.73)<br />
7 26.93 ms te7-2-10G.ar2.atl2.gblx.net (64.208.110.245)<br />
8 94.42 ms 64.214.150.198<br />
9 94.56 ms gsr1-wc.tcarrier.net (200.46.0.20)<br />
10 86.89 ms 200.90.140.174<br />
11 93.61 ms 201.218.239.246<br />
12 86.18 ms 200.46.241.13<br />
13 86.31 ms 201.218.218.51<br />
14 88.79 ms 201.218.250.220<br />
<br />
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .<br />
Nmap done: 1 IP address (1 host up) scanned in 26.53 seconds<br />
</pre><br />
<br />
Now, not only have we found the open ports on the target machine, but we have found service versions, a possible [[Operating_System|operating system]], and a nice traceroute to the target.<br />
<br />
This is a good way to tell if a host that has no open ports is alive or not. Another tip, if you are only scanning one host use -vv instead of --open. <br />
-vv means double verbose. Verbosity is good. You can actually change the verbosity in the middle of a running scan by typing v or V during a scan.<br />
v = increse, V = decrease. You can change the debug level as well with d and D. This is useful, when running a script scan. <br />
If you hit d 2 or 3 times usually it will tell you what a current script is doing down to the operation.<br />
You should hit D a few times afterwards to get the debug down to 0 because if it hits the end of the script, you will not like the output.<br />
<br />
==Script Scanning==<br />
<br />
So this brings me to script scanning. http://nmap.org/nsedoc/ is a very good reference.<br />
In a script scan, --script= is used. You can set individual scripts like: "--script=auth-owners,ftp-brute,finger". Script scans are great, they even have scripts to probe mysql info, ircd info, etc , all kinds of data.<br />
<br />
You can also run groups of scripts like: "--script=auth,dos,malware,intrusive,exploit,vuln". It will run them in the order specified.Note that nmap won't complete until every script finishes so you won't get pretty output until it's done. <br />
<br />
The other thing you can do is: "--script=all". This isn't recommended, it tries to exploit, violate, dos, and break into remote hosts. Another useful command is: "--script "not intrusive"" This loads every script except for those in the intrusive category.<br />
<br />
==Conclusion==<br />
There is no reason not to get the latest nmap sources and compile them. Whenever a new version of nmap is released even if it's beta. New scripts are included every released and it compiles and installs quick.</div>MaxSchillerhttps://nets.ec/index.php?title=Nmap&diff=5613Nmap2012-05-19T16:05:16Z<p>MaxSchiller: /* Evasion Techniques */</p>
<hr />
<div>{{cleanup}}<br />
NMAP is a [[Network_Recon|network recon]] tool widely used in the security community. It offers everything from port scanning, to [[Operating_System|OS]] detection and more. Most users value NMAP for multitude of options, along with the ability to perform many different actions within a single command. NMAP stands for network map.<br />
<br />
==Correct Usage==<br />
nmap [Scan Type(s)] [Options] {target specification}<br />
<br />
==Scan Types==<br />
* -sS <br />
** SYN Scan. The advantage over other scans is that a 3 way handshake isn't performed. This results in a lower chance of logging. A syn packet is sent to the server and a synack is sent in response back to the program with no ack replied. This is therefore a useful scan type for camouflaging scans.<br />
<br />
* -sA <br />
** ACK Scan. Using an ACK scan is essentially mapping the firewall rules to try and see what ports a firewall is attempting to protect, by determining whether the port is filtered or unfiltered, as opposed to closed or open.<br />
<br />
* -sF <br />
** FIN Scan. Using a FIN scan should return a RST packet on closed ports, but may not return anything on open ports, and will likely be discarded.<br />
<br />
* -sX <br />
** Xmas Scan. Nmap will send tcp packets with every flag lit up. Many firewalls will just ignore them and pass them through to hosts. You can get some really funky results with xmas scans so it isn't recommended using them as your primary scan type but when you want to look through firewalls, or determine if there are any firewalls protecting a host, use -sX. Way better than -sA or -sF by far in that regard. Keep in mind that firewalls are starting to filter xmas packets so it might not work well in some situations.<br />
<br />
* -sU <br />
** UDP Scan. UDP scans are very good. Since UDP is not a stateful protocol, and has no delivery confirmation like TCP, it takes a very long time to run a full UDP scan. It is recommended you know specifically what you're looking for. For example: SNMP = 161, NTP = 123, RPC = 111, NFS = 2049 You can typically get RPC on TCP, and it returns a list of the services from nmap, nfs/nfslock/etc. But, in cases where you have ancient boxes, it will more than likely be UDP. One example where you can tell if there is a firewall or not, is if you find an open port 111 and it is advertising nfs and portmap but you don't see any NFS on the host. That usually means that there's a firewall blocking nfs access.<br />
<br />
** Just probe RPC instead of NFS, even if the port is open. The timeout is ridiculous, so RPC will tell you what port to look for NFS on. UDP scans are -sU, use it with the -p option always and know what ports to scan on. <br />
<br />
** I know you're wondering, "isn't the point of nmap to tell me what ports are open?" Well yes, but in the udp scan situation scanning 1000 or even 100 ports is very impractical.If you are looking for snmp though: "-sU -p161 --script=all" will tell you which hosts are listening on snmp and if the community is public/private or not.<br />
<br />
* -sY<br />
** SCTP scan. Now you have sctp scans. They're relatively useless unless you're scanning a telco or something. sctp is a protocol like tcp, layer 3 etc, which is used in SS7, a system used by cell phone carriers and telcos. Recently there have been other applications for it since it is a really cool protocol.<br />
<br />
==Options==<br />
<br />
* -T <br />
**-T sets scan intensity, and is obviously, the -T flag.The range of -T flag is from 0 to 5 with 0 being highly intensive but slow and 5 being very fast but not very intense.<br />
<br />
* --open <br />
** --open means to only show open ports on hosts. When scanning more than one host, it is suggested that you use --open, which cleans up the output of nmap significantly.<br />
<br />
* -Pn <br />
** -Pn tells nmap not to do ping scan before scanning hosts. Usually, it will take the ip's it gave you and ping them all first to see which ones are online. In previous version of nmap, -Pn was -PO and -PN.<br />
<br />
* -p80 <br />
**-p80 tells nmap to only scan port 80, you can do multiple ports like so: -p80,113,135-139.<br />
<br />
* -F <br />
** -F will scan the 100 most popular ports based on a huge scan of the internet by the creators of nmap.<br />
<br />
* -iR <br />
** -iR scans for random hosts, so "-iR 1000" scans 1000 random ips. With the previous parameters, it's for port 80 w/ ping scan enabled. This is pretty stupid to use as it can get you in a lot of trouble if you scan the wrong thing.<br />
aximum Transmit Unit, it allows you to specify <br />
* -i <br />
** -i is internet wide, so you can do a random scan for webservers with -iR. This is useful for reducing attention to your activity as it spreads it across network blocks instead of hitting just one.<br />
<br />
* -6 <br />
** Enables IPv6 scanning <br />
<br />
* -A <br />
** Aggressive scan options including -O, -sV, -sC and --traceroute<br />
<br />
* -h <br />
** Prints a help summary page <br />
<br />
* --privileged <br />
**Assumes that the user is fully privileged. When you are running nmap unprivileged, you cannot run sys scans. In unpriveleged mode, you are scanning -sT by default, that is, raw connection scanning. So nmap is doing a full 3 way handshake with each client.In privileged mode, you can run a lot more scan types such as syn scans, ack scans, fin scans, xmas scans, udp scans, sctp scans, protocol scans.<br />
<br />
==Evasion Techniques== <br />
*-D (decoy)<br />
**It lets you specify a few addresses like: -D 2.9.11.231,99.99.99.99. nmap will forge packets with those as source addresses along with your legitimate packets and send those to remote hosts as decoys.<br />
*-f (fragment)<br />
**Allows for the fragmentation of packets going towards target, it's useful for avoiding firewalls with built in packet inspection methods.<br />
*--mtu (maximum transmission unit)<br />
**In much the same way as the fragment operator works, the MTU specifies the maximum transmission unit for a packet. Nmap will then fragment it's packets to the size of the MTU specified. NOTE:the MTU must be a multiple of 8.<br />
*--data-length<br />
**Helps to bypass IDP Systems, that have a default rule for nmap packets to be disallowed (which is often the case). These rules will look for packets that match certain criteria, and packet size is often one of them. Thusly, adding padding to the packet to increase it's size will often bypass common IDP Techniques.<br />
<br />
==Target Specification==<br />
<br />
For example:<br />
<br />
<pre><br />
[root@crankhandle ~]# nmap -sS -A -sV blackhatacademy.org<br />
<br />
Starting Nmap 5.21 ( http://nmap.org ) at 2010-12-16 06:26 EST<br />
Nmap scan report for blackhatacademy.org (201.218.250.220)<br />
Host is up (0.064s latency).<br />
Not shown: 995 filtered ports<br />
PORT STATE SERVICE VERSION<br />
22/tcp open ssh OpenSSH 4.6 (protocol 2.0)<br />
| ssh-hostkey: 1024 ad:d0:2e:72:22:89:54:91:6d:ac:4a:20:b2:2b:1b:b7 (DSA)<br />
|_1024 7d:24:f9:a1:e6:80:6e:04:1e:3b:3c:fc:f4:4a:6f:71 (RSA)<br />
80/tcp open http Apache httpd<br />
| robots.txt: has 5 disallowed entries <br />
| / /~joe/docs/ /~joe/private.html /~joe/foo.html <br />
|_/~joe/bar.html<br />
|_html-title: Hacks<br />
|_http-favicon: <br />
110/tcp open pop3 qpopper<br />
|_pop3-capabilities: USER EXPIRE(NEVER) UIDL X-MANGLE APOP TOP OK(K Capability list follows) RESP-CODES X-LOCALTIME(Thu 16 Dec 2010 06 27 06 -0500) LOGIN-DELAY(0) AUTH-RESP-CODE X-MACRO<br />
443/tcp open ssl/http Apache httpd<br />
|_sslv2: server still supports SSLv2<br />
| robots.txt: has 1 disallowed entry <br />
|_/<br />
|_http-favicon: Apache on Linux<br />
|_html-title: Site doesn't have a title (text/html).<br />
8000/tcp closed http-alt<br />
Device type: general purpose|WAP<br />
Running (JUST GUESSING) : Linux 2.6.X (86%), PheeNet embedded (85%)<br />
Aggressive OS guesses: Linux 2.6.15 - 2.6.26 (86%), PheeNet WAP-854GP WAP (85%)<br />
No exact OS matches for host (test conditions non-ideal).<br />
Network Distance: 14 hops<br />
Service Info: Host: meteor.localhost<br />
<br />
TRACEROUTE (using port 8000/tcp)<br />
HOP RTT ADDRESS<br />
1 3.41 ms myrouter.home (192.168.1.1)<br />
2 9.28 ms L100.TAMPFL-VFTTP-109.verizon-gni.net (71.180.136.1)<br />
3 11.41 ms G6-0-2-1709.TAMPFL-LCR-07.verizon-gni.net (130.81.105.128)<br />
4 11.76 ms so-6-1-0-0.TPA01-BB-RTR1.verizon-gni.net (130.81.29.240)<br />
5 31.72 ms so-7-3-0-0.ATL01-BB-RTR1.verizon-gni.net (130.81.19.30)<br />
6 26.76 ms 0.xe-7-1-0.BR3.ATL4.ALTER.NET (152.63.80.73)<br />
7 26.93 ms te7-2-10G.ar2.atl2.gblx.net (64.208.110.245)<br />
8 94.42 ms 64.214.150.198<br />
9 94.56 ms gsr1-wc.tcarrier.net (200.46.0.20)<br />
10 86.89 ms 200.90.140.174<br />
11 93.61 ms 201.218.239.246<br />
12 86.18 ms 200.46.241.13<br />
13 86.31 ms 201.218.218.51<br />
14 88.79 ms 201.218.250.220<br />
<br />
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .<br />
Nmap done: 1 IP address (1 host up) scanned in 26.53 seconds<br />
</pre><br />
<br />
Now, not only have we found the open ports on the target machine, but we have found service versions, a possible [[Operating_System|operating system]], and a nice traceroute to the target.<br />
<br />
This is a good way to tell if a host tht has no open ports is alive or not. Another tip, if you are only scanning one host use -vv instead of --open. <br />
-vv means double verbose. Verbosity is good. You can actually change the verbosity in the middle of a running scan by typing v or V during a scan.<br />
v = increse, V = decrease. You can change the debug level as well with d and D. This is useful, when running a script scan. <br />
If you hit d 2 or 3 times usually it will tell you what a current script is doing down to the operation.<br />
You should hit D a few times afterwards to get the debug down to 0 because if it hits the end of the script, you will not like the output.<br />
<br />
<br />
==Script Scanning==<br />
<br />
So this brings me to script scanning. http://nmap.org/nsedoc/ is a very good reference.<br />
In a script scan, --script= is used. You can set individual scripts like: "--script=auth-owners,ftp-brute,finger". Script scans are great, they even have scripts to probe mysql info, ircd info, etc , all kinds of data.<br />
<br />
You can also run groups of scripts like: "--script=auth,dos,malware,intrusive,exploit,vuln". It will run them in the order specified.Note that nmap won't complete until every script finishes so you won't get pretty output until it's done. <br />
<br />
The other thing you can do is: "--script=all". This isn't recommended, it tries to exploit, violate, dos, and break into remote hosts. Another useful command is: "--script "not intrusive"" This loads every script except for those in the intrusive category.<br />
<br />
==Conclusion==<br />
There is no reason not to get the latest nmap sources and compile them. Whenever a new version of nmap is released even if it's beta. New scripts are included every released and it compiles and installs quick.</div>MaxSchillerhttps://nets.ec/index.php?title=Viruses&diff=5574Viruses2012-05-18T23:56:52Z<p>MaxSchiller: </p>
<hr />
<div>=Definition=<br />
A virus is a program that's purpose is to exploit vulnerabilities, obtain unauthorized information, obstruct computer systems, and much more.<br />
<br />
{{expand}}</div>MaxSchillerhttps://nets.ec/index.php?title=Command_Injection&diff=5573Command Injection2012-05-18T23:53:08Z<p>MaxSchiller: /* Overview */</p>
<hr />
<div>= Overview =<br />
A [[Command Injection]] [[vulnerability]] is an escape string or format string [[vulnerability]] that occurs when unsanitized user [[input]] is passed to a system shell (system(), exec() etc). An attacker can exploit this vulnerability with a command sequence appended to the appropriate format or escape string to execute arbitrary commands. An attacker exploiting this vulnerability may as well have a remote shell.<br />
<br />
== Testing for Injection == <br />
During any [[web applications|web application]] testing, remember that any [[Web_Exploitation#Attack_Vectors|HTTP input]] could be vulnerable.<br />
<br />
Testing for command injections is possible by appending a command to any of the following escape strings:<br />
* ''';'''<br />
* '''|'''<br />
* '''&'''<br />
* '''&&'''<br />
<br />
Testing for [[bash]] command substitution may also apply.<br />
* ``<br />
* $()<br />
<br />
== Example vulnerability ==<br />
{{warning|This code is vulnerable. Do not use as a [[whois]] tool on your site.}}<br />
<br />
'''vulnerable.php''':{{code<br />
|text=<br />
<syntaxhighlight lang="php"><br />
<?php<br />
$whois=system("whois {$_GET['domain']}");<br />
echo($whois);<br />
?></syntaxhighlight><br />
}}<br />
<br />
== Exploitation ==<br />
<br />
== UNIX ==<br />
<br />
On a UNIX shell, commands can be injected in a number of ways. Using a semicolon, which delimits commands:<br />
cd ~; ls<br />
Using an ampersand, a control operator:<br />
cd ~ && ls<br />
Using a pipe, a [[bash]] operator for stringing commands together:<br />
ls | grep filename<br />
Or using backticks or a $ for command substitution<br />
ls /home/$(whoami)<br />
or<br />
ls /home/`whoami`<br />
<br />
An attacker could use any of these to inject and execute a command using the above script by requesting:<br />
/whois.php?domain=www.google.com;cat /etc/passwd<br />
<br />
== Perl ==<br />
<br />
A slightly lesser known command injection technique uses [[Perl|Perl's]] open() function. This is useful for exploiting [[CGI]] scripts.<br />
<br />
In addition to system() and exec(), [[Perl|Perl's]] [http://perldoc.perl.org/functions/open.html open()] function can also execute commands, because it is used to open pipes. In this case, you can use | as a delimiter, because [[Perl]] looks for | to indicate that open() is opening a pipe. An attacker can hijack an open() call which otherwise would not even execute a command by adding a | to his query.<br />
<br />
{{expand}}<br />
<br />
{{exploitation}}<br />
{{social}}<br />
[[Category:Web exploitation]]</div>MaxSchillerhttps://nets.ec/index.php?title=Viruses&diff=5572Viruses2012-05-18T23:47:11Z<p>MaxSchiller: </p>
<hr />
<div>A virus is a program that's purpose is to exploit vulnerabilities, obtain unauthorized information, obstruct computer systems, and much more.<br />
<br />
{{expand}}</div>MaxSchillerhttps://nets.ec/index.php?title=Zero-day&diff=5571Zero-day2012-05-18T23:43:57Z<p>MaxSchiller: </p>
<hr />
<div>A '''zero-day attack''', or 0day attack, occurs on the 0th day when a [[vulnerability]] is discovered and affects an [[application]] in such a way that the [[security]] industry has never seen before, attacking the [[application]] before it can be [[patched]]. Large-scale zero-day attacks are typically pre-distributed and set in motion before the attack actually takes place, granting maximum effectiveness between the initial attack and successful [[patch]].<br />
<br />
{{expand}}</div>MaxSchillerhttps://nets.ec/index.php?title=User:Toxology&diff=5570User:Toxology2012-05-18T23:04:09Z<p>MaxSchiller: </p>
<hr />
<div>System.out.println("Hai world");</div>MaxSchillerhttps://nets.ec/index.php?title=Buffer&diff=5569Buffer2012-05-18T22:54:07Z<p>MaxSchiller: </p>
<hr />
<div>A '''Data Buffer''' is a space in computer memory, where data is stored to prevent the program or resource that requires either hardware or software, to run out of data during a transfer. With the proper management, it could be misused to trigger the exploit known as [[Buffer Overflows | Buffer Overflow]]<br />
<br />
{{expand}}</div>MaxSchillerhttps://nets.ec/index.php?title=User:Toxology&diff=5568User:Toxology2012-05-18T20:24:01Z<p>MaxSchiller: Blanked the page</p>
<hr />
<div></div>MaxSchillerhttps://nets.ec/index.php?title=User:Toxology&diff=5566User:Toxology2012-05-18T18:14:45Z<p>MaxSchiller: Created page with "Haroo?"</p>
<hr />
<div>Haroo?</div>MaxSchiller