Showing posts with label hacking. Show all posts
Showing posts with label hacking. Show all posts
Aamir Mustafa Friday, March 16, 2012 at 20:51

Anonymous OS: Ubuntu based "malicious" OS pulled down amid panic

Earlier this week, someone created a Tumblr webpage for a new operating system called “Anonymous-OS Live.”. However Soon after the operating system became available, the @AnonOps a Twitter account that is believed to speak for Anonymous posted a message saying it was fake and "wrapped in trojans" but despite the warnings, more than 26,000 people still downloaded it.

The creators of the OS denied it was infected with viruses arguing,


In our world, in Linux and opensource world, there are no viruses.

And If any user  believe that Anonymous-OSis wrapped in trojans” or “backdoored OS by any Law enforcement Company or Hacker” please don’t download it!

But don’t mislead the world that Linux is dangerous and has trojans!

read more
Aamir Mustafa Friday, March 9, 2012 at 03:15

Hackety Hack: Ruby Programming for novices

Hackety Hack is an open source application that teaches individuals how to create software using Ruby Programming language. It combines an IDE with an extensive Lessons system. Hackety Hack is a cross-platform desktop application available for Windows, Mac and Linux, it also has integration with the website, where "Hackers" can share what they've learned, ask questions, and submit feedback.

Using Hackety Hack does not require any programming experience, and is designed for absolute starters in computer programming.

read more
ashar_oz Monday, March 21, 2011 at 17:10

How to hack pidgin, beware pidgin password storing vulnerability

"Are you pidgin user ?", we have a tips for you ...
There is a security issue regarding passwords storing in pidgin, you should have to think back when using automatic login through "remember password" on this application. Why? Because pidgin will store your account password in plain text it's mean that pidgin save your password in clear text without any encryption. If you are using ubuntu or other distro the account settings stored in /home/<user>/.purple/accounts.xml. and for windows user the file will strored in C:\Documents and Settings\user\Application Data\.purple\accounts.xml.
Pidgin save password screenshoot
If you enable remember password, you will find tags  <password> in that file (accounts.xml) then followed by your account password. And yes, "naked" just like that..
Pidgin password stored in accounts.xml
There's still vulnerabilities regarding passwords storing in pidgin, our suggestion is don't activate automatic login using "remember password" while using pidgin, cause you have been stripped..

ashar_oz Friday, August 6, 2010 at 18:37

Learn How Brute-force Work, Safe your system from destructive attack

Brute-force password cracking is simply trying a password of A with the given salt, folowing by B to Z until every possible character combination is tried. It is very time consuming, but given enough time brute force cracking WILL get the password. Lerning how brute force work is very important part if you want to be/aready work in computer network and computer system field cause a failure authentication is a fatal tragedy.

In cryptography, a brute-force attack is a strategy used to break the encryption of data. It involves traversing the search space of possible keys until the correct key is found. The selection of an appropriate key length depends on the practical feasibility of performing a brute force attack. By obfuscating the data to be encoded, brute-force attacks are made less effective as it is more difficult to determine when one has succeeded in breaking the code. The resources required for a brute force attack scale exponentially with increasing key size, not linearly. As a result, doubling the key size for an algorithm does not simply double the required number of operations, but rather squares them. Although there are algorithms which use 56-bit symmetric keys, usually 128- to 256-bit keys are standard.

learning how Brute-force work is not just talk about how to use it's (the method) to attack some commrades mechines, but it's simply way to diffense our machines form destructive method like this.

What the symtoms you are being (brute-force) attack ?
this explanation is taking form this, Since 2005 there has been an immense increase in brute force SSH attacks and though Linux  is pretty secure by default, it does not stop evil programs from indefinitely trying to login with different passwords. Without proper protection your server is a sitting duck waiting for a bot to guess the right combination and hit the jackpot. But with just 2 commands we can stop that.

read more
ashar_oz Thursday, July 29, 2010 at 10:03

Introduction of Backtrack for Computer/Digital Forensic Tools (Part II)


Continuing our discuss in introduction backtrack for computer/digital forensic tools part I, in this part we will try to dig how deep is backtrack have a potential source as computer/digital forensic tools. Backtrack is a linux distro which can put many kit into one vessel and collaborated each other, this is an excess of backtrack which not owened by other. Talking of computer/digital forensic tools we have too clasify some parts of tool into different part besides of it's use, after i read some article with the same topic of computer/digital forensic many of them classify it's into five major classification, that is ..
  1. Data Acquisition
  2. Data Recovery and Carving
  3. Meta Data Analysis
  4. Network Forensic
  5. Log File Analysis
After looking at the five major clasification of digital forensic tool above, we agree that Backtrack 4 have all candidate to meet all requirement, let peel of one by one.

Data Acquisition
Data Acquisition is set of application which is responsible to interrogate harddrive and get neccessary information from them, in this field we have some particular job like make an 'identic' copy of harddrive then analyse them without ruin the original evidance and doing File System Interrogration jobs even it NTFS/FAT/EXT3 or Other. To do a data acquisition jobs in backtrack we have such application Advanced Forensic Format Library (afflib), Automated Image and Restore (air-imager), dd, dcfl-dd, lsof, guymanager, acidlab, and RDA. All applicaton mentioned can be installed using backtrack package manager. 

Data Recovery and Carving
The Data Recovery tools is set of application which responsible to get erase data back, analyzing hidden and erase partition, and fixing a broken block of filesystem. Data carving is extracting data (files) out of undifferentiated blocks (raw data) for the purpose of file identification. We have such application like ddrescue, foremost-menu, scalpel, xpilco, allin1, and autopsy In backtrack to do Data Recovery and Carving.

Meta Data Analysis
Meta Data Analysis is looking for hidden variable behind the file and data, to do a meta data analysis we need some application which can do activity like dissassembling a file (ducument/image/audio/video) and get hidden variable like when was file last accessed, when was it modified, or simeting like when was file has been created and using what tools it's has been created, looking for meta data analysis tool we have application called libtsk1, vinetto, also image and video editor (gimp,fspot,audancity) in backtrack. 

Network Forensic
Network Forensic tools is not much different if compare with network security program, cause that is have real same algorithm eventhough we do the reverese enginnering ones. Network forensic tools covered such jobs like make an analysis of network traffic, captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis or debugging, identification network error, sniffing and loging network activity in various port (telnet, ssh, imap, pop3, smtp) and many more. This part is the specialization of backtrack, we have many network security/network forensic tools in this distro that can be use, this is the following of them : netcat, netflow, tcpdump, kismet, wireshark, and very lot of stuff.

read more
ashar_oz Sunday, July 25, 2010 at 13:20

Introduction of Backtrack for Computer/Digital Forensic Tools (Part I)

Computer/Digital Forensic has become popular lately, start form Bank Robbery, Hacking/Cracking/Hijacking up to popular scandal on the artist sex tape using this method to find the truth. Computer forensics is the generic name that we use for the analysis and reporting on our findings from the forensic analysis of all computer or digital-related media. This not only includes PC/Laptop or Server hard drives but also other storage devices such as USB drives, MP3 players, memory cards, SIMS and data gathered via network analysis. Computer/Digital Forensic is a part of computer security, computer practitioners (computer analist/computer expert)clasified this method into offensive security action which usually did after insident. Digital forensic actualy do after computer criminal insident, common Digital forensics cases include:
drug dealing, internet misuse, pornography in the workplace, rape, illegal downloads, IP theft, paedophilia, murder, virus/malware infection, fraud, email analysis, data recovery, contract negotiations, e-discovery, peer-peer activities, spyware analysis, spoofed and threatening emails, document tracking
Talking of computer security tools not separrated with the most popular computer security tool of the year 'backtrack', backtrack has so many tools and application to do such security penetration testing, security attack and also computer security action for computer/digital forensic purpose. When we first boot up the new Backtrack 4, you might have noticed something slightly different that is ...

We can see that backtrack has include 'computer/digital forensic' as main cause existence of this distro
All types of operating systems can be analysed, from DOS and Microsoft Windows-based, through to MAC, UNIX variants, and those utilising more obscure systems. If the data is stored electronically, then it can probably be forensically analysed. From other wellknown literacy, There are five basic steps to the computer forensics:
   1. Preparation (of the investigator, not the data)
   2. Collection (the data)
   3. Examination
   4. Analysis
   5. Reporting

Which one must be analyzed ?
Computer/digital forensic tools is work to analyze a digital evidence, in the computer world we know that many device can be potential evidence which help computer analyst find the truth, here some potential evidance can be found :
       images, time and date stamps, removable cartridges, memory card, video, sound

Evidence can also be found in files and other data areas created as a routine function of the various types of computer operating systems. In many cases, the user is not aware that data is being written to these areas or files. Passwords, Internet activity, deleted files and temporary backup files are examples of data that can often be recovered and examined.

read more
ashar_oz Thursday, July 1, 2010 at 17:54

Installing Backtrack 4 on USB Flash Drive


Backtrack is the most attractive security tools now days, using this swish army knive (backtrack) we have more than 300 security tools which can be use to penetrate and evaluate network security in wired or wireless network. As my tutorial before in how to install backtrack on ubuntu 10.04 here the new guidance how to install Backtrack on USB Flash Drive. Before we start, it's better if you download the latest version of backtrack first here.
Installing Backtrack on USB Flash Drive via Ubuntu  
Using Ubuntu 10.04 you have a simplest way to make backtrack running on your USB Flash Drive, just prepare the backtrack .iso image then go to System > Administration > Startup Disk Creator.

read more
ashar_oz Friday, June 11, 2010 at 10:08

Running Backtrack Application in Ubuntu 10.04

Backtrack is such a linux distro (like ubuntu and fedora) specializing in computer/network security, BackTrack is
 the
 world’s
 leading
 penetration
 testing
 and
 information
 security
 auditing 
distribution.

With hundred 
of 
tools 
pre installed 
and 
configured
 to 
run 
out
 of
 the
 box,
 BackTrack
 4
 provides
 a
 solid
 Penetration
 testing
 platform
 
 ‐
 from
 Web
 application
 Hacking
 to 
RFID 
auditing
–
its 
all
 working 
in 
once 
place. Even backtrack is a separately linux distro all of application inside of backtrack can be run under ubutu or other linux distribution such fedora or redhat.
"How to run a backtrack application under ubuntu or other linux distro ?"
The guide bellow is the answer, follow the intructions bellow to add backtrack application/package in our database, so you can install or use it afterward.
  1. wget -q http://archive.offensive-security.com/backtrack.gpg -O- | sudo apt-key add -ok-
  2. sudo echo "deb http://archive.offensive-security.com pwnsauce main microverse macroverse restricted universe multiverse" > > /etc/apt/sources.list
  3. update package database by typing "apt-get update", wait until all proccess finish.
  4. open your synaptics, look "left side of your synaptics" 'you have backtrack application package now :)

read more
ashar_oz Tuesday, May 11, 2010 at 10:07

Safe your network connection using tux cut in Ubuntu 10.04 (lucid lynx)

 Tux cut is this is a small program to do the (netcut) job "cut the network connection from a user in the same network" running on linux operating system. Tux cut is the same program as netcut (windows) which usually running using visual basic library, this is a small and powerfull program to help us to safe and secure our internet connection from `greedy` user who consuming much bandwidth.

Download tux cut (*. deb package)
before we start download all application needed. Select *.deb program if you running on debian/ubuntu varian (kubuntu,edubuntu).


http://bitbucket.org/a_atalla/tuxcut/downloads/
download and adjust with your linux version or download the latest version TuxCut-3.1_all.deb.
Prepare supporting application
to ensure that tux cut can be running well, install supporting application needed.

* arp-scan
* arp-tables
* dsniff
install arp-scan using command :
$ sudo apt-get install arp-scan
install dsniff using command
$ sudo apt-get install dsniff
install arp-tables using command
$ sudo apt-get install arptables
installing Tux Cut-3.1
install tux cut using command :
$ sudo dpkg -i TuxCut-3.1.deb
$ apt-get install -f
Coungratulation your system already has a tux cut now, happy surffing .. :)