Shell Scripting in detail

Hello everybody! do u know, creating virus using scripting language is very simple . try to make more scripting virus and use it for attack. 

today i'm going to tell you in detail about shell scripting 

the first thing about #!/bin/bash what does it mean actually?
Is there any difference between sh and bash?

So here it is:-

older flavors of ATT defaulted to "sh" (the Bourne shell), while older versions of BSD defaulted to "csh" (the C shell).Even today (where most systems run "bash", the "Bourne Again Shell"), scripts can be in bash, python, perl, ruby, PHP, etc, etc. For example, you might see "!/bin/perl" or "/bin/perl5".

PS: The exclamation mark ("!") is affectionately called "bang". The shell comment symbol ("#") is sometimes called "hash".

PPS: Remember - under *nix, associating a suffix with a file type is merely a convention, not a "rule". An "executable" can be a binary program, any one of a million script types and other things as well. Hence the need for "#!/bin/bash".

And ans is yes for 2nd question:-

 When you tell #!/bin/bash then you are telling your environment/ os to use bash as a command interpreter. This is hard coded thing.Every system has its own shell which the system will use to execute its own system scripts. This system shell can be vary from OS to OS(most of the time it will be bash. Ubuntu recently using dash as default system shell). When you specify #!/bin/sh then system will use it's internal system shell to interpreting your shell scripts.

How it works ? we will see this afterwords.

Starting with new and fresh recipe

College day's has gone !! And my brain start thinking about my life. what to do? how to do? why to do? etc so this type of questions running in my mind since I completed my M.Sc in Comp sci from Pune University.

Those relaxation will never ever be  made me good now, because I'm missing something in my life.  May be it's about my passion , my career , my goal. So here I started to write something and trying to listen to my heart. I know if there is something I give dedication into this profession I would also become A Penetration tester. somebody said "If u want to become Penetration tester learn a lot, stay hungry . certification is not necessary that much. Knowledge count you. "

So here I give you only Knowledge regarding Cyber Security field which I learn my self. Hope you also get knowledge using this blog. here u can also share your idea's with me so that I can learn a lot and try to get more knowledge. 

Already I know the basic things in this field and I have shared already with you guys, so from know i will share other things which is very important than basic.....

starting from two main programming subject which is very helpful to create viruses and exploit in next level . today on-word's  i'm gonna tell you about Shell Scripting in detail.

Shall Scripting  

                    

                     Shell Scripting is series of command written in plain text file. Shell scripting is like a batch file is MS-DOS but have more powerful than MS-DOS batch file. And this is designed to be run on Unix shell, a command line interpreter.

Why you should write this shell script?

• Shell script can take input from user, file and output them on screen.
• Useful to create our own commands.
• Save lots of time.
• To automate some task of day today life.
• System Administration part can be also automated.

And know how to write a simple Shell script. 

Following steps are required to write shell script:

(1) Use any editor like vi or mcedit to write shell script. (I'm using Vim Editor In KALI ) 

(2) After writing shell script set execute permission for your script as follows

syntax: 

chmod permission your-script-name 

e.g :- $ chmod 755 your-script-name

This will set read write execute(7) permission for owner, for group and other permission is read and execute only(5).

 Execute your script as

Syntax :-

bash your-script-name

sh your-script-name

./your-script-name

e.g :- $ bash bar

       $ sh bar

       $ ./bar

 In the last syntax ./ means current directory, But only . (dot) means execute given command file in current shell without starting the new copy of shell, The syntax for . (dot) command is as follows

Syntax :-

. command-name

e.g :- $ . foo

Now you are ready to write first shell script that will print "Knowledge is Power" on screen. See the common vi command list , if you are new to vi.

$  vi first

#

# my first shell script

#

#

clear

echo "knowledge is power".

After saving the above script, you can run the script as follows:

$ ./first

This will not run script since we have not set execute permission for our script first; to do this type command

$ chmod 755 first

$ ./first

First screen will be clear, then Knowledge is Power is printed on screen. 

New Umang

3 days before ....


I woke up with a smiling face , from 19th march I'm was going to start my new batch .so I was getting ready for my new job . but god had worte new something different for me. I went to college and tell to sir that I got job. before that On Monday I gave interview and I crack that also. interviewer told me that "You're not perfect but Good, just do one thing come and take 1 batch because I want to see your Handling Capability."  I was not happy about  that I got place , I was happy because I will teach to student and sharing my knowledge to them. so It's my chance to enhance my self.

but on 19th march yet I didn't get my appointment later so I called to sir and asking about my batch.
so he told me that "See Dinesh, college is not happy with your performance and student review is not good. so today don't come I will call you at evening."

I said to myself " What the F..k was that." I gave all my Intention ,all knowledge  yet I didn't get good review. then I thought "I was cheated."

Folks , When I want to tell them practically college didn't provide me Lab for student, So using MY PPT I told them about cracking passwords and all stuff. May be I was did miner mistakes while teaching but I took only 2 batches and It's all about theory. "College ne mera EGO heart kiya", Total week I studied , did some practicals at my apartment. then also I my company manager telling my I didn't get good review?

what the H..L was that?

No yar finish .. I tell you folks , I will not stop now I will prove them they are wrong. what they did with me was wrong.
At first they are hiring , taking some batches using your time and talent , and when their work will finish they will saying nothing.?. ..    Backtrack and Kali linux .. Fad Dalunga kasam se ..

Pytbull

Today when I actually going to do practical  things on IDS/IPS on backtrack machine, and I got to know about PYTBULL. :)

Today I'm not writing anything about PYTBULL. because I'm not an expert. :p :-D right. :)
I'm giving you all things from an expert Sébastien Damaye who is auther of pytbull.
So here is all things which Damaye has been explained in detail . and yes hackers it's really useful.

pytbull is an Intrusion Detection/Prevention System (IDS/IPS) Testing Framework for Snort, Suricata and any IDS/IPS that generates an alert file. It can be used to test the detection and blocking capabilities of an IDS/IPS, to compare IDS/IPS, to compare configuration modifications and to check/validate configurations.

The framework is shipped with about 300 tests grouped in 9 testing modules:

- clientSideAttacks: this module uses a reverse shell to provide the server with instructions to download remote malicious files. This module tests the ability of the IDS/IPS to protect against client-side attacks.
- testRules: basic rules testing. These attacks are supposed to be detected by the rules sets shipped with the IDS/IPS.
- badTraffic: Non RFC compliant packets are sent to the server to test how packets are processed.
- fragmentedPackets: various fragmented payloads are sent to server to test its ability to recompose them and detect the attacks.
- multipleFailedLogins: tests the ability of the server to track multiple failed logins (e.g. FTP). Makes use of custom rules on Snort and Suricata.
- evasionTechniques: various evasion techniques are used to check if the IDS/IPS can detect them.
- shellCodes: send various shellcodes to the server on port 21/tcp to test the ability of the server to detect/reject shellcodes.
- denialOfService: tests the ability of the IDS/IPS to protect against DoS attempts
- pcapReplay: enables to replay pcap files
It is easily configurable and could integrate new modules in the future.

There are basically 6 types of tests:

- socket: open a socket on a given port and send the payloads to the remote target on that port.
- command: send command to the remote target with the subprocess.call() python function.
- scapy: send special crafted payloads based on the Scapy syntax
- multiple failed logins: open a socket on port 21/tcp (FTP) and attempt to login 5 times with bad credentials.
- client side attacks: use a reverse shell on the remote target and send commands to it to make them processed by the server (typically wget commands).
- pcap replay: enables to replay traffic based on pcap files


Tomorrow  we are going to see in practical way ok :) Smile plsssssss

How To Block Websties Without Software, block websites

 Steps:

1] Browse C:\WINDOWS\system32\drivers\etc
2] Find the file named "HOSTS"
3] Open it in notepad
4] Under "127.0.0.1 localhost" Add 127.0.0.2 www.sitenameyouwantblocked.com , and that site will no longer be accessable.
5] Done!

-So-

127.0.0.1 localhost
127.0.0.2 www.blockedsite.com

-->www.blockedsite.com is now unaccessable<--


For every site after that you want to add, just add "1" to the last number in the internal ip (127.0.0.2) and then the addy like before.

IE: 127.0.0.3 www.blablabla.com
127.0.0.4 www.blablabla.com
127.0.0.5 www.blablabla.com 

M-3 System Hacking Part 1

Look around your self . you will see the most of man are working on system only, You will realize soon the all country mechanisms are controlled by SYSTEMS. So hacker have only one power they will use that most of the time i.e Attack. They doesn't think so much after taking decision. We have seen lot of basic things before this. So after Information Gathering and Network scanning the next attack is System hacking.

They bypass the system after taking some information and scanning result. Finding the vulnerability is so much easy rather than network scanning. It's not worthy anymore. Now we are discussing basic things over here.so be ready with all the older stuff.

In this part we are looking to the given techniques.
1) Password Cracking
2) Password Cracking techniques
3) Types of password attacks 

Basically we are talking about only password which we are using before logging. 1st and last thing is that user should use case sensitive password, So no one crack it easily. So let's start. are you ready to gain access anybody account? :)

We have seen foot printing, Network scanning mechanisms etc. So before you start with practical things over you lappi and desktop you should have this things with you like.....

1) IP Address 
2) Services running on host
3)  Identify system flows

Now we can see the methodology this module
1) Using to collect enough information to gain access using brute force or password eavesdropping e.t.c 
2) Then scan the system or host 
3) Try to gain access of the host using cracking password method
4) After gain the access of host try to maintaining the access.
                                            In this step attacker can execute some important application & hiding some important files, After doing all this stuff final is the covering all tracks.Attacker did all the stuff smoothly so nobody knows whats happened before? 

Password Cracking
1) Password cracking is a technique which are used to remove password from host or system. 
2) Attackers use password cracking techniques to gain unauthorized access to the vulnerable system.
3) Most of the pwd cracking technique are successful due to weak or easily guessable password.
4) So for prevention of this methodology use complex password by which attacker can't access your system easily.

Types of password attack
1) Passive online attack 
An attacker don't contact with authorized party for staling password in other words he attempts password hacking but without communicating with victim or victim account. 
e.g Man in middle attack, wire sniffing

Let's something discuss regarding man in middle attack. 

An attack where a user gets between the sender and receiver of information and sniffs any information being sent. In some cases, users may be sending unencrypted data, which means the man-in-the-middle (MITM) can obtain any unencrypted information.

In other cases, a user may be able to obtain information from the attack, but have to unencrypt the information before it can be read. In the above picture is an example of how a man-in-the-middle attack works. The attacker intercepts some or all traffic coming from the computer, collects the data, 

and then forwards it to the destination the user was originally intending to visit.

2) Active Online attack 

It can be directly termed as password guessing, an attacker tries number of password one by one against victim to crack his/her password

e.g password guessing, Trojan/Spyware/Key loggers

Let's talk about something keylogger   

What is keylogger?

A keylogger is a device that tracks every key that has been typed on the computer that you need to monitor. 

Most keyloggers will not categorize the keystrokes and they can be very difficult to understand, 

especially when someone is multi-tasking

Related feature

Software keyloggers may be augmented with features that capture user information without

relying on keyboard key presses as the sole input. Some of these features include:

• Clipboard logging. Anything that has been copied to the clipboard can be captured by the program.

• Screen logging. Screenshots are taken in order to capture graphics-based information. Applications with screen logging abilities may take screenshots of the whole screen, just one application or even just around the mouse cursor.They may take these screenshots periodically or in response to user behaviors (for example, when a user has clicked the mouse). A practical application used by some keyloggers with this screen logging ability is to take small screenshots around where a mouse has just clicked; these defeat web-based keyboards (for example, the web-based screen keyboards that are often used by banks) 

and any web-based on-screen keyboard without screenshot protection.

• Programmatically capturing the text in a control. The Microsoft Windows API allows programs to request the text 'value' in some controls. This means that some passwords may be captured, even if they are hidden behind password masks (usually asterisks).

• The recording of every program/folder/window opened including a screenshot of each and every website visited, also including a screenshot of each.

• The recording of search engines queries, instant messenger conversations, FTP downloads and other Internet-based activities (including the bandwidth used).

Hardware-based keyloggers do not depend upon any software being installed as they exist at a hardware level in a computer system.

3)Offline attack  
                       It performed from a location other than the actual computer where the password reside or were used offline acrequires physical access to the computer which stores password file.The attacker copies the password file & then tries to break password in his own system 
e.g Dictionary attack, Brute force attack, syllable attack 

4)Non technical attack
Does not required technical knowledge hence it is called non technical attack.
e.g Social engineering, keyboard sniffing etc 

M-2 Network Scanning Part 3

We have seen the TCP Port Scanning methods. If you have any doubt ask me frankly. So now we are going to UDP Port Scanning section . but Before that you should know something about UDP. 
UDP (User Datagram Protocol) is a simple OSI transport layer protocol for client/server network applications based on Internet Protocol (IP). 
  
UDP network traffic is organized in the form of datagrams. A datagram comprises one message unit. The first eight (8) bytes of a datagram contain header information and the remaining bytes contain message data.
A UDP datagram header consists of four (4) fields of two bytes each:

1) source port number
2) destination port number
3) datagram size

4) checksum

--> In UDP there is no three way handshaking.
--> The system does not respond with a message when the port is open.
--> When it sent to the open port, The system responds with ICMP port unreachable message.
--> Spyware, Virus, Trojan horse & other malicious applications use UDP ports.

Attacker send TCP probe packets with various TCP flags ( FIN,URG,PSH) set or with no flags, If there is no response means port is open & RST/ACK means the port is closed.
We also called it as Inverse flag Scanning.

Now we will see about ACK flag scanning. In which firewall performs main role, i.e when attacker send an ACK probe packet with random sequence number attacker get no response message. It means port is filtered (i.e firewall is present) But when target host give RST response it means that the port is not filtered because of firewall is not present at that target host.

How could we perform IDS Evasion technique in scanning.
Rules to remember
1) Use fragment IP Packet
2) Spoof your IP address when launching attacks & Sniff response from server
3) Use source routing ( If Possible)
4) Connect to proxy servers or compromised trojaned machines to launch attacks

There is one thing I left in it. i.e Tools regarding IP Fragmentation. There is no need because you can search it from google. You have to practice Art of googling also. :) :p :-D 

Now we can proceed to next part i.e Scanning Tools.
1) NMAP 

Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. 

Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. 

It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. 

In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping). For Info and get the software here http://nmap.org/.(Download link)

Now I will listed some software also for scanning purpose. 
1) Advanced Port Scanner 
2) AWSPS UDP Scanner
3) Netifera
4) Nscan
5) AWPTA

Now it's time to discuss Scanning countermeasure.

 1) A company wants to scan its own networks, but at the same time the company should take countermeasures to protect itself from being scanned by hackers. Here is a checklist of countermeasures to use when you’re considering technical modifications to networks and filtering devices to reduce the effectiveness of network scanning and probing undertaken by attackers:

2) Filter inbound Internet Control Message Protocol (ICMP) message types at border routers and firewalls. This forces attackers to use full-blown TCP port scans against all your IP addresses to map your network correctly.

3) Filter all outbound ICMP type 3 unreachable messages at border routers and firewalls to prevent UDP port scanning and firewalking from being effective.

4) Consider configuring Internet firewalls so that they can identify port scans and throttle the connections accordingly. You can configure commercial firewall appliances (such as those from Check Point, NetScreen, and WatchGuard) to prevent fast port scans and SYN floods being launched against your networks. On the open-source side, many tools such as port sentry can identify port scans and drop all packets from the source IP address for a given period of time.

5) Assess the way that your network firewall and IDS devices handle fragmented IP packets by using fragtest and fragroute when performing scanning and probing exercises. Some devices crash or fail under conditions in which high volumes of fragmented packets are being processed.

6) Ensure that your routing and filtering mechanisms (both firewalls and routers) can’t be bypassed using specific source ports or source-routing techniques.

7) If you house publicly accessible FTP services, ensure that your firewalls aren’t vulnerable to stateful circumvention attacks relating to malformed PORT and PASV commands.

8) If a commercial firewall is in use, ensure the following:

a)The latest service pack is installed.

b) Antispoofing rules have been correctly defined so that the device doesn’t accept packets with private spoofed source addresses on its external interfaces.

c) Fastmode services aren’t used in Check Point Firewall-1 environments.

9) Investigate using inbound proxy servers in your environment if you require a high level of security. A proxy server will not forward fragmented or malformed packets, so it isn’t possible to launch FIN scanning or other stealth methods.


10) Be aware of your own network configuration and its publicly accessible ports by launching TCP and UDP port scans along with ICMP probes against your own IP address space. It is surprising how many large companies still don’t properly undertake even simple port-scanning exercises.

So see you later guys . enough for today. being tired now . :p :-D  

If you have any doubt email me at dineshine@hotmail.com.