Tuesday 12 February 2013

Chaining The Proxies With ProxyChains

In this tutorial, we will learn to redirect our TCP traffics through the chain of proxies using a well known tool named ProxyChains.

ProxyChains is a tool for tunneling TCP and DNS traffics through chain of several proxy servers which supports HTTP, SOCKS4, and SOCKS5 proxy servers. Hence, this tool leverages several usages such as anonymity, bypassing filters, running any program through proxy servers, etc.

You can DOWNLOAD proxychains from SourceForge. In ubuntu, you can directly install it from repos:

samar@samar-Techgaun:~$ sudo apt-get install proxychains


Once you have installed the proxychains, you need to configure this tool. The global configuration file is located at /etc/proxychains.conf so if you wish to have your own configuration file, you could either create the proxychains.conf file in the current working directory or at $HOME/.proxychains/proxychains.conf.

In my example, I'll edit the global configuration file by issuing the command:

samar@samar-Techgaun:~$ sudo nano /etc/proxychains.conf


First, we will have to select the kind of chaining option we want to use. We can use one of the dynamic_chain, strict_chain, and random_chain chaining options. In most cases, it is good to just use the dynamic_chain so we uncomment the line containing dynamic_chain and comment all other chaining options.



Then we need to grab some proxies and then insert at the end of our configuration file which would look like:

socks4 127.0.0.1 9050
socks5 192.168.2.90 3128
socks5 1**.1**.*.* 8080


You could add as much as proxy servers in the list. Btw, the asterisks in the above example do not mean wildcards, they are just there to symbolize some proxy server. There are free sites on the Internet which provide big database of different kinds of proxies. Even several proxy scrapers are available all over the internet and you could even write one on your own. So getting list of good proxies is not the difficult job. Once you finish the configuration, you can run any command through proxychains. The syntax is as simple as below:

samar@samar-Techgaun:~$ proxychains <any_command>


For example, below is the example nmap scan run through the proxychains:

samar@samar-Techgaun:~$ proxychains nmap -p 1-1000 -O victim.tld


P.S. If you are interested in some GUI for using proxychains, you can use ProxyChainsGUI. Lastly, the default package from Ubuntu repository seems to be missing the proxyresolv command so I would recommend to compile the source code locally.

Read more...

Thursday 7 February 2013

NCell Paisa Double For Prepaid and Pro Classic customers

Ncell has introduced yet another offer, the Paisa Double for all the prepaid and pro classic customers which will be available for next eight weeks.

With the Ncell's Paisa Double offer, you will be able to double the said amount. Ncell says that it is a new offer that acknowledges the loyalty of Ncell customers by providing them various amounts to double.

Once you have enough main balance, you can activate the offer by dialing 1212. In order to utilize the scheme, you have to follow the steps as below:

  • Dial 1212 and listen to find out what amount you can double. Then press 1 to get the double of the said amount. Alternatively, you can also dial *1212# and press 1.
  • After you press 1, the said amount will be deducted from your main balance and the double of it will be added as your Paisa Double balance.


While the offer sounds great, it is only applicable within Ncell network. You can use the Paisa Double balance to make calls, send SMS and MMS within Ncell network and even to access internet. You can subscribe Ncell Paisa Double offer only once and it will be auto-renewed every week until you deactivate or till the offer ends.

Dial *101# to know your remaining Paisa Double balance. If you wish to deactivate the service, type R and send it to 1212 through SMS. However, you can again activate if you wish within the offer period.


Read more...

Wednesday 30 January 2013

Search Text Over Multiple PDF Files In Linux

You can use the old grep command or the small script using the pdftotext command to search text over multiple pdf files but we are talking about a simple utility that lets us to search text in PDF files.

The pdfgrep tool lets you perform grep style search over multiple pdf files easily from the terminal. It depends upon the poppler package and under ubuntu, you can just type the command below to install pdfgrep.

samar@\Techgaun:~$ sudo apt-get install pdfgrep


Once pdfgrep is installed, you can perform any kind of search like you would do while using the grep command. Enjoy grepping the PDF files :)


Read more...

Tuesday 29 January 2013

Turn Your Greasemonkey Script Into Firefox Extension

Well I came across this online tool which lets you compile your greasemonkey scripts which we commonly call User Script into a working firefox extension. Hence I decided to share the link.

Greasemonkey Compiler

I hope the URL proves useful to you guys :)


Read more...

Swasthani.com Swasthani Ripper

Yesterday I came to know that I can listen Swasthani online at this site, www.swasthani.com and I decided to write a swasthani audio downloader. Since it would be useful for everyone, here is the script.

From the site itself, Sri Swasthani Brata Katha is a very popular ritual observed in Nepal in the Poush month (January – February) during winter. Goddess Sri Swasthani, known to grant wishes of her devotees, is worshipped for the whole month of Poush. The Swasthani Brat Katha (story) is recited everyday. The month long telling of the tales are dedicated to the Goddess and the stories that are mainly narrated are those of Swasthani Devi, Lord Shiva and other Gods.

#!/bin/bash
###############################################
# Swasthani.com Swasthani Ripper       #
# Samar @ http://www.techgaun.com       #
###############################################
if [[ ! -f /tmp/swasthani.txt ]]
then
 wget http://www.swasthani.com/ -O - | egrep '<li class="leaf( first| last)?"><a href="/swasthani/' | grep -o '<a .*href=.*>' | sed -e 's/<a /\n<a /g' | sed -e 's/<a .*href=['"'"'"]//' -e 's/["'"'"'].*$//' -e '/^$/ d' > /tmp/swasthani.txt
fi

while read -r line
do
 wget "http://www.swasthani.com$line" -O - | egrep 'data="soundFile=http://www.swasthani.com/system/files/' | cut -d\" -f6 | cut -d= -f2 | wget -nc -i -
done </tmp/swasthani.txt


Save the above file as swasthani, then chmod for executable permission and run it. If you have problem copying above code, you can check the Swasthani Downloader at GitHub. Enjoy listening Swasthani, geeks :)


Read more...

How To Check Which Groups You Belong To

In this post, you will get to know about a simple command that lets you know what groups the particular user belongs to. Users and groups are the one of the several concepts employed in the Linux systems for access control.

From the man page, the groups command does is:
Print group memberships for each USERNAME or, if no USERNAME is specified, for the current process (which may differ if the groups database has changed).

So if you are interested in finding what group a particular user is in, run the command as below. Replace samar with your USERNAME and you are good to go:

samar@Techgaun:~$ groups samar

samar : samar adm cdrom sudo vboxusers ....


I hope this proves useful :)


Read more...

Saturday 26 January 2013

NCell PRBT Settings Information

This post provides the information regarding how to use the PRBT system provided by NCell.

Original Link: PRBT Information @ Ncell

Q1.What is PRBT?

PRBT service enables the ones who call you to listen to a popular melody or sound instead of the regular tone. The sound or melody is heard by the caller till the call is answered. Your friends and partners, regardless of operator, location and phone model while calling you can hear melodies, sounds and personal greetings chosen by you instead of usual phone tone.

Q2. How to activate PRBT service?

PRBT can be activated by one of the following ways:

I. SMS: On your Message box type A and send it to 900227

II. IVR: Dial 9208 and follow the instruction.

III. USSD: Dial *100*2# and follow the USSD guide instruction.

Q3. How to set a PRBT?

Any PRBT of your choice can be set via SMS, IVR or Web once the user has activated the PRBT service. Stated below are the ways a subscriber can set a PRBT.

I. SMS: Type BUY PRBTcode sends it to 9209.

II. Web :

i. Log on to prbt.ncell.com.np

ii. Click on Order for your choice of PRBT song

III. IVR: Dial 9208 to choose the tone of your choice.

Q4. What are the features with new PRBT system?

The PRBT system allows a subscriber to perform the following:

I. SMS

a. Download multiple PRBTs at once

Example:

DownPRBTcodePRBTcodePRBTcode

b. Gift PRBT to friend

Example: Gift Mobile number

II. Web

To activate any of the features below, the user will have to login with mobile number and password on prbt.ncell.com.np

a. Assign different PRBT to different callers.

i. Click on MY PRBT > PRBT Settings > Advanced Setting

b. Create Group and allocate a PRBT for a group.

i. Click on MY PRBT > Group Management

c. Play different PRBT in different time slots.

i. Click On MY PRBT > PRBT setting > Add

d. Copy a PRBT from a friend.

i. Click on MY PRBT > Copy PRBT

Q5. How much does a PRBT cost and what is the validity?

Each PRBT will attract Rs. 10 excluding the taxes.

Q6. Is there monthly subscription price?

Yes. There will be Rs 10 monthly subscription price without applicable taxes. The subscription will be renewed automatically unless the subscriber chooses to discontinue the service.

Q7. How deactivate PRBT?

You can deactivate by any of the following ways:

I. SMS : In your message box type R and send it to 900227

II. IVR : Dial 900 follow instruction

III. USSD : Dial *100*2# and follow the instruction




Read more...

Subterfuge - An Automated MITM Attack Framework

Subterfuge is a very useful tool for hackers and security experts for automating the man-in-the-middle attacks. It provides a complete framework for automating different kinds of MITM attacks.

Subterfuge largely transforms the complexity of performing the man-in-the-middle attacks with the tools such as ettercap and makes it far more easier to launch various form of MITMs. Hence, even a general computer user can perform MITM using this tool. Subterfuge provides a very clear interface accessible over HTTP through browser through which we can view the intercepted authentication data. The tool also supports several other form of MITM attacks such as session injection, http code injection, fake AP, and DNS spoofing.

Currently, the 4.3 beta version of this tool is available as the latest release. You can download the tool and read about the tool at code.google.com/p/subterfuge.

Installation is straightforward. Download the tar file from the above link and then run the following commands in terminal:

samar@samar-Techgaun:~$ tar -xvf SubterfugePublicBeta4.3.tar.gz samar@samar-Techgaun:~$ python install.py -i


After a while, the installation will complete. Now you can run the subterfuge framework by typing subterfuge in your terminal. Enjoy hacking :)

Read more...