Wednesday, September 7, 2011

Enabling IP Forwarding

In the arp cache poisoning it is important for attacker to enable ip forwarding so the end user will not know that his packet actually peeped by attacker and attacker can do his job without any doubt by end user.


check forwarding enabled or not:
                       root@bt:~# sysctl net.ipv4.ip_forward
            net.ipv4.ip_forward = 0

                                  or
            root@bt:~# cat /proc/sys/net/ipv4/ip_forward
            0

o- ip forwarding is not enabled
1- enabled

changing ip forwarding:
                  root@bt:~# sysctl -w net.ipv4.ip_forward=1
                                 or
         root@bt:~# echo 1 > /proc/sys/net/ipv4/ip_forward
                                                                or

we can change in /etc/sysctl.conf fil e and add
                  net.ipv4.ip forward = 1

and then run
                    #sysctl -p /etc/sysctl.conf
                                   or
          #service procps restart

done... put ur black hat on ur head.....
Posted by at No comments:

Monday, September 5, 2011

a simple code for ns2

following code is a good example to understand how to write a simple tcl script for ns2 simulation.

#simulator object
set ns [new Simulator]

#colouring the class 1 packet
$ns color 1 Blue
$ns color 2 Red

#open a file to write and attaching it to ns object
set nf [open out.nam w]
$ns namtrace-all $nf

#process finish called at the last
proc finish {} {
          global ns nf
          $ns flush-trace
          close $nf
          exec nam out.nam &
          exit 0
           }

#creation of node       
set n0 [$ns node]
set n1 [$ns node]
set n2 [$ns node]
set n3 [$ns node]

#creation of link
$ns duplex-link $n0 $n2 1Mb 10ms DropTail
$ns duplex-link $n1 $n2 1Mb 10ms DropTail
#we created a stochastic fair queu between 2 and 
$ns duplex-link $n2 $n3 0.5Mb 10ms SFQ

#for layout of links
$ns duplex-link-op $n0 $n2 orient right-down     
$ns duplex-link-op $n1 $n2 orient right-up
$ns duplex-link-op $n2 $n3 orient right

#setting udp agent
set udp0 [new Agent/UDP]
set udp1 [new Agent/UDP]

$ns attach-agent $n0 $udp0
$ns attach-agent $n1 $udp1

#setting traffic agent then it will attach to udp agent
set cbr0 [new Application/Traffic/CBR]
$cbr0 set packetSize_ 500
$cbr0 set interval 0.005
$udp0 set class_ 1
#attaching cbr agent to udp agent
$cbr0 attach-agent $udp0

set cbr1 [new Application/Traffic/CBR]
$cbr1 set packetSize_ 500
$cbr1 set interval 0.005
$udp1 set class_ 2
$cbr1 attach-agent $udp1

#this is sink
set null3 [new Agent/Null]
$ns attach-agent $n3 $null3

$ns connect $udp0 $null3
$ns connect $udp1 $null3

# to make a queu at a node
$ns duplex-link-op $n3 $n2 queuePos 0.5
#monitor a queu

$ns at 0.5 "$cbr0 start"
$ns at 4.5 "$cbr0 stop"
$ns at 1.5 "$cbr1 start"
$ns at 4.0 "$cbr1 stop"
#$ns duplex-link-op $n0 $n1 orient right-down
#$ns duplex-link-op $n1 $n2 orient right
#$ns duplex-link-op $n2 $n0 orient right-up

$ns at 5.0 "finish"
$ns run

save this with any *.tcl name and run it simply #ns *.tcl
.... enjoy coding
Posted by at No comments:
Labels: ,

Saturday, September 3, 2011

Installation of NS2 in ubuntu

I tried to install ns2 and downloaded its code to install it in my ubuntu10.10 system but it was tedious task.
And then i found that following steps were the most simplest way to install ns2.

step 1: make sure that u don't have any previous installation of ns2.

step 2: export the key for ppa
           #sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys B3F3334F

step 3: add ppa to your source. You can get this file /etc/apt/source.list. Simply append these line to source.list file.
       
             deb http://ppa.launchpad.net/wouterh/ppa/ubuntu karmic main

             deb-src http://ppa.launchpad.net/wouterh/ppa/ubuntu karmic main

step 4: now reload your apt-cache 
            #sudo apt-get update 
            or simply reload your synaptic package manager

step 5: install ns2
             #sudo apt-get install ns nam xgraph
      now ns2 installed.

Test run:
download sample code that is tcl file.
run this code
         # ns example1b.tcl

done......  enjoy coding.. 
         
           
           
Posted by at 2 comments:
Labels: , , , ,

Monday, August 29, 2011

GTK... GIMP Toolkit (developing graphical user interface)

GTK is library for creating graphical user interface using c, c++ and python. We can use any programming language to create graphical interface. Actually it is developed to write program for GNU Image Manipulation Program(GIMP).

You can easily install it using synaptic package manager:
package : libgtkada2.14.2-dev

Here is a simple program that create a window of 200 * 200 pixel

base.c

#include <gtk/gtk.h>

int main( int   argc,
          char *argv[] )
{
    GtkWidget *window;
    
    gtk_init (&argc, &argv);
    
    window = gtk_window_new (GTK_WINDOW_TOPLEVEL);
 
gtk_widget_show  (window);
    
    gtk_main ();
    
    return 0;
}
 
compiling this code: 
gcc base.c -o base `pkg-config --cflags --libs gtk+-2.0`
 
note: keep in mind that ` is different than ' otherwise it will create problem.


running this code:
./base
 
For more help
Posted by at No comments:
Labels: , ,

Sunday, August 21, 2011

A simple TCP echo server and client

This is simple example of tcp server and client. Here client write something on server socket and server write same message back to client.

Few observation:
- What happen if client tries to write 40 byte of date on server socket and reads   40 byte while server writes 20 and reads 20.
- fork process share its parent file descriptor. 
- In the forked server socket try to print on terminal some message without use of '\n' it will not print
 e.g.
 void str_echo(int sockfd)
    {
      char buff[20];
      ssize_t n;
      while(1)
          {
           if((n=read(sockfd,buff,20))>=0)
              write(sockfd,buff,20);
           else
              write(sockfd,"blank",20);
           //else
             printf("%s\n",buff);        // if i replace it with printf("%s",buff) then it wont work
             // write(sockfd,buff,20);
              //return;
           //else
             // writen(sockfd,buff,n);
           }
     }
echo server:
#include<stdio.h>
#include<sys/socket.h>
#include<sys/types.h>
#include<netinet/in.h>
#include<stdlib.h>
#include<string.h>
#include"str_echo.c"

    

int main()
  {
   int sockfd,connfd,childpid,clilen;
   struct sockaddr_in cliaddr,servaddr;

   sockfd=socket(AF_INET,SOCK_STREAM,0);
 
   bzero(&servaddr,sizeof(servaddr));
   servaddr.sin_family=AF_INET;
   servaddr.sin_addr.s_addr=htonl(INADDR_ANY);
   servaddr.sin_port=htons(6060);
   bind(sockfd,(struct sockaddr*) &servaddr,sizeof(servaddr));
   
   listen(sockfd,5);

   while(1)
     {
      clilen=sizeof(cliaddr);
      connfd=accept(sockfd,(struct sockaddr*)&cliaddr,&clilen);
      printf("connection accepted\n");
       if((childpid=fork())==0)
          {
            close(sockfd);
            printf("child process\n");
            str_echo(connfd);
           // str_echo(connfd);
            exit(0);
          }
     printf("connection established\n");
     close(connfd);
     }
}

echo client:
#include<stdio.h>
#include<sys/socket.h>
#include<sys/types.h>
#include<netinet/in.h>
#include<stdlib.h>
#include<string.h>
#include"str_cli.c"
int main()
   {
   int sockfd;
   char buff[20];
    ssize_t n;
   struct sockaddr_in servaddr;
    printf("before socket");
   sockfd=socket(AF_INET,SOCK_STREAM,0);
   printf("socket created");
   bzero(&servaddr,sizeof(servaddr));
   servaddr.sin_family=AF_INET;
   inet_pton(AF_INET,"127.0.0.1",&servaddr.sin_addr);
   servaddr.sin_port=htons(6060);
   //bind(sockfd,(struct sockaddr*)&cliaddr,sizeof(cliaddr));
   printf("before connection");
   if(connect(sockfd,(struct sockaddr*)&servaddr,sizeof(servaddr))==0)
      {
         printf("inside loop");
         str_cli(sockfd); 
         /*write(sockfd,"sdfhsdkf",20);
          printf("request send");
         n=read(sockfd,buff,20);
         printf("%s",buff);*/
       }
   printf("after connection");
   close(sockfd);
   }

Posted by at 1 comment:
Labels: ,

Saturday, August 13, 2011

installing arp-sk

arp-sk is basically an ARP Traffic Generation Tool. It’s quite old but still very useful! There are 2 basics mode:
– who-has: build a request ARP message.
– reply: build a reply ARP message (default)

download arp-sk from
http://sid.rstack.org/arp-sk/

it works on libnet 1.1. you can download it from:
http://linux.softpedia.com/get/Programming/Libraries/Libnet-10275.shtml

to install libnet 1.1.2.1
1. $tar xvzf libnet-1.1.2.1.tar.gz
2. $./configure
3. $make & make install

to install arp-sk
1. $tar xzvf arp-sk-0.0.16.tgz
2. $cd arp-sk
3. $./configure
4. $make & make install

use arp-sk
$arp-sk <mode> <option>

for more help
Posted by at 1 comment:
Labels: , , ,

Friday, August 12, 2011

Can we believe our eyes? ----(ref. http://blogs.technet.com/b/mmpc/archive/2011/08/10/can-we-believe-our-eyes.aspx)

Several days ago, one of our customers submitted a sample (SHA1: fbe71968d4c5399c2906b56d9feadf19a35beb97, detected as TrojanDropper:Win32/Vundo.L). This trojan hijacks  the hosts “vk.com” and “vkontakte.ru” (both social networking sites in Russia)and redirects them to 92.38.209.252, but achieves this in an unusual way.
A common  method used to hijack a website and redirect it to a site of the attacker’s choice is to add an entry in the Windows hosts file located in the %SystemRoot%\system32\drivers\etc directory. However, when we open this file on an affected computer, it doesn’t contain any entries related to “vk.com” and “vkontakte.ru”, as you can see in the following example:
 
But when we show hidden files, we can see another “hosts” file. It is hidden, as in the following example:

There are two files with exactly the same name, “hosts”, in the etc directory! How can this happen?
As we know, it is not possible for a directory to contain two files with the same name. When we copy the file names to notepad, save them as a Unicode text file and open them with a hex editor we see the following (the upper is for the first “hosts” file, the lower is for the second “hosts” file):

For Unicode (UTF-16), the 0x006F is the same as 0x6F in ASCII, which is the character “o”. But what’s the 0x043E in Unicode? We can find it in Unicode chart table (Range: 0400-04FF). The following is part of this table.

We can see that Unicode 0x043E is a Cyrillic character, and it looks very much like the English character “o”.
So the hidden “hosts” file is the real hosts file in fact. When we open this file, we can see that two entries have been added to the end of the file:

Mystery solved!
This is not the first time we’ve seen a hacker using Unicode characters to mislead people. In Aug 2010, a Chinese hacker disclosed a trick with a Unicode control character used to mislead people into running an executable file. Hackers use Unicode control characters 0x202E (RLO) to reverse parts of a special file name, which changes the look of the file name in Windows Explorer.
For example, there is a file named as “picgpj.exe”, as the following:

The “gpj.exe” part of this name is specially crafted. When inserting an RLO character before “gpj.exe” in this name, the whole name appears as the following:

Hackers also usually use a picture as the file icon. Unwary people treat this file as a picture, and blindly double-click to open it, thus running the executable. Obviously, this type of trick is useless for Unicode aware programs, but it is not easy for the eyes of people to identify the problem.
Can we believe our eyes? The answer is... not always.
Zhitao Zhou
Posted by at No comments:
Labels: , , ,

Wednesday, August 10, 2011

Telnet server

Telnet offers users the capability of running programs remotely and facilitates remote administration. Telnet is available for practically all operating systems and eases integration in heterogeneous networking environments.

 so to start it you must have telnetd  deamon (ubuntu user)
#apt-egt install telnetd

 (fedora user)
# yum install telnet-server telnet

we can find its configuration file at
    /etc/inetd.conf

remove comment from this file and make following line look like this:
 /usr/libexec/telnetd telnetd

enable inetd service so that telnet get loaded
#vi /etc/rc.conf

add
inetd_enable="YES"

Restart telnet
#/etc/init.d/xinetd restart

to check configuration of telnet
# chkconfig telnet on

for more help








 

  


Posted by at 1 comment:
Labels: , ,

Wednesday, July 20, 2011

FTP server in Linux

Linux comes with various type of ftp server:
                  proftpd
                  vsftpd
                  ftpd
                  wu-ftpd
                  pure-ftpd

i tried vsftpd

so first of all you have to install it on your computer
#sudo apt-get install vsftpd

you can find its configuration file at  /etc/vsftpd.conf
if you want to change something in this file you can change
#vi /etc/vsftpd.conf

you will get lot of option there like
       local_enable=YES
remove comments from the option that you want to use

if u want to enable upload a file on your server
          write_enable=YES

if u want to restrict user to their home directories
          chroot_local_user=YES

start your FTP server
#/etc/initd/vsftpd restart

at ftp client to connect to server type:
#ftp 10.100.98.91

if you want some help then type help to know command to work on FTP..

to get more help  

working of FTP
Posted by at 1 comment:
Labels: ,
Subscribe to: Posts (Atom)