Archive for the ‘Info Security and/or Ethical Hacking Tools’ Category
Linux file permissions and chmod
When you view files and directories on Linux hosts, how can you tell which users have access? And how do you determine the extent of their access? Before approaching the sizable (but very important) subject of Linux (and Unix) file permissions, it is helpful to review the definitions of key terms which IT professionals need to be familiar with. Before proceeding, let’s define these terms clearly.
Common across all operating system (OS) platforms, files are the objects or things that OSes and user applications work with. More specifically, a file is a distinct collection of data that has a name and properties, or characteristics. Files can take the form of text documents, graphics, music, scripts, etc. If you prefer the geeky definition, Wikipedia states that a computer file is “a block of arbitrary information, or resource for storing information, which is available to a computer program and is usually based on some kind of durable storage.”
Computer files can be created, edited, deleted, moved, and stored. The orderly arranging of files is accomplished by means of directories, which are simply containers for files and other directories. On the Windows operating system, directories are often called “folders” because they are visually represented by icons resembling the paper folders which you would find in filing cabinets. This method of depicting directories as paper folders has also been adopted by Linux desktop environments, such as KDE and GNOME.
Directories are arranged in a hierarchical model. Users and software can use these directories to navigate the file system to find certain files. Files are often logically co-located based on type and usage.
A simple example of a file system hierarchy
Operating systems support access control restrictions on files and directories because it is not a best practice to permit the same level of system access to all users of a host or network. Users may not want other users to access their files for reasons of privacy and separation of duties, while system administrators often do not want non-administrative personnel to be able to change or possibly delete critical files needed for proper OS function. Therefore, file permissions are designed to prevent the unwanted viewing, editing, or deletion of files and folders. Within the popular discretionary access control (DAC) model, file owners can adjust the access permissions of the files they own. That is, file owners can determine who can read, change, or delete the files belonging to them. On a Unix-like OS like Linux, we will examine how to work with these file permissions.
Browser-based penetration testing with Firefox and Chrome
With the proper extensions installed, you can hack from the comfort of your Firefox or Chrome browser. Within Firefox, add-ons are divided into three categories: extensions, appearance themes, and plugins. Extensions extend the functionality of Firefox past simple web browsing. Appearance themes change the way Firefox looks, and plugins are necessary for Firefox to display specialized non-HTML Web content such as Flash, Java script, multimedia, etc.
The Firefox add-ons interface, accessible via Tools–>Add-ons in the menu bar
Google Chrome labels all add-ons as “extensions”. The Chrome website lists them in the same column as “Your Apps” and “Themes”.
The Chrome extensions interface, accessible via Chrome Menu–>Tools–>Extensions
Tor anonymity: how it works and how to use it
The Onion Router (TOR) network is intended to help protect the privacy of Internet users and promote greater freedom of expression online. Tor is a system of volunteer servers that acts as a buffer between Internet users and the resources they connect to. If you connect as a Tor client, your online access is channeled through this buffer before it reaches the general Internet. To understand clearly how Tor functions, you must first have a good idea of what proxy servers are, and of the role they play during network transmissions.
A proxy server acts as a middleman between a client computer and the target server or resource it is accessing. As such, proxies can be configured to log user activity and restrict Internet access; for example, by blocking certain websites or protocols. However, proxies can also help protect the client user’s privacy because the target server is only aware that it is communicating with the proxy, not with the client. For example, if you connect to a web proxy and then load a website, the site is only aware that it is being accessed by the proxy and it has no knowledge of your computer and IP address. The illustration below depicts network data flow when a proxy is deployed. Resources within the Internet icon (such as web servers) are only aware of the proxy server, not of the three clients behind it.
The “Internet” only knows about the proxy, not the three clients
Now what if instead of using a single proxy server, you could connect to a network of them for increased bandwidth and availability? And what if you could encrypt your communication sessions for increased confidentiality? Using Tor, you can.
Tenable Nessus
If Nmap is the most popular free network scanning tool, then Nessus by Tenable is undoubtedly the most widely used commercial security application. Nessus is designed to comprehensively scan network hosts for vulnerabilities and generate reports based on its findings. During its scans, Nessus probes ports and checks for potential software flaws that could be exploited by hackers or malware. Some of these flaws include outdated and vulnerable software, improper configurations such as accounts with default passwords or without password protection, and the presence of risky services or daemons. In this way Nessus is very similar to eEye Retina; however, these two tools have very different user interfaces and Nessus is undoubtedly more popular and widely used, as multiple surveys on SecTools.org have shown over the years.
Nessus is available for both Linux and Windows. On both operating systems, Nessus operates as a server and as a client. The Nessus server (a Windows service or a Linux daemon called nessusd) performs the actual scanning while the client presents the user with an interface and passes commands to the server. The Nessus server utilizes plugins to determine which flaws exist on the target hosts. Plugins are small programs that look for specific vulnerabilities (Nessus contains tens of thousands of them). When Nessus can connect to the Internet it automatically downloads the latest plugins which will enable it to recognize and report on the latest known software weaknesses (such as those disclosed by Mitre). There is even an embedded scripting language (known as NASL) for writing your own custom plugins.
Nessus v4.4.x login interface
Retina Network Security Scanner
Unlike most of the software applications reviewed here, Retina Network Security Scanner by eEye Digital Security is not available as freeware. As it is a highly capable and fully-featured security vulnerability scanner, it is distributed as commercial software. The license pricing for Retina is tiered as follows: $575 to scan 32 IP addresses, $650 for 64 IP addresses, $850 for 128 IP addresses, and $1,650 for 256 IP addresses. These licenses are actually one year subscriptions as Retina will not function after the one-year period is over unless you renew the subscription.
While your subscription period is valid, you can download and install updates for Retina. These updates take two forms: patches for the Retina scanner itself, and vulnerability definition updates that allow Retina to recognize the latest vulnerabilities and exploits. In this way, Retina must be kept up to date in the same way that antivirus scanners do.
Retina must be installed on the Windows operating system; supported versions of Windows run from Windows 2000 to Windows Server 2008. Retina can scan all networked hosts regardless of operating system, however.
Retina is one of the main network scanners used in the Department of Defense (DoD). In March of 2010 eEye was named as the DoD’s “vendor of choice” for providing cyber security solutions.
Retina interface
When you launch Retina you will see the main user interface as depicted below.
Retina version 5.14.1.2454 main interface
Usage options are divided among four interface tabs: Discover, Audit, Remediate, and Report.
Reset Windows passwords with Offline NT Password & Registry Editor
The Offline NT Password & Registry Editor is a small Linux boot disk that you can use to change or delete Windows passwords outside of the Windows OS environment for local accounts. This can be useful if you forget your Windows password or the password belonging to the Administrator account. This utility can enable you to change or delete passwords, but it cannot tell you what the password for an account actually is. As such it is not appropriate to label Offline NT Password & Registry Editor as a ‘password recovery tool’; it’s a password editor, just like the name says.
It is compatible with Windows 3.x, Windows 95/98/ME, Windows NT, Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows 7, and Windows Server 2008.
Please note that the Offline NT Password & Registry Editor (‘Offline’) home page states: “If password is reset on users that have EFS encrypted files, and the system is XP or newer, all encrypted files for that user will be UNREADABLE and cannot be recovered unless you remember the old password again“.
Also note that Offline cannot be used to change or reset Active Directory passwords.
Offline’s versioning is done using release dates. The version used in this tutorial is 110511 (for 11 May 2011).
How to use it
First, download the installation ‘cd******.zip’ file from the website above and extract it locally. Burn the resulting .iso file to a CD-ROM. If you plan to boot to a USB drive, download the ‘usb********.zip’ file and extract its contents to the drive.
Second, insert the CD or USB drive into the computer and reboot it. Before the Windows OS loads (while the manufacturer’s screen is briefly displayed), hit the appropriate key (usually one of the twelve ‘F’ keys) to enter the boot device manager where you can specify a device to boot to (overriding the default device, which is almost always C:\ on the internal hard drive).
Your computer will load the contents of the Offline CD or USB drive. When it is finished you will be prompted as follows.
SoftPerfect Network Scanner
SoftPerfect Network Scanner is one of the most popular free programs in Download.com’s Network Tools category. It offers many features and options for detecting and probing network hosts. It is a portable application (it does not need to be installed; you just double-click netscan.exe to launch it).
The SoftPerfect Network Scanner v5.3.1 main interface
