Friday, October 19, 2012

BC - An arbitrary precision calculator language



bc is a language (and compiler) whose syntax resembles that of C, but with unlimited-precision arithmetic. bc consists of identifiers, keywords, and symbols, which are briefly described in the following entries. Examples are given at the end.
Interactively perform arbitrary-precision arithmetic or convert numbers from one base to another. Input can be taken from files or read from the standard input. To exit, type quit or EOF.

An identifier is a series of one or more characters. It must begin with a lowercase letter but may also contain digits and underscores. No uppercase letters are allowed. Identifiers are used as names for variables, arrays, and functions. Variables normally store arbitrary-precision numbers. Within the same program you may name a variable, an array, and a function using the same letter. The following identifiers would not conflict:
x : Variable x
x[i] : Element i of array x.i can range from 0 to 2047 can also be an expression.
x[y,z] : Call function x with parameter y and z.
 
 

Thursday, September 13, 2012

SSH Tunneling Attack into Local Network

In this case I'll show how to attacking inside local network via Linux server, this is with a picture like this :

This is scenario of attacking in this case, Attacker is from outside network will hijacking server linux machine and force into local network (Windows), I'll try to show with blackbox hacking method, first thing we need is scanning network or Information Gathering

So now we can look service and version of target system, from this data we can search vulnerable service to gate enterance into target machine, I try to attack from samba service so I open metasploit on console and search exploit for samba on unix machine

After choose an exploit for unix machine running samba and show option for this  machine like here

I look option by type "show options" and we can look what the next option we need to fill, like LHOST as own IP, RHOST as IP Target, RPORT as Port we'll use on target machine and PAYLOAD as shellcode to get system on target here I do

And run exploit to try injecting payload and exploit into target system if that is success that will show process like this

After enterance into target machine we can try to type "ls" to look directory like this

I try to check id and who as I now in machine with command id and whoami

Now we had as root that mean we sucess get root or rooting in target system, after all we can get password hash into /etc/shadow

And now its time to crack password from this hash in /etc/shadow, I copy this into text editor and save as txt format and I save into john folder cause I use john the ripper to crack password hash like this

After we know have access to machine, with information from nmap we know this machine running service ssh now try to access from ssh service with password and user have from here

After success enter into system machine from ssh service try to look network interface active on that machine

I found 2 network interface is active that is eth0 and eth1, this can predict he system is server for local network , eth0 is for internet network access and eth1 is for local network service, so try to scanning network on eth1 from this machine like here

There 2 machine active on this server, I decide to try attacking into target IP 10.10.10.2 from my machine with tunneling technique via ssh service I do like this

After get access via tunneling I set to port 9090 and I edit proxychains channel port from 9050 to 9090 to use it for tunneling, I open metasploit with proxychains, that logic is metasploit will running on port 9090 tunnel to machine server linux target and jumping into local network

I will attacking windows system on target with information from previous gathering and I decide to attacking with samba service on windows like here

After set RHOST for IP target I use payload meterpreter bind_tcp like this

Set payload and running that exploit and this exploit

I try to migrate to other service in this machine, I choose explorer.exe
On this step we have access and control machine on local network via tunneling from server machine.

Monday, March 26, 2012

Prologue of Computer Forensics

Identification of device evidence

For identification device we need to know about that device from global view, that all about device like brand, type and function, in identification after know about device and function we need to identify device from software view or internal device.

In identification as phase introduction device we can use few tools in this case I recommend use md5sum, this tools for generate file fingerprint hashing, with this tools we can indentify validation of file, this phase is chain of custody.

After generate hash of file we can imaging or clone file with dd. this tools is copy byte per byte, but before use dd. we need to mount device with special treat mount with noatime for no update time and no exec for execution restriction and -ro for read only mode.

When finish clone with dd. check again result of dd. file output with md5sum that must be same result of hashing to verify clone and master is same or identic file, and after we have clone of file we can seal master device for safe evidence, this phase is chain custody.

Then now we can move to analisys evidence treat.

Now I'll try to practical this phase

File is :
practical.floppy.dd





After clone evidence and make sure hashing is same that mean the evidence is identic with source or master.


Show detail of file to know owned and file detail


To be continued...

 
IS2C © 2012 Blog's Student | is2c