Wednesday, March 22, 2017

hiberfil.sys

OMG, I found a file in the root drive in my HDD which is so huge and i don't know what it does..

The files are hiberfil.sys and pagefile.sys. Though there were other files but these were the giant ones and i was really curious to free up my HDD from it.



When in Doubt.. Google it:)

After some googling i found out that the culprit is my habit of hibernating my machine very often.

The file hiberfil.sys was something which actually stores the current state of my machine and by state i mean memory.

Now to delete this file you need to disable the hibernate mode and then probably try deleting it.

Okay so where to disable it. Of course there is a GUI version of the option available. Its a good exercise to find it :):)

Lets do some command line scoring.

So open a command prompt and mind you that you have to be the obvious guy "The Administrator"

powercfg -h off


This is the command which will help you disable the hibernation mode. yes you guessed it right. the 'on' switch will help you bring back the same.

Voila the file is gone as soon as you turn this option off.




Enjoy


Tuesday, February 21, 2017

Offensive Security Certified Professional (OSCP) : A JOURNEY WHICH CANNOT BE FORGOTTEN..



When there is a doubt.. GOOGLE :)

Offensive Security Certified Professional (OSCP)

You cannot know on how much excited i am right now writing this review for one of the most prestigious examination of Security Industry. OSCP (Offensive Security Certified Professional)

Whenever I used to read a review I used to ask myself on I am ever going to write one and YES I TRIED HARDER..

This has been itching me back from the BACKTRACK days which finally ended in KALI.

Here are some thoughts of mine for this awesome TRANCE JOURNEY :)

I have been hearing about the Methodologies of PenTesting since the start of my career but came to know about its real importance through the lab environment that was provided as a part of OSCP examination. You will get complete exposure towards various steps like Reconnaissance, Enumeration, Vulnerability Assessment, Exploitation and Reporting.

And believe me by the end of 1st machine in the labs you will come to know the importance of Information Gathering and why people say that the more you know your target the easier is to attack it.

You can check out the details about the exam and things HERE

HERE is a Link to the Syllabus of the course

The course has some awesome data with respect to Kali Environment and basic LINUX scripting and administration along with some cool tools introduction as well. It also mentions about various techniques and methodologies for various phases of a pen test and gives you an awesome feeling on how an attacker actually attacks.

I was like. Seriously.... Kewwwwwwwwwwwwwlllllll....

Here are some pointers from my side:

You should concentrate on the following stuff:

  • Linux Basic Commands Administration
  • Windows Command Line(LINK)
  • Linux Command Line (LINK)

These guys are just amazing.. :)

  • OWASP Top 10 (LINK)
  • Basics of Scripting- Choose your language. Bash or python will be a good choice
  • VulnHub (LINK)

This is pretty amazing and a good place to start. There are a lot of things to learn on this link for sure :)

I would say no other certification was able to make me learn and i mean it, it made me learn stuff. And the credit goes to the Awesome LAB ENVIRONMENT. Ofcourse the exam teaches you a lot of stuff as well, one of them being able to perform under pressure.  

Some more links for your access and reference are as below:

And i totally was addicted to this website throughout my whole OSCP journey. Sometimes scared, sometimes demotivated and sometimes very motivated.. This link has it all
I will keep on adding whenever i have time :)

P.S: Don't forget to jazz up your playlist of your favorite music. It is very important :):)


Monday, February 20, 2017

HTTP HEADER Analysis via getheader utility..

I love this one in my arsenal. You can get more details HERE

The tool is given to us by Mr Nathan (@httphacker) .

WHAT IS IT ??

It is a cool python script. Oh did i say PYTHON. Ah man i love this snakey language.
  • It is a HTTP header analysis vulnerability tool. 
  • It is automated in nature
  • It identifies security Vulnerabilities
  • It identifies lack of protection in HTTP headers
Okay so lets do some command exercise...

To download just clone it from git repository as below:

git clone https://github.com/httphacker/gethead.git

Make sure you have Python installed.

You will see a file called as gethead.py. Now it is as easy to run any python program which is 

python gethead.py http://<URL>

Lets see how the results look like. I have done a couple of them here as shown in screen shots:


This is such a cool tool. The source code is at your use and you can play around with it as per your requirements. You can add or edit or delete and make appropriate use of the same as per your need. :):)

Unfortunately there has no more work done after the 0.1 version. I am waiting eagerly for its upgraded features for sure. Are you  ?

Let me know via comments if you guys made any changes to find any new issues or vulnerabilities.

Happy HUNTING:)

Sunday, February 19, 2017

WAF ByPASS Trick-- SIMPLE and SWEET

This post originates from the BLOG of Mr Haddix (Link HERE) which is one of the most interesting hacks i have seen. Simple and Sweet

WAF- Web Application Firewall(OWASP Definition)or (Wiki Definition)

It is a very awesome strategy for the DID (Defense in Depth) Model as they offer a great means of keeping the malicious data outside the boundary's of the Web Application but are of course not a substitute for the flaw in the application.

The industry has adopted WAF in a significant manner and Pen Testers encounter them very often in their tests.

Usually the WAF is placed before the WebServer so that the malicious traffic is sorted out before it can reach the application asset.

There are a couple of ways in which we can identify the existence of a WAF. One of the ways can be checking out a cookie as some WAF's add their own cookie in the communication.


Another method can be examining the HTTP headers as WAFs may make the header to be changed or re-written.

There may also be a possibility of a WAF if the sessions are expiring very quickly.

Sometimes we end up getting the bad characters as well which might be an indication of a WAF.

Also there are a couple of automated tools which gives us some indication for WAF.

One such tool is called as WAFWOOF. Nmap our favorite also has a script which can be called via the NSE engine to check the presence of a WAF.

You can also look into the following blog for more details on detection

(http://foxtrot7security.blogspot.in/2012/01/real-world-waf-detection-and-bypass.html)

Now lets look into on how can we evade this evil boy.

Usually we use the payloads in encoded format to evade the rules of WAF but gone were those days (still it works for a couple of them).

One of the other ways is described below but before that lets look on why this thing actually works.

Ideally the WAF should look for a proper lookup into the originating or incoming request the WAF sometimes if not configured properly keeps on looking on to the request HTTP Headers. 

If it does so we have a lot of headers in control that we can take advantage of like:
  • X-forwarded-for
  • X-remote-IP
  • X-originating-IP
  • x-remote-addr
So here we are going to fool the WAF to believe that the request was from itself by adding the following request header and pointing it to localhost.

GET /?login.aspx HTTP/1.1
Host: 192.168.56.104
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:48.0) Gecko/20100101 Firefox/48.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
X-originating-IP: 127.0.0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

There are various things that we can play around with the use of these headers. I love this image from @Jhaddix



Now lets see on how can this be automated via BURP(mostly everybodys fav proxy)

Open up BURP proxy and navigate to the PROXY tab.Click on the OPTIONS tab and scroll down to the MATCH and REPLACE section.

Here we are going to add some rules for our mission.

Click on Add and you will get a window asking some options. Give the details as:

In the TYPE section choose REQUEST HEADER
In the REPLACE section write the header you want to use
In the comment section write some comments significant to the rule
Click OK and you are good to go.

Refer the screenshot below.



Once added just enable the same by checking the check box next to your rule as shown below and VOILAA you are good to go :)



HAPPY HUNTING :)

http://www.phrack.org/archives/issues/7/3.txt

A mesmerizing Write up way from 1986

#ACKIM by Nullcon

Every year before one of the largest Security Conference of India NullCon, the nullcon team hosts a CTF. One of the most interesting challenges which is worth participating.

IT's FREE of COST

This particular blog is for the first of the challenge of web applications called as WEB100


This one i think was the most easiest for the ones atleast who are music lovers..

Chris Martin was the Hint..

For those who don't know him..

https://en.wikipedia.org/wiki/Chris_Martin

Will strongly suggest to know him through his outstanding songs.




It gave us a small hint on trying the same as user name and password.

user: chris
password:martin

Oops My IP is locked. Somebody is watching..Hmm

View Source was my next weapon.  Woooo i got something.. Looks like Base 64. Is it...Oh yeah it is.. 

MmI0YjAzN2ZkMWYzMDM3NWU1Y2Q4NzE0NDhiNWI5NWM=




curl -w http://54.152.19.210/web100/ gives the same result.


Decoded the same. Sample command is 

echo "YOUR STRING" | base64 -d




echo "MmI0YjAzN2ZkMWYzMDM3NWU1Y2Q4NzE0NDhiNWI5NWM=" | base64 -d

2b4b037fd1f30375e5cd871448b5b95c


Now there are two ways to crack this. One is to identify the kind of string it is and then see if it can be cracked.




The second one is easiest. Google :)

I was lucky and got a couple of good results.

With username and password as below gave us the flag:

username:coldplay
password:paradise

Wait, there was another hindrance. Ah WAF again....Gosh..

To bypass the WAF change the X-Forwarded-For header to 127.0.0.1. Ofcourse Martin has to come home...




Yeahhh it is paradise....



Thursday, September 10, 2015

Installing Virtualbox guest additions in KALI LINUX (1.x-2.0)

Installing Virtualbox guest additions in KALI LINUX (1.x-2.0):

The first and foremost starting with this do an update:

apt-get update

Recheck on your source file:

You can access your source file at  /etc/apt/source.list

cat /etc/apt/source.list

deb http://http.kali.org/kali kali main contrib non-free
deb http://security.kali.org/kali-security kali/updates main contrib non-free

deb http://http.kali.org/kali sana main non-free contrib
deb http://security.kali.org/kali-security/ sana/updates main contrib non-free

Probabilities are there that you will not find the below lines:

deb http://http.kali.org/kali kali main contrib non-free
deb http://security.kali.org/kali-security kali/updates main contrib non-free

If not kindly add them (Source: g0tmi1k (https://twitter.com/g0tmilk))

You will have to require to do an update if you have edited your source file.

apt-get update

Next installing linux headers:

apt-get install -y linux-headers-$(uname -r)

or you can combine the above two commands with an && operator:

apt-get update && apt-get install -y linux-headers-$(uname -r)

Next is attaching the “Guest Additions” CD-ROM image. Select “Devices” from the VirtualBox menu and then select “Install Guest Additions”. This will mount the Guest Additions ISO in the virtual CD drive in your Kali Linux virtual machine. When prompted to autorun the CD, click the Cancel button.

Now call your friend THE TERMINAL

Search for a file in the cdrom and copy the VBoxLinuxAdditions.run to some local path on your system . I have copied it to root folder.

cp /media/cdrom/VBoxLinuxAdditions.run /root/

Change the permissions on the file to make it executable.

chmod 755 /root/VBoxLinuxAdditions.run

Go to the location where you have copied the VBoxLinuxAdditions.run file and run it. Below are the commands that can help you if you are stuck anywhere. :)

cd /root

./VBoxLinuxAdditions.run

Final step is to reboot the machine and Tada.
reboot

You have the guest additions installed and can use full screen and full mouse integrations kinda stuff. I know it is not rocket science but this additions will be very helpful.