Google

Monday, November 24, 2008

Hacking Common methods

A typical approach in an attack an Internet-connected system is:

1. Network enumeration: Discovering information about the intended target.
2. Vulnerability analysis: Identifying potential ways of attack.
3. Exploitation: Attempting to compromise the system by employing the vulnerabilities found trough the vulnerability analysis.

In order to do so, there are several recurring tools of the trade and techniques used by computer criminals and security experts.

Security exploit
A security exploit is a prepared application that takes advantage of a known weakness.

Vulnerability scanner
A vulnerability scanner is a tool used to quickly check computers on a network for known weaknesses. Hackers also commonly use port scanners. These check to see which ports on a specified computer are "open" or available to access the computer, and sometimes will detect what program or service is listening on that port, and its version number. (Note that firewalls defend computers from intruders by limiting access to ports/machines both inbound and outbound, but can still be circumvented.)

Packet Sniffer
A packet sniffer is an application that captures data packets, which can be used to capture passwords and other data in transit over the network.

Spoofing attack
A spoofing attack involves one program, system, or website successfully masquerading as another by falsifying data and thereby being treated as a trusted system by a user or another program.

Rootkit
A rootkit is designed to conceal the compromise of a computer's security, and can represent any of a set of programs which work to subvert control of an operating system from its legitimate operators. Usually, a rootkit will obscure its installation and attempt to prevent its removal through a subversion of standard system security. Rootkits may include replacements for system binaries so that it becomes impossible for the legitimate user to detect the presence of the intruder on the system by looking at process tables.

Social engineering
Social Engineering is the art of getting persons to reveal sensitive information about a system. This is usually done by impersonating someone or by convincing people to believe you have permissions to obtain such information.

Trojan horse
A Trojan horse is a program which seems to be doing one thing, but is actually doing another. A trojan horse can be used to set up a back door in a computer system such that the intruder can gain access later. (The name refers to the horse from the Trojan War, with conceptually similar function of deceiving defenders into bringing an intruder inside.)

Virus
A virus is a self-replicating program that spreads by inserting copies of itself into other executable code or documents. Thus, a computer virus behaves in a way similar to a biological virus, which spreads by inserting itself into living cells.

Worm
Like a virus, a worm is also a self-replicating program. A worm differs from a virus in that it propagates through computer networks without user intervention. Many people conflate the terms "virus" and "worm", using them both to describe any self-propagating program.

Key loggers
A keylogger is a tool designed to record ('log') every keystroke on an affected machine for later retrieval. Often uses virus-, trojan-, and rootkit-like methods to remain active and hidden.

Phishing Technique

Most methods of phishing use some form of technical deception designed to make a link in an e-mail (and the spoofed website it leads to) appear to belong to the spoofed organization. Misspelled URLs or the use of subdomains are common tricks used by phishers. In the following example URL, http://www.yourbank.example.com/, it appears as though the URL will take you to the example section of the yourbank website; actually this URL points to the "yourbank" (i.e. phishing) section of the example website. Another common trick is to make the anchor text for a link appear to be valid, when the link actually goes to the phishers' site. The following example link, Genuine, appears to take you to an article entitled "Genuine"; clicking on it will in fact take you to the article entitled "Deception".

An old method of spoofing used links containing the '@' symbol, originally intended as a way to include a username and password (contrary to the standard). For example, the link http://www.google.com@members.tripod.com/ might deceive a casual observer into believing that it will open a page on www.google.com, whereas it actually directs the browser to a page on members.tripod.com, using a username of www.google.com: the page opens normally, regardless of the username supplied. Such URLs were disabled in Internet Explorer, while Mozilla Firefox and Opera present a warning message and give the option of continuing to the site or cancelling.

A further problem with URLs has been found in the handling of Internationalized domain names (IDN) in web browsers, that might allow visually identical web addresses to lead to different, possibly malicious, websites. Despite the publicity surrounding the flaw, known as IDN spoofing or a homograph attack, Phishers have taken advantage of a similar risk, using open URL redirectors on the websites of trusted organizations to disguise malicious URLs with a trusted domain.]

How to Hack Network Passwords In 13 Easy Steps!! (Download)

This tutorial is from “the antriddle forum” and was written by akapsycho.

This hack is actually pretty new (so IT folk may not be prepared for it yet). It uses cain & abel and its ability to use ARP poisoning. If you don’t know what that means, then DO NOT TRY THIS. You could take down a whole network.

Here are the steps:

Step 1: Download, install and run Cain & Abel at http://www.oxid.it/cain.html
Step 2: Click “Configure” in the top bar.
Step 3: In the “Sniffer” tab, click the adapter which is connected to the network to be sniffed, then click “Apply”, then “OK”.
Step 4: Click the “Sniffer” tab in the main window.
Step 5: Click the network card in the top bar (2nd icon from the left).
Step 6: Click the “+” button in the top bar.
Step 7: Select “All hosts in my subnet”, click “OK”. Entries should appear in the main window under the “IP address”, “MAC address” and “OUI fingerprint” headings.
Step 8: From the “Sniffer” tab, click “APR” in the bottom tab.
Step 9: Click the top right pane in the main window. Click the “+” button in the top bar.
Step 10: Click on the router in the left pane. The router is generally the entry which has the lowest final IP value (xxx.xxx.xxx.*). Highlight the IP addresses to sniff in the right pane. Click “OK”.
Step 11: Click the ARP icon in the top bar (3rd icon from the left). Wait until other users have logged into websites on other computers. Depending on the size of the network and the traffic which this network receives, this can range from minutes to hours.
Step 12: After some time has passed, click “Passwords” in the bottom tab.
Step 13: In the left pane, select the bolded entries. The right pane should show the time, server, username, password (in plaintext) and site accessed.

Doesn’t look like you can grab network admin info, more of a website user/pass hack. Its still pretty kewl though.

For more information a user called “bugmenot” posted these sites to learn what Cain is doing:

Check out the links below to learn exactly what Cain is doing…

http://www.grc.com/nat/arp.htm
http://www.grc.com/sn/SN-029.htm

I reccomend reading through those site before attempting this hack. Even if you are only testing your home network, you want to understand what you are doing. Hack to learn, remember?

Other than that, hack at it!!!

Legal: DO NOT TRY THIS AT WORK. In all likelihood your IT peeps will see what you’re doing and just walk right up to your office and “Have a chat”. Probably will get you fired. As for universities, I dunno the rules on that. Either way, as with most hacks I post, these are for instructional purposes only and not to be used on anyone’s network but your own. (i.e. if you get caught doing this TMBBITW is in no way responsible for what happens to you or your network.)

Thursday, February 28, 2008

Boot Windows XP from a USB flash drive

You can't boot Windows XP from a floppy disk the way you used to be able to with DOS. One handy way to easily boot XP is by using a USB flash drive. Here's how to make it work.

Almost everyone who has worked with computers for any length of time at all has run into at least one situation in which a problem left a PC unbootable. What if you could return the machine to a bootable state just by inserting a USB flash drive though? Believe it or not, it is actually possible to install a bootable copy of Windows XP onto a flash drive and then boot a PC off of the flash drive. From there, you can use applications that you have installed on the flash drive (anti virus, anti spyware, disk repair, etc.) to fix the PC's problem. In this article, I will show you how.

What's the catch?

As with most cool new techniques, there are a few catches. For starters, not every PC is capable of booting from a USB flash drive. For the most part, computers manufactured within the last two years are generally able to boot from a flash drive. Older systems may require a BIOS update, or might not be able to boot from a flash drive at all.

Another catch is that not every flash drive will get the job done. The primary factors that limit your use of a particular flash drive are capacity and speed. Technically, speed isn't really a limiting factor, but booting Windows will be painfully slow unless you use a flash drive that supports USB 2.0.

The flash drive's capacity is actually a limiting factor though. Surprisingly though, there are size limits on both the upper and lower end. Your flash drive can't be too large or too small. There isn't really a documented minimal size for a flash drive. You just need something large enough to hold Windows XP and a few applications. As you probably know, Windows XP normally consumes over a gigabyte of disk space. Later I will show you how to use a free utility to trim the excess fat off of Windows XP and make it a whole lot smaller. Even so, I still recommend that your flash drive be at least a minimum of 256 MB in size.

As I mentioned, there is a maximum size for the USB flash drive that you can use. Currently, USB flash drives exist in sizes of up to 4 GB, and 8 GB flash drives are expected to be available by the end of the year. As nice as it would be to have 8 GB to play with, the flash drive that you use for this project can be no larger than 2 GB. The reason for this is because you will have to format the flash drive using the FAT-16 file system, which has a 2 GB limit. Presently, you are stuck using FAT-16 because most computers will not recognize a flash drive as being bootable if the drive is formatted with anything other than FAT-16.

Preparing your Windows installation CD

One of the requirements for creating our bootable USB flash drive is a Windows XP with Service Pack 2 installation CD. If your Windows XP installation CD doesn't already include Service Pack 2, then you will have to make a CD that includes Service Pack 2 through a technique called slipstreaming.

Other requirements

In addition to your Windows XP installation CD, there are a couple of other things that you are going to need. For starters, you will need the HP USB Disk Storage Format Tool.

Another utility that you are going to need is Bart's Preinstalled Environment Bootable Live Windows CD / DVD, or BartPE for short.

In addition to the software requirements, you must verify that the PC that you will be using to create the Windows deployment has 1.5 GB of free hard disk space (minimum) and supports booting from a USB device. I also strongly recommend that the PC be running Windows XP Service Pack 2. Prior to Service Pack 2, Windows XP sometimes had trouble interacting with USB storage devices.

Formatting the flash drive

Now that you have all of the prerequisites taken care of, it's time to actually start setting up our flash drive. The first step in doing so, as strange as it sounds, is to format the flash drive. Windows will actually let you format a flash drive in the same way that you format a floppy disk. However, formatting a flash drive in this way will not work for this project. Furthermore, using Windows to format a flash drive directly has been known to destroy some types of flash drives.

Instead, you must format the flash drive by using the HP USB Disk Storage Format Tool that you downloaded earlier. To do so, simply open the utility, select the device followed by the FAT file system option and click Start.

Once the device has been formatted, you must make it bootable. To do so, you must copy the BOOT.INI, NTLDR, and NTDETECT from the root directory of your PC's boot drive to the flash drive. These files are hidden by default, so you will either have to configure Windows Explorer to show hidden files (including protected operating system files) or you will have to open a Command Prompt window and use the COPY command to copy the files.

If you choose to use the Windows Explorer method, then open Internet Explorer and enter C: into the address bar so that you are looking at your local hard drive. Next, select the Folder Options command from the Tools menu. When the Folder Options properties sheet opens, select the View tab. Now, just select the Show Hidden Files and Folders and deselect the Hide Extensions for Known File Types and the Hide Protected Operating System Files check boxes. Click OK to continue.

Booting from the USB flash drive

Now that you have formatted your USB flash drive and installed the boot files onto it, the next thing that you must do is to configure your PC to allow you to boot from the flash drive. This is all done through the computer's BIOS Setup. I can't give you specific instructions for this part, because every computer is different. I can give you a few pointers though.

You can access your computer's BIOS by pressing a specific key immediately after you turn the PC on. The key varies, but it is usually either [F1], [F2], or [Delete]. Once you are in the BIOS Setup, you should verify that all of your computer's USB options are enabled. This might include things like support for legacy USB devices or support for USB 2.0. If there is a time out setting for USB devices, you should set it to the max to insure that the system doesn't time out while waiting on the USB device to boot.

Next, find the section on boot device priority. Normally, a USB flash drive (which is usually listed as USB-HDD, but may be listed as a removable device) will have a very low boot priority. If the USB flash drive's boot priority is lower than the hard disk (listed as HDD) then the only time the computer would ever boot off of the USB flash drive is if the system were to fail to boot from the hard disk. You must therefore rearrange the boot device priority so that the flash drive has a higher priority than the hard drive.

Configuring Windows

Now that we have finally made it through all of the prep work, it's time to start setting up Windows. As you have probably already guessed, the process of installing Windows to a flash drive is quite a bit different from your normal, run of the mill installation. There are a couple of reasons for this.

For starters, a full blown Windows XP deployment takes up over a Gigabyte of hard disk space. When you are installing to a flash drive, disk space is a scarce commodity. Even if you have over a Gigabyte of space on your flash drive, you probably don't want to use it all on Windows. It would be nice to have room to install a few applications. Therefore, you need to trim the excess fat off of Windows.

The other reason why the installation process is so different from the usual Windows installation is because Windows Setup is not designed to install Windows to a flash drive. You therefore have to configure Windows using an alternate method.

The PEBuilder utility that you downloaded earlier can take care of both of these issues. PEBuilder is designed to create a build of Windows XP (or Windows Server 2003) that does not take up as much space as a full blown installation. Once you create this new build, you can copy it to the flash drive. For right now, I will show you how to create a basic Windows build and copy it to the memory stick. Unfortunately, it's rather difficult to install applications once Windows is up and running. Therefore, after I show you how to create a basic Windows build, I will show you how to create a build that includes some applications.

Begin the process by opening PEBuilder. Simply enter the path to the Windows installation files (the ones from your Windows XP with Service Pack 2 installation CD). Next, verify that the Create ISO Image and the Burn to CD check boxes are not selected and then click the Build button. PEBuilder will now create the new Windows build.

Now, it's time to copy Windows to the flash drive. To do so, you will have to use a special batch file that's included with PEBuilder. Open a Command Prompt window and navigate to c:\pebuilder313\plugin\peinst. Now, insert an empty flash drive into the computer's USB port and then execute the file PEINST.CMD.

Type 1 and press [Enter] and you will be prompted to enter the path to the build that you have created. Enter C:\pebuilder313\BartPE. Now, type 2, press [Enter], and you will be prompted for the target path. Enter the drive letter that Windows has assigned to your USB flash drive. The menu now displays the source path and the destination drive. Type 5 and press [Enter] to install Windows to the flash drive.

Installing applications

Now that I have shown you how to create and install a basic Windows build, I want to talk for a moment about how you can add an application to the build (prior to creating it). The PEBuilder program comes pre-configured to support a number of common Windows applications, but does not come with the applications themselves.

The reason why installing applications can be a little bit tricky is because most Windows applications modify the Windows registry. The build that you are creating is basically a collection of installation files, and the build itself does not contain a registry (the registry gets created when Windows is installed onto the flash drive). As such, PEBuilder uses a sort of registry emulator.

If you go to the C:\PEBUILDER313\PLUGIN folder, you will see sub folders for a number of different applications. If you open one of these application folders, you will see that the folder contains an INF file and a FILES folder. The INF file contains all of the information that would normally go into the registry, and the FILES folder stores all of the program's files.

To see how this works, let's install an application that I'm sure most of you are familiar with; Nero. Begin by installing Nero onto the machine that's running PEBuilder, as if you planned to run Nero locally on that machine. When the installation completes, copy all of the files from C:\Program Files\ahead\Nero to C:\pebuilder313\plugin\nero burning rom\files. In this particular case, the nero burning rom folder is the folder that has been set aside for the Nero application. The Files sub folder is intended to store Nero's system files.

Now, you must take care of Nero's registry entries. To do so, go to the C:\pebuilder313\plugin\nero burning rom folder and open the PENERO.INF file using Notepad. As I explained earlier, the INF file in an application's folder is used to store the application's registry entries. For Nero and all of the other applications that PEBuilder predefines, the INF file is pre-configured. You just have to make a few changes that are specific to your system.

In this particular case, the PENERO.INF file is designed to support both Nero versions 5.x and 6.x. Initially, the lines for both versions are commented out. You must therefore determine which version you have and then remove the semi colon from the beginning of the lines that apply to that version.

Once you uncomment the appropriate lines, just replace "Your Name", "Your Company Name" and "Your Serial Number" with your name, your company's name, and your Nero product key. Save the file, and your set to go. The next time that you click the Build button, Nero will be included in the build.

Putting XP in your pocket

Running Windows from a flash drive isn't an exact science. Sometimes the process just doesn't work and there is no good reason why. As more PCs start to support booting from USB devices though, USB boots should become more standardized, and the technique should become more reliable.

Create Bootable USB Flash Drive

Requirements

# A computer with a BIOS that allows for booting from a USB port.
I used a Dell Optiplex GX260 that has a Phoenix ROM BIOS Plus version 1.10 revision A05.
# A Bootable floppy disk or CD.
I used a Windows 98 bootable CD. For those who have Dell systems, you can also use the bootable Dell Optiplex Resource CD that is used to reinstall your system with Windows 98.
# Utilities with the ability to create a master boot record, create partitions, set active partitions, and format and transfer boot files to the active partition
I used the DOS FDISK and FORMAT that are on the Windows 98 CD.
# Of course, the USB drive that you want to make bootable
I used a 256MB SanDisk Cruzer Mini USB Flash Drive.

Directions

1. Make the USB drive the first in the drive sequence.
Why?? fdisk does not allow for a partition to be set as ACTIVE (bootable) unless it is the first drive. It is most likely that your hard drive(s) is set as the first drive. This needs to be changed.
How?? Setting your USB drive to be the first in the drive sequence can be done by following ONE of the methods below. No matter which method you follow, the computer MUST be booted with the USB drive plugged in into the computer. Take a note of how the options that you are about to change were set before, as they will need to be changed back later.

Method # 1. BIOS drive sequence option.
Depending on your BIOS, there may be an option to change the drive sequence. On mine, there was an option labeled "Hard-Disk Drive Sequence". If your BIOS has this or a similar option, make sure you change the sequence so that the USB Drive is listed first.

Method # 2. Disabling other hard drives.
Again, this is done from the BIOS. Different BIOS's may have different options to disable the hard drive. On mine, the system had just one hard drive. I changed the option labeled "Primary Drive 0" to "OFF".

Method # 3. Unplugging the hard drives.
If your BIOS doesn't have an option to change the drive sequence or to turn off the hard drive, you can turn off your computer and unplug your hard drive(s). Make sure you know what you are doing here. Opening your computer case may result in voiding your computer warranty if you have one.

2. Boot the computer from the boot floppy/CD into the command prompt with the USB Drive plugged in.
3. Run fdisk
4. Use fdisk's "Set Active Partition" (option 2) to set the primary partition on the USB Drive to ACTIVE.
This step assumes that a primary partition already exists on the USB Drive. If this is not the case, use fdisk to create one. As noted in step # 1, fdisk will not allow for setting the the partition to ACTIVE unless the drive the partition is on is the FIRST in the drive sequence.
5. Exit fdisk.
6. Reboot the computer from boot floppy/CD into the command prompt with the USB Drive plugged in.
7. At the command prompt enter the following command: dir c:
8. This step is just to verify that the C: drive is actually the primary partition on the USB Drive. Regardless of the result that the command generates whether it be a listing of files or an error message, what is important here is to make sure that the size of the primary partition on the USB Drive is roughly equal to the sum of the empty space and the used space. Format and copy the boot files to the primary partition.
9. At the command prompt, from the directory where FORMAT.COM is located, enter:format /s c: Run fdisk /mbr
10. "fdisk /mbr" writes the master boot record, in this case to the USB drive, without altering the partition table information. Restart the computer and choose booting from the USB Drive. If all goes well, you should see a C:> command prompt.
11. Change the computer settings back to what they were before step # 1.

I had a few people e-mail me with an error message "No fixed disks present..." which they encountered when they ran fdisk.. Personally, I did not run into this issue or know what is causing it on other people's machines.