DNS Zone Transfer – Network Enumeration

Hi Testers,

Adding some information about DNS Zone Transfer,
We all are working on Gathering DNS information – It may help us to have confidential information – isn’t it ?

Here is the one small command (tool) that everyone have an idea, named as Dig (Source link – http://en.wikipedia.org/wiki/Dig_%28command%29%29

With proper understanding of any tools and proper timing of use – You can save your various time and implement various things on VAPT topic.
(May be command of Dig is known for experts but this information is for beginners only)

Command 1: dig http://www.target.com (hopefully show you Target Real IP address)

Command 2: dig http://www.target.com MX
(Can you find real IP range of your Target Network ? even you can conclude about webserver’s own mail functionality ?)

Command 3: dig http://www.target.com MX +noall +answer
Command 4: dig http://www.target.com MX +short

Through dig you can get, Exchange Records (MX), nameservers(NS), address records (A), PTR records (PTR), ixfr serial number to transfer DNS Zone Wink etc etc..

I hope you can try various dig command and understand the initial step of Testing.

(May be you are thinking that there are various automated tools provide auto report about DNS then why to use dig command or manual testing ?)

May be right question in your mind – but have you worked on manual testing before ? and how much accurate information you got ?. we can use automated tools to perform respective action but remember that tools are working on defined task/procedure, you have to configure it manually according to your requirement.

AXFR and IXFR:

Command x: dig http://www.target.com AXFR
Command y: dig http://www.target.com IXFR (IXFR is incremental zone transfer)

DNS Brute Force:
Here is the perl script that help to work on DNS brute-Force

Source Link: http://packetstormsecurity.com/files/24865/blindcrawl.pl.html

Command z: perl blindcrawl.pl -d http://www.target.com

Even Google(gxfr.py) help you lot to know the information about DNS

Fierce is the tool that help you to do DNS zone transfer –

follow the link,

http://securitytube-tools.net/index.php?title=Fierce
http://ha.ckers.org/fierce/
http://vimeo.com/6807644

Feel Free to reply back Smile

 

NETZOB: A Protocol Reverse Engineering Tool

Netzob is an opensource tool which supports the expert in its operations of reverse engineering, evaluation and simulation of communication protocols. Its main goals are to help security evaluators to :

  • Assess the robustness of proprietary or unknown protocols implementation.
  • Simulate realistic communications to test third-party products (IDS, firewalls, etc.).
  • Create an open source implementation of a proprietary or unknown protocol.

Netzob supports the expert in a semi-automatic infering process of any communication protocol. Hence, it includes the necessaries to passively learn the vocabulary of a protocol and to actively infer its grammar. The learnt protocol can afterward be simulated.

Netzob handles different types of protocols : text protocols (like HTTP and IRC), fixed fields protocols (like IP and TCP) and variable fields protocols (like ASN.1 based formats).

Netzob provides modules dedicated to capture data in multiple contexts : network, structured file, process and kernel data acquisition.

In addition, it integrates a stochastic and statefull model to represent any statefull communication protocol. The definition of the model can be shared and loaded in a dedicated component of Netzob, its simulator. Therefore, it becomes easy to simulate multiple actors (servers and clients) which communicates according to the infered protocol for advanced fuzzing processes or active infering process.

 

How to find potential security flaws in source code ?

GRAUDIT
Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep. It’s comparable to other static analysis applications like RATS, SWAAT and flaw-finder while keeping the technical requirements to a minimum and being very flexible.

Graudit supports scanning code written in several languages; asp, jsp, perl, php and python.

USAGE
Graudit supports several options and tries to follow good shell practices. For
a list of the options you can run graudit -h or see below. The simplest way to use
graudit is;
graudit /path/to/scan

DEPENDENCIES
Required: bash, grep, sed

DOCUMENTATION
See the readme file and frequently asked questions.
graudit-1.1-screenshot.jpg

DOWNLOAD
You can download the latest version from the graudit download page.

SOURCE
http://www.justanotherhacker.com/projects/graudit.html

How to fit tools in a Vulnerability Assessment & Penetration Testing ?

When we were attending conferences on IT security, we usually asked and learn many things.
Here is one of my question regarding VA/PT to expert in IT security, hope you like it and learn from it too, Because sharing is caring (Its time to Share now)

Student:

How to fit tools in a VA/PT?
Student:

Behalf of Learners – i would like to ask one question – so that beginners also can understand the first basic of penetration testing..
In most cases student attend hacking workshops or classes have basic understanding of few security tools. Typically students have used port-scanner, Wireshark, Metasploit etc etc.. Unfortunately most beginners do not understand how these tools fit into the PT. or it may cause the knowledge of beginners or its incomplete knowledge.. or lack of knowledge..

so according to Expert of Penetration Testing – What is the best way to Fit such kind of tools in manner – so that it will define one kind of framework of penetration testing officially.. ???
( just like i read one cycle of PT (A)Reco->Scanning->Exploitation->Maintaining Access->(A) )
IT Security Expert:
Not an expert – but from my viewpoint, VA/PT is not just about tools. A training should include the following:

  • Why we do VA/PT?
  • VA/PT Process and Framework (Which is not just about tools)

The main problem is that generally these are the theoratical part of the trainings and most of the students are not interested in the theory. Most of the beginners are interested in the “exploit” or “shell” part of it.

As part of the trainings, the tools should be covered in such a way that the students should know:

  • Whey we need to use tool?
  • Which tool to use?
  • When to use a particular?
  • What information should be gatherred or collected?
  • How to use the tool? (Various options and parameters)
  • Advantages and Disadvantages of using tools
  • How to create your own custom tools, etc.

To summarize, a good VA/PT training should balance both the Theory and Practial Hands-on equally and also at the same time give importance to the Technial and Management side of VA/PT.

(Thanks Manu Zacharia for such beautiful guidance on IT Security )

Banking Trojan – Trojans with specific intention on Banking

Hi,We many time read documents about trojan, study about malwares, Create worms, execute keyloggers and analyze these packets..
Here are those files name of trojan that intentionally used for BANKING.

# Tinba
# Zeus
# Capberp
# Ramnit
# many more (Keep Adding)..
Google helps lot for analyzing such things, lets do something on analyzing our new topic known as Banking Trojans.

Share your sample files for analyzing purpose ! add your banking trojan list in this topic

(This knowledge is only for learning purpose, we are not enthusiast you to do illegal harm to any objects, its your responsibility)

International IT Security and Hacking Conference c0c0n 2014 – CFP

c0c0nCall For Papers and Call For Workshops

August 22-23, 2014 – Cochin, India

Buenos Dias from the God’s Own Country!

We are extremely delighted to announce the Call for Papers and Call for Workshops for c0c0n 2014 c0c0n 2014 , a 3-day Security and Hacking Conference (1 day pre-conference workshop and 2 day conference), full of interesting presentations, talks and of course filled with fun!

The conference topics are divided into four domains as follows:

  • Info Sec – Technical
  • Info Sec – Management
  • Digital Forensics and Investigations
  • Cyber Laws and Governance

We are expecting conference and workshop submissions on the following topics, but are not limited to:

  • Cloud Security
  • Browser Security
  • Honeypots/Honeynets
  • Offensive forensics
  • Software Testing/Fuzzing
  • Network and Router Hacking
  • WLAN and Bluetooth Security
  • Hacking virtualized environment
  • Lockpicking & physical security
  • National Security & Cyber Warfare
  • Open Source Security & Hacking Tools
  • Web Application Security & Hacking
  • Exploiting Layer 8/Social Engineering
  • Malware analysis & Reverse Engineering
  • New Vulnerabilities and Exploits/0-days
  • Advanced Penetration testing techniques
  • Antivirus/Firewall/UTM Evasion Techniques
  • IT Auditing/Risk management and IS Management
  • Cyber Forensics, Cyber Crime & Law Enforcement
  • Mobile Application Security-Threats and Exploits
  • Critical Infrastructure & SCADA networks Security

Presentations/topics that haven’t been presented before will be preferred. We are looking for the hottest presentation topics based on the research and *HOTNESS* of the topic. To follow a fair process of speaker selection, the selection committee is only given the abstract without revealing the identities, ensuring a transparent and fair policy for all submissions.

Source URL:

http://www.is-ra.org/c0c0n/cfp

 Read More >>

Continue Reading